Information Security News
Microsoft has surrendered the 23 domain names it confiscated from dynamic domain hosting service No-IP.com, a move that begins the process of restoring millions of connections that went dark as a result of the highly controversial legal action.
At the time this post was being prepared, No-IP had recovered 18 of the domains and was in the process of reacquiring the remaining five from Public Interest Registry, the registry for Internet addresses ending in .org, No-IP spokeswoman Natalie Goguen told Ars. People who rely on No-IP subdomains that don't end in .org should already have service restored, as long as the domain name service (DNS) server they use has been updated to reflect Wednesday's transfer. Users who are still experiencing connectivity problems should try using DNS services from Google or OpenDNS, which have both updated their lookups to incorporate the transfers.
Microsoft confiscated the No-IP domains in late June through a secretive legal maneuver that didn't give the dynamic DNS provider an opportunity to oppose the motion in court. Microsoft's ex parte request was part of a legal action designed to dismantle two sprawling networks of infected Windows computers that were abusing No-IP in an attempt to evade takedown. As partial justification for the request, Microsoft lawyers argued No-IP didn't follow security best practices.
Cisco Systems has released a security update that closes a backdoor allowing attackers to control software that large organizations use to manage voice over IP (VoIP) calls and messaging over their networks.
The default secure shell (SSH) key made it possible for hackers to gain highly privileged administrative access to the Cisco Unified Communications Domain Manager, the networking company warned in an advisory published Wednesday. From there, intruders could execute arbitrary commands or gain persistent access to the systems. The advisory didn't explicitly say that attackers could monitor discussions or track the times that calls or messages were made and who sent and received them, but it wouldn't be surprising if those capabilities were also possible. In addition to VoiP management, the Cisco Unified Communications Domain Manager also allows users to manage Cisco Jabber, a cloud-based service for instant messaging, voice and video communications, desktop sharing, and conferencing.
"The vulnerability is due to the presence of a default SSH private key, which is stored in an insecure way on the system," Wednesday's advisory stated. "An attacker could exploit this vulnerability by obtaining the SSH private key. For example, the attacker might reverse engineer the binary file of the operating system. This will allow the attacker to connect by using the support account to the system without requiring any form of authentication. An exploit could allow the attacker to gain access to the system with the privileges of the root user."
Thanks to our reader Dan for spotting this one.
As of today, a search for "Katie Matusik" on Bing will include the following result. The rank has been slowly rising during the day, and as of right now, it is the first link after the link to "Videos"
Once a user clicks on the link, the user is redirected to http://system-check-yueedfms.in/js which loads a page claiming that the user's browser is locked, and the user is asked to pay a fine via "Moneypak", a Western-Union like payment system. Overall, the page is done pretty bad and I find it actually a bit difficult to figure out how much money they are asking to ($300??).
The user is no not able to close the browser or change to a different site. However, just rebooting the system will clear things up again, or you have to be persistent enough in clicking "Leave this Page" as there are a large number of iframes that each insert a message if closed.
The link was reported to Bing this morning but the result has been rising in Bing's search since then. Respective hosting providers for the likely compromised WordPress blog have been notified.
Quick update: For "katie matysik" (replace 'u' with 'y', the correct spelling of the ), Bing now returns the malicious site as #1 link. Both spellings are valid last names, so either may be the original target of the SEO operation.
The makers of OpenSSL unveiled a new development roadmap this week, saying the open source project needs to change because it "is increasingly perceived as slow-moving and insular."
The inner workings of the poorly funded OpenSSL project came under scrutiny after the discovery of Heartbleed, a security flaw in the cryptography library that put much of the Web's encrypted communications at risk. Tech giants eventually agreed to give the project money, enough to hire two full-time developers and perform a third-party security audit.
The new OpenSSL Project Roadmap, unveiled Monday and updated yesterday, sets out a list of goals for its new staff.
Yet another round of patches, this time for Cisco's Unified Communications Domain Manager .
The vulnerability that is probably going to be exploited first is the backdoor Cisco left behind for support access. In order to provide Cisco support with access to customer equipment, the company felt it was a great idea to equip all instances with the same SSH key.
Having the same key on all systems is mistake number one, but wouldn't be fatal if the secret key would have been tugged away in Cisco's special safedeposit box. Instead, they left the secret key on customer systems as well. So in other words: If you own one of the systems, you got the key to access all of them.
Filtering SSH access to the device at your border is a good first step to protect yourself if you can't patch right away.
Posted by InfoSec News on Jul 02http://www.computerworld.com/s/article/9249509/Microsoft_admits_technical_error_in_IP_takeover_but_No_IP_still_down
Posted by InfoSec News on Jul 02http://www.forbes.com/sites/katevinton/2014/07/01/how-companies-can-rebuild-trust-after-a-security-breach/
Posted by InfoSec News on Jul 02http://www.nationalreview.com/article/381640/another-security-breach-obamacare-jillian-kay-melchior
Posted by InfoSec News on Jul 02http://complex.foreignpolicy.com/posts/2014/07/01/us_manufacturer_wants_commerce_dept_to_penalize_china_for_cyberattack_0
Posted by InfoSec News on Jul 02http://www.infosecnews.org/dod-8570-1-infosec-training-and-compliance-vendors-vulnerable-to-xss/