(credit: Khürt Williams)

The TrueCrypt whole-disk encryption tool used by millions of privacy and security enthusiasts is safer than some studies have suggested, according to a comprehensive security analysis conducted by the prestigious Fraunhofer Institute for Secure Information Technology.

The extremely detailed 77-page report comes five weeks after Google's Project Zero security team disclosed two previously unknown TrueCrypt vulnerabilities. The most serious one allows an application running as a normal user or within a low-integrity security sandbox to elevate privileges to SYSTEM or even the kernel. The Fraunhofer researchers said they also uncovered several additional previously unknown TrueCrypt security bugs.

Despite the vulnerabilities, the analysis concluded that TrueCrypt remains safe when used as a tool for encrypting data at rest as opposed to data stored in computer memory or on a mounted drive. The researchers said the vulnerabilities uncovered by Project Zero and in the Fraunhofer analysis should be fixed but that there's no indication that they can be exploited to provide attackers access to encrypted data stored on an unmounted hard drive or thumb drive. According to a summary by Eric Bodden, the Technische Universität Darmstadt professor who led the Fraunhofer audit team:

Read 4 remaining paragraphs | Comments


Posted by InfoSec News on Nov 20


By Mike Masnick
Nov 19th 2015

Famous TV news talking head Ted Koppel recently came out with a new book
called Lights Out: A Cyberattack, A Nation Unprepared, Surviving the
Aftermath. The premise, as you may have guessed, is that we're facing a
huge risk that...

Posted by InfoSec News on Nov 20


By Lysa Myers
Nov 17, 2015

Information security is an endeavor that is frequently described in terms
of war: Red team. Blue team. White hat. Black hat. Battle plan. Kill
chain. Command and Control. Trojan horse. Payload. Demilitarized zone.
Reconnaissance. Infiltration. Adversary. But what would the gender balance
of this...

Some infosec pros need kick themselves, panel told
IT World Canada
Canadian infosec pros aren't doing their jobs if they spend more time on buying technology than implementing simple but effective measures. That was the consensus of their peers, who gave IT security managers a rough ride at a panel discussion Thursday ...


Posted by InfoSec News on Nov 20


By Mohana Ravindranath
November 19, 2015

A new national counterintelligence strategy aims to learn from the recent
Office of Personnel Management hack, attributed to state-backed Chinese
actors, which compromised the personal information of 22 million current,
past and future federal employees and contractors.

The 2016...

Posted by InfoSec News on Nov 20


By Blair Hanley Frank
IDG News Service
Nov 18, 2015

The federal government is trying to move more into the cloud, but service
providers' lack of transparency is harming adoption, according to Arlette
Hart, the FBI's chief information security officer.

"There's a big piece of cloud that's...

Posted by InfoSec News on Nov 20


By Tracy Kitten
Bank Info Security
November 20, 2015

More than four years after the point-of-sale attack that struck 80
Michaels craft stores throughout the U.S., compromising nearly 100,000
payment cards, details about how the attackers pulled off their scheme
have finally emerged.

On Nov. 17, Crystal Banuelos of California, a lead defendant...

Posted by InfoSec News on Nov 20

Forwarded from: THOTCON <info (at) thotcon.org>



We are emailing you to provide an update on THOTCON 0x7 ticket sales. The
following is a status of the ticket levels and the number still available:

- Student GA - SOLD OUT!
- Early GA - SOLD OUT!
- General Admittance - Only 503 tickets remain!
- VIP - Only 40 tickets remain! 

To register and purchase your ticket...

Posted by InfoSec News on Nov 20


By Robert Lemos

The once-popular Blackhole exploit kit has returned, attempting to infect
using old exploits but also showing signs of active development, according
to researchers with security firm Malwarebytes.

Over the weekend, Malwarebytes detected attacks using older exploits for
Oracle's Java and Adobe's Acrobat, but which...

Thisfamous Bruces quote is so true that we can re-use it to focus on specific topics likeSIEM (Security Information and Event Management). Many organizations already deployed solutions to process their logs and to generate (useful - I hope) alerts. The market is full of solutions that can perform more or less a good job. But the ROI of your toolwill be directly related to the processes that you implement next tothe hardware and software components.Ill give you two examples.

The first one is the implementation of a mandatory strong change management procedure. Recently, I faced this story at a customer. I call this the green status effect: Ifthe security monitoring tool does not report alerts and and you assume thateverything seems running fine, youll fail!Becauseyour SIEM quality is directly dependingon the quality of the data send to it. Within the customer infrastructure, some critical devices were moved to a new VLAN (new IP addresses assigned to them) but the configuration of the collector was not changed to reflect this important change. Events being sent to a rsyslog instance and split based on the source IP address, the new events were not properly collected. They lost many alerts!

The second example focus on assets management. Many SIEM vendors propose compliancy packages (PCI, HIPAAS, SOX - name your favorite one). The marketing message behind those packages is be compliant out of the box"> if the target is not : known as a regular destination from the DMZ OR known as a trusted target OR known as a cardholder targetAND IF the destination port is not known as allowed (via an Active List)AND IF the traffic is not coming from a VPN deviceAND IF the traffic is not coming from a SIEM deviceAND IF the source is flagged as an attacker from the DMZ

Based on this rule, we must:

  • Define trusted hosts
  • Define cardholder hosts
  • Define the list of allowed ports
  • Categorize the VPN, SIEM devices

This means that to make this rule effective, there is a huge classification job to perform to fill the SIEM with relevant data (again!).Deploying a SIEM is not just a one shot process. Youve to carefully implement procedures!

  • New devices must be provisioned in the SIEM configuration
  • Changes must be reflected in the SIEM configuration.
  • Implement controls to detect unusual behavior (waiting for alerts is not enough)

Happy logging!

Xavier Mertens
ISC Handler - Freelance Security Consultant

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

[SECURITY] [DSA 3400-1] lxc security update
Internet Storm Center Infocon Status