Hackin9
A noisy malware campaign against South Korea is revealing deeper secrets.
 
Hardware appliances used by broadcasters to transmit emergency communications contained vulnerabilities that could be exploited over the Internet, although patches are now available.
 
The U.S. government can no longer refuse to litigate wiretapping cases on the grounds that they would expose state secrets and undermine national security, a U.S. court has ruled.
 
Starting today, Microsoft will give resellers up to $10 for each device they sell from a list of 21 Windows 8 touch-enabled PCs and tablets, company executives said.
 

The US Emergency Alert System, which interrupts live TV and radio broadcasts with information about national emergencies in progress, is vulnerable to attacks that allow hackers to remotely disseminate bogus reports and tamper with gear, security researchers warned.

The remote takeover vulnerability affects the DASDEC-I and DASDEC-II application servers made by a company called Digital Alert Systems. It stems from the a recent firmware update that mistakenly included the private secure shell (SSH) key, according to an advisory published Monday by researchers from security firm IOActive. Administrators use such keys to remotely log in to a server to gain unfettered "root" access. The publication of the key makes it trivial for hackers to gain unauthorized access on Digital Alert System appliances that run default settings on older firmware.

"An attacker who gains control of one or more DASDEC systems can disrupt these stations' ability to transmit and could disseminate false emergency information over a large geographic area," the IOActive advisory warned. "In addition, depending on the configuration of this and other devices, these messages could be forwarded and mirrored by other DASDEC systems."

Read 4 remaining paragraphs | Comments

 

News of Iceland

Computer hackers attend a conference in Iceland - Hacker Halted Europe 2013
News of Iceland
Hacker Halted is the preeminent Information Security Training Event and Conference for CEH's and others in the InfoSec industry who are looking to increase their knowledge and know-how. For over 5 years, stellar speaking lineups have provided practical ...

 
Take a drive on Highway 101 between Silicon Valley and San Francisco these days and you might see one of Google's driverless cars in the lane next to you. The vehicles are one of the most visible signs of the increasing amount of research going on in the area related to automated driving technology.
 
Certified 100% malware free.

The Economic Development Administration (EDA) is an agency in the Department of Commerce that promotes economic development in regions of the US suffering low growth, low employment, and other economic problems. In December 2011, the Department of Homeland Security notified both the EDA and the National Oceanic and Atmospheric Administration (NOAA) that there was a potential malware infection within the two agencies' systems.

The NOAA isolated and cleaned up the problem within a few weeks.

The EDA, however, responded by cutting its systems off from the rest of the world—disabling its enterprise e-mail system and leaving its regional offices no way of accessing centrally-held databases.

Read 6 remaining paragraphs | Comments

 
The fallout from the recent disclosures of the National Security Agency's secret surveillance programs continues to spread.
 

The hackers responsible for a malware attack in March that simultaneously wiped data from tens of thousands of South Korean computers belong to the same espionage group that has targeted South Korean and US military secrets for four years, researchers said.

The conclusion, reported in a recently published research paper from security firm McAfee, is surprising. Most groups behind network-based espionage campaigns take pains to remain hidden to ensure their advanced persistent threat (APT) is able to siphon as much sensitive data as possible. The "Dark Seoul" attack, by contrast, has attracted huge amounts of attention because of its coordinated detonation. It struck government and media networks in South Korea precisely at 2pm local time on March 20, affecting both Internet and mobile banking applications, while taking automatic teller machines offline. Until now, researchers speculated the unknown group behind the attack was primarily motivated by a goal of causing disruptions.

In fact, Dark Seoul was just one component of "Operation Troy," a long-term spying campaign targeting military organizations that dates back to at least 2009. The covert operation gets its name from references to the ancient city found in malware developed by the attackers. The malware made use of a sophisticated control network to carry information over Web and Internet relay chat connections that were secured with strong encryption. Remote access tools installed on compromised target machines methodically searched for military terms and downloaded only documents that were deemed important. The malware initially took hold after the attackers planted a previously undocumented "zero-day" exploit on a military social networking site. The technique is known as a watering-hole-style attack, because it attempts to plant drive-by exploits into sites frequented by the people the attackers hope to infect (similar to a hunter targeting its prey as it drinks water).

Read 5 remaining paragraphs | Comments

 
HP StoreOnce D2D Backup System CVE-2013-2342 Remote Unauthorized Access Vulnerability
 

Announcing the SANS 2013 Help Desk Security and Privacy Survey Results!
Sacramento Bee
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security ...

and more »
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft is rolling out a more flexible licensing policy for its CRM Online application that could make it more competitive with the likes of Salesforce.com, but in one instance it also introduces a price increase.
 
A secret surveillance court has exceeded its legal authority by allowing the U.S. National Security Agency to collect customer telephone records from Verizon Communications, a privacy group said in a petition to the U.S. Supreme Court.
 
How safe is your online social network? Not very, as it turns out. Your friends may not even be human, but rather bots siphoning off your data and influencing your decisions with convincing yet programmed points of view.
 
Re: WordPress feed plugin Sql Injection
 
NASA scientists are working on a rescue plan for the Kepler Space Telescope and will try to kick start the planet hunter later this month.
 
Clearwire shareholders approved Sprint Nextel's takeover of their company on Monday, ending a saga that had included years of uncertainty and finally a bidding war for the spectrum-rich wireless network operator.
 
SoftBank plans to invest $16 billion in capital improvements at Sprint in the next two years, CEO Masayoshi Son said days before the acquisition closes on Wednesday.
 
Hiring of technology professionals has been on the upswing in the first half of this year, with new IT hires accounting for about 10% of all the job growth in the U.S. in June, according to two independent assessments.
 
Whether users are tweeting from their Android devices or an iPhone, iPad or their desktop, Twitter has an update for you.
 
LinuxSecurity.com: Applications using Raptor could be made to expose sensitive information orrun programs as your login if they opened a specially crafted file.
 
LinuxSecurity.com: A buffer overflow has been identified in nginx, a small, powerful, scalable web/proxy server, when processing certain chunked transfer encoding requests if proxy_pass to untrusted upstream HTTP servers is used. An attacker may use this flaw to perform denial of service [More...]
 
LinuxSecurity.com: Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, use-after-free vulnerabilities, missing permission checks, incorrect memory handling and other implementaton errors may lead to the execution [More...]
 
Re: [security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification
 
[security bulletin] HPSBST02890 rev.2 - HP StoreOnce D2D Backup System, Remote Unauthorized Access and Modification
 
Re: OS-Command Injection via UPnP Interface in multiple D-Link devices
 

Almost 24,000 user accounts on Nintendo's main fan site have been hijacked in a sustained mass-login attack that began early last month, the company said.

The wave of attacks on Club Nintendo exposed personal information associated with 23,926 compromised accounts, including users' real names, addresses, phone numbers and e-mail addresses, according to a press release Nintendo issued over the weekend. The campaign began on June 9 and attempted more than 15.5 million logins over the following month. Attackers likely relied on a list of login credentials taken from a site unrelated to Nintendo.

Club Nintendo offers rewards to Nintendo customers in exchange for having them register their products, answer surveys, and provide personal data. The site operates internationally and has about four million users in Japan, the primary region of most affected users. Things came to a head on July 2, when the wave of logins crested. By Friday, July 5, Nintendo had reset passwords on the site.

Read 2 remaining paragraphs | Comments

 
Re: OS-Command Injection via UPnP Interface in multiple D-Link devices
 
Authentication bypass in D-Link devices (session cookies not validated)
 
Authentication bypass in D-Link routers
 
VUPEN Security Research - Oracle Java Preloader Click-2-Play Warning Bypass Vulnerability
 

Announcing the SANS 2013 Digital Forensics and Incident Response Survey ...
Sacramento Bee
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security ...

and more »
 
The Brazilian government has formally asked the U.S. government for clarification regarding the alleged large-scale interception of electronic communications of Brazilian citizens by the U.S. National Security Agency.
 
Facebook is rolling out Graph Search, the advanced search feature intended to help users more easily find people, photos, videos and places on the social network.
 
Microsoft will release Windows 8.1 to computer and tablet makers in late August, a company executive said today.
 
Analysts remain skeptical that Microsoft's relaunch of Windows 8 and the free upgrade to Windows 8.1 will translate into increased PC and tablet sales in the second half of the year.
 
Microsoft is adding a set of BI (business intelligence) tools to its hosted Office 365 service, including some capabilities not yet offered in stand-alone Microsoft software products.
 
LG is using a new video to promote an Aug. 7 event in New York City, evidently to unveil its new G2 smartphone running a faster Snapdragon 800 processor.
 
[oCERT-2013-001] File Roller path sanitization errors
 
[SECURITY] [DSA 2721-1] nginx security update
 
OS-Command Injection via UPnP Interface in multiple D-Link devices
 
[SECURITY] [DSA 2720-1] icedove security update
 
Prominent shareholder advisory group Institutional Shareholder Services has given a stamp of approval to Dell founder Michael Dell's bid to take the company private.
 
As networking continues to expand and diversify, encompassing a growing number of wired and wireless devices, the demand for network monitoring tools remains high. While feature-packed commercial products abound, the growing market for monitoring tools has also fueled robust offerings from the open source community.
 
I hope everyone had a great weekend and holiday for those in the U.S. We had a relatively queit weekend so I thought I would follow up with a question from SANSFire. It's a little less computer techie.

Introduction

SANSFIRE 2013 I did a talk about understanding online news and decided to follow up on a question. In this discussion there were many talking points but the question of “Why do we click” came up. There is no real complete “Technical” answer but I will cover some factors. First, it is pretty much well known and accepted that when you are tired you can make mistakes. There was a meta-analysis done studying self-control and they discuss other factors that might be contributors to "the click factor." Things like, diet, stress, and difficulty of current task could be contributors to reduced self-control (Hagger, Wood, Stiff, Chatzisarantis, 2010).
 

Details

 
What came out of this was a simple idea that might help. So simple we will likely ignore it :) There is usually not a good reason to check email at midnight, let alone 2AM [depending upon your sleep schedule of course]. 
 
To recap:
 
  • When you are tired you might make mistakes.
  • When you are stressed and tired you are even more likely to make mistakes.
  • When you are stressed, hungry, and tired + + + 
 
 
Personally, I consider all of our readers cynical by nature and somewhat suspicious, it's what we do right? What about your <Insert_non_techie_Here> person? In my experience Sales Account Managers are a great stereotype to pick on! I know one CIO that use the sales staff as mobile honeypots/malware collection points. That said, how many of us have seen a huge deluge of email from Account Rep A that was sent between Midnight and 1AM? Speculating on the scenario, perhaps hotel room, end of quarter, chasing the deal, etc… We can somewhat safely assume that individual is both tired and stressed. Another relatively safe component to the scenario is diet as the individual has probably been eating in hotels and restaurants for days. There is a limit to the amount of self-control a person has (Baumeister, Bratslavsky, Muraven, Tice, 1998).
 
All those people related issues can directly contribute to something we consider a security related problem. We often talk about, mostly in jest, OSI Layers 8+. Perhaps it is time to have some real discussions on things we as security operators can be aware of.
 

Conclusion

 
In closing, why do we just click on things? Not sure, but I know that it is a people issue and am starting to understand some factors. In our industry it's about mitigating risk factors. 
 
It would probably never fly but idea? Based on time zone, suggest professionals minimize emails to N working hours? 6AM to 10PM maybe?
 

References

 
Baumeister, R. F., Bratslavsky, E., Muraven, M., & Tice, D. M. (1998). Ego depletion: Is the active self a limited resource? Journal of Personality and Social Psychology, 74(5), 1252-1265. doi:10.1037/0022-3514.74.5.1252
 
Hagger, M. S., Wood, C., Stiff, C., & Chatzisarantis, N. L. D. (2010). Ego depletion and the strength model of self-control: A meta-analysis. Psychological Bulletin, 136(4), 495 - 525. doi:10.1037/a0019486
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Garmin today announced a portable head-up display device for smartphone navigation apps that costs $129.99 and can be used in any car.
 
William Stanley Jevons was a Victorian-era economist who explained why Britain used more coal, not less, as the resource dropped in price. Ronald Coase wrote his seminal work on why people use firms to conduct transactions back in 1937. Both help explain why this is the era of cloud computing.
 
HP System Management Homepage CVE-2013-3576 Command Injection Vulnerability
 
FFmpeg Multiple Remote Vulnerabilities
 

Doing More Than Paying Risk Management Lip Service
InformationWeek
"A common issue in many organizations that I have seen is where the infosec team runs a vulnerability or Web application scan and reports the items requiring remediation, but the team responsible for remediation argues that the CVSS score is inaccurate ...

 
Our intellectual property and sensitive data have been leaving the relatively safe confines of our internal network without adequate security precautions, all because users find it convenient to get their company email in their personal webmail accounts.
 
Fixes to the Android fork CyanogenMod cast light upon the "masterkey" flaw and revealed it to be a simple trick of putting two same-named files in an archive. The challenge for Google is how to mitigate any exploitation and get updates to users
    


 
Linux Kernel Ceph CVE-2013-1059 Remote Denial of Service Vulnerability
 

Broad-minded infosec pros believe in aliens
ComputerWeekly.com
The high percentage of believers among the infosec community is not surprising, says Conrad Constantine, research system engineer at Alienvault. "It is important to have an open mind and a challenging disposition when it comes to working in IT and in ...

and more »
 
Venezuela's president Nicolas Maduro has offered to give asylum to Edward Snowden, the former contractor of the National Security Agency who leaked documents about the agency's surveillance programs.
 
The platform-as-a-service market is likely to undergo a period of consolidation and change as big enterprise IT vendors and infrastructure-as-a-service vendors vie for a piece of the action. Insider (registration required)
 
The platform-as-a-service market is still tiny, but it's growing as vendors consolidate and more users decide give PaaS a try. Insider (registration required)
 
After an initial rush, downloads of Microsoft's free Office for the iPhone quickly tailed off, data from a mobile app analytics company showed Sunday.
 
Bad apps in sheep's clothing, keyjacking, a $20,000 Facebook hole, an exploit source, traces of Tor, and a birthday celebration
    


 
Drupal Fast Permissions Administration Module Access Bypass Vulnerability
 
Microsoft is shutting down on Sept. 30 its MSN TV service that allowed users to browse the Web from their TVs, as there are now new ways to access the Internet including mobile phones, tablets and its own Xbox console.
 
Nintendo said a main fan site was hit by a wave of illicit login attempts in Japan over the last month, with attackers gaining access to nearly 24,000 accounts containing users' real names, addresses, phone numbers and emails information.
 
Mozilla Firefox and Thunderbird CVE-2013-1686 Use-After-Free Memory Corruption Vulnerability
 

Posted by InfoSec News on Jul 08

http://fcw.com/articles/2013/07/05/nist-security-guide.aspx

By Reid Davenport
FCW.com
July 05, 2013

The National Institute of Standards and Technology has issued a request
for information for a new guide on how to respond more quickly to security
breaches. The guide, "Computer Security Incident Coordination," is aimed
at improving communication between response teams.

"Even though government and industry defend their...
 

Posted by InfoSec News on Jul 08

http://www.fiercegovernmentit.com/story/faa-registry-pilots-data-risk-data-breach/2013-07-03

By David Perera
FierceGovernmentIT
July 3, 2013

Personally identifiable information kept within the Federal Aviation
Administration's Civil Aviation Registry is at risk for breach, says the
Transportation Department office of inspector general.

For a June 27 report (.pdf), auditors examined the registry's system
configuration and account...
 

Posted by InfoSec News on Jul 08

http://www.ndtv.com/article/cities/9500-crucial-files-missing-from-mumbai-civic-corporation-building-security-compromised-388831

Reported by Yogesh Damle, Written by Miloni Bhatt
NDTV.com
July 07, 2013

Mumbai: For a city like Mumbai, constantly singed by terror, any security
breach is scary and this involving the Brihan Mumbai Municipal Corporation
is alarming.

9500 files from the Building Proposals department of the Brihanmumbai
Municipal...
 

Posted by InfoSec News on Jul 08

http://www.cnbc.com/id/100867731

Reuters
July 6, 2013

Investment-research firm Morningstar said personal information, including
credit-card details, of about 2,300 users of its Morningstar Document
Research service may have been compromised due to a security breach last
year.

The incident on April 3, 2012 may also have led to the leakage of names,
addresses, email addresses and passwords, the company said in a filing on
Friday....
 

Posted by InfoSec News on Jul 08

http://www.infosecnews.org/former-nsa-contractor-edward-snowden-now-former-ec-council-ceh/

By William Knowles
Senior Editor
InfoSec News
July 5, 2013

The New York Times is reporting that former National Security Agency /
Booz Allen Hamilton contractor “on the lam” Edward Snowden became a
Certified Ethical Hacker in 2010.

Snowden’s resume, which has not yet been made public has been described by
those that have seen it, sheds new light...
 
Internet Storm Center Infocon Status