Hackin9
OpenStack Keystone PKI Tokens Validation Security Bypass Vulnerability
 
[CVE-2012-5389] Null Pointer Derefence in Dart Webserver <= 1.9.2
 
[ MDVSA-2013:071 ] dbus-glib
 
[ MDVSA-2013:070 ] dbus
 
[ MDVSA-2013:069 ] cups-pk-helper
 
[ MDVSA-2013:068 ] courier-authlib
 
[ MDVSA-2013:067 ] couchdb
 

After breaking up with her boyfriend of two and a half years, an Illinois woman began to notice obscene messages being posted from her MySpace account. One post included her contact information and a picture of her in a thong. Another read: "Need a blow job? My dad buys them for my boyfriends." She was surprised because although she had shared her password with her ex-boyfriend, she changed it after the breakup.

She called her ex-boyfriend, Steven Kucharski, and demanded that he remove the content or she would go to the police. According to court records, he "started 'giggling and laughing' and told her that she deserved it."

The police investigated. A search warrant to MySpace revealed logs showing that the obscene content had been posted from an IP address belonging to Kucharski's father. Kucharski had helped the woman set up her MySpace account and used an e-mail address that belonged to him. This allowed Kucharski to gain access to the account even after she changed her password.

Read 6 remaining paragraphs | Comments

 
[ MDVSA-2013:064 ] bogofilter
 
[ MDVSA-2013:063 ] bip
 
[ MDVSA-2013:066 ] bugzilla
 
[ MDVSA-2013:065 ] boost
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Just this weekend, a user notified us of a company leaking sensitive information on its website. The information was readily available via Google, which is how the reader found it. The news outlets also talked about a case where the secret firmware key used to sign BIOS firmware from motherboard vendor MSI leaked due to an open FTP server, essentially invalidating the security of modern UEFI motherboards.

So what do you do? Someone notifies you hey, I found this document on your website, and I dont think it should be there. First thing would be to verify the leak (Identification). Dont forget to send back a big thank you.

Next we need to contain the incident. You are probably looking for a quick fix first. Something to stop the bleeding. Lets assume you dont have an actual breach, so your systems are not compromised, just someone didnt use proper care when they published the documents.

Here are some quick fix options:

- setup a web application firewall rule to block access to the documents if you can identify common properties (all PDFs, all Excel spreadsheets in the /accounting directory, all documents that contain the string SECRET in the header).

- if you dont have a web application firewall, you may be able to do something similar with your web server configuration, but sometimes you are less flexible when it comes to that

- remove the documents from the web server. You probably dont just want to delete them. Either move them out of the document root (minimum) or to a different system, tape, CD or some other medium

This may be part of the identification step, but I suggest you first remove access to the content before you check your web logs to figure out who accessed the documents. Who needs to be notified of the leak internally or externally?

Next plan the real fix (Eradication)

- who needs access to the documents?

- do we already have an authentication system we can leverage?

- how critical are the documents? What is an appropriate authentication scheme for them?

Dont rush this part! It can be hard to come up with correct access control rules after the fact, and it will take some time to get this right.

Finally, dont forget the cleanup of external copies. Remember: Once it is online, it is online for ever

- check search engines for cached copies of the content, and ask them to remove it

- while robots.txt is not a security feature, blocking access via robots.txt can speed up search engine removal

- search for other copies online of the content (Google, Bing, Pastebin, Twitter...) and try to remove these copies

It may be very hard, or impossible, to remove all copies.

Once the fix is tested, you probably want to make the documents available, or in some cases, the real solution may be not to offer the documents online in the form in which you had them online. (Recovery).

Lastly, dont forget the Lessons Learned part. In particular, dont forget to look at other spots where you made the same mistake, and try to fix the process used to make content live on your website. It is hardly ever the fault of an individual, but instead, a failure in the content management process, that leads to leaks like this.

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
These days, it's hard for me to imagine life without password-management software. Good "password hygiene" is essential to protect my online data from prying eyes, and it would simply be impossible to handle the dozens of passwords I use every day in a safe way if all I relied on was my poor, overtaxed brain.
 
[ MDVSA-2013:062 ] backuppc
 
[ MDVSA-2013:061 ] awstats
 
[ MDVSA-2013:060 ] accountsservice
 
 
[ MDVSA-2013:059 ] dhcp
 
[ MDVSA-2013:058 ] bind
 
[ MDVSA-2013:057 ] xinetd
 
Intel has doubled the speed of the Thunderbolt data transfer technology, which will soon shuttle data between host computers like Macs and peripherals at a rate of 20Gbps.
 
Oracle has rolled out a series of upgrades and new features for the PPM (project portfolio management) software suite it gained through the 2008 acquisition of Primavera.
 
Oracle has revised two of its business intelligence products, giving users the ability to wrest intelligence from a wider range of data sources, including spreadsheets, social media sites and Hadoop deployments.
 
VMware's Zimbra division has provided a preview of some of the enhancements it's working on for the next major release of the Zimbra Collaboration Server (ZCS), including an HTML5 Web client interface for both online and offline access to the product.
 
RubyGems karteek-docsplit 'text_extractor.rb' Remote Command Execution Vulnerability
 
Multiple Vulnerabilities in D-Link devices
 
Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user & dump usertable
 
Hewlett-Packard in the future will offer customized Moonshot servers at different prices and also offer configurations with ARM and Intel Xeon processors.
 
The federal government received 124,000 petitions for H-1B visas, 39,000 more than it can fulfill under two hiring caps.
 
Microsoft on Monday released a public beta of Office 2010 Service Pack 2, the first major update to the suite in almost two years.
 
Advanced cyber attacks hit businesses 20 times an hour on average, say researchers at security firm FireEye

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
[ MDVSA-2013:056 ] libxml2
 
[ MDVSA-2013:054 ] sudo
 
[ MDVSA-2013:053 ] proftpd
 
Premier 100 IT Leader Cynthia Nustad also answers questions on forensics and network administration as a career path and the best programming languages to learn.
 
My name is Stefan Hammond and my picture is above. OK, the pic's a few years old and I don't look quite that good. But that's me.
 
LinuxSecurity.com: Updated dbus-glib packages fix security vulnerability: A privilege escalation flaw was found in the way dbus-glib, the D-Bus add-on library to integrate the standard D-Bus library with the GLib thread abstraction and main loop, performed filtering of the message [More...]
 
LinuxSecurity.com: Updated dbus packages fix security vulnerability: It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting [More...]
 
LinuxSecurity.com: Updated cups-pk-helper package fixes security vulnerability: cups-pk-helper, a PolicyKit helper to configure CUPS with fine-grained privileges, wraps CUPS function calls in an insecure way. This could lead to uploading sensitive data to a CUPS resource, or overwriting [More...]
 
LinuxSecurity.com: When using the authpgsql module and if the Postgres server goes down, authpgsql will start leaking memory. A packaging flaw was discovered that caused the courier-authlib-devel package to be installed when installing for example maildrop. [More...]
 
LinuxSecurity.com: Updated couchdb packages fix security vulnerabilities: A security flaw was found in the way Apache CouchDB, a distributed,fault- tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API, processed certain [More...]
 
LinuxSecurity.com: Multiple vulnerablilities was identified and fixed in bugzilla: The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment [More...]
 
LinuxSecurity.com: Updated boost packages fix security vulnerability: A security flaw was found in the way ordered_malloc() routine implementation in Boost, the free peer-reviewed portable C++ source libraries, performed 'next-size' and 'max_size' parameters [More...]
 
LinuxSecurity.com: Updated bogofilter package fixes security vulnerability: In bogofilter before 1.2.3, bogofilter's/bogolexer's base64 could overwrite heap memory in the character set conversion in certain pathological cases of invalid base64 code that decodes to incomplete [More...]
 
LinuxSecurity.com: Updated bip package fixes security vulnerability: Buffer overflow in Bip 0.8.8 and earlier might allow remote authenticated users to execute arbitrary code via vectors involving a series of TCP connections that triggers use of many open file [More...]
 
LinuxSecurity.com: Updated backuppc packages fix security vulnerabilities: Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share [More...]
 
LinuxSecurity.com: Updated accountsservice packages fix security vulnerability: Florian Weimer discovered that AccountsService incorrectly handled privileges when copying certain files to the system cache directory. A local attacker could exploit this issue to read arbitrary files, [More...]
 
LinuxSecurity.com: An updated stunnel package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
Stunnel NTLM Authentication Mechanism Remote Buffer Overflow Vulnerability
 
[slackware-security] seamonkey (SSA:2013-097-01)
 
[ MDVSA-2013:049 ] net-snmp
 
[ MDVSA-2013:048 ] ncpfs
 

Companies may use Twitter, Facebook to share operations info, SEC says
New Haven Register
Companies may use Twitter, Facebook to share operations info, SEC says. Published: Thursday, April 04, 2013. By Dina ElBoghdady, The Washington Post. Click to enlarge. A Twitter page is displayed on a laptop computer. Companies can use social media ...

and more »
 
Hewlett-Packard's new densely packed low-power Moonshot server has finally come out of the company's labs and is available to customers in the U.S. and Canada starting at $61,875.
 
Scientists at the University of Washington are working on a rocket that they say could enable astronauts to reach Mars in just 30 days.
 
The U.S. Patent and Trademark Office (USPTO) last week reversed itself, withdrawing a rejection of Apple's trademark application for "iPad Mini," according to a document published by the agency.
 
[ MDVSA-2013:041 ] html2ps
 
Fusion-io announced a flash module for workstations that more than triples the capacity over its previous model, and for the first time Hewlett-Packard is preparing to ship workstations with the drives.
 
Microsoft today kicked off a new promotion aimed at Windows XP customers, who have just one year to ditch the 12-year-old OS before it's retired from support.
 
The Cutwail botnet is spreading a new Android trojan, although its possible attacks aren't limited to Android devices. If the dangerous links are opened on computers, users are directed to pages with the Blackhole exploit kit
    


 
HP LoadRunner 'magentservice.exe' Remote Stack Buffer Overflow Vulnerability
 
HP LoadRunner Virtual User Script Files Remote Buffer Overflow Vulnerability
 
[ MDVSA-2013:047 ] libxslt
 
[ MDVSA-2013:037 ] fetchmail
 
Microsoft has sold its Mediaroom IPTV platform to Ericsson in order to solely focus on the Xbox. For Ericsson, the deal will make it the largest provider of "IPTV and multi-screen solutions," it said on Monday.
 
[ MDVSA-2013:045 ] libssh
 
[ MDVSA-2013:044 ] libjpeg
 
[ MDVSA-2013:033 ] cronie
 
[ MDVSA-2013:023-1 ] coreutils
 
Creating an effective IT cover letter can mean the difference between getting the job or your resume getting trashed. These tips from IT career coaches and insiders will make your cover letter stand out.
 
Is the HTC One a smartphone that takes pictures or a camera that makes phone calls? That question may sound facetious, but there's the buzz around the upcoming HTC One and its newfangled UltraPixel camera--which will land in consumer hands on April 19th.
 
After months of high unemployment and a still-wobbly economy, any good news from the jobs market is going to get some traction. But even that doesn't seem to fully explain the attention surrounding a suddenly very "in" job title: data scientist.
 
[ MDVSA-2013:029 ] apache-mod_security
 
[slackware-security] subversion (SSA:2013-095-01)
 
App vendor, ingogo, has secured a $1.5million investment from leading investors in an attempt to fund further expansion of the business' taxi booking and payment platform.
 
Technology is a great way to engage patients in managing their health, but poor design--whether it's a bad interface or an app that doesn't meet patients' needs--often stands in the way. These 12 tips will help designers and developers improve the user experience for patients who want to improve their health.
 
In a new support document, the company explains that the secure connection will no longer be initiated by default in iOS 6.1. A recent patent lawsuit brought by VirnetX had ended in Apple having to pay a hefty fine
    


 

Poll: Biggest WTH moments in infosec
CSO (blog)
So tell me, my friends: When you think of moments you saw a headline about something in infosec and asked, "What were they thinking?" or "How could that have possibly happened?", what's the first thing that comes to mind? Maybe it was a particular data ...

 
Sony will soon launch 4K TVs far smaller and cheaper than existing models, along with a 4K media player and download service, all aimed at bringing the next-generation TV format into the mainstream.
 
Administrative tasks, brainstorming, and waiting for tests combine to overtake the hours spent designing and coding
 
Fujitsu has acquired RunMyProcess, a French startup that helps companies integrate on-site and cloud-based services.
 
Software-defined networking, a set of technologies to help networks better adapt to user needs with less manual effort, may at last be getting the common foundation it has needed for interoperability and efficient development.
 
'pam_ssh_agent_auth' Module CVE-2012-5536 Local Denial of Service Vulnerability
 

Companies may use Twitter, Facebook to share operations info, SEC says
The Saratogian
Companies may use Twitter, Facebook to share operations info, SEC says. Published: Wednesday, April 03, 2013. By Dina ElBoghdady, The Washington Post. Click to enlarge. A Twitter page is displayed on a laptop computer. Companies can use social ...

and more »
 
The Swiss National Supercomputing Center will upgrade its supercomputer with Nvidia graphics processors to enable the system to more accurately predict the weather in the steep mountains of the Swiss Alps.
 
Computer science professor Norm Matloff is a longtime critic of the H-1B program.
 
Knowing the future is a big part of the new IT skill set. But if you are going to find the future, you have to know where to look for it.
 
PricewaterhouseCoopers principal Chris Curran says CIOs must be ready to harness the power of a slew of technologies if they want to say competitive. Here Curran offers insight into his vision for IT through 2013 and beyond.
 
IBM researchers have found a way to make transistors that could be fashioned into virtual circuitry that mimics the way the human brain operates.
 
In a bid to improve its IT operations, the Department of Homeland Security has adopted agile development and is implementing cloud-based platforms.
 
The trend toward browsing from phones and tablets has helped some browser makers, dramatically in one case, but hurt others in the battle for usage share, data from a metrics firm showed.
 
At universities today, Cobol is mostly taught as an elective, and even then it's likely offered at less than one in four schools. There are strong opinions about whether that is the right direction.
 
Virtualization and cloud services are making it easier for companies to shift IT infrastructure operations to service providers, and that's exactly what many organizations are doing. Insider (registration required)
 
Oracle's unveiling of a batch of servers based on new Sparc processors marked what some analysts think is a step toward an expected standardizing of the vendor's two families of Unix servers onto a single chip architecture.
 
The AV-TEST Institute has published its first findings for Windows 8. Antivirus programs had to prove that they provided more protection than Windows Defender, the program that comes with the operating system
    


 
Multiple Asterisk Products CVE-2013-2686 'Content-Length' Header Denial of Service Vulnerability
 
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2013-0793 Cross Site Scripting Vulnerability
 
Google Chrome Prior to 24.0.1312.52 Multiple Security Vulnerabilities
 

Posted by InfoSec News on Apr 07

http://english.chosun.com/site/data/html_dir/2013/04/08/2013040801313.html

The Chosunilbo
April 8, 2013

North Korean leader Kim Jong-un in February expressed confidence in the
regime's cyber warfare capabilities against South Korea. A South Korean
official on Sunday quoted Kim as saying at the time, "If we have strong
information technology and brave warriors like the Reconnaissance General
Bureau, we will be able to break any...
 

Posted by InfoSec News on Apr 07

https://www.computerworld.com/s/article/9238190/DHS_warns_of_spear_phishing_campaign_against_energy_companies

By Jaikumar Vijayan
Computerworld
April 5, 2013

The Department of Homeland Security (DHS) has a warning for organizations that
post a lot of business and personal information on public web pages and social
media sites: Don't do it.

Phishers, the agency said in an alert this week, look for such information and
use it to craft...
 

Posted by InfoSec News on Apr 07

http://news.cnet.com/8301-1009_3-57578331-83/anonymous-targets-israel-in-another-cyberattack/

By Steven Musil
CNet News
April 7, 2013

Anonymous claims that a cyberattack launched against Israeli government Web
sites this weekend has caused billions of dollars of damage, although Israeli
officials say there have been no major disruptions.

The group claimed it hacked more than a dozen official Israeli Web sites,
including those for the Israel...
 

Posted by InfoSec News on Apr 07

http://www.bankinfosecurity.com/blogs/hidden-law-could-hamper-govt-infosec-p-1446

By Eric Chabrow
Bank Info Security
April 5, 2013

A mysterious lawmaker shielded by congressional rules covertly added language
into a new law that could make the purchase of IT security wares very difficult
for the departments of Commerce and Justice, NASA and the National Science
Foundation.

The law - the Consolidated and Further Continuing Appropriations Act...
 

Posted by InfoSec News on Apr 07

http://www.stltoday.com/business/local/schnucks-breach-will-likely-cost-millions/article_a1cbd2d9-7105-5bfe-8d97-07e2d1381bab.html

By Georgina Gustin
stltoday.com
April 6, 2013

Book stores. Banks. Even data security companies. They’ve all become recent
targets of increasingly sophisticated, determined — some say talented — hacker
gangs.

The “Friendliest Stores in Town” appear to be among their latest.

Last month, Schnuck Markets...
 
Internet Storm Center Infocon Status