InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
At RSA Conference 2012, FBI Director Robert Mueller said the bureau is ramping up to fight cybersecurity threats and boost information-sharing efforts.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
At RSA Conference 2012, Zions Bancorporation detailed how it harvested security big data using a Hadoop-based security data warehouse.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Two penetration testers at RSA Conference 2012 explain how enterprises can hack back against attackers and stay within legal and ethical boundaries.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Government and businesses – and individuals – often have competing priorities when it comes to information security and privacy, and those competing priorities are reflected in the multitude of ever-expanding compliance regulations in the U.S.  IT pros are struggling to maintain compliance in light of these competing priorities and, from my vantage point sitting in on GRC sessions at RSA Conference 2012 this week, they are pretty stressed out.

Unfortunately, panelists speaking about hot topics in law and compliance at RSA Conference 2012 appeared to have little hope for a resolution to the tension anytime soon.

Panelist Benjamin T. Wilson, general counsel and senior vice president of industry relations for SSL certificate authority DigiCert Inc., called the tension between government and individuals/businesses a “megatrend” that’s overriding the compliance regulations being written or modified in 2012. Regulators are torn between individuals and businesses: each want access to all kinds of information, but also want all their own information kept private. 

Add in the many and varied regulations of other countries, who are themselves attempting to regulate how data is stored or transmitted, and the job of compliance manager becomes that much more difficult. 

Today’s compliance and risk managers are riding the uncomfortable megatrend of tension between access to data and protection of data.  Is it a thankless job?  


Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Microsoft will offer U.S. government agencies the option to host their Office 365 suites in a dedicated "cloud community" reserved only for government customers, the company said on Thursday.
Adobe Shockwave Player CVE-2011-2113 Multiple Remote Code Execution Vulnerabilities
Microsoft on Thursday announced that customers had downloaded more than 1 million copies of the Windows 8 Consumer Preview in its first day of availability.
After launching OnLive Desktop for iPad users last week, cloud gaming service OnLive released on Thursday its free Windows desktop virtualization app for Android tablets. Now Android users can run Microsoft Office apps and even stream videos and games to the tablet.
Documents from the Vatican's secret archive are set to be opened in an exhibition in Rome, sponsored by IT vendor EMC.
Enterprise social networking software vendor Yammer plans to beef up its sales and engineering staff with the latest funding infusion from investors, an US$85 million financing round.
Apple has won an injunction potentially requiring Motorola Mobility to recall infringing smartphones, in the two companies' ongoing patent battle in Germany, according to a blogger following the case.
More than a dozen international IT firms have partnered to create Helix Nebula - The Science Cloud, which will be used by European researchers to provide cloud-based computing support for scientific discoveries.
When Mathew Lodge, senior director of cloud services for VMware, looks out over the cloud landscape and envisions how it will continue to evolve, he sees community clouds playing a big role. And he's not the only one.
Seven senior Republicans in the U.S. Senate have introduced cybersecurity legislation after saying that an earlier bill would create costly regulations for businesses.
RSA Conference 2012 experts say finding and sharing real internal secure software development issues is the best motivator for change.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
A hacker who recently leaked 256+ accounts from a polish based forums has now released close to1500 steam accounts and their credentials.

On the heels of yesterday's launch of Windows 8's preview, new statistics show that Microsoft's decade-old Windows XP again plummeted in usage share and will be surpassed by Windows 7 in June.
Some call it (p)insanity. Others are straight up addicted to pinning. And still, there are those who just don't get it.
The rise of mixed mobile networks of Wi-Fi, small cells and traditional base stations, a major theme of this week's Mobile World Congress in Barcelona, may change the competitive landscape of both service providers and equipment vendors.
Google isn't only rolling out new privacy changes today; the company is also dipping its toes in the airline reservation business.
A new supply of the US$25 Raspberry Pi Linux PC, which sold out minutes after going on sale Wednesday, should be available in a month to six weeks, the nonprofit Raspberry Pi organization said Thursday.
This excerpt from the HTML5 Developer's Cookbook takes you step by step through using HTML5's new browser-based storage.
Despite application store controls set by Apple and Google, a panel of mobile application security experts say the potential exists for weaponized applications.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Closely following the company's public preview of Windows 8, Microsoft has released a beta version of its Windows Server 8 operating system.
Our reviewer doesn't like the Metro user interface as the default for a server OS, but other than that lauds its new features.
Nick Lewis exposes the fact and fiction of the Carrier IQ software and the potential information security risk for enterprises.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
A study by Carnegie Mellon University found most corporate boards and senior-level executives fall short in understanding the organization?s security risks and approving the IT security budget.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
[ MDVSA-2012:028 ] libxslt
Luminary Dan Kaminsky, known for his DNS research, pushed RSA Conference 2012 attendees toward security innovation by upending conventional wisdom.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
RSA Conference 2012 panelists discussed court rulings on liability for hacked bank accounts, and gave advice to security pros for protecting financial assets.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
RSA 2012: In addition to lauding a decade of Trustworthy Computing, Microsoft's security chief says big data privacy and security must be addressed.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Organizations need to plan ahead for possible cloud breaches, legal experts advise.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Internet voting systems are inherently insecure and should not be allowed in the upcoming general elections, a noted security researcher said at the RSA Conference 2012 this week.
The Mobile World Congress provided a chance to see Acer's CloudMobile phone up close and personal, and the limited glimpse I got of the device left me impressed.


The wait is over, Paragon releases Hard Disk Manager 12
These include US Navy, British HMG Infosec, Gutmann's and Shneier's. Paragon Hard Disk Manager 12 Suite and Paragon Hard Disk Manager 12 Pro are both available as function-limited 30-day trials for PCs running Windows XP or later.
New Paragon Hard Disk Manager 12StorageReview.com

all 10 news articles »
MLStrand56 was busy typing when the taskbar suddenly moved to the left side of the screen. This was not intentional, so MLStrand56 asked the Answer Line forum for help.
Microsoft's Azure cloud infrastructure and development service was apparently running nearly trouble-free on Thursday, following a series of outages on Wednesday that affected multiple aspects of the system.
To say cloud computing is having a dramatic effect on IT is an understatement. The capability and agility of the cloud is forcing a rapid evolution. Just as in living ecosystems, IT professionals who fail to adapt will, inevitably, dwindle into extinction.

ISWec 2012 At PWTC On March 21-22
... Mansor is scheduled to open the two-day event which will be organised by JFPS Group, a leading business performance enhancement company with affiliated partners worldwide. ISWec 2012 will be held simultaneously with the InfoSec Asia 2012 Conference.

and more »
RSA?s Arthur Coviello urged security pros to break down silos and intelligence-driven security programs, or face a tough year.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

RSA 2012: Stress and burnout in infosec careers
ITWorld Canada
But finding support and information on dealing with info sec career burnout is difficult because resources and knowledge are scant. "If you do a Google search for info sec burnout, you'll find nothing," said KC Yerrid, an information security and ...

The final keynote session of Mobile World Congress 2012 may be remembered, if it is remembered at all, as The Bruce Lee Keynote.

Microsoft’s Azure cloud service suffered a worldwide outage that started Tuesday and was apparently triggered by a timing miscalculation for the leap year. The company was continuing to work on Wednesday to resolve the Azure outage, which continued to affect some customers.

Microsoft said it became aware of an issue impacting the service management component of Azure at 5:45 p.m. Pacific Time on Tuesday.

“The issue was quickly triaged and it was determined to be caused by a software bug. While final root cause analysis is in progress, this issue appears to be due to a time calculation that was incorrect for the leap year,” Bill Laing, leader of the Azure engineering team, wrote in a blog post.

Microsoft created a fix and deployed it to most of the Windows Azure sub-regions, which restored the Azure service to most customers by 2:57 a.m. PST on Wednesday, he said.

“However, some sub-regions and customers are still experiencing issues, and as a result of these issues they may be experiencing a loss of application functionality. We are actively working to address these remaining issues,” he said.

In an email statement, a Microsoft spokesperson said some customers in three sub-regions – north central U.S., south central U.S. and North Europe – remained affected late Wednesday afternoon. Customers might have issues with Access Control 2.0, Marketplace, Service Bus and the Access Control & Caching Portal, which could result in loss of application functionality, the spokesperson said.

Windows Azure Storage was not impacted, according to Microsoft.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

RSA Conference 2012 feels like a big ol’ group therapy session. Small circles of friends, larger circles of industry peers, huddled masses freeing themselves of a collective weight on their shoulders. No longer do they have to lie to themselves, their colleagues or bosses. “Hi, I’m Joe Security and I’m pwned!” They’ve come to grips with the fact that it’s OK to say security technologies suck, networks are compromised and attackers are winning.

OK, that last part has always been part of the dialogue. But the other two have only been whispered in the past. Now it’s being shouted at networking events and even from the big keynote pulpit here in San Francisco. Legacy investments in signature-based antivirus, intrusion detection and other detection technologies don’t serve the industry as well as they used to. Signature updates can’t keep up with the evolution of malware. And most attacks are too targeted or too stealthy, or both, to warrant signatures for the masses. It doesn’t work anymore and everyone’s free to say it without repercussion.

Granted, Art Coviello, RSA Security’s chief executive, has a vested interest in shouting it the loudest, but he made a good, encapsulating point during his keynote yesterday: “We have to stop being linear thinkers, blindly adding new controls on top of failed models. We need to recognize, once and for all, that perimeter-based defenses and signature-based technologies are past their freshness dates, and acknowledge that our networks will be penetrated. We should no longer be surprised by this.”

There’s a lot of whispering now about bringing big data concepts to security. Your resume had better soon include some business analytics experience if you wanna be tomorrow’s CISO. You’d also better figure out how to harness all that data your security gear spits out and learn how to baseline “normal” network behavior and address anomalies. And oh yeah, you better know how to talk to your executives about security.

Selling them your initiatives based on fear is so five years ago. You better learn your business, how it makes money, and how to deliver metrics that address not only bottom-line impact, but how the customer experience is affected, how internal processes need to reflect security and how you’re articulating security to the company to turn everyone into an advocate for you.

Journalists and analysts like tipping points and landmarks because it makes it easier for us to articulate our stories to readers. Most of the time those tipping points and landmarks are made up; not this time though. There’s a definite change in the air and some tangible direction for the industry. Let’s see how we did about this time next year.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Israel-based Altair Semiconductor showed off its LTE radio chips -- and the tablets and routers they're being installed in -- at a small booth at Mobile World Congress this week.
Malware tools that allow attackers to gain complete remote control of smartphones have become a serious threat to users around the world, researchers told an overflow RSA conference audience.
Nvidia, little known just a few years ago, is winning attention for its Tegra 3 quad-core technology, which is being used in smartphones and tablets.
When Matthew Lodge, senior director of cloud services for VMware, looks out over the cloud landscape and envisions how it will continue to evolve, he sees community clouds playing a big role. And he's not the only one.
IT leaders who already manage large clouds have advice for those just getting started. Among the most important: Don't forget the training and personnel issues.
xdev from @b4lc4nh4ck has hacked and dumped thousands of user accounts and personal details from mypakistan.com.pk.

http://lcs-exams.com Loyalist Certification Services Exams has become victim to SQL Injection that has resulted in over a lil over 260 accounts being leaked online.

Saadi n Hax.r00t have been very busy the last couple of weeks targeting many different sites and servers leaving single and mass defacements on pretty much everything they are touching.

Kadu SMS and User Status Message Multiple HTML Injection Vulnerabilities
OpenSSL ASN.1 S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
The hacks have been done in part of the AntiSec operation that was started up by anonymous and lulzsec hackers late last year and has contuined to push its hacking on all types of governments and security firms that with hold any type of information from the public.

@anon_4freedom has been at it again hacking high profile websites that are well known. The latest adds to the attacks that Universal music has had over the past months with the Brazil and portugal websites already being hacked as well as many others in the name of SOPA and ACTA.

A hacker using the handle Dr.HaCkEr has added to the already big list of United nations websites that have been hacked and left defaced. The most recent belongs to the Food And Agricultural Organization Of the United Nations, and more so the north east subdomain.

@ActiSec has dumped a pastebin paste that contains two small account dumps from chinese based websites and is done in the name of #Opchina an operation thats setout to expose the chinese government.

Apple, which already faces uncertainty over ownership of the iPad trademark in China, has filed a complaint demanding a local Chinese luggage vendor drop the EPAD trademark it uses on its products.
Over 90 percent of data breaches are the result of external attacks and almost 60 percent of organizations discovered them months or years later, Verizon said in a report released at the RSA security conference on Wednesday.
Facebook has acquired the team behind file-transfer startup Caffeinated Mind, which offered an on-demand peer-to-peer file sharing system.
You have questions about the Consumer Preview for Windows 8? We have answers. Some of them, anyway.
Scientists expect that climate change will increase the frequency and severity of extreme weather events, and last fall's flooding in Thailand fit the definition of extreme.
Consumer desire for unnecessary features has encouraged the development of insecure and unreliable software products, said Tenable Network Security CSO Marcus Ranum, during a debate on Wednesday about software liability at the RSA security conference in San Francisco.
The little cameras in your home are multiplying. There are the ones you bought, perhaps your SLR or digital camera, but also those that just kind of show up in your current phone, your old phone, your laptop, your game console, and soon your TV and set-top box.
Remote Desktop Services (or RDP, as most people call this service) is undoubtedly one of the most useful services that Windows administrators depend on. Introduced all the way back with Windows NT, Microsoft has been continually adding new features to Remote Desktop Protocol, with the current version 7.1.
One of the cool features Microsoft added initially with Windows Vista was Network Level Authentication (NLA). This new feature that must be supported by both the RDP client and server allows a client to go through the authentication process before connecting to the remote server. This has several benefits, the biggest one being that it requires fewer resources until the authentication process has successfully completed.
As Ive been spending a lot of time analyzing Windows logs, I found that the introduction of NLA changed behavior of RDP servers regarding logs, due to the way it works. While the overall security level remains the same, consider this more a kind of a reminder on what to look for if you ever have to investigate a security incident concerning RDP connections.
So, before Windows 7 and Windows Server 2008, once we decided to use RDP to connect to a remote machine we fired up mstsc.exe, entered the name or IP address of the destination server and soon (or not so soon, depending on how fast or slow your connection is), the following screen welcomed us:

In this case the user can enter his/her credentials for the server to verify. In this case, the verification process is done by the target RDP server event 4768 on Windows Vista/7/2008) or event 680 (4776) (in both successful and failed NTLM authentication) will be logged, following by a 528 or 529 (or 4624 and 4625 on Windows Vista/7/2008) event. In case of this event (528 or 529), its Logon Type value will show 10 which means RemoteInteractive or simply RDP.
All good in this case, since we can see the server that the user tried to connect to (the server requesting the authentication), and on the server we can see the source IP address of the user and his/her successful or unsuccessful connection attempt. If you are now collecting logs to a central log management server you can simply report or alert on brute force attempts on RDP.
However, with NLA things changed a bit. Since the authentication process has been changed, if the user now tries to login to a RDP server with his domain credentials, the mstsc.exe client will try to authenticate with the domain controller directly. If this attempt was unsuccessful it will result in a 675 event (pre-authentication failed), or 4771. This is as expected if we havent supplied a valid username and password, the authentication will fail.
The problem I noticed here is lack of context: this event is same as any other authentication attempt in the domain. In other words, there is absolutely no way for an administrator monitoring logs to know if the user in question is trying to connect to a RDP server or just brute forcing accounts. Of course, this is not a security vulnerability since the domain controller will respect all implemented security controls such as account locking but there is a small lack of context which can help an attacker hide his true actions (accessing RDP).
So, to wrap this up if you are monitoring your Windows logs dont be surprised if suddenly you dont see many (or any) 529/4625 events with Logon Type 10.



(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Posted by InfoSec News on Mar 01


By Mathew J. Schwartz
February 29, 2012

How do hacktivists launch attacks? A new report details an online
assault launched in August by the hacktivist collective Anonymous that
lasted for 25 days, and which was designed to disrupt a specific event.

The research, released Sunday by data security vendor Imperva on the eve
of this week's RSA conference in San...

Posted by InfoSec News on Mar 01


By Tim Greene
Network World
February 28, 2012

National security tech provider ManTech International is buying HBGary
Inc., with an eye toward its software that fights advanced persistent
threats and other malware.

In addition to its technology, HBGary also has a customer list including
financial services, energy, critical infrastructure and technology

Posted by InfoSec News on Mar 01

Forwarded from: DeepSec Conference <deepsec (at) deepsec.net>

--- DeepSec 2012 "Sector v6" - Call for Papers

We are looking for talks and trainings for the DeepSec In-Depth
Security Conference 2012 ("Sector v6"). We invite researchers,
developers, auditors and everyone else dealing with information
security to submit their work. We offer slots for talks and workshops,
and we encourage everyone working on projects to...

Posted by InfoSec News on Mar 01


By Steven Musil
February 29, 2012

Theft of unencrypted laptop just one of thousands of incidents in recent years,
costing millions of dollars, the agency's inspector general tells Congress.

A laptop stolen from NASA last year contained command codes used to control the
International Space Station, an internal investigation...

Posted by InfoSec News on Mar 01


By Eric Chabrow
Bank Info Security
February 29, 2012

More than a year in the making, the National Institute of Standards and
Technology issued Feb. 28 an initial public draft updating one of its
premier special publications, SP 800-53: Security and Privacy Controls
for the Federal Information Systems and organizations, which
incorporates expanded privacy controls and addresses new...
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Internet Storm Center Infocon Status