Hackin9
Two giants of the mobile phone industry, Apple and Google, have agreed to drop all current patent infringement lawsuits between them, they said Friday.
 
[ MDVSA-2014:104 ] egroupware
 
[ MDVSA-2014:101 ] owncloud
 

Yesterday, Rob discussed Collecting Workstation / Software Inventory Several Ways, including PowerShell. I don't spend nearly as much time as I used to going hands-on with systems, but everytime I need to solve a problem on Windows hosts, PowerShell is there for me. Sadly my PowerShell fu is weak as compared to where I'd like it to be, but as an assimilated minion (1 of 7) of the Redmond Empire I have the benefit of many resources. Luckily much content is publicly available and you have Lee Holmes to help you with PowerShell mastery. Lee really is the man on the PowerShell front, you'll note his Windows PowerShell Pocket Reference in it's rightful place on my desk.

Windows PowerShell Pocket ReferenceAmongst my many pet peeves are overly permissive file shares with the likes of Everyone, Domain Users, Domain Computers, and Authenticated Users granted unfettered access. No one every leaves PII, config files, and user name password lists on a share, right? And no one with unauthorized or inappropriate access ever makes their way on to enterprise networks, right? Sure, Russ, sure. :-) Back in the real world, where would we be without an entire industry sector dedicated to DLP (data leak prevention solutions)? Oh yeah, probably in a world with less SPAM and cold calls, but I digress.

Step 1: We admitted we were powerless over misconfiguration—that our networks had become unmanageable.

Step 2: Came to believe that PowerShell could restore us to sanity.

I have fallen deeply, unmanageably, irrevocably in love with the Revoke-SmbShareAccess cmdlet available on Windows Server 2012 R2 and Windows 8.1 systems (Windows PowerShell 4.0). Having tried to solve this issue with the likes of Set-Acl and requiring serious counseling thereafter, Revoke-SmbShareAccess (and it's friends Block, Unblock, Get, and Grant) allowed me to do in three lines what could not be otherwise done easily or elegantly. 

"The Revoke-SmbShareAccess cmdlet removes all of the allow access control entries (ACEs) for a trustee from the security descriptor of the Server Message Block (SMB) share." Sweet!

Examples? You bet. The terms share and server are used generically here; you'll need to apply the appropriate nomenclature.

Local (single share, single account):
Revoke-SmbShareAccess -Name share -AccountName "Everyone" -force

Local (single share, multiple accounts):
Revoke-SmbShareAccess -Name share -AccountName "Everyone","Domain Users","Domain Computers","Authenticated Users" -force

Remote (single share, single account):
Revoke-SmbShareAccess -name share -CimSession server -AccountName Everyone -Force

Remote (single share, multiple accounts):
Revoke-SmbShareAccess -name share -CimSession server -AccountName "Everyone","Authenticated Users","Domain Users","Domain Computers" -Force

For Remote (multiple share, multiple servers, multiple accounts), where you want to use a list of servers and/or shares you can build a small script and define variables that pull from text lists.

$servers = Get-Content -Path C:\powershell\data\servers.txt
$shares = Get-Content -Path C:\powershell\data\shares.txt
Revoke-SmbShareAccess -name $shares -CimSession $servers -AccountName "Everyone","Authenticated Users","Domain Users","Domain Computers" -Force

Obviously, you'll want to tune, experiment, and optimize but hopefully this may help get you started on the cleanup process. You'll want to overly communicate with your user base advising them to create security groups granting share access only to those people (and systems) embedded in the appropriate group. Don't just go removing these permissions without an awareness campaign. You don't want that call: "You broke my entire service when you removed Everyone share permissions!" Argh. Remember also the nuances (they are many) between share permissions and NTFS permissions.

Good luck and cheers!

Russ McRee | @holisticinfosec

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
eGroupWare 'call_user_func()' Function Remote Code Execution Vulnerability
 
libvirt XML Entity Expansion CVE-2014-0179 Information Disclosure Vulnerability
 
[ MDVSA-2014:103 ] wordpress
 
[ MDVSA-2014:102 ] mariadb
 
[ MDVSA-2014:100 ] java-1.7.0-openjdk
 
CA20140413-01: Security Notice for OpenSSL Heartbleed Vulnerability
 
Several tech companies have revamped privacy and transparency policies since revelations in leaked National Security Agency (NSA) documents showed that the U.S. was secretly collecting customer data from Internet Service Providers, telecommunications companies and others.
 
GM is the latest automaker to offer Wi-Fi hotspots in vehicles, providing 4G access while others have 3G. The move poses a question: Do people really need Wi-Fi in cars?
 
Mozilla is preparing nearly-silent upgrades to get customers stuck on older versions of Firefox onto the newest edition, according to notes on the company's website and its bug-tracking database.
 
Juniper Networks ScreenOS SSL/TLS Protocol Packet Handling Denial of Service Vulnerability
 
[ MDVSA-2014:098 ] rawtherapee
 
[ MDVSA-2014:096 ] python-jinja2
 
[ MDVSA-2014:095 ] struts
 
[ MDVSA-2014:094 ] rxvt-unicode
 
Chinese smartphone vendor Xiaomi has made a name for itself by selling iPhone-like gear for almost a third of the price of Apple products. It may sound too good to be true, but the company is managing to sell millions of phones and is already kicking off a global expansion. So how does it pull it off?
 
Microsoft's scheduled unveiling of new Surface tablets next week is not a last-chance moment for the company's hardware dreams, analysts said, countering a theme popular on the Web.
 

So you reckon you're a leet infosec warrior. Now you can prove it, pal
Register
Defend Blighty from malware, show online crooks who's boss, bank a pay cheque, and sip a martini. It's not quite James Bond, but if you reckon you're up to the job, good news: Cyber Security Challenge UK launches today, on Friday, and is supposed to ...

and more »
 
Maintaining or rediscovering innovation is difficult and often counter-intuitive for larger companies. However, CIO.com columnist Rob Enderele offers suggestions for how businesses can get back the innovation they lack.
 
Google has hired a former Calvin Klein and Gap executive to help make Glass socially acceptable and turn it into a mainstream product.
 
The U.S. Federal Communications Commission voted Thursday to release a controversial proposal to restore net neutrality rules and seek public comment on a number of ways to proceed after a U.S. appeals court threw out the agency's old rules in January.
 
GNU Emacs Multiple Insecure Temporary File Handling Vulnerabilities
 
Python Interpreter '/Modules/stropmodule.c' Heap Memory Corruption Vulnerability
 
Senior government official says the landmark education reform bill is a possible template for addressing shortage of technical workers and bridging the gender gap in IT.
 
Last month Google offered refunds to users who bought a fake antivirus app from Google Play, but the scam seems to be catching on and security researchers have recently identified similar apps in both the Android and Windows Phone app stores.
 
The FCC says the public should not rely on text messages to reach 911 in emergencies because the technology is only available to 59 of the more than 6,000 emergency communications centers nationwide.
 

Last weekend's hack of cryptocurrency repository Doge Vault was worse than previously thought because it gave attackers full access to the underlying system, including the databases that stored private keys for all user wallet addresses and cryptographically protected user passwords.

The exposure means that users should presume all Doge Vault addresses are compromised and immediately cease using any of them to transfer funds, Doge Vault officials advised in a brief announcement posted Thursday. Although the announcement said that passwords were protected by a "strong one-way hashing algorithm," users should presume the large majority of them will be converted into plaintext in a matter of hours, days, or weeks, depending on the specifics of the Doge Vault hashing regimen. As a result, people should stop using the passwords on all sites. Doge Vault users should also be on the lookout for highly targeted phishing attacks, since the hack exposed user account data that may be considered sensitive.

"It is believed the attacker gained access to the node on which Doge Vault’s virtual machines were stored, providing them with full access to our systems," Thursday's announcement stated. "It is likely our database was also exposed containing user account information; passwords were stored using a strong one-way hashing algorithm. All private keys for addresses are presumed compromised, please do not transfer any funds to Doge Vault addresses."

Read 2 remaining paragraphs | Comments

 
Linux Kernel 'filter.c' CVE-2014-3145 Local Denial of Service Vulnerability
 

For infosec career success, do security certifications trump all?
TechTarget
Despite a middling economy and high unemployment rates, the information security field has been a bastion of hope for IT job-seekers, with conservative estimates from organizations like (ISC)2 showing that hundreds of thousands of new infosec positions ...

 
You got the job offer. While you cleared the biggest hurdle, you're not finished yet. Now it's time to negotiate your compensation package. These tips will help you get the best deal while keeping the process a positive one.
 
[ MDVSA-2014:089 ] nagios
 
Google aims to fuel international sales in the Play store by expanding the use of carrier billing and letting developers sell apps in more countries. The company has also added PayPal as a new payment method in countries such as the U.S. and Germany.
 
People will be able to use an online tool to ask Google not to display search results about them, according to a German data protection commissioner.
 
Ruby on Rails 'implicit render' Functionality Directory Traversal Vulnerability
 
[SECURITY] [DSA 2929-1] ruby-actionpack-3.2 security update
 
APPLE-SA-2014-05-15-2 iTunes 11.2
 
Further investigation into an exploit kit known as 'Elderwood' shows the attackers using it are more numerous and possibly better funded than previously thought, according to new research from Symantec.
 
A bid by Samsung Electronics to get a Texas court to dismiss a patent infringement complaint by Apple-backed Rockstar was rejected after the judge decided Thursday that a Rockstar subsidiary had standing to sue.
 
Is Amazon getting ready to unleash a fleet of drones upon San Francisco, dropping Kindles from the sky? Or a self-driving car that can deliver the latest best-seller?
 
An online wallet for the dog-themed cryptocurrency dogecoin said Thursday it lost 280 million coins, worth about $130,000, after attackers gained access to its virtual machines on Sunday.
 
Internet Storm Center Infocon Status