Information Security News
More companies are hiring professionals to help them navigate the waters of data collection and privacy, but the windfall of the privacy professional does not necessarily equate to more privacy for consumers.
In a survey released this week, the International Association of Privacy Professionals (IAPP) found companies in the Fortune 1000 spending an average (mean) of $2.4 million on their privacy programs, with most of the budget being spent on staff and legal fees. A third of the companies responding to the survey plan to increase their privacy program staff, while only 2 percent plan to cull workers.
But good news for privacy professionals is not necessarily good news for consumers. Such programs typically focus on minimizing risk to companies from the regulations focused on protecting consumers, not necessarily on improving consumer privacy. The approach that businesses take to privacy typically depends on their customers, J. Trevor Hughes, president and CEO of the IAPP, told Ars.
SC Magazine UK
ICYMI: Tor criminals, the Apple 'virus' and InfoSec salaries
SC Magazine UK
Our latest In Case You Missed It (ICYMI) column looks at the take-down of Silk Road 2.0 and other dark markets on Tor, the new WireLurker malware and some good news for cash-happy InfoSec pros. ICYMI: Tor criminals, the Apple 'virus' and InfoSec ...
[Guest Diary: Didier Stevens] [Shellcode Detection with XORSearch]
Frank Boldewin (http://www.reconstructer.org/) developed a shellcode detection method to find shellcode in Microsoft Office files, like .doc and .xls files. He released this as a feature of his OfficeMalScanner tool (http://www.reconstructer.org/code.html).
I consider this a very interesting detection method, and wanted to use this method on other file types like pictures. Thats what motivated to integrate this in my XORSearch tool.
XORSearch has been presented here before. Its a string search tool that brute-forces the content of the searched file with simple encoding methods like XOR, ROL, Say that you have a malware sample that downloads a file. You want to know the download URL, but the strings command will not find the URL, because it is encoded with XOR key 0xD1. XORSearch will find the URL like this: xorsearch malware.exe http
At the beginning of this year, I extended XORSearch beyond string searching: with option p, it will find embedded PE-files (executables).
And now, shellcode is the next target.
Frank was kind enough to share his shellcode detectors source code with me. But I wanted a flexible detector, one that can be tailored by the user without coding. So I developed a syntax for Franks shellcode detection rules and converted his source code with this new syntax. Let me explain with an example.
32-bit shellcode needs to establish its position in memory. A common method is known as Get EIP and uses these 2 instructions:
This will match E80000000058, E80000000059, 01011???)
he rule is GetEIP method 1, the score is 10. Each time a match is found, the rules score is added to the total score.
To use XORSearchs shellcode detector with Franks rules, you use option " />
(option d 3 disables ROT encoding brute-forcing: ROT generates too much false positives with shellcode detection)
You can see from the screenshot that many detection rules triggered on this sample, and that the total score is 136.
To view all the rules I embedded in XORSearch, issue command xorsearch L.
And if you want to provide your own rules, use option w. I explain the rule syntax in detail in this blogpost:
XORSearch is open source written in C, without OS-specific calls. I publish the source code and binaries for Windows, OSX and Linux.
Download XORSearch: http://blog.didierstevens.com/programs/xorsearch/
Alex Stanford - GIAC GWEB GSEC,
Research Operations Manager,
SANS Internet Storm Center
Posted by InfoSec News on Nov 07http://www.darkreading.com/attacks-breaches/google-manual-account-hijacks-much-more-dangerous-than-bot-takeovers/d/d-id/1317301
Posted by InfoSec News on Nov 07http://abcnews.go.com/US/trojan-horse-bug-lurking-vital-us-computers-2011/story?id=26737476
Posted by InfoSec News on Nov 07http://www.csoonline.com/article/2844289/data-breach/home-depot-says-53-million-email-addresses-compromised-during-breach.html
Posted by InfoSec News on Nov 07http://www.theverge.com/2014/11/6/7171347/the-us-government-is-hacking-healthcare-gov-to-make-sure-its-secure
by Sean Gallagher
Update: Sharyl Attkisson has contacted Ars with comments, corrections and clarifications. We've integrated factual corrections into the story, as well as her comments—and citations and our own analysis in response to those comments where appropriate.
Sharyl Attkisson was hacked. The computers used by the former CBS News investigative reporter were found to have been remotely accessed and tampered with, according to both a CBS-hired forensics expert and by a reputable information security firm that did an analysis commissioned by Attkisson herself. Those are the facts as we know them.
Currently, that’s where the facts end and the allegations begin. Attkisson, whose book Stonewalled: My Fight for Truth Against the Forces of Obstruction, Intimidation and Harassment in Obama’s Washington was released this week, claims to have evidence that she was hacked by someone working for the government. She says the digital intrusion was part of a campaign to get her to stop pursuing stories critical of the Obama administration. [Atkisson, in a follow-up email, clarifies: "I theorize the digital intrusion was an attempt to surreptitiously monitor my work to see who was talking to me and how much I knew on various stories."]
Europe's cyber security agency wants pick your infosec BRAINS
Do you work in the ICT sector? If so, Europe's top cyber security agency wants you. ENISA (The European Union Agency for Network and Information Security) is looking for 20 experts to join its “Permanent Stakeholders' Group”. Self-declared experts who ...