Hackin9

InfoSec News

I've been involved in a few penetration tests recently and one thing that seems to be happening is that privileged access is harder to come by. It used to be start at 9 have admin by 9.30 (on a slow day). Today it certainly tends to be a lot more work.
I put it down to improvements in security over the last few years in many organisations as well as improvements in operating systems. Love it or hate it Windows 7 does a pretty good job of securing the machine. Combined with some practices like no local user admins, automatic patching and a decent HIPS it can be quite a challenge to compromise a fully patched and well managed Windows box. OSX similarly has made some steps towards improving the security of the OS (If only they turned the firewall on by default :-( ). So if the operating system is pretty good and likely to get better, the attack vectors have to shift. Which is where client side attacks enter the picture. Get the user to attack their system for you.
We have had some good examples of this in the past year where sites were reportedly compromised because someone clicked something they should not have, likely delivered via email. Just like the wooden horse the gift was accepted (phising email) and the trojan has the nasty surprise.
So on this, for many of you long weekend, I'd like you to have a little think and maybe complete the poll on the page or enter comments here. Phising/social engineering emails and client side attacks, something we are going to see a lot more of in the future or a passing fad?
Have a nice Easter for those that celebrate it. Have a great weekend for those that do not.
Cheers
Mark (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
PHP CVE-2012-0831 'magic_quotes_gpc' Directive Security Bypass Weakness
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
taglib Buffer Overflow and Divide-By-Zero Denial of Service Vulnerabilities
 
python-paste-script Root GID Files Arbitrary File Access Vulnerability
 
Overall U.S. tech spending is forecast to grow by 7.1% this year and then by 7.4% in 2012, according to Forrester Research.
 
As a writer, I frequently find my brain occupied by ideas for my current writing project--or the project I'd rather be working on right now, or the one that's only just starting to germinate in my brain. On my Mac, all my musings and ideas go into the excellent Scrivener. While there's currently no Scrivener for iOS, the app does allow for syncing with iOS apps, one of which is DenVog's $5 Index Card for the iPad.
 
Security experts could not confirm claims by a little-known Russian antivirus company that more than 600,000 Macs have been infected with a zero-day-exploiting Trojan, but they said the number was within reason.
 
There are plenty of collaboration software tools on the market, and a growing number of cloud storage options for businesses as well. YouDazzle, a Silicon Valley startup, says it has created a tool that combines the best of both worlds.
 
Just how big is Amazon Web Service's (S3) Simple Storage Service? Well, it holds 905 billion objects, and it's growing by a billion per day, the company says.
 
At the end of last week I slipped on a wet floor, did a wild, balletic (or so I thought) attempt to recover, and wrenched my knee and leg. The next four days were a blur of X-rays and Vicodin. Luckily nothing broken, but I've had better weekends.
 
Oracle chief security officer Mary Ann Davidson is calling on vendors of payment application software to join the company in opposing certain security vulnerability reporting requirements of the Payment Card Industry Security Standards Council.
 
The same day that Google took the wraps off its computerized eye glasses, the company's co-founder Sergey Brin was spotted wearing a pair while out to dinner.
 
Google has responded to questions from European privacy regulators about its new privacy policy, but only managed to answer 24 of the 69 questions, according to a copy of the letter published by Google.
 
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Only a couple days after releasing the critically late Java patch (2012-001), Apple released another Java update. At this point, Apple's site doesn't mention what this new patch fixes, or why it was released. But eventually, you may see details athttp://support.apple.com/kb/HT1222 . Too bad that Apple isn't getting its security house in order. It appears that OS X has reached a level of market penetration that would require a company with a meaningful security response capability behind it.
Just a couple of additional pointers for OS X security:
- Sophos is making a free Antivirus product for OS X. I am running it for a few months now without bad side effects.http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx
- You can try and enable Gatekeeper on OS X Lion. This feature will prevent unsigned software from running. This feature will be fully integrated once the next version of OS X (Mountain Lion, OS X 10.8) arrives, but has been included in OS 10.7.3 . To activate it, you need to run:sudo spctl --enable . Expect it to complain about a lot of normal software as most OS X software right now is not yet signed. (but you can always allow it to still run).
Otherwise: Keep good backups...
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
For quite a while now, we used the Add This toolbar to allow readers to quickly share articles with various social networks. As a security site, we talk a lot about the risks of social networks, but we can't ignore them. Our mission is to get the word out about current security issues. Social media are becoming an important tool to assist us with that.
At the same time, we are very aware of the privacy issues. Lucky for us, the german technology website Heise Online came up with a great solution. The Social Sharing Privacy toolbar we are using as of today will not leak any data about you to social networks or companies like Add This until you explicitly turn on the toolbar. If you would like to share a story via Twitter/Facebook/Google , you will first need to turn on the toolbar (which will load the actual images from the respective sites) and then you are able to share.
I hope this will not prevent too many of you from sharing our stories to your social media accounts. We will still tweak the toolbar a bit. Please let us know if you see issues with specific browsers (we are usually testing with Safari on OS X, Firefox on Linux and sometimes even with IE on Windows).
Plugins for popular tools like Wordpress are available.
Social sharing privacy source code:http://www.heise.de/extras/socialshareprivacy/

This blog post helped me quite a bit:http://benjamin-steininger.de/2011/12/07/extending-heise-socialshareprivacy-to-pass-a-dynamic-title-to-twitter/


------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Dell's first in a flurry of software acquisitions was backup vendor AppAssure, which Dell said will be its primary data protection application even as it still resells Symantec and CommVault products.
 
One of the most important capabilities that smartphones now have is knowing where they are. A smartphone can combine its location with many other pieces of data to make new services available.
 
Security firm Sophos has taken its partner portal offline and will reset every user's password after it found signs of a potential security breach on the server hosting it.
 
High Tech Computer reported a 70% year-on-year fall in net profit for the first quarter, as the Taiwanese handset maker transitioned to a new line of smartphones it hopes will lift earnings.
 
The Nokia Lumia 900 puts Windows Phone in with the big kids, offering good performance, a bright display and stylish design.
 
[Ask the iTunes Guy is a regular column in which we answer your questions on everything iTunes related. If there's something you'd like to know, send an email to the iTunes Guy for consideration.]
 
Lenovo will start accepting pre-orders for its smart TVs on April 10 in China, as the company prepares to test the waters with the new product on its home turf.
 
Google on Thursday patched 12 Chrome vulnerabilities, the second time in eight days that the search company has updated its browser.
 
When David Richter took over Kimberly-Clark's infrastructure solutions group in 2008, morale was at an all-time low. Since launching a program that allows employees to freely pitch him new ideas and receive VC-like funding, morale is up, costs have been reduced and processes streamlined.
 
Three of India's largest IT outsourcing firms are involved in lawsuits that taken together, are a major threat to the Indian IT industry in America.
 
Sprint announced high-definition voice technology for the new HTC Evo 4G LTE smartphone and future phones, although HD Voice will only work once Sprint upgrades its 3G network, a process expected to begin in late 2012 in several cities.
 
The Nokia Lumia 900 puts Windows Phone in with the big kids, offering good performance, a bright display and stylish design.
 
Twitter has filed a lawsuit against "five of the most aggressive tool providers and spammers" in a federal court in San Francisco, opening a new front in its battle against spam, it said Thursday.
 

Posted by InfoSec News on Apr 05

http://www.informationweek.com/news/government/security/232800365

By J. Nicholas Hoover
InformationWeek
April 05, 2012

Eighteen months after its diplomatic cables were exposed in the
WikiLeaks breach, the State Department continues to lock down its
confidential information, while using the Internet and social media to
further its work in other ways.

State Department CIO Susan Swart, in an interview with InformationWeek
at the agency's...
 

Posted by InfoSec News on Apr 05

http://www.guardian.co.uk/media/2012/apr/05/sky-news-hacking-emails-canoe-man

By Dan Sabbagh, Nick Davies and Robert Booth
guardian.co.uk
5 April 2012

Sky News has admitted that one of its senior executives authorised a
journalist to conduct email hacking on two separate occasions that it
said were "in the public interest" – even though intercepting emails is
a prima facie breach of the Computer Misuse Act, to which there is no...
 

Posted by InfoSec News on Apr 05

http://www.wired.com/threatlevel/2012/04/exploit-for-quantum-plc/

By Kim Zetter
Threat Level
Wired.com
April 5, 2012

Researchers have released two new exploits that attack common design
vulnerabilities in a computer component used to control critical
infrastructure, such as refineries and factories.

The exploits would allow someone to hack the system in a manner similar
to how the Stuxnet worm attacked nuclear centrifuges in Iran, a hack...
 

Posted by InfoSec News on Apr 05

http://www.bankinfosecurity.com/articles.php?art_id=4655

By Tracy Kitten
Bank Info Security
April 5, 2012

For banking institutions, the payment card data breach that hit
third-party processor Global Payments Inc. is just the beginning.

Now, in the wake of the highly-publicized incident, banks and credit
unions have to ride the rough waves of customers' discontent and fears
of possible identity theft and fraud.

What steps should...
 

Posted by InfoSec News on Apr 05

http://www.theregister.co.uk/2012/04/05/sophos_partner_site_infected/

By Iain Thomson in San Francisco
The Register
5th April 2012

Sophos has shut down its portal for partners after finding two software
packages on its servers designed to allow access to them – and possibly
to user data stored there, as well.

The security software firm posted a statement on the portal explaining
that it had spotted suspicious behavior on some of its...
 
Internet Storm Center Infocon Status