(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

(credit: Eric Norris)

The person who claims to have hacked an AOL e-mail account belonging to John Brennan, the director of the Central Intelligence Agency, has now released a small spreadsheet with alleged personal information for a number of former and current government officials. The sample includes phone numbers, social security numbers, e-mail addresses, and level of security clearance and employment status in some cases.

Ars has contacted several of the people on the list by phone, text, and e-mail, including Brennan and the former deputy director of intelligence at the CIA, Jami Miscik. A male voice responded to the number listed for Miscik, and when Ars asked for her, the voice said it was the wrong number and hung up. No others immediately responded.

Update (10/19, 5:45p CT): Twitter has suspended the @_CWA_ account through which the information was released.

Read 5 remaining paragraphs | Comments


Former White House Advisor: Marry Infosec To Economics
Dark Reading
... Former cybersecurity advisor to the White House Melissa Hathaway says Western democratic nations' current use of data collection and surveillance technologies is "alarming" and that to improve Internet security, nations need to wed their infosec ...

and more »

President Xi and President Obama agreed to stop commercial cyber-espionage. But that doesn't mean that it's stopped. And CrowdStrike says it hasn't.

Late last month, President Barack Obama and Chinese President Xi Jingping announced that they had reached an agreement that the two countries would not conduct economic espionage or hack commercial targets. But just one day later, China-based hackers attempted to breach the network of a US technology company, according to a report published today by the security firm CrowdStrike.

"Over the last three weeks, the CrowdStrike Falcon platform has detected and prevented a number of intrusions into our customers’ systems from actors we have affiliated with the Chinese government," Dimitri Alperovitch, the chief technology officer of CrowdStrike, wrote in a blog post today. "Seven of the companies are firms in the Technology or Pharmaceuticals sectors, where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national-security related intelligence collection, which the Cyber agreement does not prohibit."

The White House fact sheet on the summary of agreements made during President Xi's visit states, "The United States and China agree that neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors."

Read 6 remaining paragraphs | Comments

[SECURITY] [DSA 3374-1] postgresql-9.4 security update

Posted by InfoSec News on Oct 19


By Jeremy Kirk
IDG News Service
Oct 18, 2015

Facebook will now warn people if it has a strong suspicion an account is
being targeted by a nation-state.

The social networking service already takes steps to secure accounts that
may have been compromised but has decided to directly alert users of the
type of attack that's under way,...

Enlarge (credit: Nathan O'Nions)

Researchers said they've found more than 250 iOS apps that violate Apple's App Store privacy policy forbidding the gathering of e-mail addresses, installed apps, serial numbers, and other personally identifying information that can be used to track users.

The apps, which at most recent count totaled 256, are significant because they expose a lapse in Apple's vetting process for admitting titles into its highly curated App Store. They also represent an invasion of privacy to the one million people estimated to have downloaded the apps. The data gathering is so surreptitious that even the individual developers of the affected apps are unlikely to know about it, since the personal information is sent only to the creator of the software development kit used to deliver ads.

"This is the first time we've found apps live in the App Store that are violating user privacy by pulling data from private APIs," Nate Lawson, the founder of security analytics startup SourceDNA, told Ars, referring to the application programming interfaces built into iOS. "This is actually an obfuscated toolkit for extracting as much private information as it can. It's definitely the kind of stuff that Apple should have caught."

Read 10 remaining paragraphs | Comments


Posted by InfoSec News on Oct 19


By David Kravets
Ars Technica
Oct 16, 2015

The US government has arrested and charged the person authorities
described as the head of an overseas Internet hacking collective called
the Kosova Hacker's Security. The suspect, a Kosovo citizen named Ardit
Ferizi, was arrested in Malaysia, the authorities said. He is accused of...

Posted by InfoSec News on Oct 19


OCTOBER 16, 2015

Tech companies, healthcare giants, defense contractors, top universities,
the US government—you name it, Chinese cyber-spies have probably hacked
it. And now, it seems likely, we can add one of the world’s preeminent
marine research groups to the list.

Woods Hole Oceanographic Institution sustained a...

Posted by InfoSec News on Oct 19


By Philip Messing, Jamie Schram and Bruce Golding
The New York Post
October 18, 2015

Hillary Rodham Clinton’s e-mail scandal didn’t stop the head of the CIA
from using his own personal AOL account to stash work-related documents,
according to a stoner high-school student who claims to have hacked into

CIA Director John Brennan’s private account held...

Posted by InfoSec News on Oct 19


By Bill Lucia
Route Fifty
October 18, 2015

The way David Stevens describes it, local government leaders in Maricopa
County, Arizona, didn’t always have an especially favorable view of
cybersecurity spending.

A “grand black hole of a money pit.” That’s how it was seen about four
years ago, said Stevens, who is the county’s chief...

Posted by InfoSec News on Oct 19


The Wall Street Journal
Oct. 19, 2015

A U.S. cybersecurity company says it has evidence hackers linked to the
Chinese government may have tried to violate a recent agreement between
Washington and Beijing not to hack private firms in each other’s country
for economic gain.

The firm, CrowdStrike Inc., plans to announce Monday that unnamed
customers in...

Posted by InfoSec News on Oct 19


By Alexander J Martin
The Register
16 Oct 2015

A civilian US naval engineer has been sentenced to 11 years in prison for
attempted espionage, after passing military technology secrets to an FBI
undercover agent posing as an Egyptian intelligence officer.

The Register can report that 36-year-old Mostafa Ahmed Awwad "took
advantage of his position of trust within...
[SECURITY] [DSA 3373-1] owncloud security update

Last time I helped out someone with ransomware over at the Bleeping Computer forums, I was able to recover the ransomed JPEG files.

A first look at the file with the file command did not help me:

file image.jpg.xxx\@yyy.zz
[email protected]: data

Neither did a look at the header with a hex editor tell me much more.

But when I analyzed the file with one of my tools to calculate byte statistics (byte-stats.py), I noticed something:

The file has a high byte entropy: 7.815519, thats almost the maximum (8.0). So the file appears to be a set of random bytes, e.g. an encrypted file.

But my program not only calculates the entropy for the whole file (along with other properties), but it also splits the file in buckets (10KB size by default) and calculates the entropy (and other properties) for each bucket. The second entropy value produced by the analysis (5.156678) is the lowest entropy calculated for the buckets (85 in total for this file). And an entropy of 5 is much lower than the entropy of encrypted or compressed data. So somewhere in this file there is data that doesn" />

Somewhere around position 0x5000, data doesn" />

The entropy of this file looks uniformly high.

I often look at the entropy when I analyze files. Many of my analysis tools include entropy calculations. For example, pecheck.py provides the entropy of each section of a PE file, allowing me to quickly identify packed sections.

Didier Stevens
Microsoft MVP Consumer Security
IT Security consultant at Contraste Europe.
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Internet Storm Center Infocon Status