Hackin9
An ITU group has approved a successor to the H.264 video encoding standard, opening the door to future video transmission using only half the bandwidth that's now required.
 
Research In Motion has hinted that it will launch two new handsets early next month to accompany the release of its BlackBerry 10 operating system.
 
 
The Federal Communications Commission announced on Friday announced plans to help streamline wireless broadband buildout in the U.S., with initiatives that include clarifying of a provision requiring local review of modifications to cell towers.
 
A password made up of a phrase or short sentence may be more secure than a carefully constructed long one, countering the recommendations of some security experts.
 
A rugged server from NCS Technologies introduced on Friday can withstand drops, will work in extreme temperatures and can be deployed via parachute into crisis areas or war zones if needed.
 
Microsoft will reap a windfall of revenue as soon as it introduces versions of its Office productivity suite for iOS and Android, but that window of opportunity is quickly closing, an analyst said today.
 
The Senate Armed Services Committee plans to investigate what happened with a massive, failed U.S. Air Force ERP (enterprise resource planning) project, amid a rising tide of calls for action on Capitol Hill to reduce wasteful IT spending.
 
The U.S. International Trade Commission has voted to investigate whether Ericsson has infringed Samsung Electronics patents related to wireless communication equipment, the agency said Friday.
 
The coordinator of "Operation Payback" attacks on PayPal, Visa and MasterCard is sentenced to 18 months in prison. "The defendants were actually rather arrogant" says the judge


 
AT&T will buy mobile spectrum in the 700MHz band from Verizon Communications for $1.9 billion, AT&T said Friday.
 
 
The latest release of the popular open source blogging platform fixes 37 bugs and addresses three security issues, including two cross-site scripting vulnerabilities


 
WordPress SolveMedia 1.1.0 CSRF Vulnerability
 


SCADA systems constitute a major challenge in the implementation of information security management systems, since they involve a new spectrum of risks which, if materialized, can cause incalculable losses to the population in terms of money and even human lifes.

What kind of impact are we talking about? As I have described in previous diaries, the electrical system is controlled by SCADA systems, which manages the three core subsystems:


Generation: The most common facilities used to generate energy are: Thermoelectrical plans, Nuclear plants and Hydro electrical plants. Inside this facilities, the SCADA platform is vital to perform the following when generation takes place: Ensure turbines are not having revolutions more than supported, generators are not working overloaded and energy being generated matches the amount of energy that the transmission line can handle.

Transmission: Once generated, electricity needs to be distributed to reach the final users using power transmission lines with voltages like 115 kV. Those lines ends into the substations, which handles the delivery of electricity to a specific amount of instalations, usually being a large number of blocks in a city. The SCADA platform is vital for monitoring of voltage in transmission lines looking for high amount of electricity flowingand possible overloads because protections might activate causing a massive blackout controlled by the affected substations

Distribution: Inside the substation, the electricity power decreases to 13.2 kV and flows to the distribution power lines until reaches the transformers that handles the energy for specific blocks, where its decreased again to 110V or 220V. The SCADA platform needs to monitor voltage in distribution lines and monitorvoltage in user meters looking for high amount of electricity flowing beating the distribution power line voltage limit.



To perform risk asessment for a SCADA System from the IT perspective, we need to list the cyber assets as stated in NERC CIP 002-4. The following is a prototype list extracted from one of my previous SCADA diaries:


Remote Terminal Unit (RTU), hardware, software and configuration: The RTU is defined as a communication device within the SCADA system and is located at the remote substation. The RTU gathers data from field devices in memory until the MTU request that information. It also process orders from the SCADA like switch off a transmission line.

Master Terminal Unit (MTU), hardware, software and configuration: The MTU is defined as the heart of a SCADA system and is located at the main monitoring center. MTU initiates communication with remote units and interfaces with the DAS and the HMI.

Data Acquisition System (DAS), hardware, software and configuration: The DAS gathers information from the MTU, generates and store alerts that needs attention from the operator because it can cause impact on the system.

Human Machine Interface (HMI), hardware, software and configuration: Also called User Interface (UI). The HMI is defined as the interface where the operator logs on to monitor the variables of the system. It gathers information from the DAS.



The most critical obtained risks are:


Loss of integrity of the configuration files

Loss of confidentiality of the configuration files

Loss of integrity of the software

Loss of availability for the hardware

Loss of traceability for the configuration files

Loss of traceability for thesoftware files



Those risks pose two great impacts for SCADA Systems: Lack of availability causing the SCADA System to stop monitoring and unauthorized remote control. This is is the biggest threat as it is the door to perform ciberterrorism causing the following impacts:


Massive blackouts: If the SCADA System tells the generator to increase the electricity on the line beating the supported limit, all protections will be triggered and the whole electrical system might be turned off.

Damage on power generators: If we are talking about hydro power plants, the rotor speed could exceed supported, which could cause an explosion in the generator, damaging the pipes and cause a large dam leakage. In addition, new generators should be placed and this could mean energy rationing for the whole country or specific sectors. If we are talking about nuclear plants, disasters like Chernobyl could easily happen.

Massive damage on electrical devices: If the distribution lines are overloaded, protections might not be triggered and everything receiving electricity from that distribution line might be damaged.

Substation transformer explotions: If the transform relation is modified several times within a short time period, the transformer will explode as it gets filled with lots of gas that expands, causing physical damage to the buildings and houses sorrounding the substation.



Incident response capabilites needs to be greatly improved under this environments, as the consequences might be catastrophic if there is not enough monitoring for attacks. Keep in mind that attacks underSCADA systems does not follow same patterns or targets under normal corporate environments as theyhave different vulnerabilities and attack vectors. In my SANSFIRE 2013 presentation I will discuss hydro power plantSCADA vulnerabilities thatmight trigger cyberterrorism impacts, some tools to check for them and some proposed architectures to avoid those risks. You are also still on time to attend the SANS SCADA Summit, which will have very interesting conferences on how to protect SCADA environments. I will be there on the last panel and will be happy to see you there if you are attending.


Manuel Humberto Santander Pelez

SANS Internet Storm Center - Handler

Twitter:@manuelsantander

Web:http://manuel.santander.name

e-mail: msantand at isc dot sans dot org
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
With another New Year comes a "new" flurry of predictions across all industries. I say "new" because if we do some homework, we can see that many of these so-called "predictions" are actually spun off of technology trends over the past decade.
 
A majority (albeit by the slightest of margins) of IT leaders say they plan to increase their IT budgets in the coming year, according to a recent survey of 188 top IT executives.
 
Three men were sentenced Thursday in the U.K. for their roles in a series of distributed denial-of-service (DDoS) attacks launched against financial and music industry organizations in 2010 by the Anonymous hacktivist collective.
 
The 512GB Crucial M4 is one of the highest-capacity solid-state drives we've tested; it also proved to be one of the faster readers. Using a Marvell 9174 controller, 25nm MLC (multi-level cell) NAND flash memory, and the latest SATA 6Gbps interface, the M4 read our 10GB collection of small files and folders at 416.7 megabytes per second (MBps). The drive was also quick when reading a single large file--it accessed our 10GB test file at 472.8 MBps.
 
Critical infrastructure providers' worst security vulnerability may be their employees. That's the takeaway from two reported incidents where IT systems connected to key energy industry assets were found to be infected with malware deployed using infected USB drives.
 

We had a reader this week submit the following web log to us:

GET /geography/slide.php?image_name=Free+gay+black+moviesslide_file=
script%E2%84%91_id=0+union+select+0x3f736372aca074200372 HTTP/1.1

The request, as you can probably tell, is an attempt to detect SQL Injection and likely XSS vulnerabilities. As such, it isnt really all that special. What makes this more interesting is the fact that it came from Microsoft +http://www.bing.com/bingbot.html)
Client IP Address: 157.55.52.58

This technique of using search engines to proxy vulnerability scans has been mentioned in the past. For example, Googles translate service has been used to proxy requests. Also, Google Hacking, which refers to specially crafted Google searches to find vulnerabilities are quite common.

What I am wondering is how wide spread this Bing Reflection attack is. If you got a couple minutes, check your web logs and see if you can find similar requests. Search for bingbot and some exploit strings like union or script. So far, a qucik search of my logs for isc.sans.edu came up empty, but we are a bit special in that users legitimatly search for exploit strings to find diaries on our site.

From a defensive point of view, I am not too worried about these queries. A direct scan is certainly more dangerous even though it is easier to block and maybe to attribute. But as usual, the real defense against a vulnerability scan is to eliminate vulnerabilities. (plus add some of the offensive techniques we mentioned in the past).

------

Interested in Web Application Security? I will be teaching Defending Web Applications in Orlando from March 8th-15th

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
[SECURITY] [DSA 2612-1] ircd-ratbox security update
 
Cisco Systems' sale of its home networking business to Belkin International marks the end of a 10-year odyssey through the world of consumer products, but the company plans to keep reaching consumers through their carriers and cable companies.
 
Traditional IT vendors aren't leading with software, and businesses aren't hiring mobile leaders, according an Appcelerator survey
 
The SanDisk Ultra Plus SSD, which sports data speeds of up to 530MB/s, is aimed squarely at replacing aging hard drives in existing desktops and laptops.
 
Apple found 11 facilities within its supply chain using underage labor last year, and went as far to sever ties with one Chinese component maker for failing to prevent the violations.
 
Samsung led both the smartphone and overall handsets market in the fourth quarter, though analysts' estimates of shipments and market share varied.
 
Google's Transparency Reports are interesting not only for what they reveal about government requests for Internet user data, but also for what they do not reveal.
 
With the release of Chrome 24.0.1312.56, Google has closed five security holes in the open source browser, three of which are rated with a high severity. The release also fixes problems with slow mouse wheel scrolling


 
A bipartisan group of Senators is planning to introduce a bill that not only hikes the H-1B cap, but allows it to rise automatically with demand to a maximum of 300,000 visas annually.
 
Spring Framework Expression Language JSP Attributes Handling Information Disclosure Vulnerability
 
'Not dead yet' could well be the new BlackBerry marketing theme, as the world prepares to hear about two new BlackBerry 10 smartphones to be announced Wednesday.
 
Charges have been brought in the US against three individuals suspected of being behind the Gozi trojan. The US Department of Justice has given a detailed description of how the criminals are thought to have staged their virtual bank robberies


 

Posted by InfoSec News on Jan 25

http://www.dailyillini.com/news/campus/article_1a22475e-66ab-11e2-b767-0019bb30f31a.html

By Carina Lee
Staff writer
The Daily Illini
January 25, 2013

Sung Dan Lee, senior in Engineering, had been expecting to take his Electrical
and Computer Engineering 329 class exam Nov. 29 at 7 p.m. But when he received
an unexpected email with the subject “ECE 329 Exam 3 Solutions for Sale,” he
became suspicious.

The email stated: “Sales stop at...
 

Posted by InfoSec News on Jan 25

http://freebeacon.com/cyber-threat-looms/

[Change the name, date and agency and this reads like every
other article since Winn Schwartau coined the term
"electronic Pearl Harbor" in 1991. -- WK]

By Bill Gertz
FreeBeacon.com
January 24, 2013

The United States is facing a catastrophic cyber attack by nations or
non-state groups that could cripple the country’s economy, a former
high-ranking U.S. intelligence official said on...
 

Posted by InfoSec News on Jan 25

http://www.darkreading.com/insider-threat/167801100/security/perimeter-security/240146954/bugs-found-in-baked-in-barracuda-backdoors.html

By Kelly Jackson Higgins
Dark Reading
Jan 24, 2013

An Austrian researcher discovered flaws in deliberate backdoors built into
Barracuda Networks' Web Filter, Message Archiver, Web Application Firewall,
Link Balancer, and SSL VPN products. The security vendor today patched the
bugs, but left the option...
 

Posted by InfoSec News on Jan 25

http://www.v3.co.uk/v3-uk/news/2238996/akamai-study-finds-a-third-of-all-cyber-attacks-originate-from-china

By James Dohnert
V3.co.uk
25 Jan 2013

Approximately 33 per cent of all cyber attacks originated from China during the
third quarter of 2012, according to a report by Akamai.

Akamai found that the second leading country for cyber attacks was the US.
Russia was reported to have come in a distant third. The statistics come from...
 

Posted by InfoSec News on Jan 25

http://www.csoonline.com/article/727445/securing-scada-systems-still-a-piecemeal-affair

By Lucian Constantin
IDG News Service
January 23, 2013

ReVuln, a Malta-based security startup that specializes in vulnerability
research, is working on a product that could allow companies to protect their
SCADA (supervisory control and data acquisition) software installations against
entire classes of vulnerabilities. In the meantime, the company is...
 
The power of search engines to reveal what some people would prefer not to be revealed, like private keys, stored passwords or other credentials, has been demonstrated again as GitHub turned on its new code search system


 
A hacker calling himself Kingcope has unveiled a technique for pinning down normally random memory addresses for libraries in Windows 7 and 8 in order to jump to specific code sequences


 
Samba CVE-2013-0172 Remote Security Bypass Vulnerability
 
Ruby multi_xml CVE-2013-0175 Remote Arbitrary Command Execution Vulnerability
 
Movable Type Multiple SQL Injection and Command Injection Vulnerabilities
 
Internet Storm Center Infocon Status