Hackin9

How big data is transforming information security
Help Net Security
How big data is transforming infosec. 25 June 2013. Car hack attack responsible for journalist's death? 25 June 2013. Privacy bill proposed following surveillance scandal. 25 June 2013. Researchers reveal tricks for Cutwail's endurance. 25 June 2013.

 
Researchers at Intel are hoping a little insight into the way drivers think as they hurtle down the highway can be harnessed to make roads safer.
 
Searching online for something like "diet plans," or "Caribbean vacation," or of course "iPhone," is bound to present a slew of results, including ads. Now, the U.S. Federal Trade Commission wants search engines to display those ads more clearly.
 
Intel has shown a wireless technology it's cooking up in its labs that's supposed to make displays of all kinds more flexible and useful.
 
 
Each time any one of the billion Facebook users visits the social networking site, the company's servers must assemble data -- user posts, likes, shares, images -- from hundreds or even thousands of different servers around the globe. The page must be created on the fly and within a few hundred milliseconds.
 
Oracle's long-awaited 12c database is now available for download, according to the vendor's website.
 
The recently revealed mass collection of phone records and other communications by the U.S. National Security Agency may not be effective in preventing terrorism, according to some critics.
 
Google is revealing some new numbers around malware and phishing attempts in an effort to get more people thinking about online security and to make the Web safer.
 
WordPress 'crypt_private()' Method Remote Denial of Service Vulnerability
 
libxenlight (libxl) Library For Xen Local Security Bypass Vulnerability
 
Oracle's long-awaited 12c database has apparently received a firm launch date, with a company executive stating that it will be released 'within the next two weeks.';
 
Google

The vast majority of sites that push malware on their visitors are legitimate online services that have been hacked as opposed to those hosted by attackers for the purposes of distributing malicious software, Google security researchers said Tuesday.

The data, included for the first time as part of the safe browsing section of Google's regular transparency report, further challenges the myth that malware attacks happen only on disreputable sites, such as those that peddle porn, illicit software ("warez"), and similar content. For instance, on June 9 only 3,891 of the sites Google blocked as part of its Safe Browsing program were dedicated malware sites, while the remaining 39,247 sites that were filtered offered legitimate services that had been compromised.

In all, Google blocks about 10,000 sites per day as part of the program, which is designed to help people using Firefox, Chrome, and other participating browsers to steer clear of phishing scams and drive-by malware attacks. The program is also designed to inform webmasters of infections hitting their site and to take steps to fix the problems. In all, the Safe Browsing program helps protect about 1 billion people per day.

Read 2 remaining paragraphs | Comments

 
Xen CVE-2013-2078 Remote Denial of Service Vulnerability
 
Xen CVE-2013-2076 Information Disclosure Vulnerability
 
Xen CVE-2013-2077 Remote Denial of Service Vulnerability
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Pivot Point Security Adds Distinguished ISO 27001 Lead Implementer ...
Watch List News (press release)
The Implementer certification is intended for infosec professionals who want to understand the steps required to implement the ISO 27001 standard (as opposed to the ISO 27001 Lead Auditor certification, intended for an auditor wanting to audit and ...

and more »
 
if reports are accurate, Facebook may soon be where smartphone and tablet users can get the latest news from around the world.
 
Sprint shareholders Tuesday set the stage for a potentially massive change in the wireless carrier competitive landscape by approving SoftBank's bid to buy 78% of the company for $21.6 billion.
 
Collabtive 'task' Parameter SQL Injection Vulnerability
 
Mozilla today shipped Firefox 22, enabling the in-browser audio-video calling standard WebRTC and switching on a new JavaScript module that promises to speed up Web apps.
 
Sprint shareholders Tuesday set the stage for a potentially massive change in the wireless carrier competitive landscape carriers by approving SoftBank's bid to buy 78% of the company for $21.6 billion.
 
Scientists have discovered a solar system with three super-Earths that could possibly hold liquid water, meaning they have the ability to support life.
 

World of Warcraft publisher Blizzard has temporarily closed mobile access to its online auction house following reports that hackers were using it to scam users out of large amounts of digital gold.

"There's been a recent increase in unauthorized World of Warcraft account-logins via our website and the World of Warcraft mobile armory app," Blizzard officials warned in a blog post published Tuesday morning. The company is in the process of notifying users who show signs of account compromise and who didn't use a two-factor "authenticator" to help secure connections. Those users will receive instructions for resetting their accounts and be eligible to have their raided gold restored.

The temporary closure comes three days after reports surfaced that unauthorized purchases were being made against user accounts at highly inflated prices. "The items purchased were two brawler white quality items and a white quality level 1 axe," one WoW player wrote here. "I have an authenticator and a relatively difficult password. What could have happened, and what recourse do I have? Will I ever see my gold again?" The items purchased were a brawler's vest for 135,423g, a worn battleaxe for 53,142g, and brawler's pants for 19,660g.

Read 2 remaining paragraphs | Comments

 

-- Bojan INFIGO IS

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
As mobile device shipments overtake those of PCs, cross-platform tool developer Xamarin hopes to get more enterprises to adapt their apps for Android and iOS with the help of its .Net Mobility Scanner.
 
Sprint Nextel shareholders voted overwhelmingly to approve SoftBank's $21.6 billion takeover bid, setting the stage for the deal to close early next month.
 
Companies who have been assessing Google's planned remedies to anti-competitive practice on Tuesday called on the European Commission to reject them and to consider regulating Internet search.
 
Game producer Blizzard has issued an account security warning for its classic World of Warcraft MMO. The company reports that the last few days have seen an increase in the number of user accounts hacked
    


 
A new European guide aimed at avoiding IT vendor lock-in could save the public sector more than $1.3 billion a year.
 
A big data project called Digital Delta aims to investigate how to transform flood control and the management of the entire Dutch water system and save up to 15% of the annual Dutch water management budget.
 
The bring your own device (BYOD) trend is gaining steam, thanks to the cost benefits and increased productivity that can come from allowing employees to provision their own technology. Mobile workers are more likely to put in more hours, so if your employees want to buy their own equipment and do more work on their own time, it's a win for the company.
 
LinuxSecurity.com: Timo Sirainen discovered that cURL, an URL transfer library, is prone to a heap overflow vulnerability due to bad checking of the input data in the curl_easy_unescape function. [More...]
 
LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in the Linux kernel: The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials [More...]
 
LinuxSecurity.com: Updated nfs-utils packages fix security vulnerability It was reported that rpc.gssd in nfs-utils is vulnerable to DNS spoofing due to it depending on PTR resolution for GSSAPI authentication. Because of this, if a user where able to poison DNS to [More...]
 
LinuxSecurity.com: Updated dbus packages fix security vulnerability. Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in _dbus_printf_string_upper_bound(). This vulnerability can be exploited by a local user to crash system [More...]
 

A New Approach to Advanced Threat Protection
Infosecurity Magazine
Drew is the Deputy Editor of Infosecurity magazine and has spent more than a decade covering the science and technology industry. A graduate of Rutgers University, he specializes in research on the intersection of technology and public policy, with a ...

and more »
 
AT&T Tuesday announced plans to open new innovation centers in Atlanta and Plano, Texas, to open in coming months, giving it a total of five such centers worldwide.
 
BlackBerry continues to expand its support for Android and iOS with Secure Work Space, which separates work and personal apps and data, as the company tries to hold on to enterprise users by becoming more platform neutral.
 
Microsoft's had a tough year already. It's retreated from flubs in licensing, the design of its flagship Windows OS and most recently, innovations it wanted to bake into the Xbox One. So what's going on?
 
Security vulnerabilities in preinstalled backup software can be exploited to compromise LG Android smartphones
    


 

Pivot Point Security Adds Distinguished ISO 27001 Lead Implementer ...
Virtual-Strategy Magazine (press release)
The Implementer certification is intended for infosec professionals who want to understand the steps required to implement the ISO 27001 standard (as opposed to the ISO 27001 Lead Auditor certification, intended for an auditor wanting to audit and ...

and more »
 
In a coming together of rivals, Salesforce.com and Oracle have signed a nine-year agreement under which the companies will integrate their technologies and Salesforce.com will make a significant investment in Oracle products for its cloud computing platform.
 
Aurich Lawson / Thinkstock

There’s a saying—"there’s no such thing as a free lunch." On the Web, however, it sure seems like there is. In the time span of a lunch break, a few keywords in a search engine promise free entertainment, just several clicks away. We all know the catch, though. These freebies can come with freeloading adware, malware, and other unwanted programs and plugins. This was particularly true in the Internet’s early days, but in the past decade, tech giants such as Google, Microsoft, and Yahoo—the three major players in search today—have deployed significant resources to prevent adware and malware from compromising their Web browsers, e-mail services, and websites. It can't be that bad in 2013, right?

Answering this question required a little experiment, one inspired by the documentary Super-Size Me. That film chronicles Morgan Spurlock’s month-long fast food “diet” during which he limited his exercise and knowledge about healthy eating, had to order everything on the McDonald’s menu at least once, and never said no to an upgrade offer.

What could possibly go wrong?
Allie Brosh, Hyperbole and a Half

The Web version of this is simpler and better for an individual's (physical) health. From a clean computer fresh off an OS install, enter some of the most popular, plausible generic free keyword searches on a popular Web browser. Next, open all of the links in the search results (ads and otherwise) and download the first thing on the landing pages, recording where it went and what it did. Like Spurlock, I would limit my knowledge about what was safe or risky and take no (Internet) precautions beyond the default settings. The same rules applied for installing the program afterward. And in the Web's version of "would you like to super-size that?" I had to say yes to whatever was offered. There would be no avoiding a Web culture of excess and extras.

Read 44 remaining paragraphs | Comments

 

Security FAQs website to close this year
SC Magazine UK
His decision to move on is a big loss for infosec. I wish we had more people like Lee.” Brian Honan, CEO of BH Consulting, said: “Lee closing down his blog is a big loss to the infosec community. His blog acted as a bridge between those in the business ...

 
New APIs in the forthcoming HTML5 make it much easier for Web applications to access software and hardware, especially on mobile devices. The W3C is taking privacy seriously as it puts the finishing touches on HTML5, but there are still some important things to consider.
 
BlackBerry continues to expand its support for Android and iOS with Secure Work Space, which separates work and personal apps and data, as the company tries to hold on to enterprise users by becoming more platform neutral.
 
As more is demanded of smartphones and tablets, the limits of ARM's RISC architecture will become apparent.
 
The source code for the Carberp financial malware has been leaked online, increasing the risk that other cybercriminals will create their own variants based on it, according to researchers from Russian cybercrime investigations firm Group-IB.
 
The UI that overlies AppContainer is pretty much the thing that makes Windows a desktop OS. What would it mean if the OS running on desktops weren't a desktop OS?
 
Upcoming integration points between Yammer and Microsoft products will include email interoperability, document collaboration and enterprise search, as Microsoft pursues its plan to make Yammer a common enterprise social collaboration layer across its business software.
 
D-Bus '_dbus_printf_string_upper_bound()' Function Denial of Service Vulnerability
 
[ MDVSA-2013:178 ] nfs-utils
 
[ MDVSA-2013:177 ] dbus
 
Barnraiser Prairie OpenID idp: Directory traversal attack
 
Sony has launched the SmartWatch 2, an update of its Android-based watch, while the competition still seems largely to be in development mode. The company is also hoping to attract users that want a smartphone with a really big screen with the 6.4-inch Xperia Z Ultra.
 
Satyam Computer Services, the Indian outsourcing company hit by an accounting fraud in 2009, has been merged with parent Tech Mahindra.
 
A version of Microsoft's Age of Empires game franchise will be developed for iPhones and Android devices, the first time an official Microsoft title will be released for the mobile platforms.
 
The senior advisor to Europe's top court said Tuesday that Google is not responsible for third party information in its search results and that there is no universal "right to be forgotten" under the current data protection laws.
 
SEC Consult SA-20130625-0 :: Multiple vulnerabilities in IceWarp Mail Server
 
Cloud-based security cameras can keep watch on your home when you're not around. We tested 5 of these systems and report on our findings.
 
German publishers will disappear from Google News on Aug. 1 unless they opt in to the service as Google seeks to comply with a new German law. But the publishers said on Monday that this is not good enough, they want a share in Google's revenue.
 
Sony Mobile announced an Android-based SmartWatch 2 with NFC wireless as well as a large-screen 6.44-in. HD smartphone called the Xperia Z Ultra today.
 
A hacker is claiming that the software on HP's StoreOnce series backup servers contains a backdoor. SSH access is all that's required to exploit the vulnerability
    


 

A week ago one of our readers, Cedric, submitted a PHP web shell he found on a compromised server.

PHP web shells are a pretty common thing – once attackers identify a vulnerability that allows them to upload such a PHP file (which is usually a RFI, Remote File Inclusion, vulnerability), they install it to make further activities easier. PHP web shells have gone a long way and are today very powerful. The attacker can use a PHP web shell to navigate through directories, upload and download files and do much, much more.

One of the more well-known and publicly available such multi-purpose web shells is the Ani-Shell. Ani-Shell is a PHP web shell that, among the regular functions such as file management also supports features such as MD5 cracking, where the attacker simply uploads a list of MD5 hashes and a dictionary, after which the shell tries to crack the submitted hashes.

Of course, any publicly available PHP web shell has million spin-offs. Cedric found one such PHP web shell called PHPJackal which again, among the regular functions, has quite a bit of extra features. The PHP web shell was renamed to .database.php, and you can see the main interface in the figure below (the screen showing the port scanning module):

We can see that through time attackers added quite a bit of extra features. The Crackers screen of PHPJackal is particularly interesting: it contains 10 modules that allow cracking attempts on various services: starting from uploaded MD5 hashes similarly to the mentioned Ani-Shell, but also to live, remote cracking of SMTP, POP3, IMAP4, SNMP, MySQL and MSSQL databases as well as HTTP form and basic authentication protected web pages. What else could an attacker wish for?

The number of such compromised web sites is staggering. What’s even worse, such servers usually have a lot of CPU power and network bandwidth, so attackers can easily abuse them to launch other attacks such as mentioned cracking of passwords or even DoS attacks. In fact, Cedric found the mentioned shell by monitoring firewall logs – the attacker launched a simple HTTP Connect DoS attack on a different web site causing the main firewall to log warnings about a high number of connections.

Identifying such compromised sites can be particularly challenging for web hosting companies, which do not have direct control over implemented web sites. As always in security, we cannot rely on one thing but have to monitor the whole environment: if you see CPU usage spikes or high bandwidth coming from a server, such events should be further investigated. Of course, first we have to make sure that we have monitoring that can catch such cases implemented, so start today (if you haven’t already); I’m sure that in 6 months you’ll be glad that you did this.

--
Bojan (@bojanz)
INFIGO IS

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Re: Facebook Information Disclosure
 

Hackers target 30000 SME websites per day to spread malware
V3.co.uk
"We have a huge problem as if you actually go and search for Infosec roles, you'll find most of them demand a minimum of at least two-to-three years experience and many five plus. We have this chicken and egg problem where everyone's looking for ...

 
[SECURITY] [DSA 2713-1] curl security update
 
The U.S. International Trade Commission has launched a pilot program to test whether early rulings on identified crucial issues in some investigations could limit unnecessary litigation, saving time and costs for all sides.
 

Posted by InfoSec News on Jun 25

http://www.theregister.co.uk/2013/06/25/trend_micro_catches_a_ghost_rat/

By Phil Muncaster
The Register
25th June 2013

Security vendor Trend Micro has embiggened its industry collaboration
credentials this week after helping Taiwanese police arrest one man in
connection with a widespread targeted attack, and teaming up with Interpol
on a new cyber crime prevention centre.

The targeted attack in question used the notorious Ghost remote...
 

Posted by InfoSec News on Jun 25

http://www.nytimes.com/2013/06/24/technology/nsa-leak-puts-focus-on-system-administrators.html

By Christopher Drew and Somini Sengupta
The New York Times
June 23, 2013

Edward J. Snowden, the former National Security Agency contractor who
leaked details about American surveillance, personifies a debate at the
heart of technology systems in government and industry: can the I.T. staff
be trusted?

As the N.S.A., some companies and the city of...
 

Posted by InfoSec News on Jun 25

http://www.independent.co.uk/news/uk/crime/the-other-hacking-scandal-suppressed-report-reveals-that-law-firms-telecoms-giants-and-insurance-companies-routinely-hire-criminals-to-steal-rivals-information-8669148.html

By Tom Harper
The Independent
22 June 2013

Some of Britain’s most respected industries routinely employ criminals to hack,
blag and steal personal information on business rivals and members of the
public, according to a secret...
 

Posted by InfoSec News on Jun 25

http://www.timesofisrael.com/?p=564438

By David Shamah
The Times of Israel
June 24, 2013

To the already robust cooperation between Israel and India, add the field
of cybersecurity, with Israeli companies being recruited to protect
India’s networks, databases, and enterprise computer systems. Cooperation
in this area is new, and it’s the result of hard work by Vishal
Dharmadhikari, a student at Tel Aviv University who is a member of a...
 

Posted by InfoSec News on Jun 25

http://observers.france24.com/content/20130624-tunisia-internet-censorship-hackers-servers

By Moez Chakchouk
France 24
24/06/2013

The Tunisian Internet Agency has just opened access to the basement of a villa
in Tunis where government employees censored the Internet under former dictator
Zine El-Abidine Ben Ali’s regime. The infamous servers used to monitor Internet
usage are still there -- but now, in a role reversal, Tunisian hackers...
 
Re: Facebook Information Disclosure
 
[security bulletin] HPSBHF02878 rev.1 - HP Smart Zero Client, Unauthorized Access
 
[ MDVSA-2013:176 ] kernel
 
Internet Storm Center Infocon Status