The most successful wearable devices will be ones that can work without a phone, and AT&T will have at least one of them by the end of this year, the man who manages the carrier's partnerships said.
Mark Karpeles, CEO of the now-bankrupt Bitcoin exchange Mt. Gox, is auctioning off Bitcoins.com, a site Karpeles launched last year to provide information around the digital currency.

Here's one way how to get at sensitive data that seems to be making a comeback. Already in the olden days, it was popular with the crooks to register domain names that only differed by a typo from the name of a legitimate high traffic site. Googl.com, for example. The crooks would then run web pages with lots of advertisements on these domains, and live happily ever after from the ad revenue that the misdirected typo traffic alone brought their way.

Google put a stop to this by registering, for themselves, pretty much all typos of their brand that you can imagine.  Not all companies have done so, and with the increased use of smart phones with annoyingly fumbly keyboards (and often autocorrect, as well), typos are making a comeback. As do the typo harvesting sites. This time though, it looks as if they are not after ad clicks -- instead, we see an increase of typo domains that publish an MX record, and thus receive all the mail that was meant for the attacked company, but where the @domain portion of the address contained a typo.

I was recently participating in the analysis of data taken from such a server that the crooks had used to collect other people's mail. One thing that particularly stood out was that a lot of the harvested emails actually came from within the attacked real estate company, and contained rather sensitive internal mails.  In other words, say, an employee @samplecompany.com had wanted to send something to a coworker, but typed [email protected]maplecompany.com instead on her (not-so)smartphone. As a result, instead of getting delivered internally, the email took the Internet route, and ended up on the server that the crooks had set up.

For every email address with a typo that came from a customer or other external sender, we found a dozen or so of mails that were intended to be from and to an internal employee. What made matters worse is that some of the mobile phones that the company employees used were helpfully "remembering" previously typed email addresses, so once a typo had been made, the fix was in, and the problem persisted until/unless the user noticed that his colleague never answered.

If you don't own the most likely permutations and typos of your main email domain for yourself, you might want to check who does. And if they publish an MX record for these domains, you might want to check your outbound email log to see how much of your intended internal email has typos, and is leaking out.

Update: ISC reader Jerry points out that according to RFC 5321, if no MX record is returned, the A record will be tried instead. So don't count only on the presence of MX records in typo squatting domains to determine if your email is being siphoned off, if in doubt, check their port 25 as well.



(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A proposal by U.S. Federal Communications Commission Chairman Tom Wheeler to pump billions of dollars into Wi-Fi deployment at schools and libraries has run into a snag, with the commission's two Republican suggesting the money will come from U.S. residents' pocketbooks.
Another month of security updates from Microsoft means, once again, another round of fixes for the company's Internet Explorer (IE) Web browser, as well as a set of updates for the Windows operating system, for both the server and desktop editions.
Google has big hopes for its Glass head-mounted computer, chief among them a desire to make the unit smaller and more comfortable to wear.
Facebook has grown and evolved in recent years. In addition to connecting people online, it bombards users with unnecessary ads and useless sponsored stories. And it runs experiments on its users. Columnist Alex Burinskiy is not amused.
Python has surpassed Java as the top language used to introduce U.S. students to programming and computer science, according to a recent survey posted by the Association for Computing Machinery (ACM).
The rumors of the PC's demise have been greatly exaggerated, analysts say.
While Google's Chrome and Microsoft's IE10 and IE11 browsers will automatically update to the latest version of Adobe Flash, anyone using Safari, Firefox, Opera or older versions of IE must do so manually.
With the DARPA robotics challenge finals less than a year away, roboticists at Worcester Polytechnic Institute are already working on the robot they hope will not only win the challenge but one day act as a search and rescue worker.

The recent arrest of a Russian hacker by the US Department of Homeland Security is stirring up diplomatic difficulties.

The suspect, 30-year-old Roman Valerevich Seleznev, is the son of a Russian lawmaker. The Russian Foreign Ministry, which says he was arrested in an airport in the Maldives, has condemned the tactics used by the US. Seleznev has now been transported to Guam, where he has made his first court appearance.

"We consider this as the latest unfriendly move from Washington," stated the Ministry, according to a Reuters report. The Russian Foreign Ministry's statement (Russian) describes the event as a "kidnapping."

Read 8 remaining paragraphs | Comments

Linux Kernel 'shmem.c' CVE-2014-4171 Local Denial of Service Vulnerability
Microsoft Internet Explorer CVE-2014-1775 Remote Memory Corruption Vulnerability

Update: Almost four hours after this article went live, a Tumblr spokeswoman e-mailed Ars to say the site has been patched against the Rosetta Flash attack.

A serious attack involving a widely used Web communication format is exposing millions of end users' authentication credentials on sites including eBay, Tumblr, and Instagram, a well-respected security researcher said Tuesday.

The exploit—which stems from the ease of embedding malicious commands into Adobe Flash files before they're executed—has been largely mitigated by a Flash security update Adobe released Tuesday morning to coincide with a technical analysis of the threat, including proof-of-concept exploit code. It will take days or weeks for a meaningful percentage of end users to install the fix, so the researcher who wrote the advisory is warning engineers at large websites to make server-side changes that will minimize the damage attackers can inflict on visitors. eBay, Tumblr, Instagram, and Olark are known to be vulnerable to attacks that can intercept authentication cookies or other data they send end users. Until recently, both Twitter and a wide range of Google services were also susceptible to the exploit. The common identifier assigned to the exploit is CVE-2014-4671.

Read 11 remaining paragraphs | Comments

Microsoft Internet Explorer Multiple Arbitrary Code Execution Vulnerabilities
IBM AIX CVE-2014-3074 Temporary File Creation Vulnerability
[ MDVSA-2014:126 ] phpmyadmin
CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX
Apple has begun replacing Google Maps with its own mapping technology on iCloud.com, specifically in the Web-based "Find My iPhone" service.
LinuxSecurity.com: Several security issues were fixed in DBus.
LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in phpmyadmin: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web [More...]
LinuxSecurity.com: Security Report Summary

Overview of the July 2014 Microsoft patches and their status.

# Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*)
clients servers
MS14-037 Cumulative Security Update for Internet Explorer
Microsoft Windows, Internet Explorer

CVE-2014-1763 CVE-2014-1765 CVE-2014-2785 CVE-2014-2786 CVE-2014-2787 CVE-2014-2788 CVE-2014-2789 CVE-2014-2790 CVE-2014-2791 CVE-2014-2792 CVE-2014-2794 CVE-2014-2795 CVE-2014-2797 CVE-2014-2798 CVE-2014-2800 CVE-2014-2801 CVE-2014-2802 CVE-2014-2803 CVE-2014-2804 CVE-2014-2806 CVE-2014-2807 CVE-2014-2809 CVE-2014-2813 CVE-2014-1763 CVE-2014-1765 CVE-2014-2783 CVE-2014-2785 CVE-2014-2786 CVE-2014-2787 CVE-2014-2788 CVE-2014-2789 CVE-2014-2790 CVE-2014-2791 CVE-2014-2792 CVE-2014-2794 CVE-2014-2795 CVE-2014-2797 CVE-2014-2798 CVE-2014-2800 CVE-2014-2801 CVE-2014-2802 CVE-2014-2803 CVE-2014-2804 CVE-2014-2806 CVE-2014-2807 CVE-2014-2809 CVE-2014-2813
KB 2975687 Yes! Severity:Critical
Exploitability: 1
Critical Important
MS14-038 Vulnerability in Windows Journal Could Allow Remote Code Execution
Microsoft Windows

KB 2975689 No Severity:Critical
Exploitability: 1
Critical Critical
MS14-039 Vulnerability in On-Screen Keyboard Could Allow Elevation of Privilege
Microsoft Windows

KB 2975685 No Severity:Important
Exploitability: 1
Important Important
MS14-040 Vulnerability in Ancillary Function Driver
Microsoft Windows

KB 2975684 No Severity:Important
Exploitability: 1
Important Important
MS14-041 Vulnerability in DirectShow Could Allow Elevation of Privilege
Microsoft Windows

KB 2975681 No Severity:Important
Exploitability: 1
Important Important
MS14-042 Vulnerability in Microsoft Service Bus Could Allow Denial of Service
Microsoft Server Software

KB 2972621 Yes! Severity:Moderate
Exploitability: 1
Less Urgent Less Urgent
: center;">We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: Practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.

Alex Stanford - GIAC GWEB,
Research Operations Manager,
SANS Internet Storm Center

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
In April, Google launched "Glass at Work," a program that certifies Glass-related products and services from third-party vendors for use in enterprise environments. The company last month announced its first five official "Glass at Work" partners and took some significant steps toward legitimizing its Glass smartglasses in the enterprise.
In today's business environment, organizations are increasingly demanding advanced analytics that allow them to use large volumes and diverse types of data to discover patterns and anomalies and predict outcomes.
Abusing Oracle's CREATE DATABASE LINK Privilege for fun and Profit
[security bulletin] HPSBGN03050 rev.1 - HP IceWall SSO Dfw and HP IceWall MCRP running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access
[SECURITY] [DSA 2973-1] vlc security update
Microsoft has jumped in with both feet with the release to Preview of a new Microsoft Azure-based tool that helps organizations do Machine Learning and predictive analysis all from a Web console.
Trimble Sketchup CVE-2013-3664 Stack Based Buffer Overflow Vulnerability
Cisco Small Cell DHCP Message Processing Remote Arbitrary Command Execution Vulnerability
Hoping to win new business and build loyalty among existing customers, business intelligence software vendor MicroStrategy has broadly revamped its pricing and packaging structure.
Storage vendor EMC has scooped up cloud storage management company TwinStrata, the companies announced Tuesday.
Goldman Sachs is taking Google to court to force the cloud vendor to delete an email accidentally sent to a Gmail user. The consequences of a ruling for Goldman would be devastating.
OCS Inventory NG Multiple Unspecified HTML Injection Vulnerabilities
WordPress Easy Banners Plugin 'easy-banners.php' Cross Site Scripting Vulnerability
WordPress Custom Banners Plugin 'options.php' Cross Site Scripting Vulnerability
Microsoft will require companies to file individual claims if they want a service credit for the Exchange Online outage of last month.
There are several deployment choices, but none is overly complex to set up.
Some top hardware companies have established a new Internet of Things consortium to create standards so that billions of devices can connect to each other.
An antispam organization is pushing for quick law enforcement action against five people it alleges took part in one of the largest cyberattacks on record that caused Internet outages throughout Europe early last year.

Update: Cert.org corrected it's advisory. The GS105PE is affected, not the GS108PE as indicated earlier. The NVD CVE entry still lists the old model number [2]. 

Yet another hard coded password. This time it's Netgear's Prosafe Switch (GS105PE) running firmware version and earlier [1]. The pre-configured username is "ntgruser" and the password is "debugpassword". If you have any Netgear equipment, it may be worthwhile checking for this username and password even if your device isn't listed as vulnerable.

Sadly, at this point there doesn't appear to be a solution to the problem, other then returning the switch to the store and buying another one if you can.

CVE Number: CVE-2014-2969 [2]


[1] http://www.kb.cert.org/vuls/id/143740
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2969

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Multiple Yokogawa Products 'BKFSim_vhfd.exe' Stack Based Buffer Overflow Vulnerability
Cisco Cloud Portal CVE-2014-3297 Multiple Information Disclosure Vulnerabilities
Cisco Cloud Portal Form Data Viewer Multiple Information Disclosure Vulnerabilities
LZ4 Memory Corruption Vulnerability
Cacti CVE-2014-4002 Unspecified Cross Site Scripting Vulnerability

Posted by InfoSec News on Jul 08


By Darren Pauli
The Register
7 July 2014

North Korea has doubled the number of government hackers it employed over
the last two years according to military sources from the South.

The allegations claim 5900 "elite" personnel were employed in Pyongyang's
hacking unit, up from 3000 in 2012.

The hackers had their crosshairs firmly fixed...
PyCADF Notifier Middleware Information Disclosure Vulnerability
VLC Media Player CVE-2013-4388 Buffer Overflow Vulnerability

Posted by InfoSec News on Jul 08


By Dan Goodin
Ars Technica
July 7, 2014

In the latest cautionary tale involving the so-called Internet of things,
white-hat hackers have devised an attack against network-connected
lightbulbs that exposes Wi-Fi passwords to anyone in proximity to one of
the LED devices.

The attack works against LIFX smart lightbulbs, which can be turned...

Posted by InfoSec News on Jul 08


By Jon Gold Follow
July 7, 2014

The list of DDoS attacks in the month of June has made for grim reading.
High-profile sites have been targeted by extortion demands, online games
got disrupted and at least one company was put out of business as a direct

While it’s tempting to look for a single cause at the...

Posted by InfoSec News on Jul 08


By Gregg Keizer
July 7, 2014

A sophisticated Chinese hacker group that had been stealing information
from U.S. policy experts on nearby Southeast Asia suddenly changed targets
last month to focus on the Middle East -- Iraq, in particular -- security
researchers said Monday.

The group, called "Deep Panda," switched...

Posted by InfoSec News on Jul 08


By jseattle
July 7, 2014

A 30-year-old Russian man was arrested over the weekend for a series of
crimes involving hacking into point of sales systems at Washington
restaurants including a data breach in 2010 that involved stealing credit
card information from hundreds of customers of Capitol Hill’s Broadway
Grill. The allegations detail...
Internet Storm Center Infocon Status