Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
While Google officials, from CEO Larry Page on down, are all aflutter over Google+, Mark Zuckerberg views Google's new social networking site as "their own little version of Facebook."
 
Adidas has been forced to take some of its main websites offline after a "sophisticated, criminal cyber-attack" that took place last week, the company said.
 
Bill Weihl, Google's "green energy czar," is leaving the company this week after steering its clean energy efforts for almost six years.
 
One hospital hasn't jumped on the iPad-in-healthcare craze yet. Critical desktop apps just don't render well on the iPad, while iCloud's security concerns cause "trepidation," the CTO says.
 
Rackspace for the first time plans to extend its support services to OpenStack cloud implementations that reside within the walls of an enterprise or third-party commercial data centers, the company announced Monday.
 
Gavin Kim, a high-ranking executive in Samsung's mobile group, has left for Microsoft to help it build the fledgling Windows Phone 7 product line.
 
Hewlett-Packard has put its TouchPad tablet on sale again, this time to WebOS developers with qualifying coupons for purchase of the discounted tablet.
 
Microsoft, which on Monday held an event in New York to mark the U.S. launch of smartphones running its latest Windows Phone 7.5 OS, said it is taking steps to "align" the smartphone OS with its future tablet and PC OSes.
 
Some of the Nook Tablet's specifications are superior to those of the Kindle Fire, but the Nook's $249 price fails to break below the magic $200 figure that will attract more consumers, analysts said after the launch of the Nook by Barnes & Noble onMonday.
 
John Opel, who served as IBM CEO from 1981 to 1985, passed away at the age of 86 last week, IBM confirmed Monday.
 
Google is getting ready for businesses to start jumping aboard its Google+ social network.
 
Apple last week awarded six senior executives $60 million each in stock contingent on them staying with the company through mid-March 2016.
 
The security of cloud computing is often debated but such debates seem to be over for the general tasked with running the United States military's cyber command, who sees the technology not only as way to rein in IT costs but a way to more easily protect IT assets.
 
Thanks to the combination of iTunes 10.5, iOS 5, and iCloud, you can sync data wirelessly with your iOS device. In fact, there are two ways to do so: iCloud syncing, which sends specific information to and from Apple's iCloud servers over an Internet connection, and Wi-Fi Sync, which syncs your device with iTunes on your Mac via your local wireless network.
 
Tooling and process can only go so far to assure code quality. IBM is analyzing application developers based on the volume and quality of the work they do.
 
We're starting to get reports (thanks to both Branson and Darryl) that a Juniper OS bug with BGP, combined with some specific BGP updates today, are resulting in some key internet routers being DOS'd due to high CPU loads. We'll post more data as it comes in.


===============
Rob VandenBrink
Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Name: Dan Rosenthal
 
Twitter and Facebook are enabling the Central Intelligence Agency to get reliable, real-time assessments of public sentiment during rapidly changing events around the world.
 
It's probably no big surprise to any of you, but the effectiveness of your organization's risk-management endeavors is directly related to your ability to navigate the quagmire known as corporate politics.
 
The first step in spending 30 days relying on cloud-based tools and services is to explore my options and choose the ones I want to use to work and live online. Email and writing are the most crucial functions of my PC for me, so I am going to start by finding suitable online options for email and writing. Actually, I planned to start there, but I ran into a little hiccup--my PC won't cooperate.
 
Barnes & Noble launched its widely expected tablet Monday, taking on the soon-to-be released tablet from book-selling rival Amazon with a machine that has slightly better specs.
 
I find that the longer I work in this field, the more scripts I write. Solving a problem with a script might take a bit longer the first time, but the next time you see the problem it takes seconds to resolve (assuming you can find your script back, that is). This is illustrated so well (and so timely) here == http://www.xkcd.com/974/
But I'm not here to sell you on scripting, or on any particular scripting language. This story about neat stuff I've learned while scripting, tid-bits that I wouldn't have learned otherwise that I hope you find useful as well.
Recently I had to assess if a remote windows host was using a self-signed certificate, or one issued by a public or a private CA (Certificate Authority). The remote host was a VMware vCenter console, but that's not material to the script really, other than dictating the path.
Easy you say, use a browser! Sure, that's ONE easy way, but what if you've got 10 others to assess, or a hundred? Or more likely, what if this is one check in hundreds in an audit or assessment? It's at that point that the this needs a script lightbulb goes off for me.
In this case I discovered the windows command CERTUTIL.EXE. Typing certutil -? will get you pages of syntax of the complex things that this command can do, but in this case all we want to do is dump the certificate information. Since the server is remote, let's map a drive and query the cert:

map l: \\c%$

certutil -dump l:\programdata\vmware\vmware virtualcenter\SSL\rui.crt


ah- 2 things on this though - is your L: drive available? If you are writing this from someone else, is their L: drive available? Also, this is located off of %ALLUSERSPROFILE%, not neccessarily in the directory above. We can fix this in one fell swoop - we'll use Microsoft's PSTOOLS (http://technet.microsoft.com/en-us/sysinternals/default) to run it on the remote host directly:

psexec \\%1 -u %2 -p %3 certutil -dump %allusersprofile%\vmware\vmware virtualcenter\SSL\rui.crt
This is set up to take the target host and credentials from the command line in a script - - where %1 is the server name, %2 is the userid, and %3 is the password
Finally, this seems like a lot of output - if we're just trying to validate who signed the certificate, we can tack on a find command to get that (the output is shown here as well):

psexec \\%1 -u %2 -p %3 cmd /c certutil -dump %allusersprofile%\vmware\vmware virtualcenter\SSL\rui.crt | find O=

O=VMware Installer

O=VMware, Inc.

psexec \\%1 -u %2 -p %3 cmd /c certutil -dump %allusersprofile%\vmware\vmware virtualcenter\ssl\rui.crt | find CN=

CN=VMware default certificate




These show that the certificate is the Default cert, installed by the VMware Installer.
Finally, the approaches so far have required credentials, which you really shouldn't need for this task - let's try it directly, using the HTTPS protocol. if you want to do this entirely over an SSL session, you'll need openssl installed (installed by default on many Linux distros, but can be bolted on to Windows easily enough):

# openssl s_client -connect servername:443 QUIT.in o
where the file QUIT.in, contains the word QUIT, followed by a carriage return.
The certificate itself will be included, between the BEGIN CERTIFICATE and END CERTIFICATE markers. Getting just the information we need is simple at this point, use find, or grepin Linux:

# openssl s_client -connect servername:443 QUIT.in | grep O=

depth=0 /O=VMware, Inc./OU=VMware, Inc./CN=VMware default certificate/[email protected]

verify error:num=20:unable to get local issuer certificate

verify return:1

depth=0 /O=VMware, Inc./OU=VMware, Inc./CN=VMware default certificate/[email protected]

verify error:num=27:certificate not trusted

verify return:1

depth=0 /O=VMware, Inc./OU=VMware, Inc./CN=VMware default certificate/[email protected]

verify error:num=21:unable to verify the first certificate

verify return:1

0 s:/O=VMware, Inc./OU=VMware, Inc./CN=VMware default certificate/[email protected] i:/O=VMware Installer subject=/O=VMware, Inc./OU=VMware, Inc./CN=VMware default certificate/[email protected] issuer=/O=VMware Installer

DONE
As you can see from this output, it returns the same answer (with a bit more detail) - that this server has a self-signed certificate
Finally, the beauty of Stuff I Learned Scripting is that you are probably scripting as well. If you've found a better way to assess certificates, by all means post to our comment form ! In particular, if you've found a way to duplicate what openssl can do over tcp/443, without installing openssl (maybe using wget or curl to feed certutil?), we're all ears !!

Oh - and can you please pass the salt ?


===============
Rob VandenBrink
Metafore
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

UC Irvine Extension Announces New Online Information Systems Security ...
MarketWatch (press release)
More information on the Information Systems Security Certificate Program can be found at extension.uci.edu/infosec. Free supporting webinars are available for those interested in learning more about the certificate program content, the benefits of ...

and more »
 
Wireless routers are always something of a mystery. They combine a number of features into a single box and are usually complex to set up, but require little attention after that.
 
Early next year, seven smartphones from HTC will be upgraded to Android 4.0, also known as Ice Cream Sandwich, the company said on Monday.
 
[SECURITY] [DSA 2337-1] xen security update
 
[SECURITY] [DSA 2335-1] man2html security update
 
[ GLSA 201111-02 ] Oracle JRE/JDK: Multiple vulnerabilities
 
Malware detection evasion in antivirus software
 

Wisegate Members Collaborate to Tackle Rising Data Breaches
TMC Net
Wisegate added that it a took a poll recently from its community of security experts who all unanimously agreed that collaboration among infosec professionals to outsmart hackers was the preemptive measure that would have the greatest potential to ...

 
Cloud security options are set to widen today as RSA teams with Microsoft and Citrix to support use of RSA SecurID authentication, and separately, McAfee unveils enhancements to the McAfee Cloud Security Platform.
 
For the moment, at least, Apple’s new Siri feature is back online and cheerfully responding to instructions, but it’s hard to say how long that’s going to last. I had trouble getting Siri to respond to my requests from 10am to 2pm Pacific time on Friday and that’s in addition to the long block of downtime the service experienced on Thursday. All the trouble raises the question: Why can’t Apple get cloud services right?
 
The largest telecommunications company in the Netherlands has stopped issuing SSL certificates after finding indications that the website used for purchasing the certificates may have been hacked.
 
CEO Tim Cook should seriously try to get Apple into the enterprise market.
 
The Wild West era of cloud computing is ending. So says cloud computing's new sheriff, a user group called the Open Data Center Alliance.
 
Microsoft's SharePoint ECM system can be expensive; companies may be able to find an alternative in Alfresco, or make do with simpler document management systems.
 
Microsoft's SharePoint ECM system can be expensive; companies may be able to find an alternative in Alfresco, or make do with simpler document management systems. Insider (registration required)
 
In opting not to get rid of its PC division, HP -- and new CEO Meg Whitman -- offered some insight about what type of company they think HP should be. Insider (registration required)
 
Motorola Mobility won a preliminary injunction on Friday, forbidding Apple from selling any mobile devices in Germany that infringe on two Motorola patents related to wireless technology.
 
Israeli government websites were up and running again Monday, after what the government described as a "server glitch" at a server farm took several of them offline.
 
Microsoft on Friday launched a promotion to convince more Windows 7 users to adopt Internet Explorer 9.
 
Wi-Fi is inherently susceptible to hacking and eavesdropping, but it can be secure if you use the right security measures. Unfortunately, the Web is full of outdated advice and myths. But here are some do's and don'ts of Wi-Fi security, addressing some of these myths.
 
Synology finally hits the midrange sweet spot in price, performance, and capacity with the 10-drive, rack-mount RS3411RPxs
 
Doug Cutting, the creator of the open-source Hadoop framework that allows enterprises to store and analyze petabytes of unstructured data, is bullish on the future. Insider (registration required)
 
Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
 
We used two platforms. One test platform was the Fluke Networks AirCheck WiFi tester. The AirCheck contains a 2 x 2 antenna system, and thus can support only two spatial streams.
 
Calibre Multiple Local Security Vulnerabilities
 
 
IBM mainframes are on the verge of managing Windows applications, crossing one of the last big system divides in data centers.
 
China's top IT firms have pledged to step up the regulation of their services as government authorities have intensified calls to control the development of the nation's Internet.
 
Internet Storm Center Infocon Status