Hackin9
Aurich Lawson

On a bright April morning in Menlo Park, California, I became an Internet spy.

This was easier than it sounds because I had a willing target. I had partnered with National Public Radio (NPR) tech correspondent Steve Henn for an experiment in Internet surveillance. For one week, while Henn researched a story, he allowed himself to be watched—acting as a stand-in, in effect, for everyone who uses Internet-connected devices. How much of our lives do we really reveal simply by going online?

Henn let me into his Silicon Valley home and ushered me into his office with a cup of coffee. Waiting for me there was the key tool of my new trade: a metal-and-plastic box that resembled nothing more threatening than an unlabeled Wi-Fi router. This was the PwnPlug R2, a piece of professional penetration testing gear designed by Pwnie Express CTO Dave Porcello and his team and on loan to us for this project.

Read 61 remaining paragraphs | Comments

 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Hoping to get a hand from partners, Hewlett-Packard is assembling a network of service providers that will offer hosted services based on the company's Helion software.
 
A large batch of stolen credit card numbers for sale on an underground forum may have come from a breach at P.F. Chang's China Bistro, a restaurant chain that said on Tuesday it is investigating.
 
The Blackphone security-focused smartphone will go on the market in three weeks and "a few thousand" have already been sold through pre-orders, executives from the device's makers say.
 

CryptoLocker might be pretty much off the radar. But Cryptowall is alive and kicking, and making the bad guys a ton of money. It mainly spreads by poisoned advertisements and hacked benign websites, and then sneaks its way onto the PCs of unsuspecting users by means of Silverlight, Flash and Java Exploits.

Somewhat unexpectedly, Java is NOT the most prominent for a change. It looks like the Silverlight sploits are currently the most successful.

If you're "had", Cryptowall encrypts all the files that you possible could want to keep (images, documents, etc), and then asks for a 500$ ransom. If you don't pay up quick, the ransom doubles. And after a while of not paying, well, the suckers delete the key. As far as we know, there is not way yet to recover the encrypted data, because the private key is not really present on the infected machine. I hope you have a recent backup.

Last week's batch of infections for example had "food.com" as a prominent source. As far as I can tell, they are cleaned up by now, but we have several samples in the database that show pages like http://www.food[dot]com/recipe/pan-fried-broccoli-226105, http://www.food[dot]com/recipe/barefoot-contessas-panzanella-salad-135723, etc, as the last referer before the exploit triggered.

The domains last week were following the pattern [a-f0-9]{6,8}\.pw and [a-f0-9]{6,8}\.eu, but this is obviously changing all the time. Still, it probably doesn't hurt to check your DNS or proxy logs for the presence of (especially) .pw domains. Yes, I had to look it up as well ... .pw is Palau. A bunch of islands in the South Pacific. It is safe to assume that most of the web sites with this extension are not actually about or in Palau.

More info: Ronnie has an outstanding write-up at http://phishme.com/inside-look-dropbox-phishing-cryptowall-bitcoins/ . Cisco's blog has a lot of IOCs: https://blogs.cisco.com/security/rig-exploit-kit-strikes-oil

 

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

What the Federal Aviation Administration (FAA) calls "novel and unusual" apparently entails some sort of direct network connectivity between the avionics (think: cockpit) and the passenger entertainment system (think: dude with his iPhone connected to the in-seat USB port) in the latest Boeing 737 models.

Details here: https://www.federalregister.gov/articles/2014/06/06/2014-13244/special-conditions-the-boeing-company-models-737-700--700c--800--900er--7--8-and--9-series-airplanes

The good news is, if you get bored on your next flight, and the movies are all *meh*, you might be able to connect to the cockpit and help the pilot do his/her job. Pilots, these days, are all stressed out, and I'm sure they appreciate help from all the XBox and Nintendo pilots sitting in the main cabin!  A completely new form of auto-pilot: Flying a plane through majority decision by the geeks in the cabin!

I wonder how many years we are away from a cross-platform virus that moves from Joe Bloe's PC at home, to his phone, to his car, to his tablet, to his airplane. I hope it never happens. But the "internet of things" manufacturers, especially the manufacturers of massive moving things, seem to be very keen to get us there.

 

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 


It doesn't take a lot of security savvy to realize that private keys used for things like SSH login probably should not be stored in the webroot of a web server. The physical world equivalent would be to place your house key under the doormat, and nobody does that, right?

Still, we are seeing an uptick of scans on web servers looking for such files that really shouldn't be present.

93.95.yyy.xx - - [09/Jun/2014:17:39:41 +0100] "HEAD /dsa HTTP/1.1" 404 124 "-" "-"
93.95.yyy.xx - - [09/Jun/2014:17:39:41 +0100] "HEAD /id_dsa HTTP/1.1" 404 124 "-" "-"
93.95.yyy.xx - - [09/Jun/2014:17:39:41 +0100] "HEAD /id_dsa.old HTTP/1.1" 404 124 "-" "-"
93.95.yyy.xx - - [09/Jun/2014:17:39:41 +0100] "HEAD /identity HTTP/1.1" 404 124 "-" "-"
93.95.yyy.xx - - [09/Jun/2014:17:39:41 +0100] "HEAD /id_rsa HTTP/1.1" 404 124 "-" "-"
93.95.yyy.xx - - [09/Jun/2014:17:39:41 +0100] "HEAD /id_rsa.old HTTP/1.1" 404 124 "-" "-"
93.95.yyy.xx - - [09/Jun/2014:17:39:41 +0100] "HEAD /key HTTP/1.1" 404 124 "-" "-"
93.95.yyy.xx - - [09/Jun/2014:17:39:41 +0100] "HEAD /key.priv HTTP/1.1" 404 124 "-" "-"
93.95.yyy.xx - - [09/Jun/2014:17:39:41 +0100] "HEAD /rsa HTTP/1.1" 404 124 "-" "-"
[...]

The scan looks for about 50 different file names that are commonly associated with SSH keys. In addition, it also probes for the presence of common Unix shell history files:

93.95.yyy.xx - - [09/Jun/2014:17:39:43 +0100] "HEAD /.bash_history HTTP/1.1" 404 124 "-" "-"
93.95.yyy.xx - - [09/Jun/2014:17:39:43 +0100] "HEAD /.history HTTP/1.1" 404 124 "-" "-"
93.95.yyy.xx - - [09/Jun/2014:17:39:43 +0100] "HEAD /.sh_history HTTP/1.1" 404 124 "-" "-"

One signature that the scans so far had in common is that the first request is always to "checknfurl123".

93.95.yyy.xx - - [09/Jun/2014:17:39:41 +0100] "HEAD /checknfurl123 HTTP/1.1" 404 124 "-" "-"

This is most likely a test to determine how the scanned server responds to requests for files that do not exist, so that false positives can be eliminated in the subsequent attempts to read the SSH keys. I am currently running a honeypotty to see what the scanners do next if the "HEAD" request comes back with an okay (200). No luck yet, so if you already have that bit of intel, please share via the comments below.

 

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Today, I was researching a rather complex subject, and it brought me to dozens of web sites to catch up on the latest techie clue. And what felt like half of the web pages popped up that obnoxious
 

HI. CAN WE ASK YOU A COUPLE QUESTIONS ABOUT OUR WEB SITE?

[YES]  [NOT RIGHT NOW]


insert that seems to be all too common these days. Who on earth is clicking "yes" on these?? Or, put differently, how irrelevant must the results of such "surveys" be if the respondents probably all are bored loafers who have unlimited time on their hands, and don't mind to be distracted from their work by an (end|use|point)less survey that intrudes into the thought process, clamoring for attention?

It's what statisticians call "sampling bias". Something like going to a pub to determine if people like alcoholic beverages. Surprise surprise, many of them do :). I suspect the results of such web site "surveys" are similar: WOW!! 96% of the respondents say our web page is cool!!1)

 


1) n=18 / N=1'284'154

 

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
SAP System Landscape Directory Unauthorized Access Vulnerability
 
Multiple SAP Components Hardcoded Credentials Information Disclosure Vulnerability
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Environmental pressure groups and human rights organizations sent a joint letter to Apple's chief environmental officer on Tuesday asking her to eliminate toxic chemicals from the company's supply chain.
 
Researchers at Purdue University have made an advance in stretchable electronics that could lead to computerized clothing and robots with humanlike skin that can "feel."
 
For this month's round of software patches, Microsoft has issued a record 59 fixes for its Internet Explorer (IE) browser, including one critical vulnerability that had remained unpatched since it was made public May 22.
 
One of these sites is not like the others....

It's been a year since Edward Snowden's leak of National Security Agency documents triggered a firestorm around cloud service providers' privacy protections (or lack thereof). Since last summer, the giants of the Internet have pledged to do more to encrypt their Internet traffic—and in some cases, their internal network traffic—to protect it from both government surveillance and other prying eyes. But an Ars investigation reveals that data continues to leak.

Although companies have made great strides in securing their Internet services, implementations of SSL and other security standards aren’t always consistent across applications. And some of the gaps are intentional—left there to meet the demands of certain customers, to support older applications, or to make integration with other services faster (and more profitable).

The Electronic Frontier Foundation (EFF) has published a chart that shows which major Internet services support SSL and other security “best practices,” including encrypted data center links, perfect forward secrecy, and encrypted communications with other providers’ e-mail services. Eight major Internet companies—Google, Microsoft, Yahoo, Twitter, Facebook, Dropbox, Sonic.net, and SpiderOak—have implemented or are in the process of implementing all of EFF’s recommended security practices.

Read 20 remaining paragraphs | Comments

 
SoSecure has created a solid-state drive that is controlled remotely via a smartphone app, which monitors everything from backups to battery power and can delete all data from the drive.
 
Oracle CEO Larry Ellison is taking the fight to IBM, Microsoft and SAP in the burgeoning in-memory database market with a new option the company says can deliver dramatic performance boosts without requiring changes to applications.
 
Google has underlined its support for the newly emerging Docker container technology, releasing a number of new tools to help users make the most of the open-source virtualization software.
 
Microsoft Internet Explorer CVE-2014-1762 Remote Code Execution Vulnerability
 
Microsoft Internet Explorer CVE-2014-1766 Remote Code Execution Vulnerability
 
Microsoft refused to give Windows 8.1 customers another reprieve, requiring most to upgrade their devices to April's Windows 8.1 Update before the firm's Windows Update would serve up today's mammoth patch slate.
 
Google is signing a deal to buy Skybox Imaging, a California-based satellite company, for $500 million in cash.
 
The long expected migration of the U.S. payment system to the Europay MasterCard Visa smartcard standard finally appears to be gathering steam.
 
Google stands to gather massive amounts of geographic data for information as wildly diverse as the health of farm fields and congestion of parking lots, by purchasing the super-smart satellite imaging and analytics company Skybox Imaging.
 
This is the story of an IT worker who was replaced by a worker on an H-1B visa, one of a number of visa holders, mostly from India, who took jobs at this U.S. company. Computerworld is not going to use the worker's name or identify the companies involved to protect the former employee from retaliation.
 
PHP 'cdf_read_property_info()' Function Denial of Service Vulnerability
 
PHP 'cdf_unpack_summary_info()' Function Denial of Service Vulnerability
 
CIOs know the value of having a mobile strategy. So why aren't companies doing it right? A study from Accenture sheds some light on why some companies aren't moving forward fast enough with their mobility initiatives.
 
The new Form 1+ stereolithography printer from Formlabs is 50% faster than its predecessor.
 
Soccer fans lucky enough to be traveling to Brazil for the World Cup are hearing an earful of consumer warnings about potentially onerous smartphone roaming charges and credit card ripoffs at ATMs and restaurants.
 

Given the amount of time malicious hackers spend bypassing other people's security, you might think that they pay close attention to locking down their own digital fortresses. It turns out that many of them don't, according to a recent blog post documenting some of their sloppiest password hygiene.

The post comes from Antonín Hýža, a researcher at antivirus provider Avast. As he was working to analyze a protected PHP shell, he got to wondering how strong the average hacker password was. He then tapped 40,000 samples of backdoors, bots, and shells his company had on hand. Remarkably, 1,255 of the underlying passwords were in plaintext, while another 346 were protected with the easily crackable MD5 hashing algorithm. The resulting 1,601 passwords he had to work with allowed him to see just how poor the bottom four percent of hackers' passwords were.

The fact that slightly more than three percent of the sample was in the clear was the first sign of just how sloppy some of the criminals Avast tracks are when it comes to password hygiene. These passwords can likely be obtained simply by viewing the scripts of programming languages, or in the case of binary code, by loading them into a hex viewer. As a result, a password with 75 characters, as one hacker set, or the passcode "lol dont try cracking 12 char+" (minus the quotes) chosen by another were easily recovered despite the work that went into trying to make them strong. The lack of any one-way hashing algorithm to obscure the passcodes makes one wonder why the authors bothered at all.

Read 4 remaining paragraphs | Comments

 

Overview of the Jun 2014 Microsoft patches and their status.

# Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*)
clients servers
MS14-030 Vulnerability in Remote Desktop Could Allow Tampering
Microsoft Windows

CVE-2014-0296
KB 2969259 . Severity:Important
Exploitability: 1
Important Important
MS14-031 Vulnerability in TCP Protocol Could Allow Denial of Service
Microsoft Windows

CVE-2014-1811
KB 2962478 . Severity:Important
Exploitability: 1
Important Important
MS14-032 Vulnerability in Microsoft Lync Server Could Allow Information Disclosure
Microsoft Lync Server

CVE-2014-1823
KB 2969258 . Severity:Important
Exploitability: 1
N/A Important
MS14-033 Vulnerability in Microsoft XML Core Services Could Allow Information Disclosure
Microsoft Windows

CVE-2014-1816
KB 2966061 . Severity:Important
Exploitability: 1
Important Important
MS14-034 Vulnerability in Microsoft Word Could Allow Remote Code Execution
Microsoft Office

CVE-2014-2778
KB 2969261 . Severity:Important
Exploitability: 1
Critical Important
MS14-035 Cumulative Security Update for Internet Explorer
Microsoft Windows, Internet Explorer
CVE-2014-0282 CVE-2014-1762 CVE-2014-1764 CVE-2014-1766 CVE-2014-1769 CVE-2014-1770 CVE-2014-1772 CVE-2014-1773 CVE-2014-1774 CVE-2014-1775 CVE-2014-1778 CVE-2014-1779 CVE-2014-1780 CVE-2014-1781 CVE-2014-1782 CVE-2014-1783 CVE-2014-1784 CVE-2014-1785 CVE-2014-1786 CVE-2014-1788 CVE-2014-1789 CVE-2014-1790 CVE-2014-1791 CVE-2014-1792 CVE-2014-1794 CVE-2014-1795 CVE-2014-1796 CVE-2014-1797 CVE-2014-1799 CVE-2014-1800 CVE-2014-1802 CVE-2014-1803 CVE-2014-1804 CVE-2014-1805 CVE-2014-2753 CVE-2014-2754 CVE-2014-2755 CVE-2014-2756 CVE-2014-2757 CVE-2014-2758 CVE-2014-2759 CVE-2014-2760 CVE-2014-2761 CVE-2014-2763 CVE-2014-2764 CVE-2014-2765 CVE-2014-2766 CVE-2014-2767 CVE-2014-2768 CVE-2014-2769 CVE-2014-2770 CVE-2014-2771 CVE-2014-2772 CVE-2014-2773 CVE-2014-2775 CVE-2014-2776 CVE-2014-2777 CVE-2014-0282 CVE-2014-1762 CVE-2014-1764 CVE-2014-1766 CVE-2014-1769 CVE-2014-1770 CVE-2014-1771 CVE-2014-1772 CVE-2014-1773 CVE-2014-1774 CVE-2014-1775 CVE-2014-1777 CVE-2014-1778 CVE-2014-1779 CVE-2014-1780 CVE-2014-1781 CVE-2014-1782 CVE-2014-1783 CVE-2014-1784 CVE-2014-1785 CVE-2014-1786 CVE-2014-1788 CVE-2014-1789 CVE-2014-1790 CVE-2014-1791 CVE-2014-1792 CVE-2014-1794 CVE-2014-1795 CVE-2014-1796 CVE-2014-1797 CVE-2014-1799 CVE-2014-1800 CVE-2014-1802 CVE-2014-1803 CVE-2014-1804 CVE-2014-1805 CVE-2014-2753 CVE-2014-2754 CVE-2014-2755 CVE-2014-2756 CVE-2014-2757 CVE-2014-2758 CVE-2014-2759 CVE-2014-2760 CVE-2014-2761 CVE-2014-2763 CVE-2014-2764 CVE-2014-2765 CVE-2014-2766 CVE-2014-2767 CVE-2014-2768 CVE-2014-2769 CVE-2014-2770 CVE-2014-2771 CVE-2014-2772 CVE-2014-2773 CVE-2014-2775 CVE-2014-2776 CVE-2014-2777
KB 2969262 . Severity:Critical
Exploitability: 1
Critical Critical
MS14-036 Vulnerabilities in Microsoft Graphics Component Could Allow Remote Code Execution
Microsoft Windows, Microsoft Office, Microsoft Lync

CVE-2014-1817
CVE-2014-1818
KB 2967487 . Severity:Critical
Exploitability: 1
Critical Critical
enter;">We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urt practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
    • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threatatches.

-- 
Alex Stanford - GIAC GWEB & GSEC,
Research Operations Manager,
SANS Internet Storm Center

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
QEMU Image Size Validation Integer Overflow Vulnerability
 
QEMU L2 Table Size Validation Integer Overflow Vulnerability
 
QEMU 'hw/usb/bus.c' Heap Based Buffer Overflow Vulnerability
 
It's been two months since Microsoft withdrew support for Windows XP, but the aged OS has yet to be exploited by hackers. What's holding them back?
 
]
 
Knowing how system administrators enjoy continuity, Red Hat has designed the latest release of its flagship Linux distribution to be run, with support, until 2024.
 
Now 15 years old and counting, Salesforce.com's CRM application gained maturity long ago, but as the upcoming Summer '14 release shows, the company is still adding hundreds of enhancements and tweaks to it multiple times per year.
 
Extremely weak passwords make us vulnerable, but there are ways to create passwords you'll remember and yet are hard to crack. (Insider; registration required)
 
LinuxSecurity.com: Updated libcap-ng packages fix security vulnerability: capng_lock() in libcap-ng before 0.7.4 sets securebits in an attempt to prevent regaining capabilities using setuid-root programs. This allows a user to run setuid programs, such as seunshare from policycoreutils, [More...]
 
LinuxSecurity.com: A malicious source package could write files outside the unpack directory.
 
LinuxSecurity.com: Updated file packages fix security vulnerabilities: A flaw was found in the way file's Composite Document Files (CDF) format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read the [More...]
 
LinuxSecurity.com: Updated php packages fix security vulnerabilities: A flaw was found in the way file's Composite Document Files (CDF) format parser handle CDF files with many summary info entries. The cdf_unpack_summary_info() function unnecessarily repeatedly read [More...]
 
LinuxSecurity.com: Updated squid packages fix security vulnerability: Due to incorrect state management, Squid before 3.3.12 is vulnerable to a denial of service attack when processing certain HTTPS requests if the SSL-Bump feature is enabled (CVE-2014-0128). [More...]
 
LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in python-django: Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) [More...]
 
LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in python-django: Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) [More...]
 
LinuxSecurity.com: Multiple vulnerabilities have been found in Adobe Flash Player, worst of which allows remote attackers to execute arbitrary code.
 
LinuxSecurity.com: Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS (CVE-2014-2553). [More...]
 
LinuxSecurity.com: Updated curl packages fix security vulnerabilities: Paras Sethia discovered that libcurl would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as [More...]
 
LinuxSecurity.com: New php packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. [More Info...]
 
LinuxSecurity.com: Updated gnutls packages fix security vulnerability: A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a [More...]
 
Russian authorities arrested a man and a teenaged boy from Moscow under suspicion that they compromised Apple ID accounts and used Apple's Find My iPhone service to hold iOS devices for ransom.
 
All bits running over the Internet are not equal and should not be treated that way by broadband providers, despite net neutrality advocates' calls for traffic neutral regulations, Cisco Systems said.
 
Airvana's next-generation LTE small cells for enterprises use Gigabit Ethernet to connect to a central controller, making the mini base stations easier and cheaper to roll out at the office.
 
As the Internet of Things expands from the industrial environment to the home, more people will interact with connected devices. Expect the voice commands familiar to entertainment system and smartphone users to become the 'interface' for these smart devices.
 
Apple's new Handoff feature in iOS 8 and OS X Yosemite not only lets users pick up on one app from where they left off on another, but it can "forward" them to a website on an iPhone, iPad or Mac.
 
If you ever wanted to switch between reading an e-book and listening to it being read -- maybe by a famous actor or the author -- Amazon now has just the thing for you.
 
The Brookings Institution lays out vision for urban 'innovation centers' to bring together research institutions, businesses and startup incubators to create concentrated pockets of industry rather than the sprawling, suburban office campuses of Silicon Valley.
 
[ MDVSA-2014:112 ] python-django
 
[ MDVSA-2014:111 ] otrs
 
[ MDVSA-2014:110 ] curl
 
A developer yesterday claimed code within iOS 8 pointed to a split-screen mode, suggesting that earlier rumors of the iPad embracing the personal computer-like capability had some basis in fact.
 
Fake accounts that troll for followers' contact info just might be a problem. Meet 'Alex Van Pelter.' Oh, and LinkedIn is great, except when it's annoying.
 
[slackware-security] php (SSA:2014-160-01)
 
[ MDVSA-2014:109 ] gnutls
 
[ MDVSA-2014:108 ] gnutls
 
[ MDVSA-2014:107 ] libtasn1
 
Just as computing power and primary storage are becoming virtual shared resources, backup capacity is also starting to be pooled, with promises of easier management.
 
Computer-related crimes may cause as much as $400 billion in losses annually, according to a new study that acknowledges the difficulty in estimating damages from such acts, most of which go unreported.
 

Posted by InfoSec News on Jun 10

http://www.darkreading.com/operations/careers-and-people/women-in-infosec-building-bonds-and-new-solutions/a/d-id/1269520

By Lysa Myers
Dark Reading
6/9/2014

Learning, camaraderie, and fighting the good fight are just three reasons
these women are trailblazing careers in InfoSec.

There have been a lot of articles lately, suggesting a variety of ways to
get young women involved in tech. Some of these ideas sound like fantastic
and creative...
 

Posted by InfoSec News on Jun 10

http://www.nytimes.com/2014/06/10/technology/private-report-further-details-chinese-cyberattacks.html

By Nicole Perlroth
The New York Times
June 9, 2014

SAN FRANCISCO — The email attachment looked like a brochure for a yoga
studio in Toulouse, France, the center of the European aerospace industry.
But once it was opened, it allowed hackers to sidestep their victim’s
network security and steal closely guarded satellite technology.

The...
 

Posted by InfoSec News on Jun 10

http://www.nextgov.com/cybersecurity/2014/06/why-new-macs-are-dhs-key-malware-targets-pcs/86113/

By Rebecca Carroll
Nextgov.com
June 9, 2014

A federal office that analyzes malicious code and compromised computers
says it needs new MacPros with specialized software to analyze malware
designed to undermine Windows-based systems.

The vast majority of malware is written for PCs, explained the Homeland
Security Department, justifying its...
 

Posted by InfoSec News on Jun 10

Forwarded from: security curmudgeon <jericho (at) attrition.org>

:
http://news.techworld.com/security/3522313/vessel-tracking-system-vulnerable-to-denial-of-service-other-attacks-researchers-say/
:
: By Lucian Constantin
: Techworld.com
: 29 May 2014
:
: Inexpensive equipment can be used to disrupt vessel-tracking systems and
: important communications between ships and port authorities, according
: to two security researchers.
:
: During...
 

Posted by InfoSec News on Jun 10

http://www.torontosun.com/2014/06/08/two-14-year-old-code-crackers-hack-winnipeg-atm

By Doug Lunney
QMI Agency
June 8, 2014

WINNIPEG -- A couple of 14-year-old computer whizzes have the Bank of
Montreal upgrading its security after the teens hacked an ATM machine.

Matthew Hewlett and Caleb Turon, both Grade 9 students, found an old ATM
operators manual online that showed how to get into the machine's operator
mode.

On Wednesday over...
 
Cisco Wireless LAN Controller CVE-2014-3291 Denial of Service Vulnerability
 
Instead of burying them in phones, Japanese mobile carrier NTT DoCoMo wants people to start wearing their SIM cards.
 
Cisco AsyncOS Software CVE-2014-3289 Cross Site Scripting Vulnerability
 
Internet Storm Center Infocon Status