Oracle Java SE CVE-2012-1533 Remote Code Execution Vulnerability
Cisco Wireless LAN Controller CVE-2013-3474 Multiple Denial of Service Vulnerabilities
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A recent uptick in Port 14566 shows some activity over the past month, as shown in our DShield Report(1), however we have little information about what exactly is happening.  Some activity, then a lag near the end of August, followed by a large spike at the end, and the top port the past 24 hours, is curious.  A search of that port using Google and other security and traffic sites has yielded little, so if anybody has log files or activity of this port, we'd love to have a look.


tony d0t carothers --gmail

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The National Initiative for Cybersecurity Education (NICE) is hosting its fourth annual amp"Shaping the Future of Cybersecurity Education Workshopamp" September 17-19, 2013, at the National Institute of Standards and Technology (NIST) ...

A security startup has unveiled a wearable device that's designed to replace the hassle of passwords by using a person's unique heartbeat signature to log on to computers and unlock car doors. While the device is intriguing, the dearth of key technical details makes it impossible to assess the marketers' promise that it provides "complete security without compromising convenience."

The Nymi is a small bracelet equipped with a sensor that reads the electrocardiogram (ECG) of the person wearing it. Once it has verified that the heart signature belongs to the person who registered it, it provides a means of authentication that can in theory be used to access a virtually endless supply of electronic devices, including airport kiosks, hotel room doors, and sensitive computer networks. It relies on three factors of authentication—that is, two things the user has in the form of the bracelet and a paired mobile device, and one thing the user has in the form of a verified ECG. A slick promotional video shows someone gliding from bed to airports to hotels to cafes, effortlessly logging into devices and unlocking doors without once having to enter a password or procure a key. Sure sounds tempting.

Nymi by Bionym.

Alas, there's not enough information available about the Nymi's inner workings to know if it is truly groundbreaking or another dose of the kind of snake oil that's all too common in the security circuit. Karl Martin, CEO of the Nymi creator Bionym, said the device hasn't yet undergone a formal security audit. That means even he can't say just how impervious it is to the kinds of sophisticated attacks that would inevitably target a universal sign-on gizmo, although he gave some high-level details that are encouraging. That said, there are several classes of hacks that might be used to compromise the security assurances of the device.

Read 10 remaining paragraphs | Comments


IBM solidDB Stored Procedure Call Denial of Service Vulnerability
IBM Java CVE-2013-4002 Denial of Service Vulnerability
Cisco IOS CVE-2013-5469 Remote Denial of Service Vulnerability
As part of its ongoing cloud computing forum and workshop series, the National Institute of Standards and Technology (NIST) is hosting amp"The Intersection of Cloud and Mobility,amp" October 1-3, 2013, at its Gaithersburg, Md., campus. ...
Microsoft wants to build a better mobile phone through its acquisition of Nokia's mobile phone business. One way it hopes to do that? By improving its maps applications to better compete against Google's.
NAND flash prices slipped 5% to 10% in the second half of August, and prices are expected to continue to slide in the fourth quarter of 2013.
As rumors swirl that Twitter is gearing up for an initial public offering (IPO), industry analysts say the timing is right for such a move.
The next version of Android will be called KitKat after the Nestle chocolate bar, and not Key Lime Pie, as was predicted for months, Google said Tuesday.
Verizon Wireless has no plans to expand into the Canadian mobile market, the head of its parent company said on Tuesday in the wake of a deal to bring all of the wireless subsidiary under Verizon Communications.
Advanced Micro Devices will start shipping its first ARM server chips to manufacturers for testing in the first quarter of 2014, a company executive said on Tuesday.
Several standards exist for storing large amounts of data in a user's Web browser. Each has its benefits, tradeoffs, W3C standardization status and level of browser support. All are better than cookies.
Apple will likely announce a new iPhone, and perhaps other new products, on Sept. 10, as fans of the company hunger for dazzling displays of innovation.
U.K.-based CSR and Inkjet Technology have collaborated to create a printable keyboard that is highly adaptable and just .49mm thick.

I recently migrated a client from a 10mbps internet uplink to a new 100mbps uplink with a wireless 10mbps backup.  As part of this, they of course got new IP addresses.

Like the thorough, some would say compulsive person I am, before we migrated I did all the right things:

  • Tested both uplinks to make sure they were working
  • Be sure that I had access to ISP support for both uplinks
  • shortened the DNS TTL to ensure that when we migrated our DNS changes would propogate quickly
  • Checked the IP addresses for SMTP Blacklisting (more on this later).

As expected, the migration went smoothly.  Until the next morning.   My client called me bright and early, with the news  "Our users can't send email to company XYZ".  After some wrangling and some time, I got the NDR (Non Delivery Report).  By then, we had identifed 3 other organizations that would not receive our emails.

The key line in the NDR was:
#< #5.7.1 smtp; 550 5.7.1 Service unavailable; Client host [x.x.x.x] blocked using Blocklist 1; To request removal from this list please forward this message to [email protected]> #SMTP#

How could this be?  These IP addresses hadn't been used in at least 6 months!

After a bit of digging (Google really does know all), we found that this is the blacklist service employed by Microsoft Office 365.  This service is unique amongst email blacklist services in that there is no way to check your status online, so me checking in advance with MXTOOLS, Solarwinds EE or any of the other usual tools had not done me a bit of good.

Anyway, we emailed the indicated address with our problem, and asked to be removed from the list.
It soon became apparant that this blacklist service was unique in another important way.  The users of the system of course thought that this email problem was our problem.   From our perspective, the solution to the problem had to be implemented by their mail provider.  The roadblock we had was that, as far as they blacklist was concerned, *they* were the Microosft customer, not us.  So as far as the blacklist admins were concerned, we were nobody.

So, like every other blacklist service under the sun, 6 hours went by, then 12, then 18, and still no word.  We ended up having to open a paid support ticket to get ourselves off a list we never should have been on in the first place.

What did I learn?  That cloud services aren't all sunshine and lolipops?  Umm, no, I already knew that.  That Murphy (as in Murphy's Law) is great at exploiting new features and services?  I thought I knew that too, I just though I had it covered (that'll teach me !! )

The important lesson I learned (aside from the "Murphy lesson") was to add one more check in any migrations that affect email - send a test note to anyone of Office 365.

Have you had similar experiences with email migrations?  Or other gotcha's you though you had 100% covered, but not so much?  Use our comment form to let us know what problems you ran into, and how you resolved them.

Rob VandenBrink

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
ESA-2013-057: RSA Archer(r) GRC Multiple Vulnerabilities
PayPal's "invalid" aksession Padding Oracle Flaw
LinuxSecurity.com: Colin Cuthbertson and Walter Doekes discovered two vulnerabilities in the SIP processing code of Asterisk - an open source PBX and telephony toolkit -, which could result in denial of service. [More...]
LinuxSecurity.com: A buffer overflow in Xlockmore might allow remote attackers to cause a Denial of Service.
LinuxSecurity.com: Multiple vulnerabilities have been found in strongSwan, possibly allowing remote attackers to authenticate as other users or cause a Denial of Service condition.
LinuxSecurity.com: Updated libdigidoc packages fix security vulnerability: Fixed one critical bug in the DDOC parsing routines. By persuading a victim to open a specially-crafted DDOC file, a remote attacker could exploit this vulnerability to overwrite arbitrary files on the system [More...]
LinuxSecurity.com: Updated libtiff packages fix security vulnerability: Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service [More...]
The speed at which Microsoft-Nokia can develop new smartphones, improve the underlying OS and get developers to create more apps will be key to the future success of Windows Phone, which is still a distant third in the mobile ecosystem race.
Microsoft's $7.2 billion deal to buy Nokia makes Nokia CEO Stephen Elop the frontrunner to lead Microsoft after Steve Ballmer departs, analysts said
There's no question that data analytics are playing an increasingly important role for marketing departments, but many marketers aren't getting what they need from the CIO. If IT can't deliver, CIOs should expect CMOs to go around them.
Large JavaScript Web apps can be hard to develop and slow to run. Google's Dart language may offer a solution to address both of those issues.
Palo Alto Networks GlobalProtect X.509 Certificate Validation Security Bypass Vulnerability
Belkin F5D7234-4 G Wireless Router Authentication Bypass and Remote Code Execution Vulnerabilities
Microsoft's plan to buy Nokia's phone business and have a larger presence in hardware devices has so far brought little response from PC and smartphone vendors in Asia. But the deal could end up bringing dividends to Microsoft's long-time partners in the region by revitalizing the Windows ecosystem, according to analysts.
Lenovo has introduced the ThinkPad T440, a laptop that comes with two batteries to provide up to 17 hours running time.
Mobile browsing continued to post gains last month at the expense of personal computers, a trend that has put Google into the second spot behind Microsoft as the browser maker with the longest reach, a Web metrics company said.
IT job seekers embrace social, video, graphic elements to enhance their resumes and launch themselves to the head of the line for first-round interviews.
For enterprises trying to get a handle on password management, the good news is that there are products that can help implement stronger password policies for end users logging into corporate and personal Web-based services, as well as for employees who share a local server login.

SANS offers critical core InfoSec skills in Dubai this October
AME Info (press release)
SANS Gulf Region 2013, one of the region's largest InfoSec training events will offering a quartet of courses aimed at providing InfoSec professionals with the core set of skills to meet growing demand from across the region. The annual event returns ...


Posted by InfoSec News on Sep 03


The New York Times
August 31, 2013

WASHINGTON -- Newly disclosed budget documents for America's intelligence
agencies show how aggressively the United States is now conducting
offensive cyberoperations against other states, even while the Obama
administration protests attacks on American computer networks by China,
Iran and...

Posted by InfoSec News on Sep 03


Star Tribune
August 30, 2013

State computers that direct billions of dollars in state and federal funds
to schools and contain private information on students need better
security measures to protect that data and the network’s integrity,
Minnesota’s legislative auditor has found.

The report released this week found no breaches or stolen data from the

Posted by InfoSec News on Sep 03


By John Liu
The China Post
August 31, 2013

TAIPEI, Taiwan -- Investigators stormed into HTC yesterday to investigate
some of the company's design staff, who are suspected of stealing trade
secrets and defrauding HTC of nearly NT$10 million.

HTC accused three of its senior design professionals of fraud. The
suspects were alleged to have set up...

Posted by InfoSec News on Sep 03

Forwarded from: nullcon (at) nullcon.net

Hello All,

V are V

On our fifth Anniversary we are super excited to officially open the CFP
(Call for PARTYcipation!). Yes, this is going to be the biggest nullcon
till now with lot of sub-events, CTFs, villages, workshops, talks,

Time to tickle your grey cells and submit your research.

Training 12-13th Feb 2013
Conference: 14-15th Feb 2013



Submit under any of the...

Posted by InfoSec News on Sep 03



The high-profile cyber attacks emanating from Syria may end up giving
Israel's economy a long-term boost by raising demand from its burgeoning
cyber security sector.

Before the West could fire a single shot towards Damascus over the use of
chemical weapons, the conflict claimed a fresh round of...

Posted by InfoSec News on Sep 03


By Justine Sharrock
BuzzFeed Staff
August 30, 2013

The United States Army's Deputy of Cybersecurity Roy Lundgren has
confirmed with BuzzFeed the existence of a major computer security flaw
that enables unauthorized access to users without proper security
clearance. They say the best fix is to make soldiers aware of proper
conduct, instead of...

Posted by InfoSec News on Sep 03

Just a quick note.

InfoSec News is just one of many lists that a number of security educators
are recommending to their students to learn about current events in the
computer security realm. However, seems a small number of students have no
idea how to leave the list after the semester is over, likewise I am
fielding a few mails a week asking... unsubscribe

To leave the InfoSec News mailing list. Please send a mail to:
isn-request (at)...
[ MDVSA-2013:225 ] libdigidoc
[ MDVSA-2013:224 ] libtiff
[SECURITY] [DSA 2749-1] asterisk security update
Mikrotik RouterOS 5.* and 6.* sshd remote preauth heap corruption
Microsoft is to acquire Nokia's Devices & Services business, which includes the smartphone and mobile phones businesses, and license the Finnish company's patents for a total of $7 billion in cash, the companies said.
Here are the significant issues that can distinguish one password manager product from another. You'll probably make a similar list of requirements as you do your own research for password managers.
[SECURITY] [DSA 2740-2] python-django regression update
IndiaNIC Testimonail WP plugin - Multiple vulnerabilities
Internet Storm Center Infocon Status