Hackin9

InfoSec News

WiMax broadband provider Clearwire said an email problem caused it to send out numerous messages about subscribers' account status in error on Friday.
 
Thousands of workers went on strike at a Foxconn factory in China on Friday, bringing some iPhone 5 production lines to a halt, a labor rights group said.
 
Even though an upbeat U.S. government jobs report caused shares of some companies to jump Friday, tech vendor stocks faltered on the back of mixed quarterly reports.
 
Oracle CEO Larry Ellison revealed this week at the OpenWorld conference that the next version of the company's flagship database, Oracle 12c, would feature a radical new architecture called pluggable databases.
 
Thousands of workers went on strike at a Foxconn factory in China on Friday, bringing some iPhone 5 production lines to a halt, a labor rights group said.
 
NASA's Mars Curiosity rover is set to begin a very busy weekend.
 
An international gang of cyber crooks is plotting a major campaign to steal money from the online accounts of thousands of consumers at 30 or more major U.S. banks, security firm RSA warned.
 
Ruby 'error.c' Multiple Security Bypass Vulnerabilities
 
Introduction
First I would like to say, without our readers and subscribers we would not exist and that we genuinely do read every post. A reader posted a request to break down standards bodies and I decided to take that endeavor on. This now has turned into a larger project than just one diary entry. You will see more on this topic but hopefully today is a good start. This first pass at understanding the different bodies does not include a complete list.
Many of likely heard the quote The problem with Standards is there are so many to choose from. I really dont know who first uttered that phraseUPDATE:Andrew S. Tanenbaum [3]but it holds true from my point of view. This article will take a 10,000 meter or 30,000 foot view (Depends on if you are metric [1] or imperial Units [2] ) of what I am calling standards body soup. Within this bowl of standards groups there are several types and methods in which they govern. I can make the assumption that most of the readers are familiar with a Request for Comments (RFC) and the group that governs this standards suite is the Internet Engineering Task Force (IETF). So, we will start there and will break down the IEFT into areas for understanding. This will provide a framework for a further list of Standards Bodies.
Breakdown and Terminology
In order to build a table for understanding different standards bodies we will use the following subject areas for columns
Abbreviated Name:The short name or acronym used to reference the organization.

Full Name:The complete name. Sometimes we only know the Acronym.

Web Site:How to find them on the web.

Members and Contributors:Who can and or are members of the standards group.

Role:How do they influence or contribute to industry.

Notable Standards:Standards that might matter to us.
Standards Body Profile
Abbreviated Name: IETF
Full Name: Internet Engineering Task Force
Web Site: www.ietf.org
Members and Contributors: To Numerous to list. Membership is open to anyone and IETF is comprised of many working groups. A breakdown of working groups can be found at http://www.ietf.org/wg/ but in summary they are open to anyone and usually conduct business over open mailing lists. If there is an RFC that you would like to impact, join the mailing list and begin your journey.
The IETF Is governed by a group called the Internet Society (ISOC) and the board of trusties can be found at http://www.internetsociety.org/who-we-are/board-trustees. With most standards bodies, in our experience, the members are made up from various places. Members will often have a second industry position and their parent company allows them to contribute.
Role: Internet Standards Governance

Notable Security Based Standards:Again there are far too many notable standards to list from IETF but I will list a couple of my favorites.
RFC 2350 Expectations for Computer Security Incident Response
http://www.rfc-editor.org/rfc/rfc2350.txt
On occasion we are asked things like My Company/Group/Team/Org is looking to stand up an Incident Response Team, where do I start? and in the spirit of the world we live in today I am re-coining a popular phrase to Theres a Standard for that!

RFC 4949 Internet Security Glossary, Version 2
http://www.rfc-editor.org/rfc/rfc4949.txt
In case you were wondering, yes there are standards for the standards. This is an informational RFC, which means it is not really a standard but a good reference.

RFC 6618 (Experimental) Mobile IPv6 Security Framework Using Transport Layer Security for Communication between the Mobile Node and Home Agent
http://datatracker.ietf.org/doc/rfc6618/
The title alone is scary but signs of a mobile world to come. This one is on my watch list.
Table
Please See Spreadsheet for editable details:https://isc.sans.edu/images/Standards_Framework_Draft.xlsx
(click on image for larger view)


References
[1]http://en.wikipedia.org/wiki/Metric_system
[2]http://en.wikipedia.org/wiki/Imperial_units
[3]http://en.wikiquote.org/wiki/Andrew_S._Tanenbaum
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
We have received a report of a large distributed SQL Injection Scan from a reader. Behavior of scan is being reported as 9000+ Unique IPv4 Addresses and sends 4-10 requests to lightly fuzz the form field. Then the next IP will lightly fuzz the second form field within the same page and the next IP the next form field.Looks to be targeting MSSQL and seeking version.
The reader reports that this scan has been going on for several days.
Sample Payload:


%27%29%29%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version--

%27%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version--

%27%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version%29%29-

%29%29%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version--

%29%2F%2A%2A%2For%2F%2A%2A%2F1%3D%40%40version--



Windows NT 6.0)

There does not seem to be a referrer page either.



If you are seeing this activity and can report it please let us know.



Richard Porter
--- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The National Institute of Standards and Technology (NIST) has published for public comment a revised draft of its guidance for managing computer patches to improve overall system security for large organizations. The previous version, ...
 
ImageMagick 'Magick_png_malloc()' Function Denial of Service Vulnerability
 
A handful of Swedish websites remained down Friday evening there after hacking group Anonymous threatened earlier this week to attack the nation for a police raid on a hosting service that was once home to The Pirate Bay.
 
Lenovo's highly anticipated ThinkPad Tablet 2 with Windows 8 will be priced from $629, the company said.
 
Overview
We previously featured our collection of Fake Tech Support Calls project. This scam is continuing and we are hearing more and more about these calls from both knowledgeable and unsuspecting users with varying levels of success or failure depending on your viewpoint.
This week we feature the initial statistical reporting on the data we collected so far at https://isc.sans.edu/reportfakecallstats.html!
Features
Overview - https://isc.sans.edu/reportfakecallstats.html#overview

Summary of project with privacy notice, link to submission form and soon-to-come API
Summary Table - https://isc.sans.edu/reportfakecallstats.html#summary

Total number of submissions collected
Total number of days collected on
Average number of submissions per day

Summary of Fields - https://isc.sans.edu/reportfakecallstats.html#fields

Certain fields are multiple choice so we could pull some quick stats on them

More reporting and an API coming soon so stay tuned!
Related diaries:

https://isc.sans.edu/diary/Fake+tech+reps+calling/12874 by Daniel Wesemann

https://isc.sans.edu/diary/Fake+Support+Calls+Reported/14215 by Kevin Shortt
Related podcasts:

https://isc.sans.edu/podcastdetail.html?id=2848 - by Johannes Ullrich

https://isc.sans.edu/podcastdetail.html?id=2539 by Johannes Ullrich

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form

--

Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center https://isc.sans.edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Romanian national Manole Razvan Cernaianu, known online as TinKode, received a two-year suspended prison sentence for hacking into computer systems owned by Oracle, NASA, the U.S. Army and the U.S. Department of Defense and was ordered to pay damages totalling more than $120,000.
 
Microsoft will fix 20 security vulnerabilities across its Windows, Office, SQL Server and Linq products on its October Patch Tuesday. To this end, it has released seven security bulletins, one of which is rated critical


 
Google-owned Motorola Mobility's acquisition of Viewdle this week, a jump in the number of visitors to the insideAR conference and Nokia's recent launch of the City Lens application all illustrate growing interest in augmented reality.
 
Apple CEO Tim Cook remembered Steve Jobs in a short letter posted on the front page of the company's website Friday, saying the company will continue to create products that people love, much like the maverick technology icon who was considered a creative genius.
 
A recent independent study of LTE coverage within four U.S. cities showed Sprint's networks lagging far behind those of both Verizon Wireless and AT&T.
 
It's been a busy, bumpy year for Apple since Steve Jobs died last Oct 5. The company won a massive jury award against Samsung for patent infringement and in April it became arguably the most valuable company in history when its market capitalization passed $600 billion.
 
A new man-in-the-browser attack allows login credentials, bank details, credit card numbers and other personal data to be misappropriated for criminal ends. Stolen data is saved to the fraudster's database as it is entered


 
IBM DB2 Multiple File Disclosure Security Bypass and Stack Buffer Overflow Vulnerabilities
 
Microsoft has purchased the multifactor factor authentication platform vendor for an undisclosed amount.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Board members at Sprint Nextel are expected to discuss whether to pursue a merger with rival mobile carrier MetroPCS during a meeting Friday.
 
A U.S. federal judge has asked for more information to plan an evidentiary hearing concerning the fate of terabytes of data held in limbo since the shutdown of the Megaupload file-sharing site.
 
A year after Apple co-founder Steve Jobs' death, the company has changed, analysts said. But it's not really that different than when he ran things.
 
In the race to create slicker products, mobile phones are the new brains for hire.
 
Samsung Electronics said Friday that stronger-than-expected sales of its Galaxy smartphones sent operating profits up 90 percent in the latest quarter, but analysts warned its results could take a hit in the coming months as it books legal damages owed to Apple.
 
With PhoneFactor's multi-factor authentication service, Microsoft plans to improve the security of log-in procedures. Mobile end devices are the key to multi-factor logins


 
Hackers have intruded into the servers of numerous universities in an attempt to highlight shortcomings in the educational systems in the US and Europe. Several German universities have confirmed the attacks


 
Oracle Enterprise Manager for Oracle Database CVE-2012-1737 Multiple SQL Injection Vulnerabilities
 
25 EU member states ran an emergency drill: on Thursday, decision makers from government institutions and, for the first time, from private businesses attempted to tackle a large-scale DDoS attack


 
IBM Lotus Notes Traveler Open-Redirection and Cross Site Scripting Vulnerabilities
 

Posted by InfoSec News on Oct 05

http://www.healthcareitnews.com/news/ahima-keep-personal-healthcare-data-safe-experts-warn

By Neil Versel
Heathcare IT News
October 04, 2012

CHICAGO -- Why should hospitals centralize their policies and procedures
for disclosing protected health information?

At the American Health Information Management Association (AHIMA)
convention Wednesday, Don E. Hardwick, client relations and compliance,
MRO Corp., a document and disclosure management...
 

Posted by InfoSec News on Oct 05

http://www.networkworld.com/news/2012/100412-russians-263055.html

By Ellen Messmer
Network World
October 04, 2012

The U.S. government yesterday busted what's alleged to be a
Russian-agent ring disguised as a Texas-based company illegally
transferring high-tech electronics to the Russian military.

"As alleged in the indictment, the defendants spun an elaborate web of
lies to evade the laws that protect our national security. The...
 

Posted by InfoSec News on Oct 05

http://www.darkreading.com/advanced-threats/167901091/security/perimeter-security/240008534/serious-attackers-paired-with-online-mob-in-bank-attacks.html

By Robert Lemos
Contributing Writer
Dark Reading
Oct 04, 2012

At first blush, the recent attacks against major U.S. financial
institutions appear to be a text-book case of hacktivism: Under the name
"Operation Ababil," a group of alleged Iranian protestors called for
supporters to...
 

Posted by InfoSec News on Oct 05

http://www.nextgov.com/cybersecurity/2012/10/cyber-crooks-should-make-you-very-nervous/58584/

By Aliya Sternstein
Nextgov
Oct. 4, 2012

Federal undercover agents are resorting to show and tell to combat a
growing menace - criminal hackers. The Justice Department has been
making headlines by publicizing prosecutions, disclosing investigative
techniques and revealing findings before clinching guilty verdicts.
Sure, calling attention to charges...
 

Posted by InfoSec News on Oct 05

http://www.dailymail.co.uk/news/article-2212532/Google-warns-state-sponsored-hacking-attacks.html

By Hugo Gye
Mail Online
3 October 2012

Google has launched a new effort to warn its users that they could be
the victims of cyberattacks from hostile governments.

Account-holders working in international relations, development and
other sensitive areas have received messages from the search giant
informing them of recent efforts to spy on their...
 
QNX Qconn Remote Arbitrary Command Execution Vulnerability
 
Richard Porter --- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status