Hackin9

We experienced a system glitch today, which resultied in repeated notifications being sent out regarding a recently-published diary. We apologize about the inconveninece and are investigating this problem.

-- Lenny

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

SANS Has Added Online Training Event to Support Training Budgets without ...
SYS-CON Media (press release)
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...

and more »
 
In another example of the consumerization of IT, people have embraced cloud storage and file sharing services like Dropbox both at home and at work, and CIOs better take notice about this trend, according to a Forrester Research report.
 

A client recently called me with some bad news.  "Our CFO's laptop was just stolen!" he told me - "What should we do?".  My immediate response (and out-loud I'm afraid) was "Fire up the Delorean, go back in time and encrypt the drive".  Needless to say, he wasn't keen on my response, even though I offered up a spare flux capacitor - maybe his Delorean was in the shop.

His response actually suprised me "We're actually in the middle of a WDE (WHole Disk Encryption) project.  The CFO's laptop was scheduled for next week (delayed at his request)".  But no matter how good that project is, it wasn't helping us today.
This client is under both NERC and PCI regulation, so I asked the obvious "did he have any financial data on his machine?  Do you need to disclose the theft as a breach?".  The response was an immediate "he says not".  Since the answer wasn't a definite "no", I asked the obvious - "Do you believe him?"  The answering pause really said it all.

The challenge we then had was to prove to the CFO, one way or the other, that sensitive data did or did not exist on the laptop.  Having just taken SANS FOR408, I know for a fact that even if he didn't save anything to the laptop, the presense of files and either parts of or full files are strewn across the file structure, registry and a kazzilion other locations on the machine.

So the scenario and a fun forensics question to end your week is:
A Windows 7 laptop, fully patched with Office 2010 installed
The corporate browser is IE10, but Firefox is also installed

Using our comment form
, share where you would look for sensitive files, fragments of files or indicators of the presence of files.
Passwords, links and other sensitive information are all in play.
Be sure to include the tool or method you would use to find any evidence - duplicate "findings" are perfectly fine, as long as the tool or method is different.

Let's assume that the user didn't download anything to the "downloads" directory, and didn't have "I don't know where I saved that file" files strewn across his local profile and drive (even though that's extremely likely)

I'll update this story in a week or so with how the story played out, and how we made the point to the CFO.

Happy forensicating everyone!
 

===============
Rob VandenBrink
Metafore

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Re: MiniUPnPd Information Disclosure (CVE-2013-2600)
 
Scientists have discovered that, by using nanostructured glass and five dimensional digital data recording, they may be able to store 360TB of data forever.
 
Chinese government officials agreed to crack down on software and other piracy and to take steps to ensure that state-owned organizations use legal software.
 
Corel PDF Fusion Insecure Library Loading Code Execution and Stack Buffer Overflow Vulnerabilities
 
Mediacoder '.m3u' File Buffer Overflow Vulnerability
 
The National Institute of Standards and Technology (NIST) has issued a new publication that broadens agency security options for Personal Identity Verification (PIV) cards. Biometric Data Specifications for Personal Identity Verification ...
 
A disaster movie on the SyFy channel about sharks raining down on L.A., lit up Twitter on Thursday night.
 
Mobile malware attacks -- most of them aimed at Android devices -- are up six-fold since last year, an increase due mainly to the use of free mobile apps from sketchy vendors, according to studies by McAfee and Juniper Networks.
 
Microsoft this week said a pair of vulnerabilities, including one publicly disclosed by a Google security engineer in May, had been exploited in the wild before they were patched on Tuesday.
 
MiniUPnPd Information Disclosure (CVE-2013-2600)
 
[Foreground Security 2013-002]: Corda Path Disclosure and XSS
 
[security bulletin] HPSBST02890 rev.3 - HP StoreOnce D2D Backup System, Remote Unauthorized Access, Modification, and Escalation of Privilege
 
Fugitive classified document leaker Edward Snowden, holed up at Moscow's Sheremetyevo International Airport since June 23, today accused the U.S. government of using 'historically disproportionate aggression' to get him back to the United States to face charges of violating the Espionage Act of 1917.
 
It may not quite be a character out of The Terminator, but university scientists have developed a way to use 3D printing to create structures made out of liquid metal.
 
If Steve Ballmer's words mean anything, Microsoft is about to dramatically expand the number -- and type -- of devices it makes in-house.
 
Multiple vulnerabilities in BMC SERVICE DESK EXPRESS (SDE) Version 10.2.1.95
 
Intel CTO Justin Rattner, who recently announced his departure, leaves behind a legacy of putting people back in technology development. He helped put Intel chips in more products, but he also encouraged innovation that improves everyday life. Because of Rattner, today's college students want to be tomorrow's engineers.
 
LinuxSecurity.com: Multiple vulnerabilities have been found in HAProxy, allowing attackers to execute arbitrary code or cause Denial of Service.
 
Multiple vulnerabilities in McAfee ePO 4.6.6
 
Re: Windows 7/8 admin account installation password stored in the clear in LSA Secrets
 
CVE-2013-3568 - Linksys CSRF + Root Command Injection
 
Microsoft is alleged to have taken steps to ensure that the NSA had continuous access to services such as Skype and Outlook.com. Microsoft is adamant that it only cooperated with the authorities where legally required to do so
    


 

One on One with Mark Settle of BMC
FierceCIO
The third trend is big data and specifically how big data tools can be applied to the tons of data generated by information security (infosec) systems dedicated to intrusion detection, security incident and event management, and data loss prevention ...

 
Microsoft has already received several vulnerability reports that qualify for monetary rewards as part of the company's bug bounty program launched in June for the preview version of Internet Explorer 11.
 
Intel CTO Justin Rattner, who recently announced his departure, leaves behind a legacy of putting people back in technology development. He helped put Intel chips in more products, but he also encouraged innovation that improves everyday life. Because of Rattner, today's college students want to be tomorrow's engineers.
 
Five out of 10 outsourcing buyers will up their bets on applications outsourcing, according to a joint survey from KPMG and HfS Research, but they continue to be disappointed by providers' analytical capabilities and innovation.
 
Twitter has handed French prosecutors information enabling the identification of some of those responsible for posts last year apparently contravening French laws on hate speech, according to the Union of French Jewish Students (UEJF), which had filed suits against the company to compel it to release the data.
 
A Japanese ministry is conducting an internal investigation after a Google Groups account used for international treaty negotiations was left on its default, publicly viewable settings.
 
NASA's Mars rover Curiosity made its third short trip this week as part of a long trek that could take as much as a year.
 

Microsoft has offered a Teredo server to allow users behind NAT gateways to obtain an IPv6 connection. Teredo was always considered as a transition technology to obtain IPv6 connectivity is nothing else works to connect to a particular resource ("path of last resort"). With native IPv6 connectivity becoming more common, there will be less need for transition technologies like Teredo. 

As we reported earlier, the host name for Microsoft's Teredo server (teredo.ipv6.microsoft.com) doesn't resolve currently. This is appearantly part of a "test" to measure the impact of the service being turned off. As an alternative, Microsoft still offers the "test.ipv6.microsoft.com" hostname to connect to it's Teredo servers. To adjust your settings, use:

netsh interface teredo set state client test.ipv6.microsoft.com

Of course, one may argue that with native IPv6 connecitvity becoming more common, transition technologies like Teredo will be more important for those of us left out in the legacy internet.

Thanks to our reader Gebhard for pointing out these URLs with more details:

http://translate.googleusercontent.com/translate_c?depth=1&hl=en&ie=UTF8&prev=_t&rurl=translate.google.com&sl=auto&tl=en&u=http://ipv6.br/teredo-sunset-mais-um-passo-na-transicao-para-o-ipv6/&usg=ALkJrhgoYr5-CiFM3iwhL2Ann78qqng-_A

http://translate.google.com/translate?sl=auto&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fwww.heise.de%2Fnewsticker%2Fmeldung%2FIPv6-Tunnel-Microsoft-testet-Teredo-Nutzung-mit-Serverausfall-1916499.html

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Companies buying new PCs to avoid the end of support for Windows XP helped the computer industry dodge an even gloomier quarter, IDC said.
 
HP has admitted that its StoreVirtual servers also contain an undocumented backdoor. The problem will be remedied by a soon-to-be-released patch
    


 
Tufts University hired Iron Mountain to restore and digitize tapes from Edward R. Murrow's iconic 1950s radio series, This I Believe, which featured interviews with Eleanor Roosevelt and Jackie Robinson.
 
Defcon founder Jeff Moss' request to government agencies asking them not to attend next month's annual Defcon hacker conference has evoked a mixed response from the security community.
 
A global survey of 811 technology business leaders by KPMG gives the U.S. an edge in what may be a mercurial index that rises and falls with the overall economy.
 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The latest simulator for the upcoming Firefox mobile OS is aimed to please developers planning to sell applications.
 
Verizon Wireless became the first U.S. carrier to join the Ubuntu Carrier Advisory Group, but it is not clear whether it will eventually promote phones running the open-source Ubuntu OS on its network.
 
Infosys posted strong revenue growth in the second quarter as demand picked up in key markets including the U.S.
 

ここではそのペンデュラム・ストロークの特徴、メリット、注意点などについて解説する。その結果、RocketBallz RBZ ドライバーでの動きは真っ直ぐに引かれて、出ると言うスタイルになるし、パターヘッドのフェースの向きも自然とストロークを通じてスクウェアーに保たれる 形になるから、方向性が良くなるというメリットがある。パッティング・スタイルの研究というページで様々なパッティングのスタイルの名選手がいるが、最も多くの選手がペンデュラムストローク、即ち、振り子のように肩と腕、そして、r1 ドライバーを動かして 手首や手の力を 極力 利用せずにパットをするスタイルで成功していると説明した。ペンデュラム・モーションは振り子の支点を中心に重力を利用してゴルフ用品 通販でパターを右のイラストのようにストロークさせる動きで、パター・ヘッドがイラストの仮想プレーン上を P1 - P2 - P3 のように動く、極めてシンプルなものである。

 
Internet Storm Center Infocon Status