InfoSec News


FPT to co-operate with Nigerian business
Viet Nam News
HA NOI — CMC Information Security Corporation (CMC InfoSec) yesterday launched CMC Mobile Security, a free anti- virus software on mobile phones. The software will be applied for the Android operating system with simple, user-friendly interface. ...

 
ZipGenius ZIP Archive Stack Buffer Overflow Vulnerability
 
Dish Network will acquire satellite mobile operator TerreStar Networks for $1.375 billion under an agreement approved Thursday by a bankruptcy court.
 
There's always a moment in any horror film where, inexplicably, one of the character, let's call him Chuck, wanders blindly into an obviously lethal encounter in a confined space. It's the I'm just going down to the cellar to find out where everyone else has gone moment that has most of us suddenly looking for a reason to run into another room to miss the grizzly outcome. Shortly after Chucks demise, one of the surviving cast clearly hears someone coming back up the cellar stairs and happily assumes it's just Chuck. Moments later they meet an equally horrifying end with some random household object.
Funny thing is a digital door to the cellar looms for an incident responder when investigating a report of a suspiciously acting system. Typically they're much better prepared and equipped than our fictional friend Chuck, but there is still a very real threat that crosses over from horror movies. What if the thing lurking on the system tries to stealing the digital identity of the brave incident responder? Suddenly we've got Good Ash and Bad Ash*, both with the same credentials access and privileges. The fight to contain an incident on just one system has now expanded to any system Ash's credentials has access to. This isn't a going to end well.
So how can we as incident responders on Windows systems protect ourselves against this?
Enter some fantastic research culminating in a presentation given at 2011 Digital Forensics and Incident Response Summit[1] by Mike Pilkington. Mike's talk, Protecting Privileged Domain Accounts during Live Response [2], covers the work he did to understand and protect the incident responder's domain credentials on remote Windows systems.
The presentation focuses on three areas where credentials are at risk from an attacker:

Password Hashes -Method for storing credentials on the local system
Access Tokens - Single sign-on functionality within Windows
Network Authentication -Protocols for authenticating to remote systems

This is worth printing out and spending some quality time going through. It discusses theses three areas of concern, takes you through the process so you can re-create each scenario and finally how to protect and detect against this type of attack.
After you've read it, take time to sit with your Windows Admins and explain to them the importance of protecting their credentials. This is well worth your time and energy educating any who has a privileged account. During an incident these folks need to be aware of the risk of remotely connecting to a possibly compromised system and how to do it safely. If you don't have a basic security training process for your system admin teams, this is a great starting point or ship 'em off and have some else educate them [3].
Once youve adopted Mikes findings in to your incident response processes and into the Windows admins understanding, having your credentials used against be that one thing less to fear when facing that next digital cellar door. In the immortal words of Good Ash, to sum up, Groovy.
[1] http://www.sans.org/forensics-incident-response-summit-2011/agenda.php

[2] http://securityscaper.com/Protecting%20Privileged%20Domain%20Accounts%20during%20Live%20Response%20-%20June%202011.pdf

[3] http://www.sans.org/security-training/hacker-detection-systems-administrators-continuing-education-program-1312-mid



* Army of Darkness - so many lessons can be learnt, or one-liners stolen, for the IR world - Thank you Bruce Campbell!


Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

GovInfoSecurity.com

Infosec Joblessness Remains Steady, at 0%
GovInfoSecurity.com
Employment among information security analysts in the United States soared this past quarter by 16 percent, with none of the professionals in this line of work reporting that he or she was out of a job. Among the 12 computer-related job classifications ...

 
FreeType 'src/psaux/t1decode.c' Memory Corruption Vulnerability
 
As all-purpose laptops go, the Dell Vostro 3350--the entry-level model in the current version of Dell's small-business line--leans closer than most to the ultraportable side of the fence. Its 13.3-inch, widescreen, LED-backlit display is set into a sleek and attractive 4.9-pound package that, when in use, won't elicit howls of discomfort from the person seated in front of you in economy class, and its excellent battery life should easily get you across the country on said flight.
 
Oracle this week filed what is likely the first of several requests that the patent office reconsider its initial rejection of a patent relevant to Oracle's legal dispute with Google.
 
Intel is adding new sensors to its server chips to help companies improve the efficiency of data center cooling systems, with a view to cutting operating costs and prolonging the life of equipment.
 
Google's other social networking site, Orkut, which has been around for about seven years and has tens of millions of users worldwide, will continue to operate alongside the new Google+ for now.
 
Siemens SIMATIC S7-1200 PLC Systems Replay Security Bypass and Denial of Service Vulnerabilities
 

The security career path: Pros and cons of job hopping
SearchSecurity.com
This month, Lee and Mike help an infosec pro decide on the right security career path. For more information about InfoSecLeaders.com, or to ask a question, see below. I am currently in the early stages of my information security career and I have a ...

 
After major privacy failures in its Buzz and Street View services, Google has hit the right notes with its deliberate, measured roll out of its new Google+ social networking site, according to privacy experts.
 
Amazon.com is expected to ship up to 1.2 million tablet computers by the end of September, making it the biggest of the non-iPad tablet suppliers in the third quarter, according to a new report in DigiTimes.
 
Mozilla Firefox and Thunderbird CVE-2011-2375 Memory Corruption Vulnerability
 
It's the back-to-school sales season and some well-equipped laptops are now available for under US$400. The laptops have between 11.6-inch and 15.6-inch screens and are capable of Web surfing, casual gaming and playback of high-definition movies. Some sub-$400 laptops include Advanced Micro Device's new Fusion processors or Intel's previous generation of Core processors, which were popular at this time last year.
 
Space shuttle Atlantis soared into space late this morning, marking the beginning of the end of NASA's 30-year shuttle program.
 
IDC raised its tablet shipment forecast for the year due to growing consumer interest in tablets and the introduction of new devices, the research firm said on Friday.
 
Avaya IP Office Manager TFTP Server Remote Directory Traversal Vulnerability
 

GovInfoSecurity.com

Deputy Secretary Serves as DoD's Cybersecurity Point Man
GovInfoSecurity.com
Outlines New Infosec Approach), and represented the United States at global cybersecurity gatherings. "Cyber is an area in which the US cannot go it alone," he said. "There is a strong logic to collective cyber defenses. Collective cyber defenses are ...

and more »
 

Security B-Sides Announces All-Star Speaker Line-Up And Event Details For B ...
Dark Reading
by Jack Daniel "Info Sec Institute: What College Never Will Teach You" by Rick Deacon "How Government Accountability Conflicts With Citizen Privacy (and Why It's Your Fault)" by Wendy Nather "Are There Still Wolves Among Us?" by Val Smith "Wireless' ...

 
Apple will release OS X 10.7, or Lion, some time next week, perhaps Thursday, according to multiple reports.
 
Google is telling IT executives to hold off on using Google+, perhaps until later this year, as it prepares its new service for the rigors of business use.
 
Microsoft on Thursday boosted the security of a tool that lets Outlook users send and receive messages through the company's Web-based Hotmail service.
 
For a few hours on Thursday, credit card donations once again flowed to WikiLeaks through a payment gateway at Icelandic hosting company DataCell. Then Visa shut it down again.
 
With no definitive measure of how IT hiring fared during the recession, job experts hold conflicting opinions about the residual effects on that sector.
 
LibreOffice '.lwp' File Multiple Remote Stack Buffer Overflow Vulnerabilities
 
Oracle MySQL Prior to 5.1.52 Multiple Denial Of Service Vulnerabilities
 

GovInfoSecurity.com

Shutdown Takes Toll on Infosec Pros
GovInfoSecurity.com
Minnesota has seen an increase in malicious traffic since the state government shut down a week ago, but state CISO Chris Buse says sophisticated intrusion-detection systems and an alert skeleton staff have prevented any harm from being done, ...

and more »
 
Tech managers share tales of vacations disrupted by crises in the office and the lessons they learned.
 
Hacker group Anonymous plans to promote an affiliated political party to attract people who share its civil liberties goals, but do not agree with its methods.
 
For a few hours on Thursday, credit card donations once again flowed to WikiLeaks through a payment gateway at Icelandic hosting company DataCell. Then Visa shut it down again.
 
Hitachi HiRDB Unspecified Denial Of Service Vulnerability
 
Internet Storm Center Infocon Status