Information Security News
Posted by InfoSec News on May 07http://freebeacon.com/syrian-hackers-strike/
Posted by InfoSec News on May 07http://www.darkreading.com/attacks-breaches/metasploit-module-released-for-ie-zero-d/240154190
Posted by InfoSec News on May 07Forwarded from: cfp (at) ruxcon.org.au
Posted by InfoSec News on May 07http://arstechnica.com/security/2013/05/amid-a-barrage-of-password-breaches-honeywords-to-the-rescue/
Posted by InfoSec News on May 07http://online.wsj.com/article_email/SB10001424127887323687604578467442670389684-lMyQjAxMTAzMDAwNjEwNDYyWj.html
Bogus domains include:
Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu
Security experts have proposed a simple way for websites to better secure highly sensitive databases used to store user passwords: the creation of false "honeyword" passcodes that when entered would trigger alarms that account hijacking attacks are underway.
The suggestion builds on the already established practice of creating dummy accounts known as honeypot accounts. It comes as dozens of high-profile sites watched user data become jeopardized—including LivingSocial, dating site Zoosk, Evernote, Twitter, LinkedIn, and eHarmony to name just a few from the past year. Because these dummy accounts don't belong to legitimate users of the service and are normally never accessed, they can be used to send a warning to site administrators when attackers are able to log in to them. The new, complementary honeyword measure—proposed in a research paper titled "Honeywords: Making Password-Cracking Detectable—was devised by RSA Labs researcher Ari Juels and MIT cryptography professor Ronald Rivest, the latter who is the "R" in the RSA cryptography scheme.
The new measure calls for a file storing cryptographically hashed passwords to contain multiple passwords for each account, only one of which is valid. Attackers who manage to crack the hashes would have no way of knowing if the corresponding plain-text password is real for a particular user. Logging into an account using one of the decoy passwords would immediately cause a "honeychecker"—located on a separate, hardened computer system—to issue an alert to administrators that the database has been compromised.
The encryption that we rely on to secure network transactions is based on a simple computational challenge: it's hard to find two prime numbers when you're only given the big number that they produce when multiplied. Although the growth in computer processing power means we've needed to shift to bigger numbers, we can continue to do so as needed. This leaves eavesdropping as the biggest risk; to secure communication, each partner needs to get a copy of the relevant keys. If someone can break in on the key distribution process, they save themselves the need to do any math.
Quantum key distribution (QKD) is intended to be a way around this problem. By exchanging bits encoded in a quantum system—typically a photon—two parties can generate a unique key that can be used to encrypt communications. If anyone tries to eavesdrop on the process, their measurement of the photons used will leave a mark on the process that's easy to spot. (We have a more detailed description of the process in a past article.)
So far, QKD has largely remained a research project, although some progress is being made. Just last week, some researchers from Los Alamos National Lab described a system they've had working for almost two years. It's not especially novel (which is why it actually works), but it uses some clever tricks to shift most of the burden to a central server while putting less expensive hardware into the clients.
Attacks exploiting a previously unknown and currently unpatched vulnerability in Microsoft's Internet Explorer browser have spread to at least nine other websites, including those run by a big European company operating in the aerospace, defense, and security industries as well as non-profit groups and institutes, security researchers said.
The revelation, from a blog post published Sunday by security firm AlienVault, means an attack campaign that surreptitiously installed malware on the computers of federal government workers involved in nuclear weapons research was broader and more ambitious than previously thought. Earlier reports identified only a website belonging to the US Department of Labor as redirecting to servers that exploited the zero-day remote-code vulnerability in IE version 8.
A separate blog post from security firm CrowdStrike said its researchers unearthed evidence suggesting that the campaign began in mid-March. Their analysis of logs from the malicious infrastructure used in the attacks revealed the IP addresses of visitors to the compromised sites. The logs showed addresses from 37 different countries, with 71 percent of them in the US, 11 percent in South/Southeast Asia, and 10 percent in Europe. CrowdStrike's data showed IP addresses before exploit code was run against the visitors' machines. Not all those visitors were likely compromised since the exploit code worked only against people using IE8.
Thanks to our reader Juha-Matti for pointing out that a Metasploit module was released to exploit the recent Internet Explorer 8 vulnerability. The vulnerability has also been assigned CVE-2013-1347.
Please let us know if you are running into exploits for this vulnerability.
Banking Trojan hacker charged after three-year manhunt
Hamza Bendelladj of Algeria, centre, a suspect on the US Federal Bureau of Investigation's top 10 wanted list for allegedly hacking private accounts in 217 banks and financial companies worldwide, is escorted by Thai police officers in Bangkok on ...
I'd like to recommend two more tools:
Malwarebytes which is a free malware protection program
OUTDATEfighter which is a free software updater program
It's almost essential these days to have a specific program for malware. Ukash virus I was unfortunately hit with a couple of months ago (not fun).
Be safe out there!
Posted by InfoSec News on May 06http://arstechnica.com/security/2013/05/internet-explorer-zero-day-exploit-targets-nuclear-weapons-researchers/
Posted by InfoSec News on May 06http://www.chinapost.com.tw/editorial/taiwan-issues/2013/05/05/377754/Taiwan-needs.htm
Posted by InfoSec News on May 06http://www.nextgov.com/mobile/2013/05/pentagon-approves-use-samsung-android-and-new-blackberry-devices/62951/
Posted by InfoSec News on May 06http://defense-update.com/20130504_france_livre_blanc_cybersecurity.html
Posted by InfoSec News on May 06http://www.wired.com/threatlevel/2013/05/spyeye-zeus-botmaster-indicted/