Hackin9
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The Pirate Bay claims that North Korea has offered to provide network connectivity for its controversial search engine, which has faced a years-long battle to stay online.
 

Richard Porter --- ISC Handler on Duty
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Leanne Graham left her role as country manager for Xero in December last year to invest in small businesses in the SaaS space, through her company, Cloud Rainmakers. She spoke with Stephen Bell during a visit to Wellington to scope out new investment opportunities.
 
Oracle released emergency patches for Java on Monday to address two critical vulnerabilities, one of which is actively being exploited by hackers in targeted attacks.
 
Warner Thomas, CEO of Louisiana's largest healthcare system, pointed to airlines, banks and online retailers as examples of how the healthcare industry should implement technology, cut costs and improve the customer experience.
 
Microsoft has released a collection of tools that will help Visual Studio 2012 users more easily write add-on applications for Microsoft Office 2013, SharePoint 2013 and Microsoft's Office 365 hosted service.
 
Worldwide PC shipments dropped in 2012 on an annual basis for the first time in more than a decade and that is expected to continue this year, research firm IDC said on Monday.
 
After spending the past six months talking about prioritizing its business around mobile platforms, Facebook says it's time to get down to business.
 
Ed Skoudis and Johannes Ullrich of SANS discussed offensive forensics at RSA Conference 2013, as well as the potential effects of a kinetic attack.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
The fact that LTE connectivity is becoming ubiquitous in smartphones and tablets isn't lost on Intel, which aims for its baseband processors to be used in more mobile devices and base stations.
 
IDC is predicting a growth rate of 6% in IT spending in the U.S. this year, an amount that's virtually unchanged from last year.
 
Google today patched 10 vulnerabilities in Chrome, just two days before the start of Pwn2Own, a hacking contest that has $100,000 in prize money waiting for the first researcher to crack the browser
 

Richard Porter --- ISC Handler on Duty
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Richard Porter --- ISC Handler on Duty
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A survey of IT executives in U.S. hospitals revealed that many are concerned they will not be able to find the IT employees they need to implement technology required under the Affordable Care Act.
 
Amazon Web Services is offering users a monthlong free trial of a set of system analysis tools that the company is developing. The free offer is one of a number of price cuts and expanded services the company introduced in the past few weeks.
 
Remote system freeze thanks to Kaspersky Internet Security 2013
 
At RSA 2013, experts explain how the SANS CyberCity supports offensive forensics and helps prevent kinetic attacks.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
China is not the only country carrying out large-scale cyber espionage, says US cyber security firm Mandiant.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Astronauts on the International Space Station began unloading cargo from the SpaceX Dragon capsule on Monday, a day after the commercially delivered capsule was attached to the station.
 
A Texas IT services firm has been indicted by federal authorities for using H-1B visa workers to create an inexpensive 'as needed' labor force.
 
Thanks to the higher speeds possible using a technology called vectoring, copper networks are still a viable option to cable and fiber, Deutsche Telekom says.
 
U.S. President Barack Obama's administration has sided with more than 100,000 petition signers who asked the government to legalize the unlocking of smartphones.
 
Romanian security company BitDefender has traced the cyber-espionage malware "MiniDuke" back to June 2011, more than a year and a half before the campaign was uncovered
 
SharePoint 2013 arrives with a new user interface and new collaboration, search, storage and task management features. But gaps remain in areas like social and mobile, and upgrading and governing SharePoint is still rife with challenges.
 
Computerworld's Premier 100 conference opened Monday with a keynote topic that was close to the hearts of many of the 500 IT professionals in attendance: an acronym called VUCA.
 
[SE-2012-01] One more attack affecting Oracle's Java SE 7u15
 
Remote command execution for Ruby Gem ftpd-0.2.1
 
Bill Murphy, CTO and managing director at Blackstone, a global investment and advisory firm, knew he wanted to find a way to allow employees to use their own devices for work. The demand was there, and he was increasingly hearing about how adding in BYOD would help productivity.
 
Hewlett-Packard's effort to build ARM servers will get a boost from Texas Instruments, which will provide chips based on the latest ARM processor design.
 
[SECURITY] [DSA 2636-2] xen regression update
 
[SECURITY] [DSA 2636-1] xen security update
 
[slackware-security] httpd (SSA:2013-062-01)
 

I would like to start our focus month with a simple post about what many consider the IPv6 killer feature: Addresses. There are a number of issues that come up with addresses, and you need to understand them when you deploy IPv6.

First of all, the IPv6 address is 128 Bits long. But unlike for IPv4, subnetting is a bit more restricted. The first 64 bits specify the network, while the second half of the address identify the host. Other then in a few, very specific cases (e.g. P2P links), you will never see a subnet smaller then a /64.

Here, I would like to focus on different ways to come up with the last 64 bits. There is a reason we have so many bits. The goal is to allow each host to configure itself without running into any conflicts. The simplest way to do this on ethernet is to derive the interface id from the MAC address. The mac address is only 48 bits, and it has to be unique for each host on the local network. As a result, we can just use these 48 bits as our interface ID. This works really nice, but has privacy implications: You will now pass your MAC address to each host you communicate with, and this part of the IP address will never change even if you move to a different network.

To respond to this we do have privacy enhanced temporary addresses. In this case, an address is picked randomly, and once a day the host will pick a new random interface ID. Chances of an overlap are pretty small and the host will check if the new address is already in use.

These methods dont require any infrastructure. A router will advertise the network part of the address, and the hosts will just pick the interface part using their prefered mechanism. But for us security people, the scary part is that there is no logging happening. We cant show who owned what address when. In particular the idea of temporary addresses is quite scarry for an enterprise network.

The solution, just like in IPv4, is DHCP. DHCPv6 can be used just like in IPv4 to assign addresses. However, if you try to achieve some kind of accountability, you have to make sure that these are the only addresses used. For example, you could use a firewall to restrict network access to allow only access from addresses within the valid DHCP range.

Of course, users could always manually configure an address within the range that is valid on your network, just like they could in IPv4. In IPv6, this is a bit easier as you have more addresses to pick from. You probably would like to have some form of passive system to monitor for new IPv6 addresses. However, in IPv6, you can not use ARP traffic. IPv6 replaces ARP with Neighbor Discovery (ND) and you need to find a tool that supports ND.

Here are a couple of guidelines:

- For an unmanaged network (home network, guest wifi), autoconfigured privacy enhanced addresses are probably what you want.

- For a managed network (business, enterprise...), you should still use DHCP or static configured addresses just like in IPv4.

- the basic attacks are still the same in IPv6, nothing really changed. IPv6 has an option called SEND to make ND and router advertisement more secure, but the protocol isnt implemented in any of the major OSs yet.

Vulnerabilities and Attacks:

The ND protocol is subject to many of the same attacks as ARP:

- ND spoofing to play MitM attacks

- Denial of service attacks by responding to all ND requests

- address spoofing

The THC IPv6 Tool Suite has implementations for many of these attacks. We will talk about this suite in a future Focus Month diary, as well as about scapy, probably the most powerful tool to create IPv6 traffic.



------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Hewlett-Packard's effort to build ARM servers will get a boost from Texas Instruments, which will provide chips based on the latest ARM processor design.
 
The U.S. Federal Communications Commission has begun a test run of a Google database of unused spectrum in the television bands that's available for wireless broadband.
 
Apple has moved to block all but the most recent version of the Adobe Flash Player plugin for Mac OS X from being loaded by Safari and other applications


 
Microsoft's Surface Pro tablet will go on sale in Europe in the second quarter priced somewhere around $1,170, while a local telco is now reselling the latest editions of its Office 365 hosted productivity suite, the company announced ahead of the Cebit trade show on Monday.
 
After a number of voices from the US have accused China of cyber espionage, the Chinese Ministry of Defence is countering with its own numbers. A security organisation also has something to say, but has yet to prove its claims


 
Tillmann Werner of CrowdStrike wowed onlookers with a live 'sinkholing' demonstration, taking down the Kelihos P2P botnet.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
In the wake of the New York Times attack, a look at antivirus evasion techniques show how easy it is to avoid antivirus detection and why new defenses are needed.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

How to be a confident infosec pro
CSO (blog)
His approach is particularly creative and I love watching them after the show. With his permission and that of Tripwire, I always run them here because, after all, sharing is caring. In this installment, David Spark asks infosec practitioners what they ...

and more »
 
Web designers, social media experts and marketers discuss the impact of social media on Web design and offer tips on how you can integrate the two to reach more customers and prospects.
 
The attacks discovered last week that exploited a previously unknown Java vulnerability were likely launched by the same attackers that previously targeted security firm Bit9 and its customers, according to researchers from antivirus vendor Symantec.
 
Devise CVE-2013-0233 Security Bypass Vulnerability
 
Ekiga UTF-8 Parsing Denial of Service Vulnerability
 

Making infosec sexy
CSO (blog)
His approach is particularly creative and I love watching them after the show. With his permission and that of Tripwire, I always run them here because, after all, sharing is caring. In this episode, Spark asks infosec practitioners what, if anything ...

and more »
 
GIT 'git-imap-send' Command SSL Certificate Validation Spoofing Vulnerability
 
MantisBT 'summary_api.php' Multiple HTML Injection Vulnerabilities
 
isync CVE-2013-0289 SSL Certificate Verification Information Disclosure Vulnerability
 
Japanese camera manufacturer Canon has developed a large sensor chip for shooting video in extremely dim conditions.
 
Yahoo is beefing up technology offerings and streamlining its media products in another sign it wants to improve its game against industry titans like Google, Apple and Facebook.
 
The Microsoft Surface running Windows RT is just about everything you'd want in a tablet, but how does it stack up against the market leader, the Apple iPad?
 
Research in Motion (RIM) is now BlackBerry, and the renamed company recently launched the BlackBerry 10 OS. While much attention was focused on phones running the new OS, we decided to take a closer look at the company's new management platform called BlackBerry Enterprise Service 10 (BES 10), which unites mobile device management (MDM), security, unified communications, and application management.
 
Over the weekend, Apple improved supplies of its new iMacs in the U.S. and several other markets.
 
Microsoft has started to warn customers who signed up for Office 365 subscription previews that their free ride is about to end.
 
Leading tech companies like Microsoft, Google and Apple are making huge inroads in the use of renewable energy for corporate facilities and data centers, but cost and delivery challenges remain.
 
Evernote has forced its fifty million note-keeping users to reset their passwords after suspicious activity triggered an alert, but the email the company sent out to users was not a good example of how to send out a password reset email


 
PHP-Fusion Multiple Input Validation Vulnerabilities
 

Posted by InfoSec News on Mar 03

http://healthitsecurity.com/2013/02/27/cio-weighs-the-dilemma-of-medical-device-security-updates/

By Patrick Ouellette
Health IT Security
February 27, 2013

As John D. Halamka, MD, is CIO of Beth Israel Deaconess Medical Center (BIDMC),
notes in a recent blog post, dealing with medical device security can certainly
be a hassle for CIOs on a number of levels.

One of the major barriers in securing these devices is the fact that many
healthcare...
 

Posted by InfoSec News on Mar 03

http://arstechnica.com/security/2013/03/evernote-resets-all-user-passwords-after-coordinated-breach-attempt/

By Nathan Mattise
Ars Technica
Mar 2 2013

Evernote is requiring each of its 50 million users to reset their login
credentials after the site's security team detected a security breach
that exposed password data and other personal information.

In a security notice published Saturday, Evernote said the precautionary
password reset...
 

Posted by InfoSec News on Mar 03

http://english.peopledaily.com.cn/90786/8151567.html

By Pang Qingjie and Lv Desheng
China Military Online
March 04, 2013

Geng Yansheng, director of the Information Affairs Bureau of the Ministry of
National Defense (MND) of the People's Republic of China (PRC) and spokesman of
the MND, said at the regular press conference of the MND held on February 28,
2013 in Beijing that the Chinese People's Liberation Army (PLA) has never...
 

Posted by InfoSec News on Mar 03

http://www.theregister.co.uk/2013/03/01/post_cryptography_security_shamir/

By John Leyden
The Register
1st March 2013

Cryptography is 'becoming less important' because of state-sponsored malware,
according to one of the founding fathers of public-key encryption.

Turing award-winning cryptographer Adi Shamir (the S in RSA) said the whole
basis of modern cryptography is under severe strain from attacks on security
infrastructure...
 

Posted by InfoSec News on Mar 03

http://www.wired.com/threatlevel/2013/03/flame-windows-update-copycat/

By Kim Zetter
Threat Level
Wired.com
03.01.13

When the sophisticated state-sponsored espionage tool known as Flame was
exposed last year, there was probably no one more concerned about the discovery
than Microsoft, after realizing that the tool was signed with an unauthorized
Microsoft certificate to verify its trustworthiness to victim machines. The
attackers also...
 
Internet Storm Center Infocon Status