cURL/libcurl CVE-2016-5421 Local Use After Free Denial of Service Vulnerability
Oracle Berkeley DB CVE-2017-3607 Local Security Vulnerability
Oracle Berkeley DB CVE-2017-3606 Local Security Vulnerability
Oracle Berkeley DB CVE-2017-3608 Local Security Vulnerability
(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Andrea Tantaros claims that she was stalked and harassed by multiple Twitter accounts that were coordinated by Fox News executives after she filed a sexual harassment suit. Her new lawsuit also claims that Fox had her computer hacked for spying purposes. (credit: Twitter)

Comparing their actions to the plot this season on the Showtime series Homeland, an attorney for former Fox News host Andrea Tantaros has filed a complaint in federal court against Fox News, current and former Fox executives, Peter Snyder and his financial firm Disruptor Inc., and 50 "John Doe" defendants. The suit alleges that collective participated in a hacking and surveillance campaign against her.

Tantaros filed a sexual harassment suit against Roger Ailes and Fox News in August of 2016, after filing internal complaints with the company about harassment dating back to February of 2015. She was fired by the network in April of 2016, as Tantaros continued to press complaints against Fox News' then-Chairman and CEO Roger Ailes, Bill O'Reilly, and others. Tantaros had informed Fox that she would be filing a lawsuit over the alleged sexual harassment.

Tantaros claims that as early as February of 2015, a group run out of a "black room" at Fox News engaged in surveillance and electronic harassment of her, including the use of "sock puppet" social media accounts to electronically stalk her. According to the lawsuit:

Read 7 remaining paragraphs | Comments


Enlarge / A map that visualizes network changes being announced by Rostelecom. (credit: BGPmon)

On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications.

Anomalies in the border gateway protocol—which routes large-scale amounts of traffic among Internet backbones, ISPs, and other large networks—are common and usually the result of human error. While it's possible Wednesday's five- to seven-minute hijack of 36 large network blocks may also have been inadvertent, the high concentration of technology and financial services companies affected made the incident "curious" to engineers at network monitoring service BGPmon. What's more, the way some of the affected networks were redirected indicated their underlying prefixes had been manually inserted into BGP tables, most likely by someone at Rostelecom, the Russian government-controlled telecom that improperly announced ownership of the blocks.

"Quite suspicious"

"I would classify this as quite suspicious," Doug Madory, director of Internet analysis at network management firm Dyn, told Ars. "Typically accidental leaks appear more voluminous and indiscriminate. This would appear to be targeted to financial institutions. A typical cause of these errors [is] in some sort of internal traffic engineering, but it would seem strange that someone would limit their traffic engineering to mostly financial networks."

Read 8 remaining paragraphs | Comments

Mediawiki 'Parser::replaceInternalLinks2()' Method Cross-Site Scripting Vulnerability
Jenkins Java Deserialization CVE-2017-1000353 Remote Code Execution Vulnerability
Oracle E-Business Suite CVE-2017-3434 Remote Security Vulnerability
Oracle E-Business Suite CVE-2017-3345 Remote Security Vulnerability
HP NonStop Servers CVE-2017-5803 Information Disclosure Vulnerability
Mediawiki 'Special:MyPage/common.css' Cross-Site Scripting Vulnerability
Fortinet FortiOS CVE-2017-3127 Cross Site Scripting Vulnerability
EMC ResourcePak Base CVE-2017-4982 Local Privilege Escalation Vulnerability
Mozilla Network Security Services CVE-2017-5461 Memory Corruption Vulnerability

The Internet is a network of networks. Each Autonomous system (AS) connects to the internet using a router that speaks the Border Gateway Protocol (BGP) to disseminate and receive routing information. The problem is that there is no authoritative way to figure out who is supposed to receive which IP address space (no, whois information is not authoritative). If I got a new IP address range assigned, or if I agree to route it as part of an agreement with another network, then I will use BGP to advertise this to the Internet. Sadly, nobody has figured out yet how to validate these advertisements. There are many proposals, but none of which has the necessary traction right now.

As a result, it is somewhat common for BGP abused to advertise IP addresses that an organization doesnt actually own. This can lead to a denial of service, or miscreants can start using it for aman-in-the-middle attack. BGPMon, a company that monitors BGP traffic for anomalies, just yesterday discovered how part of a netblock assigned to VISA was re-routed to Rosetelecom, a large Russian telecom provider. This may not be entirely the fault of Rosetelecom. Any of its customers could have sent the announcement. Of course, Rosetelecom should have noticed this as well.

So in short, what can you do about it?

1 - The internet is an untrusted network. Deal with it. Assume people are rerouting, eavesdropping and manipulating your traffic. Technologies like TLS will help you detect these issues if properly implemented. VPNs can help to secure trusted connections within an organization or between trusted partners. But this is exactly why you have to audit these configurations and make sure they are configured based on current best practices.

2 - Monitor if someone is trying to hijack IP address space you are using. Tools like BPGMon are useful to do so if you dont want to set up your own monitoring infrastructure, which is quite costly.

3 - If you do own IP address space, and if you do manage BGP yourself, then make sure you implement the few security features that are available. BPGMon has a nice blog post about some of the options [2]


Johannes B. Ullrich, Ph.D., Dean of Research, SANS Technology Institute

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
OpenSSL CVE-2017-3730 NULL Pointer Dereference Denial of Service Vulnerability
Oracle MySQL Server CVE-2017-3455 Remote Security Vulnerability
Oracle MySQL Server CVE-2017-3465 Remote Security Vulnerability
Oracle Automatic Service Request CVE-2017-3618 Local Security Vulnerability
Oracle API Gateway CVE-2017-3601 Remote Security Vulnerability
Vivaldi Installer CVE-2017-2156 DLL Loading Remote Code Execution Vulnerability
McAfee VirusScan Enterprise CVE-2016-8030 Memory Corruption Vulnerability
Lenovo System Update CVE-2015-8109 Local Privilege Escalation Vulnerability
FreeBSD Security Advisory FreeBSD-SA-17:04.ipfilter
Internet Storm Center Infocon Status