Intel plans to become a leader in wireless and will ship its first multimode LTE processor later this month as part of that drive.

Computer scientists say they found a way to sneak malicious programs into Apple's exclusive app store without being detected by the mandatory review process that's supposed to automatically flag such apps.

The researchers from the Georgia Institute of Technology used the technique to create what appeared to be a harmless app that Apple reviewers accepted into the iOS app store. They were later able to update the app to carry out a variety of malicious actions without triggering any security alarms. The app, which the researchers titled "Jekyll," worked by taking the binary code that had already been digitally signed by Apple and rearranging it in a way that gave it new and malicious behaviors.

"Our method allows attackers to reliably hide malicious behavior that would otherwise get their app rejected by the Apple review process," the researchers wrote in a paper titled Jekyll on iOS: When Benign Apps Become Evil. "Once the app passes the review and is installed on an end user's device, it can be instructed to carry out the intended attacks. The key idea is to make the apps remotely exploitable and subsequently introduce malicious control flows by rearranging signed code. Since the new control flows do not exist during the app review process, such apps, namely Jekyll apps, can stay undetected when reviewed and easily obtain Apple’s approval."

Read 4 remaining paragraphs | Comments


Oracle Java SE CVE-2013-2425 Remote Java Runtime Environment Vulnerability
Rob VandenBrink
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Oracle Java SE CVE-2013-2449 Remote Security Vulnerability
Microsoft has integrated Outlook.com with Skype in several countries, including the U.K., the U.S. and Germany, offering users the ability to tap Skype functions and contacts from within the interface of the webmail application.
Although we are constantly surrounded by advertisements both online and offline, companies have no way to know whether we've actually seen what they're selling. That could change in the future, with the help of Google Glass.
As we approach back-to-school, you may be wondering what to get the Sasquatch in your life. Samsung may have the answer with its half-foot-plus display'd Galaxy Mega,A which is coming to the US this week.
Although we are constantly surrounded by advertisements both online and offline, companies have no way to know whether we've actually seen what they're selling. That could change in the future, with the help of Google Glass.
Apple and Samsung were almost equally able to keep customers in their respective smartphone folds over the last 12 months, an analyst said Monday.
Just as many people are doing their back-to-school shopping, Amazon.com's website crashed for the better part of an hour today.
Single disk drive shipments continue to surpass all other storage devices, such as RAIDed NAS systems, for personal data storage, while shipments of hardware with the Thunderbolt interface surged in the past year.
Twitter has announced a new feature designed to give people a better sense of the context behind the site's characteristically short, 140-character tweets.
Hewlett-Packard has joined Nvidia's growing Grid alliance, equipping a Gen8 Proliant blade server with graphics boards that can speed up and lower the cost of virtual desktop deployments.
Google sources have backed away from earlier projections that the company's Glass wearable computer would ship later this year.
Multiple vulnerabilities on Sitecom N300/N600 devices

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
American consumers named Apple as the most likely brand of their next notebook purchase, but a resurgent Dell easily captured future honors for desktop PCs, according to a survey published today
Future smartphones could gain numerous benefits from algorithms to fight interference, developed by a little-known startup in Lawrence, Kan., that last week drew closer to implementing the technology in devices.
[SECURITY] [DSA 2738-1] ruby1.9.1 security update
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Oracle is latching onto the self-service BI (business intelligence) trend with a new tool for creating HTML5-based mobile applications.
Moto X versus Motorola Droid Ultra versus Motorola Droid Maxx
Microsoft Windows Uniscribe Font Parsing CVE-2013-3181 Remote Code Execution Vulnerability
A new variant of the Ramnit financial malware is using local Web browser injections in order to steal log-in credentials for Steam accounts, according to researchers from security firm Trusteer.
LinuxSecurity.com: Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
LinuxSecurity.com: Several security issues were fixed in Puppet.
Defense in depth -- the Microsoft way (part 7): executable files in data directories
Joomla! jDownloads Component '/jdownloads/search' Cross Site Scripting Vulnerability
x90c WOFF Firefox 1day exploit
MS Excel 2002/2003 CRN record 0day PoC

The folks at ZMAP have released version 1.02 of their scanning tool ( https://zmap.io/ )

ZMAP's claim to fame is it's speed - the developers indicate that with a 1Gbps uplink, the entire IPv4 space can be scanned in roughly 45 minutes (yes, that's minutes) with non-specialized hardware, which is getting close to 100% efficiency on a 1Gbps NIC.   Note that even now, you should design your hardware carefully to get sustained 1Gbps transfer rates.  While not many of us have true 1Gbps into our basements, lots of us have that at work these days. 

With this tool out, look for more "internet census" type studies to pop up.  Folks, be careful who you scan - strictly speaking, you can get yoursefl in a lot of trouble probing the wrong folks, especially if you are in their jurisdiction!

It's also worth mentioning that running a tool like this can easily DOS the link you are scanning from.  Taking 100% of your employer's bandwidth for scanning is good for a whole 'nother type of discussion.

It's safest to get a signed statement of work, and run this on a test subnet before using it "for real".  If anyone has used ZMAP in a production scan, please use our comment form to let us know how you found the tool

Scan safe everyone!

Rob VandenBrink

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

According to LLoyd's (An insurance market company) latest survey, it ranks Cyber Risk as the number three overall risks amongst 500 senior business leaders it surveyed. "It appears that businesses across the world have encountered a partial reality check about the degree of cyber risk. Their sense of preparedness to deal with the level of risk, however, still appears remarkably complacent."[1]

Last year, several well know companies experienced significant breaches such as Yahoo, Verison, Twitter, Google where thousands of users were required to change their passwords. Some of the changes implemented since then include two-factor authentication by Google and Apple to name a few.

Do you think that business executives are more aware now of the reality of cyber attacks?

[1] http://www.lloyds.com/news-and-insight/risk-insight/lloyds-risk-index/top-five-risks
[2] https://isc.sans.edu/diary/Twitter+Confirms+Compromise+of+Approximately+250%2C000+Users/15064
[3] https://isc.sans.edu/diary/Verizon+Data+Breach+report+has+been+released/15665
[4] https://isc.sans.edu/diary/Apple+ID+Two-step+Verification+Now+Available+in+some+Countries/15463


Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
GNU glibc CVE-2013-4237 Remote Buffer Overflow Vulnerability
Cogent Real-Time Systems DataHub Remote Stack Buffer Overflow Vulnerability
A Facebook engineer blamed language difficulties and documentation issues for a delay in fixing a bug that let a security researcher post directly to founder Mark Zuckerberg's Timeline, which is restricted if two users aren't friends.
Mobile hard drives have become lighter and smaller while offering higher capacities at lower prices. We look at 7 of the latest models to help you choose.
China plans to bring gigabit Internet speeds to its major cities by 2020, part of its effort to expand broadband among households in the nation.
Microsoft's slow expansion of commercial sales of its struggling Surface line is proof that the company had no backup plan after completely misreading the market, an analyst said today.
This is a guest diary contributed by Basil Alawi

In a previous diary I wrote about running snort on Vmware ESXi[1] . While that setup might be suitable for small setup with one ESXi host, it might be not suitable for larger implementations with multiple VSphere hosts. In this diary I will discuss deploying Snort on larger implementation with SPAN/Mirror ports.

SPAN ports require VMware Distributed Switch (dvSwitch) or Cisco Nexus 1000v. VMware dvSwich is available with VMware VSphere Enterprise Plus while Cisco Nexus 1000v is third party add-on. Both solutions required VSphere Enterprise Plus and VMware vCenter.

Test Lab

The test lab consists of Vmware ESXi 5.1 as host, VMware vCenter 5.1, Kali Linux, Security Onion and Metaspoitable VM. ESXi 5.1 will be the host system and Kali VM will be the attack server, while Metaspoitable will be the target and Security Onion will run the snort instance. (Figure 1).

Figure 1

Figure 1(Test Lab)

Configuring dvSwitch:


 The VMware vDS extends the feature set of the VMware Standard Switch, while simplifying network provisioning, monitoring, and management through an abstracted, single distributed switch representation of multiple VMware ESX and ESXi Servers in a VMware data center[2].

To configure the SPAN ports on VMware dvSwitch :

1.     Log in to the vSphere Client and select the Networking inventory view

2.     Right-click the vSphere distributed switch in the inventory pane, and select Edit Settings (Figure 2)

Figure 2

Figure 2

                                    3- On the Port Mirroring tab, click Add

Figure 3

4-Enter a Name and Description for the port mirroring session

Figure 4

5- Make sure that the Allow normal IO on destination ports checkbox is deselected If you do not select this option, mirrored traffic will be allowed out on destination ports, but no traffic will

Be allowed in.

6-Click Next

7- Choose whether to use this source for Ingress or Egress traffic, or choose Ingress/Egress to use this source for both types of traffic.

8-Type the source port IDs and click >> to add the sources to the port mirroring session.

9- Click Next.

Figure 5


10- Choose the Destination type port ID.


11- Type the destination port IDs and click >> to add the destination to the port mirroring session

12- Click Next

13- Verify that the listed name and settings for the new port mirroring session are correct

14- Click Enable this port mirroring session to start the port mirroring session immediately.

15- Click Finish.

For this lab the traffic going to metaspoitable VM will be mirror to eth1 on Security Onion Server.  

Running sniffer on eth1 can confirm that the mirror configuration is working as it should be:

tcpdump –nni eth1


Figure 7





Testing Snort

The first test is fingerprinting the metaspoitable vm with nmap and snort detected this attempted successfully.

nmap –O 

figure 8

The second test is trying to brute forcing metaspoitable root password using hydra

hydra –l root –P passwords.txt ftp

               Figure 9

The third attempt was using metasploit to exploit metaspoitable:

Figure 10

[1] https://isc.sans.edu/diary/Running+Snort+on+VMWare+ESXi/15899

[2] http://www.vmware.com/files/pdf/technology/cisco_vmware_virtualizing_the_datacenter.pdf


(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Mozilla Firefox WOFF-Based Font Decoder Integer Overflow Remote Code Execution Vulnerability
Mozilla Firefox and SeaMonkey 'libpr0n' GIF Parser Heap Based Buffer Overflow Vulnerability

Posted by InfoSec News on Aug 19


The Hindu
August 18, 2013

Washington has agreed to throw open its specialised agencies for advanced
training in a range of skills

Three months after the U.S.-India Homeland Security Dialogue in
Washington, India is all set to send its officers to various agencies
across American federal organisations to sharpen...

Posted by InfoSec News on Aug 19


By Jennifer Schlesinger and Sabrina Korber
16 Aug 2013

Children enrolled in a program at Defcon, the annual hacker convention, in
Las Vegas early this month learned computer security, coding and, yes,
hacking. The program is run by r00tz Asylum, a nonprofit dedicated to
teaching children to think outside the box.

"The ultimate goal of r00tz Asylum, like any other part of DEF CON, is to

Posted by InfoSec News on Aug 19


Daily Mail Online
18 August 2013

A hacker from Palestine found a Facebook glitch that allowed anyone to
post on a stranger’s wall, but when the company ignored his warnings he
took them all the way to the top by posting about the issue on Mark
Zuckerberg’s wall....

Posted by InfoSec News on Aug 19


By Rowan Scarborough
The Washington Times
August 18, 2013

The Obama administration provided a New York Times reporter exclusive
access to a range of high-level national security officials for a book
that divulged highly classified information on a U.S. cyberwar on Iran’s
nuclear program, internal State Department emails show.


Posted by InfoSec News on Aug 19


By Steve Ragan
Staff Writer
CSO Online
August 16, 2013

In a letter sent to employees on Wednesday, the U.S. Department of Energy
(DOE) disclosed a security incident, which resulted in the loss of
personally identifying information (PII) to unauthorized individuals. This
is the second time this year such a breach has occurred. The letter,
obtained by...
Internet Storm Center Infocon Status