Hackin9

The Privacy Act and the cloud
iT News (blog)
Indeed, as InfoSec specialist Paul Steen from Imperva pointed out to roundtable attendees, “even when a cloud provider's security is less than ideal, most CIOs would compare it to their own security and say — I'll take the cloud.” “I don't think the ...

 
Google is moving into your home. On Monday, the Internet company said it was acquiring Nest, a maker of smart smoke alarms and thermostats, in a move that gives Google a strong foothold in a hot new market known as the "connected home."
 

San Francisco Chronicle

BEAM Inc : 01 13 14 SUNTORY HOLDINGS TO ACQUIRE BEAM IN $16 ...
4-traders (press release)
... the documents free of charge at the SEC's web site, www.sec.gov, and may obtain documents filed by Beam free of charge from Beam's website (www.beamglobal.com) under the tab "Investors" and then under the heading "Investor Info - SEC Documents.
Suntory Holdings to Acquire Beam in $16 Billion TransactionMarketWatch

all 524 news articles »
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
In a boost for civil rights advocates, the U.S. Supreme Court upheld a lower court decision that requires U.S. border agents to have at least some cause for searching electronic devices belonging to travelers at the nation's borders.
 
Google has acquired Nest, a company that makes a home thermostat that can be programmed from people's mobile phones, for US$3.2 billion in cash, Google said on Monday.
 
usairforce

Of the many tricks used by the world’s greatest military strategists, one usually works well—taking the enemy by surprise. It is an approach that goes back to the horse that brought down Troy. But surprise can only be achieved if you get the timing right. Timing which, researchers at the University of Michigan argue, can be calculated using a mathematical model—at least in the case of cyber-wars.

James Clapper, the director of US National Security, said cybersecurity is “first among threats facing America today,” and that’s true for other world powers as well. In many ways, it is even more threatening than conventional weapons, since attacks can take place in the absence of open conflict. And attacks are waged not just to cause damage to the enemy, but often to steal secrets.

Timing is key for these attacks, as the name of a common vulnerability—the zero-day attack—makes apparent. A zero-day attack refers to exploiting a vulnerability in a computer system on the same day that the vulnerability is recognized (aka when there are zero days to prepare for or defend against the attack). That is why cyber-attacks are usually carried out before an opponent has the time to fix its vulnerabilities.

Read 15 remaining paragraphs | Comments

 
Domain name registrar GoDaddy and Microsoft today announced a partnership that puts Office 365, the latter's rent-not-own software suite, in front of GoDaddy's small business customers.
 
Online gamers such as these ones often stream their play in real time.

Recent denial-of-service attacks taking down League of Legends and other popular gaming services are doing more than just wielding a rarely-seen technique to vastly amplify the amount of junk traffic directed at targets. In at least some cases, their devastating effects can deprive celebrity game players of huge amounts of money.

As Ars reported last week, the attacks are abusing the Internet's Network Time Protocol (NTP), which is used to synchronize computers to within a few milliseconds of Coordinated Universal Time. A command of just 234 bytes is enough to cause some NTP servers to return a list of up to 600 machines that have previously used its time-syncing service. The dynamic creates an ideal condition for DoS attacks. Attackers send a modest-sized request to NTP servers and manipulate the commands to make them appear as if they came from one of the targeted gaming services. The NTP servers, which may be located in dozens or even hundreds of locations all over the world, in turn send the targets responses that could be tens or hundreds of times bigger than the spoofed request. The technique floods gaming servers with as much as 100Gbps, all but guaranteeing that they'll be taken down unless operators take specific precautions ahead of time.

Among the recent targets of this type of attack are game servers used by celebrity players who broadcast live video streams of their gaming prowess that are viewed as many as 50,000 times. In some cases, the massive audiences translate into tens of thousands of dollars per month, as ads are displayed beside video feeds of the players blowing away opponents in Dota 2 and other games.

Read 8 remaining paragraphs | Comments

 

Suntory Holdings to Acquire Beam Inc. in $16 Billion Transaction
BevNET.com
... the documents free of charge at the SEC's web site, www.sec.gov, and may obtain documents filed by Beam free of charge from Beam's website (www.beamglobal.com) under the tab “Investors” and then under the heading “Investor Info – SEC Documents.

and more »
 
Google will add prices for Ryanair to its flight search engine, the CEO of the discount airline said in an interview published Sunday.
 
The CEO of retailer Target revealed Saturday in an interview that the company's point-of-sale (PoS) systems were infected with malware, confirming what security experts suspected since the massive data breach was announced in mid-December.
 
LinuxSecurity.com: Several security issues were fixed in OpenSSL.
 
LinuxSecurity.com: USN-2077-1 introduced a regression in Puppet.
 
LinuxSecurity.com: Updated libXfont packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Multiple Denial of Service vulnerabilities have been found in libxslt.
 
LinuxSecurity.com: A stack-based buffer overflow in Git might allow a local attacker to gain escalated privileges.
 
LinuxSecurity.com: Fernando Russ from Groundworks Technologies reported a buffer overflow flaw in srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies [More...]
 
LinuxSecurity.com: A cross-site scripting vulnerability was discovered in the rich text editor of the Movable Type blogging engine. For the oldstable distribution (squeeze), this problem has been fixed in [More...]
 
LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in the Linux kernel: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) [More...]
 
LinuxSecurity.com: Alvaro Munoz discovered a XML External Entity (XXE) injection in the Spring Framework which can be used for conducting CSRF and DoS attacks on other sites. [More...]
 
LinuxSecurity.com: Several security issues were fixed in Memcached.
 
HP Storage Data Protector Multiple Remote Code Execution Vulnerabilities
 
Linux Kernel 'fpu-internal.h' Local Denial of Service Vulnerability
 
A new app is available to keep people nodding off while driving, if they're wearing Google's digital glasses.
 
Don't expect Microsoft to put its new boss -- whoever it is -- in front of reporters right off the bat, a public relations expert said today.
 
 
Nisuta NS-WIR150NE and NS-WIR300N Remote Authentication Bypass Vulnerability
 
Spring Framework CVE-2013-4152 Multiple XML External Entity Injection Vulnerabilities
 
[SECURITY] [DSA 2842-1] libspring-java security update
 

SANS Institute Returns to Arizona to Help Cyber Security Professionals Sharpen ...
Sacramento Bee
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system—the Internet Storm Center. At the heart of SANS are the many security ...

and more »
 
Facebook has acquired Branch Media, makers of the Branch and Potluck online conversation-sharing software packages, a founder of Branch announced.
 
Orbital Sciences' Cygnus spacecraft successfully docked with the International Space Station Sunday, marking its first resupply mission to the orbiting laboratory.
 
libpng 'png_read_transform_info()' Function NULL Pointer Dereference Denial of Service Vulnerability
 
Over the holidays, CIO.com columnist David Taber spent way too much time discovering eternal truths while playing online poker. Take a look at what he learned along the way about agile project management.
 
MyBB Multiple SQL Injection and Cross Site Scripting Vulnerabilities
 
[ MDVSA-2014:001 ] kernel
 
NETGEAR WNR1000v3 Password Recovery Vulnerability
 
CISTI'2014: List of Workshops
 
[SECURITY] [DSA 2841-1] movabletype-opensource security update
 
Mobile developers hoping to cash in on a blockbuster app have bad news from researcher Gartner: More competition and higher demands from users will make it even more difficult for developers to make money from smartphone and tablet applications.
 
Asus is distributing a firmware update that will change the default security settings on its broadband routers after files on thousands of external hard drives were found easily accessible over the Internet.
 
Cisco Secure Access Control System CVE-2014-0663 Cross Site Scripting Vulnerability
 
Cisco Security Advisory: Undocumented Test Interface in Cisco Small Business Devices
 

Entrepreneur

Suntory Holdings to Acquire Beam in $16 Billion Transaction
MarketWatch
... tab “Investors” and then under the heading “Investor Info – SEC Documents.” In addition, the proxy statement and other documents filed by Beam with the SEC (when available) may be obtained from Beam free of charge by directing a request to Beam Inc ...
BEAM Inc : Suntory Holdings to Acquire Beam in $16 Billion Transaction4-traders (press release)

all 35 news articles »
 
Updated [CVE-2014-0031] CloudStack ListNetworkACL API discloses ACLs for other users
 
Updated [CVE-2013-6398] CloudStack Virtual Router stop/start modifies firewall rules allowing additional access
 
Cisco Unity Connection IMAP Function Denial of Service Vulnerability
 
[SECURITY] [DSA 2840-1] srtp security update
 
[CVE -2014-1201] Lorex security DVR ActiveX control buffer overflow
 
Cisco Systems promised to issue firmware updates removing a backdoor from a wireless access point and two of its routers later this month. The undocumented feature could allow unauthenticated remote attackers to gain administrative access to the devices.
 
A group that bills itself as the Syrian Electronic Army claimed credit for grabbing control of a pair of Microsoft company Twitter accounts and the firm's primary blog for a short time Saturday.
 

Just like the call "Winter is Coming" in Game of Thrones, we keep hearing IPv6 is coming to our networks spreading doom and gloom to our most priced assets. But just like the clothing worn by some of the actors of the TV show isn't exactly suited for winter, the network security infrastructure deployed currently wouldn't give you a hint that IPv6 is around the corner.

On the other hand, here are some recent numbers:

  • Over 25% of Comcast customers are "actively provisioned with native dual stack broadband" (see comcast6.net)
  • 40% of the Verizon Wireless network is using IPv6 as of December 2013 (http://www.worldipv6launch.org/measurements/)
  • Between July and December last year, Akamai saw IPv6 traffic go up by about a factor of 5 (http://www.akamai.com/ipv6)

When I made our new "Quickscan" router scanning tool available last week, I left it IPv6 enabled. So it is no surprise, that I am getting e-mails like the following:

The results were "interesting"
...
A few weeks ago I had installed an IPv6 capable modem and updated my router config to enable IPv6. The results were glorious in that IPv6 ran like a charm.
The sober facts arose when I ran the ISC router scan - it used my IPv6 address, which hooked directly to my desktop (behind my firewall) and pulled up my generally unused native Apache service. 
I went over my router config with a fine-tooth comb and realized that my router has no support for IPv6 filtering.

So does your firewall filter IPv6? Or just "use it"? Do you have sufficient host based controls in place? You don't necessarily have to assign globally routable IPv6 addresses. You could use proxies to terminate "global" IPv6 and only use ULA addresses internally. But in particular home users are unlikely to go that route.
 
(I am working on making the "quickscan" tool (https://isc.sans.edu/quickscan.html [login required]) more generic. For now it only scans common router admin and backdoor ports)

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute

IPv6 Security Training ( https://www.sans.org/sec546 )
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Cisco RVS4000/WRVS4400N/WAP4410N Devices Test Interface Remote Privilege Escalation Vulnerability
 

BEAM Inc : Suntory Holdings to Acquire Beam in $16 Billion Transaction
4-traders (press release)
... the documents free of charge at the SEC's web site, www.sec.gov, and may obtain documents filed by Beam free of charge from Beam's website (www.beamglobal.com) under the tab "Investors" and then under the heading "Investor Info - SEC Documents.

and more »
 
Tablet cannibals have taken as big a bite out of Mac growth as they have out of PCs in general, showing that Apple is not immune to the seismic shift it triggered with the iPad.
 
If your organization is looking into 3D printing, IT can't afford to sit on the sidelines until it starts to look real.
 
Between complex licenses and the cloud, Microsoft, Oracle, and SAP have lots of ways to hike up prices. Here's how to fight back
 
In her first stint as a CIO, Tammy Bilitzky plans to make infrastructure scalability and more-dynamic automation her two main focuses at Data Conversion Laboratory.
 
The use of personal devices on the network has gotten out of control. Mobile device management could help, and it will play well with newly deployed NAC.
 
Apple repeatedly bows to censorship demands in places like China.
 
What went wrong? The answer could keep your IT team from a similar design fiasco.
 
CIOs tend to think their employees are satisfied, but the employees themselves don't seem that committed to staying where they are, two surveys find.
 
Cisco Unified IP Phones 9900 Series Crafted Header Unregister Denial of Service Vulnerability
 
Internet Storm Center Infocon Status