Hackin9
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A U.S. regulatory filing for a Bitcoin investment trust by the Winklevoss twins said they will protect the virtual currency like gold bars -- in vaults.
 
Applications for asylum or asylum assistance were submitted on behalf of former U.S. National Security Agency contractor Edward Snowden to a number of countries including China, Russia, and India, whistle-blower site WikiLeaks said Tuesday.
 
Zynga CEO Mark Pincus pursued Microsoft's Xbox chief for several months and had no other candidates in mind for the top job at the social games company, a source at Zynga said Monday.
 

SCADA environments are a big interest for me. As responsible of the information security of an utility company, I need to ensure that risks inside those platforms are minimized in a way thay any control I place does not interfiere at all with the protocol and system function. That is why running things like metasploit or nexpose could be really dangerous if they are not well parameterized, as it could block the control to the RTU and IED and potentially cause a disaster if a system variable goes beyond control.

There is an alternative to perform vulnerability asessments to SCADA devices less risky and with good result information. You can use nmap scripting engine to add vulnerability scanning functionality. The software can be downloaded from http://www.computec.ch/mruef/software/nmap_nse_vulscan-1.0.tar.gz. The csv files are vulnerability databases and you need to place them into a directory named vulscan in the same directory as all other .nse scripts. The vulscan.nse script needs to be with all the other nse scripts. Once installed into the nmap scripts directory, you are all set.

Let's how it works. First step to perform vulnerability asessment is to check open ports and versions of all servers running there:

NMAP Service SCAN

The vulscan script will get the service scan information as input to gather vulnerabilities inside the vulnerability databases. Now you need to use at least the following arguments:

  • Service scan: This nmap scan technique is able to query for open ports and determine which protocols and servers are running in those ports. Use -sV
  • Script selection: The script you want to use is vulscan.nse, so you should use --script=vulscan.nse.

You can also use any other optional arguments used normally with nmap, as well as arguments to the vulscan script, like:

  • SYN scan (-sS), connect scan (-sT) or operating system fingerprint (-O)
  • Script arguments: You can define which vulnerability database you want to use. The following databases are available: CVE (--script-args vulscandb=cve.csv), Security Tracker (--script-args vulscandb=securitytracker.csv), Security Focus (--script-args vulscandb=securityfocus.csv), Open Sourced Vulnerability Database (--script-args vulscandb=osvdb.csv) and Security Consulting Information Process Vulnerability Database (--script-args vulscandb=scipvuldb.csv). If you want to use all of them, don't use this argument to the script and leave only the script selection.

In the following example, nmap will perform a SYN scan, service scan and get the information as input to correlate with the Security Consulting Information Process Database. The command being run is  nmap -sS -sV --script=vulscan.nse --script-args vulscandb=scipvuldb.csv 192.168.0.110:

nmap vulnerability script

In future diaries I will show other nmap scripts I like to perform vulnerability asessment and pentest.

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
After several months of anticipation, the first phones based on the Firefox operating system are here. TelefA3nica will begin selling the ZTE Open on Tuesday in Spain as the first step of a global rollout that should see Firefox OS devices available in all the carrier's markets by the end of next year.
 
At the Argonne National Lab on Monday, a dedication ceremony was held for the Mira supercomputer, where it was duly noted that it is the world's fifth-fastest system. You cannot mention the world's fifth-fastest system without noting the world's number one system, which is in China.
 
Mark Pincus is stepping down as CEO of Zynga and will be replaced by the head of Microsoft's Xbox business, Don Mattrick, Zynga announced on Monday.
 
Adobe Flash Player and AIR CVE-2013-3343 Remote Memory Corruption Vulnerability
 
Mozilla says a tablet PC based on its new Firefox operating system is coming soon, although it won't say just how soon that could be.
 
If Pinterest is looking over its shoulder, it's probably keeping an eye on We Heart It, an image-based social networking site that has quietly amassed a user base of 20 million.
 
Citing a change in the way IT professionals consume information, Microsoft has closed down its long-running TechNet subscription service.
 
Now a new Harris Interactive survey reveals what employers look for and what pictures and posts on Facebook could keep a prospective candidate from getting that perfect job.
 
Putin says Snowden must stop harming U.S. interests, but Russia unlikely to send him back
 
Mozilla CTO Brendan Eich described keen interest shown by 8 million Web developers in the Firefox OS, and said that 20-plus smartphone makers and wireless carriers plan to sell devices running the OS to first-time buyers globally, initially in markets where low-cost phones are in demand.
 
 

SANS Brings World-Class Information Security Training to Las Vegas
The Herald | HeraldOnline.com
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...

and more »
 
As the evasion of consumer tech changes IT, it makes sense that support for consumer devices would start to reflect the retail experience. Think Apples Genius Bar. Mike Burgio of Inergex, an IT services firm, talks about why IT leaders need to think about hitting the bar.
 
Some websites and mobile app developers are confused about how to comply with revised rules governing the online collection of personal information from children that took effect in the U.S. Monday, critics said.
 
A U.S. court has decided that the class-action designation of the copyright lawsuit brought against Google by the Authors Guild over the company's book-scanning project was 'premature,' and has returned the suit to a lower court for consideration of fair use issues.
 
The need by corporate IT operations to enable easier interaction with massive -- and fast growing -- data sets in Hadoop environments is driving a flurry of vendor activity.
 
You don't need a big budget to be successful with social media, according to Walmart's director of social strategy. Here are five steps your business can follow to reap the benefits.
 
IBM SPSS Data Collection CVE-2013-0464 Cross Site Scripting Vulnerability
 
[SECURITY] CVE-2013-1777: Apache Geronimo 3 RMI classloader exposure
 

IT Opportunities Surrounding Shadow IT
Infosecurity Magazine (blog)
The Cloud Security Alliance comprises many subject matter experts from a wide variety of disciplines, united in our objectives: to promote a common level of understanding between the consumers and providers of cloud computing regarding the necessary ...

and more »
 
A critical vulnerability that could allow remote attackers to access sensitive enterprise log-in credentials and other data was fixed last week in Crowd, a single sign-on (SSO) and identity management tool used by large organizations to simplify access to their internal Web applications and services.
 
GLPI 'unserialize()' Function Remote PHP Code Execution Vulnerability
 
GLPI Multiple SQL Injection Vulnerabilities
 
GLPI 'filetype' Parameter Local File Include Vulnerability
 
[security bulletin] HPSBHF02888 rev.1 - HP ProCurve, H3C, 3COM Routers and Switches, Remote Information Disclosure and Code Execution
 
[security bulletin] HPSBST02846 SSRT100798 rev.2 - HP LeftHand Virtual SAN Appliance hydra, Remote Execution of Arbitrary Code
 
Re: ESA-2013-029: RSA SecurID Sensitive Information Disclosure Vulnerability
 
E.U. politicians at both national and European level on Monday demanded that the United States answer allegations of spying on European Union embassies, while others called for asylum for NSA whistleblower Edward Snowden.
 
Apple is under investigation by the French competition authority, which has raided the company's offices in France, and those of several distributors, a spokesman for the authority said Monday
 
The first Web-based Firefox mobile OS smartphones will be released soon in Spain and Poland, with more coming soon to other regions of the world, Mozilla announced Monday.
 
Two years after virtually dropping out of the mobile business, Hewlett-Packard is working on a new smartphone, an HP executive told Press Trust of India.
 
Oracle has unveiled a series of analytic applications for its flagship E-Business Suite ERP (enterprise resource planning) suite that it says gives customers a more effective, richer way to comb through operational data.
 
LinuxSecurity.com: New mozilla-thunderbird packages are available for Slackware 13.37, 14.0, and -current to fix security issues. [More Info...]
 
LinuxSecurity.com: New mozilla-firefox packages are available for Slackware 13.37, 14.0, and -current to fix security issues. [More Info...]
 
LinuxSecurity.com: Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security specification. The fix to address CVE-2013-2154 introduced the possibility of a heap overflow in the processing of malformed XPointer [More...]
 
The USB Clever repurposes an Android device into a password stealing memory stick for Windows PCs, albeit with the ability to select payloads and view results. But if autorun is disabled, there it little to worry about
    


 
Mozilla Firefox CVE-2013-1700 Local Privilege Escalation Vulnerability
 

Leading Data Erasure Vendor Tabernus Certified by NATO Information ...
SBWire (press release)
The Defence InfoSec Product Co-Operation Group UK (DIPCOG) is a UK Ministry of Defence forum run by a committee composed of representatives primarily from the MoD and CESG. DIPCOG approves products and services as being suitable for use ...

 
Microsoft is launching a channel partner program on Monday to help drive sales of its Surface tablet to companies, schools and other organizations.
 
Mozilla Firefox/Thunderbird CVE-2013-1694 Remote Code Execution Vulnerability
 
Mozilla Firefox and Thunderbird CVE-2013-1685 Use-After-Free Memory Corruption Vulnerability
 
Mozilla Firefox and Thunderbird CVE-2013-1687 Remote Code Execution Vulnerability
 
joomla com_football Components Sql Injection vulnerability
 
[slackware-security] mozilla-firefox (SSA:2013-180-01)
 
The U.S. government is giving the healthcare industry billions of dollars in incentives to use electronic health records. Most organizations have EHR software in place, but as many as 35 percent wish they could switch systems. Are EHR vendors to blame, or are deeper forces at work?
 
Microsoft on Monday said it will appeal a trademark lawsuit over its SkyDrive cloud storage service it lost to the British Sky Broadcasting (BSkyB) Group.
 
TelefA3nica will be the first to offer a commercial smartphone based on Firefox OS. The Spanish operator will start selling the ZTE Open on Tuesday for a!69 (US$90) with a prepaid subscription.
 
You have to wonder what level of encryption can withstand the brute-force computing power that is cheaply available today.
 
Some people are deeply upset about the latest incursions into our privacy. But as a society, we don't seem to care all that much.
 
GreHack 2013 - CFP EXTENDED TO JULY,16 - Conf: Nov. 15, Grenoble, France
 
[slackware-security] mozilla-thunderbird (SSA:2013-180-02)
 
ZRTPCPP, an open-source library that's used by several applications offering end-to-end encrypted phone calls, contained three vulnerabilities that could have enabled arbitrary code execution and denial-of-service attacks, according to researchers from security firm Azimuth Security.
 
A group of 26 U.S. senators, cutting across party lines, are seeking 'public answers' on whether the National Security Agency collected in bulk other data such as credit card purchases and financial information in the U.S. besides phone records.
 
Anti-virus software suffers identity crisis, easily digestible Joomla cookies and more than 1200 bugs, including one in Google Chrome's PDF viewer
    


 
python-bugzilla CVE-2013-2191 SSL Certificate Validation Security Bypass Vulnerability
 
Apple has filed to trademark the phrase 'iWatch' in Japan, amid rumors the company will soon launch a smart watch device globally.
 
A group of 26 U.S. senators, cutting across party lines, are seeking 'public answers' on whether the National Security Agency collected in bulk other data such as credit card purchases and financial information in the U.S. besides phone records.
 
Nokia is to acquire Siemens' 50% stake in joint venture Nokia Siemens Networks, which will become a wholly-owned subsidiary of the Finnish company after the transaction is completed.
 
After ten years for the 1.8.x branch and five years of 1.8.7, the Ruby 1.8 family is coming to its planned end as all support for it, including security fixes, ends
    


 
A group of 26 U.S. senators, cutting across party lines, are seeking "public answers" on whether the National Security Agency collected in bulk other data such as credit card purchases and financial information in the U.S. besides phone records.
 
Two malicious software programs that help each other stay on computers are proving difficult to remove.
 
Nokia is to acquire Siemens' 50 percent stake in joint venture Nokia Siemens Networks, which will become a wholly-owned subsidiary of the Finnish company after the transaction is completed.
 

Posted by InfoSec News on Jul 01

http://www.greenvilleonline.com/article/20130629/NEWS10/306290012/USC-hit-another-personal-data-breach

By Andrew Shain
GreenvilleOnline.com
June 29, 2013

The University of South Carolina is dealing with another data breach while
it continues work to eliminate unnecessary use of Social Security numbers.

USC sent letters this week to 6,300 students whose personal information,
including Social Security numbers, could have been on a laptop...
 

Posted by InfoSec News on Jul 01

http://www.scmp.com/news/hong-kong/article/1272163/chinese-university-issues-new-security-alert-students-over-hacking

By Lana Lam and Emily Tsang
South China Morning Post
30 June, 2013

Staff and students at Chinese University were warned yesterday to secure
their computers against hacking.

The caution came just over two weeks after claims by whistle-blower Edward
Snowden that it had been among the targets of a US cyberspying programme.

An...
 

Posted by InfoSec News on Jul 01

http://thehill.com/blogs/hillicon-valley/technology/308563-nsa-revelations-throw-wrench-into-cybersecurity-push

By Brendan Sasso
Hillicon Valley
The Hill
06/30/13

Revelations about the National Security Agency's domestic surveillance
programs could make it more difficult for Congress to pass cybersecurity
legislation.

Civil liberties groups have long argued that the House's cybersecurity
bill, the Cyber Intelligence Sharing and...
 

Posted by InfoSec News on Jul 01

https://www.computerworld.com/s/article/9240440/New_disk_wiper_malware_linked_to_attacks_in_South_Korea_researchers_say

By Lucian Constantin
IDG News Service
June 28, 2013

A new piece of malware designed to delete files from hard disk drives and
render computers unable to boot targets South Korean users, according to
researchers from security firm Symantec.

The malware is similar to the Jokra Trojan program that was used in March
to wipe...
 

Posted by InfoSec News on Jul 01

http://www.thecoast.ca/RealityBites/archives/2013/06/27/was-halifaxs-e-vote-hacked

By Rob Wipond
The Coast
June 27, 2013

It's been several weeks since I revealed evidence that the online voting
in last fall's municipal elections in Halifax was not secure. Now I'm
starting to wonder, does anyone care? How many people care about defending
our most basic pillar of democracy---our elections?

I obtained the damning documents...
 
Internet Storm Center Infocon Status