Hackin9

Visa refused for incorrect reasons
Australia Forum
On May 6th 2013, I received an email from the address [email protected]****************, titled "RE: T4 ******************* - Zawar - Request Documents or Info [SEC=UNCLASSIFIED]". The text of this email is as follows: UNCLASSIFIED Hi Please email ...

 
Oracle said on Tuesday that its monthly round of patches for July includes 89 fixes, 27 of which address remotely exploitable vulnerabilities in four widely used products.
 
Oracle MySQL Server CVE-2013-3793 Remote Security Vulnerability
 
The U.S. government's portal for the data it creates, Next.Data.gov, is getting a revamp that should make it easier to view and reuse government data.
 
The Green Electronics Council plans to expand its EPEAT environmental rating system later this year to include smartphones, the council said Tuesday.
 
 
Oracle MySQL Server CVE-2013-3802 Remote Security Vulnerability
 
Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
 
Apache mod_imagemap and mod_imap Cross-Site Scripting Vulnerability
 
Microsoft today launched Outlook Web App (OWA) for iOS, a "native" app that reprises -- and amplifies -- the in-browser OWA corporate workers have long used on devices that don't support the full-fledged Outlook client.
 
Linux Kernel 'tcp_collapse()' Local Denial of Service Vulnerability
 
[security bulletin] HPSBGN02882 rev.1 - HP Database and Middleware Automation (DMA) using SSL, Remote Disclosure of Information
 
[security bulletin] HPSBMU02870 SSRT101012 rev.2 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
 

Was just browsing my web logs again, and came across this stupid little SQL injection attempt:

GET //diary.html?storyid=3063//////////////-999.9+union+select+0-- HTTP/1.1

There were more like it. The reason I call this "stupid and simple" is that it probably didn't even work if I was vulnerable (mysql at least requires a space after the comment). So I was looking for other attempts (I found a few) but they had similar elemental mistakes, or used well known "bad" user agents that are frequently blocked (Firefox 3.5.9 ?! Really?)

So I was wondering: Why don't I see ever "better" attacks? One issue may be that web logs usually don't capture the "POST" request data. If you capture it at all, you capture it using a WAF or IDS if the request was suspect. Also, capturing full posts presents other problems. The data could be quite large, and may contain personal data that should better not be logged (usernames and passwords). 

Anybody got a good way of logging "sanitized" POST requests?

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Yahoo's profits rose by 46 percent in the second quarter, aided by nearly a dozen product launches, though sales at the company were still down.
 
Infor has been sued by a customer who claims an ERP (enterprise resource planning) project that was supposed to take six months instead allegedly dragged on for well over a year without any useful results.
 
Microsoft does not give the U.S. National Security agency direct access to its customers' email or instant messages, contrary to previous news reports, a company executive said.
 
The computer hardware and software graphics market will grow in the coming years as applications become visually demanding, and employment opportunities in the field will expand, according to a study released on Tuesday.
 
Edward Snowden, the leaker of documents that revealed National Security Agency surveillance programs, has submitted a request for temporary asylum in Russia and could be granted a decision within several weeks, according to news reports.
 
A new piece of digitally signed spyware for Mac OS X uses a special Unicode character in its file name to hide its real file extension from users and trick them into installing it.
 
Apple may acquire the Israeli chip design company that provided the motion sensing technology used in Microsoft's popular Kinect video game controller, the Israeli business daily Calcalist reported today.
 
Nineteen organizations, including a church and gun ownership and marijuana legalization groups, have filed a lawsuit against the U.S. National Security Agency for a surveillance program that targets U.S. residents' phone records.
 
GNU ZRTP CVE-2013-2222 Multiple Stack Buffer Overflow Vulnerabilities
 
GNU ZRTP 'ZRtp::storeMsgTemp()' Function Heap Buffer Overflow Vulnerability
 
GNU ZRTP CVE-2013-2223 Information Disclosure Vulnerability
 
Outplacement firm Challenger, Gray & Christmas says that layoffs in the computer, electronics and telecommunications industries are on the rise. But the news isn't all bad: growth rates in the U.S. are still strong compared to the rest of the world.
 
The planet Neptune has been hiding a secret that NASA's Hubble Space Telescope just discovered -- another moon.
 

Aamir Lakhani
FederalNewsRadio.com
Writing under the pseudonym Dr. Chaos, Lakhani also operates the DrChaos.com blog. In their recent list of 46 Federal Technology Experts to Follow on Twitter, Forbes magazine described Aamir Lakhani as "a blogger, infosec specialist, super hero...and ...

 
After just an hour of what should have been a six-and-a-half-hour spacewalk, an astronaut's helmet leak forced NASA to cancel the mission on the International Space Station this morning.
 
The World Wide Web Consortium has rejected an attempt by the advertising industry to hijack a specification describing how websites should respond to "do not track" requests sent by Web browsers.
 
T-Mobile will begin in-store sales of both the Xperia Z from Sony and the Nokia Lumia 925 starting Wednesday.
 

How Google and Blue Box sparked an important open source discussion
Network World
Forristal is enjoying the notoriety that will pack his talk at the INFOSec industry's Black Hat Conference in August, but his motivation extends beyond self promotion and appears to be sincere. Unless Forristal's Linkedin profile has been contrived, he ...

and more »
 
Jive is rolling out of its software assembly line a new version of its enterprise social networking suite with enhanced gamification and sharper analytics, as well as deep integration with Salesforce.com's Chatter, Microsoft's Yammer and Evernote.
 
Toshiba will soon launch the world's fastest SD cards, which will offer write speeds of up to 240MB/s.
 
Intel has moved to bring keyboard-free computing to PCs and mobile phones with the acquisition of Israel-based Omek Interactive.
 
A broadband standard that aims to support bandwidth-intensive applications such as streaming Ultra-HDTV movies without the need to install fiber between the distribution point and people's homes met its first-stage approval, the International Telecommunication Union (ITU) said on Tuesday.
 
Lenovo is expanding software partnerships as it tries to break into a server market dominated by Hewlett-Packard, IBM and Dell.
 
LinuxSecurity.com: Several security issues were fixed in PHP.
 
LinuxSecurity.com: Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support. The Red Hat Security Response Team has rated this update as having critical [More...]
 
LinuxSecurity.com: Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having critical [More...]
 
LinuxSecurity.com: Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, and Red Hat Enterprise Linux 5.6, 6.2 and 6.3 Extended Update Support. [More...]
 
LinuxSecurity.com: Updated java-1.6.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]
 
LinuxSecurity.com: Updated java-1.7.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]
 
LinuxSecurity.com: Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. [More...]
 

I would not allow users Admin access by default. This is a practice that can have serious security repercussions.

Give ""Admins"" a power user account and then tweak it further using GPO and AppLocker. Set up logging for Admin and standard user accounts.

 
Voice Logger astTECS - bypass login & arbitrary file download
 
The votes are in for CIO.com's 10 hottest big data startups to watch. Here are the final rankings based on your voting as well as a variety of other criteria such as funding and company leadership.
 
The NSA's Prism spying program highlights the need to make sure your cloud contract safeguards your data from access by third parties.
 
The emergence of faster Wi-Fi on the 802.11ac standard has been a big hit with schools and universities that have struggled with slower networks because of the enormous influx of data-sucking smartphones, tablets and laptops used by students.
 
Although a historic downturn in PC shipments has made headlines since April, "Peak PC" -- the moment when personal computers crested -- was two years ago. That could bode ill for Microsoft.
 
The big data approach to IT recruitment is catching on fast, for hard-to-find software developers in particular, and it could spread to other jobs.
 
Android's rudimentary backup feature saves Wi-Fi passwords in plain text on Google servers. This is not in itself news, but it takes on new significance in the light of PRISM
    


 
Compromising ASUS routers on which the storage service AiCloud is activated is apparently a simple matter. Attackers can access private data and even navigate around the local network
    


 
Some Avira users are unable to use their web browsers without first disabling Web Protection. A reinstall helps users, but doesn't solve all their problems
    
 

SANS opens registration for Dubai 2013 InfoSec training
AME Info (press release)
SANS Dubai 2013, the Gulf Region's largest InfoSec training event has opened for online registration including 'early bird' discounts. The event will be held at the Hilton Dubai Jumeirah resort from October 26th till November 7th 2013 with a roster of ...

 
AT&T is offering no-contract smartphones and tablets on monthly installments, with the promise of an annual upgrade, taking on similar offers by competitor T-Mobile US.
 
China's largest search engine Baidu is planning to acquire two leading app stores in the country for $1.9 billion, as the company seeks to expand its presence in the mobile Internet space.
 
The U.S. Foreign Intelligence Surveillance Court has ordered the government to declassify its secret order and parties' briefs in a case which Yahoo expects will demonstrate that it resisted government directives.
 
Version 3.0 of Puppet Labs' configuration automation tool shines with speed boosts, orchestration improvements, and deeper support for Windows servers
 
Trend Micro says it detected a targeted attack that sent malware-laden emails to representatives of 16 European countries and some Asian governments.
 
Re: [ MDVSA-2013:195 ] php
 
[CVE-2013-4763|CVE-2013-4764] Vulnerability in built-in system app of Samsung Galaxy S3/S4
 
Dell Kace 1000 SMA v5.4.70402 - Persistent Vulnerabilities
 
Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities
 
FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability
 
Nikon CoolPix L Series Fw1.0 - Information Disclosure Issue
 
Re: Multiple vulnerabilities in McAfee ePO 4.6.6
 
[CVE-2013-2745, CVE-2013-2738, CVE-2013-2739] MiniDLNA v1.0.25 Multiple Vulnerabilities
 

Posted by InfoSec News on Jul 16

http://www.koreaherald.com/view.php?ud=20130716000896

The Korea Herald
2013-07-16

The government on Tuesday named North Korea as a suspect in the latest cyber
attack against the presidential office website and dozens of other government
offices and news outlets here.

The latest attack took place from June 25, the anniversary of the outbreak of
the 1950-53 Korean War, to July 1, in which the websites of 69 government and
private...
 

Posted by InfoSec News on Jul 16

http://www.bankinfosecurity.com/retail-breach-hits-hawaii-restaurants-a-5910

By Tracy Kitten
Bank Info Security
July 15, 2013

The Honolulu-based upscale restaurant chain Roy's says malware that
infected a corporate PC likely infiltrated its network and may have
exposed card data.

Roy's Holdings Inc., which owns and manages six Roy's restaurants in
Hawaii, on July 5 confirmed that the compromise of one employee's desktop...
 

Posted by InfoSec News on Jul 16

http://news.nationalpost.com/2013/07/14/with-espionage-at-cold-war-levels-csis-warns-travelling-spies-not-to-fall-for-sexual-honey-traps/

By Jim Bronskill
Canadian Press
13/07/14

Canada's spy agency has quietly warned travelling government officials
they might be drugged, kidnapped or blackmailed after being enticed into a
sexual "honey trap" by an attractive stranger.

Foreign intelligence services see federal employees -- and...
 

Posted by InfoSec News on Jul 16

http://www.pcmag.com/article2/0,2817,2421782,00.asp

By Chloe Albanesius
PCMag.com
July 15, 2013

A pair of researchers this week revealed a vulnerability within Verizon
Wireless femtocells that allowed hackers to spy on the carrier's customers.

Tom Ritter and Doug DePerry from iSEC Partners told Reuters that the glitch
within the femtocells, which boost wireless signals in areas with poor
reception, allowed for spying on text messages,...
 

Posted by InfoSec News on Jul 16

Forwarded from: cfp (at) ruxcon.org.au

Ruxcon 2013 Final Call For Papers
Melbourne, Australia, October 26th-27th
CQ Function Centre
http://www.ruxcon.org.au/call-for-papers/

The Ruxcon team is pleased to announce the final call for papers for Ruxcon.

This year the conference will take place over the weekend of the 26th and 27th
of October at the CQ Function Centre, Melbourne, Australia.

The deadline for submissions is the 31st of August....
 
Internet Storm Center Infocon Status