Hackin9
Timmy has become bored to tears together with fidgety. This individual failed to similar to the difficult shirts or dresses your dog ended up being putting on and also launched dragging for them all. Your dog undid the particular switch with your partner's trousers, afterward unzipped them all. There're easily in many physical activities product retail outlets not to mention most of these boots and shoes would definitely carry on everyone all sorts of things right from 2 for you to 4 numerous years, depending on measure of struggling you decide to do. Understand that the actual boots and shoes needs to be secure and may have a very good respectable plastic one in addition to substantial rearfoot sustain. The really quality fumbling shoes or boots comprise about breathable easily portable information. jimmy choo sale
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

The security of Oracle's Java software framework, installed on some three billion devices worldwide, is taking a turn for the worse, thanks to an uptick in attacks targeting vulnerabilities that will never be patched and increasingly sophisticated exploits, security researchers said.

The most visible sign of deterioration are in-the-wild attacks exploiting unpatched vulnerabilities in Java version 6, Christopher Budd, threat communications manager at antivirus provider Trend Micro, wrote in a blog post published Tuesday. The version, which Oracle stopped supporting in February, is still used by about half of the Java user base, he said. Malware developers have responded by reverse engineering security patches issued for Java 7, and using the insights to craft exploits for the older version. Because Java 6 is no longer supported, the security those same flaws will never be fixed.

"This is a large pool of vulnerable users who will never be protected with security fixes and so [they're] viable targets for attack," Budd said.

Read 3 remaining paragraphs | Comments


    






 
While Dell has captured headlines for months as it attempts the transition from public to private company, BMC Software went private on Tuesday without all the drama and shareholder fireworks.
 
IBM wants to help IT managers apply company policies to their big data analysis projects.
 

It started with a pretty benign question from an ISC reader. But if the corresponding SQL query times out on our sensors, something is probably indeed going on ... The IP addresses listed above have >30'000 domain names associated to them, all of the format as shown below

byqajg2lclo7221tdx511xf21594e06d2bb1166c296c16adf1cbfe1b [ dot ] bizgo.be
byqajg2lclo7221tdx511xf21594e06d2d442d2a296c5ee5188fa2c0 [ dot ] bizgo.be
byqajg2lclo7221tdx511xf21594e06d2df74c3c296c49dd3801615d [ dot ] bizgo.be
byqajg2lclo7221tdx511xf40934e06d2ce119772967b2379df2211a [ dot ] bizgo.be

bizgo is not the only domain used, there are many, but currently concentrated in *.be. The host names seem to be time-based, and are only valid for the briefest of instants. This makes manual analysis somewhat difficult - by the time you have grabbed a sample and are running it in the sandbox, well, the domain name no longer resolves. Consequently, only a handful of malware reports on VirusTotal and Malwr.com so far actually show a real detection, for example

https://malwr.com/analysis/NmQ5NmYwN2EyMTQzNDY3Zjk3MjY0MTRhOTQzMjE2Mjc/
https://malwr.com/analysis/NWFiMGYxY2E1MzVhNDkxOGIxNDAzNTQ4ODNkODU5ZjQ/

and both suggest that a Trojan Downloader is coming from this IP, but otherwise didn't get all that far with the analysis. For the traffic that a sensor of ours captured, the requested file path was /i/last/index.php, which matches Emerging Threat SID 2015475 for a Blackhole landing page.

If you have intel to share on these domains or IPs, please let us know via the contact form, or the comments below.

 

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Tablet shipments will surpass desktop and laptop PCs in the fourth quarter of 2013, IDC predicted Wednesday.
 
LinuxSecurity.com: A vulnerability has been discovered and corrected in gdm: GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/ (CVE-2013-4169). [More...]
 
LinuxSecurity.com: Rainer Koirikivi discovered a directory traversal vulnerability with 'ssi' template tags in python-django, a high-level Python web development framework. [More...]
 
LinuxSecurity.com: A buffer overflow in Snack could result in execution of arbitrary code or Denial of Service.
 
LinuxSecurity.com: An updated Adobe Flash Player package that fixes four security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]
 
LinuxSecurity.com: It was discovered that exactimage, a fast image processing library, does not correctly handle error conditions of the embedded copy of dcraw. This could result in a crash or other behaviour in an application using the library due to an uninitialized variable being [More...]
 
LinuxSecurity.com: ImageMagick could be made to crash or run programs as your login if itopened a specially crafted file.
 

We have a couple of issues people reported with yesterday's Microsoft patches. Let us know if you experienced any of these issues, and what workaround you applied to get things back to normal:

KB2868116: Takes very long to install. Just sit back and wait (30-45 Minutes). This patch improves the content of warning messages, so it is somewhat security relevant, but does not patch an actual vulnerability.

KB2817630: Causes Outlook to loose all folders. No workaround other then removing the patch. This was not a security patch.

We will add to this list as we confirm any other issues. So far, there are some reports of the system re-applying the same patch over and over, but there are just one or two users reporting this, and in some cases the patch that causes it isn't identified.

 

------

Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Intel and Google showed off the next generation of Chromebooks from Hewlett-Packard, Acer and Toshiba, which will be faster and more power-efficient than predecessors.
 
Much of what Apple offers enterprise workers and their IT departments in the new iPhone 5S and 5C comes by virtue of its new mobile operating system, iOS 7, which was first announced in June.
 
The central system built to support Affordable Care Act health insurance exchanges has successfully completed security testing and is set to begin operating on October 1, the Centers for Medicare & Medicaid Services announced Wednesday.
 

The rise of the white hat vigilante
SC Magazine Australia
SC doesn't know Xylitol's name, only that he lives in France, and has achieved fame in infosec circles for tireless disruption of cracker and fraud forums, botnets and malware kits. Xylitol is one of a small but well-armed clutch of security ...

 
Usually, workstations are big and brutish. But HP is betting that workstation users are just like everyone else and want thin and light systems.
 
The 12th anniversary of the 9/11 attacks on Wednesday prompted AT&T to post a Twitter image that raised the ire of Twitter users who thought it was in poor taste.
 
An Office 2013 non-security update, part of yesterday's massive Patch Tuesday, blanks the folder pane in Outlook 2013, the suite's email client, drawing complaints from users.
 

There is a new iPhone and it comes with a finger print sensor! What better reason to talk a bit about biometric. In the good old days before Defcon and Wardriving, Biometrics had an ambiance of "high security". Remember the James Bond movie where they cut out a guy's eye to bypass a retina scanner? Those days are long gone. Now we have seen fingerprint and facial recognition systems being bypassed by simple printouts of the fingerprint or face, or rubber molds of fingerprints being used instead of the real thing.

So how meaningful is a fingerprint sensor these days? The right answer is of course: It depends. First on the quality of the sensor, secondly of the software used to analyze the acquired data, and finally the alternative authentication methods it replaces or suplements.

During enrollment, the sensor acquires a reference image of the fingerprint. This image is then analyzed, and certain parameters are extracted from the image. It is these parameters, not the original image, that will be used to compare later authentication attempts. Of course, no two images are quite alike. It may not be possible to identify all the parameters, or some additional characteristics may be discovered that were not visible in the reference scan. The result is that the software has to allow for some variability. For low quality sensors, this variability can be quite large, leaving you with only few distinct features. The result is the same as having a bad password: Many different users will end up with the same "fingerprint" as far as the sensor is concerned.

So what does this mean for the iPhone, or mobile device authentication in general? The problem with mobile device authentication has always been the fact that it is difficult for the user to enter complex passwords on a small keyboard. The result is that most users choose short numeric PINs. There have been a couple of other attempts, for example the Android "pattern" login and the use of cameras for facial recognition. The facial recognition usually suffers from bad sensor quality and from very variable lighting. The pattern login is a pretty neat idea, but I think it hasn't been tested sufficiently to figure out how much patterns users choose actually differ.

There is one thing Apple appears to have done right: The fingerprint data stays on the phone, and is not backed up to any cloud service. If this information got lost, an attacker could use it to reconstruct a duplicate of the finger, which in turn could be used for biometric identification even beyond the iPhone itself. 

As far as the quality of the image sensor and software: We will have to wait for it to be tested once the phone is released. It probably does not include more advanced feat rues like measuring the users body temperature or observing blood flow. But I hope it will be better then a 4 digit pin.

One easy improvement: Make it "real two factor" by allowing users to require a PIN/Password in addition to the fingerprint. Could they have done better then a fingerprint? There are a few different common biometric sensors: Facial recognition, Fingerprint, Weight/Height, retina scans and iris scans. Fingerprints are probably best considering the price of the sensor and the difficulty to acquire the data.

Finally: There is probably one real big vulnerability here. A stolen iPhone is likely covered in the user's fingerprints. It shouldn't be too hard for an attacker to lift a finger print off the phone itself to bypass the sensor.

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
South Korean organizations that conduct research on international affairs, national security and Korean unification are under siege from cyberspies whose attack may have its origins in North Korea.
 
Few tech buzzwords of late have been more prevalent than 'big data,' and SAP is hoping to make sure the market knows it's hip to the trend with a series of new announcements.
 
A second, lower-priced iPhone was not the only reveal at this week's Apple announcement. What are you most excited about?
 
GroupLink everything HelpDesk Multiple Cross Site Scripting and Security Bypass Vulnerabilities
 
MikroTik RouterOS 'sshd' Component Multiple Heap Memory Corruption Vulnerabilities
 
GNOME GDM CVE-2013-4169 Insecure Temporary File Creation Vulnerability
 
Dozens of tablets, some priced as low as $99, are expected out by year's end running the new Intel Atom processors, which began shipping Wednesday.
 
Embracing the growing market for mobile applications, Embarcadero Technologies has updated its flagship RAD Studio so developers can use the IDE to write C++ or Delphi programs for both Android and iOS devices.
 
Dell on Wednesday showed off a new Windows 8.1 tablet called Venue, a brand name for mobile devices the PC maker abandoned when it discontinued shipment of smartphones early last year.
 
"When it comes to storing data, there is no 'one-size-fits-all' solution," says Orlando Scott-Cowley, Messaging, Security and Storage Evangelist at Mimecast, a cloud and mobile data storage and security provider.
 
Apple yesterday poked Microsoft by announcing it would give away its trio of iWork productivity apps to buyers of new iOS 7-compatible iPhones, iPads and iPod Touches purchased after Sept. 1.
 
[security bulletin] HPSBUX02928 SSRT101274 rev.1 - HP-UX running perl, Remote Denial of Service (DoS)
 
[ MDVSA-2013:230 ] gdm
 
[SECURITY] [DSA 2755-1] python-django security update
 
OWASP Zed Attack Proxy 2.2.0
 

Of all the new features of Apple's new iPhone 5S, few have drawn more attention than the built-in fingerprint scanner known as Touch ID. Apple billed it as an "innovative way to simply and securely unlock your phone with just the touch of a finger." More breathless accounts were calling it a potential "death knell for passwords" or using similarly overblown phrases.

Until the new phones are in the hands of skilled hackers and security consultants, we won't know for sure if Touch ID represents a step forward from the security and privacy offered by today's iPhones. I spent several hours parsing the limited number of details provided by Apple and speaking to software and security engineers. I found evidence both supporting and undermining the case that the fingerprint readers are an improvement. The thoughts that follow aren't intended to be a final verdict—the proof won't be delivered until we see how the feature works in the real world.

The pros

I'll start with the encouraging evidence. Apple said Touch ID is powered by a laser-cut sapphire crystal and a capacitive touch sensor that is able to take a high-resolution image based on the sub-epidermal layers of a user's skin. While not definitive, this detail suggests Apple engineers may have designed a system that is not susceptible to casual attacks. If the scans probe deeply enough, for instance, Touch ID probably wouldn't be tricked by the type of clones that are generated from smudges pulled off a door knob or computer monitor. In 2008, hackers demonstrated just how easy it was to create such clones when they published more than 4,000 pieces of plastic film containing the fingerprint of a German politician who supported the mandatory collection of citizens' unique physical characteristics. By slipping the foil over their own fingers, critics were able to mimic then-Interior Minister Wolfgang Schauble's fingerprint when touching certain types of biometric readers.

Read 15 remaining paragraphs | Comments


    






 
Want a custom app or site for your business, but don't have the skillset to pull it off in-house? There's no shortage of dev contractors out there to help you, but choosing the right one can be nerve-wracking, and getting optimal work from outside help isn't always easy. In this article, we'll explore the most common ways things can go wrong with outsourced dev projects and what you can do to ensure the best possible output from your contractors.
 
Adobe released security updates for Flash Player, Adobe Reader and Shockwave Player on Tuesday to address critical vulnerabilities that could allow attackers to take control of systems running vulnerable versions of those programs.
 
Microsoft SharePoint CVE-2013-3179 Multiple HTML Injection Vulnerabilities
 
IBM InfoSphere Optim Performance Manager CVE-2013-2979 Unspecified Directory Traversal Vulnerability
 
Increasing sales of cheaper systems helped fuel growth in the high-performance computing (HPC) sector during the second quarter, while interest in high-end supercomputers cooled.
 
ProFTPd mod_sftp/mod_sftp_pam invalid pool allocation in kbdint authentication
 
Insecure CHIASMUS encryption in GSTOOL
 
Open-Xchange AppSuite Multiple Information Disclosure And Security Bypass Vulnerabilities
 
Cross-Site Scripting (XSS) in WikkaWiki
 

 

This is a "guest diary" submitted by Tom Webb. We will gladly forward any responses or please use our comment/forum section to comment publically. Tom is currently enrolled in the SANS Masters Program.

Rsyslog has some very useful features when building a centralized syslog system. If you are not currently centralizing your logs or have not organized them in an efferent way for analysis, this post will get you started in the right direction.  

To understand how to create a filter, you must understand the basic breakdown of the message format. Below is a visual representation of a basic log. The rawmsg is the entire syslog line. If you use this in your filter, it will check the entire line for a match. The hostname field can match a name or an IP address. The programname field normally lists the application that created the log and the msg field is anything after the programname. 

|-------------------------------------rawmsg--------------------------------------|

|-----Date-----|-----Hostname----|programname|-----------------msg----------------|  

Aug 14 02:38:01  SIFT-Workstation  rsyslogd:      rsyslogd's userid changed to 101

 

Client logs

To setup all logs for a Linux system to forward to your central log server simply change the /etc/rsyslog.conf file and replace the IP address of your syslog server with (192.168.1.1) in following line:

*.* @192.168.1.1:514

If you only want to forward a type of application logs to syslog, be more specific about what you want to send. If you do not need all the information in a log, filter out the noise. This will save disk space and speed up processing. In this example, we are only sending apache logs to the server. 

If $programname contains ‘apache’ then @192.168.1.1:514

To send the logs via UDP use one ‘@’ sign and to send the logs via TCP use two ‘@@’ signs.

If $progrmname contains ‘apache’ then @@192.168.1.1:514

Organizing Logs

Once you have several devices reporting to your syslog server, you will need to break the logs into different files to make analysis easier. Most often, you will want to group logs by application. Some of the common operators for filtering are contains, isequal, and startswith.

If you want rsyslog to stop process the line once you have a match, use & ~ on the next line. This prevents the line from being entered into multiple files (e.g. /var/log/my-log and /var/log/syslog).

To place all logs from one IP address into a single log, use the below example. It takes anything from the IP 10.10.41.12 and adds it to the /var/log/mail.log. 

if $fromhost-ip == '10.10.41.12' then /var/log/mail.log

&~

For devices in a cluster, you will likely want both device logs in the same file. In the following example both IP 10.10.10.3 and 10.10.10.4 logs are placed into the /var/log/firewall.log. 

if ($fromhost-ip == '10.10.10.3' or  $fromhost-ip == '10.10.10.4') 

Use a partial IP match for lots of devices on a couple of subnets. In this example, anything that has a 10.20.0 address or 10.30.0 is placed into /var/log/load-balance.log. Rsyslog cannot use CIDR notation for subnets, but in most cases, this is a decent replacement.

if ($hostname contains '10.20.0' or $hostname contains '10.30.0') then/var/log/load.log

To create a log for all authentications, the rule below will take any message that contains ‘auth’ and place it into the /var/log/remote-auth.log file.

if $msg contains 'auth' then /var/log/remote-auth.log

A more complex filter to match both authentications and the word fail, use the below example.

If $msg contains ‘auth’ and $msg contains ‘fail’ then /var/log/remote-fail.log

Rsyslogs support very complex logic and syntax. For more information, visit the following links.

http://www.rsyslog.com/doc/rsyslog_conf_filter.html

http://www.rsyslog.com/doc/property_replacer.html

--

Tom Webb

 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A U.S. appeals court upheld a district court decision that Google's collection of data from unencrypted Wi-Fi networks under its Street View program is not exempt from federal wiretap laws.
 
Before Apple announced its lower cost iPhone 5C, some had speculated the C could stand for China, a vital market for the company's future growth. But on Wednesday, consumers in the country appeared less than thrilled with the new smartphone amid expectations it would be far more affordable than the standard iPhone.
 
Apple's latest operating system iOS 7, due to be released Sept. 18, is already under the microscope of independent security researchers looking for a new jailbreak.
 
After its longest one-day drive yet, NASA's Mars rover Curiosity is set for the first investigation during what could be a year-long journey.
 
Graphics software company Micrografx sued Google, its subsidiary Motorola Mobility, and Samsung Electronics for infringing three graphic patents by running Google Maps and Chrome Browser on their Android devices.
 
An Office 2013 non-security update, part of yesterday's massive Patch Tuesday, blanks the folder pane in Outlook 2013, the suite's email client, drawing complaints from users.
 
NASA has lost contact with the Deep Impact spacecraft, its eight-year-old deep-space comet hunter.
 
Maybe this wasn't a surprise: Apple announced the new iPhone 5S and iPhone 5C on Tuesday, but neither comes equipped with an NFC chip inside.
 
Frank Baitman, the CIO of the U.S. Department of Health and Human Services, was at the Amazon Web Services conference praising the company's services. His talk was on the verge of becoming a long infomercial, when he stepped back and changed direction.
 
The best desktop virtualization software for techs adds support for Surface Pro sensors and more polish
 
[security bulletin] HPSBUX02926 SSRT101281 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
 
Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Web Vulnerability
 
[SECURITY] [DSA 2754-1] exactimage security update
 

Posted by InfoSec News on Sep 11

http://www.haaretz.com/news/national/1.546299

By Gili Cohen and Orr Hirschauge
Haaretz
Sep. 10, 2013

Hundreds of Israelis who have recently reported slowdowns in their
Internet access appear to have been the victims of cyberattacks, Haaretz
has learned. This comes as a hacker group evidently protesting Israeli
policies is planning its latest round of cyberattacks on Israeli websites,
scheduled for today.

The group, AnonGhost, has released...
 

Posted by InfoSec News on Sep 11

http://blogs.dallasobserver.com/unfairpark/2013/09/61-year-old_plano_man_gets_fiv.php

By Eric Nicholson
Dallas Observer
Sep. 6 2013

Despite what its name implies, Exel Transportation Services does not
actually transport anything. It's what's called an intermodal marketing
company; basically, it helps other companies ship things. Not the sexiest
business to be in, but lucrative enough to convince Exel CEO Michael
Musacchio to jump...
 

Posted by InfoSec News on Sep 11

http://www.theguardian.com/technology/2013/sep/09/jake-davis-topiary-lulzsec-answers

By Charles Arthur
theguardian.com
September 9, 2013

Jake Davis, who as "Topiary" in the hacking crew LulzSec was involved in
breakins to a number of websites culminating in a hack of the Sun's news
site - and subsequently sentenced to serve time in a young offenders'
institution - says his intention was only to prompt debate about how...
 

Posted by InfoSec News on Sep 11

http://en.ria.ru/crime/20130910/183338519/Russian-Cybercrime-Market-Fell-to-193-Billion-in-2012.html

RIA Novosti
10/09/2013

NB: The headline has been modified to reflect that the information in this
story comes from a single, unofficial source.

MOSCOW, September 10 (RIA Novosti) – The value of the cybercrime market in
Russia dropped 6 percent to $1.93 billion last year, compared with $2
billion the year before, a top cyber security expert...
 

Posted by InfoSec News on Sep 11

http://www.darkreading.com/management/crowdstrike-gets-30m-in-new-round-of-fun/240161057/

By Tim Wilson
Dark Reading
September 10, 2013

Security vendor CrowdStrike received an infusion of $30 million in funding
Monday, and investors say they are putting their dollars behind companies
that are rethinking the security problem.

In a press release, CrowdStrike announced that it had raised an additional
$30 million in Series B financing, led by...
 

Posted by InfoSec News on Sep 11

http://www.csoonline.com/article/739445/apple-s-ios-7-gives-security-pros-a-lot-to-like

By John P. Mello, Jr.
CSO Online
September 10, 2013

Fingerprint reading isn't the only sign that Apple is upping the ante in
mobile security. It's new operating system is full of goodies that should
boost its security appeal in the enterprise.

"Before iOS 7, Apple already had a secure operating system, with many
options available to...
 
Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities
 
Synology DSM multiple vulnerabilities
 
eTransfer Lite v1.0 iOS - Persistent Filename Vulnerability
 
Internet Storm Center Infocon Status