Posted by InfoSec News on May 07


By Adam Kredo
Washington Free Beacon
May 6, 2013

A hacker group known as the Syrian Electronic Army (SEA) claims to have
“penetrated” one of Israel’s central Internet infrastructure systems in
Haifa in response to an Israeli attack over the weekend on Syrian
weapons shipments.

The Anonymous-affiliated SEA, or SCADA Attackers, announced Monday
afternoon that it had “penetrated one of the...

Posted by InfoSec News on May 07


By Kelly Jackson Higgins
Dark Reading
May 06, 2013

A targeted attack discovered last week serving up malware from the U.S.
Department of Labor's (DOL) website employed a previously unknown
vulnerability in Internet Explorer 8 that Microsoft says it will fix
either with an emergency patch or via its monthly patch process.

And as is tradition,...

Posted by InfoSec News on May 07

Forwarded from: cfp (at) ruxcon.org.au

Ruxcon 2013 Call For Presentations
Melbourne, Australia, October 26th-27th
CQ Function Centre

The Ruxcon team is pleased to announce the Call For Presentations for
Ruxcon 2013.

This year the conference will take place over the weekend of the 26th
and 27th of October at the CQ Function Centre, Melbourne, Australia.

.[x]. About Ruxcon .[x].

Ruxcon is ia...

Posted by InfoSec News on May 07


By Dan Goodin
Ars Technica
May 6 2013

Security experts have proposed a simple way for websites to better
secure highly sensitive databases used to store user passwords: the
creation of false "honeyword" passcodes that when entered would trigger
alarms that account hijacking attacks are underway.

The suggestion builds on the...

Posted by InfoSec News on May 07


By Julian E. Barnes
The Wall Street Journal
May 6, 2013

WASHINGTON - The Chinese government has targeted U.S. government
computer systems for intrusion, the Pentagon said Monday in a more
direct accusation of cyberespionage than the U.S. has made in the past.

While American officials have long charged that China is a top...
China's government and military appear to be directly involved in cyberattacks against the U.S., according to a report released Monday by the U.S. Department of Defense.

One of our readers, Jim, wrote in earlier today to say he has noticed an increase in "working" typo squatting over the last 2 months or so.  That is, he's seen users accidently surfing to them or being redirected there by some sort of malicious javascript trickery.  His question for us (and the rest of you) is, is this a local phenomenon or are the bad guys making more use of this tactic?  I'm not currently setup to monitor this type of activity, so I figured I'd ask our loyal readers.  Do you monitor your proxy and DNS logs for this type of activity and have you seen an increase?  Leave a comment below or our contact form to let us know.  Below are just a few examples of the domains he has seen.

Bogus domains include:

  • audilble.com
  • boatrader.com
  • charleesschwab.com
  • chsse.com
  • cnnmonet.com
  • dilymail.co.uk
  • loanadminstration.com
  • myunh.com
  • nydailnews.com
  • nydailynew.com
  • nyeater.com
  • nylottory.org


Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Hackers could have turned up the heat in one of Google's offices in Sydney. Literally.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Yahoo's Flickr mobile app may be getting a completely new look in the months to come, as the company seeks to hire multiple iOS engineers to "radically improve" the photo-sharing site's app and attract new users, the company said in a recent job notice.
The U.S. Senate has voted to allow states to collect sales tax from online retailers, making it more difficult to buy tax-free products online.

Security experts have proposed a simple way for websites to better secure highly sensitive databases used to store user passwords: the creation of false "honeyword" passcodes that when entered would trigger alarms that account hijacking attacks are underway.

The suggestion builds on the already established practice of creating dummy accounts known as honeypot accounts. It comes as dozens of high-profile sites watched user data become jeopardized—including LivingSocial, dating site Zoosk, Evernote, Twitter, LinkedIn, and eHarmony to name just a few from the past year. Because these dummy accounts don't belong to legitimate users of the service and are normally never accessed, they can be used to send a warning to site administrators when attackers are able to log in to them. The new, complementary honeyword measure—proposed in a research paper titled "Honeywords: Making Password-Cracking Detectable—was devised by RSA Labs researcher Ari Juels and MIT cryptography professor Ronald Rivest, the latter who is the "R" in the RSA cryptography scheme.

The new measure calls for a file storing cryptographically hashed passwords to contain multiple passwords for each account, only one of which is valid. Attackers who manage to crack the hashes would have no way of knowing if the corresponding plain-text password is real for a particular user. Logging into an account using one of the decoy passwords would immediately cause a "honeychecker"—located on a separate, hardened computer system—to issue an alert to administrators that the database has been compromised.

Read 6 remaining paragraphs | Comments

The first generation hardware. The authors are already building something that will be significantly smaller.

The encryption that we rely on to secure network transactions is based on a simple computational challenge: it's hard to find two prime numbers when you're only given the big number that they produce when multiplied. Although the growth in computer processing power means we've needed to shift to bigger numbers, we can continue to do so as needed. This leaves eavesdropping as the biggest risk; to secure communication, each partner needs to get a copy of the relevant keys. If someone can break in on the key distribution process, they save themselves the need to do any math.

Quantum key distribution (QKD) is intended to be a way around this problem. By exchanging bits encoded in a quantum system—typically a photon—two parties can generate a unique key that can be used to encrypt communications. If anyone tries to eavesdrop on the process, their measurement of the photons used will leave a mark on the process that's easy to spot. (We have a more detailed description of the process in a past article.)

So far, QKD has largely remained a research project, although some progress is being made. Just last week, some researchers from Los Alamos National Lab described a system they've had working for almost two years. It's not especially novel (which is why it actually works), but it uses some clever tricks to shift most of the burden to a central server while putting less expensive hardware into the clients.

Read 7 remaining paragraphs | Comments

Sprint Nextel's network partner Clearwire hasn't been able to find any other big wholesale customers nor sell any of its spectrum, so selling out to Sprint is the only real option for its shareholders, the company said Monday.
McAfee has announced an agreement to acquire next-gen firewall maker Stonesoft for $389 million.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Facebook last week cited mobile growth as a major contributor to its first-quarter increase in sales and profits.
LinuxSecurity.com: Updated java-1.7.0-openjdk packages fix security vulnerabilities: Multiple flaws were discovered in the font layout engine in the 2D component. An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption [More...]
LinuxSecurity.com: ClamAV could be made to crash or run programs if it opened a speciallycrafted file.
D-Link has improved security for a large swathe of its routers and has also released security enhancements for several IP cameras which previously permitted unauthorised viewing as either a video stream or ASCII output

The Chinese government's alleged cyber-espionage arm remains active after a quiet period, using the same tactics revealed in Mandiant's APT1 report.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Intel's upcoming Atom chips with new CPU architecture will be up to three times faster and five times more power efficient than their predecessors and break the "myth" that ARM processors are more power efficient, Intel said.
Most managers want their team members to be more proactive when it comes to making decisions. IT Team leaders at any level can use a 'Tree Decision Rights' model to identify different types of decisions and then work with their team members to empower them to take on more decision-making responsibly.
New tablet shipments will outnumber laptops for the first time in 2013, as touch display capabilities drive buying patterns rather than new operating systems like Windows 8 and Windows RT, research firm NPD DisplaySearch reported on Monday.
Even just opening an email could allow spyware to run on computers with Notes. An update from IBM will stop Java and JavaScript from being executed
Microsoft co-founder and chairman Bill Gates today stuck to the company line on tablets, and disparaged rival Apple's iPad for its lack of a keyboard and its inability to run Office.
LinkedIn's newest feature lets you showcase your professional achievements by uploading presentations, documents, images and video to your profile. Here are step-by-step instructions for improving your LinkedIn brand.
Huawei AR Series Routers SNMPv3 Denial of Service Vulnerability
Apache VCL improper input validation
[ MDVSA-2013:161 ] java-1.7.0-openjdk
ESA-2013-015: RSA Archer® GRC Multiple Vulnerabilities
By modifying a Microsoft Kinect sensor, a research project at the Computer Human Interaction (CHI) conference demonstrated how gamers in a wheelchair could interact with motion games.
The IT world is no stranger to projects that go down in flames. In fact, anyone who has had the unenviable pleasure of participating in a failed IT effort likely sensed its demise well before the go-live date. That sixth sense is invaluable in a competitive field like IT -- but only if it is acted on promptly and professionally.
As developers create tiny computer devices like smartwatches, one question they face is how to make tiny keyboards usable.
The company producing a 3D-printable gun today test fired it successfully, demonstrating the viability of the technology that would allow anyone with a printer and special resin toner to make their own weapons.
Adding to its portfolio of IT management software, Dell has acquired Enstratius (formerly called EnStratus), which offers software for managing workloads in hosted cloud environments.

Attacks exploiting a previously unknown and currently unpatched vulnerability in Microsoft's Internet Explorer browser have spread to at least nine other websites, including those run by a big European company operating in the aerospace, defense, and security industries as well as non-profit groups and institutes, security researchers said.

The revelation, from a blog post published Sunday by security firm AlienVault, means an attack campaign that surreptitiously installed malware on the computers of federal government workers involved in nuclear weapons research was broader and more ambitious than previously thought. Earlier reports identified only a website belonging to the US Department of Labor as redirecting to servers that exploited the zero-day remote-code vulnerability in IE version 8.

A separate blog post from security firm CrowdStrike said its researchers unearthed evidence suggesting that the campaign began in mid-March. Their analysis of logs from the malicious infrastructure used in the attacks revealed the IP addresses of visitors to the compromised sites. The logs showed addresses from 37 different countries, with 71 percent of them in the US, 11 percent in South/Southeast Asia, and 10 percent in Europe. CrowdStrike's data showed IP addresses before exploit code was run against the visitors' machines. Not all those visitors were likely compromised since the exploit code worked only against people using IE8.

Read 8 remaining paragraphs | Comments

VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6
[SE-2012-01] New security vulnerabilities and broken fixes in IBM Java
Taiwanese PC maker Asus plans on getting behind Google's Chrome OS and will launch a notebook running the OS in the second half of this year, said company CEO Jerry Shen.
BMC has agreed to be acquired by a private investment consortium headed by Bain Capital and Golden Capital, in a deal worth about US$6.9 billion.
New tablet shipments will outnumber laptops for the first time in 2013, as touch display capabilities drive buying patterns rather than new operating systems like Windows 8 and Windows RT, research firm NPD DisplaySearch reported on Monday.
Premier 100 IT Leader Gary Hensley also answers questions on transitioning to the security field and becoming a leader.
Apple climbed the Fortune 500 this year to the No. 6 spot, its highest-ever ranking, its first time in the top 10, and the top technology company on the influential list, replacing sagging HP.
BMC has agreed to sell itself to a private investment consortium headed up by Bain Capital and Golden Gate Capital in a deal worth approximately US$6.9 billion.
Multiple Vulnerabilities in D-Link DSL-320B
Multiple buffer overflows on Huawei SNMPv3 service
Vulnerability in Microsoft Security Essentials <v4.2

Thanks to our reader Juha-Matti for pointing out that a Metasploit module was released to exploit the recent Internet Explorer 8 vulnerability. The vulnerability has also been assigned CVE-2013-1347.

Please let us know if you are running into exploits for this vulnerability.

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Motorola Mobility abuses its dominant position in the E.U. by seeking and enforcing an injunction against Apple in Germany on the basis of its mobile phone standard-essential patents (SEPs), the European Commission said in a preliminary antitrust review of the case on Monday.
WordPress Advanced XML Reader Plugin XML External Entity Information Disclosure Vulnerability
Domestic IT services providers say the U.S. Senate's immigration bill could benefit them by raising the costs of their competitors that are based overseas.
Just about anyone in the office can introduce open-source code into the company's IT infrastructure. Yet CIOs face real dangers if they're not properly managing their open-source assets.
Vendors are falling all over themselves to develop smartwatches. Will this be yet one more example of Microsoft getting to a market first and then failing to cash in?
Jim Turnbull, CIO at University of Utah Health Care, says mobile technology as the next big opportunity for getting patients more involved in managing their healthcare.
Since it is virtually impossible to find all needed analytical skills resident in the same human being, it might be wise to adopt an 'ensemble' approach to your organization's deficit in those skills. Insider (registration required)
A survey finds that stress remains high, but it's down significantly from last year.
How exactly do you make it to the data scientist big leagues? As it turns out, there is no one right path. Instead, it's largely a scramble out there on the big data field. Insider (registration required)
The company's incident-response plan needs to be updated. That's normal -- no plan is carved in stone.
As part of Microsoft's loan of $2 billion to a group trying to buy PC maker Dell, the two companies must modify the payment terms of Dell's current agreements with Microsoft, a document filed with U.S. regulators said.
A lot more innovation is desperately needed for mobile hardware design and platforms. Are Apple, Google, Samsung and Microsoft up to the task?

Brisbane Times

Banking Trojan hacker charged after three-year manhunt
Brisbane Times
Hamza Bendelladj of Algeria, centre, a suspect on the US Federal Bureau of Investigation's top 10 wanted list for allegedly hacking private accounts in 217 banks and financial companies worldwide, is escorted by Thai police officers in Bangkok on ...

and more »

I'd like to recommend two more tools:


Malwarebytes which is a free malware protection program


OUTDATEfighter which is a free software updater program


It's almost essential these days to have a specific program for malware. Ukash virus I was unfortunately hit with a couple of months ago (not fun).


Be safe out there!

You'd expect a $35,000 car to have technology at least as good as a $200 smartphone, but it often doesn't. Although the auto industry has been slow to keep up with tech trends, that may soon change.
Xen CVE-2013-1964 Local Denial of Service Vulnerability
Xen CVE-2013-1919 Multiple Denial of Service Vulnerabilities
Amazon.com has updated its mobile app store to include support for its Chinese customers, in a sign that the U.S. company could be preparing to sell its Kindle e-readers and tablets in the country.
McAfee plans to acquire Stonesoft, a Helsinki-based maker of firewalls, for US$389 million in cash, the companies said Monday.
Linux Kernel CVE-2013-3232 Local Information Disclosure Vulnerability
Hewlett-Packard on Monday kicked off a series of upcoming PC announcements with new ProBook 400 series laptops, including a 15.6-inch model with a touchscreen.
Google plans to offer a video subscription service on YouTube, which according to a newspaper report, the company may announce this week.

Posted by InfoSec News on May 06


By Dan Goodin
Ars Technica
May 3 2013

Attackers exploited a previously unknown and currently unpatched
security bug in Microsoft's Internet Explorer browser to surreptitiously
install malware on the computers of federal government workers involved
in nuclear weapons research, researchers said Friday.

The attack code appears...

Posted by InfoSec News on May 06


The China Post news staff
May 5, 2013

In an ever-growing virtual world, cyberwarfare is likely to overshadow
ground wars in the near future. A recent example of the growing
importance of cyberwar is seen in the escalating tension on the Korean

Three South Korean banks — Shinhan, NongHyup and Jeju — and three TV
broadcasters — KBS, MBC...

Posted by InfoSec News on May 06


By Bob Brewin
May 2, 2013

The Defense Department has approved the Android Knox smartphone made by
Samsung and new BlackBerry smartphones and tablets running Enterprise
Service 10 software for use on its networks.

The Pentagon did not approve the use of Apple smartphones or tables yet,
which numerous media outlets,...

Posted by InfoSec News on May 06


Defense Update
May 4, 2013

France has recently published a white paper on defense, the ‘Livre
Blanc’ outlines the priorities planned for the next five years, in the
areas of national defense – land, air, maritime and space, as a well as
as in the areas of homeland security and cyberwarfare. This article
covers the main areas addressed by Livre Blanc’s...

Posted by InfoSec News on May 06


By Kim Zetter
Threat Level

A 24-year-old Algerian man landed in Atlanta, Georgia on Thursday to face
federal charges that he hijacked customer accounts at more than 200 banks and
financial institutions, capping a months-long extradition battle.

Hamza Bendelladj, who went by the name Bx1 online, is also accused of operating
botnets of machines...
Internet Storm Center Infocon Status