Hackin9

InfoSec News

Most readers of this space will be familiar with OpenDNS for its DNSbased approach to Internet filtering. One of the components of that is a crowd sourced classification of URLs into categories, something that OpenDNSrefers to as domain tagging. OpenDNSis looking to take domain tagging one step further. OpenDNSCTO, Dan Hubbard, has put out a request for knowledgeable security people to domain tag the malware category.
If you have a few cycles and you think this might be a fun way to contribute to Internet safety, then please check it out.
-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
We have received a number of reports from TippingPoint customers that the normally quiet filter #560: DNS version request has been triggering in larger than normal numbers. The indications are that a large number of source IPs are involved, but the volume is not high enough to be of a concern for potential DOS. We have not yet been able to view any packets from this traffic.

If anybody has any more information, or packets we can review, we would love to hear from you.

The summary of filter #560 is:
This filter detects a request to obtain the version number of the DNS Bind Server. The attacker uses the version information to determine whether the DNS Server is vulnerable to certain buffer overflow or Denial of Service attacks.
-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Dropbox's ongoing investigation into a possible security breach has not produced any evidence that its systems have been infiltrated, according to an update Friday to the company's user forum.
 
The Wi-Fi Direct Services specification that the Wi-Fi Alliance plans to finish next year should help to extend the use of Wi-Fi Direct beyond proprietary implementations, the organization says.
 
Bucking the corporate practice of buying instead of building internally, Google's corporate IT department will typically build management software itself, or adopt an open source software package, before investigating the feasibility of purchasing proprietary software.
 
Pinterest has locked an undisclosed number of user accounts as a result of a spam outbreak, the company confirmed in an email on Friday.
 
Five U.S. senators have introduced a revised version of cybersecurity legislation unveiled earlier this year, with digital liberties groups praising changes that limit the type of cyberthreat information that can be shared between private companies and the U.S. government.
 
Quarterly earnings from some of the biggest tech companies in the world this week were decidedly mixed, but showed some signs of strength, particularly in enterprise IT spending.
 
Oracle is planning to discuss how its Exalogic application server machine is "the logical choice" for running applications, during a special webcast event on Wednesday.
 
Dell announced an aggressive schedule last year to roll out cloud-based application services, but it now looks like the schedule was a little too aggressive.
 
Android app security, Near Field Communication and baseband processor attacks will be under a spotlight in the mobile track at Black Hat 2012.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Malware is increasingly difficult to detect and analyze, experts say. Researchers will explore potential attack vectors and emerging analysis tools.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Today's article looks at two symptoms that continue to harass iTunes Match users. It is a follow-up to my column, from last November, on "three essential" iTunes Match troubleshooting tips.
 
Big Win Baseball represents an achievement of sorts. It seemingly requires very little skill, doesn't seem too rely much on strategy, and has little objective outside of acquiring an in-game currency that helps you to win baseball games to earn more in-game currency. It's the triple crown of pointlessness. If that's the sort of thing that appeals to you, then by all means, download the freemium offering from Hot Head Games. If you're like me, though, you may be left wondering when games became more concerned with micropayments than they are with keeping you entertained.
 
The venture capitalist Vinod Khosla recently described Silicon Valley as a state of mind, rather than a geographical place. If that's the case, that state of mind can increasingly be found in San Francisco.
 
Weak sales of Windows last quarter dropped the operating system division to its second-lowest share of Microsoft's total revenue since the third quarter of 2009, the period just before the launch of Windows 7.
 

Network World

Security Week In Vegas
Network World
There are not many events that bring the infosec world together. One is the RSA show in San Francisco in February/March. The other is what I call security week in Vegas. It started with the Black Hat security conference. Black Hat for a long time was ...

and more »
 
We ask Siri and Google Now 10 questions to see how well each does at finding information about weather, sports scores and more -- even particle physics.
 
Marissa Mayer, Yahoo's new CEO, reached out to company employees for the first time and asked them to stay focused while she devises a strategy to get Yahoo back on track.
 
If you lead an IT shop today, chances are at least some of your workers are in their 20s. Millennials -- also known as Generation Y -- think about life and work differently than older employees, and hiring and retaining them requires management that understands their needs and a business environment to match.
 
Microsoft now says Mac owners who subscribe to the upcoming Office 365 Home Premium will be able to acquire Office for Mac 2011 as part of their subscription plan.
 
Over the last several years I've had the opportunity to look at a multitude of personal financial applications, all of which offer useful collections of tools for managing your money matters. Of all these apps, none comes close to offering the breadth of features and capabilities of the free, web-based Personal Capital.
 

IT SECURITY FORUM
ITWeb
InfoSec professionals have to deal with the external chaos of the market, and the internal chaos of their organisation. In your information security function, you need to know how to influence decision-makers in the organisation to ensure you get the ...

 
We received a report that there is a loss of connectivity with Syria. The report claims that 90% of the Syrian prefixes disappeared from the BGP tables between 13:32 and 14:13 (UTC) earlier today (2012-07-19). If you have more information please comment or send a note to [email protected]
Thanks to NANOG
UPDATE: Gizmodo has some more information here: http://www.gizmodo.com.au/2012/07/syria-deleted-itself-from-the-internet-today/
UPDATE 2: More good information on the outage: http://www.renesys.com/blog/2012/07/syria-leaves-the-internet.shtml
Mark Baggett
@markbaggett (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The heap is a section of memory where applications can dynamically allocate and free memory space. Heap Overflows occur when a computer application is able to overwrite the operating system's data structure at the beginning of a block of heap memory and then free that memory. That data structure contains a double link lists with pointers to the previous and next block of memory. When the memory block is freed an unlinkfunction is called that uses those two overwritten pointers to find the previous and next blocks of allocated memory and change their pointer so they point to one another and no longer point to the block being freed. To safely unlinka block of memory the OSshould verify the pointers on previous and next blocks tpoint to the block being freed before it is unlinked. WIthout this check an attacker can use the overwritten pointers to change a value in the memory location of their choosing to the value of their choosing and in most cases gain control of the program's execution.
Ben Hawkes did some analysis of the unlink functions inside the DLLs that are in Windows 8 and found that most of the core libraries in Windows are in fact verifying those pointers and safely unlinking the blocks. That is good news! The bad news is he found many instances of DLLs that are not using those core libraries and not safely unlinking memory.
What does this mean? Idon't know. But the research is pretty cool. Mr Hawkes provided a list of DLL's that are not using safe unlinking. They may or may not be exploitable. That is yet to be seen. It is worth a read. http://www.inertiawar.com/win8_unlink/
Join me for SANS 504 Hacker Techniques, Exploits and Incident response in San Antonio Texas November 27th - December 2nd 2012 in San Antonio Texas!



Mark Baggett

On Twitter @markbaggett

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Twitter plans to appeal a ruling to turn over the once-public tweets of an Occupy Wall Street protester charged with disorderly conduct, a case the company says threatens the First Amendment rights of its users.
 
A U.S. appeals court denied Samsung on Thursday a stay on a preliminary injunction by a District Court on the sale of its Galaxy Tab 10.1 tablet, in a patent dispute with Apple.
 
The number of phishing websites detected reached an all-time high earlier this year, a sign that making fake websites spoofing real ones is still a lucrative trade for cybercriminals.
 
Apple's new iPad went on sale in China on Friday morning with a sparse, but orderly, line of people at one of its stores in Beijing, as the company used a new reservation system to sell the next version of its iconic tablet, to avoid the skirmishes that hit some earlier product launches.
 
Dell has laid out a plan to dramatically grow its software business by targeting mid-sized companies that it says are under-served by rivals such as IBM, Hewlett-Packard and Oracle.
 
Apple's iOS continued to deliver more revenue per advertising impression to content publishers than any other mobile operating system in the quarter that ended in June, according to an Opera Software report.
 
Security consulting firm SecureState today released a new open source hacking tool that it claims will let security researchers and penetration testers verify the security of electric utility smart meters being installed in millions of homes around the country.
 

Posted by InfoSec News on Jul 20

http://www.lasvegassun.com/news/2012/jul/19/palms-files-suit-against-former-host-who-allegedly/

By Steve Green
Las Vegas Sun
July 19, 2012

The Palms is suing a former casino host, claiming she misappropriated
invaluable data including the names and contact information for hundreds
of high-rollers and other gamblers.

The Flamingo Road property in Las Vegas filed suit Tuesday in Clark
County District Court against Jessica Hemingway.

The suit...
 

Posted by InfoSec News on Jul 20

http://www.mcall.com/news/breaking/mc-c-northwestern-lehigh-secretary-hacks-grades-20120718,0,3984786.story?page=1

By Manuel Gamiz Jr. and Marion Callahan
The Morning Call
July 18, 2012

Most parents would do anything to help their children succeed in school,
but one Weisenberg Township mother took it too far, Lehigh County
authorities say.

Catherine Venusto, a former Northwestern Lehigh School District
employee, used her knowledge of the...
 

Posted by InfoSec News on Jul 20

http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/240004014/smart-grid-researcher-releases-open-source-meter-hacking-tool.html

By Kelly Jackson Higgins
Dark Reading
July 19, 2012

A smart grid researcher today released a free open-source hacking tool
to test the security of smart meters. But this is a different researcher
than the one who pulled his talk and public release of a similar tool
earlier this year amid...
 

Posted by InfoSec News on Jul 20

http://arstechnica.com/security/2012/07/hacking-duo-charged-for-amazon-ddos/

By Dan Goodin
Ars Technica
July 19 2012

Federal prosecutors have charged two men with using a computer botnet to
launch crippling Web attacks on Amazon, eBay, and Priceline, and then
bragging about them in online hacker forums.

Dmitry Olegovich Zubakha, 25, of Moscow, was arrested in Cyprus this
week for his role in attacks taking place in June and July of 2008....
 

Posted by InfoSec News on Jul 20

http://www.csoonline.com/article/711412/why-you-shouldn-t-train-employees-for-security-awareness

By Dave Aitel, Immunity Inc.
CSO
July 18, 2012

If there's one myth in the information security field that just won't
die, it's that an organization's security posture can be substantially
improved by regularly training employees in how not to infect the
company. [Editor's note: See Joe Ferrara's recent article 10...
 
Internet Storm Center Infocon Status