[SECURITY] [DSA 3134-1] sympa security update
[security bulletin] HPSBUX03235 SSRT101750 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)

Tom's Guide

How Obama's Hacking Laws Could Make You a Criminal
Tom's Guide
Computer-security researchers fear President Barack Obama's proposed changes to federal hacking laws could put them out of business, could make computers less secure overall, and could put some of them — and maybe even you — in prison. "Under the ...

and more »
RETIRED: Oracle Communications Messaging Server CVE-2014-1568 Remote Security Vulnerability

Just over a year ago, Jacob Appelbaum and Der Spiegel revealed pages from the National Security Agency's ANT catalog, a sort of "wish book" for spies that listed technology that could be used to exploit the computer and network hardware of targets for espionage. One of those tools was a USB cable with embedded hardware called Cottonmouth-I—a cable that can turn the computer's USB connections into a remote wiretap or even a remote control.

Cottonmouth-I is the sort of man-in-the-middle attack that hackers dream of. Built into keyboard or accessory cables, it allows an attacker to implant and communicate with malware even on a computer that's "airgapped"—completely off a network. And its hardware all fit neatly into a USB plug. Because of the sophistication of the hardware, the advertised price for Cottonmouth-I was over $1 million per lot of 50—meaning each single device cost $20,000.

But soon, you'll be able to make one in your basement for less than $20 in parts, plus a little bit of solder. At Shmoocon in Washington, DC, this past weekend, Michael Ossman, a wireless security researcher and founder of Great Scott Gadgets, and a contributor to the NSA Playset–a set of projects seeking to duplicate in open source the capabilities in the NSA's toolbox, showed off his progress on TURNIPSCHOOL, a man-in-the-middle USB cable project under development that fits a USB hub-on-a-chip and a microprocessor with a built-in radio onto a circuit board that fits into a molded USB plug.

Read 5 remaining paragraphs | Comments


An electronic dongle used to connect to the onboard diagnostic systems of more than two million cars and trucks contains few defenses against hacking, an omission that makes them vulnerable to wireless attacks that take control of a vehicle, according to published reports.

US-based Progressive Insurance said it has used the SnapShot device in more than two million vehicles since 2008. The dongle tracks users' driving to help determine if they qualify for lower rates. According to security researcher Corey Thuen, it performs no validation or signing of firmware updates, has no secure boot mechanism, no cellular communications authentication, and uses no secure communications protocols. SnapShot connects to the OBDII port of Thuen's 2013 Toyota Tundra pickup truck, according to Forbes. From there, it runs on the CANbus networks that control braking, park assist and steering, and other sensitive functions.

"Anything on the bus can talk to anything [else] on the bus," Thuen was quoted as saying in an article from Dark Reading. "You could do a cellular man-in-the-middle attack" assuming the attacker had the ability to spoof a cellular tower that transmits data to and from the device.

Read 1 remaining paragraphs | Comments


The Register

2014 in infosec: Spammers sneak small botnets under the wire, Java is dull
The Register
Cisco's annual report on the state of global cybersecurity claims spammers just won't die and are using new tactics to avoid detection by filters; malware programmers are abandoning exploiting Java; and there's a possible silver cloud in the Sony ...

and more »
Privoxy CVE-2015-1031 Multiple Use After Free Remote Code Execution Vulnerabilities
[SECURITY] [DSA 3133-1] privoxy security update
ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities
The National Institute of Standards and Technology (NIST) is bringing experts together to discuss the cybersecurity challenges faced by the rapidly developing field of direct digital manufacturing (DDM) and to discuss methods for ...

Official releases for the League of Legends and Path of Exile online games were found laced with a nasty trojan after attackers compromised an Internet platform provider that distributed them to users in Asia.

The compromise of consumer Internet platform Garena allowed the attackers to attach malicious software components to the official installation files for the two games, according to a blog post published Monday by antivirus provider Trend Micro. In addition to the legitimate game launcher, the compromised executable file also included a dropper that installed a remote access tool known as PlugX and a cleaner file that overwrote the infected file after it ran.

According to Trend Micro, the attackers took care to conceal their malware campaign, an effort that may have made it hard for victims to know they were infected. The cleaner file most likely was included to remove evidence that would tip users off to a compromise or the origin of the attack. The cryptographic hash that was included with the tampered game files was valid, so even people who took care to verify the authenticity of the game installer would have no reason to think it was malicious, Trend Micro researchers said. The researchers linked to this December 31 post from Garena. Translated into English, one passage stated: "computers and patch servers were infected with trojans. As a result, all the installation files distributed for the games League of Legends and Path of Exile are infected."

Read 2 remaining paragraphs | Comments


LifeHacker India

How to Safely Test Software Without Messing Up Your System
LifeHacker India
Before you install something awful, give yourself an infosec education. Here are the best tools to protect yourself out there when you're experimenting with new programs. Unless you have spare computers lying around, you need to protect your system ...

and more »

We often tend to ignore privilege escalation flaws. In order to take advantage of these vulnerabilities, an attacker first needs to have access to the system itself. But in particular for systems that many users have access to, it can be difficult to monitor them all for compromised credentials. Systems with web servers often suffer from web application flaws that can be used to execute code as the web server, which then can be used to gain root access via a privilege escalation flaw.

From a defensive point of view, the problem with privilege escalation flaws is that there are so many of them, and they are not limited to bugs that can be patched. Frequently configuration mistakes can give rise to privilege escalation flaws. Auditing your system for these problems should be done regularly to avoid privilege escalation flaws.

For example, a user may create a cron job, and then have root execute the cron job, but the file remains writable by the user. Someone gaining access to the system as this user could now easily escalate privilegesby modifying the script.

Luckily, there are a number of scripts that make it easier for us to find these problems:

unix-privesc-check: Very comprehensive script that works on many Unix flavors, not just Linux. Read the ToDo section at the beginning as it lists other areas that should be checked. The output is send to stdout, and you better pipe it to a file as it is very verbose even in default mode.




LinEnum: A more limited script as far as privilege escaltion goes, but it does summarize other configuration options nicely.


linuxprivchecker: Similar to LinEnum in that it summarizes system configuration information, not just privilege escalation issues.


And if you prefer to take a more manual approach, or if you need to verify some of the results produced by the scripts, check this very nice cheat sheet:


Any tools I missed? Please let me know!

Johannes B. Ullrich, Ph.D.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
LinuxSecurity.com: Several security issues were fixed in Thunderbird.
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: libssh could be made to crash if it received specially crafted networktraffic.
LinuxSecurity.com: libevent could be made to crash or run programs if it processed speciallycrafted data.
LinuxSecurity.com: Several security issues were fixed in RPM.
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
LinuxSecurity.com: New freetype packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. [More Info...]
LinuxSecurity.com: New seamonkey packages are available for Slackware 14.0, 14.1, and -current to fix security issues. [More Info...]
LinuxSecurity.com: New mozilla-firefox packages are available for Slackware 14.1 and -current to fix security issues. [More Info...]
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in the Linux kernel: The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service (memory consumption) by [More...]

Posted by InfoSec News on Jan 20


By William Knowles @c4i
Senior Editor
InfoSec News
January 17, 2015

President Obama just unveiled a number of proposals to crack down on
hackers. It’s great that the government is working on this but we need to
do a better job of protecting ourselves. So Jimmy Kimmel sent a camera out
onto Hollywood Boulevard to help people by asking them to tell us their

Posted by InfoSec News on Jan 20


By Sarah Perez

Only a few weeks after Google’s Gmail service was blocked in China, a new
report from online censorship monitoring organization GreatFire.org
released this morning states that Microsoft’s email system Outlook was
recently subjected to a “man-in-the-middle” attack in China. This is a
form of eavesdropping where...

Posted by InfoSec News on Jan 20


By Kevin Poulsen
Threat Level

What a strange time. Last week I was literally walking the red carpet at
the Hollywood premiere of Michael Mann’s Blackhat, a crime thriller that I
had the good fortune to work on as a “hacker adviser” (my actual screen
credit). Today, all I’m thinking is, please, God, don’t let anybody in
Congress see the...

Posted by InfoSec News on Jan 20


The New York Times
JAN. 18, 2015

WASHINGTON — The trail that led American officials to blame North Korea
for the destructive cyberattack on Sony Pictures Entertainment in November
winds back to 2010, when the National Security Agency scrambled to break
into the computer systems of a...

Posted by InfoSec News on Jan 20



Congressional staffers are the gateway to all lawmaking on the Hill, but
they also may be unwittingly opening the door to hackers.

The Hill’s networks are under constant attack. In 2013 alone, the Senate
Sergeant at Arms’ office said it investigated 500 potential examples of
malicious software, some from sophisticated attackers and...

Posted by InfoSec News on Jan 20


By Patrick Tucker
Defense One
January 16, 2015

The White House on Friday unveiled a series of steps to increase
co-operation between the United States and the United Kingdom in combating
cyber threats. Those steps include better threat information sharing and
the creation of a new joint cyber task force.

The U.S. and U.K. already...

Posted by InfoSec News on Jan 20


By Sean Gallagher
Ars Technica
Jan 19, 2015

A leaked database from a hacked denial-of-service site has provided some
insight on what sorts of targets individuals will pay to knock offline for
a few dollars or bitcoin. And it's safe to say that a significant
percentage of them are not the brightest stars in the sky. To get an...
Internet Storm Center Infocon Status