Hackin9
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Seven basic steps to avoid being 'phished'
The Age
An international hacker was recently found to have more than 10,000 stolen debit and credit card numbers. So, clearly, phishing – the practice of tricking someone into giving bank or credit card information – is rife and plenty of people are falling ...

and more »
 
Amazon.com has added a file-syncing feature to its online storage product, Cloud Drive, putting the service on par with competitors such as Dropbox and Google's Drive.
 
Some of the details surrounding Biz Stone's new Jelly app have just been firmed up: Apparently it will help people "do good."
 
[security bulletin] HPSBUX02860 SSRT101146 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass, Unauthorized Modification and Other Vulnerabilities
 
GNU glibc 'regexec.c' Buffer Overflow Vulnerability
 
Puppet CVE-2013-1654 Security Bypass Vulnerability
 
Microsoft today took another shot at rival Google with an April Fools' Day prank that turned its Bing search engine into a Google look-alike. Google had its own counter-spoof.
 
An electronics and a recycling trade group are looking for ways to reuse recycled cathode ray tube (CRT) glass from computer monitors and television sets, with a US$10,000 prize for the best proposal.
 
Jerald Fishman, a well-respected semiconductor industry executive and CEO of Analog Devices, died last week of a heart attack at age 67.
 
Streaming television service Aereo does not appear to infringe the copyrights of over-the-air TV stations, and a request from several stations to shut down the New York-based service isn't warranted, an appeals court has ruled.
 
The authors of police-themed ransomware have started using the browsing histories from infected computers in order to make their scams more believable, according to an independent malware researcher.
 
 
[SECURITY] [DSA 2656-1] bind9 security update
 
US-CERT Alert TA13-088A: DNS Amplification Attacks
 
Authentication bypass on Netgear WNR1000
 
[waraxe-2013-SA#101] - Update Spoofing Vulnerability in Royal TS 2.1.5
 
Windows 8 last month fell even further behind the historical adoption pace of Windows Vista, Microsoft's 2007 flop, new statistics showed today.
 
Feedly, which today announced it has added more than 3 million new users to its free RSS service since Google decided to retire Reader, said that it plans to offer a paid option this year.
 
[waraxe-2013-SA#100] - Update Spoofing Vulnerability in mRemote 1.50
 
[Suspected Spam] [slackware-security] libssh (SSA:2013-087-01)
 
[security bulletin] HPSBUX02859 SSRT101144 rev.1 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execute Arbitrary Code
 
MailOrderWorks v5.907 - Multiple Web Vulnerabilities
 
BlackBerry plans to release a larger tablet and two phone-tablet combos, or phablets, over the next year, according to a leaked road map presentation slide.
 
Offering Wi-Fi can be a good way to increase return customers and boost revenue in retail stores, hotels, cafes, etc. And it provides convenience for contractors and associates working in corporate offices and conference rooms. Though visitors might have 4G mobile devices or laptops, Wi-Fi can provide a faster, higher quality connection.
 
Novell Sentinel Log Manager Unauthorized Access Vulnerability
 

At the moment Im working on a few projects one of which is looking at SQL injections. What I do not have however is enough samples of web logs especially those with 500 errors in them. If you are able to share you 500 error records, please send them in. Feel free to obfuscate the server IP, but if you could leave the first three octets preferably, but first two are fine as well that would be great.

Please just send them to markh.isc at gmail.com rather than upload them to the contact form as I dont want to flood that address. The results will be published here in a couple of months (anonymised) and If I find anything of interest in your log files, youll be the first to know. So think of this as a free review of your web logs :-)

Thanks in advance.

Mark H
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

March 31st was designated as world backup day (http://www.worldbackupday.com/) with a quite catchy slogan of Dont be ab April fool.

In corporate world backups tend to be taken care of quite nicely by corporate IT, however most of us are now storing significant amounts of data at home. Quite a lot of it has never been backed up, or at least not recently. I had a look earelir today what data I do have backed up and what I do not have backed up. To say that I was a little bit disappointed with myself is an understatement. Most of the critcal work related stuff is all backed up, Kudos to me. However when it comes to music, or photos I stink. It doesnt look like I have backed up as much as I thought I had (fixed now).

So in light of the world backup day have a look at your systems at home and make sure that you have a backup available of the things that are important (or other people will tell you are important) and back them up.

Probably the easiest is to use a removable harddrive, but there are many online options available as well which can be quite attractive. Just remember sucking 30GB from the internet back down to your machine may take some time. Also consider who will have access to your stuff whilst backed up in the cloud. You may want to encrypt the data whilst you are at it.

If you are backing up your stuff, well done. Make sure though that you can get it back again. On occasion I get asked to recover data from drives that have not been used in years and years. Sometimes that is a happy story, many times it is not. Dont forget DVDs also degrade over time, so data stored on those may also ned to be rewritten every few years or so.

For those of you that are the IT help for friends and family, I have your gifts for the year sorted out. Buy them a harddrive so they can back up their stuff. Many now have some backup software included. Or set up an online backup service for friends and family.

Happy backing up.

Mark H
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
BlackBerry plans to release a larger tablet and two phone-tablets, or phablets, over the next year, according to a leaked roadmap presentation slide.
 
IBM InfoSphere DataStage 'LoggingViewAdmin.do' Multiple HTML Injection Vulnerabilities
 
NTT DoCoMo, Japan's largest mobile operator, is building a fleet of truck-based LTE base stations that can be deployed during natural disasters or to support large crowds.
 
No more counting lines of code: Managers look for new ways to assess IT employee performance.
 
Mozilla Firefox/Thunderbird/SeaMonkey Cross Domain Information Disclosure Vulnerability
 
The federal government begins accepting new H-1B visa petitions on Monday, with demand expected to be heavy. And the initial rush is going to be followed by much fury.
 
China has slammed a new U.S. funding law that will tighten scrutiny of information technology purchases from the country, and said it could severely damage the mutual trust between the two nations.
 
The U.S. Patent and Trademark Office has provisionally denied Apple's trademark application for "iPad Mini" because the term is "merely descriptive" of the tablet's size.
 
Failed expectations, increased costs, unnecessary legal risks -- going blind into a big data project doesn't pay
 

Posted by InfoSec News on Apr 01

http://www.guardian.co.uk/commentisfree/2013/mar/29/cyberwar-spun-shoddy-journalism

By Heather Brooke
guardian.co.uk
29 March 2013

A veteran Reuters reporter related a piece of advice given by his editor: "It's
not just what you print that makes you an authoritative and trusted source for
news, but what you don't print."

He wasn't talking about censorship, he was talking about what separates
journalism from...
 

Posted by InfoSec News on Apr 01

http://arstechnica.com/security/2013/03/funded-hacktivism-or-cyber-terrorists-amex-attackers-have-big-bankroll/

By Sean Gallagher
Ars Technica
Mar 30 2013

On March 28, American Express' website went offline for at least two hours
during a distributed denial of service attack. A group calling itself "the
cyber-fighters of Izz ad-Din al-Qassam" claimed responsibility for the attack,
which began at about 3:00pm Eastern Time.

In...
 

Posted by InfoSec News on Apr 01

http://www.pakistantoday.com.pk/2013/03/29/news/national/pakistani-man-arrested-for-military-espionage-in-germany/

Pakistan Today
29 Mar 2013

BERLIN - A Pakistani man working in a German technology research centre was
arrested on Friday and detained on suspicion of military espionage, Germany’s
state prosecutor said.

The 28-year-old employee was registered as a student at the centre where he
worked in the northwestern city of Bremen....
 
Internet Storm Center Infocon Status