Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Dell has built a prototype server based on a 64-bit ARM processor from Applied Micro Circuits, which showed the system at a conference in Silicon Valley on Thursday.
 
About 19 percent of cell sites in the area hardest hit by Hurricane Sandy were still out of service on Thursday morning as recovery was slowed by other network failures and power shortages, according to the U.S. Federal Communications Commission.
 

No, this isnt about lousy detection rate. I think were pretty much resigned to that, irrespective of the latest fancymarketing terms the industry uses to sell us the same failed concept. This is about the forensic quality, or rather lack thereof,of anti-virus.



Lets say your anti-virus (AV) happens to find a Spyware. Something like the spyware that I described in yesterdays ISC diary.What does it do with it? If your AV is anything like the products that Ive seen in use, it will display a Halloween-likescary pop-up (Danger! Virus!) and will delete or quarantine the threat.

So far so good. This used to be cool back when all we wanted our anti-virus to do was to get rid of the threat. But thesedays are over. Increasingly now, anti-virus alerts us (maybe) to a persistent threat that has been on the system for days, weeks, heck,even months. And deleting or quarantining such a threat causes a serious problem: It modifies or eradicates evidence. Yes,we get an alert, but then we are like the CSI guys who get called to a murder scene that doesnt have a body. Sure we canspend hours trying to lift DNA off cigarette stubs, but things would be so much easier if the caller could tell us what exactlyhe has seen where, and where the body was?

In other words: If anti-virus removes a registry key to unhook a DLL, why cant the AV log tell me (a) where this registry key was and(b) when it was created? You know, this would give a first indication on how far back we have to dig to determine what data was stolen. Thesame holds true for the actual threat files that get deleted or quarantined: A full MAC (modify/access/create) timestamp in the logs shouldnt be too much to ask for? Maybe garnished with an MD5 checksum for good measure, so that the analyst can tell right away if the exact same threat has been seen on another PC already?



I dont think the AV companies have caught on to this yet - they seem to be deleting and quarantining threats with the same casualindifference like they did 20 years ago, stomping all over the crime scene, and wiping out or contaminating important forensic evidence in the process.



If your enterprise-grade anti-virus software does any better in forensics than described above, please let us know via the contact page. If it has the same shortcomings, please let us know as well, but more importantly, please let your AV vendor know. Maybe, someone listens.




(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Apple iPhone/iPad/iPod touch Prior to iOS 6.0.1 CVE-2012-3750 Local Security Bypass Vulnerability
 
Enterprises can disrupt cybercriminals and deter future attacks, explains Dmitri Alperovitch, CTO of CrowdStrike Inc. The approach has its critics.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Managing information, providing strong access controls and setting up appropriate data destruction policies are a challenge, experts say.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Software security expert Gary McGraw explains that the U.S. should build proactive defense capabilities rather than pour billions into cyberweapons.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
The future of appliances--refrigerators, toasters, washers, dryers, you name it--can be summed up as "smarter." But this smart revolution has already come to the trusty alarm clock, of which Stem Innovation's $100 Time Command is a good example. It uses a companion iOS app to transform your wake-up experience from simple to multi-faceted. Most of the time, this really does improve matters, but it's not without the occasional glitch.
 
ARM is working with Microsoft to tune the Windows OS to work on processors based on ARM's 64-bit architecture, an ARM official said this week.
 
Drupal Hotblocks Module HTML Injection and Denial of Service Vulnerabilities
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
ARM is working with Microsoft to tune the Windows OS to work on processors based on ARM's 64-bit architecture, an ARM official said this week.
 
Apple iOS 6.0.1 CVE-2012-3749 Information Disclosure Vulnerability
 
WebKit CVE-2012-3748 Remote Code Execution Vulnerability
 
There's real-time drama unfolding at one of the data centers operating at 111 8th Ave. in NYC, a Google-owned building that occupies a full city block.
 
The first teardown of an iPad Mini showed few surprises, but the team that took apart Apple's new smaller tablet said it was 'extremely difficult' for do-it-yourselfers to repair
 
Apple executive Phil Schiller will have to provide further testimony to lawyers for Samsung Electronics as part of the appeal proceedings related to their big patent infringement case, a California court ordered Thursday.
 
Intel researchers are working on a new way to display photos and videos, making them more social and collaborative.Pictures and video can be rearranged, enlarged with just a touch on walls, tables
 
Devastation caused by Hurricane Sandy forced at least two major hospitals and a data center in lower Manhattan to resort to backup generators fueled by diesel for power. In these cases the backup processes failed
 
Facebook, Red Hat, Hewlett-Packard and other big vendors have joined a project to develop Linux OS software for the upcoming generation of ARM-based servers, the companies announced Thursday.
 
RedPrairie is merging with fellow supply-chain software vendor JDA in a deal worth roughly $1.9 billion, the companies announced Thursday.
 
After a year in beta, Microsoft has launched its Team Foundation Service, a hosted version of its application lifecycle management (ALM) software. Its usage, for the time being, has been limited to five or fewer users, however.
 
Microsoft is preparing to release an update to its Dynamics CRM Online software that will feature a new user experience as well as tie-ins to its Yammer social networking software and Skype communication platform, the company announced Thursday.
 
Cisco Unified MeetingPlace SQL Injection and Cross Site Scripting Vulnerabilities
 
Cisco Unified MeetingPlace Web Conferencing Buffer Overflow Vulnerability
 
Invision Power Board 'core.php' PHP Code Execution Vulnerability
 
[ MDVSA-2012:169 ] java-1.6.0-openjdk
 
[SECURITY] [DSA 2570-1] openoffice.org security update
 
Cisco Security Advisory: Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability
 
Re: [BUGTRAQ]Security Advisory - TP-LINK TL-WR841N LFI - [UPDATE]
 
Driven by millions of upgrades, Windows 8's global usage share climbed by a third last month, but the new OS's adoption pace remained lethargic compared to that of its predecessor three years ago.
 
Version 1.5 of the Burp security tool suite adds a few new tricks to the network analysis toolkit and introduces a completely overhauled user interface


 
Users can now share files from their Google Drive storage account on their Google+ social networking profile, a capability that could be particularly relevant for workplace collaboration.
 
The maxim is as old as business itself: work smarter, not harder.
 
When it comes to consumers' rights to control their own browsers, everybody wants to sound like they're pro-choice. But with many millions of advertising dollars on the line, the definition of pro-choice tends to align with the financial interests of those doing the defining.
 
Intuit has integrated the online marketing software gained through its $423.5 million acquisition of Demandforce with its QuickBooks accounting software, giving small businesses a way to make closer connections with customers, the company announced Thursday.
 
Microsoft said it will team up with Japan's largest mobile operator, NTT DoCoMo, to push Windows 8 on tablets to corporate customers.
 
One-quarter of more than 400,000 Android apps examined in the Google Play store pose security risks to mobile-device users, according to new research.
 
The most recent Amazon Web Services outage left customers (and rival cloud providers) blaming Amazon. Instead, CIO.com columnist Bernard Golden says, everyone needs to accept that cloud computing is not immune to failure. Fortunately, a key advantage of the cloud -- cheap, easy redundancy -- will help mitigate the risk of an outage.
 
Apple executive Eddy Cue gets a flattering write-up, Motorola gets a flat take-it-or-leave-it offer from Cupertino, and how to turn your older Mac's drives into a Fusion Drive in twenty-seven hours flat. The remainders for Wednesday, October 31, 2012 are flat broke.
 
The 2011 security breach at Dutch certificate authority (CA) DigiNotar resulted in an extensive compromise and was facilitated in part by shortcomings in the company's network segmentation and firewall configuration, according to Fox-IT, the security company contracted by the Dutch government to investigate the incident.
 
A team from Huawei is going to Germany to work with Felix Lindner to see how the company can remedy the problematic security culture and software practices which Lindner discovered were making Huawei's routers rather vulnerable


 
Debian 'ssmtp' Package TLS Certificate Security Bypass Vulnerability
 
A report slams Wall Street for lack of foresight in preparing for a megastorm the size of Hurricane Sandy, stating that the New York Stock Exchange shut down for two days in part because it was not ready to use an all-electronic trading system during the disaster.
 
When seawater from Hurricane Sandy flooded streets in lower Manhattan Monday night, it filled the bottom floors of the basement of an office building at 75 Broad St. This was not a good development for the data center operated by Peer1 Hosting.
 
A federal judge should limit the scope of a proposed court hearing examining whether a former Megaupload user can recover files that were on the website when the U.S. Department of Justice shut it down, the agency said.
 
Linux support for UEFI Secure Boot has been evolving and prime mover behind that support, Matthew Garrett, has now provided an overview of the current status of how Fedora, SUSE and Ubuntu are managing the challenge


 
Porn servers disclose their visitors' IP addresses, and payment processing services put their customers' active session tokens at risk. The cause, however, is no clever hack, but rather shoddy administration


 

Posted by InfoSec News on Nov 01

Forwarded from: Alessandra De Paola <alessandra.depaola (at) unipa.it>

---------------------------------------------------------------------
----------Apologies for multiple copies of this announcement---------
---------------------------------------------------------------------

The Ninth IEEE PerCom International Workshop on
Sensor Networks and Systems for Pervasive Computing (PerSeNS 2013)...
 

Posted by InfoSec News on Nov 01

https://www.networkworld.com/news/2012/102912-schwartau-263776.html

By Ellen Messmer
Network World
October 29, 2012

MIAMI -- While complaints can be heard far and wide that it's hard to
find the right IT security experts to defend the nation's cyberspace,
the real problem in hiring security professionals is the roadblocks put
up by lawyers and human resources personnel and a complete lack of
understanding of geek culture, says...
 

Posted by InfoSec News on Nov 01

http://www.yomiuri.co.jp/dy/national/T121030003585.htm

The Yomiuri Shimbun
Oct. 31, 2012

Five people, including the owner of an information technology-related
company, were arrested Tuesday on suspicion of providing a virus built
into smartphone applications that stole more than 10 million pieces of
personal information from users' address books.

The Metropolitan Police Department said about 90,000 people's
smartphones were...
 

Posted by InfoSec News on Nov 01

Forwarded from: Dave Dittrich <dittrich (at) u.washington.edu>

Seriously VeriSign? You discovered this in 2006? And you are crowing
about it six years later as a warning of threats to come? You are 11
years too late.

There has been a description of the first DNS reflection attacks on my
DDoS web page since 2001. My colleagues and I wrote about the
Register.com reflected DNS attack in our book on DDoS, published in
2004. Sometime...
 

Posted by InfoSec News on Nov 01

http://www.smh.com.au/it-pro/security-it/huawei-embracing-its-hacker-critics-security-chief-says-20121101-28lr2.html

By Jeremy Wagstaff and Lee Chyen Yee
The Sydney Morning Herald
November 1, 2012

Under-fire Chinese telecoms equipment vendor Huawei is reaching out to
one of its sternest critics: a hacker who accused it of making shoddy
products.

John Suffolk, the company's global cybersecurity chief, said at a
cybersecurity conference...
 
Internet Storm Center Infocon Status