Some organizations are apparently still using the venerable FTP protocol for moving files around. Credentials for more than 7,000 FTP servers are being traded between nefarious types and used to break into servers including those of the New York Times. The access has been used to plant malicious PHP files and HTML in a bid to backdoor servers and redirect people to malicious sites.

According to security firm Hold Security, the FTP servers and credentials range from small personal sites to large multinational corporations. Where the list came from, and who put it together, is unknown.

The credentials themselves are a mix of anonymous and default accounts, with passwords ranging from simple to complex. This is suggestive that some, at least, have been acquired through phishing or or client-side malware rather than guessing or brute-force password cracking. Given that FTP passes the credentials unencrypted, there are many exciting ways that the information could have been taken: passive sniffing of traffic at a café hotspot would do the trick, for example. This is one of the reasons that use of the protocol has largely fallen out of favor.

Read 1 remaining paragraphs | Comments


Microsoft on Friday said that both Internet Explorer 10 and itspredecessor, IE9, contained an unpatched vulnerability, but that hackerswere currently exploiting only the newest, IE10.
A new study by Forrester illuminates the changing IT landscape, finding that the share of IT projects primarily or exclusively run by IT department will decline from 55% in 2009 to 47% in 2015.

In a move designed to thwart wholesale eavesdropping by state-sponsored spies and sophisticated crime gangs, content delivery network CloudFlare has upgraded its Web-encryption capabilities to better protect data traveling between its own servers and those of its customers.

Known as full (strict) transport layer security (TLS), the newly added mode provides robust encryption and cryptographic authentication for backend traffic, which usually means data traveling over the Internet backbone. Under the new option, TLS traffic passing between CloudFlare and its customers is protected and authenticated using a chain of certificates signed by a handful of certificate authorities. Until now, backend encryption for CloudFlare customers used self-signed certificates, a measure that's better than no encryption but is still susceptible to "active" man-in-the-middle attacks. Such attacks involve the use of a separate, self-signed certificate by someone who places himself between the two servers sending the encrypted data. Because data is encrypted using the private key in the rogue certificate, the attacker has the ability to surreptitiously read any traffic passing through the connection.

The improved backend TLS accompanies front-end TLS that is already in place. This type of Web encryption protects data as it passes from an end-user's computer to CloudFlare's content delivery network. That includes traffic passing over a Wi-Fi network or from the end-user's ISP to CloudFlare servers.

Read 3 remaining paragraphs | Comments


Oracle MySQL Client 'main()' Function Buffer Overflow Vulnerability
Music subscription services, such as Pandora and Spotify, are the fastest-growing segment of the music industry, but since they hand over 60% to 70% of their revenue to record labels, they will inevitably fail unless something changes, a new report shows.
Organizers of The Day We Fight Back, a protest Tuesday against U.S. National Security Agency surveillance programs, called the effort a 'tremendous success,' with nearly 100,000 phone calls made to U.S. lawmakers and 185,000 people signing up to send email blasts to their congressional representatives.
Oracle MySQL Server CVE-2013-5891 Remote Security Vulnerability
Google has done what the European Commission declined to do: publish the details of the latest commitments Google made in a bid to settle a long-running antitrust case involving its treatment of rival specialist search services, among other matters.
Oracle MySQL Server CVE-2014-0393 Remote Security Vulnerability
Oracle MySQL Server CVE-2014-0386 Remote Security Vulnerability
Flite 'play_wave_from_socket()' Insecure Temporary File Creation Vulnerability
Visibility Software Cyber Recruiter Multiple Authentication Bypass Vulnerabilities
2E Web Option Predictable Session Token Authentication Bypass Vulnerability
GE Capital is rethinking the way it does IT and looking to well-rounded technology professionals to keep pace in a fast-changing business environment.
[ MDVSA-2014:028 ] mariadb
[slackware-security] ntp (SSA:2014-044-02)
[slackware-security] curl (SSA:2014-044-01)
[ MDVSA-2014:029 ] mysql
A self-replicating program is infecting Linksys routers by exploiting an authentication bypass vulnerability in various models from the vendor's E-Series product line.
Microsoft late Thursday said that both Internet Explorer 10 and its predecessor, IE9, were under attack by hackers exploiting an unpatched flaw in the browsers.
The Taiwanese company that makes the display used in Google's Glass head-mounted display says it's working with multiple big-name electronics companies on head-mounted gadget products.
Facebook, in a move that acknowledges the social issues around gender identity, updated its site to give users more ways to express their gender.
Japan's Rakuten will acquire instant messaging and calling app developer Viber Media for $900 million, the e-commerce giant said Friday, highlighting its moves to penetrate new markets.
The team at Distill, the developer of a collaborative video interview platform, is joining Yahoo, adding to the number of engineers and other staff from startups that have joined the Internet company.
A cyberattack against the Veteran of Foreign Wars website, believed to have been initiated in China, may have sought to spy on U.S. military members, security company FireEye said Thursday.
Comcast's proposed acquisition of Time Warner Cable is partly a grab for negotiating power in the fast-changing video content business, but it might affect broadband users, too.
'Thoughtful' was the watchword yesterday for Tami Reller, Microsoft's chief of marketing, when she was asked how the company plans to extend its lucrative Office franchise to mobile platforms other than Windows
We look at Census data to find that the can't-even-get-a-date stereotype of techies is somewhat of a myth. But there's also another side to the statistics.
Cisco Unified Communications Manager 'WAR' File Unauthorized Access Vulnerability
Cisco Unified Communications Manager Enterprise Mobility Application SQL Injection Vulnerability

Posted by InfoSec News on Feb 14

Attend The INSS-CSFI Conference, Exhibition, Workshops & Trainings
Defensive Cyberspace Operations & Intelligence Conference - DCOI Tel Aviv,
April 8-9, 2014 - http://www.dcoi.org.il/

Join us in being part of cyber history! This is the very first Cyberspace
Operations event in Israel.

InfoSec News subscribers can save 10% by entering: 230710 at checkout

For sponsorship opportunities & delegations of 5+
Please contact: Hadask...

Posted by InfoSec News on Feb 14


By Hannah Dreier
Associated Press
Feb. 13, 2014

A Nevada gambling regulator said Thursday that the hackers who knocked
down all Las Vegas Sands websites for three days and counting did not
steal any patron data, including credit card information.

Nevada Gaming Control Board chairman A.G. Burnett said regulators' first
priority after the...

Posted by InfoSec News on Feb 14


By Thomas Lee
February 10, 2014

San Francisco -- Hackers have penetrated the computer networks of the
country's top medical device makers, The Chronicle has learned.

The attacks struck Medtronic, the world's largest medical device maker,
Boston Scientific and St. Jude Medical sometime during the first half of
2013 and might have...

Posted by InfoSec News on Feb 14


By Aliya Sternstein
February 13, 2014

The Homeland Security Department has decided to extend a contract for help
on a biennial cyberattack drill with Booz Allen Hamilton.

The roughly $400,000 follow-on runs from Feb. 6 through April 6, according
to a Jan. 13 justification for not letting other firms bid on the...

Posted by InfoSec News on Feb 14


By Haaretz
Feb. 13, 2014

Iranian Supreme Leader Ayatollah Ali Khamenei has urged the country's
students to prepare for cyber war, the semi-official Mehr News Agency
reported on Wednesday.

Khamenei delivered a message to a university students' association, or his
"Revolutionary foster-children," as he called them, reminding them that
they are "cyber-war agents"...
Internet Storm Center Infocon Status