Hackin9

----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A broad coalition of well-known organizations announced today that it will stage an online protest against wide-ranging government surveillance of Internet users on Feb. 11, in memory of activist Aaron Swartz.
 
Optical cables that connect peripherals to Thunderbolt 2 ports in Apple Macs are getting longer, but also more expensive.
 
A data breach at U.S. retailer Target will affect up to 70 million people, 30 million more than what the company first estimated in mid-December.
 
NTP 'ntp_request.c' Remote Denial of Service Vulnerability
 

-- Bojan INFIGO IS

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
After a year in which tech stocks boomed but overall IT spending barely eked out single-digit growth, market forecasters are adopting an air of cautious optimism for 2014.
 
The Obama Administration is set to fire CGI Federal as prime IT contractor of the problem-plagued Healthcare.gov website, a report says.
 

 

Cisco has released a new update fix to Cisco WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router, and the Cisco RVS4000 4-port Gigabit Security Router.

The vulnerability was an attacker can gain root-level access when he/she exploit a service listening on port 32764/tcp .

Here is the details from cisco website:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd

 

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Oracle is about to release one of its largest security patch batches in recent memory, with some 147 fixes coming Tuesday for vulnerabilities in Java SE, its flagship database, business applications and assorted other products.
 
Apple hasn't infringed on a disputed Motorola patent in its iPhone, an appeals court said Friday.
 
WordPress Foliopress WYSIWYG Plugin Unspecified Cross Site Scripting Vulnerability
 
CMS Afroditi 'id' Parameter SQL Injection Vulnerablity
 
Cisco Secure Access Control System CVE-2013-6974 Cross Site Scripting Vulnerability
 
Hanso Player '.m3u' File Remote Buffer Overflow Vulnerability
 

In previous diaries I talked about some of the most common startup locations in windows environment.

In this diary I will talk about some of the method to enumerate these values from registry

1-Autoruns

Sysinternals Autoruns is the best tool available to enumerate the startup locations; it can locate almost every startup location in Windows. If you are a big fan of command line or you need something scriptable, Autorunsc is the command line version of Autoruns . Autoruns can detect the startup locations for the current user and any other user using the same system.

In addition one of the most powerful features of Autoruns is the ability of analyzing offline systems ,this will be very useful if you have a binary image of a compromised system.

Here is how to use it with an offline system:

1-Mount the image

2-File->Analyze Offline System..


 

2-Provide System Root and User Profile Path

 

 

3-Click OK


 

2-Registry Editors/Viewers

In forensics world we cannot depend on one tool only, in many cases we have to double check the result of one tool using different tool.

In addition to the windows built-in tools (RegEdit, reg command and PowerShell Get-ChildItem/Get-ItemProperty) there are some great tools to analysis registry such as AccessData FTK Registry Viewer, Harlan Carvy RegRipper and LZWorks Yet Another Registry Utility (yaru).

One big advantage of yaru is the ability to recover deleted registry keys which is very useful when someone is trying to hide his track.



3-WMIC

Windows Management Instrument Command-line has its own way to retrieve the startup location.

Wmic startup list full


 

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Economic Times

Election Commission drops plan to partner Google after spying fears
Reuters India
But the plan was opposed by the Indian Infosec Consortium, a government and private sector-backed alliance of cyber security experts, who feared Google would collaborate with "American agencies" for espionage purposes. The Election Commission did not ...
India's election body drops Google projectAljazeera.com
India's election regulator drops plan to partner GoogleWTAQ
Election Commission of India Declines Google Voting Services OfferComputerworld India

all 106 news articles »
 
Expertise in Web development, mobile development and large-scale data analysis will be much sought-after by IT hiring managers this year.
 
Intel plans to ditch the venerable McAfee brand for its security products and services, and offer free mobile security software to customers running Android, iOS and other OSes on their smartphones and tablets.
 
Multiple Routers Backdoor Unauthorized Access Vulnerability
 
Target's acknowledgement Friday that personal data of 110 million people, not 40 million as previously thought, may have been exposed to hackers in a recent data breach raises new questions about the incident and how it could affect victims.
 

The retailer Target, which confirmed last month that credit and debit card information for about 40 million of its customers was stolen, today said a separate set of information on up to 70 million customers was also stolen. This theft of data occurred as part of the same data breach affecting the 40 million cards, but Target confirmed that the newly disclosed portion of the breach is "separate from the payment card data previously disclosed." Target discovered this separate data theft while investigating the previously disclosed one.

"At this time, the investigation has determined that the stolen information includes names, mailing addresses, phone numbers or e-mail addresses for up to 70 million individuals," Target said today. "Much of this data is partial in nature, but in cases where Target has an e-mail address, the Company will attempt to contact affected guests. This communication will be informational, including tips to guard against consumer scams. Target will not ask those guests to provide any personal information as part of that communication."

Even though the theft disclosed today affects more people, the previous one of 40 million cards was likely the more severe one. As reported last month, the stolen credit card information was flooding underground markets frequented by criminals, who paid as much as $100 per card. Journalist Brian Krebs reported that cards stolen in the massive Target hack were "selling in batches of one million cards and going for anywhere from $20 or more than $100 per card."

Read 2 remaining paragraphs | Comments

 
Git 'gitdir' Remote Buffer Overflow Vulnerability
 
Apple sold 2.2 million Macs in the U.S. in 2013's final quarter, or it sold just 1.6 million. IDC and Gartner on Thursday released very different estimates of Apple's performance in the U.S. for the fourth quarter.
 
Smartphones, social networks, PCs, servers, cloud services, governments and national infrastructure all face security risks in 2014, according to the latest McAfee security report. On, and virtual currencies are being used to fund serious crimes. So, who wants a new career?
 
A data breach at U.S. retailer Target will affect up to 70 million people, 30 million more than what the company first estimated in mid-December.
 
SAP's business is gradually shifting to the SaaS model while sales of its Hana in-memory database platform continue to grow quickly, according to preliminary fourth-quarter and year-end results the company released Friday.
 

Aljazeera.com

India's election body drops Google project
Aljazeera.com
Infosec Consortium, a government and private group of cyber security experts, also expressed their reservation as they said Google would join hands "with American agencies" for spying, according to Reuters. Google on its part explained in a statement ...
India's election regulator drops plan to partner GoogleWTAQ

all 103 news articles »
 
Libreswan Insecure Temporary File Creation and Denial of Service Vulnerabilities
 
Amazon.com has opened a new portal that aims to help developers create Android apps for its Appstore and take advantage of its cross-platform APIs with the help of better tools and documentation.
 
OpenSSL DTLS Implementations Man in the Middle Multiple Security Bypass Vulnerabilities
 
OpenSSL TLS Handshake Null Pointer Dereference Denial Of Service Vulnerability
 
The PC industry finished 2013 down about 10% compared to the year before, research firms IDC and Gartner said. But both are optimistic that the death spiral will weaken this year.
 
[CVE-2013-7204] CSRF in Conceptronic IP Camera (CIPCAMPTIWL)
 
Smartphones have become so integrated into our daily lives that some people just love them. So what happens when they give love back? That's premise of the new movie Her, which opens nationwide today.
 

Posted by InfoSec News on Jan 10

http://blogs.csoonline.com/security-industry/2914/owasp-terminates-marketing-agreement-rsa-conference-board-member-cancels-class-out-protest

By Steve Ragan
Salted Hash
CSO Online
January 09, 2014

After a heated internal debate, OWASP has canceled their co-marketing
agreement with the RSA Conference. Related to these developments, a board
member has canceled their scheduled class in protest of RSA's dealings
with the NSA.

Class...
 

Posted by InfoSec News on Jan 10

http://www.darkreading.com/vulnerability/zero-day-flaws-found-patched-in-siemens/240165252

By Kelly Jackson Higgins
Dark Reading
January 09, 2014

A security researcher has discovered a pair of zero-day vulnerabilities in
a popular family of Siemens industrial control system switches that could
allow an attacker to take over the network devices without a password.

Eireann Leverett, senior security consultant for IOActive, next week at
the S4...
 

Posted by InfoSec News on Jan 10

http://www.japantimes.co.jp/news/2014/01/09/business/security-firm-offers-1-million-grant-to-nurture-young-computer-buffs/

By Tomoko Otake
Staff Writer
The Japan Times
Jan. 9, 2014

A Tokyo-based IT security firm has established a unique program that
offers up to 1 million yen in financial assistance to computer whizzes
under the age of 20.

According to Lac Co., the move is aimed at nurturing young talent in the
information security...
 

Posted by InfoSec News on Jan 10

http://www.networkworld.com/news/2014/010914-india39s-poll-panel-declines-google-277556.html

By John Ribeiro
IDG News Service
January 09, 2014

A proposal by Google to offer voter lookup services was declined by the
Election Commission of India, after cybersecurity experts and political
parties voiced concern about the plan's security implications.

The commission on Thursday confirmed that it had seen a Google
presentation for electoral...
 

Posted by InfoSec News on Jan 10

http://www.timesofisrael.com/despite-claims-iranians-didnt-hack-israeli-aviation-system/

BY DAVID SHAMAH
Times of Israel
January 9, 2014

Iranian hackers did not compromise the Israel Airports Authority, despite
claims by the Islamic Cyber Resistance Group that it was able to hack into
databases controlling air routes for Israeli and foreign airlines, said
Israeli Internet expert Tal Pavel.

"It’s just another example of Iranian...
 

euronews

India's election regulator drops plan to partner Google
euronews
But the plan was opposed by the Indian Infosec Consortium, a government and private sector-backed alliance of cyber security experts. The group said in a statement last week it feared Google would collaborate with “American agencies” for espionage ...

and more »
 
SWFUpload Multiple Content Spoofing And Cross Site Scripting Vulnerabilities
 

NDTV

UPDATE 1-India's election regulator drops plan to partner Google
Reuters
But the plan was opposed by the Indian Infosec Consortium, a government and private sector-backed alliance of cyber security experts. The group said in a statement last week it feared Google would collaborate with "American agencies" for espionage ...
India's Poll Panel Declines Google Voting Services Offer Over Security ConcernsCIO
India's election regulator drops plan to partner Google after spying fearsWTAQ

all 84 news articles »
 
Cisco Context Directory Agent Replayed RADIUS Accounting Message Security Bypass Vulnerability
 
Cisco Context Directory Agent Mappings Page Cross Site Scripting Vulnerability
 
nullcon Blackshield Awards 2014
 
Internet Storm Center Infocon Status