Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The U.S. Federal Trade Commission has reached a suspended US$359 million settlement with a Canadian businessman and his companies for charging customers for supposedly free trial offers.
 
A group or single hacker using the handle Hacker Claus has dumped information from 3 websites, one of which belongs to the Venezuelan Government and it is Public defender website.


 
BBHH, Bangladeshi black hat hackers have been targeting indian websites for the same reason BCA, bangladeshi cyber army has been, due to the on going ground and border war they face every day.


 
BCA, Bangladeshi Cyber Army has been fairly active over the past 24hrs with lots of hacks and leaks happening towards Indian based sites and servers.


 
A hacker using the handle @TualiHax0R has alerted us to a hack they have carried out towards an privately owned Television network named ION Media Networks.'


 
Linux Kernel NFS Implementation CVE-2011-4325 Local Denial of Service Vulnerability
 
Sensing the growing interest in DevOps, Microsoft will incorporate a number of new tools in its next edition of Visual Studio that will allow developers to work more closely with operations personnel.
 
An ongoing series of reviews by U.S. patent authorities has led to a new series of adverse rulings against Oracle's Java patent and a copyright lawsuit against Google over the Android mobile OS, according to a filing late Wednesday in U.S. District Court for the Northern District of California.
 
According to a comScore report released Thursday, some 64.2 million Americans access social networks on a smartphone.
 
In the last 11 years I have moved house three times. Each time I have purchased Internet service from AT&T and each time AT&T has managed to make establishing service an epic struggle that consumes hours of my time, leaves me without service for days or weeks, and drives me to the edge of homicidal despair.
 
Step aside Gen X. It looks like Gen C is outpacing you and other older users when it comes to online connections. And Gen C likes gadgets, too.
 
Lookout Security today launched a free program that scans Android devices for evidence of apps that use any of 35 different ad networks, and tells users what kinds of ads will be displayed and what user information is collected.
 
A copyright lawsuit targeting the administrators of a key time zone database used widely in operating systems, applications and to set computer clocks, has been withdrawn by the company that filed it.
 
Google will add support for the "Do Not Track" effort to its Chrome browser by the end of this year.
 
Privacy advocates Thursday said they welcomed a White House privacy plan that would let consumers control how their personal data is collected, used, stored and shared by websites and online advertisers.
 
Dell will start shipping its first ultrabook, the XPS 13, in the U.S. and Canada starting next week, the company said on Thursday.
 
T-Mobile USA will roll out LTE next year, partly by using spectrum it is receiving in the wake of its failed merger with AT&T, the company said Thursday.
 
The U.S. Federal Trade Commission has reached a suspended US$359 million settlement with a Canadian businessman and his companies for charging customers for supposedly free trial offers.
 
The hack has left the sites defaced with the below image which is very graphic and not for the weak hearted at all and is labeled "stop the boarder killing". as the weeks go on we are seeing more and more hackers from both sides stepping up and attacking each others websites in relation to these border killings.


 
Brian Krebs published this request for extension by the FBI to continue to operate clean DNS servers for another

120 days. The ISC.org team has been running DNS servers that return valid results instead of the invalid results the

rouge DNS servers had been returning. The current order that allowed the isc.org team to run these servers for the FBI expires March 8th 2012.


http://krebsonsecurity.com/wp-content/uploads/2012/02/dnschangerextension.pdf


The operation was known as Ghost Click. We covered it here.

http://isc.sans.org/diary/Operation+Ghost+Click+FBI+bags+crime+ring+responsible+for+14+million+in+losses/11986


The isc.edu handlers have written a lot of diaries around dns-changer type malware since 2007.

The requested 120 day extension still needs to be approved by a Judge and would help ISPs that are notifying

customers to notify more customers. Several tools have been shown to assist infected customers clean this up.

Merike Keao from Double Shot Security included a list of tools that help to clean this up in her presentation at NANOG 54.

http://dcwg.org/docs/DNS_Changer_NANOG54.pdf

This presentation has a LOT of good information in it.


The DNS-Changer working group has information on how a Service Provider can obtain a list of infected or affected

customers IP addresses here. http://www.dcwg.org/cleanup.html and lots of other good information at dcwg.org
In addition it appears Estonia may be willing to extradite 6 of the people accused of running the dns-changer network.

http://balticbusinessnews.com/article/2012/2/21/estonian-court-approves-extradition-of-six-persons-to-us-for-cybercrime (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Shaw reviews HP's HD 5210 Webcam.
 
Box Thursday said it has updated its cloud storage service Box for Android, adding a new interface to support Android 4.0 devices and new collaboration features
 
A new app for the streaming game service adds some enhancements -- but unlike its predecessor, it isn't free.
 
It has become aware that a security firm WT Forensics, LLC, has sent a email out to a bunch of police officers that got caught up in last weeks #OpPiggyBank Release by anonymous hackers.


 
Well this is sort of just sad to see that some one would hack two middle schools for no real reason at all and dump a load of teachers usernames and passwords.


 
A hacker using the well know SQL injection tool Havij, have attacked and leaked a dump of information in the form of user accounts from the Brazilian Society of Energy Planning website.


 
The National Institute of Standards and Technology (NIST) today announced a new partnership to establish the National Cybersecurity Center of Excellence, a public-private collaboration for accelerating the widespread adoption of integrated cybersecurity tools and technologies. The State of Maryland and Montgomery County, Md., are co-sponsoring the center with NIST, which will work to strengthen U.S. economic growth by supporting automated and trustworthy e-government and e-commerce.


 
Warning: Many readers will not agree with this column, but that's because they are far more technically inclined than the average user.
 
LG Electronics has launched the Optimus 4X HD smartphone, which is powered by a quad-core processor from Nvidia and runs Android 4.0, the company said on Thursday.
 
Today, we came across a statement that was on pastebin.com that had come from a New Zealand based news site stuff.co.nz. In this statement it was lead to believe that a very well known security firm Aura Information Security from New Zealand was "out to get anonymous" mainly due to the title of the pastebin paste which was "Nz fights Anonymous" but turns out that paste is an exact copy of the article stuff.co.nz did.


 
The Pakistan Vs India cyber war is still strolling along at a pace where its taking down new sites every day leaving them defaced and rooted. One of the latest sites has is the Department of mines and geology, Rajasthan which was hacked by HaX.r00t, PCA, Pak Cyber army, hacker who has been very active within this cyber war.


 
EasyVista Single Sign-on Authentication Bypass Vulnerability
 
libxml2 Hash Collision Denial Of Service Vulnerability
 
Bugzilla CVE-2012-0453 Cross Site Request Forgery Vulnerability
 
A request for a legal injunction that would have forced Apple to halt iPad sales in its Shanghai stores has been rejected, giving the U.S. tech giant a small victory as it faces an ongoing trademark dispute in China over the iPad name.
 
Zettaset, which makes tools for managing big data, has unveiled its SHadoop security initiative to help companies better control access to data in Hadoop.
 
Microsoft is spending about $130 million to build a new datacenter in Dublin, as it needs more room to run cloud services there, the company said on Thursday.
 

DIARY-US MEETINGS/WEEK AHEAD
Reuters
... 22:10 Nielsen Hldg NV at Morgan Stanley Tech Conf 27 Feb 22:10 Parametric Tech Corp. at Morgan Stanley Tech Conf 27 Feb 22:10 Scripps Networks Interactive at Morgan Stanley Tech Conf 27 Feb 23:00 Akamai Tech at AGC West Coast Info Sec & Growth Conf ...

and more »
 
Move over Facebook, Google+ and Twitter. There's a new social site stealing some of your buzz: Pinterest.
 
Toshiba said Thursday it has shrunk the size of its 128Gbit NAND flash memory chips, in the race to bring more and tinier storage to products like USB storage and memory cards.
 
On feburary 14th 2012 we came across a document that sprung up a bit of interest around the world, this claimed that a hacker team using the handle team INTRA hacked into the Electronics Giant Philips and obtained thousands of accounts and other information.


 
The website that got attacked is alamkermanshah.ir and the data that got leaked is a few vulns and a single admin account.


 
Big Blue unveils integration of its Q1 Labs acquisition giving IT security pros the ability to add rule-based alerts using threat intelligence feeds.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

Posted by InfoSec News on Feb 23

http://www.informationweek.com/news/government/security/232601217

By Elizabeth Montalbano
InformationWeek
February 22, 2012

The organization that sets federal technology standards is establishing
a new center devoted to cybersecurity technology research across both
the public and private sectors.

A partnership between the National Institute for Standards and
Technology (NIST), the state of Maryland, and Montgomery County, Md.,
will create...
 

Posted by InfoSec News on Feb 23

Forwarded from: Jake Kouns <jkouns (at) opensecurityfoundation.org>

http://www.riskbasedsecurity.com/2012/02/historically-over-1-2-billion-records-exposed-according-to-risk-based-security-inc/

RICHMOND, VA, February 21, 2012 - The global economy may have remained weak in
2011, but criminal efforts to compromise personal information remained strong,
according to Risk Based Security, Inc (RBS). The total number of records
exposed in 2011...
 

Posted by InfoSec News on Feb 23

http://www.nextgov.com/nextgov/ng_20120221_7036.php

By Bob Brewin
Nextgov
02/21/2012

The Air Force Special Operations Command canceled its planned
acquisition of Apple iPad tablet computers last week, two days after
receiving a query from Nextgov about the inclusion of Russian-developed
security and documents reader software specified in procurement
documents.

The command did not provide any explanation for the move in its notice
on the...
 

Posted by InfoSec News on Feb 23

http://www.darkreading.com/database-security/167901020/security/news/232601293/strengthening-third-party-contracts-to-lower-breach-risks.html

By Ericka Chickowski
Contributing Writer
Dark Reading
Feb 22, 2012

Details emerged this week that showed that recent Anonymous hacks of
Federal Trade Commission (FTC) websites could potentially have been
prevented had the FTC not dispensed with security provisions in a
contract with the third-party...
 

Posted by InfoSec News on Feb 23

http://news.techworld.com/security/3339513/hacker-steals-one-million-user-logins-from-youporn-website/

By John E Dunn
Techworld
22 February 2012

A million logins for the hugely popular YouPorn sex site appear to have
been leaked after a hacker chanced upon a URL linking to a user list
apparently left exposed for several years.

Smaller portions of the YouPorn database featuring user email addresses
and passwords have appeared on Pastebin,...
 
The U.S. White House will push for online businesses to adopt new privacy codes of conduct, including consumer rights to control what information websites collect about them and a right to see what data is being collected, officials there said.
 
D-Link DSL-2640B MAC Address Authentication Bypass Vulnerability
 
 
Internet Storm Center Infocon Status