InfoSec News

We take a look at what's coming up next on his IT agenda
 
An experiment run by Duke University and a European group responsible for managing Internet resources went wrong Friday, disrupting a small percentage of Internet traffic.
 
If you've lusted after Acer's TimelineX 1830T ultraportable but don't have $700, you can get much the same experience from the company's $430 (as of 8/25/2010) Aspire One 721 netbook. The two units are outwardly identical, but the 721 substitutes a far cheaper AMD Athlon II Neo CPU for the 1830T's Intel Core i5. The WorldBench 6 performance numbers show a 21-point performance gap, but the subjective experience isn't as dissimilar as that difference might lead you to believe.
 
A firm owned by billionaire Microsoft co-founder Paul Allen today sued Apple, Facebook, Google, YouTube, and seven other companies, charging them with infringing patents filed more than a decade ago.
 
The bidding duel between Hewlett-Packard and Dell over 3PAR took over IT news headlines this week with a dizzying back-and-forth flurry of increased bids. Meanwhile, DLL attacks are keeping IT security pros up at night and a top official said that the Pentagon got a security-related wake-up call when a low-level worm caused a serious systems breach.
 
A panel of federal appeals court judges has ruled that DEA agents can attach GPS devices onto vehicles parked on private property when investigating crimes; the decision is likely to be appealed to the U.S. Supreme Court.
 
If you're looking for a mainstream laptop with above-average gaming capabilities, Toshiba's 6-pound Satellite M645-S4055 is a worthy, albeit pricey contender for your computing dollars. It has top-notch input ergonomics, snappy performance, excellent sound, some nice usability flourishes, and a reasonable size for travel. It retails for about $1049, but you can sometimes find it online for just under $1,000.
 
Google continues to aggressively pursue social-networking capabilities, this time with the acquisition of Angstro.
 
Online retailers have started selling netbooks with Intel's new dual-core Atom processor, ahead of official product announcements from PC makers.
 
HP's latest bid of $2 billion for 3Par is about 10 times greater than the amount of revenue 3Par reported last year. But market value has little to do with this bidding war, experts say. While 3Par's technology would complement HP's offerings, Dell needs the company to get into the high-end data center market.
 
With the launch of Facebook Places, users need to figure out if this service is a cool new tool or an overbearing feature best avoided.
 
With all the many reasons to use Linux today--particularly in a business setting--it's often a relatively easy decision to give Windows the boot. What can be more difficult, however, is deciding which of the hundreds of Linux distributions out there is best for you and your business.
 
Mozilla today released an alpha version of its mobile browser for smartphones running Google's Android operating system.
 
Google announced on Twitter that more than 1 million calls had been placed via Gmail in a 24-hour period.
 
An administrator from Purdue University has developed software that can slow servers when the AC goes out
 
Deutsche Post, the successor to the German federal postal service, will offer bounties for bugs researchers find in its E-Postbrief secure message service, the company announced this week.
 
HTC Droid Incredible users can now get Froyo, the Android 2.2 software update that provides Flash media player and 3G hot spot capabilities.
 
The pitched battle for 3Par hit a new level today as Hewlett-Packard this morning bid $30 a share, or $2 billion, for the storage vendor just hours after Dell had raised its bid to $27 a share.
 
Bill Hullender wants to upgrade to Windows 7. He asked the Answer Line forum if his XP software will still work.
 
CRM systems are where the richest data about customer relationships is supposed to live, and most CRM systems provide a report-writing system as well as dozens of canned reports. As I wrote last week, reports immediately expose data quality problems and some of them can provide dangerous misinformation.
 
Google finds its Voice, states give Craigslist a choice
 
Intel lowered its revenue forecast for the fiscal third quarter of 2010 Friday, citing lower-than-expected demand for consumer PCs in mature markets.
 
The developers of the uTorrent file-sharing application have released an updated version that fixes a problem that could allow an attacker to load malicious code onto a user's computer.
 
3PAR has accepted a raised offer from Dell of $27 per share, matching HP's earlier raised bid. 3PAR's board has updated its earlier merger agreement with Dell accordingly, it said Friday.
 
Google's real-time search engine, which indexes and serves up status updates, messages and other public content from sites like Twitter and Facebook, now has its own Web address and contains new filtering capabilities.
 
A growing number of fitness and wellness programs are being offered to IT employees, but it takes a commitment from top leadership to give workers the flexibility they need to take advantage of the opportunities.
 
Workers who can’t browse certain Web sites or access particular networks at the office are voicing their complaints, says staffing firm Robert Half Technology.
 
FTP brute password guessing attacks are a fairly regular occurrence at the moment. The fact that these are occurring with regularity means that they are still working, so If you have an internet facing FTP server then there are a few things that you might consider doing to help weather the storm.
Watch your logs!

It is surprising when you work on an incident to see how long an event goes unnoticed. Sometimes months, even though the logs are full of events such as:


09:19:44 211.45.113.143 [2]USER Administrator 331 0

09:19:46 211.45.113.143 [2]PASS - 530 1326

09:19:46 211.45.113.143 [2]USER Administrator 331 0

09:19:46 211.45.113.143 [2]PASS - 530 1326

09:19:46 211.45.113.143 [2]USER Administrator 331 0

09:19:47 211.45.113.143 [2]PASS - 530 1326

09:19:47 211.45.113.143 [2]USER Administrator 331 0

09:19:47 211.45.113.143 [2]PASS - 530 1326

09:19:47 211.45.113.143 [2]USER Administrator 331 0

09:19:48 211.45.113.143 [2]PASS - 530 1326

09:19:48 211.45.113.143 [2]USER Administrator 331 0

09:19:48 211.45.113.143 [2]PASS - 530 1326

It is quite clear what is going on here. a user typing a password multiple times per second? not likely. The log shows very clearly what is going on someone is guessing passwords. In this case it was a Microsoft FTP server which was being attacked, so there is likely to be an administrator account on the system and eventually this attack result in access.
Many people don't have their logging enabled. Make sure it is switched on and watched regularly, this is something junior can do on his own.
Rename Administrator

On windows systems I like renaming the administrator account and then setting up a new user called Administrator, but without any privileges or access on the system. I set the password to something very long and then watch the logs. Even if they eventually manage to guess the password the account is not worth anything. It is a simple thing to do, but can be very effective. The FTP brute password attack above won't work and you may pick something else up as well. Simple but effective.
Remove Anonymous Access

Should you remove Anonymous access? I guess the answer depends on why there is an FTP server in the first place. Anonymous access is usually abused. When placing a FTP honeypot on the network the first files start getting uploaded, usually within the hour. So unless you really need it, remove it.
Restrict Access to FTP

In many organisations the actual use of FTP is fairly limited. There is no need for the whole internet to access the FTP serverthere may be a finite number of locations. Restrict access to FTP to these locations only, either through firewall rules, or on the FTP server itself (or even both). This will limit the opportunity for abuse of your FTP server.
The above are a few simple ways to reduce the risk of losing your FTP server to someone else. If you have some nifty tricks that will help protect an FTP service, write a comment or use the contact form.
Cheers

Mark H


(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
3PAR has accepted a raised offer from Dell of $27 per share, matching HP's earlier raised bid. 3PAR's board has updated its earlier merger agreement with Dell accordingly, it said Friday.
 
3PAR has accepted a raised offer from Dell of $27 per share, matching HP's earlier raised bid. 3PAR's board has updated its earlier merger agreement with Dell accordingly, it said Friday.
 
The U.S. Federal Trade Commission has settled a complaint it made against a public relations firm accused of using employees to pose as ordinary customers to post reviews of video games on Apple's iTunes store, the agency said Thursday.
 
Mozilla this week said it's unlikely that the final version of Firefox 4 will run on older Macs equipped with PowerPC processors.
 
The site helps developers better navigate technologies such as HTML, JavaScript
 
A new version of the malware dubbed Alureon, TLD3 and Tidserv, which crippled 32-bit Windows PCs last winter, is designed to infect PCs running 64-bit versions of the OS.
 
The site helps developers better navigate technologies such as HTML, JavaScript
 
Declining prices, a wide selection and dozens of makers of e-reader devices are among the indications that the e-reader market is young and likely to remain in a state of uncertainty for a few more years.
 
What do technology's great thinkers have to say about future user interfaces, computing a theory of the universe and how gamers could save the world? Watch these brief, illuminating talks from Stephen Wolfram, Tim Berners-Lee and more.
 
InfoSec News: [HITB-Announce] HITB2010 SIGNINT Sessions: Forwarded from: Hafez Kamal <aphesz (at) hackinthebox.org>
Hack In The Box is proud to announce, a brand new lightning session called HITB SIGINT (Signal Intelligence/Interrupt)! HITB SIGINT sessions are designed to provide a quick 15 minute overview for material and [...]
 
InfoSec News: Pentagon's cybersecurity plans have a Cold War chill: http://www.washingtonpost.com/wp-dyn/content/article/2010/08/25/AR2010082505962.html
By David Ignatius The Washington Post August 26, 2010
With little fanfare, the Pentagon is putting the finishing touches on a new strategy that will treat cyberspace as a domain of potential warfare Even though it deals with a distinctly 21st-century problem, the strategy has echoes of the Cold War: America's closest allies would be drawn into an early-warning network of collective cybersecurity; private industry would be mobilized in a kind of civil defense against attackers; and military commanders would be given authority to respond automatically to electronic invaders.
In place of "massive retaliation" against attackers whose country of origin may be unclear, the strategy proposes an alternative concept of deterrence based on making America's infrastructure robust and redundant enough to survive any attack. The Department of Homeland Security would oversee this hardening of infrastructure, with help from the National Security Agency.
William J. Lynn III, the deputy secretary of defense, explained the new approach, known as "Cyberstrategy 3.0" within the Pentagon, in an interview this week and in an article that appears in the new issue of Foreign Affairs. The formal policy should be completed by December, he said; meanwhile, the Pentagon's new "Cyber Command" will have responsibility for "active defense" starting Oct. 1.
[...]
 
InfoSec News: Researcher Creates Clearinghouse Of 14 Million Hacked Passwords: http://blogs.forbes.com/andygreenberg/2010/08/26/researcher-creates-clearinghouse-of-14-million-hacked-passwords/
By Andy Greenberg The Firewall Forbes.com August 26, 2010
The "Wall of Sheep" has become a cherished tradition at the annual Defcon hacker conference in Las Vegas: Anyone foolish enough to use the local wireless network at the hotel will likely have his or her username and password stolen, and later see those vital digital details projected onto a screen for thousands of attendees to see.
Now Canadian researcher Ron Bowes has created a sort of Wall of Sheep for the entire Internet. By simply collecting all the publicly-spilled repositories of users' passwords from recent hacking incidents, he's created a clearinghouse for stolen passwords on his Web site - 14,488,929 distinct passwords to be exact, collected from 32,943,045 users.
Bowes didn't steal these passwords, and they're not associated with usernames, an extra piece of data that would make listing them far more dangerous. All but 250,000 or so became public after the breach of RockYou.com, a social networking applications site penetrated by cybercriminals using an SQL-injection. Another 180,000 were spilled when the bulletin board software site phpbb was hacked using a vulnerability in one of the site's plugins. 37,000 more were stolen from MySpace using phishing techniques.
Bowes, a consultant with Dash9 security and a developer for security scanning tool NMap, says he collected the passwords to help researchers figure out how users choose passwords and make the authentication process more secure. The site he’s assembled is a wiki, so anyone can update it with new breached password lists. "Since I created it, I've had exceptionally good feedback from researchers around the world.," Bowes wrote in his blog. " As far as I know, it’s the best collection of breached passwords anywhere."
[...]
 
InfoSec News: Secunia Weekly Summary - Issue: 2010-34: ========================================================================
The Secunia Weekly Advisory Summary 2010-08-19 - 2010-08-26
This week: 76 advisories [...]
 
InfoSec News: China policy could force foreign security firms out: http://www.computerworld.com/s/article/9182218/China_policy_could_force_foreign_security_firms_out
By Robert McMillan IDG News Service August 26, 2010
China is stepping up efforts to keep the security systems that protect its critical infrastructure in the hands of local firms, and that could [...]
 
InfoSec News: Iranian Government Runs Public Warez Server: http://torrentfreak.com/iranian-government-runs-public-warez-server-100824/
By Ernesto torrentfreak.com August 24, 2010
The Iranian Research Organization for Science and Technology is directly connected to the Iranian Government. Aside from evaluating and advising [...]
 

Posted by InfoSec News on Aug 26

Forwarded from: Hafez Kamal <aphesz (at) hackinthebox.org>

Hack In The Box is proud to announce, a brand new lightning session
called HITB SIGINT (Signal Intelligence/Interrupt)! HITB SIGINT sessions
are designed to provide a quick 15 minute overview for material and
research that's up and coming - stuff that isn't quite ready for the
mainstream tracks of the conference but deserve a mention nonetheless.
Final year students who want...
 

Posted by InfoSec News on Aug 26

http://www.washingtonpost.com/wp-dyn/content/article/2010/08/25/AR2010082505962.html

By David Ignatius
The Washington Post
August 26, 2010

With little fanfare, the Pentagon is putting the finishing touches on a
new strategy that will treat cyberspace as a domain of potential warfare
-- and apply instant "active defense" to counter attacks that, in
theory, could shut down the nation's transportation and commerce.

Even though it...
 

Posted by InfoSec News on Aug 26

http://blogs.forbes.com/andygreenberg/2010/08/26/researcher-creates-clearinghouse-of-14-million-hacked-passwords/

By Andy Greenberg
The Firewall
Forbes.com
August 26, 2010

The "Wall of Sheep" has become a cherished tradition at the annual
Defcon hacker conference in Las Vegas: Anyone foolish enough to use the
local wireless network at the hotel will likely have his or her username
and password stolen, and later see those vital...
 

Posted by InfoSec News on Aug 26

========================================================================

The Secunia Weekly Advisory Summary
2010-08-19 - 2010-08-26

This week: 76 advisories

========================================================================
Table of Contents:

1.....................................................Word From...
 

Posted by InfoSec News on Aug 26

http://www.computerworld.com/s/article/9182218/China_policy_could_force_foreign_security_firms_out

By Robert McMillan
IDG News Service
August 26, 2010

China is stepping up efforts to keep the security systems that protect
its critical infrastructure in the hands of local firms, and that could
be bad news for companies based outside the country.

China has started sending out inspectors to check for compliance with a
little-known initiative...
 

Posted by InfoSec News on Aug 26

http://torrentfreak.com/iranian-government-runs-public-warez-server-100824/

By Ernesto
torrentfreak.com
August 24, 2010

The Iranian Research Organization for Science and Technology is directly
connected to the Iranian Government. Aside from evaluating and advising
policy makers on science and technology issues, the largest research
outfit in the country also provides a warez server where Photoshop, MS
Office and many other applications...
 
Hewlett-Packard has raised its offer for 3PAR to $27 per share, outbidding Dell once more as the battle to acquire the California-based storage vendor continues.
 

Internet Storm Center Infocon Status