Basecamp, maker of the popular project-management app by the same name, was back online Monday afternoon after sustaining a crippling denial-of-service attack earlier in the day that rendered its services unavailable to virtually all users.

In a blog post published Monday, Basecamp officials said the attack began after they spurned a demand to pay an unspecified ransom to avoid a threatened assault on their site. The flood of data that came after the demand was rebuffed peaked at about 20 gigabits per second, preventing legitimate traffic from passing through the site's overwhelmed data connections.

"We've learned that the very same criminals currently attacking and trying to extort us hit others just last week," the Basecamp blog post stated. "We're comparing notes with everyone affected who have been in touch. The blackmail came from an address matching this pattern: dari***@gmail.com. If you have been extorted by this person, please get in contact so we can compare notes on both technical defenses and the law enforcement effort to hunt them down."

Read 2 remaining paragraphs | Comments

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Deutsche Telekom CERT Advisory [DTC-A-20140324-002] vulnerabilities in check_mk
Microsoft DirectShow CVE-2014-0301 Remote Code Execution Vulnerability
Deutsche Telekom CERT Advisory [DTC-A-20140324-004] nagios vulnerability
Deutsche Telekom CERT Advisory [DTC-A-20140324-003] vulnerabilities in icinga
At its annual stockholder meeting last week, Hewlett-Packard CEO Meg Whitman delivered a delicious critique of 3D printing speeds. "[It's] like watching ice melt," she said.
TigerVNC CVE-2014-0011 Heap Buffer Overflow Vulnerability
[SECURITY] [DSA 2873-2] file regression update
Deutsche Telekom CERT Advisory [DTC-A-20140324-001] vulnerabilities in cacti
ESA-2014-011: RSA BSAFE® Micro Edition Suite Server Crash Vulnerability
CVE-2014-2570 - php-font-lib 0.3 www/make_subset.php Reflected Cross Site Scripting
Businesses that permit Bitcoin transactions may soon have a way to protect themselves from drops in the digital currency's value.
The U.S. Federal Communications will soon move forward on a 2-year-old proposal to experiment with spectrum sharing in an effort to deal with a skyrocketing demand for mobile data bandwidth and increasingly crowded mobile services, the agency's chairman said Monday.

Attackers are exploiting a newly discovered vulnerability in Microsoft Word that makes it possible to remotely seize control of computers, the company warned.

The in-the-wild attacks work by creating booby-trapped documents in the Rich Text Format (RTF) that exploit a vulnerability in the 2010 version of Microsoft Word, Microsoft warned in an advisory published Monday. Similar attacks work against other versions of Word, including 2003, 2007, and 2013 for Windows, Microsoft Office for Mac 2011, and multiple versions of Microsoft SharePoint Server. E-mails that are viewed or previewed using a default setting in Outlook allow the attacker to gain the same system privileges as the user who is currently logged in.

"Microsoft is aware of a vulnerability affecting supported versions of Microsoft Word," Monday's advisory stated. "At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file using an affected version of Microsoft Word or previews or opens a specially crafted RTF e-mail message in Microsoft Outlook while using Microsoft Word as the e-mail viewer."

Read 3 remaining paragraphs | Comments

Perl Perltidy Package CVE-2014-2277 Insecure File Creation Vulnerability
That's it. Google says it's had it with what it says are rumors and myths circulating about its entre into the wearable computer market, Google Glass.
Microsoft today warned users of Word 2010 that in-the-wild attacks are exploiting an unpatched vulnerability in the software.
In the last year or so, there has been a noticeable slowdown in innovations in new smartphones -- with both hardware and software. The next direction seems to be making the smartphone the hub for connecting technologies in the Internet of Things scenario.
Multiple McAfee Products Unspecified Directory Traversal Vulnerability
McAfee Web Gateway Directory Traversal Vulnerability
Sophos UTM Memory Leak Remote Denial of Service Vulnerability

Microsoft today published a new security bulletin, announcing that it has seen a new Word 2010 exploit used in recent targeted attacks. The exploit uses a so far unpatched vulnerability in Word that is triggered by opening a crafted RTF document.

To prevent exploitation of the vulnerability, Microsoft released a "Fix It" that will prevent Word from opening RTF documents. [1][2] 

Frequently RTF ("Rich Text Format") is used as a more portable way to exchange documents with basic formatting elements. The Fix-It may not be appropriate if you use RTF documents regularly. However, given that RTF documents are portable and can be opened by other software, it MAY be ok to just use software other then word to open the document.

This vulnerability is identified by CVE-2014-1761.

More details about the exploit can be found in Microsoft's "Security Research and Defense Blog" [3]. It points out that EMET can help block the exploit if the "Mandatory ASLR" and the "Anti-ROP" features are selected. This may be of help if you can't stop opening RTFs altogether. Word 2013 appears vulnerable, but the exploit fails due to ASLR and "just" crashes Word 2013. 

The blog post also includes indicators of compromise for the particular exploit seen.


[1] https://technet.microsoft.com/en-us/security/advisory/2953095
[2] https://support.microsoft.com/kb/2953095
[3] http://blogs.technet.com/b/srd/archive/2014/03/24/security-advisory-2953095-recommendation-to-stay-protected-and-for-detections.aspx

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
HTC is rebooting after a difficult year, with the launch Tuesday of an upgraded version of One, its flagship smartphone. But if HTC can't improve the marketing of its devices, the company will have a hard time turning around its fortunes.
Last week, application-performance monitoring service provider New Relic launched an offering that allows customers to mine its operational data for business intelligence.
IBM for decades was the only company making servers based on its proprietary Power architecture, but that's not the case anymore.
Driven by a very strong belief in the future of software-defined data center technology, Bank of America is steering its IT to almost total virtualization.
A vulnerability in Android that was publicly disclosed in mid-March could be exploited by malicious applications to force devices into an endless reboot loop, according to security researchers from Trend Micro.
MIT researchers have taken the first steps toward creating solar panels from living material by combining bacteria with nonliving materials such as gold that can conduct electricity and emit light.

Security researchers said they have uncovered bugs in Google's Android operating system that could allow malicious apps to send vulnerable devices into a spiral of endlessly looping crashes and possibly delete all data stored on them.

Apps that exploit the denial-of-service vulnerability work on Android versions 2.3, 4.2.2, 4.3, and possibly many other releases of the operating system, researcher Ibrahim Balic wrote in a blog post published last week. Attackers could exploit the underlying memory corruption bug by hiding attack code in an otherwise useful or legitimate app that is programmed to be triggered only after it is installed on a vulnerable handset. By filling the Android "appname" field with an extremely long value exceeding 387,000 characters, the app can cause the device to go into an endless series of crashes.

"We believe that this vulnerability may be used by cybercriminals to do some substantial damage on Android smartphones and tablets, which include 'bricking' a device or rendering it unusable in any way," Veo Zhang, a mobile threats analyst at Trend Micro, wrote in a blog post published Sunday. "In this context, the device is 'bricked' as it is trapped in an endless reboot loop."

Read 5 remaining paragraphs | Comments

Microsoft's former CEO, Steve Ballmer, hinted recently that he may soon step down from the company's board.
The White House have called on Turkish officials to end the country's Twitter ban.
Dell has added another company to its growing software portfolio with the acquisition of predictive analytics company StatSoft for an undisclosed amount.
Microsoft Internet Explorer CVE-2014-0321 Memory Corruption Vulnerability

I have been playing for a few years now with different network connected devices [1]. As a "security guy", a lot of this research has been about vulnerability in these devices, or what we sometimes call the "Internet of Things". Over the years, I also learned to appreciated the ability of these devices to deliver physical context to some events that I may see in my logs, and I started to add the state reported from some of these devices to my syslog collector feeding into my SIM (right now not a "full SIM, but Splunk for the most part). 

Here are a couple of experiences that I found helpful:


Servers (and many desktops) do provide a number of useful sensors. For example a sensor to detect opening the case, and various temperature sensors. The temperature sensor can easily be monitored with tools like Nagios. The case sensor is a bit more tricky. Yes, it can easily be monitored (nagios again), but I find that nobody resets the sensor in the BIOS after legitimately opening the case, and to avoid tampering with this setting, this requires a BIOS password. Not too many people are willing to set BIOS passwords and rather rely on the physical security of the data center itself. A switch port can also be used to detect disconnection of a server, and the power usage of your power distribution unit (PDU) can often be polled remotely. I haven't run into a PDU yet that can set a syslog/snmp message that would alert you of power use going to zero on a device. Usually they have alerts that will tell you about high load or high temperature.

Environmental Sensors

There are a number of environmental sensors that are available outside of the server. Many AC systems can be polled remotely I have run into http APIs, some snmp and even syslog. This can alert you of an AC failure before the temperature in your server rises significantly. Some advanced systems will also provide overall "health" information but I haven't played much with that yet. Usually this information is used for remote maintenance. Of course, you can always add additional network readable sensors for temperature and humidity. There are also a number of options to detect more "catastrophic" conditions like water leaks and to automatically shut off water feeds if they are detected.

Physical Sensors

Access cards and door open/close sensors are pretty much standard in large office buildings these days. But the information isn't always easily accessible to the network security team. Being able to correlate an event with a person's presence (or absence) from an area can be important. Not just to identify the culprit, but also to provide context to an alert. For example, a work station sending excessive HTTP requests while a user isn't sitting in front of it can be an important indicator. You may be able to get signals if a screen saver is engadged or not on a system in order to monitor physical security or additionally verify if a user is using a system or not (nagios can do that easily in Linux. Not sure if there is an easy way to poll in Windows remotely if a screen saver is engadged).

My favorite example is always a hotel in Singapore that used the signal from an opening room door to dispatch an elevator to that respective floor.


Network cameras are pretty much everywhere these days. Some come with integrated motion sensors, or can detect motion by monitoring changes to the image. Either way, many of these cameras can send a signal whenver they detect motion, and even attach images. This can suplement some of the door sensors.

Anything else you recently integrated?



Johannes B. Ullrich, Ph.D.
SANS Technology Institute

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
In February, during one of New England's harshest winters in memory, some employees at Bates College in Lewiston, Maine, began deliberately parking further away from their offices.
Cisco Systems plans to invest over US$1 billion to expand its cloud business over the next two years, including building an OpenStack-based "network of clouds" with partners.
WordPress LayerSlider Multiple Cross Site Request Forgery and Directory Traversal Vulnerabilities
It's an increasingly mobile world -- and the mobile future of Windows is dubious. To better accommodate end users, CIOs would be wise to consider these three alternatives to Windows on the desktop -- Chrome, Android and Ubuntu.
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Several security issues were fixed in Thunderbird.
DEK: Flop or not? Users will soon decide whether Office for the iPad is the greatest thing since Flappy Birds or the next Microsoft Kin. What's a Kin, you ask? Exactly.
Everyone needs a Wi-Fi spectrum analyzer, but there are times when analyzing cellular spectrum is also essential. Fluke Networks' new AirMagnet Spectrum ES provides a broad range of capability at a very attractive price. Spectral analysis, a longstanding fixture in electronics and manufacturing test, and, more recently as a valuable tool for understanding coverage, interference, and other elements of Wi-Fi, is the art and science of extracting meaning and insight from wireless systems at Layer 1 -- radio waves.
Hewlett-Packard shipped its first inkjet printer in 1984, but waited 30 years to release a multifunction inkjet printer for general office printing in enterprises.
A small bitcoin exchange in Beijing is in trouble again after trying to earn back funds lost in two hacking incidents last year.
Ever since President Obama signed the Open Data Executive Order, government agencies have been making their vast data stores available to the public. These once-secret data sets are proving a valuable business resource, too.
Peter Markos, CIO and general manager for Rotary International, contends with challenges ranging from authenticating a constantly changing list of users who need to access Rotary's systems to enabling applications that work for a vastly diverse membership.
The new USB Power Delivery spec turns the capabilities of the USB port on their head.
Nokia has delayed to April the sale of its smartphone business to Microsoft as it still hasn't received approvals from certain antitrust authorities in Asia.
In managing human resources, people architecture is gaining popularity, says IT workforce analyst David Foote. He explains what it is and why it's on the rise.
OSs will still matter to developers and engineers, but ordinary users are going to be more and more in the cloud, where their OS doesn't matter at all.
The data breach suffered by Target could make it easier for our manager to make some needed changes in his company's vendor management processes.
And what is going to have to happen before we see that we must set the smartest minds on coming up with newer, safer and less complicated security methods?
Google Chrome CVE-2014-1715 Directory Traversal Vulnerability
Google Chrome Prior to 33.0.1750.149 Multiple Security Vulnerabilities

Awards on offer to students for cyber security advances
Gulf Today
Dubai: In the spirit of fostering innovation and nurturing the progression of local talent in the field of information security, du invites students across the UAE to participate in its newly-launched Student InfoSec Award. The Student InfoSec Award is ...

and more »

Posted by InfoSec News on Mar 24


By Michiel van Blommestein
Central European Processing
ZDNet News
March 21, 2014

With the turmoil in neighbouring Ukraine, the timing of a new deal between
the Polish ministry of defence and three of the country's universities to
boost cybersecurity seems hardly likely to be a coincidence.

After an earlier deal under...

Posted by InfoSec News on Mar 24

Forwarded from: BSidesLV Info <info (at) bsideslv.org>

Security BSides Las Vegas, Inc. is pleased to announce that our Round 1
CFP is currently open and will remain so until 15May. Our second and final
round will open on 1Jun and close on 30Jun.


You can also access the CFP from the Welcome page of our website at

BSidesLV consists of the following tracks:

Breaking Ground – Ground Breaking...

Posted by InfoSec News on Mar 24


By Derek Brink
March 19, 2014

Once there was a leadership team that was exceedingly fond of using risk
assessments to make business decisions about information security. The
team cared...

Posted by InfoSec News on Mar 24


By Brian Krebs
March 22, 2014

The California Department of Motor Vehicles appears to have suffered a
wide-ranging credit card data breach involving online payments for
DMV-related services, according to banks in California and elsewhere that
received alerts this week about compromised cards that all had been
previously used online at the...

Posted by InfoSec News on Mar 24


By William Knowles
Senior Editor
InfoSec News
March 24, 2013

Chester Nez, the last surviving member of the original 29 Navajo Code
Talkers, will be the subject of filmmaker David DeJonge's upcoming
30-minute documentary.

"Chester is the last link from the Navajo people who forged a secret code
that helped win the...
Internet Storm Center Infocon Status