InfoSec News

YouTube engineers are developing a set of software, called Vitess, that will help open-source MySQL databases work more efficiently in very large-scale production environments. To write the code, they are using Google's programming language Go.


We recenlty updated the webhoneypot pages at https://isc.sans.edu/webhoneypot/index.html and added some API functions at https://isc.sans.edu/api/. The Webhoneypot project is a collection of logs submitted by users from various honeypots.


The right column navigation is always present and has links to:

Webhoneypot home page

RFI Attacks - List of URLs matching RFI regular expressions

Filter Reports - search our reports for matches to particular header properties

Reports List - Explained in detail below

Web Application Logs - https://isc.sans.edu/webhoneypot/index.html#logs

Explains how to sign up and participate as well as requirements to submit logs.

Link to ISC/DShield API where we have added functions for the webhoneypot

Results - https://isc.sans.edu/webhoneypot/index.html#results

Reports - https://isc.sans.edu/webhoneypot/index.html#reports

Links to available reporting at https://isc.sans.edu/webhoneypot/reports.html

Overall Report Volume - Total reports, submitters and average per submitter sorted by date

Attacks By Type - Regular expressions determine the types of attacks. Page lists two tables. One lists the top 30 attacks for the last month, the other table the top attacks for the last 24 hrs.

Top Unclassified - List of URLs no recognized by regular expressions.

Unique URLs - Distinct URLs per day with date selection form.

Headers - Unique headers per day with link to details page. Also has date selection form.

Report Volume - https://isc.sans.edu/webhoneypot/index.html#volume

summarized the report volume received over the last 10 days.

Top Attacks - https://isc.sans.edu/webhoneypot/index.html#attacks

We try to classify attacks based on regular expression matches. This system was created by SANS Technology Institute (STI) Master of Science graduate Eric Conrad as part of his software security requirement. Not all hits to a honeypot can easily be identified as attacks, and some may actually just be benign.

Top Attack Groups - https://isc.sans.edu/webhoneypot/index.html#groups

Grouped top attacks found by regular expressions for the current day

Please consider running a honeypot yourself expect to see more about this project and additional APIs in the future!

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form


Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center https://isc.sans.edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Gmail ran into technical difficulties again on Friday, the fourth such issue in a little over a week, and all happening after Google announced the elimination of its free Google Apps edition.
At this time last year, we predicted that 2012 would be the year cloud computing hype ended. We said application development would migrate from offshore to cities stateside. And we forecasted that IT service providers would become more relationship-oriented. Now it's time to see how those predictions panned out.
Google will begin to phase out its Sync service for consumers and discontinue several other services in early January.
A U.K. analytics firm that warned earlier this week of an information leak in Internet Explorer (IE) today rebuked Microsoft for downplaying the bug.
The specter that Congress will reauthorize the controversial FISA Amendments Act of 2008 without any changes to its sweeping spying provisions is evoking cries of alarm from advocacy and privacy groups.
An official document containing policies and pledges for customers of Oracle's cloud services reveals that many aspects fall in line with industry standards, while others may prompt cause for worry among customers, according to analysts.
As small businesses implement the latest technology to keep up with client demands, next-generation servers come to the forefront of the discussion. But what is a "next-gen" server exactly?
Expect no major changes to the functioning of the Internet after a controversial ending to the International Telecommunication Union's World Conference on International Telecommunications (WCIT), but an agreement hammered out there may encourage countries to censor Web content in the longer term, participants and observers said.
Several malicious Android apps designed to steal mobile transaction authentication numbers (mTANs) sent by banks to their customers over SMS (Short Message Service) were found on Google Play by researchers from antivirus vendor Kaspersky Lab.
Wordpress Pingback Port Scanner
DDIVRT-2012-48 VMware View Connection Server Directory Traversal (CVE-2012-5978)
MyBB DyMy User Agent Plugin SQL Injection Vulnerability
Google Maps' return to the iPhone and iPad this week may not be permanent, an analyst said today.
In this edition: Metasploit goes phishing, Windows 8 password resets, defacing (or not) by git pull, C# rewards, Commander X spotting, and Android malware

Verizon and Criterion Systems will conduct a series of tests of a new validation process being designed for sensitive online transactions.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Gary McKinnon will not face a new criminal investigation in the UK after his extradition was blocked by the UK Home Secretary. The US authorities say that shipping witnesses and evidence to the UK for a trial would not be in "the interests of justice"

Issues in Netgear WGR614 wireless router
Re: Centrify Deployment Manager v2.1.0.283
[btrfs] is vulnerable to a hash-DoS attack
When users install Google Maps on their iPhone, the option to share location data with Google is switched on by default. By doing this, Google violates European data protection law, according to a German data protection watchdog.
Free Internet campaigners are hailing as a victory the news that more than 80 countries have refused to sign new ITRs International Telecommunication Regulations at a global conference in Dubai.
Adobe Flash Player and AIR CVE-2012-5678 Memory Corruption Vulnerability
WordPress Portable phpMyAdmin Plugin CVE-2012-5469 Authentication Bypass Vulnerability
A Trojan horse waits for a left mouse click to execute each step of the infection process, according to new research from FireEye Inc.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Centrify Deployment Manager '/tmp' Insecure Temporary File Handling Vulnerability
Next year could well be the year that many IT leaders finally start to get their mobile computing management house in order. But it will be several more before they get a handle on it, one analyst said.
The new version of Suricata IDS adds experimental features including Unix socket support, IP reputation processing, and Lua scripting alongside numerous enhancements to performance and scalability

The U.S. has removed China's Taobao sites from its "Notorious Markets" list of major offenders that support piracy and counterfeiting, citing their successful efforts to remove infringing goods from the sites.
As Apple launched its iPhone 5 in China on Friday, interest at one of the company's stores in Beijing was muted, with only two people waiting in line minutes before the store opened its doors at 8 a.m.
The Metropolitan Police have arrested two men and a woman in connection with the Reveton ransomware trojan, which pretends to lock down users' computers on behalf of the authorities to extort the payment of "fines"


Infosec trends for 2013 (part one)
DaniWeb (blog)
Network security vendor Stonesoft predicts that the top infosec threats to watch out for in 2013 will include unseen and unknown targeted cyber-attacks, espionage and hacktivism. Jarno Limnell, director of cyber-security at Stonesoft, reckons that in ...

and more »

Posted by InfoSec News on Dec 14


By Dana Liebelson
Mother Jones
Dec. 13, 2012

In 2009, it came to light that hackers had successfully broken into the
most expensive Pentagon weapons program of all time, the F-35 fighter
jet, by gaining access to computers allegedly belonging to the defense
contractor BAE Systems (the contractor part came out later). There had
"never been anything like it," one...

Posted by InfoSec News on Dec 14


Presentations can be 20 or 50 minutes. We are looking for presentations on
breaking, building, defending, and other relevant security topics. Vendor
pitches will not be accepted.

Workshops offer hands-on training on a specific topic. Last year’s workshops
included Metasploit for Pentesters, Arduino Ethernet, and a lockpick village.

Important Dates
Jan 4, 2012: Submission deadline

Posted by InfoSec News on Dec 14


By Dan Goodin
Ars Technica
Dec 13 2012

Hackers illegally accessed the Internet-connected controls of a New
Jersey-based company's internal heating and air-conditioning system by
exploiting a backdoor in a widely used piece of software, according to a
recently published memo issued by the FBI.

The backdoor was contained in older...

Posted by InfoSec News on Dec 14


By Spencer Ackerman
Danger Room

The Pentagon wants to upgrade its spy corps. And one of its first jobs
will be finding out what’s on your iPhone.

If the Defense Intelligence Agency (DIA) gets its way, it’ll send an
expanded cadre of spies around the world to scope out threats to the
U.S. military. And it won’t just be a larger spy team, it’ll be a
geekier one....

Posted by InfoSec News on Dec 14


By Brian Prince
Contributing Writer
Dark Reading
Dec 13, 2012

A researcher has demonstrated how Cisco Voice-over-IP (VoIP) phones can
be hijacked and turned into listening devices.

At the Amphion Forum this month, Columbia University grad student Ang
Cui demonstrated how...
Symantec Enterprise Security Manager/Agent CVE-2012-4350 Local Privilege Escalation Vulnerability
The final treaty of the World Conference on International Telecommunications in Dubai includes a new provision that does not address content-related aspects of telecommunications, but retains a controversial proposal on fostering the growth of the Internet.
Internet Storm Center Infocon Status