InfoSec News

Apple has filed another U.S. patent lawsuit against Samsung Electronics and is seeking a preliminary injunction asking a federal judge to halt sales of the Samsung Galaxy Nexus smartphone while the case makes its way through the court.

Whitelisting Gives Employees Choice While IT Retains Security Control
As administrators get better at keeping up with patches, attackers have shifted their efforts to the browsers with phishing attempts. "We are in an infosec refresh," said Pescatore said. "Our defenses have gotten better.”

Which Windows tablet makes sense -- the upcoming ARM-based devices that might include Office apps for free or x86-based Windows 8 tablets? Matt Hamblen walks you through some of the pros and cons.
KPN is a Dutch Telecommunications company which has not been having a good lately. They hit the national news a few days ago (http://nos.nl/artikel/338769-computersysteem-kpn-gehackt.html because of a breach in the organisation. The article is in Dutch, but in a nutshell it boils down to the following. on January 20 it was discovered that there had been a breach and they worked hard to fix the problem. A week later it turns out that their efforts were unsuccessful and the attackers still had access to the environment. That is when the breach was disclosed to the authorities.

It is also mentioned in the article that KPN could not confirm that customer information had been taken. A quick check on paste bin however will confirm that quite quickly. Interestingly KPN disabled over 2 million email accounts (http://www.reuters.com/article/2012/02/10/kpn-idUSL5E8DACNB20120210) as a precaution (mostly coming back online today).

Also interesting is that KPN has stopped issuing certificates after detecting a DDOS tool on their server (http://www.ehackingnews.com/2011/11/ssl-certificate-authority-kpn-stopped.html) This is managed by the division that was formerly known as Getronics (currently up for sale to Aurelius AG, http://www.kpn.com/Artikel/KPN-to-sell-Getronics-International.htm). A breach at another certificate authority Diginotar last year resulted in one less company. Not good. The new managing director (announced Feb 9) will have his work cut out to restore some faith. Are the two related? not sure, the systems may be completely separate.

There are probably a few lessons we can take away from KPN's misery. Firstly, when doing incident response, do it well. The problem was finally resolved after getting outside specialist assistance. To me that reads along the lines of, we had a go ourselves and it didn't quite work out. Which is a shame. But it highlights an issue that we come across all the time. Do you know how to make a incident responder or digital forensics person cry? Just utter the phrase we poked around ourselves for a bit. If you have the skills, go for it, but know when to ask for help and know when to stop. Having an incident response plan that clearly states what to do and what not to do helps a lot.

On the positive they did discover the issue in the first place.

If you are a KPN client. you'll want to change your passwords and if your password is used anywhere else you'll want to change those as well.

If you are at all worried about a breach in your organisation have a look at the processes you have in place the deploy, secure and maintain your infrastructure. How would you detect and if discovered deal with a breach? Have you basic security strategy in place. Not a sexy message, or even ground breaking, yet many of us still live in straw houses, or at least our servers do.

Mark H

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Facebook's Timeline feature will soon be imposed on all the social network's users. Columnist Mike Elgan expects to see an increased use of timeline-like interfaces in all kinds of applications because they work the way people think -- and people like them.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Well this is a very common story that the public hardly ever see's or hears about. A well known hacker who normal stays fairly quiet has dumped a load of accounts from a forum that refused to take help from the hacker.

Well once again gamers have come under the fire of hackers and as we have seen in the past Microsoft xbox live users have been the victim again. This really doesn't come as any surprise as so many websites require information to play games that this just ends up being trouble and people who use phishing and other similar methods to obtain data start targeting them.

OpMexico has seen many leaks over the past 12hrs and is said to have many more to come. One of the latest is a huge amount of emails from iepct http://www.iepct.org.mx/ which is tthe Electoral Institute and Citizen Participation of Tabasco.

Internet Storm Center Infocon Status