Major Bitcoin exchange Bitstamp reopened its virtual doors late Friday, four days after it suspended services because of an online theft of 19,000 bitcoins valued at more than $5 million.

Bitstamp, the second largest Bitcoin exchange for US dollars, moved its system to Amazon’s cloud services and added additional security features to make compromises more difficult, Bitstamp’s CEO Nejc Kodrič said in a statement on the company’s website.

“By redeploying our system from a secure backup onto entirely new hardware, we were able to preserve the evidence for a full forensic investigation of the crime,” he said. “While this decision means we have not been able to provide you with services for a number of days, we feel this extra measure of precaution was in the best interest of our customers.”

Read 6 remaining paragraphs | Comments


The miscreants taking credit for knocking image board site 8chan offline, and earlier for taking down Sony's and Microsoft's gaming networks, operates an attack platform powered mostly by thousands of hacked home Internet routers, according to a published report.

The revelation, in an article posted Friday by KrebsOnSecurity, is the latest evidence documenting a big uptick in the hacking of Internet routers. Over the past 18 months, researchers have uncovered several other large-scale attacks on routing devices, including those made by Asus, Linksys, and many other manufacturers. Routers are often ripe targets because users fail to change default passwords, and the devices often contain security vulnerabilities that can easily be exploited by attackers halfway around the globe.

Those compromising routers for financial gain appear to be members of the Lizard Squad, a group that operates an online attack service that promises to take down any site a paying customer has requested. KrebsOnSecurity namesake Brian Krebs cited security researchers assisting law enforcement officials investigating the group. The researchers asked to remain anonymous. According to Krebs, the for-hire denial-of-service service is powered by a network of compromised devices that mostly include home routers from around the world that are protected by little more than default usernames and passwords. Krebs wrote:

Read 1 remaining paragraphs | Comments

OpenSSL CVE-2015-0205 Man in the Middle Security Bypass Vulnerability
OpenSSL CVE-2015-0204 Man in the Middle Security Bypass Vulnerability
OpenSSL 'dtls1_get_record()' Function NULL Pointer Dereference Denial of Service Vulnerability
OpenSSL 'dtls1_buffer_record()' Function Denial of Service Vulnerability

North Korea is a technological island in many ways. Almost all of the country's "Internet" is run as a private network, with all connections to the greater global Internet through a collection of proxies. And the majority of the people of the Democratic People's Republic of Korea who have access to that network rely on the country's official operating system: a Linux variant called Red Star OS.

Red Star OS, first introduced in 2003, was originally derived from Red Hat Linux. In theory, it gave North Korea an improved level of security against outside attack—a Security Enhanced Linux operating system based on Red Hat that could enforce strict government access controls on the few who got to use it.

However, because Red Star has had so few people with access to it, one of the ironic side effects has been that security holes in the operating system may have gone undetected. And as a security researcher who tested the latest release of Red Star's desktop version reported today, one flaw in the system would allow any user to elevate their privileges to those of the system's root account and bypass all those security policies put in place by the North Korean regime.

Read 6 remaining paragraphs | Comments

kwallet Weak Stored Password Encryption Local Security Weakness
ZNC WebAdmin Multiple NULL Pointer Dereference Denial of Service Vulnerabilities
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Updated php packages that fix two security issues are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security [More...]
LinuxSecurity.com: Updated asterisk packages fix security vulnerability: Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2 allows remote attackers to cause a denial of service (crash) by sending a zero [More...]
LinuxSecurity.com: Updated libevent packages fix security vulnerability: Andrew Bartlett of Catalyst reported a defect affecting certain applications using the Libevent evbuffer API. This defect leaves applications which pass insanely large inputs to evbuffers open [More...]
LinuxSecurity.com: Updated unzip package fix security vulnerabilities: The unzip command line tool is affected by heap-based buffer overflows within the CRC32 verification (CVE-2014-8139), the test_compr_eb() (CVE-2014-8140) and the getZip64Data() (CVE-2014-8141) functions. The [More...]
LinuxSecurity.com: Updated sox packages fix security vulnerability: The sox command line tool is affected by two heap-based buffer overflows, respectively located in functions start_read() and AdpcmReadBlock(). A specially crafted wav file can be used to trigger [More...]
LinuxSecurity.com: Updated libjpeg packages fix security vulnerability: Passing a specially crafted jpeg file to libjpeg-turbo could lead to stack smashing (CVE-2014-9092). [More...] _______________________________________________________________________
LinuxSecurity.com: Updated znc packages fix security vulnerabilities: Multiple vulnerabilities were reported in ZNC version 1.0 which can be exploited by malicious authenticated users to cause a denial of service. These flaws are due to errors when handling the editnetwork, [More...]

Using the Spotlight search feature in OS X Yosemite can leak IP addresses and private details to spammers and other e-mail-based scammers, according to tests independently performed by two news outlets.

The potential privacy glitch affects people who have configured the Mac Mail App to turn off the "load remote content in messages" setting, as security experts have long advised. Spammers, stalkers, and online marketers often use remote images as a homing beacon to surreptitiously track people opening e-mail. Because the images are hosted on sites hosted by the e-mail sender, the sender can log the IP address that viewed the message, as well as the times and how often the message was viewed, and the specific e-mail addresses that received the message. Many users prefer to keep their e-mail addresses, IP addresses, and viewing habits private, a goal that's undermined by the viewing of remote images.

Like Mozilla Thunderbird, Microsoft Outlook, and many other e-mail clients, Mail allows users to block remote images for precisely this reason. But even when remote image viewing is disabled in Yosemite-based Mail app settings, the images will be opened by Spotlight, according to two recent media reports. The feature is used to search a Mac for files or e-mail containing a specified search term. When spotlight returns a preview of e-mails containing the term, it loads the images, overriding the option. Images are loaded even when the previewed message has landed in a users' junk mail folder.

Read 1 remaining paragraphs | Comments

LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in openssl: A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack (CVE-2014-3571). [More...]
LinuxSecurity.com: The GNU cpio program could be made to crash or run programs if itopened a specially crafted file or received specially crafted input.
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Updated python-keystoneclient packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security [More...]
OpenStack Keystonemiddleware SSL Certificate Validation Security Bypass Vulnerability
[ MDVSA-2015:019 ] openssl
Re: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities

It’s been over a year since the first wave of cryptographic extortion malware hit computers. Since then, an untold number of individuals, small businesses and even local governments have been hit by various versions of malware that holds victims’ files hostage with encryption, demanding payment by Bitcoin or other e-currency in exchange for a key to reverse the damage. And while the early leader, CryptoLocker, was taken down (along with the “Gameover ZeuS” botnet) last June, other improved “ransomware” packages have sprung up to fill its niche—including the sound-alike CryptoWall.

Ransomware is a strange hybrid of digital mugging and commercial-grade coding and “customer service”—in order to continue to be able to generate cash from their malware, the criminal organizations behind them need to be able to process payments and provide victims with a way to get their files back, lest people refuse to pay because of bad word-of-mouth. And to grow their potential market, the extortionists need to find ways to make their “product” work on a wide range of potential target systems. The apex of this combination of crime and commerce is (at least so far) the latest version of CryptoWall—CryptoWall 2.0.

In a blog post this week, researchers Andrea Allievi and Earl Carter of Cisco‘s Talos Group presented a full code dissection of CryptoWall 2.0 and found a few surprises, aside from using a number of different, sophisticated features to attack systems and evade detection before it can strike. And while the malware is 32-bit Windows code to ensure the widest reach possible, it can detect when a 64-bit Windows environment is available and switch some of its functionality to run in full 64-bit native mode—ensuring it can do maximum damage on the most recent Windows client and server platforms.

Read 11 remaining paragraphs | Comments

Re: [SECURITY] [DSA 3122-1] curl security update

How Laws Are Determining the Ethics of Code
Slate Magazine
Perhaps the most contentious ethics debate in the infosec community took place in the late 1990s and early 2000s and occurred beyond, and sometimes in spite of, any relevant law. That debate was prompted by the antisecurity movement and concerned the ...



Zero Day Weekly: Super cookies, Gogo Inflight fake certs, Microsoft security ...
Media unaccustomed to writing about infosec still struggled to understand even the very words they used, or, in some cases, came across as hacker groupies. Some came out with articles which did little to advance the conversation -- pitting the opinions ...


The Cryptosphere

#Anonymous wishes Jeremy Hammond Happy Birthday with Children's Book ...
The Cryptosphere
Some supporters gathered outside Stratfor's corporate offices for a Hammond Birthday Party, to remind the company of the most embarrassingly public opsec fail in corporate infosec history. Hammond's mother Rose Collins is headed to Kentucky to ...

MPFR 'strtofr.c' Buffer Overflow Vulnerability
OpenVAS Manager 'timezone' Parameter SQL Injection Vulnerability
[SECURITY] [DSA 3122-1] curl security update

Posted by InfoSec News on Jan 09


By Sean Gallagher
Ars Technica
Jan 8, 2015

In an on-camera interview with James Bamford for an upcoming episode of
PBS' NOVA, Edward Snowden warned that the US Department of Defense and
National Security Agency have over-emphasized the development of offensive
network capabilities, placing the US' own systems at greater...

Posted by InfoSec News on Jan 09


By Jack Moore
January 8, 2015

The Defense Information Systems Agency is turning to industry for “novel”
approaches to secure the millions of devices plugged in—and virtually
connected—to the Pentagon’s computer networks.

A Jan. 5 request for information queries contractors on a
“next-generation” endpoint security...

Posted by InfoSec News on Jan 09


By Jillian Ward
Jan 8, 2015

The U.K. government is one step ahead of hackers trying to turn off the
country’s lights -- for now.

The prospect of cyber-attacks on the nation’s power network is a major
threat to the country’s security, according to James Arbuthnot, a member
of parliament who chaired the Defense...

Posted by InfoSec News on Jan 09


By Kim Zetter
Threat Level

Amid all the noise the Sony hack generated over the holidays, a far more
troubling cyber attack was largely lost in the chaos. Unless you follow
security news closely, you likely missed it.

I’m referring to the revelation, in a German report released just before
Christmas (.pdf), that hackers had struck an unnamed steel mill in...

Posted by InfoSec News on Jan 09


China Daily

An institute for training network and information-security talent has been
established at Xidian University in Xi'an, Shaanxi province, to bolster
national security.

Chen Zhiya, Party secretary of Xidian University, said the institute,
established on Dec 31, would focus on network and information security,
which are key...

Posted by InfoSec News on Jan 09

Fowarded from: cfp2015 (at) recon.cx

+ + + +
+ + +
+ +
\ /
+ _ - _+_ - ,__
_=. .:. /=\ _|===|_ ||::|
| | _|. | | | |...
Thermostat CVE-2014-8120 Local Privilege Escalation Vulnerability

Quite a few of you have written in to let us know that Microsoft is changing the way in which they provide information (thanks to you all). ">You can read the full blog here --">/archive/2015/01/08/evolving-advance-notification-service-ans-in-2015.aspx

In a nutshell if you want to be advised in advance younow need to register, select the products used and you will then be provided with information relating to the patches that will be released. If you are a premier customer your technical contact can provide information.">The main point for">">Moving forward, we will provide ANS information directly to Premier customers and current organizations involved in our security programs, and will no longer make this information broadly available through a blog post and web page

Now a lot of us do look at that information to plan their next patching cycle. So you will need to look at that process and see what needs changing. Youll have to rely on the information in your patching solution, or register.

You can register here: http://mybulletins.technet.microsoft.com/

The dashboard that is created in the end looks nice, but for me to early to tell how useful it is at this stage, although it was slightly painful to review each bulletin.It will take a few patch cycles to sort it all out Id say. " />

So going forward you will need to adjust how you identify the patches to be applied within your environment. If you do not want to register you can just visit the main bulletins page here --https://technet.microsoft.com/en-us/library/security/dn631937.aspx

This page has a list of all release bulletins.


Mark H

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
file CVE-2014-8116 Multiple Denial of Service Vulnerabilities
Internet Storm Center Infocon Status