Share |

InfoSec News

Organizations large and small utilize social media for interacting with current and prospective customers, recruiting employees and tracking the sentiment regarding the organization's products and services. (In this context, social media includes blogs as well as social networking sites such as Facebook and Twitter.) As a security professional, you can also use social media for a related purpose: keeping track of malicious activities and threats against your organizations that attackers sometimes discuss publicly.
If your goal is to keep an eye on social media statements or postings that merely mention your organization's name, a number of free tools can help you, including:

Google Alerts
Social Mention
Addict-o-matic
Samepoint
BlogPulse

These tools allow you to specify the search term (such as your organization's name), and will then present you with a listing of relevant social media mentions. Some of them can send email alerts and generate RSS feeds.
The challenge comes when you have to keep an eye on the activities associated with a popular brand that is often mentioned in social media. In this case, the tools mentioned will likely overwhelm you with their findings. You'll need to be more selective when specifying your search terms, and will probably want the tool to support some form of Boolean logic.
Google Alerts is a good match for such activities. Another powerful and flexible source of data is Twitter Search. (Learned this fromJD). Twitter is used for both curating content that's hosted elsewhere and directly expressing opinions. No wonder searching its public activity streams can be an effective way of keeping an eye on the discussions related to your organization.Best of all, the Twitter search engine supports Boolean logic--not just keyword searches.
For instance, you may want to use Twitter to learn when someone has hacked or is planning to attack your organization. You can search it for your organization's brand name(s) and words such as hacked, breached, pwned, XSS, SQLi, etc. If you get too much noise in the search result, consider specifying these words as hashtags by preceding them with the # sign.
Here's a proof-of-concept site I put together to demonstrate this technique: WasCompanyHacked.com
To fine-tune your Twitter search terms, consider searching for the brand's security is the hot topic at the moment and identify which hashtags or terms give you the right balance of meaningful content and a low rate of false positives.
Do you have tips for searching Twitter and other sources for activities related to your brand's security? Please leave a comment below or drop us a note.
For more thoughts on social media in the context of information security, see:

Brand Impersonations On-Line: Brandjacking and Social Networks
2 Types of Social Media and Social Networking Risks for Enterprises
When Employees Go Online: The Risks of Social Media to Employers

-- Lenny Zeltser
Lenny Zeltser leads a security consulting team and teaches how toanalyzeandcombatmalware. He is activeon Twitterand writes a dailysecurity blog.
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A Bank of America insider who sold customer data to criminals cost the bank at least US$10 million in losses.
 
NetApp today reported that it earned more than $5.1 billion in revenue in 2011, more than $1 billion more than in 2010.
 
NASA announced on Wednesday that its working to send a robotic spacecraft to an asteroid in 2016 -- all in an effort to help scientists discover how life began.
 
Google is experiencing a shift towards more mobile use, an executive says
 
Mumble Murmur Denial of Service Vulnerability
 
Sen. Al Franken (D-Minn.) calls on Google and Apple to require location apps to have privacy policies.
 
Firms reassessing their virtualized infrastructure to defend against threats need to apply the same security best practices they’ve been using for years to secure their physical systems.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Hours after Apple owned up to a fake security software scam campaign, the "scareware" gang released a new variant with a streamlined installation process that doesn't require a victim's password, a French antivirus firm said today.
 
Facebook CEO Mark Zuckerberg said Wednesday he's not trying to allow kids under 13 on the social networking site, that Facebook isn't developing any gadgets and he's too young to worry about his legacy.
 
A federal court has issued a subpoena to Infosys that seeks information on the Indian outsourcer's use of the B-1 visa.
 
Yahoo CEO Carol Bartz and co-founder Jerry Yang opened the company's investor meeting Wednesday addressing head-on the company's tussle with Alibaba Group over the latter's decision to spin off its online payment unit Alipay.
 
A proposal for new cybersecurity legislation by U.S. President Barack Obama's administration could give the government unprecedented access to private data, critics said Wednesday.
 
Verizon Wireless said LG's Revolution, an LTE-ready smartphone, will be sold in stores and online Thursday for $249.99 and a two-year service plan.
 
Adobe Flash Player CVE-2011-0628 Remote Integer Overflow Vulnerability
 
IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities
 
Exim DKIM CVE-2011-1407 Remote Code Execution Vulnerability
 
EMC today formally announced a reseller partnership with MapR, which makes a proprietary MapReduce file system based on Apache Hadoop.
 
The Libcloud project provides a unified interface for more than 20 cloud services, including those from IBM and Amazon.
 
iDefense Security Advisory 05.24.11: IBM Lotus Notes Applix Attachment Viewer Stack Buffer Overflow
 
iDefense Security Advisory 05.24.11: IBM Lotus Notes Office Document Attachment Viewer Stack Buffer Overflow
 
iDefense Security Advisory 05.24.11: IBM Lotus Notes RTF Attachment Viewer Stack Buffer Overflow
 
Cisco Security Advisory: Cisco IOS XR Software SSHv1 Denial of Service Vulnerability
 
AT&T said it will activate its LTE wireless network this summer in five cities: Atlanta, Chicago, Dallas, Houston and San Antonio.
 
Twitter Wednesday announced that it has acquired TweetDeck for an undisclosed sum.
 
Google on Tuesday patched several vulnerabilities in Chrome, including two a French security company said could be used to bypass the browser's anti-exploit technology.
 
More than a year after losing communication with the Mars rover Spirit, NASA is making a final attempt today to contact the robotic traveler.
 
The federal judge overseeing the Java patent litigation between Oracle and Google has said it might be necessary to delay a trial until U.S. authorities finish re-examining a number of Oracle's patents, a process that could take years.
 
After taking criticism for not publicly responding, Apple has promised an update for Mac OS X that will delete MacDefender -- the first professional-looking scareware to target Macs -- and warn when people first download the bogus program. Has MacDefender diminished the Mac's security luster?
 
Gibbs looks at three portable speaker systems that will enhance your mobile pleasure
 
Linux Kernel 'IP GRE' Module NULL Pointer Dereference Denial of Service Vulnerability
 
Linux Kernel 'net/can/raw.c' Local Denial of Service Vulnerability
 
Linux Kernel 'agp_ioctl()' Local Privilege Escalation Vulnerability
 
iDefense Security Advisory 05.24.11: IBM Lotus Notes LZH Attachment Viewer Stack Buffer Overflow
 
Cisco Security Advisory: Cisco XR 12000 Series Shared Port Adapters Interface Processor Vulnerability
 
Cisco Security Advisory: Cisco IOS XR Software IP Packet Vulnerability
 
North Korea might be an unlikely place to find a PC factory, but the country has started manufacturing three models of computers, according to a recent state TV report.
 
Cisco Security Advisory: Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities
 
Cisco Security Advisory: Cisco Content Delivery System Internet Streamer: Web Server Vulnerability
 
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
On Wednesday, femtocell maker Ubiquisys announced an agreement with Intel to develop a new generation of small base stations that will allow operators to push content to the edge of their networks.
 
Remote Password Disclosure Vulnerability in RXS-3211 IP Camera + others
 
[SECURITY] [DSA 2240-1] linux-2.6 security update
 
CORE-2010-0908: Lotus Notes XLS viewer malformed BIFF record heap overflow
 
[SECURITY] [DSA 2241-1] qemu-kvm security update
 
Developers can build services and APIs accommodating both platforms
 
Skype has decided not to renew an agreement that allows open-source telephony system Asterisk to be integrated with the service using software developed with Digium.
 
VisiWave Site Survey '.vwr' File Processing Buffer Overflow Vulnerability
 
The city of Taipei has sought more help from Sony for PlayStation Network gamers whose personal details may have been leaked
 
The Rational tools suite came in first in six categories and had the best overall score in Evans Data's survey
 
Node.js, Jaxer, EJScript, RingoJS, and AppengineJS combine the familiarity of JavaScript, low overhead, blazing speed, and unique twists
 
Technology giant Hewlett-Packard will acquire Printelligent to bolster its position in managed printing services for business clients.
 
Bluestacks plans to soon start offering technology that will let PC users run Android apps on their laptops and desktops.
 
Cox Communications is backing down from an ambitious plan to build its own 3G cellular network.
 
feh '--wget-timestamp' Remote Code Execution Vulnerability
 
Microsoft on Tuesday demonstrated more than 20 of the 500 features in its Windows Phone upgrade called Mango. Here are the top three features that might make customers want to buy a Windows Phone-powered device.
 
InfoSec News: Dimension Data finds vulnerabilities on Cisco devices: http://news.techworld.com/security/3281833/dimension-data-finds-vulnerabilities-on-cisco-devices/
By John E. Dunn Techworld.com 24 May 11
Large numbers of companies using Cisco network equipment are still vulnerable to a single security vulnerability flaw nearly two years [...]
 
InfoSec News: Attackers Step Away From Mainstream, Target Lesser-Known Apps: http://www.darkreading.com/advanced-threats/167901091/security/application-security/229625502/attackers-step-away-from-mainstream-target-lesser-known-apps.html
By Robert Lemos Contributing Writer Dark Reading May 24, 2011
Microsoft has Patch Tuesday. [...]
 
InfoSec News: Sony says hacker stole 2,000 records from Canadian site: http://www.computerworld.com/s/article/9217028/Sony_says_hacker_stole_2_000_records_from_Canadian_site
By Robert McMillan IDG News Service May 24, 2011
The problems keep coming for Sony. On Tuesday the company confirmed that someone had hacked into its website and stolen about 2,000 customer [...]
 
InfoSec News: New hack on Comodo reseller exposes private data: http://www.theregister.co.uk/2011/05/24/comodo_reseller_hacked/
By Dan Goodin in San Francisco The Register 24th May 2011
Yet another official reseller of SSL certificate authority Comodo has suffered a security breach that allowed attackers to gain unauthorized access to data. [...]
 
InfoSec News: Businesses most at risk from Web hackers: http://www.usatoday.com/money/industries/technology/2011-05-22-cnbc-businesses-at-risk-of-hacking_n.htm
By Peter Suciu CNBC.com May 24, 2011
Career criminal Willie Sutton is credited with saying that he robbed banks, "because that's where the money is," and while Sutton later [...]
 
TigerVNC SSL Certificate Validation Security Bypass Vulnerability
 

Posted by InfoSec News on May 25

http://www.computerworld.com/s/article/9217028/Sony_says_hacker_stole_2_000_records_from_Canadian_site

By Robert McMillan
IDG News Service
May 24, 2011

The problems keep coming for Sony. On Tuesday the company confirmed that
someone had hacked into its website and stolen about 2,000 customer
names and e-mail addresses.

Close to 1,000 of the records have already been posted online by a
hacker calling himself Idahc, who says he's a...
 

Posted by InfoSec News on May 25

http://www.theregister.co.uk/2011/05/24/comodo_reseller_hacked/

By Dan Goodin in San Francisco
The Register
24th May 2011

Yet another official reseller of SSL certificate authority Comodo has
suffered a security breach that allowed attackers to gain unauthorized
access to data.

Brazil-based ComodoBR is at least the fourth Comodo partner to be
compromised this year. In March, the servers of a separate registration
authority were hacked by...
 

Posted by InfoSec News on May 25

http://www.usatoday.com/money/industries/technology/2011-05-22-cnbc-businesses-at-risk-of-hacking_n.htm

By Peter Suciu
CNBC.com
May 24, 2011

Career criminal Willie Sutton is credited with saying that he robbed
banks, "because that's where the money is," and while Sutton later
claimed to have never uttered that infamous line, he did say in his
autobiography that criminals "go where the money is … and go there...
 

Posted by InfoSec News on May 25

http://news.techworld.com/security/3281833/dimension-data-finds-vulnerabilities-on-cisco-devices/

By John E. Dunn
Techworld.com
24 May 11

Large numbers of companies using Cisco network equipment are still
vulnerable to a single security vulnerability flaw nearly two years
after a patch was issued, an analysis of network scans by Dimension Data
for its 2011 Network Barometer Report has found.

Overall, Dimension's Technology Lifecycle...
 

Posted by InfoSec News on May 25

http://www.darkreading.com/advanced-threats/167901091/security/application-security/229625502/attackers-step-away-from-mainstream-target-lesser-known-apps.html

By Robert Lemos
Contributing Writer
Dark Reading
May 24, 2011

Microsoft has Patch Tuesday. Oracle and Adobe are on regular patch
cycles, often issuing ten or more patches at once. But many smaller
vendors haven't yet developed such rigorous patching processes -- and
that may...
 
PHP 'socket_connect()' Function Stack Buffer Overflow Vulnerability
 


Internet Storm Center Infocon Status