We are receiveing reports of an Azure outage.  This is affecting Microsoft DNS, XBOX and other services.    Thanks to Nick and Steve for reporting the outage.   More information is available here:


(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The soaring value of bitcoins has prompted an update in CryptoLocker, the malware that encrypts the contents of victims' entire hard drives until they pay a ransom.

As Ars reported in September, Cryptolocker gives victims 72 hours to pay a ransom if they ever want to see their data again. (The trojan was later updated to allow laggards to retrieve their data for a higher price.) When CryptoLocker first emerged, the malware demanded two bitcoins. Based on the value of a single bitcoin at that time, that was in the neighborhood of $200 to $400, depending on the exchange rate and the day. Over the past month, the value of a bitcoin has risen sharply, from $100 to $150 in September to prices in excess of $700 this week, according to charts such as this one.

This spike hasn't been lost on the people behind CryptoLocker. According to researchers at F-Secure, a new version of the ransomware is demanding 0.5 bitcoin.

Read 1 remaining paragraphs | Comments


The U.S. Federal Communications Commission will consider letting passengers use cellular services on airplanes, breaking with a ban that has been in place for years.
More than six years after the first iPhones hit the streets and more than three years after the iPad emerged, less than half of IT operations have implemented comprehensive mobile strategies.
Intel will release new Atom chips for smartphones and tablets next year as it chases a goal of boosting mobile chip graphics performance by 15 times and CPU performance by five times by 2016.
JBoss Enterprise Application Platform CVE-2011-2487 Information Disclosure Vulnerability
Mozilla today said that income from search partners jumped 88% last year, with the portion attributed to its 2011 deal with browser rival Google increasing by even more.
A jury has ordered Samsung to pay US$290 million to Apple for infringement of several of its patents in multiple Samsung smartphones and tablets.
If you're going to be stuck with a Windows 8 (or 8.1) notebook, you might as well make it as interesting as possible, to help lessen the pain of having to deal with Windows as your operating system.
About one in seven people around the globe use a social networking site at least once a month, and that number is expected to see grow significantly over the next several years, according to eMarketer.
A network researcher at the U.S. Department of Energy's Fermi National Accelerator Laboratory has found a potential new use for graphics processing units -- capturing data about network traffic in real time.
Apple says a request by Samsung to halt a damages retrial, in which the jury is currently deliberating, "crossed the bounds of reason."
It's become a common refrain that marketers need to become more data-driven. This infographic breaks down the pressures that chief marketing officers are under and the upside to embracing big data.
Tablets with 64-bit versions of the Android OS and Intel Atom chips code-named Bay Trail will become available next year, Intel said on Thursday.
If your BYOD policy goes too far you may be prosecuted for unfair labor practices. However, courts expect you to produce all relevant data in discovery proceedings. Meanwhile, your employees may fear retaliation if they don't sign draconian BYOD policies. CIO.com talks to attorneys to better understand the legal side of BYOD.

A second blogger has published evidence that his LG-manufactured smart television is sharing sensitive user data with the Korea-based company in a post that offers support for the theory that the snooping isn't isolated behavior that affects a small number of sets.

In addition to transmitting a list of shows being watched and the names of files contained on USB drives, the Internet-connected TV also sent the names of files shared on home or office networks, the blogger reported. He made the discovery after plugging the Wireshark packet-sniffing program into his home network and noticing that an LG TV—model number 42ls570, purchased in April—was transmitting file names that sounded vaguely familiar even though there was no USB drive plugged in.

"It turns out it was pulling filenames from my shared folders over the network and broadcasting those instead," he wrote in a blog post published Thursday. "I moved all the media out of the folder and put a few duds in named 'GiantPorn,' turned the TV off and on and it was still broadcasting the old filenames. The TV couldn't see those files whilst browsing manually so I'd hazard a guess it’s caching some of these locally."

Read 10 remaining paragraphs | Comments


[ MDVSA-2013:278 ] samba
[ MDVSA-2013:276 ] curl
LinuxSecurity.com: Multiple security issues was identified and fixed in mozilla NSPR and NSS: Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which [More...]
LinuxSecurity.com: Multiple security issues was identified and fixed in mozilla NSPR, NSS and firefox: Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which [More...]
LinuxSecurity.com: A vulnerability has been found and corrected in samba: Samba 3.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL [More...]
LinuxSecurity.com: Several security issues were fixed in Thunderbird.
LinuxSecurity.com: Updated lighttpd packages fix security vulnerabilities: lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain [More...]
LinuxSecurity.com: Updated curl packages fix security vulnerability: Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host [More...]
LinuxSecurity.com: Updated pmake package fixes security vulnerability: The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and earlier, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend##### temporary file, related [More...]
LinuxSecurity.com: Updated libjpeg packages fix security vulnerabilities: libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb) (CVE-2013-6629). [More...]
LinuxSecurity.com: Updated krb5 package fixes security vulnerabily: If a KDC serves multiple realms, certain requests can cause setup_server_realm() to dereference a null pointer, crashing the KDC. This can be triggered by an unauthenticated user [More...]
LinuxSecurity.com: Updated poppler packages fix security vulnerabilities: Poppler is found to be affected by a stack based buffer overflow vulnerability in the pdfseparate utility. Successfully exploiting this issue could allow remote attackers to execute arbitrary code in [More...]
LinuxSecurity.com: Updated libjpeg packages fix security vulnerabilities: A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create [More...]
LinuxSecurity.com: Updated torque packages fix security vulnerability: A user could submit executable shell commands on the tail of what is passed with the -M switch for qsub. This was later passed to a pipe, making it possible for these commands to be executed as root on the [More...]
[ MDVSA-2013:275 ] krb5
[ MDVSA-2013:273 ] libjpeg
Facebook Vulnerability Discloses Friends Lists Defined as Private
[ MDVSA-2013:277 ] lighttpd
Acer's newly-named CEO has abruptly resigned from the troubled PC maker, in a surprise move that will result in founder Stan Shih temporarily taking over leadership.
Google is touting the speed gains Chrome users have received from SPDY -- pronounced "speedy" -- the latency-reducing protocol added to the browser in 2009.
A U.S. House of Representatives committee has approved legislation aimed at making it more difficult for so-called patent trolls to use infringement lawsuits against other businesses.
The proliferation of virtualization coupled with the increasing power of industry-standard servers and the availability of cloud computing has led to a significant uptick in the number of servers that need to be managed within and without an organization. Where we once made do with racks of physical servers that we could access in the data center down the hall, we now have to manage many more servers that could be spread all over the globe.
A recently discovered malicious program steals log-in passwords and other sensitive information from SAP client applications and allows cybercriminals to access SAP servers from infected workstations.
BusyBox Symlink Attack Local Privilege Escalation Vulnerability
Linux Kernel '__nfs4_get_acl_uncached()' Function Local Buffer Overflow Vulnerability
The Lenovo ThinkCentre M93p Tiny is a reasonably priced desktop PC in a package that won't clutter your desk. It supports up to four monitors, runs coolly and quietly and can charge your peripherals thanks to an 'always on' USB port.

Renesys is reporting two separate incidents where they observed  traffic for 1500 IP blocks being diverted for extended periods of time.   They observed the traffic redirection for more than 2 months over the last year.    Does it seem unusual for internet traffic between Ashburn Virginia ( and Washington DC ( to go through Russia to Belarus?    That is exactly what they observed.   Once traffic flows through your routers there are countless opportunities to capture and modify the traffic with classic MiTM attacks.   In my humble opinion we should put very little stock in the safety of SSL traffic as it flows through them.    Attacks such as the SSL Crime attack, Oracle Padding attacks, Beast and others have shown SSL to be untrustworthy in circumstances such as this.

Advertising false BGP routes to affect the flow of traffic isn't new.   You may remember when Pakistan "accidently" took down Youtube for a small portion of the internet when they attempted to blackhole the website within their country.  (Maybe they knew the "twerking" fad was coming)   But this is an excellent article that documents two cases where it has happened for extended periods of time. 


Shameless self promotion:

Build a custom penetration testing backdoor that evades antivirus!  Write your own SQL Injection, Password attack tools and more.  Want to code your own tools in Python? Check out SEC573 Python for Penetration Testers.  I am teaching it in Reston VA March 17th!  Click HERE for more information.

Follow me on twitter?  @MarkBaggett

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
IT pros may have shied away from financial services during the industry's recent upheavals, but it now represents a vibrant employment segment for those who understand its adherence to security, compliance and reliability. Insider (registration required)
Despite the hype surrounding smartwatches, they won't be featured on many holiday wish lists this year. They are still too expensive and not useful enough to compete with tablets and fitness bands, according to market research company Gartner.
The year 2013 may go down as the year that Americans were curious about a royal baby, horrified by the Boston Marathon bombing and concerned about wars, typhoons and shootings.
Mobile carriers are opposed to the plan for a smartphone 'kill switch' that would render smartphones inoperable after they are stolen, claiming that it could be misused by hackers to block critical services.
Wireshark MQ Dissector CVE-2013-5721 Denial of Service Vulnerability
Wireshark CVE-2013-4933 Denial of Service Vulnerability
Law enforcement officials trying to rein in violent smartphone theft have criticized cellular operators who they say rejected a solution that would help address the problem.
Mobile device chips coming next year from Qualcomm will be able to use wide spectrum bands that carriers are beginning to patch together with new technology, but its lofty performance claims need to be taken with a grain of salt.
Google kicked off a project to build high-speed fiber-optic networks in parts of the world that lack fast broadband connections, starting with the Ugandan capital, Kampala.
Twitter's IPO launch two weeks ago could be a sign that the market is ripe for other social networks to launch their own efforts to go public.
Facebook's IPO was considered an early bust while Twitter's has been deemed a success. In terms of orderly market activity, that's without question. But what about prices?
Real-life smartphone mini-disasters are widespread. They can be maddening and often amusing.
Xen 'dma_pte_clear_one()' Function Local Privilege Escalation Vulnerability
Xen CVE-2013-4551 Remote Denial of Service Vulnerability
cURL/libcURL SSL Certificate Host Name Validation Security Bypass Vulnerability

Posted by InfoSec News on Nov 21


By Candice So
November 20th, 2013

There can be a whole slate of reasons why a small business doesn’t invest
more in IT security: lack of people, money, time, etc. But here’s what may
also be holding small businesses back – their managers.

One of the top challenges in ramping up security is getting management on

Posted by InfoSec News on Nov 21


By Lucian Constantin
IDG News Service
November 20, 2013

Popular source code repository service GitHub has recently been hit by a
brute-force password-guessing attack that successfully compromised some

"We sent an email to users with compromised accounts letting them know
what to do," GitHub security engineer Shawn...

Posted by InfoSec News on Nov 21


By Connor Simpson
The Atlantic
November 20, 2013

In a fascinating new read, Foreign Policy's Ralph Langer explored the deep
history of Stuxnet, the super computer virus jointly authored, allegedly,
by American and Israeli intelligence services to attack Iranian nuclear
facilities. In doing so , he learned the real story involves...

Posted by InfoSec News on Nov 21


By Jasper Hamill

An exiled Syrian hacker has claimed to have cracked the systems of the
country’s brutal secret police to find evidence that intelligence officers
spent their working days watching pornography.

The computer expert was a leading member of a youth wing of the Syrian
opposition, and fled...

Posted by InfoSec News on Nov 21

Dear Hackers and Hackeranis,

Tool tip: Did u know nullcon goa V is on V day?
Show a friendly gesture this V day, spread love not malware :)

Loads of action packed events happening at nullcon Goa (www.nullcon.net) as we
turn five but first things first, the first speaker list (in no specific

1. Keynote: Jeff Moss, VP & CSO - ICANN, Founder - Defcon/Blackhat
2. Brad Barker, President - The Halo Corp
3. Chris Evans, Chrome...

Posted by InfoSec News on Nov 21


By Dan Goodin
Ars Technica
Nov 20 2013

Huge chunks of Internet traffic belonging to financial institutions,
government agencies, and network service providers have repeatedly been
diverted to distant locations under unexplained circumstances that are
stoking suspicions the traffic may be surreptitiously monitored or

Posted by InfoSec News on Nov 21


By Ogor Umukoro
21 Nov 2013

The recent loss of money recorded by the Central Bank of Nigeria (CBN) has
not only given researchers a case study but has shown that the acclaimed
tools and techniques currently used by Nigerian banks are not sufficient.
This is regardless of the source of the tool or technique used. As
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Internet Storm Center Infocon Status