Hackin9

InfoSec News


Tool flags vulnerability news, bypasses Twitter dribble
SC Magazine Australia
It aimed to provide researchers, infosec professionals, and intrepid journalists and bloggers with easier access to rich technical documentation and commentary about vulnerabilities. “Public vulnerability reports suck,” Talkback designer Matt Jones ...

 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The Los Angeles Community College District (LACCD) will provide email and collaboration applications to about 600,000 students via Microsoft's [email protected] cloud suite, a project for which it also considered Google Apps for Education.
 
Twitter will begin delivering a weekly email digest to highlight for users the tweets they are most likely to be interested in, the company said on Monday.
 
SAP's Afaria mobile device management tool is now available on Amazon Web Services' cloud, offered as a way to make it easier to start using the platform, SAP said at the Sapphire conference on Monday.
 
Bitcoin exchange site Bitcoinica suspended its operations on Friday after hackers managed to steal 18,547 bitcoins -- valued at about $90,000 -- from its online wallet.
 
Apple on Monday issued its first security-related update for OS X 10.5, or Leopard, in nearly a year, to disable long-outdated versions of Adobe's Flash Player.
 
Bottom Line
 
Toys are fun to play with, but making them is serious business. Hazardous toys from Greater China make great headline-material for US media, so regional toy manufacturers must make extra efforts to ensure that both their materials and finished products are safe.
 
Gartner released a report detailing market growth from 2010-2011 throughout the UTM vendor industry.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
We have noticed an increase in scanning activity to ports TCP/8909, TCP/6666, TCP/9415, TCP/27977 and UDP/7 and would love some packets if you have them.

TCP/8909 - No idea what it is a new one for me. A new one and starting to trend.
TCP/6666 - this is probably going to be IRC, but it would be nice to confirm and see what is being scanned for.
TCP/9415 - this used to be associated with open proxies, but again be good to get some packets to check.
TCP/27977 - My first thought was gaming port, but that is just a guess.
UDP/7 - echo, a blast from the past. maybe they are looking for misconfigured or old routers and *nix boxes.

If you have any packets to the above please submit them through the contact form or email them to handlers -at- sans.edu or directly to me markh.isc -at- gmail.com
Thanks in advance.

Mark H (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft has designed Windows 8 to make parental monitoring and control of children's computer activities simpler and more effective, the company said on Monday.
 
Microsoft declined to comment when asked whether it believed it's required to offer a ballot screen in Windows 8 to European users for selecting rival browsers in the new operating system's desktop mode.
 
LightSquared, the startup that planned a nationwide wholesale mobile network only to be shot down by regulators because of GPS interference concerns, is declaring bankruptcy.
 
Just one day into the job, Yahoo's interim CEO Ross Levinsohn is in charge of a company struggling with administrative chaos, industry position and growing competitors.
 
Yahoo today launched Genome, a new tool that allows online advertisers take advantage of the company's extensive experience with big data analytics.
 
Facebook's head of privacy policy, Erin Egan, hinted in a Web chat on Monday that Facebook would begin serving targeted ads to users on third-party websites.
 
A proposed sale of mobile spectrum from a group of cable providers to Verizon Wireless, along with accompanying marketing and research agreements, will lead to higher prices for broadband and mobile customers, a coalition of groups opposing the deal said Monday.
 
HTC's Evo 4G LTE smartphone has a lot going for it, but other factors, including the lack of LTE service from Sprint, make it difficult to recommend.
 
IBM WebSphere Application Server for z/OS JAX-RPC Unspecified Remote Security Vulnerability
 
FFmpeg libavcodec CAVS File Multiple Denial of Service Vulnerabilities
 
LightSquared, the startup that planned a nationwide wholesale mobile network only to be shot down by regulators because of GPS interference concerns, is declaring bankruptcy.
 
A federal court in Arizona has shut down the operations of a company that allegedly promised it would build its customers websites that would generate income of up to $20,000 per month, after the U.S. Federal Trade Commission filed a complaint about its business practices.
 
Liferay users can assign themselves to organizations, leading to possible privilege escalation
 
Universal Reader Filename Denial Of Service Vulnerability
 
Hints that Apple will soon refresh its iMac desktop and MacBook Pro laptop lines accumulated today as several Mac-centric blogs revealed new details gleaned from the Web and unnamed sources.
 
Don't look at your résumé as a way to get a job interview. It's your introduction to someone you dont know.
 
As everything from application delivery to security and monitoring is seemingly shifting to the cloud, IT faces a chaotic and difficult to manage world. The good news is the tools are there, but you just can't go to a single provider as you did in the past. Given this shift, it's no surprise that Interop returned to its interoperability roots last week.
 
Intel on Monday announced faster and more power-efficient Xeon server processors, including the low-power E3 chip that has 3D transistors and is the first server processor based on Ivy Bridge microarchitecture.
 
Dell and IBM on Monday announced servers with Intel's latest Xeon server chips, which will bring faster throughput and memory allowing servers to take on more complex workloads while reducing data center costs.
 
SAP on Monday unveiled a series of mobile applications covering areas such as expense management and e-learning, as well as improved support for iOS and Android devices. The announcements came at the start of the vendor's Sapphire conference in Orlando.
 
 
Im often curious what other security folks do to keep their machine safe when they go to IT conferences. I often see what looks like standard office machines being used and wonder if any precautions have been taken.So heres what I do and Id love to find out what other measure you take.
Im about to spend a few days a large security conference, so Im just putting the finishing touches to laptop Im taking with me. As I dont have any real needs beyond email, typing notes and web browsing, its a simple job of installing a clean OS and a couple of must have applications*. In keeping with Joels previous Diary, it took the duration of some reality TV show to install all the various patches for these apps to be up to date.


Now this is where I then go through my normal additional hardening steps. This OS happens to be Windows 7, so I disable a bunch of services, kill IPV6 services, gleefully disable hibernation and add in a gaggle firewall rules (or should that be an annoyance of firewall rules?).


The last thing I do make a record of clean state of the computer. This is the part Im assuming most companies have if they have managed operating environments (MOE) or standard operating environments (SOE) as this is such an easy thing to do andprovides a trusted baseline for the security teams to compare against.


In Windows theres a bunch of ways to ask the computer whats running, what services and software is installed, but I like PowerShell so heres a quick and dirty way to get the info and save it to a file.


From a PowerShell prompt:
#Installed Software

gp HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* |Select DisplayName, DisplayVersion, Publisher, InstallDate, HelpLink, UninstallString | out-file c:build\base.txt

#Running processes

Get-Process | sort company | format-Table ProcessName -groupby company | out-file append c:build\base.txt

#Services installed

Get-service * | out-file append c:build\base.txt


This gives me three pieces providing a baseline** of the system.


Im now ready to skip from vendor booth to vendor booth, keen to look at their product case studies conveniently on handy novelty USB devices, while surfing the web on freely provided Wifi doing on-line banking, checking todays nuclear launch codes and wondering why I keep seeing Loading Please Wait when clicking on links in emails from people Ive never heard of. - Although this is an attempt at humour (note attempt) having a baseline of the clean machine allows me to identify the more obvious signs of something bad happening to my system.
If I do feel a disturbance in the force or the laptop does something odd, I can re-run my simple PowerShell commands (with a different output name) and look for changes.


#Comparing in PowerShell

Compare-Object -referenceobject $(Get-Content c:build\ base.txt) -differenceobject $(Get-Content c:build\new.txt)
That gives me a quick indication if some has changed on my systems (barring root kits) and if I need to worry about.
Let me know what you do or don't do when taking your system to a conference.

* I cant say Im a big fan of live CD/DVD/USB, I see their uses, but they get out of date, especially the browsers, far too quickly.


**If you want to get more fancy with the base snapshot, its pretty easy to script that out to include registry keys, firewall rules and even files in directories with cryptographic hash.

Chris Mohan--- Internet Storm Center Handler on Duty

Im mentoring SANS Hacker Guard 464 class in Sydney on the 7th of August - SysAdmins, this is for you! https://www.sans.org/mentor/class/sec464-sydney-aug-2012-mohan

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
For the second time in eight months, Yahoo is without a permanent CEO. The latest development brings more trouble to a company struggling to regain its stature in the industry.
 
If Intel-based Windows 8 tablets launch in November, as one informed source expects, Microsoft would face a narrow window to play a role in the important holiday sales period.
 
Name: Jim Kelliher
 
Scott Thompson told the Yahoo board before he was ousted as CEO over the weekend that he has thyroid cancer, The Wall Street Journal reported Monday.
 
[SECURITY] [DSA 2670-1] wordpress security update
 
The best news aggregation apps make it very easy for you to assemble your favorite social networks and news sources into one attractive package. ChannelCaster--a free offering for both the iPhone and iPad from OneLouder--doesn't quite measure up to that standard. At least, not yet.
 
Amazon Web Services has extended its CloudFront web hosting service to include dynamic content that can be personalized for each visitor.
 
b2ePMS 1.0 Authentication Bypass Vulnerability
 
Consumers Energy, a large utility in Michigan, has hired an offshore outsourcing firm to take over some of its IT operations. But instead of cutting its internal IT employees, it is retraining them for new types of work.
 
FlexNet License Server Manager 'lmgrd' Component Stack Buffer Overflow Vulnerability
 

Norwich Announces Renewal of National Computer Security Designation
PR Web (press release)
In addition, the institution has added three new concentrations in Digital Forensics, Information Warfare, and Advanced INFOSEC.” Last year's NSA announcement noted that graduates of the programs often develop into cyber experts who help to protect ...

 
WikkaWiki Multiple Security Vulnerabilities
 
From workload profiling to the three rules of indexing, these expert insights are sure to make your MySQL servers scream
 
With System Center 2012, Microsoft delivers tools to help customers wring more efficiency, uptime and performance out of their existing hardware and software.
 
Distinct Intranet Servers Directory Traversal Vulnerability
 

Posted by InfoSec News on May 14

https://www.computerworld.com/s/article/9227078/UNC_Charlotte_350_000_SSNs_exposed_in_decade_long_breach

By Jeremy Kirk
IDG News Service
May 10, 2012

Two issues exposed financial data and Social Security numbers for
350,000 people, although it is thought the information has not been
abused, the University of North Carolina at Charlotte said.

The university said in a statement earlier this week that it has fixed
both problems, one of which...
 

Posted by InfoSec News on May 14

http://news.techworld.com/security/3357186/amnesty-uk-website-hacked-serve-lethal-gh0st-rat-trojan/

By John E Dunn
Techworld
11 May 2012

Amnesty International’s UK website was hacked to host the dangerous
Gh0st RAT Trojan for two days this week, security firm Websense has
revealed.

Attacking browsers unpatched against the common CVE-2012-0507 Java
vulnerability (also used by the Mac Flashback Trojan), between 8 and 9
May visitors would...
 

Posted by InfoSec News on May 14

http://articles.timesofindia.indiatimes.com/2012-05-13/security/31689201_1_cyber-attacks-government-networks-mails

By Josy Joseph
TNN
May 13, 2012

NEW DELHI: Can government officials claim right to privacy if their
emails have been hacked and security agencies ask for full access to the
contents of the accounts?

Efforts of Indian intelligence agencies to counter waves of cyber
attacks on government networks have run into an iron wall....
 

Posted by InfoSec News on May 14

http://www.trust.org/alertnet/news/world-war-two-navajo-code-talker-dies-in-arizona

By Tim Gaynor
Reuters
12 May 2012

PHOENIX, May 11 (Reuters) - A prominent veteran of the U.S. Marine
Corps' Navajo Code Talkers, who confounded enemy combatants in World War
Two by using the Navajo language as a battlefield cipher in the South
Pacific, has died at age 89, officials said on Friday.

Samuel Tso served in the Marines in the Pacific and was...
 

Posted by InfoSec News on May 14

http://www.nextgov.com/defense/2012/05/pentagon-opens-classified-cyber-program-all-defense-contractors-isps/55707/

By Aliya Sternstein
Nextgov
May 11, 2012

The Obama administration is expanding to all military contractors a computer
security program that shares classified threat information, Defense Department
officials announced Friday. After a year of trials with select vendors, the
Defense Industrial Base, or DIB, cybersecurity pilot...
 
Internet Storm Center Infocon Status