Hackin9

Infosec 2013: Incident response sector expected to increase significantly
SC Magazine UK
Speaking to SC Magazine at the Infosecurity Europe conference in London, Oliver Friedrichs, senior vice president of the cloud technology group at Sourcefire, said that technologies from the likes of Mandiant, Guidance Software, Damballa and its own ...

 

Telstra seeks infosec staff for billion-dollar Defence deal
SC Magazine Australia
Telstra is looking to take on information security professionals to bolster its $1.1 billion contract with the Department of Defence. The telco has put out a call for specialists in the areas of service delivery, tech support, security architecture ...

and more »
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
T-Mobile USA's "radical" service plans promising no annual contracts aren't quite as radical as consumers might think, and the mobile operator will change its advertising and offer refunds in a settlement with the state of Washington.
 

Computing

Infosec 2013: Incentivise staff to become aware of cyber risks
Computing
Security experts speaking at Infosecurity Europe 2013 said that raising employees' awareness of cyber risks is a vital element of their incident response strategies, and urged firms to give staff incentives to learn security best practice. Vicki Gavin ...
Infosecurity Europe 2013: Infosec can no longer hinder business objectivesInfosecurity Magazine

all 5 news articles »
 
Facebook is acquiring Parse, a cloud service company that makes it easier for developers to build mobile apps by providing them with a hosted back-end infrastructure, the companies announced Thursday.
 
The chairman of Yahoo's board of directors has stepped down from that position and will leave the board entirely later this year, Yahoo said Thursday.
 

Infosec 2013: Key industries must prepare for cyberwars, says expert
ITProPortal
In a year that has seen international tensions in the cyber sphere increase significantly, Infosec 2013 was always likely to be dominated by speculation over what this means for businesses and organisations that are critical to the infrastructure of a ...

 
Last week here in Backspin I discussed how real-world "things" that aren't easily augmented with digital instrumentation, such as bicycles, cars and even dogs, can be indirectly connected to the Internet of Things (IoT) using physical ID tags and online proxies. This is, as I pointed out, a powerful concept.
 
Oracle MySQL Server CVE-2013-2392 Remote Security Vulnerability
 
Oracle MySQL Server CVE-2013-1532 Remote Security Vulnerability
 
Oracle MySQL CVE-2013-1521 Remote MySQL Server Vulnerability
 
Oracle MySQL CVE-2013-2391 Local MySQL Server Vulnerability
 

[Guest Diary: Dylan Johnson BSc.CISSP] [A week in the life of some Perimeter Firewalls]

I hope the title of this blog doesn’t appear a dry and dull topic because a week in the life of an Internet facing firewall is anything but dull.

This is just a short blog detailing an interesting piece of research aimed at promoting situational awareness in relation to the threat from the internet.

Perimeter firewalls are the main barriers protecting you from the Internet, should these be misconfigured either maliciously or accidentally, what would you be exposed too?

Graph 1 below shows the amount of dropped traffic (Axis-Y) against time (Axis-X). You can see at peak periods the number of dropped connections is 3.6k over a 30 minute period.

Graph 1

The summary graphs below drill into more of the detail present in the audit data from the firewalls and present this in the same format as graph 1 however the different colors highlight the traffics country of origin.

If you look at the bottom right graph you can see traffic from China with a peak drop rate of 1250 connections every 30 minutes. Also notice the erratic trends within the graph, bottom right.

Graph 2

So as you can see firewalls are constantly busy fighting off a constant slew of malicious traffic. A lot of the traffic dropped may be reconnaissance or to make an analogy someone checking the quality of your locks, windows and doors, however they can still post via the letter box!

To explain the firewall letter box analogy, firewalls wouldn’t be much use if they blocked absolutely everything, if that was the case why would we even need a network connection to the internet at all? Perimeter firewalls need to pass certain types of traffic to applications, its then up to the applications to deal with the traffic profile we saw previously in graph 2 i.e all that traffic from China and the other countries.

Graph 3 below shows actions taken by an application firewall as you can see there is a constant slew of SQLi (SQL Injection) and XSS (Cross Site Scripting) attacks. These attacks reach the webserver perhaps because there is no security control upstream capable of understanding and dealing with Layer 7 or Application Layer traffic. A traditional firewall operates at layers 3(Network Layer) and layers 4(Transport Layer) they are often oblivious to what is happening at layer 7 they only care about getting the traffic to its intended destination.

Graph 3

So as you can see you are indeed connected to the global internet and are being probed by traffic from the four corners of the known world, from Amsterdam to Zimbabwe.

The purpose of this blog was to demonstrate that you may be in a quiet and relatively tranquil part of the world but you are connected to a network that remains mainly un-policed and carry’s a very real and persistent threat as I hope you can see from the data and explanation presented in this blog. Make sure you understand the threat, monitor it and ensure you have controls in place to keep it out.

 

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form
--
Adam Swanger, Web Developer (GWEB, GWAPT)
Internet Storm Center https://isc.sans.edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

--

John Bambenek

bambenek \at\ gmail /dot/ com

Bambenek Consulting

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

--

John Bambenek

bambenek \at\ gmail /dot/ com

Bambenek Consulting

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Security researcher HD Moore says 114,000 serial devices exposed to the Internet are highly hackable.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

Infosec 2013: cyber security sector failing to attract new talent
Network World
TechWorld - The cyber security sector in the UK is failing to attract young people into the industry - especially women - according to research released this week by e-skills UK. The research, carried out in partnership with information security ...

and more »
 

V3.co.uk

Cyber crime challenges law enforcement
ComputerWeekly.com
Latest Headlines. EC seeks approval for Google search proposals · EMC posts record Q1 revenues; VMware and RSA star performers · Infosec 2013: Cyber crime challenges law enforcement · View All News ...
Infosec 2013: Governments will fall if cyber attackers succeed, warns MoDV3.co.uk
H4cked Off: Why austerity shouldn't apply to cyber securityComputing
State sponsored cyber attacks could bring down governments, warns MoDInquirer

all 4 news articles »
 
The National Institute of Standards and Technology (NIST) is holding the second of four planned workshops to develop a voluntary framework to reduce cybersecurity risks for critical infrastructure from May 29-31, 2013, at Carnegie Mellon ...
 
Software AG has picked up cloud PaaS (platform-as-a-service) vendor LongJump in a bid to give small and medium-sized companies a way to rapidly develop applications with less involvement from IT. Terms of the deal, which was announced Thursday, were not disclosed.
 
The number of government requests that Google has received to remove certain types of content, often politically charged, reached its highest level ever during the second half of 2012, the company reported Thursday.
 
A federal court in Houston has rejected an FBI request for a warrant to hack into the computer of a suspect in an attempted cyberheist.
 
Microsoft's failure thus far to significantly spark PC and tablet sales with Windows 8 has put high expectations on an expected 2013 refresh of the OS, dubbed 'Blue.'
 
A handful of lawmakers have stalled the U.S. Senate from voting on legislation that would require large Internet and catalog sellers to collect state sales taxes from their customers.
 
T-Mobile USA's "radical" service plans promising no annual contracts aren't quite as radical as consumers might think, and the mobile operator will change its advertising and offer refunds in a settlement with the state of Washington.
 
NASA has launched three Google-HTC Nexus One smartphones into space in what scientists hope will be the lowest-cost satellites ever tested.
 
Oracle MySQL CVE-2013-1531 Remote MySQL Server Vulnerability
 
Oracle MySQL CVE-2013-1552 Remote MySQL Server Vulnerability
 
Oracle MySQL Server CVE-2013-1544 Remote Security Vulnerability
 
Oracle MySQL CVE-2013-2375 Remote MySQL Server Vulnerability
 
Hewlett-Packard in the next few days will ship the US$169 Slate 7, the company's first product for the consumer tablet market since the spectacular failure of the WebOS-based TouchPad in 2011.
 
John Swainson has one of the more challenging jobs in the tech industry right now. As president of Dell's software division, he's charged with sorting through all the software Dell has acquired and organizing it into coherent offerings that can further its effort to become a more profitable, software- and services-driven company.
 
Oracle Java Runtime Environment CVE-2013-2423 Security Bypass Vulnerability
 
Oracle Java SE CVE-2013-2421 Remote Java Runtime Environment Vulnerability
 
Do you know what to do if your Twitter account is hacked? Here are four steps to take to regain control of your account and ensure it doesn't happen again.
 
Apple set a record today by selling out its annual developer conference in under three minutes.
 
Adobe Systems has appointed Brad Arkin, the company's senior director of security for products and services, to become its first CSO. With a mature product security program already in place, the top priorities for Adobe's new security chief are to strengthen the security of the company's hosted services and its internal infrastructure.
 
Box is taking steps to increase usage of its cloud storage and file sharing system in the health care industry, where it sees a demand for tools that simplify content collaboration.
 
GE, Allstate try crowdsourcing contests where external brainiacs compete to produce the best answers to big-data analytics questions.
 
Microsoft garnered just a "niche" in the global tablet market in the first quarter of 2013, following a period of user confusion after the launch of Windows 8 and Windows RT tablets, analysts say.
 
With Google's futuristic wearable computers on the way, one research firm calculates that the worldwide market for smart glasses could reach nearly 10 million units by 2016.
 
Nginx ngx_http_close_connection function integer overflow
 
A U.S. Senate committee has approved legislation that would give more privacy protection from government surveillance for data stored in the cloud.
 

Mt. Gox, the world's largest Bitcoin exchange, is delaying plans to support a new form of virtual currency known as Litecoin following a series of debilitating Internet attacks that are growing increasingly powerful.

The most recent distributed denial-of-service (DDoS) attack to hit Mt. Gox came on Sunday, and it knocked the Tokyo-based exchange offline for four hours, officials said in a statement issued Wednesday. Unlike more traditional DDoS attacks, which flood websites' routers and servers with more junk data than they can handle, the latest assault targeted Web applications the Mt. Gox site uses to process and secure customer transactions. That's known as Layer 7, or the application layer, of the networking stack.

"What we are experiencing lately are 'Layer 7' DDoS attacks," the statement read. "Unlike your average DDoS (which overloads the servers with traffic to the sites as a whole) these are much more creative and harder to detect in that they target specific elements of the site and make it difficult to distinguish malicious traffic from normal traffic. The attackers' goal is to shut down the exchange, either thorough the DDoS itself, or by forcing Mt. Gox to take measures that have the same effect."

Read 6 remaining paragraphs | Comments

 
Cisco Security Advisory: Cisco Device Manager Command Execution Vulnerability
 
Oracle Sun Products Suite CVE-2013-0404 Local Security Vulnerability
 
Oracle Sun Products Suite CVE-2013-0408 Local Security Vulnerability
 
[waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin
 
Cisco Security Advisory: Multiple Vulnerabilities in Cisco NX-OS-Based Product
 
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Computing System
 

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form
--
Adam Swanger, Web Developer (GWEB, GWAPT)
Internet Storm Center https://isc.sans.edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Patent holding company VirnetX this week filed a lawsuit in federal court accusing Microsoft's Skype of infringing six of its patents.
 
The voice-over-IP and messaging app Viber lets users respond to messages without unlocking their Android devices. Unfortunately, that feature can be coerced into unlocking the entire device too
    


 
Oracle Sun Products Suite CVE-2013-0411 Local Security Vulnerability
 

Infosec 2013: Loss of military information could lead to 'wholesale loss of life'
SC Magazine UK
SC Magazine UK > News > Newsletters > Infosec 2013: Loss of military information could lead to 'wholesale loss of life'. Infosec 2013: Loss of military information could lead to 'wholesale loss of life'. Asavin Wattanajantra. April 24, 2013. Print ...

 
JR Raphael compares the images from a Samsung Galaxy S4 camera to an HTC One camera.
 
Technology is outrunning the security needed to keep it safe
 
After conquering the low end of the tablet market with the Kindle Fire, Amazon may be getting ready to invade the living room with a television set-top box..
 

Infosec 2013: A lack of security development and technology transparecy harms ...
SC Magazine UK
RSS | Log in | Register · SC Magazine UK > News > Infosec 2013: A lack of security development and technology transparecy harms users. Infosec 2013: A lack of security development and technology transparecy harms users. Dan Raywood. April 25, 2013 ...

 

Infosec 2013: 'Malevolent' hacktivists to get hold of advanced state-sponsored ...
SC Magazine UK
SC Magazine UK > News > Infosec 2013: 'Malevolent' hacktivists to get hold of advanced state-sponsored malware. Infosec 2013: 'Malevolent' hacktivists to get hold of advanced state-sponsored malware. Asavin Wattanajantra. April 24, 2013. Print · Email ...

 
Google's rivals have been given one month to assess the search giant's proposed remedies, the European Commission announced Thursday.
 
LinkedIn has revamped the contacts management feature of its professional networking website and packaged the functionality into a new iOS application.
 
Publicly verifiable keys will ensure the authenticity of each document, says Assange
    


 
BlackBerry needed to produce an updated qwerty device for its faithful base of 76 million subscribers, but it remains to be seen whether the Q10 will make serious inroads in reversing BlackBerry's decline.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: Several security issues were fixed in MySQL.
 
LinuxSecurity.com: Updated curl packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]
 
A range of Cisco products based on its NX-OS are vulnerable to flaws which could lead to devices being taken over in the data centre. Updates to resolve the issues are available
    


 
Security expert HD Moore warns of the existence of unprotected terminal servers on the internet. The researcher says that he found over 100,000 such systems during his analyses, and that many of them are wide open and connected to control systems
    


 

InfoSec: Understanding business goals is key to embedding company-wide ...
ComputerworldUK
Information security managers need to better align themselves with company business goals to help embed security practices in an organisation, according to speakers at InfoSec 2013. Talking to ComputerworldUK at the event in London, News International ...

 

V3.co.uk

Infosec 2013: Governments will fall if cyber attackers succeed, warns MoD
V3.co.uk
Governments across the globe could be brought to their knees by successful cyber attacks, according to Ministry of Defence (MoD) head of information security, Adrian Price. Price said that the threat posed by state-sponsored hackers and hacktivist ...
Cyber crime challenges law enforcementComputerWeekly.com
H4cked Off: Why austerity shouldn't apply to cyber securityComputing
State sponsored cyber attacks could bring down governments, warns MoDInquirer

all 4 news articles »
 
Big data analytics is creating a world where doctors will eventually be able to do a Google-like query on a patients illness and instantly discover how 100,000 other doctors treated their patients. It's also driving new treatments through genomic profiling.
 
European politicians are at loggerheads following a vote in the European Parliament on Wednesday that rejected proposals to store information on airline passengers.
 
Bitcoin exchange Mt. Gox has temporarily shelved plans to support a competing currency, litecoin, the company said Thursday.
 
Researchers at the University of Michigan have invented a way for different wireless networks crammed into the same space to say 'excuse me' to one another.
 
Motorola Mobility Android phones infringe on a Microsoft text messaging patent, the Higher District Court of Munich ruled on Thursday.
 
Should the police be allowed to be openly present at the OHM hacker festival in the Netherlands? A heated debate has been brewing around this question, causing the OHM coordinator to resign
    


 
Oracle Java SE CVE-2013-1557 Remote Java Runtime Environment Vulnerability
 

TechWeekEurope UK

InfoSec 2013: British Banks Threatened By DDoS Boom - TechWeekEurope UK
TechWeekEurope UK
British banks are preparing for a massive distributed denial of service (DDoS) onslaught, as the same group that hit US banks shifts some of its attention to European organisations. Operation Ababil, which is being led by a group of attackers calling ...

 
yaSSL CVE-2012-0553 Unspecified Buffer Overflow Vulnerability
 
yaSSL CVE-2013-1492 Unspecified Buffer Overflow Vulnerability
 

Re: Skype Holes

by sahara sejdovic


sjvn01 wrote:

If you really know how Skype works, you know it's about as safe as juggling firecrackers. Skype, the popular VoIP program, relies on every PC running Skype between you and who you're calling to serve as stepping stones for your conversation. That's bad. What's worse is when Skype doesn't check to see if Skype calls are actually sent, or received, by the right people.

Or, to quote Levent "Noptrix" Kayan, the security researcher that uncovered this hole, "Skype suffers from a persistent Cross-Site Scripting [XSS] vulnerability due to a lack of input validation and output sanitization of the 'mobile phone' profile entry. Other input fields may also be affected."

What does that mean for you? Noptrix explained, "An attacker could trivially hijack session IDs of remote users and leverage the vulnerability to increase the attack vector to the underlying software and operating system of the victim."

In plain English, it's simple for a hacker to take over your Skype session as you login to Skype. From there it's not much of a trick to take over your Windows PC or Mac and start causing real trouble.

In a report by ZDNet Australia, Skype claims it's not that big a deal. Yeah. Right. At the same time though, Skype admits that it is a real problem and that they'll fix it within the next few days.

I have a better idea. Drop Skype, which will soon belong to Microsoft, and use Google Talk, ooVoo, or another VoIP program instead. Pretty much whatever you pick is going to be safer than Skype. Maybe Microsoft will fix this issue, but I still have real trouble figuring out how Microsoft is going to integrate Skype with its corporate VoIP program Lync. I wouldn't count on Skype being safe to use anytime soon. In fact, if I were you I wouldn't count on Skype at all.


 

 
MantisBT 'Close' Button Security Bypass Vulnerability
 
MantisBT 'manage_proj_ver_delete.php' HTML Injection Vulnerability
 
GNU glibc 'getaddrinfo()' Stack Buffer Overflow Vulnerability
 
Internet Storm Center Infocon Status