More companies are hiring professionals to help them navigate the waters of data collection and privacy, but the windfall of the privacy professional does not necessarily equate to more privacy for consumers.

In a survey released this week, the International Association of Privacy Professionals (IAPP) found companies in the Fortune 1000 spending an average (mean) of $2.4 million on their privacy programs, with most of the budget being spent on staff and legal fees. A third of the companies responding to the survey plan to increase their privacy program staff, while only 2 percent plan to cull workers.

But good news for privacy professionals is not necessarily good news for consumers. Such programs typically focus on minimizing risk to companies from the regulations focused on protecting consumers, not necessarily on improving consumer privacy. The approach that businesses take to privacy typically depends on their customers, J. Trevor Hughes, president and CEO of the IAPP, told Ars.

Read 10 remaining paragraphs | Comments

FreeBSD namei CVE-2014-3711 Remote Denial of Service Vulnerability
FreeBSD CVE-2014-3952 Local Information Disclosure Vulnerability
FreeBSD CVE-2014-3953 Multiple Local Information Disclosure Vulnerabilities

SC Magazine UK

ICYMI: Tor criminals, the Apple 'virus' and InfoSec salaries
SC Magazine UK
Our latest In Case You Missed It (ICYMI) column looks at the take-down of Silk Road 2.0 and other dark markets on Tor, the new WireLurker malware and some good news for cash-happy InfoSec pros. ICYMI: Tor criminals, the Apple 'virus' and InfoSec ...

and more »

[Guest Diary: Didier Stevens] [Shellcode Detection with XORSearch]

Frank Boldewin (http://www.reconstructer.org/) developed a shellcode detection method to find shellcode in Microsoft Office files, like .doc and .xls files. He released this as a feature of his OfficeMalScanner tool (http://www.reconstructer.org/code.html).

I consider this a very interesting detection method, and wanted to use this method on other file types like pictures. Thats what motivated to integrate this in my XORSearch tool.

XORSearch has been presented here before. Its a string search tool that brute-forces the content of the searched file with simple encoding methods like XOR, ROL, Say that you have a malware sample that downloads a file. You want to know the download URL, but the strings command will not find the URL, because it is encoded with XOR key 0xD1. XORSearch will find the URL like this: xorsearch malware.exe http

At the beginning of this year, I extended XORSearch beyond string searching: with option p, it will find embedded PE-files (executables).

And now, shellcode is the next target.

Frank was kind enough to share his shellcode detectors source code with me. But I wanted a flexible detector, one that can be tailored by the user without coding. So I developed a syntax for Franks shellcode detection rules and converted his source code with this new syntax. Let me explain with an example.

32-bit shellcode needs to establish its position in memory. A common method is known as Get EIP and uses these 2 instructions:

call label



This will match E80000000058, E80000000059, 01011???)

he rule is GetEIP method 1, the score is 10. Each time a match is found, the rules score is added to the total score.

To use XORSearchs shellcode detector with Franks rules, you use option " />

(option d 3 disables ROT encoding brute-forcing: ROT generates too much false positives with shellcode detection)

You can see from the screenshot that many detection rules triggered on this sample, and that the total score is 136.

To view all the rules I embedded in XORSearch, issue command xorsearch L.

And if you want to provide your own rules, use option w. I explain the rule syntax in detail in this blogpost:


XORSearch is open source written in C, without OS-specific calls. I publish the source code and binaries for Windows, OSX and Linux.

Download XORSearch: http://blog.didierstevens.com/programs/xorsearch/

Alex Stanford - GIAC GWEB GSEC,
Research Operations Manager,
SANS Internet Storm Center

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Posted by InfoSec News on Nov 07


By Jai Vijayan
Dark Reading

Targeted attacks are less common but cause more problems and financial
losses for victims than nontargeted mass account takeovers, a new report
from Google says.

Most online account hijacking capers are carried out using automated bots,
but not all. In fact, some of the most...

Posted by InfoSec News on Nov 07


ABC News
Nov 6, 2014

A destructive “Trojan Horse” malware program has penetrated the software
that runs much of the nation’s critical infrastructure and is poised to
cause an economic catastrophe, according to the Department of Homeland

National Security sources told ABC News there is evidence that...

Posted by InfoSec News on Nov 07


By Steve Ragan
Nov 6, 2014

Home Depot says that in addition to 56 million payment cards, the attackers
responsible for the breach on their POS network earlier this year also
compromised 53 million email addresses.

Thursday's breach investigation update also said the attackers leveraged a

Posted by InfoSec News on Nov 07


By Rich McCormick
Deaily Mail
November 6, 2014

The launch of Healthcare.gov, the US government's health insurance
website, was beset with technical problems so severe that only six people
were able to enroll on its first day in October 2013. Ahead of a second
enrollment period, beginning on November 15th, government officials...
Aurich Lawson

Update: Sharyl Attkisson has contacted Ars with comments, corrections and clarifications. We've integrated factual corrections into the story, as well as her comments—and citations and our own analysis in response to those comments where appropriate.

Sharyl Attkisson was hacked. The computers used by the former CBS News investigative reporter were found to have been remotely accessed and tampered with, according to both a CBS-hired forensics expert and by a reputable information security firm that did an analysis commissioned by Attkisson herself. Those are the facts as we know them.

Currently, that’s where the facts end and the allegations begin. Attkisson, whose book Stonewalled: My Fight for Truth Against the Forces of Obstruction, Intimidation and Harassment in Obama’s Washington was released this week, claims to have evidence that she was hacked by someone working for the government. She says the digital intrusion was part of a campaign to get her to stop pursuing stories critical of the Obama administration. [Atkisson, in a follow-up email, clarifies: "I theorize the digital intrusion was an attempt to surreptitiously monitor my work to see who was talking to me and how much I knew on various stories."]

Read 37 remaining paragraphs | Comments

PolarSSL Unspecified Memory Corruption Vulnerability
Polarssl Multiple Security Vulnerabilities
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 4 Extended Life Cycle Support. Red Hat Product Security has rated this update as having Critical security [More...]
LinuxSecurity.com: Updated php packages that fix three security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security [More...]
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Security Report Summary
Open-Xchange Security Advisory 2014-11-07
[SECURITY] [DSA 3068-1] konversation security update
KDE Workspace Arbitrary Command Execution Vulnerability

Europe's cyber security agency wants pick your infosec BRAINS
Do you work in the ICT sector? If so, Europe's top cyber security agency wants you. ENISA (The European Union Agency for Network and Information Security) is looking for 20 experts to join its “Permanent Stakeholders' Group”. Self-declared experts who ...

and more »
requests-kerberos 'requests_kerberos/kerberos_.py' Remote Security Bypass Vulnerability
FreeBSD Security Advisory FreeBSD-SA-14:24.sshd [REVISED]
Insecure management of login credentials in PicsArt Photo Studio for Android [STIC-2014-0426]
XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities
ZTE ZXDSL 831 Multiple Cross Site Scripting
Internet Storm Center Infocon Status