InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
For 333 people who used "ninja" as a password for Yahoo Mail or another Web service, Thursday was the day their fleet-footed, black-clad cover was blown.
Last night I presented a series of tips and gotchas whilst setting up a home lab for Malware and Packet collection.

Packet and Malware Collection for the Home Network, Research Starts at Home!

- Richard Porter, ISC Handler

- Wednesday, July 11 * 8:15pm - 9:15pm

If you are just getting started in the Information Security Field, or want to practice your packetFu or MalwareFu? A place to start is on the home network! Often at a SANS Conference you will hear the Instructors, Faculty or even the Handlers reply with Get Written Permission! With that, you have permission on a network you own. This talk will go over setup, tools, pit-falls and things to be aware of for the home network. This discussion is a useful addition to both Security 503: Intrusion Detection In-Depth and Forensics 610: Reverse Engineering Malware.

It was well attended, and thanks for all the kind words. There were so many requests for my presentation and tips that when we recover from SANSFire, I will write another diary on more hints and tips but here are a couple:

1 - Roomate/Spouse/KId Alerting: Let them know you will be capturing traffic (Or not)

2 - Power: Check power where your lab is, your home wiring may be in series [1]

[1] http://en.wikipedia.org/wiki/Electrical_wiring

@packetalien - Twitter

And thanks again for all those who attended. Check back for more tips about running a lab at home (along with the Dionaea Virtual machine, when it is more stable.)

From SANSfire 2012, signing off!

Signing back on for an UPDATE: @karl thanks!

Tip 2, power, don't overload your circuit. I have dedicated drops at points in my home. As he pointed out, my tip is to not add to much load to one circuit and plan how much you are going to draw.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Microsoft has launched Bing Fund, an angel fund with an incubator program that will make Microsoft resources available to startups and potentially provide it with acquisition targets in the future, Microsoft said in a blog post Thursday.
Oracle is planning to deliver 88 security fixes next Tuesday for a wide range of its products, according to a pre-release announcement posted to its website on Thursday.
Since the Hong Kong SAR government's establishment of the OGCIO--and its ditching of the ITSD (Information Technology Services Department)--in 2004, many local ICT pros and startups have slammed the government's lukewarm attitude towards the industry's development.
Donald Farmer, VP for Product Management at business intelligence (BI) technology provider QlikTech, spoke with MIS Asia recently about the new face of business analytics. Find below the expurgated transcript of the first part of our interview.
We just added an Internet Storm Center Events page at https://isc.sans.edu/events/sansfire-2012.html! This can be used for announcing upcoming events and posting updates as they happen involving ISCand our handlers.
The Internet Storm Center Events page lists past, current and upcoming events pertaining to ISCand our handlers. There is also a link to Internet Storm Center Events RSSfeed you can subscribe in from your favorite feed reader!
The listings include the Event Host (link to their website if available), Date(s), Location, short description and a link to either the event page on the hosts website or an ISC page where we'll list details of the event as they unfold.
The ISCEvent details page content will vary depending on the event type and activities. Check out the first one for SANSFIRE2012!! Be sure and check back for updates, added talks, presentations, links and to keep up with what's happening at the event!

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form


Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center https://isc.sans.edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The references books I used to thumb through on rainy day visits to the library as a kid--your almanacs, your encyclopedias, your reference books--are all going digital. If the results are as good as what Barefoot World Atlas has to offer, that's not a bad trend at all.
[SECURITY] [DSA 2512-1] mono security update
ZDI-12-125: Apple Quicktime QTPlugin SetLanguage Remote Code Execution Vulnerability
If Chinese-based computer manufacturer Lenovo keeps moving at its current pace, the company will surpass Hewlett-Packard as the world's largest PC maker by the beginning of 2013, industry analysts say.
ZDI-12-123: EMC AutoStart ftAgent Opcode 50 Subcode 60 Parsing Remote Code Execution Vulnerability
ZDI-12-122: EMC AutoStart ftAgent Opcode 65 Parsing Remote Code Execution Vulnerability
docXP 'fid' Parameter Directory Traversal Vulnerability
[SECURITY] [DSA 2511-1] puppet security update
ZDI-12-124: EMC AutoStart ftAgent Opcode 50 Subcode 42 Parsing Remote Code Execution Vulnerability
Mahindra Satyam, like many other India-based offshore firms in recent years, is expanding its presence in the U.S.
The U.S. National Telecommunications and Information Administration's first step toward developing a consensus on mobile privacy standards may be the wrong step, privacy advocates said.
Yahoo today confirmed that 450,000 unencrypted usernames and passwords were stolen Wednesday from one of its services, although it downplayed the threat.
It is "distressingly common" to see ERP (enterprise-resource-planning) projects involving Oracle, SAP and Microsoft Dynamics software end up taking longer than customers anticipated, according to a new survey.
House Style 'file' Parameter Directory Traversal Vulnerability
ZDI-12-118: EMC AutoStart ftAgent Opcode 0x03 Parsing Remote Code Execution Vulnerability
ZDI-12-117 : EMC AutoStart ftAgent Opcode 50 Parsing Remote Code Execution Vulnerability
ZDI-12-116 : EMC AutoStart ftAgent Opcode 50 Subcode 04 Parsing Remote Code Execution Vulnerability
ZDI-12-115 : HP OpenView Performance Agent coda.exe Opcode 0x8C Remote Code Execution Vulnerability
U.S. states on Thursday announced they have reached settlement agreements with LCD makers LG Display, AU Optronics and Toshiba, who will pay close to US$571 million end the price-fixing case against them.
The Russian legislature's lower house on Wednesday adopted a bill that, according to tech companies in the country, could lead to Internet censorship.
A group of hackers on Thursday published a list of over 453,000 log-in credentials on the Internet that were allegedly stolen from a database associated with an unnamed Yahoo service.
Both corporations and their employees who tweet on the company's behalf must clarify the question.
The U.S. National Telecommunications and Information Administration's first step toward developing a consensus on mobile privacy standards may be the wrong step, privacy advocates said.
ZDI-12-114 : HP OpenView Performance Agent coda.exe Opcode 0x34 Remote Code Execution Vulnerability
A new file backup feature in Windows 8 that Microsoft trumpeted this week will help users protect their data but it is incomplete and far from unique, according to analysts.
Phonalisa v5.0 VoiP - Multiple Web Vulnerabilities
Ok, so I'm a bit late on this - my SANSFIRE presentation was actually on Tuesday (July 10).

In this presentation, we discussed the basics of the on board computer and network within your car. Well-established and legislated SAE and ISO standards define the basics of the OBD (On Board Diagnostic) interface and the network behind it. Unfortunately, these standards don't include such security basics as authentication or authorization - in fact. Even worse, the wireless interfaces in your car (Tire Pressure sensors, in-car Bluetooth etc) don't include these concepts either, and in most cases connect directly back to same network. Any command injected into this computer is blindly followed by the target

Current work into future standards for automotive communications is even bleaker - with peer-to-peer networks for cars (for accident avoidance for instance)and roadside data collection (for emissions monitoring and other uses) on the horizon. The current guidance document for roadside data collection (remote OBD communications) includes such sage advice as your database should be password protected, but the wireless communications guidance is all about maximizing range and minimizing the impacts of handing off a session between successive peers as the car moves - - not a word about protecting data in transit (wireless encryption or authentication for instance).

A common thread at SANSFIRE this year is security exposures of embedded devices and security issues on SCADA controlled critical infrastructure networks. The automotive OBD network combines these two alarming issues on one critical infrastructure network that most of us use every day. And no-one seems to be working on addressing this issue.

Combining these threats with wireless interfaces (tire pressure sensors, bluetooth and newer zigbee-like interfaces) and recent research (University of Michigan, UCSDetc)describes a significant threat and a viable potential for attack against the civilian population. We discussed the potential for an cellphone-sized magnetic or remote device that could kill or control a car for law enforcement (or malicious actors), or a roadside accident generator - a very possible attack would be to engage the front-left brake of a single (or many, or many-many) target vehicle(s). Worse yet, if remote OBD is deployed in high traffic areas (as is currently being discussed) to monitor things such as speed, safe driving or emmissions in real-time, the platform for such an attack might be supplied to the attacker, all they'd need to do would be to hijack this benign platform for evil.

Interfacing to the OBD bus in useful ways was demonstrated, starting with the basics using Putty (or Hyperterminal) to query for OBD parameters.

From there we discussed using higher level languages to perform more useful functions - a Python library was used for similar queries, then leveraged to write two real time dashboards in Python.

An OBD packet capture utility was also shown, with a nifty time-mark function that is useful in network forensics within the car.

This presentation and example code used will all be posted in our presentations area - watch for them at https://isc.sans.edu/presentations/#sansfire
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
LC Flickr Carousel 'file' Parameter Directory Traversal Vulnerability
ecan 'fid' Parameter Directory Traversal Vulnerability
Xen 64-bit PV Guests Local Denial of Service Vulnerability
A focus on integration and the user experience will be key to success.
U.S. Immigration and Customs Enforcement seized 70 websites accused of selling products that infringe copyright, bringing the number of websites seized by ICE in the last two years to 839.
Hastymail 'rs' and 'rsargs[]' Parameters Remote Code Injection Vulnerabilities
[ MDVSA-2012:105 ] pidgin
[ MDVSA-2012:104 ] openjpeg
[ MDVSA-2012:103 ] automake
TP Link Gateway v3.12.4 - Multiple Web Vulnerabilities
Apple will continue to dominate the world's tablet market through 2016 if it launches a smaller iPad this year, according to research firm IDC.
Quest Foglight Multiple Security Bypass Vulnerabilities
Eucalyptus Multiple Authentication Mechanism Security Bypass Vulnerabilities
Puppet Multiple Security Vulnerabilities
Adobe SpeedGrade CS6 is a color grading software program that used to cost upwards of $20,000 when it was sold as a professional stand-alone package from Iridas. But following that company's purchase by Adobe, SpeedGrade is now included with the CS6 Production Premium, Master Collection, and Creative Cloud bundles, or sold separately for $999. Using what Adobe calls the Lumetri Deep Color Engine, SpeedGrade allows you to perform professional color grading on your video footage--either in its raw format or as an edited composition derived from Premiere Pro CS6 ( Macworld rated 4 out of 5 mice ).

Sypris Elects Robert F. Lentz to Its Board of Directors
MarketWatch (press release)
Among his many other responsibilities, Mr. Lentz served as the Chairman of the National Space INFOSEC Steering Council, principal DoD member of the Presidential Sub-Committee on National Security Systems, leader of the DoD IA Steering Council, and ...

and more »
SAP's software revenue grew 26% in its second quarter to $1.3 billion, coming in at the high end of expectations, the company said Thursday.
Intuit will announce on July 12, the availability of a new, free app aimed at small business owners who don't use accounting software or payroll services. Snap Payroll, available for the Apple iPhone and iPad, will calculate an employee's net pay based on his or her hourly wage and hours worked, taking into account the appropriate withholding for state and federal income taxes.
ESA-2012-023: RSA Authentication Manager Multiple Vulnerabilities
A group of hackers on Thursday published a list of over 453,000 log-in credentials on the Internet that were allegedly stolen from a database associated with an unnamed Yahoo service.

Anonymous' cause can't be compared to the Vietnam War. Not even close
CSO (blog)
The image is the topic of debate on Twitter and Facebook. Infosec practitioner and friend Martin Fisher said of it, "Disgusting. But there's your First Amendment right." Said Dave Null: "Them boys think mighty highly of themselves, don't they?" My own ...

and more »
The IT job market is either hot or lackluster, but mostly it is difficult for anyone who is seeking a job or hiring.
Social-savvy IT executives weigh in on how they use social media to connect with employees and improve company operations -- and how you can do the same.
The Wi-Fi Direct standard may get a much-needed boost next year from work by the Wi-Fi Alliance to make it easier to use for both consumers and developers.
Wikipedia plans to ask users to provide suggestions to improve articles on its website, which could be incorporated into the articles by its editors, Wikimedia Foundation, the nonprofit charitable organization that operates the site, said.
Taiwan's MediaTek, a designer of mobile processors, plans to help bring Twitter to lower-end feature phones, by pre-installing the social media service on to the company's chipsets.
Just in time for what will be a large number of required migrations, CA Technologies has updated its software for managing DB2 databases running on IBM z/OS mainframes.
Toshiba said Thursday it will reorganize its TV business in Japan, merging product designers with those for computers and tablets in attempt to create "fusion products" and simplify its product lines.
The IT job market is either hot or lackluster, but mostly it is difficult for anyone who is seeking a job or hiring.
Tablets and smartphones -- and users' infatuation with them -- continue to pummel the PC market.
Internet Storm Center Infocon Status