Zero Day
Tracking the hackers
Code execution holes in iPhone OS, iPod Touch
By Ryan Naraine on iPhone
The most serious flaw could allow remote code execution if an iPhone/iPod Touch user opens audio and image files.
Report: 48% of 22 million scanned computers infected with malware
By Dancho Danchev on Viruses and Worms
The recently released APWG report shows that 48% of the 22 million scanned computers are infected with malware. Over a million and a half are infected with crimeware/banker trojans.
Yahoo! News: Security News
Security News
Facebook Is a Cybercrime Danger Zone (NewsFactor)
In business
NewsFactor - Facebook and Twitter were all the rage in 2009, and not just for social networkers. The sites were also extremely popular among hackers and thieves, IT security firm Sophos revealed Monday in its Security Threat 2010 report.
Cyberthieves are hiring, using online ads (Reuters)
In technology
Reuters - The people who brought the world malicious software that steals credit card numbers from your personal computer and empties bank ATMs of their cash are hiring, and they're advertising online.
Trends & Innovations - Tuesday (Investor's Business Daily)
In business
Investor's Business Daily - Social networks are attracting more users -- and cyberattacks -- according to a report by IT security firm Sophos. Cybercriminals have increasingly focused attacks on social networking users in the last 12 months, Sophos says. 57% of users say they've been spammed via social networking sites, up 70.6% vs. last year. 36% reveal they have been sent malware via such sites, a 69.8% rise from last year.
US senator asks companies about China rights practices (AFP)
In technology
AFP - A US senator on Tuesday asked 30 leading companies, including Amazon, Apple, Facebook, IBM, Nokia and Twitter, for information about their human rights practices in China after Google's threat to leave the country over cyberattacks and Web censorship.
Most web bank clients use same passwords elsewhere (Reuters)
In technology
Reuters - A vast majority of online banking customers use their login credentials to access other websites, sharply increasing risk of attack to their bank account, Internet security firm Trusteer said on Tuesday.
China Works to Toughen Hacking Laws (PC World)
In technology
PC World - Chinese police and judicial officials are formulating new measures that govern how hacking crimes are handled by courts, the country's latest step to strengthen its cyber laws, state media reported.
Symantec adds former Intuit CEO Bennett to board (AP)
In technology
AP - Computer security software maker Symantec Corp. said Monday that Stephen P. Bennett, former president and CEO of accounting software maker Intuit Inc., will join its board of directors effective Feb. 8.
Cybercriminals Focus on Social Networks, Sophos Says (NewsFactor)
In business
NewsFactor - Facebook and Twitter users are under attack by cybercriminals -- and the incidents are rising, Sophos says in its its 2010 Security Threat Report released Monday. In the past 12 months, Sophos says, cybercriminals have focused more attacks on social-network users. Spam and malware are leading the charge.
Hack Brings Mac OS X to the Nokia N900 (PC World)
In technology
PC World - Have you ever wanted to run a full-blown copy of Mac OS X on your mobile device? One hacker has managed to get Apple's operating system running on a smartphone, and it's not the iPhone.
"Alarming" rise in cyberattacks at social networks: Sophos (AFP)
In us
AFP - There has been an "alarming" rise in spammers and hackers hunting for victims at online social networks, according to a report released Monday by computer security firm Sophos.
Cyber crooks cashing in on iPad frenzy (AFP)
In technology
AFP - Hackers and scammers are cashing in on iPad fever by luring the curious to booby-trapped websites with false promises of information about Apple's new tablet computer.
Google attack highlights 'zero-day' black market (AP)
In technology
AP - The recent hacking attack that prompted Google's threat to leave China is underscoring the heightened dangers of previously undisclosed computer security flaws — and renewing debate over buying and selling information about them in the black market.
Apple iPad Spam, Security Concerns Grow (PC Magazine)
In technology
PC Magazine - Apple-related spam has increased by 30 percent following the announcement of Apple's much-publicized new iPad. But there's another problem: iWork invites third-party documents into the iPad, but the iPhone OS limits what anti-virus vendors can do.
McAfee Warns of Cyberattacks on Critical Infrastructure (NewsFactor)
In business
NewsFactor - On Thursday, McAfee shed light on the cost and impact of cyberattacks on critical infrastructures such as electrical grids, oil and gas production, telecommunications and transportation networks. More than half of 600 IT security executives from critical infrastructure enterprises worldwide report large-scale attacks or infiltrations from organized crime, terrorists or nation-states.
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
Is Internet Explorer Inherently Insecure?
By deb@shinder.net (Deb Shinder)
Taking a look beyond the sensationalized headlines about IE browser security whilst asking whether switching will really keep you safe from attack.
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Traffic Talk 9 Posted
By Richard Bejtlich
I just noticed that my 9th edition of Traffic Talk, titled Testing Snort with Metasploit, was posted. From the article:
Security and networking service providers are often asked whether their solutions are working as expected. Two years ago, I wrote How to test Snort, which concentrated on reasons for testing and ways to avoid doing poor testing. In this article, prompted by recent discussions among networking professionals, I show how to combine several tools in a scenario where I test Snort with Metasploit.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Two Dimensional Thinking and APT
By Richard Bejtlich
I expect many readers will recognize the image at left as representing part of the final space battle in Star Trek II: The Wrath of Khan. During this battle, Kirk and Spock realize Khan's tactics are limited. Khan is treating the battle like it is occuring on the open seas, not in space. Spock says:
He is intelligent, but not experienced. His pattern indicates two-dimensional thinking.
I though this quote could describe many of the advanced persistent threat critics, particularly those who claim "it's just espionage" or "there's nothing new about this." Consider this one last argument to change your mind. (Ha, like that will happen. For everyone else, this is how I arrive at my conclusions.)
I think the problem is APT critics are thinking in one or two dimensions at most, when really this issue has at least five. When you only consider one or two dimensions, of course the problem looks like nothing new. When you take a more complete look, it's new.
- Offender. We know who the attacker is, and like many of you, I know this is not their first activity against foreign targets. I visited the country as an active duty Air Force intelligence officer in 1999. I got all the briefings, etc. etc. This is not the first time I've seen network activity from them. Wonderful.
- Defender. We know the offender has targeted national governments and militaries, like any nation-state might. What's different about APT is the breadth of their target base. Some criticize the Mandiant report for saying:
The APT isn't just a government problem; it isn't just a defense contractor problem. The APT is everyone's problem. No target is too small, or too obscure, or too well-defended. No organization is too large, two well-known, or too vulnerable. It's not spy-versus-spy espionage. It's spy-versus-everyone.
The phrasing here may be misleading (i.e., APT is not attacking my dry cleaner) but the point is valid. Looking over the APT target list, the victims cover a broad sweep of organizations. This is certainly new.
- Means. Let's talk espionage for a moment. Not everyone has the means to be a spy. You probably heard how effective the idiots who tried bugging Senator Landrieu's office were. With computer network exploitation (at the very least), those with sufficient knowledge and connectivity can operate at nearly the same level as a professional spy. You don't have to spend nearly as much time teaching tradecraft for CNE, compared to spycraft. You can often hire someone with private experience as a red teamer/pen tester and then just introduce them to your SOPs. Try hiring someone who has privately learned national-level spycraft.
- Motive. Besides "offender," this is the second of the two dimensions that APT critics tend to fixate upon. Yes, bad people have tried to spy on other people for thousands of years. However, in some respects even this is new, because the offender has his hands in so many aspects of the victim's centers of power. APT doesn't only want military secrets; it wants diplomatic, AND economic, AND cultural, AND...
- Opportunity. Connectivity creates opportunity in the digital realm. Again, contrast the digital world with the analog world of espionage. It takes a decent amount of work to prepare, insert, handle, and remove human spies. The digital equivalent is unfortunately still trivial in comparison.
To summarize, I think a lot of APT critics are focused on offender and motive, and ignore defender, means, and opportunity. When you expand beyond two-dimensional thinking, you'll see that APT is indeed new, without even considering technical aspects.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Example of Threat-Centric Security
By Richard Bejtlich
In my last post I mentioned the need to take threat-centric approaches to advanced persistent threat. No sooner than I had posted those thoughts do I read this:
Beijing 'strongly indignant' about U.S.-Taiwan arms sale
The Obama administration announced the sale Friday of $6 billion worth of Patriot anti-missile systems, helicopters, mine-sweeping ships and communications equipment to Taiwan in a long-expected move that sparked an angry protest from China.
In a strongly worded statement on Saturday, China's Defense Ministry suspended military exchanges with the United States and summoned the U.S. defense attache to lodge a "solemn protest" over the sale, the official Xinhua news agency reported.
"Considering the severe harm and odious effect of U.S. arms sales to Taiwan, the Chinese side has decided to suspend planned mutual military visits," Xinhua quoted the ministry as saying. The Foreign Ministry said China also would put sanctions on U.S. companies supplying the equipment.
It would have been interesting if the Obama administration had announced its arms sale in these terms:
"Considering the severe harm and odious effect of the advanced peristent threat, the American side has decided to sell the following arms to Taiwan."
It's time for the information security community to realize this problem is well outside our capability to really make a difference, without help from our governments.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Mandiant M-Trends on APT
By Richard Bejtlich
If you want to read a concise yet informative and clue-backed report on advanced persistent threat, I recommend completing this form to receive the first Mandiant M-Trends report.
Mandiant occupies a unique position with respect to this problem because they are one of only two security service companies with substantial counter-APT consulting experience.
You may read blog posts and commentary from other security service providers who either 1) suddenly claim counter-APT expertise or 2) deride "APT" as just a marketing term, or FUD, or some other term to hide their inexperience with this problem. The fact remains that, when organizations meet in closed forums to do real work on this problem, the names and faces are fairly constant. They don't include those trying to make an APT "splash" or those pretending APT is not a real problem.
Mandiant finishes its report with the following statement:
[T]his is a war of attrition against an enemy with extensive resources. It is a long fight, one that never ends. You will never declare victory.
I can already hear the skeptics saying "It never ends, so you can keep paying Mandiant consulting fees!" or "It never ends, so you can keep upgrading security products!" You're wrong, but nothing I say will convince some of you. The fact of the matter is that until the threat is addressed at the nation-state to nation-state level, victim organizations will continue to remain victims. This is not a problem that is going to be solved by victims better defending themselves. The cost is simply too great to take a vulnerability-centric approach. We need a threat-centric approach, where those with the authority to apply pressure on the threat are allowed to do so, using a variety of instruments of national power. This is the unfortunate reality of the conflict in which we are now engaged.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
http://www.securityfocus.com/news/11573?ref=rss
Most consumers reuse banking passwords
http://www.securityfocus.com/news/11572?ref=rss
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
Code execution holes in iPhone OS, iPod Touch
By Ryan Naraine on iPhone
The most serious flaw could allow remote code execution if an iPhone/iPod Touch user opens audio and image files.
Report: 48% of 22 million scanned computers infected with malware
By Dancho Danchev on Viruses and Worms
The recently released APWG report shows that 48% of the 22 million scanned computers are infected with malware. Over a million and a half are infected with crimeware/banker trojans.
Yahoo! News: Security News
Security News
Facebook Is a Cybercrime Danger Zone (NewsFactor)
In business
NewsFactor - Facebook and Twitter were all the rage in 2009, and not just for social networkers. The sites were also extremely popular among hackers and thieves, IT security firm Sophos revealed Monday in its Security Threat 2010 report.
Cyberthieves are hiring, using online ads (Reuters)
In technology
Reuters - The people who brought the world malicious software that steals credit card numbers from your personal computer and empties bank ATMs of their cash are hiring, and they're advertising online.
Trends & Innovations - Tuesday (Investor's Business Daily)
In business
Investor's Business Daily - Social networks are attracting more users -- and cyberattacks -- according to a report by IT security firm Sophos. Cybercriminals have increasingly focused attacks on social networking users in the last 12 months, Sophos says. 57% of users say they've been spammed via social networking sites, up 70.6% vs. last year. 36% reveal they have been sent malware via such sites, a 69.8% rise from last year.
US senator asks companies about China rights practices (AFP)
In technology
AFP - A US senator on Tuesday asked 30 leading companies, including Amazon, Apple, Facebook, IBM, Nokia and Twitter, for information about their human rights practices in China after Google's threat to leave the country over cyberattacks and Web censorship.
Most web bank clients use same passwords elsewhere (Reuters)
In technology
Reuters - A vast majority of online banking customers use their login credentials to access other websites, sharply increasing risk of attack to their bank account, Internet security firm Trusteer said on Tuesday.
China Works to Toughen Hacking Laws (PC World)
In technology
PC World - Chinese police and judicial officials are formulating new measures that govern how hacking crimes are handled by courts, the country's latest step to strengthen its cyber laws, state media reported.
Symantec adds former Intuit CEO Bennett to board (AP)
In technology
AP - Computer security software maker Symantec Corp. said Monday that Stephen P. Bennett, former president and CEO of accounting software maker Intuit Inc., will join its board of directors effective Feb. 8.
Cybercriminals Focus on Social Networks, Sophos Says (NewsFactor)
In business
NewsFactor - Facebook and Twitter users are under attack by cybercriminals -- and the incidents are rising, Sophos says in its its 2010 Security Threat Report released Monday. In the past 12 months, Sophos says, cybercriminals have focused more attacks on social-network users. Spam and malware are leading the charge.
Hack Brings Mac OS X to the Nokia N900 (PC World)
In technology
PC World - Have you ever wanted to run a full-blown copy of Mac OS X on your mobile device? One hacker has managed to get Apple's operating system running on a smartphone, and it's not the iPhone.
"Alarming" rise in cyberattacks at social networks: Sophos (AFP)
In us
AFP - There has been an "alarming" rise in spammers and hackers hunting for victims at online social networks, according to a report released Monday by computer security firm Sophos.
Cyber crooks cashing in on iPad frenzy (AFP)
In technology
AFP - Hackers and scammers are cashing in on iPad fever by luring the curious to booby-trapped websites with false promises of information about Apple's new tablet computer.
Google attack highlights 'zero-day' black market (AP)
In technology
AP - The recent hacking attack that prompted Google's threat to leave China is underscoring the heightened dangers of previously undisclosed computer security flaws — and renewing debate over buying and selling information about them in the black market.
Apple iPad Spam, Security Concerns Grow (PC Magazine)
In technology
PC Magazine - Apple-related spam has increased by 30 percent following the announcement of Apple's much-publicized new iPad. But there's another problem: iWork invites third-party documents into the iPad, but the iPhone OS limits what anti-virus vendors can do.
McAfee Warns of Cyberattacks on Critical Infrastructure (NewsFactor)
In business
NewsFactor - On Thursday, McAfee shed light on the cost and impact of cyberattacks on critical infrastructures such as electrical grids, oil and gas production, telecommunications and transportation networks. More than half of 600 IT security executives from critical infrastructure enterprises worldwide report large-scale attacks or infiltrations from organized crime, terrorists or nation-states.
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
Is Internet Explorer Inherently Insecure?
By deb@shinder.net (Deb Shinder)
Taking a look beyond the sensationalized headlines about IE browser security whilst asking whether switching will really keep you safe from attack.
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Traffic Talk 9 Posted
By Richard Bejtlich
I just noticed that my 9th edition of Traffic Talk, titled Testing Snort with Metasploit, was posted. From the article:
Security and networking service providers are often asked whether their solutions are working as expected. Two years ago, I wrote How to test Snort, which concentrated on reasons for testing and ways to avoid doing poor testing. In this article, prompted by recent discussions among networking professionals, I show how to combine several tools in a scenario where I test Snort with Metasploit.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Two Dimensional Thinking and APT
By Richard Bejtlich
I expect many readers will recognize the image at left as representing part of the final space battle in Star Trek II: The Wrath of Khan. During this battle, Kirk and Spock realize Khan's tactics are limited. Khan is treating the battle like it is occuring on the open seas, not in space. Spock says:
He is intelligent, but not experienced. His pattern indicates two-dimensional thinking.
I though this quote could describe many of the advanced persistent threat critics, particularly those who claim "it's just espionage" or "there's nothing new about this." Consider this one last argument to change your mind. (Ha, like that will happen. For everyone else, this is how I arrive at my conclusions.)
I think the problem is APT critics are thinking in one or two dimensions at most, when really this issue has at least five. When you only consider one or two dimensions, of course the problem looks like nothing new. When you take a more complete look, it's new.
- Offender. We know who the attacker is, and like many of you, I know this is not their first activity against foreign targets. I visited the country as an active duty Air Force intelligence officer in 1999. I got all the briefings, etc. etc. This is not the first time I've seen network activity from them. Wonderful.
- Defender. We know the offender has targeted national governments and militaries, like any nation-state might. What's different about APT is the breadth of their target base. Some criticize the Mandiant report for saying:
The APT isn't just a government problem; it isn't just a defense contractor problem. The APT is everyone's problem. No target is too small, or too obscure, or too well-defended. No organization is too large, two well-known, or too vulnerable. It's not spy-versus-spy espionage. It's spy-versus-everyone.
The phrasing here may be misleading (i.e., APT is not attacking my dry cleaner) but the point is valid. Looking over the APT target list, the victims cover a broad sweep of organizations. This is certainly new.
- Means. Let's talk espionage for a moment. Not everyone has the means to be a spy. You probably heard how effective the idiots who tried bugging Senator Landrieu's office were. With computer network exploitation (at the very least), those with sufficient knowledge and connectivity can operate at nearly the same level as a professional spy. You don't have to spend nearly as much time teaching tradecraft for CNE, compared to spycraft. You can often hire someone with private experience as a red teamer/pen tester and then just introduce them to your SOPs. Try hiring someone who has privately learned national-level spycraft.
- Motive. Besides "offender," this is the second of the two dimensions that APT critics tend to fixate upon. Yes, bad people have tried to spy on other people for thousands of years. However, in some respects even this is new, because the offender has his hands in so many aspects of the victim's centers of power. APT doesn't only want military secrets; it wants diplomatic, AND economic, AND cultural, AND...
- Opportunity. Connectivity creates opportunity in the digital realm. Again, contrast the digital world with the analog world of espionage. It takes a decent amount of work to prepare, insert, handle, and remove human spies. The digital equivalent is unfortunately still trivial in comparison.
To summarize, I think a lot of APT critics are focused on offender and motive, and ignore defender, means, and opportunity. When you expand beyond two-dimensional thinking, you'll see that APT is indeed new, without even considering technical aspects.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Example of Threat-Centric Security
By Richard Bejtlich
In my last post I mentioned the need to take threat-centric approaches to advanced persistent threat. No sooner than I had posted those thoughts do I read this:
Beijing 'strongly indignant' about U.S.-Taiwan arms sale
The Obama administration announced the sale Friday of $6 billion worth of Patriot anti-missile systems, helicopters, mine-sweeping ships and communications equipment to Taiwan in a long-expected move that sparked an angry protest from China.
In a strongly worded statement on Saturday, China's Defense Ministry suspended military exchanges with the United States and summoned the U.S. defense attache to lodge a "solemn protest" over the sale, the official Xinhua news agency reported.
"Considering the severe harm and odious effect of U.S. arms sales to Taiwan, the Chinese side has decided to suspend planned mutual military visits," Xinhua quoted the ministry as saying. The Foreign Ministry said China also would put sanctions on U.S. companies supplying the equipment.
It would have been interesting if the Obama administration had announced its arms sale in these terms:
"Considering the severe harm and odious effect of the advanced peristent threat, the American side has decided to sell the following arms to Taiwan."
It's time for the information security community to realize this problem is well outside our capability to really make a difference, without help from our governments.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Mandiant M-Trends on APT
By Richard Bejtlich
If you want to read a concise yet informative and clue-backed report on advanced persistent threat, I recommend completing this form to receive the first Mandiant M-Trends report.
Mandiant occupies a unique position with respect to this problem because they are one of only two security service companies with substantial counter-APT consulting experience.
You may read blog posts and commentary from other security service providers who either 1) suddenly claim counter-APT expertise or 2) deride "APT" as just a marketing term, or FUD, or some other term to hide their inexperience with this problem. The fact remains that, when organizations meet in closed forums to do real work on this problem, the names and faces are fairly constant. They don't include those trying to make an APT "splash" or those pretending APT is not a real problem.
Mandiant finishes its report with the following statement:
[T]his is a war of attrition against an enemy with extensive resources. It is a long fight, one that never ends. You will never declare victory.
I can already hear the skeptics saying "It never ends, so you can keep paying Mandiant consulting fees!" or "It never ends, so you can keep upgrading security products!" You're wrong, but nothing I say will convince some of you. The fact of the matter is that until the threat is addressed at the nation-state to nation-state level, victim organizations will continue to remain victims. This is not a problem that is going to be solved by victims better defending themselves. The cost is simply too great to take a vulnerability-centric approach. We need a threat-centric approach, where those with the authority to apply pressure on the threat are allowed to do so, using a variety of instruments of national power. This is the unfortunate reality of the conflict in which we are now engaged.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
http://www.securityfocus.com/news/11573?ref=rss
Most consumers reuse banking passwords
http://www.securityfocus.com/news/11572?ref=rss
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
By Dancho Danchev on Viruses and Worms
The recently released APWG report shows that 48% of the 22 million scanned computers are infected with malware. Over a million and a half are infected with crimeware/banker trojans.
Yahoo! News: Security News
Security News
Facebook Is a Cybercrime Danger Zone (NewsFactor)
In business
NewsFactor - Facebook and Twitter were all the rage in 2009, and not just for social networkers. The sites were also extremely popular among hackers and thieves, IT security firm Sophos revealed Monday in its Security Threat 2010 report.
Cyberthieves are hiring, using online ads (Reuters)
In technology
Reuters - The people who brought the world malicious software that steals credit card numbers from your personal computer and empties bank ATMs of their cash are hiring, and they're advertising online.
Trends & Innovations - Tuesday (Investor's Business Daily)
In business
Investor's Business Daily - Social networks are attracting more users -- and cyberattacks -- according to a report by IT security firm Sophos. Cybercriminals have increasingly focused attacks on social networking users in the last 12 months, Sophos says. 57% of users say they've been spammed via social networking sites, up 70.6% vs. last year. 36% reveal they have been sent malware via such sites, a 69.8% rise from last year.
US senator asks companies about China rights practices (AFP)
In technology
AFP - A US senator on Tuesday asked 30 leading companies, including Amazon, Apple, Facebook, IBM, Nokia and Twitter, for information about their human rights practices in China after Google's threat to leave the country over cyberattacks and Web censorship.
Most web bank clients use same passwords elsewhere (Reuters)
In technology
Reuters - A vast majority of online banking customers use their login credentials to access other websites, sharply increasing risk of attack to their bank account, Internet security firm Trusteer said on Tuesday.
China Works to Toughen Hacking Laws (PC World)
In technology
PC World - Chinese police and judicial officials are formulating new measures that govern how hacking crimes are handled by courts, the country's latest step to strengthen its cyber laws, state media reported.
Symantec adds former Intuit CEO Bennett to board (AP)
In technology
AP - Computer security software maker Symantec Corp. said Monday that Stephen P. Bennett, former president and CEO of accounting software maker Intuit Inc., will join its board of directors effective Feb. 8.
Cybercriminals Focus on Social Networks, Sophos Says (NewsFactor)
In business
NewsFactor - Facebook and Twitter users are under attack by cybercriminals -- and the incidents are rising, Sophos says in its its 2010 Security Threat Report released Monday. In the past 12 months, Sophos says, cybercriminals have focused more attacks on social-network users. Spam and malware are leading the charge.
Hack Brings Mac OS X to the Nokia N900 (PC World)
In technology
PC World - Have you ever wanted to run a full-blown copy of Mac OS X on your mobile device? One hacker has managed to get Apple's operating system running on a smartphone, and it's not the iPhone.
"Alarming" rise in cyberattacks at social networks: Sophos (AFP)
In us
AFP - There has been an "alarming" rise in spammers and hackers hunting for victims at online social networks, according to a report released Monday by computer security firm Sophos.
Cyber crooks cashing in on iPad frenzy (AFP)
In technology
AFP - Hackers and scammers are cashing in on iPad fever by luring the curious to booby-trapped websites with false promises of information about Apple's new tablet computer.
Google attack highlights 'zero-day' black market (AP)
In technology
AP - The recent hacking attack that prompted Google's threat to leave China is underscoring the heightened dangers of previously undisclosed computer security flaws — and renewing debate over buying and selling information about them in the black market.
Apple iPad Spam, Security Concerns Grow (PC Magazine)
In technology
PC Magazine - Apple-related spam has increased by 30 percent following the announcement of Apple's much-publicized new iPad. But there's another problem: iWork invites third-party documents into the iPad, but the iPhone OS limits what anti-virus vendors can do.
McAfee Warns of Cyberattacks on Critical Infrastructure (NewsFactor)
In business
NewsFactor - On Thursday, McAfee shed light on the cost and impact of cyberattacks on critical infrastructures such as electrical grids, oil and gas production, telecommunications and transportation networks. More than half of 600 IT security executives from critical infrastructure enterprises worldwide report large-scale attacks or infiltrations from organized crime, terrorists or nation-states.
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
Is Internet Explorer Inherently Insecure?
By deb@shinder.net (Deb Shinder)
Taking a look beyond the sensationalized headlines about IE browser security whilst asking whether switching will really keep you safe from attack.
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Traffic Talk 9 Posted
By Richard Bejtlich
I just noticed that my 9th edition of Traffic Talk, titled Testing Snort with Metasploit, was posted. From the article:
Security and networking service providers are often asked whether their solutions are working as expected. Two years ago, I wrote How to test Snort, which concentrated on reasons for testing and ways to avoid doing poor testing. In this article, prompted by recent discussions among networking professionals, I show how to combine several tools in a scenario where I test Snort with Metasploit.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Two Dimensional Thinking and APT
By Richard Bejtlich
I expect many readers will recognize the image at left as representing part of the final space battle in Star Trek II: The Wrath of Khan. During this battle, Kirk and Spock realize Khan's tactics are limited. Khan is treating the battle like it is occuring on the open seas, not in space. Spock says:
He is intelligent, but not experienced. His pattern indicates two-dimensional thinking.
I though this quote could describe many of the advanced persistent threat critics, particularly those who claim "it's just espionage" or "there's nothing new about this." Consider this one last argument to change your mind. (Ha, like that will happen. For everyone else, this is how I arrive at my conclusions.)
I think the problem is APT critics are thinking in one or two dimensions at most, when really this issue has at least five. When you only consider one or two dimensions, of course the problem looks like nothing new. When you take a more complete look, it's new.
- Offender. We know who the attacker is, and like many of you, I know this is not their first activity against foreign targets. I visited the country as an active duty Air Force intelligence officer in 1999. I got all the briefings, etc. etc. This is not the first time I've seen network activity from them. Wonderful.
- Defender. We know the offender has targeted national governments and militaries, like any nation-state might. What's different about APT is the breadth of their target base. Some criticize the Mandiant report for saying:
The APT isn't just a government problem; it isn't just a defense contractor problem. The APT is everyone's problem. No target is too small, or too obscure, or too well-defended. No organization is too large, two well-known, or too vulnerable. It's not spy-versus-spy espionage. It's spy-versus-everyone.
The phrasing here may be misleading (i.e., APT is not attacking my dry cleaner) but the point is valid. Looking over the APT target list, the victims cover a broad sweep of organizations. This is certainly new.
- Means. Let's talk espionage for a moment. Not everyone has the means to be a spy. You probably heard how effective the idiots who tried bugging Senator Landrieu's office were. With computer network exploitation (at the very least), those with sufficient knowledge and connectivity can operate at nearly the same level as a professional spy. You don't have to spend nearly as much time teaching tradecraft for CNE, compared to spycraft. You can often hire someone with private experience as a red teamer/pen tester and then just introduce them to your SOPs. Try hiring someone who has privately learned national-level spycraft.
- Motive. Besides "offender," this is the second of the two dimensions that APT critics tend to fixate upon. Yes, bad people have tried to spy on other people for thousands of years. However, in some respects even this is new, because the offender has his hands in so many aspects of the victim's centers of power. APT doesn't only want military secrets; it wants diplomatic, AND economic, AND cultural, AND...
- Opportunity. Connectivity creates opportunity in the digital realm. Again, contrast the digital world with the analog world of espionage. It takes a decent amount of work to prepare, insert, handle, and remove human spies. The digital equivalent is unfortunately still trivial in comparison.
To summarize, I think a lot of APT critics are focused on offender and motive, and ignore defender, means, and opportunity. When you expand beyond two-dimensional thinking, you'll see that APT is indeed new, without even considering technical aspects.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Example of Threat-Centric Security
By Richard Bejtlich
In my last post I mentioned the need to take threat-centric approaches to advanced persistent threat. No sooner than I had posted those thoughts do I read this:
Beijing 'strongly indignant' about U.S.-Taiwan arms sale
The Obama administration announced the sale Friday of $6 billion worth of Patriot anti-missile systems, helicopters, mine-sweeping ships and communications equipment to Taiwan in a long-expected move that sparked an angry protest from China.
In a strongly worded statement on Saturday, China's Defense Ministry suspended military exchanges with the United States and summoned the U.S. defense attache to lodge a "solemn protest" over the sale, the official Xinhua news agency reported.
"Considering the severe harm and odious effect of U.S. arms sales to Taiwan, the Chinese side has decided to suspend planned mutual military visits," Xinhua quoted the ministry as saying. The Foreign Ministry said China also would put sanctions on U.S. companies supplying the equipment.
It would have been interesting if the Obama administration had announced its arms sale in these terms:
"Considering the severe harm and odious effect of the advanced peristent threat, the American side has decided to sell the following arms to Taiwan."
It's time for the information security community to realize this problem is well outside our capability to really make a difference, without help from our governments.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Mandiant M-Trends on APT
By Richard Bejtlich
If you want to read a concise yet informative and clue-backed report on advanced persistent threat, I recommend completing this form to receive the first Mandiant M-Trends report.
Mandiant occupies a unique position with respect to this problem because they are one of only two security service companies with substantial counter-APT consulting experience.
You may read blog posts and commentary from other security service providers who either 1) suddenly claim counter-APT expertise or 2) deride "APT" as just a marketing term, or FUD, or some other term to hide their inexperience with this problem. The fact remains that, when organizations meet in closed forums to do real work on this problem, the names and faces are fairly constant. They don't include those trying to make an APT "splash" or those pretending APT is not a real problem.
Mandiant finishes its report with the following statement:
[T]his is a war of attrition against an enemy with extensive resources. It is a long fight, one that never ends. You will never declare victory.
I can already hear the skeptics saying "It never ends, so you can keep paying Mandiant consulting fees!" or "It never ends, so you can keep upgrading security products!" You're wrong, but nothing I say will convince some of you. The fact of the matter is that until the threat is addressed at the nation-state to nation-state level, victim organizations will continue to remain victims. This is not a problem that is going to be solved by victims better defending themselves. The cost is simply too great to take a vulnerability-centric approach. We need a threat-centric approach, where those with the authority to apply pressure on the threat are allowed to do so, using a variety of instruments of national power. This is the unfortunate reality of the conflict in which we are now engaged.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
http://www.securityfocus.com/news/11573?ref=rss
Most consumers reuse banking passwords
http://www.securityfocus.com/news/11572?ref=rss
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
Facebook Is a Cybercrime Danger Zone (NewsFactor)
In business
NewsFactor - Facebook and Twitter were all the rage in 2009, and not just for social networkers. The sites were also extremely popular among hackers and thieves, IT security firm Sophos revealed Monday in its Security Threat 2010 report.
Cyberthieves are hiring, using online ads (Reuters)
In technology
Reuters - The people who brought the world malicious software that steals credit card numbers from your personal computer and empties bank ATMs of their cash are hiring, and they're advertising online.
Trends & Innovations - Tuesday (Investor's Business Daily)
In business
Investor's Business Daily - Social networks are attracting more users -- and cyberattacks -- according to a report by IT security firm Sophos. Cybercriminals have increasingly focused attacks on social networking users in the last 12 months, Sophos says. 57% of users say they've been spammed via social networking sites, up 70.6% vs. last year. 36% reveal they have been sent malware via such sites, a 69.8% rise from last year.
US senator asks companies about China rights practices (AFP)
In technology
AFP - A US senator on Tuesday asked 30 leading companies, including Amazon, Apple, Facebook, IBM, Nokia and Twitter, for information about their human rights practices in China after Google's threat to leave the country over cyberattacks and Web censorship.
Most web bank clients use same passwords elsewhere (Reuters)
In technology
Reuters - A vast majority of online banking customers use their login credentials to access other websites, sharply increasing risk of attack to their bank account, Internet security firm Trusteer said on Tuesday.
China Works to Toughen Hacking Laws (PC World)
In technology
PC World - Chinese police and judicial officials are formulating new measures that govern how hacking crimes are handled by courts, the country's latest step to strengthen its cyber laws, state media reported.
Symantec adds former Intuit CEO Bennett to board (AP)
In technology
AP - Computer security software maker Symantec Corp. said Monday that Stephen P. Bennett, former president and CEO of accounting software maker Intuit Inc., will join its board of directors effective Feb. 8.
Cybercriminals Focus on Social Networks, Sophos Says (NewsFactor)
In business
NewsFactor - Facebook and Twitter users are under attack by cybercriminals -- and the incidents are rising, Sophos says in its its 2010 Security Threat Report released Monday. In the past 12 months, Sophos says, cybercriminals have focused more attacks on social-network users. Spam and malware are leading the charge.
Hack Brings Mac OS X to the Nokia N900 (PC World)
In technology
PC World - Have you ever wanted to run a full-blown copy of Mac OS X on your mobile device? One hacker has managed to get Apple's operating system running on a smartphone, and it's not the iPhone.
"Alarming" rise in cyberattacks at social networks: Sophos (AFP)
In us
AFP - There has been an "alarming" rise in spammers and hackers hunting for victims at online social networks, according to a report released Monday by computer security firm Sophos.
Cyber crooks cashing in on iPad frenzy (AFP)
In technology
AFP - Hackers and scammers are cashing in on iPad fever by luring the curious to booby-trapped websites with false promises of information about Apple's new tablet computer.
Google attack highlights 'zero-day' black market (AP)
In technology
AP - The recent hacking attack that prompted Google's threat to leave China is underscoring the heightened dangers of previously undisclosed computer security flaws — and renewing debate over buying and selling information about them in the black market.
Apple iPad Spam, Security Concerns Grow (PC Magazine)
In technology
PC Magazine - Apple-related spam has increased by 30 percent following the announcement of Apple's much-publicized new iPad. But there's another problem: iWork invites third-party documents into the iPad, but the iPhone OS limits what anti-virus vendors can do.
McAfee Warns of Cyberattacks on Critical Infrastructure (NewsFactor)
In business
NewsFactor - On Thursday, McAfee shed light on the cost and impact of cyberattacks on critical infrastructures such as electrical grids, oil and gas production, telecommunications and transportation networks. More than half of 600 IT security executives from critical infrastructure enterprises worldwide report large-scale attacks or infiltrations from organized crime, terrorists or nation-states.
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
Is Internet Explorer Inherently Insecure?
By deb@shinder.net (Deb Shinder)
Taking a look beyond the sensationalized headlines about IE browser security whilst asking whether switching will really keep you safe from attack.
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Traffic Talk 9 Posted
By Richard Bejtlich
I just noticed that my 9th edition of Traffic Talk, titled Testing Snort with Metasploit, was posted. From the article:
Security and networking service providers are often asked whether their solutions are working as expected. Two years ago, I wrote How to test Snort, which concentrated on reasons for testing and ways to avoid doing poor testing. In this article, prompted by recent discussions among networking professionals, I show how to combine several tools in a scenario where I test Snort with Metasploit.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Two Dimensional Thinking and APT
By Richard Bejtlich
I expect many readers will recognize the image at left as representing part of the final space battle in Star Trek II: The Wrath of Khan. During this battle, Kirk and Spock realize Khan's tactics are limited. Khan is treating the battle like it is occuring on the open seas, not in space. Spock says:
He is intelligent, but not experienced. His pattern indicates two-dimensional thinking.
I though this quote could describe many of the advanced persistent threat critics, particularly those who claim "it's just espionage" or "there's nothing new about this." Consider this one last argument to change your mind. (Ha, like that will happen. For everyone else, this is how I arrive at my conclusions.)
I think the problem is APT critics are thinking in one or two dimensions at most, when really this issue has at least five. When you only consider one or two dimensions, of course the problem looks like nothing new. When you take a more complete look, it's new.
- Offender. We know who the attacker is, and like many of you, I know this is not their first activity against foreign targets. I visited the country as an active duty Air Force intelligence officer in 1999. I got all the briefings, etc. etc. This is not the first time I've seen network activity from them. Wonderful.
- Defender. We know the offender has targeted national governments and militaries, like any nation-state might. What's different about APT is the breadth of their target base. Some criticize the Mandiant report for saying:
The APT isn't just a government problem; it isn't just a defense contractor problem. The APT is everyone's problem. No target is too small, or too obscure, or too well-defended. No organization is too large, two well-known, or too vulnerable. It's not spy-versus-spy espionage. It's spy-versus-everyone.
The phrasing here may be misleading (i.e., APT is not attacking my dry cleaner) but the point is valid. Looking over the APT target list, the victims cover a broad sweep of organizations. This is certainly new.
- Means. Let's talk espionage for a moment. Not everyone has the means to be a spy. You probably heard how effective the idiots who tried bugging Senator Landrieu's office were. With computer network exploitation (at the very least), those with sufficient knowledge and connectivity can operate at nearly the same level as a professional spy. You don't have to spend nearly as much time teaching tradecraft for CNE, compared to spycraft. You can often hire someone with private experience as a red teamer/pen tester and then just introduce them to your SOPs. Try hiring someone who has privately learned national-level spycraft.
- Motive. Besides "offender," this is the second of the two dimensions that APT critics tend to fixate upon. Yes, bad people have tried to spy on other people for thousands of years. However, in some respects even this is new, because the offender has his hands in so many aspects of the victim's centers of power. APT doesn't only want military secrets; it wants diplomatic, AND economic, AND cultural, AND...
- Opportunity. Connectivity creates opportunity in the digital realm. Again, contrast the digital world with the analog world of espionage. It takes a decent amount of work to prepare, insert, handle, and remove human spies. The digital equivalent is unfortunately still trivial in comparison.
To summarize, I think a lot of APT critics are focused on offender and motive, and ignore defender, means, and opportunity. When you expand beyond two-dimensional thinking, you'll see that APT is indeed new, without even considering technical aspects.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Example of Threat-Centric Security
By Richard Bejtlich
In my last post I mentioned the need to take threat-centric approaches to advanced persistent threat. No sooner than I had posted those thoughts do I read this:
Beijing 'strongly indignant' about U.S.-Taiwan arms sale
The Obama administration announced the sale Friday of $6 billion worth of Patriot anti-missile systems, helicopters, mine-sweeping ships and communications equipment to Taiwan in a long-expected move that sparked an angry protest from China.
In a strongly worded statement on Saturday, China's Defense Ministry suspended military exchanges with the United States and summoned the U.S. defense attache to lodge a "solemn protest" over the sale, the official Xinhua news agency reported.
"Considering the severe harm and odious effect of U.S. arms sales to Taiwan, the Chinese side has decided to suspend planned mutual military visits," Xinhua quoted the ministry as saying. The Foreign Ministry said China also would put sanctions on U.S. companies supplying the equipment.
It would have been interesting if the Obama administration had announced its arms sale in these terms:
"Considering the severe harm and odious effect of the advanced peristent threat, the American side has decided to sell the following arms to Taiwan."
It's time for the information security community to realize this problem is well outside our capability to really make a difference, without help from our governments.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Mandiant M-Trends on APT
By Richard Bejtlich
If you want to read a concise yet informative and clue-backed report on advanced persistent threat, I recommend completing this form to receive the first Mandiant M-Trends report.
Mandiant occupies a unique position with respect to this problem because they are one of only two security service companies with substantial counter-APT consulting experience.
You may read blog posts and commentary from other security service providers who either 1) suddenly claim counter-APT expertise or 2) deride "APT" as just a marketing term, or FUD, or some other term to hide their inexperience with this problem. The fact remains that, when organizations meet in closed forums to do real work on this problem, the names and faces are fairly constant. They don't include those trying to make an APT "splash" or those pretending APT is not a real problem.
Mandiant finishes its report with the following statement:
[T]his is a war of attrition against an enemy with extensive resources. It is a long fight, one that never ends. You will never declare victory.
I can already hear the skeptics saying "It never ends, so you can keep paying Mandiant consulting fees!" or "It never ends, so you can keep upgrading security products!" You're wrong, but nothing I say will convince some of you. The fact of the matter is that until the threat is addressed at the nation-state to nation-state level, victim organizations will continue to remain victims. This is not a problem that is going to be solved by victims better defending themselves. The cost is simply too great to take a vulnerability-centric approach. We need a threat-centric approach, where those with the authority to apply pressure on the threat are allowed to do so, using a variety of instruments of national power. This is the unfortunate reality of the conflict in which we are now engaged.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
http://www.securityfocus.com/news/11573?ref=rss
Most consumers reuse banking passwords
http://www.securityfocus.com/news/11572?ref=rss
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
In technology
Reuters - The people who brought the world malicious software that steals credit card numbers from your personal computer and empties bank ATMs of their cash are hiring, and they're advertising online.Trends & Innovations - Tuesday (Investor's Business Daily)
In business
Investor's Business Daily - Social networks are attracting more users -- and cyberattacks -- according to a report by IT security firm Sophos. Cybercriminals have increasingly focused attacks on social networking users in the last 12 months, Sophos says. 57% of users say they've been spammed via social networking sites, up 70.6% vs. last year. 36% reveal they have been sent malware via such sites, a 69.8% rise from last year.
US senator asks companies about China rights practices (AFP)
In technology
AFP - A US senator on Tuesday asked 30 leading companies, including Amazon, Apple, Facebook, IBM, Nokia and Twitter, for information about their human rights practices in China after Google's threat to leave the country over cyberattacks and Web censorship.
Most web bank clients use same passwords elsewhere (Reuters)
In technology
Reuters - A vast majority of online banking customers use their login credentials to access other websites, sharply increasing risk of attack to their bank account, Internet security firm Trusteer said on Tuesday.
China Works to Toughen Hacking Laws (PC World)
In technology
PC World - Chinese police and judicial officials are formulating new measures that govern how hacking crimes are handled by courts, the country's latest step to strengthen its cyber laws, state media reported.
Symantec adds former Intuit CEO Bennett to board (AP)
In technology
AP - Computer security software maker Symantec Corp. said Monday that Stephen P. Bennett, former president and CEO of accounting software maker Intuit Inc., will join its board of directors effective Feb. 8.
Cybercriminals Focus on Social Networks, Sophos Says (NewsFactor)
In business
NewsFactor - Facebook and Twitter users are under attack by cybercriminals -- and the incidents are rising, Sophos says in its its 2010 Security Threat Report released Monday. In the past 12 months, Sophos says, cybercriminals have focused more attacks on social-network users. Spam and malware are leading the charge.
Hack Brings Mac OS X to the Nokia N900 (PC World)
In technology
PC World - Have you ever wanted to run a full-blown copy of Mac OS X on your mobile device? One hacker has managed to get Apple's operating system running on a smartphone, and it's not the iPhone.
"Alarming" rise in cyberattacks at social networks: Sophos (AFP)
In us
AFP - There has been an "alarming" rise in spammers and hackers hunting for victims at online social networks, according to a report released Monday by computer security firm Sophos.
Cyber crooks cashing in on iPad frenzy (AFP)
In technology
AFP - Hackers and scammers are cashing in on iPad fever by luring the curious to booby-trapped websites with false promises of information about Apple's new tablet computer.
Google attack highlights 'zero-day' black market (AP)
In technology
AP - The recent hacking attack that prompted Google's threat to leave China is underscoring the heightened dangers of previously undisclosed computer security flaws — and renewing debate over buying and selling information about them in the black market.
Apple iPad Spam, Security Concerns Grow (PC Magazine)
In technology
PC Magazine - Apple-related spam has increased by 30 percent following the announcement of Apple's much-publicized new iPad. But there's another problem: iWork invites third-party documents into the iPad, but the iPhone OS limits what anti-virus vendors can do.
McAfee Warns of Cyberattacks on Critical Infrastructure (NewsFactor)
In business
NewsFactor - On Thursday, McAfee shed light on the cost and impact of cyberattacks on critical infrastructures such as electrical grids, oil and gas production, telecommunications and transportation networks. More than half of 600 IT security executives from critical infrastructure enterprises worldwide report large-scale attacks or infiltrations from organized crime, terrorists or nation-states.
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
Is Internet Explorer Inherently Insecure?
By deb@shinder.net (Deb Shinder)
Taking a look beyond the sensationalized headlines about IE browser security whilst asking whether switching will really keep you safe from attack.
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Traffic Talk 9 Posted
By Richard Bejtlich
I just noticed that my 9th edition of Traffic Talk, titled Testing Snort with Metasploit, was posted. From the article:
Security and networking service providers are often asked whether their solutions are working as expected. Two years ago, I wrote How to test Snort, which concentrated on reasons for testing and ways to avoid doing poor testing. In this article, prompted by recent discussions among networking professionals, I show how to combine several tools in a scenario where I test Snort with Metasploit.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Two Dimensional Thinking and APT
By Richard Bejtlich
I expect many readers will recognize the image at left as representing part of the final space battle in Star Trek II: The Wrath of Khan. During this battle, Kirk and Spock realize Khan's tactics are limited. Khan is treating the battle like it is occuring on the open seas, not in space. Spock says:
He is intelligent, but not experienced. His pattern indicates two-dimensional thinking.
I though this quote could describe many of the advanced persistent threat critics, particularly those who claim "it's just espionage" or "there's nothing new about this." Consider this one last argument to change your mind. (Ha, like that will happen. For everyone else, this is how I arrive at my conclusions.)
I think the problem is APT critics are thinking in one or two dimensions at most, when really this issue has at least five. When you only consider one or two dimensions, of course the problem looks like nothing new. When you take a more complete look, it's new.
- Offender. We know who the attacker is, and like many of you, I know this is not their first activity against foreign targets. I visited the country as an active duty Air Force intelligence officer in 1999. I got all the briefings, etc. etc. This is not the first time I've seen network activity from them. Wonderful.
- Defender. We know the offender has targeted national governments and militaries, like any nation-state might. What's different about APT is the breadth of their target base. Some criticize the Mandiant report for saying:
The APT isn't just a government problem; it isn't just a defense contractor problem. The APT is everyone's problem. No target is too small, or too obscure, or too well-defended. No organization is too large, two well-known, or too vulnerable. It's not spy-versus-spy espionage. It's spy-versus-everyone.
The phrasing here may be misleading (i.e., APT is not attacking my dry cleaner) but the point is valid. Looking over the APT target list, the victims cover a broad sweep of organizations. This is certainly new.
- Means. Let's talk espionage for a moment. Not everyone has the means to be a spy. You probably heard how effective the idiots who tried bugging Senator Landrieu's office were. With computer network exploitation (at the very least), those with sufficient knowledge and connectivity can operate at nearly the same level as a professional spy. You don't have to spend nearly as much time teaching tradecraft for CNE, compared to spycraft. You can often hire someone with private experience as a red teamer/pen tester and then just introduce them to your SOPs. Try hiring someone who has privately learned national-level spycraft.
- Motive. Besides "offender," this is the second of the two dimensions that APT critics tend to fixate upon. Yes, bad people have tried to spy on other people for thousands of years. However, in some respects even this is new, because the offender has his hands in so many aspects of the victim's centers of power. APT doesn't only want military secrets; it wants diplomatic, AND economic, AND cultural, AND...
- Opportunity. Connectivity creates opportunity in the digital realm. Again, contrast the digital world with the analog world of espionage. It takes a decent amount of work to prepare, insert, handle, and remove human spies. The digital equivalent is unfortunately still trivial in comparison.
To summarize, I think a lot of APT critics are focused on offender and motive, and ignore defender, means, and opportunity. When you expand beyond two-dimensional thinking, you'll see that APT is indeed new, without even considering technical aspects.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Example of Threat-Centric Security
By Richard Bejtlich
In my last post I mentioned the need to take threat-centric approaches to advanced persistent threat. No sooner than I had posted those thoughts do I read this:
Beijing 'strongly indignant' about U.S.-Taiwan arms sale
The Obama administration announced the sale Friday of $6 billion worth of Patriot anti-missile systems, helicopters, mine-sweeping ships and communications equipment to Taiwan in a long-expected move that sparked an angry protest from China.
In a strongly worded statement on Saturday, China's Defense Ministry suspended military exchanges with the United States and summoned the U.S. defense attache to lodge a "solemn protest" over the sale, the official Xinhua news agency reported.
"Considering the severe harm and odious effect of U.S. arms sales to Taiwan, the Chinese side has decided to suspend planned mutual military visits," Xinhua quoted the ministry as saying. The Foreign Ministry said China also would put sanctions on U.S. companies supplying the equipment.
It would have been interesting if the Obama administration had announced its arms sale in these terms:
"Considering the severe harm and odious effect of the advanced peristent threat, the American side has decided to sell the following arms to Taiwan."
It's time for the information security community to realize this problem is well outside our capability to really make a difference, without help from our governments.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Mandiant M-Trends on APT
By Richard Bejtlich
If you want to read a concise yet informative and clue-backed report on advanced persistent threat, I recommend completing this form to receive the first Mandiant M-Trends report.
Mandiant occupies a unique position with respect to this problem because they are one of only two security service companies with substantial counter-APT consulting experience.
You may read blog posts and commentary from other security service providers who either 1) suddenly claim counter-APT expertise or 2) deride "APT" as just a marketing term, or FUD, or some other term to hide their inexperience with this problem. The fact remains that, when organizations meet in closed forums to do real work on this problem, the names and faces are fairly constant. They don't include those trying to make an APT "splash" or those pretending APT is not a real problem.
Mandiant finishes its report with the following statement:
[T]his is a war of attrition against an enemy with extensive resources. It is a long fight, one that never ends. You will never declare victory.
I can already hear the skeptics saying "It never ends, so you can keep paying Mandiant consulting fees!" or "It never ends, so you can keep upgrading security products!" You're wrong, but nothing I say will convince some of you. The fact of the matter is that until the threat is addressed at the nation-state to nation-state level, victim organizations will continue to remain victims. This is not a problem that is going to be solved by victims better defending themselves. The cost is simply too great to take a vulnerability-centric approach. We need a threat-centric approach, where those with the authority to apply pressure on the threat are allowed to do so, using a variety of instruments of national power. This is the unfortunate reality of the conflict in which we are now engaged.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
http://www.securityfocus.com/news/11573?ref=rss
Most consumers reuse banking passwords
http://www.securityfocus.com/news/11572?ref=rss
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
In technology
AFP - A US senator on Tuesday asked 30 leading companies, including Amazon, Apple, Facebook, IBM, Nokia and Twitter, for information about their human rights practices in China after Google's threat to leave the country over cyberattacks and Web censorship.Most web bank clients use same passwords elsewhere (Reuters)
In technology
Reuters - A vast majority of online banking customers use their login credentials to access other websites, sharply increasing risk of attack to their bank account, Internet security firm Trusteer said on Tuesday.
China Works to Toughen Hacking Laws (PC World)
In technology
PC World - Chinese police and judicial officials are formulating new measures that govern how hacking crimes are handled by courts, the country's latest step to strengthen its cyber laws, state media reported.
Symantec adds former Intuit CEO Bennett to board (AP)
In technology
AP - Computer security software maker Symantec Corp. said Monday that Stephen P. Bennett, former president and CEO of accounting software maker Intuit Inc., will join its board of directors effective Feb. 8.
Cybercriminals Focus on Social Networks, Sophos Says (NewsFactor)
In business
NewsFactor - Facebook and Twitter users are under attack by cybercriminals -- and the incidents are rising, Sophos says in its its 2010 Security Threat Report released Monday. In the past 12 months, Sophos says, cybercriminals have focused more attacks on social-network users. Spam and malware are leading the charge.
Hack Brings Mac OS X to the Nokia N900 (PC World)
In technology
PC World - Have you ever wanted to run a full-blown copy of Mac OS X on your mobile device? One hacker has managed to get Apple's operating system running on a smartphone, and it's not the iPhone.
"Alarming" rise in cyberattacks at social networks: Sophos (AFP)
In us
AFP - There has been an "alarming" rise in spammers and hackers hunting for victims at online social networks, according to a report released Monday by computer security firm Sophos.
Cyber crooks cashing in on iPad frenzy (AFP)
In technology
AFP - Hackers and scammers are cashing in on iPad fever by luring the curious to booby-trapped websites with false promises of information about Apple's new tablet computer.
Google attack highlights 'zero-day' black market (AP)
In technology
AP - The recent hacking attack that prompted Google's threat to leave China is underscoring the heightened dangers of previously undisclosed computer security flaws — and renewing debate over buying and selling information about them in the black market.
Apple iPad Spam, Security Concerns Grow (PC Magazine)
In technology
PC Magazine - Apple-related spam has increased by 30 percent following the announcement of Apple's much-publicized new iPad. But there's another problem: iWork invites third-party documents into the iPad, but the iPhone OS limits what anti-virus vendors can do.
McAfee Warns of Cyberattacks on Critical Infrastructure (NewsFactor)
In business
NewsFactor - On Thursday, McAfee shed light on the cost and impact of cyberattacks on critical infrastructures such as electrical grids, oil and gas production, telecommunications and transportation networks. More than half of 600 IT security executives from critical infrastructure enterprises worldwide report large-scale attacks or infiltrations from organized crime, terrorists or nation-states.
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
Is Internet Explorer Inherently Insecure?
By deb@shinder.net (Deb Shinder)
Taking a look beyond the sensationalized headlines about IE browser security whilst asking whether switching will really keep you safe from attack.
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Traffic Talk 9 Posted
By Richard Bejtlich
I just noticed that my 9th edition of Traffic Talk, titled Testing Snort with Metasploit, was posted. From the article:
Security and networking service providers are often asked whether their solutions are working as expected. Two years ago, I wrote How to test Snort, which concentrated on reasons for testing and ways to avoid doing poor testing. In this article, prompted by recent discussions among networking professionals, I show how to combine several tools in a scenario where I test Snort with Metasploit.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Two Dimensional Thinking and APT
By Richard Bejtlich
I expect many readers will recognize the image at left as representing part of the final space battle in Star Trek II: The Wrath of Khan. During this battle, Kirk and Spock realize Khan's tactics are limited. Khan is treating the battle like it is occuring on the open seas, not in space. Spock says:
He is intelligent, but not experienced. His pattern indicates two-dimensional thinking.
I though this quote could describe many of the advanced persistent threat critics, particularly those who claim "it's just espionage" or "there's nothing new about this." Consider this one last argument to change your mind. (Ha, like that will happen. For everyone else, this is how I arrive at my conclusions.)
I think the problem is APT critics are thinking in one or two dimensions at most, when really this issue has at least five. When you only consider one or two dimensions, of course the problem looks like nothing new. When you take a more complete look, it's new.
- Offender. We know who the attacker is, and like many of you, I know this is not their first activity against foreign targets. I visited the country as an active duty Air Force intelligence officer in 1999. I got all the briefings, etc. etc. This is not the first time I've seen network activity from them. Wonderful.
- Defender. We know the offender has targeted national governments and militaries, like any nation-state might. What's different about APT is the breadth of their target base. Some criticize the Mandiant report for saying:
The APT isn't just a government problem; it isn't just a defense contractor problem. The APT is everyone's problem. No target is too small, or too obscure, or too well-defended. No organization is too large, two well-known, or too vulnerable. It's not spy-versus-spy espionage. It's spy-versus-everyone.
The phrasing here may be misleading (i.e., APT is not attacking my dry cleaner) but the point is valid. Looking over the APT target list, the victims cover a broad sweep of organizations. This is certainly new.
- Means. Let's talk espionage for a moment. Not everyone has the means to be a spy. You probably heard how effective the idiots who tried bugging Senator Landrieu's office were. With computer network exploitation (at the very least), those with sufficient knowledge and connectivity can operate at nearly the same level as a professional spy. You don't have to spend nearly as much time teaching tradecraft for CNE, compared to spycraft. You can often hire someone with private experience as a red teamer/pen tester and then just introduce them to your SOPs. Try hiring someone who has privately learned national-level spycraft.
- Motive. Besides "offender," this is the second of the two dimensions that APT critics tend to fixate upon. Yes, bad people have tried to spy on other people for thousands of years. However, in some respects even this is new, because the offender has his hands in so many aspects of the victim's centers of power. APT doesn't only want military secrets; it wants diplomatic, AND economic, AND cultural, AND...
- Opportunity. Connectivity creates opportunity in the digital realm. Again, contrast the digital world with the analog world of espionage. It takes a decent amount of work to prepare, insert, handle, and remove human spies. The digital equivalent is unfortunately still trivial in comparison.
To summarize, I think a lot of APT critics are focused on offender and motive, and ignore defender, means, and opportunity. When you expand beyond two-dimensional thinking, you'll see that APT is indeed new, without even considering technical aspects.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Example of Threat-Centric Security
By Richard Bejtlich
In my last post I mentioned the need to take threat-centric approaches to advanced persistent threat. No sooner than I had posted those thoughts do I read this:
Beijing 'strongly indignant' about U.S.-Taiwan arms sale
The Obama administration announced the sale Friday of $6 billion worth of Patriot anti-missile systems, helicopters, mine-sweeping ships and communications equipment to Taiwan in a long-expected move that sparked an angry protest from China.
In a strongly worded statement on Saturday, China's Defense Ministry suspended military exchanges with the United States and summoned the U.S. defense attache to lodge a "solemn protest" over the sale, the official Xinhua news agency reported.
"Considering the severe harm and odious effect of U.S. arms sales to Taiwan, the Chinese side has decided to suspend planned mutual military visits," Xinhua quoted the ministry as saying. The Foreign Ministry said China also would put sanctions on U.S. companies supplying the equipment.
It would have been interesting if the Obama administration had announced its arms sale in these terms:
"Considering the severe harm and odious effect of the advanced peristent threat, the American side has decided to sell the following arms to Taiwan."
It's time for the information security community to realize this problem is well outside our capability to really make a difference, without help from our governments.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Mandiant M-Trends on APT
By Richard Bejtlich
If you want to read a concise yet informative and clue-backed report on advanced persistent threat, I recommend completing this form to receive the first Mandiant M-Trends report.
Mandiant occupies a unique position with respect to this problem because they are one of only two security service companies with substantial counter-APT consulting experience.
You may read blog posts and commentary from other security service providers who either 1) suddenly claim counter-APT expertise or 2) deride "APT" as just a marketing term, or FUD, or some other term to hide their inexperience with this problem. The fact remains that, when organizations meet in closed forums to do real work on this problem, the names and faces are fairly constant. They don't include those trying to make an APT "splash" or those pretending APT is not a real problem.
Mandiant finishes its report with the following statement:
[T]his is a war of attrition against an enemy with extensive resources. It is a long fight, one that never ends. You will never declare victory.
I can already hear the skeptics saying "It never ends, so you can keep paying Mandiant consulting fees!" or "It never ends, so you can keep upgrading security products!" You're wrong, but nothing I say will convince some of you. The fact of the matter is that until the threat is addressed at the nation-state to nation-state level, victim organizations will continue to remain victims. This is not a problem that is going to be solved by victims better defending themselves. The cost is simply too great to take a vulnerability-centric approach. We need a threat-centric approach, where those with the authority to apply pressure on the threat are allowed to do so, using a variety of instruments of national power. This is the unfortunate reality of the conflict in which we are now engaged.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
http://www.securityfocus.com/news/11573?ref=rss
Most consumers reuse banking passwords
http://www.securityfocus.com/news/11572?ref=rss
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
Reuters - A vast majority of online banking customers use their login credentials to access other websites, sharply increasing risk of attack to their bank account, Internet security firm Trusteer said on Tuesday.In technology
PC World - Chinese police and judicial officials are formulating new measures that govern how hacking crimes are handled by courts, the country's latest step to strengthen its cyber laws, state media reported.
Symantec adds former Intuit CEO Bennett to board (AP)
In technology
AP - Computer security software maker Symantec Corp. said Monday that Stephen P. Bennett, former president and CEO of accounting software maker Intuit Inc., will join its board of directors effective Feb. 8.
Cybercriminals Focus on Social Networks, Sophos Says (NewsFactor)
In business
NewsFactor - Facebook and Twitter users are under attack by cybercriminals -- and the incidents are rising, Sophos says in its its 2010 Security Threat Report released Monday. In the past 12 months, Sophos says, cybercriminals have focused more attacks on social-network users. Spam and malware are leading the charge.
Hack Brings Mac OS X to the Nokia N900 (PC World)
In technology
PC World - Have you ever wanted to run a full-blown copy of Mac OS X on your mobile device? One hacker has managed to get Apple's operating system running on a smartphone, and it's not the iPhone.
"Alarming" rise in cyberattacks at social networks: Sophos (AFP)
In us
AFP - There has been an "alarming" rise in spammers and hackers hunting for victims at online social networks, according to a report released Monday by computer security firm Sophos.
Cyber crooks cashing in on iPad frenzy (AFP)
In technology
AFP - Hackers and scammers are cashing in on iPad fever by luring the curious to booby-trapped websites with false promises of information about Apple's new tablet computer.
Google attack highlights 'zero-day' black market (AP)
In technology
AP - The recent hacking attack that prompted Google's threat to leave China is underscoring the heightened dangers of previously undisclosed computer security flaws — and renewing debate over buying and selling information about them in the black market.
Apple iPad Spam, Security Concerns Grow (PC Magazine)
In technology
PC Magazine - Apple-related spam has increased by 30 percent following the announcement of Apple's much-publicized new iPad. But there's another problem: iWork invites third-party documents into the iPad, but the iPhone OS limits what anti-virus vendors can do.
McAfee Warns of Cyberattacks on Critical Infrastructure (NewsFactor)
In business
NewsFactor - On Thursday, McAfee shed light on the cost and impact of cyberattacks on critical infrastructures such as electrical grids, oil and gas production, telecommunications and transportation networks. More than half of 600 IT security executives from critical infrastructure enterprises worldwide report large-scale attacks or infiltrations from organized crime, terrorists or nation-states.
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
Is Internet Explorer Inherently Insecure?
By deb@shinder.net (Deb Shinder)
Taking a look beyond the sensationalized headlines about IE browser security whilst asking whether switching will really keep you safe from attack.
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Traffic Talk 9 Posted
By Richard Bejtlich
I just noticed that my 9th edition of Traffic Talk, titled Testing Snort with Metasploit, was posted. From the article:
Security and networking service providers are often asked whether their solutions are working as expected. Two years ago, I wrote How to test Snort, which concentrated on reasons for testing and ways to avoid doing poor testing. In this article, prompted by recent discussions among networking professionals, I show how to combine several tools in a scenario where I test Snort with Metasploit.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Two Dimensional Thinking and APT
By Richard Bejtlich
I expect many readers will recognize the image at left as representing part of the final space battle in Star Trek II: The Wrath of Khan. During this battle, Kirk and Spock realize Khan's tactics are limited. Khan is treating the battle like it is occuring on the open seas, not in space. Spock says:
He is intelligent, but not experienced. His pattern indicates two-dimensional thinking.
I though this quote could describe many of the advanced persistent threat critics, particularly those who claim "it's just espionage" or "there's nothing new about this." Consider this one last argument to change your mind. (Ha, like that will happen. For everyone else, this is how I arrive at my conclusions.)
I think the problem is APT critics are thinking in one or two dimensions at most, when really this issue has at least five. When you only consider one or two dimensions, of course the problem looks like nothing new. When you take a more complete look, it's new.
- Offender. We know who the attacker is, and like many of you, I know this is not their first activity against foreign targets. I visited the country as an active duty Air Force intelligence officer in 1999. I got all the briefings, etc. etc. This is not the first time I've seen network activity from them. Wonderful.
- Defender. We know the offender has targeted national governments and militaries, like any nation-state might. What's different about APT is the breadth of their target base. Some criticize the Mandiant report for saying:
The APT isn't just a government problem; it isn't just a defense contractor problem. The APT is everyone's problem. No target is too small, or too obscure, or too well-defended. No organization is too large, two well-known, or too vulnerable. It's not spy-versus-spy espionage. It's spy-versus-everyone.
The phrasing here may be misleading (i.e., APT is not attacking my dry cleaner) but the point is valid. Looking over the APT target list, the victims cover a broad sweep of organizations. This is certainly new.
- Means. Let's talk espionage for a moment. Not everyone has the means to be a spy. You probably heard how effective the idiots who tried bugging Senator Landrieu's office were. With computer network exploitation (at the very least), those with sufficient knowledge and connectivity can operate at nearly the same level as a professional spy. You don't have to spend nearly as much time teaching tradecraft for CNE, compared to spycraft. You can often hire someone with private experience as a red teamer/pen tester and then just introduce them to your SOPs. Try hiring someone who has privately learned national-level spycraft.
- Motive. Besides "offender," this is the second of the two dimensions that APT critics tend to fixate upon. Yes, bad people have tried to spy on other people for thousands of years. However, in some respects even this is new, because the offender has his hands in so many aspects of the victim's centers of power. APT doesn't only want military secrets; it wants diplomatic, AND economic, AND cultural, AND...
- Opportunity. Connectivity creates opportunity in the digital realm. Again, contrast the digital world with the analog world of espionage. It takes a decent amount of work to prepare, insert, handle, and remove human spies. The digital equivalent is unfortunately still trivial in comparison.
To summarize, I think a lot of APT critics are focused on offender and motive, and ignore defender, means, and opportunity. When you expand beyond two-dimensional thinking, you'll see that APT is indeed new, without even considering technical aspects.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Example of Threat-Centric Security
By Richard Bejtlich
In my last post I mentioned the need to take threat-centric approaches to advanced persistent threat. No sooner than I had posted those thoughts do I read this:
Beijing 'strongly indignant' about U.S.-Taiwan arms sale
The Obama administration announced the sale Friday of $6 billion worth of Patriot anti-missile systems, helicopters, mine-sweeping ships and communications equipment to Taiwan in a long-expected move that sparked an angry protest from China.
In a strongly worded statement on Saturday, China's Defense Ministry suspended military exchanges with the United States and summoned the U.S. defense attache to lodge a "solemn protest" over the sale, the official Xinhua news agency reported.
"Considering the severe harm and odious effect of U.S. arms sales to Taiwan, the Chinese side has decided to suspend planned mutual military visits," Xinhua quoted the ministry as saying. The Foreign Ministry said China also would put sanctions on U.S. companies supplying the equipment.
It would have been interesting if the Obama administration had announced its arms sale in these terms:
"Considering the severe harm and odious effect of the advanced peristent threat, the American side has decided to sell the following arms to Taiwan."
It's time for the information security community to realize this problem is well outside our capability to really make a difference, without help from our governments.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Mandiant M-Trends on APT
By Richard Bejtlich
If you want to read a concise yet informative and clue-backed report on advanced persistent threat, I recommend completing this form to receive the first Mandiant M-Trends report.
Mandiant occupies a unique position with respect to this problem because they are one of only two security service companies with substantial counter-APT consulting experience.
You may read blog posts and commentary from other security service providers who either 1) suddenly claim counter-APT expertise or 2) deride "APT" as just a marketing term, or FUD, or some other term to hide their inexperience with this problem. The fact remains that, when organizations meet in closed forums to do real work on this problem, the names and faces are fairly constant. They don't include those trying to make an APT "splash" or those pretending APT is not a real problem.
Mandiant finishes its report with the following statement:
[T]his is a war of attrition against an enemy with extensive resources. It is a long fight, one that never ends. You will never declare victory.
I can already hear the skeptics saying "It never ends, so you can keep paying Mandiant consulting fees!" or "It never ends, so you can keep upgrading security products!" You're wrong, but nothing I say will convince some of you. The fact of the matter is that until the threat is addressed at the nation-state to nation-state level, victim organizations will continue to remain victims. This is not a problem that is going to be solved by victims better defending themselves. The cost is simply too great to take a vulnerability-centric approach. We need a threat-centric approach, where those with the authority to apply pressure on the threat are allowed to do so, using a variety of instruments of national power. This is the unfortunate reality of the conflict in which we are now engaged.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
http://www.securityfocus.com/news/11573?ref=rss
Most consumers reuse banking passwords
http://www.securityfocus.com/news/11572?ref=rss
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
In business
NewsFactor - Facebook and Twitter users are under attack by cybercriminals -- and the incidents are rising, Sophos says in its its 2010 Security Threat Report released Monday. In the past 12 months, Sophos says, cybercriminals have focused more attacks on social-network users. Spam and malware are leading the charge.
Hack Brings Mac OS X to the Nokia N900 (PC World)
In technology
PC World - Have you ever wanted to run a full-blown copy of Mac OS X on your mobile device? One hacker has managed to get Apple's operating system running on a smartphone, and it's not the iPhone.
"Alarming" rise in cyberattacks at social networks: Sophos (AFP)
In us
AFP - There has been an "alarming" rise in spammers and hackers hunting for victims at online social networks, according to a report released Monday by computer security firm Sophos.
Cyber crooks cashing in on iPad frenzy (AFP)
In technology
AFP - Hackers and scammers are cashing in on iPad fever by luring the curious to booby-trapped websites with false promises of information about Apple's new tablet computer.
Google attack highlights 'zero-day' black market (AP)
In technology
AP - The recent hacking attack that prompted Google's threat to leave China is underscoring the heightened dangers of previously undisclosed computer security flaws — and renewing debate over buying and selling information about them in the black market.
Apple iPad Spam, Security Concerns Grow (PC Magazine)
In technology
PC Magazine - Apple-related spam has increased by 30 percent following the announcement of Apple's much-publicized new iPad. But there's another problem: iWork invites third-party documents into the iPad, but the iPhone OS limits what anti-virus vendors can do.
McAfee Warns of Cyberattacks on Critical Infrastructure (NewsFactor)
In business
NewsFactor - On Thursday, McAfee shed light on the cost and impact of cyberattacks on critical infrastructures such as electrical grids, oil and gas production, telecommunications and transportation networks. More than half of 600 IT security executives from critical infrastructure enterprises worldwide report large-scale attacks or infiltrations from organized crime, terrorists or nation-states.
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
Is Internet Explorer Inherently Insecure?
By deb@shinder.net (Deb Shinder)
Taking a look beyond the sensationalized headlines about IE browser security whilst asking whether switching will really keep you safe from attack.
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Traffic Talk 9 Posted
By Richard Bejtlich
I just noticed that my 9th edition of Traffic Talk, titled Testing Snort with Metasploit, was posted. From the article:
Security and networking service providers are often asked whether their solutions are working as expected. Two years ago, I wrote How to test Snort, which concentrated on reasons for testing and ways to avoid doing poor testing. In this article, prompted by recent discussions among networking professionals, I show how to combine several tools in a scenario where I test Snort with Metasploit.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Two Dimensional Thinking and APT
By Richard Bejtlich
I expect many readers will recognize the image at left as representing part of the final space battle in Star Trek II: The Wrath of Khan. During this battle, Kirk and Spock realize Khan's tactics are limited. Khan is treating the battle like it is occuring on the open seas, not in space. Spock says:
He is intelligent, but not experienced. His pattern indicates two-dimensional thinking.
I though this quote could describe many of the advanced persistent threat critics, particularly those who claim "it's just espionage" or "there's nothing new about this." Consider this one last argument to change your mind. (Ha, like that will happen. For everyone else, this is how I arrive at my conclusions.)
I think the problem is APT critics are thinking in one or two dimensions at most, when really this issue has at least five. When you only consider one or two dimensions, of course the problem looks like nothing new. When you take a more complete look, it's new.
- Offender. We know who the attacker is, and like many of you, I know this is not their first activity against foreign targets. I visited the country as an active duty Air Force intelligence officer in 1999. I got all the briefings, etc. etc. This is not the first time I've seen network activity from them. Wonderful.
- Defender. We know the offender has targeted national governments and militaries, like any nation-state might. What's different about APT is the breadth of their target base. Some criticize the Mandiant report for saying:
The APT isn't just a government problem; it isn't just a defense contractor problem. The APT is everyone's problem. No target is too small, or too obscure, or too well-defended. No organization is too large, two well-known, or too vulnerable. It's not spy-versus-spy espionage. It's spy-versus-everyone.
The phrasing here may be misleading (i.e., APT is not attacking my dry cleaner) but the point is valid. Looking over the APT target list, the victims cover a broad sweep of organizations. This is certainly new.
- Means. Let's talk espionage for a moment. Not everyone has the means to be a spy. You probably heard how effective the idiots who tried bugging Senator Landrieu's office were. With computer network exploitation (at the very least), those with sufficient knowledge and connectivity can operate at nearly the same level as a professional spy. You don't have to spend nearly as much time teaching tradecraft for CNE, compared to spycraft. You can often hire someone with private experience as a red teamer/pen tester and then just introduce them to your SOPs. Try hiring someone who has privately learned national-level spycraft.
- Motive. Besides "offender," this is the second of the two dimensions that APT critics tend to fixate upon. Yes, bad people have tried to spy on other people for thousands of years. However, in some respects even this is new, because the offender has his hands in so many aspects of the victim's centers of power. APT doesn't only want military secrets; it wants diplomatic, AND economic, AND cultural, AND...
- Opportunity. Connectivity creates opportunity in the digital realm. Again, contrast the digital world with the analog world of espionage. It takes a decent amount of work to prepare, insert, handle, and remove human spies. The digital equivalent is unfortunately still trivial in comparison.
To summarize, I think a lot of APT critics are focused on offender and motive, and ignore defender, means, and opportunity. When you expand beyond two-dimensional thinking, you'll see that APT is indeed new, without even considering technical aspects.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Example of Threat-Centric Security
By Richard Bejtlich
In my last post I mentioned the need to take threat-centric approaches to advanced persistent threat. No sooner than I had posted those thoughts do I read this:
Beijing 'strongly indignant' about U.S.-Taiwan arms sale
The Obama administration announced the sale Friday of $6 billion worth of Patriot anti-missile systems, helicopters, mine-sweeping ships and communications equipment to Taiwan in a long-expected move that sparked an angry protest from China.
In a strongly worded statement on Saturday, China's Defense Ministry suspended military exchanges with the United States and summoned the U.S. defense attache to lodge a "solemn protest" over the sale, the official Xinhua news agency reported.
"Considering the severe harm and odious effect of U.S. arms sales to Taiwan, the Chinese side has decided to suspend planned mutual military visits," Xinhua quoted the ministry as saying. The Foreign Ministry said China also would put sanctions on U.S. companies supplying the equipment.
It would have been interesting if the Obama administration had announced its arms sale in these terms:
"Considering the severe harm and odious effect of the advanced peristent threat, the American side has decided to sell the following arms to Taiwan."
It's time for the information security community to realize this problem is well outside our capability to really make a difference, without help from our governments.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Mandiant M-Trends on APT
By Richard Bejtlich
If you want to read a concise yet informative and clue-backed report on advanced persistent threat, I recommend completing this form to receive the first Mandiant M-Trends report.
Mandiant occupies a unique position with respect to this problem because they are one of only two security service companies with substantial counter-APT consulting experience.
You may read blog posts and commentary from other security service providers who either 1) suddenly claim counter-APT expertise or 2) deride "APT" as just a marketing term, or FUD, or some other term to hide their inexperience with this problem. The fact remains that, when organizations meet in closed forums to do real work on this problem, the names and faces are fairly constant. They don't include those trying to make an APT "splash" or those pretending APT is not a real problem.
Mandiant finishes its report with the following statement:
[T]his is a war of attrition against an enemy with extensive resources. It is a long fight, one that never ends. You will never declare victory.
I can already hear the skeptics saying "It never ends, so you can keep paying Mandiant consulting fees!" or "It never ends, so you can keep upgrading security products!" You're wrong, but nothing I say will convince some of you. The fact of the matter is that until the threat is addressed at the nation-state to nation-state level, victim organizations will continue to remain victims. This is not a problem that is going to be solved by victims better defending themselves. The cost is simply too great to take a vulnerability-centric approach. We need a threat-centric approach, where those with the authority to apply pressure on the threat are allowed to do so, using a variety of instruments of national power. This is the unfortunate reality of the conflict in which we are now engaged.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
http://www.securityfocus.com/news/11573?ref=rss
Most consumers reuse banking passwords
http://www.securityfocus.com/news/11572?ref=rss
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
In us
AFP - There has been an "alarming" rise in spammers and hackers hunting for victims at online social networks, according to a report released Monday by computer security firm Sophos.Cyber crooks cashing in on iPad frenzy (AFP)
In technology
AFP - Hackers and scammers are cashing in on iPad fever by luring the curious to booby-trapped websites with false promises of information about Apple's new tablet computer.
Google attack highlights 'zero-day' black market (AP)
In technology
AP - The recent hacking attack that prompted Google's threat to leave China is underscoring the heightened dangers of previously undisclosed computer security flaws — and renewing debate over buying and selling information about them in the black market.
Apple iPad Spam, Security Concerns Grow (PC Magazine)
In technology
PC Magazine - Apple-related spam has increased by 30 percent following the announcement of Apple's much-publicized new iPad. But there's another problem: iWork invites third-party documents into the iPad, but the iPhone OS limits what anti-virus vendors can do.
McAfee Warns of Cyberattacks on Critical Infrastructure (NewsFactor)
In business
NewsFactor - On Thursday, McAfee shed light on the cost and impact of cyberattacks on critical infrastructures such as electrical grids, oil and gas production, telecommunications and transportation networks. More than half of 600 IT security executives from critical infrastructure enterprises worldwide report large-scale attacks or infiltrations from organized crime, terrorists or nation-states.
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
Is Internet Explorer Inherently Insecure?
By deb@shinder.net (Deb Shinder)
Taking a look beyond the sensationalized headlines about IE browser security whilst asking whether switching will really keep you safe from attack.
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Traffic Talk 9 Posted
By Richard Bejtlich
I just noticed that my 9th edition of Traffic Talk, titled Testing Snort with Metasploit, was posted. From the article:
Security and networking service providers are often asked whether their solutions are working as expected. Two years ago, I wrote How to test Snort, which concentrated on reasons for testing and ways to avoid doing poor testing. In this article, prompted by recent discussions among networking professionals, I show how to combine several tools in a scenario where I test Snort with Metasploit.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Two Dimensional Thinking and APT
By Richard Bejtlich
I expect many readers will recognize the image at left as representing part of the final space battle in Star Trek II: The Wrath of Khan. During this battle, Kirk and Spock realize Khan's tactics are limited. Khan is treating the battle like it is occuring on the open seas, not in space. Spock says:
He is intelligent, but not experienced. His pattern indicates two-dimensional thinking.
I though this quote could describe many of the advanced persistent threat critics, particularly those who claim "it's just espionage" or "there's nothing new about this." Consider this one last argument to change your mind. (Ha, like that will happen. For everyone else, this is how I arrive at my conclusions.)
I think the problem is APT critics are thinking in one or two dimensions at most, when really this issue has at least five. When you only consider one or two dimensions, of course the problem looks like nothing new. When you take a more complete look, it's new.
- Offender. We know who the attacker is, and like many of you, I know this is not their first activity against foreign targets. I visited the country as an active duty Air Force intelligence officer in 1999. I got all the briefings, etc. etc. This is not the first time I've seen network activity from them. Wonderful.
- Defender. We know the offender has targeted national governments and militaries, like any nation-state might. What's different about APT is the breadth of their target base. Some criticize the Mandiant report for saying:
The APT isn't just a government problem; it isn't just a defense contractor problem. The APT is everyone's problem. No target is too small, or too obscure, or too well-defended. No organization is too large, two well-known, or too vulnerable. It's not spy-versus-spy espionage. It's spy-versus-everyone.
The phrasing here may be misleading (i.e., APT is not attacking my dry cleaner) but the point is valid. Looking over the APT target list, the victims cover a broad sweep of organizations. This is certainly new.
- Means. Let's talk espionage for a moment. Not everyone has the means to be a spy. You probably heard how effective the idiots who tried bugging Senator Landrieu's office were. With computer network exploitation (at the very least), those with sufficient knowledge and connectivity can operate at nearly the same level as a professional spy. You don't have to spend nearly as much time teaching tradecraft for CNE, compared to spycraft. You can often hire someone with private experience as a red teamer/pen tester and then just introduce them to your SOPs. Try hiring someone who has privately learned national-level spycraft.
- Motive. Besides "offender," this is the second of the two dimensions that APT critics tend to fixate upon. Yes, bad people have tried to spy on other people for thousands of years. However, in some respects even this is new, because the offender has his hands in so many aspects of the victim's centers of power. APT doesn't only want military secrets; it wants diplomatic, AND economic, AND cultural, AND...
- Opportunity. Connectivity creates opportunity in the digital realm. Again, contrast the digital world with the analog world of espionage. It takes a decent amount of work to prepare, insert, handle, and remove human spies. The digital equivalent is unfortunately still trivial in comparison.
To summarize, I think a lot of APT critics are focused on offender and motive, and ignore defender, means, and opportunity. When you expand beyond two-dimensional thinking, you'll see that APT is indeed new, without even considering technical aspects.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Example of Threat-Centric Security
By Richard Bejtlich
In my last post I mentioned the need to take threat-centric approaches to advanced persistent threat. No sooner than I had posted those thoughts do I read this:
Beijing 'strongly indignant' about U.S.-Taiwan arms sale
The Obama administration announced the sale Friday of $6 billion worth of Patriot anti-missile systems, helicopters, mine-sweeping ships and communications equipment to Taiwan in a long-expected move that sparked an angry protest from China.
In a strongly worded statement on Saturday, China's Defense Ministry suspended military exchanges with the United States and summoned the U.S. defense attache to lodge a "solemn protest" over the sale, the official Xinhua news agency reported.
"Considering the severe harm and odious effect of U.S. arms sales to Taiwan, the Chinese side has decided to suspend planned mutual military visits," Xinhua quoted the ministry as saying. The Foreign Ministry said China also would put sanctions on U.S. companies supplying the equipment.
It would have been interesting if the Obama administration had announced its arms sale in these terms:
"Considering the severe harm and odious effect of the advanced peristent threat, the American side has decided to sell the following arms to Taiwan."
It's time for the information security community to realize this problem is well outside our capability to really make a difference, without help from our governments.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Mandiant M-Trends on APT
By Richard Bejtlich
If you want to read a concise yet informative and clue-backed report on advanced persistent threat, I recommend completing this form to receive the first Mandiant M-Trends report.
Mandiant occupies a unique position with respect to this problem because they are one of only two security service companies with substantial counter-APT consulting experience.
You may read blog posts and commentary from other security service providers who either 1) suddenly claim counter-APT expertise or 2) deride "APT" as just a marketing term, or FUD, or some other term to hide their inexperience with this problem. The fact remains that, when organizations meet in closed forums to do real work on this problem, the names and faces are fairly constant. They don't include those trying to make an APT "splash" or those pretending APT is not a real problem.
Mandiant finishes its report with the following statement:
[T]his is a war of attrition against an enemy with extensive resources. It is a long fight, one that never ends. You will never declare victory.
I can already hear the skeptics saying "It never ends, so you can keep paying Mandiant consulting fees!" or "It never ends, so you can keep upgrading security products!" You're wrong, but nothing I say will convince some of you. The fact of the matter is that until the threat is addressed at the nation-state to nation-state level, victim organizations will continue to remain victims. This is not a problem that is going to be solved by victims better defending themselves. The cost is simply too great to take a vulnerability-centric approach. We need a threat-centric approach, where those with the authority to apply pressure on the threat are allowed to do so, using a variety of instruments of national power. This is the unfortunate reality of the conflict in which we are now engaged.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
http://www.securityfocus.com/news/11573?ref=rss
Most consumers reuse banking passwords
http://www.securityfocus.com/news/11572?ref=rss
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
AFP - Hackers and scammers are cashing in on iPad fever by luring the curious to booby-trapped websites with false promises of information about Apple's new tablet computer.In technology
AP - The recent hacking attack that prompted Google's threat to leave China is underscoring the heightened dangers of previously undisclosed computer security flaws — and renewing debate over buying and selling information about them in the black market.Apple iPad Spam, Security Concerns Grow (PC Magazine)
In technology
PC Magazine - Apple-related spam has increased by 30 percent following the announcement of Apple's much-publicized new iPad. But there's another problem: iWork invites third-party documents into the iPad, but the iPhone OS limits what anti-virus vendors can do.
McAfee Warns of Cyberattacks on Critical Infrastructure (NewsFactor)
In business
NewsFactor - On Thursday, McAfee shed light on the cost and impact of cyberattacks on critical infrastructures such as electrical grids, oil and gas production, telecommunications and transportation networks. More than half of 600 IT security executives from critical infrastructure enterprises worldwide report large-scale attacks or infiltrations from organized crime, terrorists or nation-states.
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
Is Internet Explorer Inherently Insecure?
By deb@shinder.net (Deb Shinder)
Taking a look beyond the sensationalized headlines about IE browser security whilst asking whether switching will really keep you safe from attack.
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Traffic Talk 9 Posted
By Richard Bejtlich
I just noticed that my 9th edition of Traffic Talk, titled Testing Snort with Metasploit, was posted. From the article:
Security and networking service providers are often asked whether their solutions are working as expected. Two years ago, I wrote How to test Snort, which concentrated on reasons for testing and ways to avoid doing poor testing. In this article, prompted by recent discussions among networking professionals, I show how to combine several tools in a scenario where I test Snort with Metasploit.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Two Dimensional Thinking and APT
By Richard Bejtlich
I expect many readers will recognize the image at left as representing part of the final space battle in Star Trek II: The Wrath of Khan. During this battle, Kirk and Spock realize Khan's tactics are limited. Khan is treating the battle like it is occuring on the open seas, not in space. Spock says:
He is intelligent, but not experienced. His pattern indicates two-dimensional thinking.
I though this quote could describe many of the advanced persistent threat critics, particularly those who claim "it's just espionage" or "there's nothing new about this." Consider this one last argument to change your mind. (Ha, like that will happen. For everyone else, this is how I arrive at my conclusions.)
I think the problem is APT critics are thinking in one or two dimensions at most, when really this issue has at least five. When you only consider one or two dimensions, of course the problem looks like nothing new. When you take a more complete look, it's new.
- Offender. We know who the attacker is, and like many of you, I know this is not their first activity against foreign targets. I visited the country as an active duty Air Force intelligence officer in 1999. I got all the briefings, etc. etc. This is not the first time I've seen network activity from them. Wonderful.
- Defender. We know the offender has targeted national governments and militaries, like any nation-state might. What's different about APT is the breadth of their target base. Some criticize the Mandiant report for saying:
The APT isn't just a government problem; it isn't just a defense contractor problem. The APT is everyone's problem. No target is too small, or too obscure, or too well-defended. No organization is too large, two well-known, or too vulnerable. It's not spy-versus-spy espionage. It's spy-versus-everyone.
The phrasing here may be misleading (i.e., APT is not attacking my dry cleaner) but the point is valid. Looking over the APT target list, the victims cover a broad sweep of organizations. This is certainly new.
- Means. Let's talk espionage for a moment. Not everyone has the means to be a spy. You probably heard how effective the idiots who tried bugging Senator Landrieu's office were. With computer network exploitation (at the very least), those with sufficient knowledge and connectivity can operate at nearly the same level as a professional spy. You don't have to spend nearly as much time teaching tradecraft for CNE, compared to spycraft. You can often hire someone with private experience as a red teamer/pen tester and then just introduce them to your SOPs. Try hiring someone who has privately learned national-level spycraft.
- Motive. Besides "offender," this is the second of the two dimensions that APT critics tend to fixate upon. Yes, bad people have tried to spy on other people for thousands of years. However, in some respects even this is new, because the offender has his hands in so many aspects of the victim's centers of power. APT doesn't only want military secrets; it wants diplomatic, AND economic, AND cultural, AND...
- Opportunity. Connectivity creates opportunity in the digital realm. Again, contrast the digital world with the analog world of espionage. It takes a decent amount of work to prepare, insert, handle, and remove human spies. The digital equivalent is unfortunately still trivial in comparison.
To summarize, I think a lot of APT critics are focused on offender and motive, and ignore defender, means, and opportunity. When you expand beyond two-dimensional thinking, you'll see that APT is indeed new, without even considering technical aspects.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Example of Threat-Centric Security
By Richard Bejtlich
In my last post I mentioned the need to take threat-centric approaches to advanced persistent threat. No sooner than I had posted those thoughts do I read this:
Beijing 'strongly indignant' about U.S.-Taiwan arms sale
The Obama administration announced the sale Friday of $6 billion worth of Patriot anti-missile systems, helicopters, mine-sweeping ships and communications equipment to Taiwan in a long-expected move that sparked an angry protest from China.
In a strongly worded statement on Saturday, China's Defense Ministry suspended military exchanges with the United States and summoned the U.S. defense attache to lodge a "solemn protest" over the sale, the official Xinhua news agency reported.
"Considering the severe harm and odious effect of U.S. arms sales to Taiwan, the Chinese side has decided to suspend planned mutual military visits," Xinhua quoted the ministry as saying. The Foreign Ministry said China also would put sanctions on U.S. companies supplying the equipment.
It would have been interesting if the Obama administration had announced its arms sale in these terms:
"Considering the severe harm and odious effect of the advanced peristent threat, the American side has decided to sell the following arms to Taiwan."
It's time for the information security community to realize this problem is well outside our capability to really make a difference, without help from our governments.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Mandiant M-Trends on APT
By Richard Bejtlich
If you want to read a concise yet informative and clue-backed report on advanced persistent threat, I recommend completing this form to receive the first Mandiant M-Trends report.
Mandiant occupies a unique position with respect to this problem because they are one of only two security service companies with substantial counter-APT consulting experience.
You may read blog posts and commentary from other security service providers who either 1) suddenly claim counter-APT expertise or 2) deride "APT" as just a marketing term, or FUD, or some other term to hide their inexperience with this problem. The fact remains that, when organizations meet in closed forums to do real work on this problem, the names and faces are fairly constant. They don't include those trying to make an APT "splash" or those pretending APT is not a real problem.
Mandiant finishes its report with the following statement:
[T]his is a war of attrition against an enemy with extensive resources. It is a long fight, one that never ends. You will never declare victory.
I can already hear the skeptics saying "It never ends, so you can keep paying Mandiant consulting fees!" or "It never ends, so you can keep upgrading security products!" You're wrong, but nothing I say will convince some of you. The fact of the matter is that until the threat is addressed at the nation-state to nation-state level, victim organizations will continue to remain victims. This is not a problem that is going to be solved by victims better defending themselves. The cost is simply too great to take a vulnerability-centric approach. We need a threat-centric approach, where those with the authority to apply pressure on the threat are allowed to do so, using a variety of instruments of national power. This is the unfortunate reality of the conflict in which we are now engaged.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
http://www.securityfocus.com/news/11573?ref=rss
Most consumers reuse banking passwords
http://www.securityfocus.com/news/11572?ref=rss
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
In business
NewsFactor - On Thursday, McAfee shed light on the cost and impact of cyberattacks on critical infrastructures such as electrical grids, oil and gas production, telecommunications and transportation networks. More than half of 600 IT security executives from critical infrastructure enterprises worldwide report large-scale attacks or infiltrations from organized crime, terrorists or nation-states.
WindowSecurity.com
WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.
Is Internet Explorer Inherently Insecure?
By deb@shinder.net (Deb Shinder)
Taking a look beyond the sensationalized headlines about IE browser security whilst asking whether switching will really keep you safe from attack.
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Traffic Talk 9 Posted
By Richard Bejtlich
I just noticed that my 9th edition of Traffic Talk, titled Testing Snort with Metasploit, was posted. From the article:
Security and networking service providers are often asked whether their solutions are working as expected. Two years ago, I wrote How to test Snort, which concentrated on reasons for testing and ways to avoid doing poor testing. In this article, prompted by recent discussions among networking professionals, I show how to combine several tools in a scenario where I test Snort with Metasploit.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Two Dimensional Thinking and APT
By Richard Bejtlich
I expect many readers will recognize the image at left as representing part of the final space battle in Star Trek II: The Wrath of Khan. During this battle, Kirk and Spock realize Khan's tactics are limited. Khan is treating the battle like it is occuring on the open seas, not in space. Spock says:
He is intelligent, but not experienced. His pattern indicates two-dimensional thinking.
I though this quote could describe many of the advanced persistent threat critics, particularly those who claim "it's just espionage" or "there's nothing new about this." Consider this one last argument to change your mind. (Ha, like that will happen. For everyone else, this is how I arrive at my conclusions.)
I think the problem is APT critics are thinking in one or two dimensions at most, when really this issue has at least five. When you only consider one or two dimensions, of course the problem looks like nothing new. When you take a more complete look, it's new.
- Offender. We know who the attacker is, and like many of you, I know this is not their first activity against foreign targets. I visited the country as an active duty Air Force intelligence officer in 1999. I got all the briefings, etc. etc. This is not the first time I've seen network activity from them. Wonderful.
- Defender. We know the offender has targeted national governments and militaries, like any nation-state might. What's different about APT is the breadth of their target base. Some criticize the Mandiant report for saying:
The APT isn't just a government problem; it isn't just a defense contractor problem. The APT is everyone's problem. No target is too small, or too obscure, or too well-defended. No organization is too large, two well-known, or too vulnerable. It's not spy-versus-spy espionage. It's spy-versus-everyone.
The phrasing here may be misleading (i.e., APT is not attacking my dry cleaner) but the point is valid. Looking over the APT target list, the victims cover a broad sweep of organizations. This is certainly new.
- Means. Let's talk espionage for a moment. Not everyone has the means to be a spy. You probably heard how effective the idiots who tried bugging Senator Landrieu's office were. With computer network exploitation (at the very least), those with sufficient knowledge and connectivity can operate at nearly the same level as a professional spy. You don't have to spend nearly as much time teaching tradecraft for CNE, compared to spycraft. You can often hire someone with private experience as a red teamer/pen tester and then just introduce them to your SOPs. Try hiring someone who has privately learned national-level spycraft.
- Motive. Besides "offender," this is the second of the two dimensions that APT critics tend to fixate upon. Yes, bad people have tried to spy on other people for thousands of years. However, in some respects even this is new, because the offender has his hands in so many aspects of the victim's centers of power. APT doesn't only want military secrets; it wants diplomatic, AND economic, AND cultural, AND...
- Opportunity. Connectivity creates opportunity in the digital realm. Again, contrast the digital world with the analog world of espionage. It takes a decent amount of work to prepare, insert, handle, and remove human spies. The digital equivalent is unfortunately still trivial in comparison.
To summarize, I think a lot of APT critics are focused on offender and motive, and ignore defender, means, and opportunity. When you expand beyond two-dimensional thinking, you'll see that APT is indeed new, without even considering technical aspects.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Example of Threat-Centric Security
By Richard Bejtlich
In my last post I mentioned the need to take threat-centric approaches to advanced persistent threat. No sooner than I had posted those thoughts do I read this:
Beijing 'strongly indignant' about U.S.-Taiwan arms sale
The Obama administration announced the sale Friday of $6 billion worth of Patriot anti-missile systems, helicopters, mine-sweeping ships and communications equipment to Taiwan in a long-expected move that sparked an angry protest from China.
In a strongly worded statement on Saturday, China's Defense Ministry suspended military exchanges with the United States and summoned the U.S. defense attache to lodge a "solemn protest" over the sale, the official Xinhua news agency reported.
"Considering the severe harm and odious effect of U.S. arms sales to Taiwan, the Chinese side has decided to suspend planned mutual military visits," Xinhua quoted the ministry as saying. The Foreign Ministry said China also would put sanctions on U.S. companies supplying the equipment.
It would have been interesting if the Obama administration had announced its arms sale in these terms:
"Considering the severe harm and odious effect of the advanced peristent threat, the American side has decided to sell the following arms to Taiwan."
It's time for the information security community to realize this problem is well outside our capability to really make a difference, without help from our governments.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Mandiant M-Trends on APT
By Richard Bejtlich
If you want to read a concise yet informative and clue-backed report on advanced persistent threat, I recommend completing this form to receive the first Mandiant M-Trends report.
Mandiant occupies a unique position with respect to this problem because they are one of only two security service companies with substantial counter-APT consulting experience.
You may read blog posts and commentary from other security service providers who either 1) suddenly claim counter-APT expertise or 2) deride "APT" as just a marketing term, or FUD, or some other term to hide their inexperience with this problem. The fact remains that, when organizations meet in closed forums to do real work on this problem, the names and faces are fairly constant. They don't include those trying to make an APT "splash" or those pretending APT is not a real problem.
Mandiant finishes its report with the following statement:
[T]his is a war of attrition against an enemy with extensive resources. It is a long fight, one that never ends. You will never declare victory.
I can already hear the skeptics saying "It never ends, so you can keep paying Mandiant consulting fees!" or "It never ends, so you can keep upgrading security products!" You're wrong, but nothing I say will convince some of you. The fact of the matter is that until the threat is addressed at the nation-state to nation-state level, victim organizations will continue to remain victims. This is not a problem that is going to be solved by victims better defending themselves. The cost is simply too great to take a vulnerability-centric approach. We need a threat-centric approach, where those with the authority to apply pressure on the threat are allowed to do so, using a variety of instruments of national power. This is the unfortunate reality of the conflict in which we are now engaged.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
http://www.securityfocus.com/news/11573?ref=rss
Most consumers reuse banking passwords
http://www.securityfocus.com/news/11572?ref=rss
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
Is Internet Explorer Inherently Insecure?
By deb@shinder.net (Deb Shinder)
Taking a look beyond the sensationalized headlines about IE browser security whilst asking whether switching will really keep you safe from attack.
TaoSecurity
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Traffic Talk 9 Posted
By Richard Bejtlich
I just noticed that my 9th edition of Traffic Talk, titled Testing Snort with Metasploit, was posted. From the article:
Security and networking service providers are often asked whether their solutions are working as expected. Two years ago, I wrote How to test Snort, which concentrated on reasons for testing and ways to avoid doing poor testing. In this article, prompted by recent discussions among networking professionals, I show how to combine several tools in a scenario where I test Snort with Metasploit.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Two Dimensional Thinking and APT
By Richard Bejtlich
I expect many readers will recognize the image at left as representing part of the final space battle in Star Trek II: The Wrath of Khan. During this battle, Kirk and Spock realize Khan's tactics are limited. Khan is treating the battle like it is occuring on the open seas, not in space. Spock says:
He is intelligent, but not experienced. His pattern indicates two-dimensional thinking.
I though this quote could describe many of the advanced persistent threat critics, particularly those who claim "it's just espionage" or "there's nothing new about this." Consider this one last argument to change your mind. (Ha, like that will happen. For everyone else, this is how I arrive at my conclusions.)
I think the problem is APT critics are thinking in one or two dimensions at most, when really this issue has at least five. When you only consider one or two dimensions, of course the problem looks like nothing new. When you take a more complete look, it's new.
- Offender. We know who the attacker is, and like many of you, I know this is not their first activity against foreign targets. I visited the country as an active duty Air Force intelligence officer in 1999. I got all the briefings, etc. etc. This is not the first time I've seen network activity from them. Wonderful.
- Defender. We know the offender has targeted national governments and militaries, like any nation-state might. What's different about APT is the breadth of their target base. Some criticize the Mandiant report for saying:
The APT isn't just a government problem; it isn't just a defense contractor problem. The APT is everyone's problem. No target is too small, or too obscure, or too well-defended. No organization is too large, two well-known, or too vulnerable. It's not spy-versus-spy espionage. It's spy-versus-everyone.
The phrasing here may be misleading (i.e., APT is not attacking my dry cleaner) but the point is valid. Looking over the APT target list, the victims cover a broad sweep of organizations. This is certainly new.
- Means. Let's talk espionage for a moment. Not everyone has the means to be a spy. You probably heard how effective the idiots who tried bugging Senator Landrieu's office were. With computer network exploitation (at the very least), those with sufficient knowledge and connectivity can operate at nearly the same level as a professional spy. You don't have to spend nearly as much time teaching tradecraft for CNE, compared to spycraft. You can often hire someone with private experience as a red teamer/pen tester and then just introduce them to your SOPs. Try hiring someone who has privately learned national-level spycraft.
- Motive. Besides "offender," this is the second of the two dimensions that APT critics tend to fixate upon. Yes, bad people have tried to spy on other people for thousands of years. However, in some respects even this is new, because the offender has his hands in so many aspects of the victim's centers of power. APT doesn't only want military secrets; it wants diplomatic, AND economic, AND cultural, AND...
- Opportunity. Connectivity creates opportunity in the digital realm. Again, contrast the digital world with the analog world of espionage. It takes a decent amount of work to prepare, insert, handle, and remove human spies. The digital equivalent is unfortunately still trivial in comparison.
To summarize, I think a lot of APT critics are focused on offender and motive, and ignore defender, means, and opportunity. When you expand beyond two-dimensional thinking, you'll see that APT is indeed new, without even considering technical aspects.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Example of Threat-Centric Security
By Richard Bejtlich
In my last post I mentioned the need to take threat-centric approaches to advanced persistent threat. No sooner than I had posted those thoughts do I read this:
Beijing 'strongly indignant' about U.S.-Taiwan arms sale
The Obama administration announced the sale Friday of $6 billion worth of Patriot anti-missile systems, helicopters, mine-sweeping ships and communications equipment to Taiwan in a long-expected move that sparked an angry protest from China.
In a strongly worded statement on Saturday, China's Defense Ministry suspended military exchanges with the United States and summoned the U.S. defense attache to lodge a "solemn protest" over the sale, the official Xinhua news agency reported.
"Considering the severe harm and odious effect of U.S. arms sales to Taiwan, the Chinese side has decided to suspend planned mutual military visits," Xinhua quoted the ministry as saying. The Foreign Ministry said China also would put sanctions on U.S. companies supplying the equipment.
It would have been interesting if the Obama administration had announced its arms sale in these terms:
"Considering the severe harm and odious effect of the advanced peristent threat, the American side has decided to sell the following arms to Taiwan."
It's time for the information security community to realize this problem is well outside our capability to really make a difference, without help from our governments.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Mandiant M-Trends on APT
By Richard Bejtlich
If you want to read a concise yet informative and clue-backed report on advanced persistent threat, I recommend completing this form to receive the first Mandiant M-Trends report.
Mandiant occupies a unique position with respect to this problem because they are one of only two security service companies with substantial counter-APT consulting experience.
You may read blog posts and commentary from other security service providers who either 1) suddenly claim counter-APT expertise or 2) deride "APT" as just a marketing term, or FUD, or some other term to hide their inexperience with this problem. The fact remains that, when organizations meet in closed forums to do real work on this problem, the names and faces are fairly constant. They don't include those trying to make an APT "splash" or those pretending APT is not a real problem.
Mandiant finishes its report with the following statement:
[T]his is a war of attrition against an enemy with extensive resources. It is a long fight, one that never ends. You will never declare victory.
I can already hear the skeptics saying "It never ends, so you can keep paying Mandiant consulting fees!" or "It never ends, so you can keep upgrading security products!" You're wrong, but nothing I say will convince some of you. The fact of the matter is that until the threat is addressed at the nation-state to nation-state level, victim organizations will continue to remain victims. This is not a problem that is going to be solved by victims better defending themselves. The cost is simply too great to take a vulnerability-centric approach. We need a threat-centric approach, where those with the authority to apply pressure on the threat are allowed to do so, using a variety of instruments of national power. This is the unfortunate reality of the conflict in which we are now engaged.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
http://www.securityfocus.com/news/11573?ref=rss
Most consumers reuse banking passwords
http://www.securityfocus.com/news/11572?ref=rss
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.
Traffic Talk 9 Posted
By Richard Bejtlich
I just noticed that my 9th edition of Traffic Talk, titled Testing Snort with Metasploit, was posted. From the article:
Security and networking service providers are often asked whether their solutions are working as expected. Two years ago, I wrote How to test Snort, which concentrated on reasons for testing and ways to avoid doing poor testing. In this article, prompted by recent discussions among networking professionals, I show how to combine several tools in a scenario where I test Snort with Metasploit.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Two Dimensional Thinking and APT
By Richard Bejtlich
I expect many readers will recognize the image at left as representing part of the final space battle in Star Trek II: The Wrath of Khan. During this battle, Kirk and Spock realize Khan's tactics are limited. Khan is treating the battle like it is occuring on the open seas, not in space. Spock says:
He is intelligent, but not experienced. His pattern indicates two-dimensional thinking.
I though this quote could describe many of the advanced persistent threat critics, particularly those who claim "it's just espionage" or "there's nothing new about this." Consider this one last argument to change your mind. (Ha, like that will happen. For everyone else, this is how I arrive at my conclusions.)
I think the problem is APT critics are thinking in one or two dimensions at most, when really this issue has at least five. When you only consider one or two dimensions, of course the problem looks like nothing new. When you take a more complete look, it's new.
- Offender. We know who the attacker is, and like many of you, I know this is not their first activity against foreign targets. I visited the country as an active duty Air Force intelligence officer in 1999. I got all the briefings, etc. etc. This is not the first time I've seen network activity from them. Wonderful.
- Defender. We know the offender has targeted national governments and militaries, like any nation-state might. What's different about APT is the breadth of their target base. Some criticize the Mandiant report for saying:
The APT isn't just a government problem; it isn't just a defense contractor problem. The APT is everyone's problem. No target is too small, or too obscure, or too well-defended. No organization is too large, two well-known, or too vulnerable. It's not spy-versus-spy espionage. It's spy-versus-everyone.
The phrasing here may be misleading (i.e., APT is not attacking my dry cleaner) but the point is valid. Looking over the APT target list, the victims cover a broad sweep of organizations. This is certainly new.
- Means. Let's talk espionage for a moment. Not everyone has the means to be a spy. You probably heard how effective the idiots who tried bugging Senator Landrieu's office were. With computer network exploitation (at the very least), those with sufficient knowledge and connectivity can operate at nearly the same level as a professional spy. You don't have to spend nearly as much time teaching tradecraft for CNE, compared to spycraft. You can often hire someone with private experience as a red teamer/pen tester and then just introduce them to your SOPs. Try hiring someone who has privately learned national-level spycraft.
- Motive. Besides "offender," this is the second of the two dimensions that APT critics tend to fixate upon. Yes, bad people have tried to spy on other people for thousands of years. However, in some respects even this is new, because the offender has his hands in so many aspects of the victim's centers of power. APT doesn't only want military secrets; it wants diplomatic, AND economic, AND cultural, AND...
- Opportunity. Connectivity creates opportunity in the digital realm. Again, contrast the digital world with the analog world of espionage. It takes a decent amount of work to prepare, insert, handle, and remove human spies. The digital equivalent is unfortunately still trivial in comparison.
To summarize, I think a lot of APT critics are focused on offender and motive, and ignore defender, means, and opportunity. When you expand beyond two-dimensional thinking, you'll see that APT is indeed new, without even considering technical aspects.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Example of Threat-Centric Security
By Richard Bejtlich
In my last post I mentioned the need to take threat-centric approaches to advanced persistent threat. No sooner than I had posted those thoughts do I read this:
Beijing 'strongly indignant' about U.S.-Taiwan arms sale
The Obama administration announced the sale Friday of $6 billion worth of Patriot anti-missile systems, helicopters, mine-sweeping ships and communications equipment to Taiwan in a long-expected move that sparked an angry protest from China.
In a strongly worded statement on Saturday, China's Defense Ministry suspended military exchanges with the United States and summoned the U.S. defense attache to lodge a "solemn protest" over the sale, the official Xinhua news agency reported.
"Considering the severe harm and odious effect of U.S. arms sales to Taiwan, the Chinese side has decided to suspend planned mutual military visits," Xinhua quoted the ministry as saying. The Foreign Ministry said China also would put sanctions on U.S. companies supplying the equipment.
It would have been interesting if the Obama administration had announced its arms sale in these terms:
"Considering the severe harm and odious effect of the advanced peristent threat, the American side has decided to sell the following arms to Taiwan."
It's time for the information security community to realize this problem is well outside our capability to really make a difference, without help from our governments.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Mandiant M-Trends on APT
By Richard Bejtlich
If you want to read a concise yet informative and clue-backed report on advanced persistent threat, I recommend completing this form to receive the first Mandiant M-Trends report.
Mandiant occupies a unique position with respect to this problem because they are one of only two security service companies with substantial counter-APT consulting experience.
You may read blog posts and commentary from other security service providers who either 1) suddenly claim counter-APT expertise or 2) deride "APT" as just a marketing term, or FUD, or some other term to hide their inexperience with this problem. The fact remains that, when organizations meet in closed forums to do real work on this problem, the names and faces are fairly constant. They don't include those trying to make an APT "splash" or those pretending APT is not a real problem.
Mandiant finishes its report with the following statement:
[T]his is a war of attrition against an enemy with extensive resources. It is a long fight, one that never ends. You will never declare victory.
I can already hear the skeptics saying "It never ends, so you can keep paying Mandiant consulting fees!" or "It never ends, so you can keep upgrading security products!" You're wrong, but nothing I say will convince some of you. The fact of the matter is that until the threat is addressed at the nation-state to nation-state level, victim organizations will continue to remain victims. This is not a problem that is going to be solved by victims better defending themselves. The cost is simply too great to take a vulnerability-centric approach. We need a threat-centric approach, where those with the authority to apply pressure on the threat are allowed to do so, using a variety of instruments of national power. This is the unfortunate reality of the conflict in which we are now engaged.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
http://www.securityfocus.com/news/11573?ref=rss
Most consumers reuse banking passwords
http://www.securityfocus.com/news/11572?ref=rss
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
By Richard Bejtlich
I just noticed that my 9th edition of Traffic Talk, titled Testing Snort with Metasploit, was posted. From the article:
Security and networking service providers are often asked whether their solutions are working as expected. Two years ago, I wrote How to test Snort, which concentrated on reasons for testing and ways to avoid doing poor testing. In this article, prompted by recent discussions among networking professionals, I show how to combine several tools in a scenario where I test Snort with Metasploit.
Security and networking service providers are often asked whether their solutions are working as expected. Two years ago, I wrote How to test Snort, which concentrated on reasons for testing and ways to avoid doing poor testing. In this article, prompted by recent discussions among networking professionals, I show how to combine several tools in a scenario where I test Snort with Metasploit.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Two Dimensional Thinking and APT
By Richard Bejtlich
I expect many readers will recognize the image at left as representing part of the final space battle in Star Trek II: The Wrath of Khan. During this battle, Kirk and Spock realize Khan's tactics are limited. Khan is treating the battle like it is occuring on the open seas, not in space. Spock says:
He is intelligent, but not experienced. His pattern indicates two-dimensional thinking.
I though this quote could describe many of the advanced persistent threat critics, particularly those who claim "it's just espionage" or "there's nothing new about this." Consider this one last argument to change your mind. (Ha, like that will happen. For everyone else, this is how I arrive at my conclusions.)
I think the problem is APT critics are thinking in one or two dimensions at most, when really this issue has at least five. When you only consider one or two dimensions, of course the problem looks like nothing new. When you take a more complete look, it's new.
- Offender. We know who the attacker is, and like many of you, I know this is not their first activity against foreign targets. I visited the country as an active duty Air Force intelligence officer in 1999. I got all the briefings, etc. etc. This is not the first time I've seen network activity from them. Wonderful.
- Defender. We know the offender has targeted national governments and militaries, like any nation-state might. What's different about APT is the breadth of their target base. Some criticize the Mandiant report for saying:
The APT isn't just a government problem; it isn't just a defense contractor problem. The APT is everyone's problem. No target is too small, or too obscure, or too well-defended. No organization is too large, two well-known, or too vulnerable. It's not spy-versus-spy espionage. It's spy-versus-everyone.
The phrasing here may be misleading (i.e., APT is not attacking my dry cleaner) but the point is valid. Looking over the APT target list, the victims cover a broad sweep of organizations. This is certainly new.
- Means. Let's talk espionage for a moment. Not everyone has the means to be a spy. You probably heard how effective the idiots who tried bugging Senator Landrieu's office were. With computer network exploitation (at the very least), those with sufficient knowledge and connectivity can operate at nearly the same level as a professional spy. You don't have to spend nearly as much time teaching tradecraft for CNE, compared to spycraft. You can often hire someone with private experience as a red teamer/pen tester and then just introduce them to your SOPs. Try hiring someone who has privately learned national-level spycraft.
- Motive. Besides "offender," this is the second of the two dimensions that APT critics tend to fixate upon. Yes, bad people have tried to spy on other people for thousands of years. However, in some respects even this is new, because the offender has his hands in so many aspects of the victim's centers of power. APT doesn't only want military secrets; it wants diplomatic, AND economic, AND cultural, AND...
- Opportunity. Connectivity creates opportunity in the digital realm. Again, contrast the digital world with the analog world of espionage. It takes a decent amount of work to prepare, insert, handle, and remove human spies. The digital equivalent is unfortunately still trivial in comparison.
To summarize, I think a lot of APT critics are focused on offender and motive, and ignore defender, means, and opportunity. When you expand beyond two-dimensional thinking, you'll see that APT is indeed new, without even considering technical aspects.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Example of Threat-Centric Security
By Richard Bejtlich
In my last post I mentioned the need to take threat-centric approaches to advanced persistent threat. No sooner than I had posted those thoughts do I read this:
Beijing 'strongly indignant' about U.S.-Taiwan arms sale
The Obama administration announced the sale Friday of $6 billion worth of Patriot anti-missile systems, helicopters, mine-sweeping ships and communications equipment to Taiwan in a long-expected move that sparked an angry protest from China.
In a strongly worded statement on Saturday, China's Defense Ministry suspended military exchanges with the United States and summoned the U.S. defense attache to lodge a "solemn protest" over the sale, the official Xinhua news agency reported.
"Considering the severe harm and odious effect of U.S. arms sales to Taiwan, the Chinese side has decided to suspend planned mutual military visits," Xinhua quoted the ministry as saying. The Foreign Ministry said China also would put sanctions on U.S. companies supplying the equipment.
It would have been interesting if the Obama administration had announced its arms sale in these terms:
"Considering the severe harm and odious effect of the advanced peristent threat, the American side has decided to sell the following arms to Taiwan."
It's time for the information security community to realize this problem is well outside our capability to really make a difference, without help from our governments.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Mandiant M-Trends on APT
By Richard Bejtlich
If you want to read a concise yet informative and clue-backed report on advanced persistent threat, I recommend completing this form to receive the first Mandiant M-Trends report.
Mandiant occupies a unique position with respect to this problem because they are one of only two security service companies with substantial counter-APT consulting experience.
You may read blog posts and commentary from other security service providers who either 1) suddenly claim counter-APT expertise or 2) deride "APT" as just a marketing term, or FUD, or some other term to hide their inexperience with this problem. The fact remains that, when organizations meet in closed forums to do real work on this problem, the names and faces are fairly constant. They don't include those trying to make an APT "splash" or those pretending APT is not a real problem.
Mandiant finishes its report with the following statement:
[T]his is a war of attrition against an enemy with extensive resources. It is a long fight, one that never ends. You will never declare victory.
I can already hear the skeptics saying "It never ends, so you can keep paying Mandiant consulting fees!" or "It never ends, so you can keep upgrading security products!" You're wrong, but nothing I say will convince some of you. The fact of the matter is that until the threat is addressed at the nation-state to nation-state level, victim organizations will continue to remain victims. This is not a problem that is going to be solved by victims better defending themselves. The cost is simply too great to take a vulnerability-centric approach. We need a threat-centric approach, where those with the authority to apply pressure on the threat are allowed to do so, using a variety of instruments of national power. This is the unfortunate reality of the conflict in which we are now engaged.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
http://www.securityfocus.com/news/11573?ref=rss
Most consumers reuse banking passwords
http://www.securityfocus.com/news/11572?ref=rss
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
I expect many readers will recognize the image at left as representing part of the final space battle in Star Trek II: The Wrath of Khan. During this battle, Kirk and Spock realize Khan's tactics are limited. Khan is treating the battle like it is occuring on the open seas, not in space. Spock says: He is intelligent, but not experienced. His pattern indicates two-dimensional thinking.
I though this quote could describe many of the advanced persistent threat critics, particularly those who claim "it's just espionage" or "there's nothing new about this." Consider this one last argument to change your mind. (Ha, like that will happen. For everyone else, this is how I arrive at my conclusions.)
I think the problem is APT critics are thinking in one or two dimensions at most, when really this issue has at least five. When you only consider one or two dimensions, of course the problem looks like nothing new. When you take a more complete look, it's new.
The APT isn't just a government problem; it isn't just a defense contractor problem. The APT is everyone's problem. No target is too small, or too obscure, or too well-defended. No organization is too large, two well-known, or too vulnerable. It's not spy-versus-spy espionage. It's spy-versus-everyone.
The phrasing here may be misleading (i.e., APT is not attacking my dry cleaner) but the point is valid. Looking over the APT target list, the victims cover a broad sweep of organizations. This is certainly new.
To summarize, I think a lot of APT critics are focused on offender and motive, and ignore defender, means, and opportunity. When you expand beyond two-dimensional thinking, you'll see that APT is indeed new, without even considering technical aspects.
By Richard Bejtlich
In my last post I mentioned the need to take threat-centric approaches to advanced persistent threat. No sooner than I had posted those thoughts do I read this: Beijing 'strongly indignant' about U.S.-Taiwan arms sale
The Obama administration announced the sale Friday of $6 billion worth of Patriot anti-missile systems, helicopters, mine-sweeping ships and communications equipment to Taiwan in a long-expected move that sparked an angry protest from China.
In a strongly worded statement on Saturday, China's Defense Ministry suspended military exchanges with the United States and summoned the U.S. defense attache to lodge a "solemn protest" over the sale, the official Xinhua news agency reported.
"Considering the severe harm and odious effect of U.S. arms sales to Taiwan, the Chinese side has decided to suspend planned mutual military visits," Xinhua quoted the ministry as saying. The Foreign Ministry said China also would put sanctions on U.S. companies supplying the equipment.
It would have been interesting if the Obama administration had announced its arms sale in these terms:
"Considering the severe harm and odious effect of the advanced peristent threat, the American side has decided to sell the following arms to Taiwan."
It's time for the information security community to realize this problem is well outside our capability to really make a difference, without help from our governments.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
Mandiant M-Trends on APT
By Richard Bejtlich
If you want to read a concise yet informative and clue-backed report on advanced persistent threat, I recommend completing this form to receive the first Mandiant M-Trends report.
Mandiant occupies a unique position with respect to this problem because they are one of only two security service companies with substantial counter-APT consulting experience.
You may read blog posts and commentary from other security service providers who either 1) suddenly claim counter-APT expertise or 2) deride "APT" as just a marketing term, or FUD, or some other term to hide their inexperience with this problem. The fact remains that, when organizations meet in closed forums to do real work on this problem, the names and faces are fairly constant. They don't include those trying to make an APT "splash" or those pretending APT is not a real problem.
Mandiant finishes its report with the following statement:
[T]his is a war of attrition against an enemy with extensive resources. It is a long fight, one that never ends. You will never declare victory.
I can already hear the skeptics saying "It never ends, so you can keep paying Mandiant consulting fees!" or "It never ends, so you can keep upgrading security products!" You're wrong, but nothing I say will convince some of you. The fact of the matter is that until the threat is addressed at the nation-state to nation-state level, victim organizations will continue to remain victims. This is not a problem that is going to be solved by victims better defending themselves. The cost is simply too great to take a vulnerability-centric approach. We need a threat-centric approach, where those with the authority to apply pressure on the threat are allowed to do so, using a variety of instruments of national power. This is the unfortunate reality of the conflict in which we are now engaged.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
http://www.securityfocus.com/news/11573?ref=rss
Most consumers reuse banking passwords
http://www.securityfocus.com/news/11572?ref=rss
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
If you want to read a concise yet informative and clue-backed report on advanced persistent threat, I recommend completing this form to receive the first Mandiant M-Trends report. Mandiant occupies a unique position with respect to this problem because they are one of only two security service companies with substantial counter-APT consulting experience.
You may read blog posts and commentary from other security service providers who either 1) suddenly claim counter-APT expertise or 2) deride "APT" as just a marketing term, or FUD, or some other term to hide their inexperience with this problem. The fact remains that, when organizations meet in closed forums to do real work on this problem, the names and faces are fairly constant. They don't include those trying to make an APT "splash" or those pretending APT is not a real problem.
Mandiant finishes its report with the following statement:
[T]his is a war of attrition against an enemy with extensive resources. It is a long fight, one that never ends. You will never declare victory.
I can already hear the skeptics saying "It never ends, so you can keep paying Mandiant consulting fees!" or "It never ends, so you can keep upgrading security products!" You're wrong, but nothing I say will convince some of you. The fact of the matter is that until the threat is addressed at the nation-state to nation-state level, victim organizations will continue to remain victims. This is not a problem that is going to be solved by victims better defending themselves. The cost is simply too great to take a vulnerability-centric approach. We need a threat-centric approach, where those with the authority to apply pressure on the threat are allowed to do so, using a variety of instruments of national power. This is the unfortunate reality of the conflict in which we are now engaged.
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
http://www.securityfocus.com/news/11573?ref=rss
Most consumers reuse banking passwords
http://www.securityfocus.com/news/11572?ref=rss
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
Google offers bounty on browser bugs
http://www.securityfocus.com/news/11573?ref=rss
Most consumers reuse banking passwords
http://www.securityfocus.com/news/11572?ref=rss
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
CIA, PayPal under bizarre SSL assault
Security - RSS Feeds
Security - RSS Feeds
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
Twitter Details Phishing Attacks Behind Password Reset
Officials at Twitter linked the resetting of passwords to malicious torrent sites and other schemes. According to Twitter, the company began its investigation after noticing a surge in followers for certain accounts during the past five days.
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
Older IE Versions Maintain Sizable Market Share Despite Security Concerns
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
- Twitter revealed more details about the phishing attacks that caused the company to reset the passwords on some user accounts Feb. 2. According to Twitter Director of Trust and Safety Del Harvey, there was a sudden surge in followers for certain accounts during the last five days. For that reas...
While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren't taking advantage of the latest browser security protections.
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
- Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector Internet Explorer 6. The attack exploited an HTML object memory corruption vulnerability in IE that Microsoft was notified about in September....
PGP to Acquire TC TrustCenter for Cloud-Based Identity Management
PGP agrees to acquire TC TrustCenter and its parent company, ChosenSecurity, for their on-demand platform for managing trusted identities.
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Researchers Uncover Security Vulnerabilities in Femtocell Technology
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
- PGP has agreed to acquire German security vendor TC TrustCenter and its U.S. parent company, ChosenSecurity, for an undisclosed sum of money. ChosenSecurity and TC TrustCenter provide an on-demand platform for managing trusted identities for encryption, authentication and secure collaborati...
Two Trustwave security consultants report they have uncovered hardware and software vulnerabilities in femtocell devices that can be used to take over the device. The duo will present their findings at the ShmooCon conference in Washington.
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
- Researchers with Trustwave have discovered flaws in the hardware and software of femtocell devices that can allow an attacker to take full control of the miniature cell towers without the user's knowledge. Zack Fasel and Matthew Jakubowski, security consultants with Trustwave's SpiderLabs, will...
Facebook Privacy, Security Fears Grow with Social Network Risks
According to Sophos, 60 percent of businesses consider Facebook the riskiest social networking site, underscoring a new level of wariness for social networks at a time when a researcher from Kaspersky Lab says compromised accounts for Twitter and other sites can go for big bucks in the cyber-underworld.
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
Adobe Flash Security on Menu at Black Hat
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
- Businesses are growing more concerned about the use of social networks, starting with Facebook. According to a survey of 502 IT professionals by Sophos, businesses are seeing more malware and spam, and 60 percent of respondents put Facebook ahead of MySpace, Twitter and LinkedIn as the riskiest so...
A researcher plans to delve into Adobe Flash security at Black Hat DC, spotlighting how poor programming practices and Web architectures can be leveraged to compromise users.
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
- Security vulnerabilities in Adobe Systems applications have increasingly become a popular target for attackers in the past year. At Black Hat DC, Foreground Security Senior Security Researcher Mike Bailey will examine Flashs security model and take a look at some of the ways attackers ca...
Critical Infrastructure Security a Mixed Bag, Report Finds
A new report commissioned by McAfee reveals IT security at critical infrastructure companies is not always as high as some may suspect.
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
Security
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
- A new report from the Center for Strategic and International Studies highlights the financial damage of cyber-attacks on critical infrastructure, but also paints a picture of IT security that is in turns good and bad. The report, "In the Crossfire: Critical Infrastructure in the Age of Cyberwa...
The Art of Technology
Firms worry about social networks, but don't block access
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
By jacqui@arstechnica.com (Jacqui Cheng) on twitter
Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at "alarming" rates over the last 12 months, posing a risk to both users and the companies they work for.
Nearly three-quarters of businesses (72 percent) told Sophos that they're concerned about employee behavior on social networks—and it's not the HR-related behavior they're concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009.
Suckers Victims lost $9.3 billion to 419 scammers in 2009
By jacqui@arstechnica.com (Jacqui Cheng) on security
Advance-fee fraud (AFF), also known as 419 scams and Nigerian scams, exploded in 2009, with victims losing more money than ever before. This is according to the latest analysis from Dutch investigation firm Ultrascan—a company that has been monitoring the activities of 419 scammers since 1996—which says that victims lost almost 50 percent more money in 2009 than 2008.
Considering that 419 scams have been well-known since the 1970s, this trend is particularly disturbing. However, Ultrascan says scammers are expanding their operations and shifting their focus to emerging Internet markets, where there's more fresh meat getting online every day.
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
Microsoft extends SDL program, adds Agile development template
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
By Robert Westervelt
Microsoft is adding support for Agile Development Methodologies to its Security Development Lifecycle program. A simplified SDL white paper is also being introduced.
Google to pay for Chrome browser vulnerabilities
By Robert Westervelt
Google follows Mozilla's FireFox vulnerability reward program, offering a base reward of $500 for eligible browser bugs.
SANS NewsBites
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
All Stories From Vol: 12 - Issue: 8
How The Chinese Attacks Actually Work (January 27, 2010)
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
A report from Mandiant describes how cyber criminals launch sophisticated attacks that penetrate government and corporate computer networks and remain undetected to steal information and monitor activity over lengthy periods of time.......
Malware on Infected Web Pages is Becoming More Sophisticated (January 26, 2010)
According to data compiled by Dasient, 5.......
NARA Data Loss Affects Clinton-Era White House Staff and Visitors (January 27, 2010)
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
The US National Archives and Records Administration (NARA) has sent letters to 250,000 Clinton administration staff and White House staff members and visitors, informing them that their personally identifiable information has been compromised.......
Flaws Found In 3D Secure Credit Card Scheme (January 28, 2010)
University fo Cambridge researchers say 3D Secure (3DS) better known as Verified by Visa and MasterCard SecureCode is fraught with security problems.......
Thomas-Rasset Rejects RIAA's Settlement Offer (January 27, 2010)
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
Just days after a judge reduced the penalties levied against Jammie Thomas-Rasset for illegal file sharing from US $1.......
Google Issues Chrome Update (January 26, 2010)
Google has released an update for its Chrome browser that addresses 13 vulnerabilities that could be exploited to execute arbitrary code on unprotected computers, steal data, create denial-of service conditions, or bypass security restrictions.......
Bank Suing Cyber Theft Victim (January 26, 2010)
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
A bank in Lubbock, Texas is suing one of its customers, Hillary Machinery Inc.......
Attack on IE Exposes Users' Entire Hard Drives (January 26 & 27, 2010)
Microsoft is investigating reports of an attack on Internet Explorer (IE) that can reveal the entire contents of users' hard drives to attackers.......
BlueCross BlueShield of Tennessee Breach is Proving to be Costly (January 26, 2010)
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
A security breach at BlueCross BlueShield of Tennessee has already cost the company more than US $7 million.......
Zimuse Worm May Have Started as a Prank (January 25 & 26, 2010)
The Zimuse.......
Second Man Pleads Guilty in Scientology DDoS Case (January 25, 26 & 27, 2010)
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
Brian Thomas Mettenbrink has admitted to downloading software and using it to help launch a distributed denial-of-service (DDoS) attack against the Church of Scientology's website in January 2008.......
Study Shows That Consumer Awareness of Online Threats is Growing (January 25, 2010)
A study from RSA indicates that consumers are more aware of online security threats than they were two years ago.......
Cisco Secure Desktop Remote XSS Vulnerability, (Tue, Feb 2nd)
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
This vulnerability (CVE-2010-0440) could allow an unauthenticated, remote attacker to conduct cross- ...(more)...
Twitter Mass Password Reset due to Phishing, (Tue, Feb 2nd)
Twitter is sending out a large number of e-mails, asking users to reset their passwords. It appears ...(more)...
New IPv6 Screencast Videos: http://isc.sans.org/ipv6videos (Today: blocking and detecting IPv6 in Linux), (Tue, Feb 2nd)
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
------ Johannes B. Ullrich, Ph ...(more)...
Pushdo Update, (Tue, Feb 2nd)
As mentioned in an older diary [1], www.sans ...(more)...
Adobe ColdFusion Information Disclosure, (Tue, Feb 2nd)
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
Adobe has released information on an important vulnerability (CVE-2010-0185) identified in ColdFusio ...(more)...
NMAP 5.21 - Is UDP Protocol Specific Scanning Important? Why Should I Care?, (Mon, Feb 1st)
Before we address the question, let's discuss how UDP port scanning is typically done. Whe ...(more)...
Got PushDo SSL packets?, (Sat, Jan 30th)
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
Steven Adair over at ShadowServer has posted a blog entry about the strange going's on with the Push ...(more)...
New and updated VMWare advisories, (Sat, Jan 30th)
Today VMware has released the following new and updated security advisories: New - VMSA-2010-00 ...(more)...
BoA Offline?, (Fri, Jan 29th)
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault
The Bank of America web site appears to have been not available for parts of the day today. No ...(more)...
Neo-legacy applications, (Fri, Jan 29th)
A friend of mine wrote in about a problem he has. He provides support to small businesses, one of wh ...(more)...
The Register - Security
Biting the hand that feeds IT
Manchester cops recover from Conficker
Strangeways, here we come
Manchester police were once again able to run inquiries on the Police National Computer on Wednesday morning, after techies purged a Conficker worm infection from the force's network.…
Record year for online tax filing - and phishing mails
Scammers rev up for tax season
Her Majesty's Revenue and Customs is celebrating another record year for online tax returns, over six million people filed online this year.…
Warez backdoor allows hackers to pwn Twitter accounts
Micro-blogging freetards in mass hack attack
Twitter has lifted the lid on its recent advice to many users to reset their passwords for the micro-blogging site.…
Stubborn trojan stashes install file in Windows help
Can't muster rejection
Security researchers have spied malware that stashes a copy of itself in a Windows help file to ensure victim computers remain infected.…
iPhone vulnerable to remote attack on SSL
Beware of rogue config files
Apple's iPhone is vulnerable to exploits that allow an attacker to spoof web pages even when they're protected by the SSL, or secure sockets layer, protocol, a security researcher said.…
Microsoft security dev tools go 'Agile'
Not just for Windows anymore
Microsoft has expanded a key security tool to work with developers of web applications and other software that's developed over rapid and repeated stretches.…
PGP buys tech to offer trusted ID from the cloud
Close friends get to call it TC
PGP Corporation has acquired privately-held TC TrustCenter and its US parent company, ChosenSecurity, as part of plans to offer trusted identity management services from the cloud. Terms of the transaction, announced Tuesday, were not disclosed.…
Manchester cops clobbered by Conficker
PCs' PCs still unplugged from PNC
Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.…
Virgin Media battles privacy campaigners on P2P monitoring
No one's looking at you, alright?
Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy.…
Femtocells wilt under attack
Tiny, tiny, tiny root box danger
Security researchers have turned their attention to femtocells, and have discovered that gaining root on the tiny mobile base stations isn't as hard as one might hope.…
Most consumers reuse banking passwords on other sites
Password recycle fail leaves consumers ripe for harvesting
The majority of online banking customers reuse their online-banking login credentials on other websites, according to a new survey on password insecurity.…
Security firms plot revamp to minimise false alarms
Whitelisted addresses to reside in heavenly cloud
Analysis Increased incidents of false positives have encouraged anti-virus firms to re-evaluate their signature update process.…
Web attacks cripple Russia's biggest indie newspaper
Seven days and counting
The website of Russia's highest-profile independent newspaper on Monday suffered its seventh straight day of crippling denial-of-service attacks by unknown miscreants.…
US state probes breach that exposed data for 80,000
'Dear valued employee:'
A computer database containing the personal details of more than 80,000 employees was penetrated by unknown hackers, according to multiple news agencies, citing Iowa's Racing and Gaming Commission.…
Security bugs reinfect financial giant’s website
Ameriprise and the case of the relapsed XSS
Five months after Ameriprise Financial fixed a bug that could have helped criminals steal user authentication credentials, the financial giant's website is vulnerable again.…
Google yanks IE6 love from web apps
Do as we say, not as we did
Google is pulling IE6 support from Google Apps, its online suite of office applications.…
Britain warns businesses of Chinese 'honey trap'
Sex, spies, and memory sticks
Britain's MI5 security service has accused the Chinese government of engaging in an unusually wide-ranging campaign to breach UK business computer networks, in some cases exploiting sexual relationships to pressure individuals to cooperate.…
Voice crypto fails spark astroturf claims
SecurStar denies running dirty tricks marketing campaign
Doubts have arisen about the integrity of supposedly anonymous tests on the security of voice encryption products.…
UK.gov unmoved by Internet Explorer 6 security concerns
Google, NHS cast off exploited browser
Google and the NHS may soon be ditching support for Internet Explorer 6, but that hasn’t stopped UK government officials from declaring the browser doesn’t give them cause for concern, unlike their French and German counterparts.…
1 in 3 users reviewed Facebook privacy roll-back
Social network heralds 'success'
One in three Facebook users changed their privacy settings in Facebook after the social networking site applied a controversial privacy roll-back and encouraged users to review how much they shared online back in December.…
Firefox-based attack wreaks havoc on IRC users
World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.…
CIA, PayPal under bizarre SSL assault