Hackin9

As UK Prime Minister David Cameron forges ahead with a campaign pledge to ban encrypted messaging apps unless his government is given backdoors, that country's Guardian newspaper has aired a secret US report warning that government and private computers were at risk because cryptographic protections aren't being implemented fast enough.

The 2009 document, from the US National Intelligence Council, said encryption was the "best defense" for protecting private data, according to an article published Thursday by the newspaper. Airing of the five-year forecast came the same day Cameron embarked on a US trip to convince President Obama to place pressure on Apple, Google, and Facebook to curtail their rollout of stronger encryption technologies in e-mail and messaging communications. According to Thursday's report:

Part of the cache given to the Guardian by Snowden, the paper was published in 2009 and gives a five-year forecast on the “global cyber threat to the US information infrastructure”. It covers communications, commercial and financial networks, and government and critical infrastructure systems. It was shared with GCHQ and made available to the agency’s staff through its intranet.

One of the biggest issues in protecting businesses and citizens from espionage, sabotage and crime – hacking attacks are estimated to cost the global economy up to $400bn a year – was a clear imbalance between the development of offensive versus defensive capabilities, “due to the slower than expected adoption … of encryption and other technologies”, it said.

An unclassified table accompanying the report states that encryption is the “[b]est defense to protect data”, especially if made particularly strong through “multi-factor authentication” – similar to two-step verification used by Google and others for email – or biometrics. These measures remain all but impossible to crack, even for GCHQ and the NSA.

The report warned: “Almost all current and potential adversaries – nations, criminal groups, terrorists, and individual hackers – now have the capability to exploit, and in some cases attack, unclassified access-controlled US and allied information systems.”

Cameron's campaign against encryption comes as the rest of the world has stepped up cryptographic protections. Both Apple and Google have added default disk encryption by default to their iPhone and Android smartphone platforms, and a growing number of companies are ensuring that links connecting data centers use strong encryption to ensure traffic can't be read by the National Security Agency or its UK counterpart, the Government Communications Headquarters. Even before the Guardian report, it was hard to envision how it would be plausible to implement restrictions as draconian as the ones the UK prime minister is proposing. Now, there's evidence that UK's staunchest ally may have cold feet, too, signalling Cameron may have an even steeper uphill battle.

Read on Ars Technica | Comments

 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

DShield sensors report an uptick of scanning for tcp/6379, currently mostly originating from 61.160.x and 61.240.144.x, which are both CHINANET/UNICOM. tcp/6379 is the default port of the Redis NoSQL database (http://redis.io) and Redis by default accepts connections from any">Redis is designed to be accessed by trusted clients inside trusted environments. This means that usually it is not a good idea to expose the Redis instance directly to the internet

which makes us wonder if the service scanned for in this case is indeed Redis, or something else?" />

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Mozilla Firefox/Thunderbird/SeaMonkey Proxy Authentication Session Fixation Vulnerability
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-8635 Multiple Memory Corruption Vulnerabilities
 

Reader Robert came today with a very interesting situation. He noticed odd wordpress login patterns:

T 31.47.254.62:51020 - +http://www.google.com/bot.html).
Host: **redacted**
Accept: */*.
Cookie: wordpress_test_cookie=WP+Cookie+check.
Content-Length: 131.
Content-Type: application/x-www-form-urlencoded.
.
log=adminpwd=admin%21%21%21wp-submit=Log+Inredirect_to=http://**redacted**/wp-admin/tes1a0">T 62.210.207.146:43322 - +http://www.google.com/bot.html).
Host: **redacted**
Accept: */*.
Cookie: wordpress_test_cookie=WP+Cookie+check.
Content-Length: 113.
Content-Type: application/x-www-form-urlencoded.
.
log=ahenrypwd=Ahenry%24%24%24wp-submit=Log+Inredirect_to=http://**redacted**/wp-admin/tes1a0">T 109.199.82.5:46902 - +http://www.google.com/bot.html).
Host: **redacted**
Accept: */*.
Cookie: wordpress_test_cookie=WP+Cookie+check.
Content-Length: 110.
Content-Type: application/x-www-form-urlencoded.
.
log=natemcpwd=Johns666wp-submit=Log+Inredirect_to=http://**redacted**/wp-admin/tes1a0">">tes1a0
in the Wordpress 4.1 installation download and its not part of the code. It">Have you seen this kind of wordpress attempts? If yes, let us know via Contact form. I will update the diary with the information gathered.

Manuel Humberto Santander Pelez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Mozilla Firefox/Thunderbird/SeaMonkey sendBeacon Cross-Site Request Forgery Vulnerability
 
Mozilla Firefox/SeaMonkey Web Audio Denial of Service Vulnerability
 
Mozilla Firefox/SeaMonkey XrayWrapper Privilege Escalation Vulnerability
 
Mozilla Firefox/SeaMonkey Online Certificate Status Protocol Responder Security Bypass Vulnerability
 
Alienvault OSSIM/USM Command Execution Vulnerability
 
[ MDVSA-2015:025 ] mpfr
 
[ MDVSA-2015:024 ] libsndfile
 
[SECURITY] [DSA 3128-1] linux security update
 
GNU Coreutils Insecure Temporary File Creation Vulnerability
 
[ MDVSA-2015:026 ] untrf
 
[ MDVSA-2015:023 ] libvirt
 

During one scene in the upcoming hacker action movie Blackhat, a team is sent into the control room of a burned-out nuclear power plant to gather clues about the evil computer saboteur who sparked its catastrophic meltdown. The investigators, led by a convicted carder sprung from prison to track down the enigmatic perp, take an axe to a server cabinet so they can retrieve a badly corrupted hard drive that ultimately reveals the suspect's true location.

As a way to advance the plot, the 60-second scene is mostly unremarkable. But had computer and security expert Christopher McKinlay not been retained as one of the movie's two hacking consultants, it would have been the kind of Hollywood fare that makes technically savvy viewers groan. Originally, McKinlay said, the screenplay called for the investigators to pull the data off of a perfectly functioning computer. When the 36-year-old—best known for hacking the OKCupid dating site to make him the most popular male user located in Los Angeles—told director Michael Mann electronics don't function in highly irradiated environments, the scene was rewritten to make it more technically accurate. The movie opens Friday.

Method acting

The scene isn't the only example of the pains Mann took to ensure his film portrayed computers and hacking in a realistic light. McKinley provided virtually all of the Unix line commands furiously typed by convicted hacker turned whitehat Nicholas Hathaway as he closes in on his quarry. The protagonist, played by actor Chris Hemsworth, was modeled after Max Butler, aka Max Vision, the security consultant turned credit card stealing hacker profiled in Kingpin, a book written by fellow Blackhat hacking consultant Kevin Poulsen. (Poulsen himself served time in prison on a hacking conviction before becoming a journalist.) Early on in the planning, the director toyed with the idea of Hemsworth becoming a coder himself.

Read 8 remaining paragraphs | Comments

 
libvirt 'qemu/qemu_driver.c' Multiple Local Denial of Service Vulnerabilities
 
Adobe Flash Player and AIR CVE-2015-0308 Use After Free Remote Code Execution Vulnerability
 
Adobe Flash Player and AIR CVE-2015-0305 Type Confusion Remote Code Execution Vulnerability
 
Adobe Flash Player and AIR CVE-2015-0306 Unspecified Memory Corruption Vulnerability
 
LinuxSecurity.com: Updated libvirt packages fix security vulnerability: The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service [More...]
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: date and touch could be made to crash or run programs if theyhandled specially crafted input.
 
LinuxSecurity.com: Firefox could be made to crash or run programs as your login if itopened a malicious website.
 
LinuxSecurity.com: This update provides compatible packages for Firefox 35.
 
LinuxSecurity.com: unzip could be made to crash or run programs if it opened a speciallycrafted file.
 
LinuxSecurity.com: GParted could be made to run programs as an administrator.
 
LinuxSecurity.com: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
 
LinuxSecurity.com: Security Report Summary
 
FreeBSD Security Advisory FreeBSD-SA-15:01.openssl
 

KSU grads improve careers by earning degrees
Daily Tribune News
I started a new business with a concentration in my passion, InfoSec [information security].” Nivens enrolled at KSU in fall 2011, attending school at least 12 semester hours a week and working 40 to 60 hours a week at his business, NIV Securities. For ...

 

Posted by InfoSec News on Jan 15

http://www.theregister.co.uk/2015/01/15/sony_hack_was_good_news_for_insurers_and_investors/

By Mark Pesce
The Register
15 Jan 2015

Whoever hacked Sony Entertainment at the end of November changed
information security forever.

Where once hackers had been most concerned to gain access to the honeypots
of credit cards and bank accounts, this theft had a different goal, one
that became clear with the steady release of Sony’s most intimate...
 

Posted by InfoSec News on Jan 15

http://arstechnica.com/tech-policy/2015/01/obama-wants-congress-to-increase-prison-sentences-for-hackers/

By David Kravets
Ars Technica
Jan 14 2015

The Obama administration, currently engaged in a war of words with North
Korea over the recent hacking of Sony Pictures Entertainment, is calling
on Congress to increase prison sentences for hackers and to expand the
definition of hacking.

During next week's State of the Union address, the...
 

Posted by InfoSec News on Jan 15

http://www.sfgate.com/movies/article/Blackhat-review-Michael-Mann-movie-bombs-6016040.php

By Mick LaSalle
SFGate.com
January 15, 2015

You ever see a garbage truck unload? It backs up slowly and stops, the
back door drops, and a cascade of wet, smelly junk comes rolling and
tumbling out. Releasing a movie in January is something like that. Aside
from the 2014 releases going wide following Oscar-qualifying runs in Los
Angeles, what makes it...
 

Posted by InfoSec News on Jan 15

http://www.darkreading.com/vulnerabilities---threats/anatomy-of-a-cyber-physical-attack-/d/d-id/1318624

By Kelly Jackson Higgins
Dark Reading
1/14/2015

S4 Conference 2015 — The real threat to a power or manufacturing plant
isn't the latest vulnerability or malware variant.

"If you only consider hackers, you don’t have to be concerned that much.
They won't be able to take down a power grid or blow up chemical...
 

Posted by InfoSec News on Jan 15

http://healthitsecurity.com/2015/01/14/healthcare-cybersecurity-still-top-issue-says-chime-leader/

By Elizabeth Snell
Health IT Security
January 14, 2015

While new technology can give cyber criminals new outlets to gain access
to protected health information (PHI), it also gives more opportunities to
healthcare organizations to keep that data safe. Moreover, healthcare
cybersecurity is an area that the College of Healthcare Information...
 
Internet Storm Center Infocon Status