Hackin9
Like a nearby cellphone user with an annoying way of saying, "Helllloooo!" recently confirmed FCC Chairman Tom Wheeler has already hit a nerve.
 

This week at Golden Gate Fields
San Francisco Chronicle
In post-position order (with jockey and morning-line odds), the field for the 1 1/16 -mile race consists of Enterprising (Aaron Gryder, 2-1), Exit Stage Left (Russell Baze, 5-2), Morally Bankrupt (Leslie Mawing, 15-1), Harbaugh (Juan Hernandez, 10-1 ...
Exit Stage Left tops California Derby fieldKansas City Star

all 6 news articles »
 

Take a look at port 4028.    Thanks to Bill for sharing an analysis that concluded a piece of malware was an Aidra botnet client. His shared analysis asks for a deeper look at port 4028.   I found a published write up from Symantec. [1]

After looking at our port 4028 data [2], there is reason to watch for it.   Please chime in if you are seeing any traffic on port 4028.

# portascii.html
# Start Date: 2013-12-01# End Date: 2014-01-15
# Port: 4028
# created: Thu, 16 Jan 2014 01:34:07 +0000
# Date in GMT. YYYY-MM-DD format.

date	     records targets sources  tcpratio
2013-12-01	19	2	2	100
2013-12-04	18	2	2	100
2013-12-05	28	4	6	100
2013-12-06	8	2	2	100
2013-12-07	13	5	7	85
2013-12-08	9	5	7	67
2013-12-09	13	3	4	100
2013-12-10	23	5	6	100
2013-12-11	5	3	5	80
2013-12-12	19	3	3	100
2013-12-23	4	2	3	100
2013-12-25	6	2	3	100
2014-01-04	49240	45589	3	100
2014-01-05	1559	1440	40	100
2014-01-08	28910	26975	4	100
2014-01-09	6	6	3	83
2014-01-10	4531	3675	4	100
2014-01-11	76271	72307	3	100
2014-01-13	239	173	3	100
2014-01-14	195	164	6	99
2014-01-15	10	5	2	90
# (c) SANS Inst. / DShield. some rights reserved.
# Creative Commons ShareAlike License 2.5
# http://creativecommons.org/licenses/by-nc-sa/2.5/

 

[1] http://www.symantec.com/security_response/writeup.jsp?docid=2013-121118-5758-99
[2]  https://isc.sans.edu/port.html?&startdate=2013-12-17&enddate=2014-01-16&port=4028&yname=sources&y2name=targets

 

 

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Independent security journalist Brian Krebs has uncovered important new details about the hack that compromised as many as 110 million Target customers, including the malware that appears to have infected point-of-sale systems and the way attackers first broke in.

According to a post published Wednesday to KrebsOnSecurity, point-of-sale (POS) malware was uploaded to Symantec-owned ThreatExpert.com on December 18, the same day that Krebs broke the news of the massive Target breach. An unidentified source told Krebs that the Windows share point name "ttcopscli3acs" analyzed by the malware scanning website matches the sample analyzed by the malware scanning website. The thieves used the user name "Best1_user" to log in and download stolen card data. Their password was "BackupU$r".

KrebsonSecurity

The class of malware identified by Krebs is often referred to as a memory scraper, because it monitors the computer memory of POS terminals used by retailers. The malware searches for credit card data before it has been encrypted and sent to remote payment processors. The malware then "scrapes" the plain-text entries and dumps them into a database. Krebs continued:

Read 2 remaining paragraphs | Comments

 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Researchers at the University of Texas at Arlington have built micro-windmills that could be embedded in a sleeve for a cell phone and, with a wave of the hand, used to recharge a device.
 
While many software vendors run software license audits on customers, there are some key differences customers should be mindful of when it comes to IBM, according to a new report from advisory firm Miro Consulting.
 
A U.S. appeals court cleared the way for thousands of Silicon Valley workers to proceed as a group with a lawsuit alleging that technology companies including Google and Apple colluded to drive down employee compensation.
 
The very first road to the various app stores from Apple and Google was paved with native code. If you wanted to write for iOS, you learned Objective-C. If you wanted to tackle Android, Java was the only way. Similar issues popped up with all the other smaller players in the smartphone market.
 

Earlier this month, we reported that Microsoft would stop providing updates for Microsoft Security Essentials on Windows XP on April 8, the same day that it will cease providing security fixes for Windows XP. The company has now altered its stance and will produce signature updates for Security Essentials until July 14, 2015.

This change, it says, is to help organizations complete their migrations. Of course, using that rationale, the company should extend Windows XP's support until the heat death of the universe.

While it will provide updated signature definitions, the company warns that its research "shows that the effectiveness of anti-malware solutions on out-of-support operating systems is limited." In other words, it's hard to provide a robust anti-malware system when hostile code can penetrate processes and the kernel willy-nilly just through attacking the browser.

Read on Ars Technica | Comments

 
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control System
 
Novell SSL Server Multiple Vulnerabilities
 
A group of businesses and universities, led by North Carolina State University, will work together to design and manufacture next-generation, low-power semiconductors, U.S. President Barack Obama said Wednesday.
 
Reports this week that the National Security Agency uses radio signals to collect data from tens of thousands of non-U.S. computers, some not connected to the Internet, is sure to fuel more acrimony towards the U.S. spy agency.
 
Windows XP owners can expect most antivirus vendors to continue providing up-to-date signatures long after Microsoft pulls its patch plug in April, but that won't keep their machines safe, an expert said today.
 
The decision by the Texas Department of Transportation last June to outsource IT operations fits squarely into an IT job pattern that dominated last year.
 
In need of free cloud storage? Box today saids that those who download the new Apple iOS version of Box will get 50GB of free storage capacity.
 
Microsoft today backpedaled from earlier decisions and said it would extend a limited helping hand to Windows XP users by offering both antivirus signatures and its own Security Essentials software for more than a year after it stops patching the aged OS.
 
Apple CEO Tim Cook's claim today that the company broke iPhone sales records in China during 2013's fourth quarter meant that the firm sold in excess of 10.4 million smartphones in the region, an IDC analyst said today.
 

I was still wiping the sleep from my eyes this morning when the nagging voice kicked in: before trawling the Internet for news, you better install yesterday's security updates.

It wasn't a pleasant thought, given the raft of patches released yesterday by Microsoft, Adobe, and Oracle for a variety of products. But as someone who has covered computer security for eight years, I've come to make updating a top priority. And for good reason. A large percentage of the booby-trapped websites that surreptitiously install malware on visitors' machines exploit vulnerabilities that have already been patched.

The recent hack on Yahoo's ad network, for instance, targeted two security flaws in the Java software framework that Oracle had fixed 17 and 24 months ago, Trend Micro reported in a blog post. Those who visited compromised Yahoo servers with up-to-date systems were immune to those attacks. By contrast, people using unpatched software were exposed to malicious payloads that installed the Dorkbot and Gamarue trojans, as well as malware that turned visitors' machines into Bitcoin miners.

Read 5 remaining paragraphs | Comments

 
ISC BIND NSEC3 Signed Zones Queries Handling Remote Denial of Service Vulnerability
 
Oracle Java SE CVE-2013-5910 Remote Security Vulnerability
 
Apple will pay at least $32.5 million to customers in a settlement over a U.S. Federal Trade Commission complaint that the company allowed children to run up huge in-app purchases on the company's devices.
 
Despite widespread criticism of this week's court ruling that the FCC can't keep broadband and mobile service providers from selectively blocking or slowing Web traffic and apps, the effects aren't obvious to most consumers.
 
LinuxSecurity.com: An updated Adobe Flash Player package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]
 
LinuxSecurity.com: It was discovered that djvulibre, the Open Source DjVu implementation project, can be crashed or possibly make it execute arbitrary code when processing a specially crafted djvu file. [More...]
 
LinuxSecurity.com: Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical [More...]
 
LinuxSecurity.com: Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]
 
Blackphone

Phil Zimmermann, creator of PGP e-mail encryption, is leading a team of security industry executives building an Android phone with a variety of built-in privacy tools.

"I've been interested in secure telephony for longer than I've been interested in secure e-mail," Zimmermann said in a video on so-called Blackphone's website. "I had to wait for the rest of the technology infrastructure to catch up to make it possible to do secure telephony. PGP was kind of a detour for me while waiting for the rest of the technology to catch up to make really good secure telephony possible."

The narrator of the Blackphone video ominously says, "Technology was supposed to make our lives better. Instead we have lost our privacy—we have become enslaved." The Blackphone website says the phone will use "PrivatOS," an Android-based operating system, while letting users "make and receive secure phone calls; exchange secure texts; exchange and store secure files; have secure video chat; browse privately; and anonymize your activity through a VPN."

Read 4 remaining paragraphs | Comments

 

What Healthcare Can Teach Us About App Security
InformationWeek
It's a mission that's not so different from InfoSec. Here's our challenge: our increasing reliance on software is occurring exactly when two other trends are making security more difficult. First, software size, complexity, interconnection, and even ...

 

10 ways to prep for -- and ace -- a security job interview
IDG News Service
"The candidate should avoid cramming for knowledge, and focus on interviewing to demonstrate attitude, not as much infosec aptitude. Infosec is baked into nearly every business and tech process, so the candidate should be prepared to identify the ...

and more »
 
Playing on mobile users' fears of commercial and government surveillance, two companies are building a phone they say is designed to protect privacy. The joint venture between smartphone manufacturer Geeksphone and encrypted communications provider Silent Circle will unveil the new device called Blackphone at the Mobile World Congress show in Barcelona next month.
 
In a case of convenience for users trumping security, Starbucks has been storing the passwords for its mobile-payment app, along with geolocation data, in clear text.
 
Google took another step toward giving its Apps suite an enterprise social networking (ESN) component with the new activity stream feature for the Drive cloud storage piece.
 
Google has lodged an appeal against the $205,000 fine imposed by the French privacy watchdog, a company spokesman said Tuesday.
 
Google yesterday revamped the Windows 8 "Metro" app version of its new Chrome 32 browser to resemble Chrome OS, the operating system that powers Chromebooks.
 
Google has lodged an appeal against the $205,000 fine imposed by the French privacy watchdog, a company spokesman said Tuesday.
 
Oracle Java SE CVE-2014-0428 Remote Security Vulnerability
 
Oracle Java SE CVE-2014-0368 Remote Security Vulnerability
 
Oracle Java SE CVE-2014-0373 Remote Security Vulnerability
 
Oracle Java SE CVE-2014-0411 Remote Security Vulnerability
 
Online OWASP Security Challenges
 

Top 10 Influencers in Government InfoSec
GovInfoSecurity.com
Recognizing the leaders who play a critical role in shaping the way governments approach information security and privacy, GovInfoSecurity announces its fifth annual list of Influencers. What makes an Influencer? It's a combination of position and know ...

 
FreeBSD Security Advisory FreeBSD-SA-14:02.ntpd
 
FreeBSD Security Advisory FreeBSD-SA-14:03.openssl
 
[SECURITY] [DSA 2844-1] djvulibre security update
 
FreeBSD Security Advisory FreeBSD-SA-14:04.bind
 
Foreign Intelligence Surveillance Court judges have said the creation of a privacy advocate in the secret court could be counterproductive and hamper its work.
 
Intel has put on hold a new chip manufacturing facility at its site in Chandler, Arizona, leaving the new space available for unspecified future technology.
 
While some vendor conferences can end up mired in technical minutiae, MicroStrategy believes it's better to show, not tell customers how its BI software works, according to its president, Paul Zolfaghari.
 
Spammers targeted hospitality-related business listings on Google services, modifying links in what appeared to be an attempt to drive traffic to a hotel bookings site.
 
Ad blockers can make websites cleaner and faster for users, but they can also take a nasty bite out of advertising revenue. How popular are they, and what can site publishers do about them?
 
The D.C. Circuit Court of Appeals decision in Verizon v. FCC is a dangerously retrograde move that, by badly damaging the cause of net neutrality, harms American consumers and further insulates the already over-protected cable industry from any kind of meaningful competition.
 
A U.S. senator pressed Ford for information on its in-car data collection practices, citing recent boasts by an executive at the automaker that it can monitor drivers via integrated navigation system.
 

Posted by InfoSec News on Jan 15

http://www.komonews.com/news/local/Hacker-Compermises-Patient-and-Firefighter-Information-240206801.html

By Matt Markovich
KOMONews.com
Jan 14, 2014

DUVALL, Wash. -- Having firemen come to your house or accident scene is
traumatic enough, but now some Eastside residents who experienced such an
event may be vunerable to identity theft.

A hacker gained entry into a computer server run by NORCOM, the North East
King County Regional Public...
 

Posted by InfoSec News on Jan 15

http://www.computerworld.com/s/article/9245390/Target_to_invest_5M_in_cybersecurity_ed_program

By John Ribeiro
IDG News Service
January 14, 2014

Target said Monday it is investing US$5 million in a multi-year campaign
to educate the public on the dangers of scams, after the company disclosed
that up to 110 million people may have been affected by a data breach at
the retailer's U.S. stores.

The company, under pressure from various...
 

Posted by InfoSec News on Jan 15

http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html

By DAVID E. SANGER and THOM SHANKER
The New York Times
JAN. 14, 2014

WASHINGTON -- The National Security Agency has implanted software in
nearly 100,000 computers around the world that allows the United States to
conduct surveillance on those machines and can also create a digital
highway for launching cyberattacks.

While most of the software...
 

Posted by InfoSec News on Jan 15

http://www.courier-journal.com/article/20140114/NEWS01/301140060/State-Auditor-Edelen-backing-cyber-security-bill

By Mike Wynn
The Courier-Journal
Jan. 14, 2014

FRANKFORT, KY. -- People who have personal data exposed or hijacked from
government computers would receive notification under a bill gaining
support in the Kentucky legislature.

House Bill 5 mandates that state and local government agencies notify
victims of stolen or mishandled...
 

Posted by InfoSec News on Jan 15

http://koreajoongangdaily.joins.com/news/article/Article.aspx?aid=2983516

BY KIM JI-YOON
joongang.co.kr
January 15, 2014

The Ministry of Science, ICT and Future Planning warned yesterday that
North Korean hacking attempts have been detected recently at small and
midsize IT companies and institutions that deal directly with national
security.

The companies, especially those under contract with government agencies,
were affected by recent...
 
Internet Storm Center Infocon Status