Hackin9

InfoSec News

VirusTotal, which uses antivirus engines to check files for hidden malware, has been acquired by Google, according to a statement on the firm's website.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

Business Insider

'Warbiking' Is The Newest Way To Expose Your Cyber Security Risks
Business Insider
“We took one man, a bike, a computer, a GPS, two dynamos and some solar panels to the streets of London to see how many unsecured wireless networks we could find,” Sophos told InfoSec, a cyber security news site. InfoSec notes that the concern isn't ...

and more »
 
sflog! 'uploadContent.inc.php' Arbitrary File Upload Vulnerability
 
sflog! 'section' Parameter Local File Include Vulnerability
 
Mahara Multiple Cross Site Scripting and HTML Injection Vulnerabilities
 
Oracle did the right thing this week when it pledged to resume porting its software to Hewlett-Packard's Itanium-based servers, but it should never have pulled that support from a critical platform as it did in March 2011, according to users and analysts.
 
As the U.S. and eight other nations negotiate a wide-ranging trade agreement, several digital rights groups said they're concerned that the Trans-Pacific Partnership (TPP) will bring back controversial copyright-enforcement provisions pushed by some U.S. policymakers in recent years.
 
IT employment increased last month, and there may be signs in the latest data of high demand for some specific IT occupations.
 
General Motors, which is insourcing the majority of its IT work, Friday said it is hiring 500 IT positions in Austin to staff a new 'innovation center.'
 
A new tool allows Mac OS X attackers with root OS access to easily steal the keychain password data of logged in users and reinforces the dangers of granting administrative privileges to applications without serious consideration.
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3967 Memory Corruption Vulnerability
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3966 Multiple Memory Corruption Vulnerabilities
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-1973 Use-After-Free Memory Corruption Vulnerability
 
An elite hacker group targeting defense industry sub-contractors has an inexhaustible supply of zero-days, or vulnerabilities that have yet to be publicized, much less patched, Symantec said today.
 
Mozilla released Firefox 15.0.1 on Thursday in order to fix a bug that potentially exposed the websites visited by users while in "Private Browsing" mode.
 
Royal Caribbean International knew its cruise ship Oasis of the Seas had to be designed in a way that its size didn't overwhelm passengers and staffers. The company decided early on that IT would play a big part in addressing this challenge.
 
Cybercriminals tied to the 2009 Aurora attacks have used a flurry of zero-day exploits and a new "watering hole" attack technique in targeted campaigns.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Microsoft released an advance notification on two important bulletins and encouraged customers to address a SSL certificate update before October.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Oracle Java SE CVE-2012-1722 Remote Java Runtime Environment Vulnerability
 
Samsung has claimed that the way Android's multitouch software works is not as good as Apple's, in a bid to avoid a recall and ban on sales of its Android smartphones in a patent dispute with Apple in the Netherlands.
 
The Google Fiber broadband project in the Kansas City area will cost local taxpayers significant monies -- possibly millions of dollars -- to give Google free access to power, rights of way and even office space.
 
Intel will make a major mobile push at the Intel Developer Forum next week as the company tries to remain relevant in a market where tablets and smartphones are becoming an alternative to PCs for everyday computing.
 
Version 15.0.1 of Firefox has been released by Mozilla in order to correct a problem in the browser's Private Browsing feature that could result in a user's internet activity being disclosed


 
A new tool spits out Mac OS X passwords, mother "cracks" iPhone, Microsoft gives careless programmers a slap on the wrist, researchers break out of VM and sandbox profiles, and a well-known security expert publishes tall tales


 
A plethora of technologies, bespoke systems and acronyms offer management offer protection against unauthorised devices being connected to networks, but money, time, effort and management backing is needed to make this a reality. Imagine company X's policy is only authorized, company-approved computers can be connected and all violations have to be logged and reported or the auditors will be very unhappy. And no-one like to see sad auditors. But theres no budget. So whats a poor security admin to do? Well here's a suggestion.
Dynamic Host Configuration Protocol (DHCP) ubiquitous to most networks, making connectivity to the network only an Ethernet cable away*. For those with an eye on security, DHCP logs are a gold mine.
On gaining a DHCP lease the IP address assigned to the system and that IP address, the expiry time, the systems hostname and Media Access Control address (MAC address) get stored in the DHCP database. So lets look a couple of ways to turn these pieces of data in to security gold, remember our goal is to detect and alert on non-company approved systems being plugged in to the network.
The first step is to get access and a copy of the DHCP logs (or direct access to the DHCP database), so the data can be parsed and sorted into a format that can be dropped in to a script to automate the detection process. Most company networks are hopefully built using decent naming conventions and using only a couple of vendors computing hardware. This means by using some simple scripting, detecting those anomalies to the company standards should be a breeze. To clarify this:
System hostnames:

Companies tend to have a naming standard for their machines to make inventories, auditing and identifying manageable. Some example machines names: a00001, XYZ1234 and so on. Hostnames of JamesMegaLappy, SkyRocket and haz0r dont fit that naming standard and a basic regular expression [1] check against the naming standard will be able to pick this up instantly.
MAC address:

IEEE assigns an Organizationally Unique Identifier (OUI) [2] to each company manufacturing Ethernet devices. The company must use its own OUI [3] for the first three bytes of MAC addresses for equipment it produces. For example, the OUI of MAC address 00:06:5B:32:12:A0 is 00065B. For this example, company X uses two brands of computer hardware OIDs 00065B and 0001E6. A scripted task can run through the DHCP logs to pick out any MAC addresses that dont start with these OIDs.A script running hourly against the
A script reading DHCP logs detecting either a non-standard hostname or OID and sending an email alert is quick, easy to implement and an effective detection method to find those non-company approved systems. Using the expiry time entry to confirm when the device got its IP address, it provides a time frame of someone adding a device to the network, so local staff looking for the unauthorized system have a starting point to ask questions.
This isnt fool proof as it is trivial to change both the hostname and MAC address to blend in, but its highly effective against the majority of devices being plugged in to networks by those uncomprehending of the companys polices or those acting maliciously.
For those who like to take the offensive defence approach on their networks against policy violations, the offending MAC address can be added as a DHCP reservation with DHCP scope options that point the default gateway and DNS server to, say 127.0.01. This is limits what the offending device can connect to the next time it renews it DHCP lease or requests a new IP address.




Join Ashley Deuble for MGT 414: SANS +S Training Program for the CISSP Certification Exam in Brisbane, Australia
* DHCP leases can be offered to wirelessly as well but that would have broken my flow.
[1] http://en.wikipedia.org/wiki/Regular_expression

[2] http://standards.ieee.org/faqs/regauth.html

[3] http://standards.ieee.org/develop/regauth/oui/oui.txt

Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Intel shaved about a billion dollars off its third-quarter revenue forecast on Friday, blaming the global economy for slowing sales. It will announce full results for the quarter on Oct. 16.
 
GraphicsMagick 'png_IM_malloc()' Function Denial of Service Vulnerability
 
Administrators can breathe easier this month as there are only two patches in this month's Microsoft Patch Tuesday package... Which should give them time to prepare for October's short-key-purging update


 
Webmin Multiple Input Validation Vulnerabilities
 
Amazon's new tablet lineup, ranging from a $159 repriced Kindle Fire to the all-new $499 Kindle Fire 8.9-in. HD 4G, pose little threat to Apple's tablet dominance, several analysts said.
 
Apple is considering licensing a custom radio streaming service similar to Pandora, according to a report in Thursday's Wall Street Journal.
 
Quanta QCT announced a new low-power cloud server based on Intel's upcoming Atom processor code-named Centerton, and said the server would ship by the end of this year.
 
Attackers have managed to steal 24,000 units of the virtual currency – worth around €200,000 – from the BitFloor Bitcoin exchange. Other hackers have tried to use stolen tax information to blackmail Mitt Romney for one million Bitcoins


 
Version 3.4.2 of the popular open source publishing platform addresses two privilege escalation flaws which could be exploited to bypass certain security restrictions. A non-security-related update to WordPress for iOS has also been released


 
WordPress has developed into a full-fledged content management system. We look at 10 essential plugins that make it even better.
 
A 30-year-old man has been sent to prison in the US for selling access to a botnet he created


 

Posted by InfoSec News on Sep 07

http://www.CyberDefenceForum.com

National Cyber Defence Strategies Lack Public Confidence, Report Shows

Recently released findings of a survey conducted by Defence IQ indicate
that only 35% of the public have faith in the cyber defence strategy
devised by their national government.

The global survey, undertaken ahead of the 2012 Cyber Defence Forum
taking place in Prague from October 23-25, sought to discover the most
current trends in...
 

Posted by InfoSec News on Sep 07

http://oakridgetoday.com/2012/09/06/wsi-re-assigns-y-12-security-director-after-test-questions-found-in-patrol-vehicle/

By John Huotari
Oak Ridge Today
September 6, 2012

The new director of the protective force at the Y-12 National Security
Complex has been reassigned after a federal inspector allegedly found
papers in a patrol vehicle that included answers to a test scheduled to
be given to guards as part of an investigation following an...
 

Posted by InfoSec News on Sep 07

http://www.telegraph.co.uk/technology/news/9524604/Technology-start-ups-recruited-for-spy-gadgets.html

The Telegraph
06 Sep 2012

The security services have decided to widen the net for suppliers of
state-of-the-art spyware for "covert surveillance", it was reported.

Traditionally, the intelligence organisations have relied on a network
of trusted contractors but the change in approach represents an
opportunity for burgeoning...
 

Posted by InfoSec News on Sep 07

http://news.cnet.com/8301-1009_3-57507998-83/hacker-who-infected-72k-computers-gets-prison-sentence/

By Dara Kerr
CNET News
Security & Privacy
September 6, 2012

After pleading guilty last year to creating a botnet that wreaked havoc
on about 72,000 computers, Joshua Schichtel was sentenced to prison
today. The Department of Justice announced that Schichtel received a
30-month prison sentence for "selling command-and-control access...
 

Posted by InfoSec News on Sep 07

http://www.computerworld.com/s/article/9231013/Security_researchers_to_present_new_39_CRIME_39_attack_against_SSL_TLS

By Lucian Constantin
IDG News Service
September 6, 2012

Two security researchers claim to have developed a new attack that can
decrypt session cookies from HTTPS (Hypertext Transfer Protocol Secure)
connections.

Websites use session cookies to remember authenticated users. If an
attacker gains access to a user's session...
 
Internet Storm Center Infocon Status