Information Security News
People using Internet Explorer and possibly other Windows applications could be at risk of attacks that abuse counterfeit encryption certificates recently discovered masquerading as legitimate credentials for Google, Yahoo and possibly an unlimited number of other Internet properties.
A blog post published Tuesday by Google security engineer Adam Langley said the fraudulent transport layer security (TLS) certificates were issued by the National Informatics Centre (NIC) of India, an intermediate certificate authority that is trusted and overseen by India's Controller of Certifying Authorities (CCA). The CCA, in turn, is trusted by the Microsoft Root Store, a library that IE and many other Windows apps rely on to process the TLS certificates that banks, e-mail providers, and other online services use to encrypt traffic and prove their authenticity. (Firefox, Thunderbird, and Chrome on Windows aren't at risk. More about that later in this post.)
In an update posted Wednesday, Langley said the CCA confirmed that the bogus certificates were the result of a compromise of NIC's certificate issuance process. The CCA reportedly said only four certificates were compromised. In a sign the CCA's findings aren't reliable, or at least are only tentative, Langley went on to say Google researchers are aware of still more counterfeit credentials stemming from the NIC breach.
by Sean Gallagher
But when people use mobile applications, they’re also vulnerable to the same sort of cookie tracking. Many mobile apps are just Web applications wrapped in a package for an app store—they send cookies back to the same server to identify the user and provide location information and other data about a device to the application vendor, third parties, or anyone who happens to be watching network traffic. Taken together with other data, these cookies can be used to track individuals as they wander the world, posing a significant privacy risk.
Microsoft has formally settled legal differences with No-IP, the dynamic domain name host that was kneecapped by a botnet takedown that recently knocked out service to millions of legitimate hostnames.
As we reported, Microsoft surrendered the 23 No-IP domains last week. A bare-bones statement e-mailed to journalists Wednesday morning said the agreement settled a controversial lawsuit Microsoft filed in late June that allowed the software maker to confiscate 23 No-IP domain names before the service provider had an opportunity to oppose the maneuver in court. The malware families targeted in the latest takedown infected more than 7.4 million machines in the past year alone, Microsoft said.
A federal judge approved Microsoft's confidential ex parte motion arguing that the software maker was entitled to seize control of the addresses because No-IP owner Vitalwerks Internet Solutions failed to follow industry practices designed to prevent malware operators from abusing the service. In the course of a few hours, millions of connections from law-abiding users were severed. The statement read in part:
Infosec Taylor Swift, Hipster Hacker among Twitter's twisted security comedians
Information security is no laughing matter — unless you're one of many infosec accounts on Twitter trying to be funny. I say "trying to" because some Twitter infosec comics are actually funny, and some are seriously not. They are loved and hated in ...
Posted by InfoSec News on Jul 09http://www.bloomberg.com/news/2014-07-08/banks-dreading-computer-hacks-call-for-cyber-war-council.html
Posted by InfoSec News on Jul 09http://thehill.com/blogs/congress-blog/energy-environment/211238-senate-should-demand-electric-grid-reliability-and
Posted by InfoSec News on Jul 09http://www.accountingweb.com/article/why-you-may-want-cfe-designation/223584
Posted by InfoSec News on Jul 09http://www.forbes.com/sites/ninaxiang/2014/07/08/corporate-espionage-impacts-doing-business-in-china/
Posted by InfoSec News on Jul 09http://wtkr.com/2014/07/08/dont-waste-your-money-are-you-staying-at-a-hacker-friendly-hotel/
Somewhat similar to the typo squatting story earlier, the recent proliferation of cloud service usage by enterprises has led to a new problem. For a project at a community college, we needed a couple servers, and didn't want (or have the funds) to build them on-site. In view of the limited duration of the experiment, we decided to "rent" the boxes as IaaS (infrastructure as a service) devices from two "cloud" providers. So far, all went well. But when we brought the instances live, we discovered to our surprise that three (out of 24) public IP addresses that we were assigned still had "afterglow", meaning they were receiving productive traffic that was intended for the former owner/holder of these IPs. Two of the IPs received DNS queries, one was receiving email. Researching through the passive DNS logs, I confirmed that yes, the three IP addresses had indeed been used accordingly. One of the DNSes had been active only for a week, obviously for nefarious purposes, because it had lots of random .ua and .pw domain names delegated to it. The other seems to have been the DNS+EMail of a midsize company that had been hosted with that IaaS provider for two years, and had been migrated elsewhere earlier that same week.
To make a long story short, for all services where the Internet has an extended memory and caching, make sure you hold on for a couple of weeks or months to the corresponding IP or domain name after you no longer need and use them, and let them "cool off". Otherwise, if the IP address is immediately reassigned, or the domain name immediately repurchased, someone else *will* end up with some of your web traffic, DNS requests, or even email.
Â(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.