Hackin9

For a good chunk of Tuesday, website administrators at Twitter, The New York Times, and other high-profile media outlets appeared to be locked in a high-stakes battle with self-proclaimed Syrian hackers for control of their Internet domains. Just as quickly as twitter.co.uk, nytimes.com, and other domains were returned to their rightful owners, Internet records showed they'd be seized all over again and made to point to a Russian Web host known to cater to purveyors of drive-by malware exploits and other online nasties.

In between these dueling sides was Melbourne IT, an Australian domain registrar that managed the domain names not only for Twitter and the NYT, but also for The Huffington Post, which security researchers also said also experienced problems. Update: A spokesman for the company told The Australian Financial Review the outages were the result of a breach of its security. The login credentials of one of the company's resellers were compromised, allowing attackers to access servers and change settings that direct users to the correct servers.

One of the researchers following the clash was HD Moore, chief research officer of security firm Rapid7, who watched the struggle play out more or less in real time. At one point on Tuesday afternoon, his searches showed the official domain name servers for twitter.co.uk as being ns1.syrianelectronicarmy.com and ns2.syrianelectronicarmy.com. A half-hour later, the name servers had been changed back to the much more benign servers at a4.nstld.com, f4.nstld.com, g4.nstld.com, and l4.nstld.com.

Read 5 remaining paragraphs | Comments


    






 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The New York Times blamed a prolonged website outage on Tuesday on a hacking attack at the company's Australia-based domain name registrar, Melbourne IT.
 
 

On Tuesday afternoon, The New York Times confirmed that its website was hacked, possibly by the Syrian Electronic Army (SEA), a Syrian pro-government group.

In a tweet, Eileen Murphy, a Times vice president for corporate communications, wrote: “initial assessment - issue is most likely result of malicious external attack. working to fix.”

The SEA has become increasingly aggressive in recent months, targeting English-language media, including the Financial Times’ Twitter account, the Associated Press, National Public Radio, and even The Onion, which detailed the takeover on its own site in May 2013.

Read 4 remaining paragraphs | Comments


    






 
Yahoo has redesigned its Sports, Movies, Music, TV, omg, Games and Weather sites with a more consistent look and some personalized tools, the company said Tuesday.
 
The prices for 4K or "Ultra HD" televisions are still very expensive, but they're less so than they were a month ago, at least for models from Sony and Samsung.
 
Less than two weeks after suffering a prolonged website outage, the New York Times was knocked offline again on Tuesday -- apparently as the result of a malicious hacking attack.
 
A Pennsylvania man who was allegedly a member of the computer hacking group the Underground Intelligence Agency has pleaded guilty to one count of conspiracy and two counts of computer intrusion, the U.S. Department of Justice announced.
 
The newly launched VMware vCloud Hybrid Service will start offering a fully supported Suse Linux Enterprise Server by the end of the year, making it the first commercially supported Linux OS that the cloud service plans to offer.
 
Image showing Facebook server exposing a security credential to an unauthorized Android app. It took Facebook several months to fix the vulnerability.

Computer scientists have uncovered architectural weaknesses in both the iOS and Android mobile operating systems that make it possible for hackers to steal sensitive user data and login credentials for popular e-mail and storage services.

Both OSes fail to ensure that browser cookies, document files, and other sensitive content from one Internet domain are off-limits to scripts controlled by a second address without explicit permission, according to a just-published academic paper from scientists at Microsoft Research and Indiana University. The so-called same-origin policy is a fundamental security mechanism enforced by desktop browsers, but the protection is woefully missing from many iOS and Android apps. To demonstrate the threat, the researchers devised several hacks that carry out so-called cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks to surreptitiously download user data from handsets.

The most serious of the attacks worked on both iOS and Android devices and required only that an end-user click on a booby-trapped link in the official Google Plus app. Behind the scenes, a script sent instructions that caused a text-editing app known as PlainText to send documents and text input to a Dropbox account controlled by the researchers. The attack worked against other apps, including TopNotes and Nocs.

Read 7 remaining paragraphs | Comments


    






 

The website for the New York Times was taken offline today by way of an attack on their DNS.  Shown below is the summary Dr. J whipped up:

The normal NYTimes.com name servers are

;; AUTHORITY SECTION:
nytimes.com.            172800  IN      NS      dns.ewr1.nytimes.com.
nytimes.com.            172800  IN      NS      dns.sea1.nytimes.com.

but one .com name server still answers with:

;; AUTHORITY SECTION:
nytimes.com.            172800  IN      NS      ns27.boxsecured.com.
nytimes.com.            172800  IN      NS      ns28.boxsecured.com.

;; ADDITIONAL SECTION:
ns27.boxsecured.com.    172800  IN      A       212.1.211.126
ns28.boxsecured.com.    172800  IN      A       212.1.211.141

and returns an IP in that subnet

nytimes.com.
212.1.211.121

Connecting to this server results in:

HTTP/1.1 200 OK
Date: Tue, 27 Aug 2013 20:55:33 GMT
Server: Apache
X-Powered-By: PHP/5.3.26
Content-Length: 14
Content-Type: text/html

Hacked by SEA
Connection closed by foreign host

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A new Web-based service for cybercriminals automates the creation of fake scanned documents that can help fraudsters bypass the identity verification processes used by some banks, e-commerce businesses and other online services providers, according to researchers from Russian cybercrime investigations firm Group-IB.
 
A COBOL (common business oriented language)-based system used to support New York's US$160 billion state pension fund has become the subject of controversy, with some officials claiming it poses a potential security risk and others defending it as "battle-tested," albeit set to be replaced.
 
By 2020, Nissan will offer self-driving cars in several models created in collaboration with tech teams from the top universities, including MIT, Stanford, Oxford, Carnegie Mellon and the University of Tokyo.
 

Four patches have undergone signficant revision according to Microsoft.  The following patches were updated today by Microsoft, and are set to roll in the automatic updates:

MS13-057 - Critical

 - https://technet.microsoft.com/security/bulletin/MS13-057
 - Reason for Revision: V3.0 (August 27, 2013): Bulletin revised to
   rerelease security update 2803821 for Windows XP,
   Windows Server 2003, Windows Vista, and Windows Server 2008;
   security update 2834902 for Windows XP and Windows Server 2003;
   security update 2834903 for Windows XP; security update 2834904
   for Windows XP and Windows Server 2003; and security update
   2834905 for Windows XP. Windows XP, Windows Server 2003,
   Windows Vista, and Windows Server 2008 customers should install
   the rereleased updates. See the Update FAQ for more information.
 - Originally posted: July 9, 2013
 - Updated: August 27, 2013
 - Bulletin Severity Rating: Critical
 - Version: 3.0

MS13-061 - Critical

 - https://technet.microsoft.com/security/bulletin/MS13-061
 - Reason for Revision: V3.0 (August 27, 2013): Rereleased bulletin
   to announce the reoffering of the 2874216 update for Microsoft
   Exchange Server 2013 Cumulative Update 1 and Microsoft Exchange
   Server 2013 Cumulative Update 2. See the Update FAQ for details.
 - Originally posted: August 13, 2013
 - Updated: August 27, 2013
 - Bulletin Severity Rating: Critical
 - Version: 3.0

* MS13-jul

 - https://technet.microsoft.com/security/bulletin/ms13-jul
 - Reason for Revision: V3.0 (August 27, 2013): For MS13-057,
   bulletin revised to rerelease security update 2803821 for
   Windows XP, Windows Server 2003, Windows Vista, and
   Windows Server 2008; security update 2834902 for Windows XP and
   Windows Server 2003; security update 2834903 for Windows XP;
   security update 2834904 for Windows XP and Windows Server 2003;
   and security update 2834905 for Windows XP. Windows XP,
   Windows Server 2003, Windows Vista, and Windows Server 2008
   customers should install the rereleased updates that apply to
   their systems. See the bulletin for details.
 - Originally posted: July 9, 2013
 - Updated: August 27, 2013
 - Version: 3.0

* MS13-aug

 - https://technet.microsoft.com/security/bulletin/ms13-aug
 - Reason for Revision: V3.0 (August 27, 2013): For MS13-061,
   bulletin revised to announce the reoffering of the 2874216
   update for Microsoft Exchange Server 2013 Cumulative Update 1
   and Microsoft Exchange Server 2013 Cumulative Update 2.
   See the bulletin for details
 - Originally posted: August 13, 2013
 - Updated: August 27, 2013
 - Version: 3.0

Thanx goes out to Dave for sharing this update, things are rolling out already.

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
NASA released an animation of an ambitious project that includes capturing a near-Earth asteroid and sending astronauts into space to study it.
 
As the trend famously codified by Intel co-founder Gordon Moore -- that the number of transistors on an integrated circuit would double every two years -- seems to be flagging, one top engineer suggests that it is time to rethink chip design to buy performance increases.
 
Facebook received more than 25,000 requests from governments about its users during the first half of 2013, with nearly half of those requests coming from U.S. law enforcement and related agencies, the company said.
 
Windows app developers today took Microsoft to task for the company's decision to withhold Windows 8.1 until mid-October.
 
[ MDVSA-2013:222 ] puppet
 
Microsoft CEO Steve Ballmer's announcement last week that he will step aside in the next 12 months has renewed calls by analysts that the company offer Office on Apple's iPad and tablets powered by Google's Android.
 
[SECURITY] [DSA 2744-1] tiff security update
 
It's a common belief that men are paid more than women for the same job in the tech field. However, based on two recent salary surveys, that belief turns out to be less accurate than you might think. However, that doesn't mean significant gender career issues don't exist.
 
[ MDVSA-2013:220 ] lcms
 
[ MDVSA-2013:221 ] php
 
Oracle CEO Larry Ellison typically uses his annual OpenWorld conference keynotes to deliver the company's biggest announcements and strategic positioning. This year it's in-memory database and platform as a service offerings.
 
Four new smartphone OSes intend to challenge the dominant position of Apple and Google. Mozilla's Firefox OS is the first out of the gate, but Canonical, Samsung Electronics and Intel, as well as Finnish upstart Jolla Mobile, are also getting their alternatives ready.
 
Samsung Electronics claims that Ericsson demanded billions more for patent licenses after their license agreement expired in 2007.
 
POC2013 Call for Paper
 
[SECURITY] [DSA 2743-1] kfreebsd-9 security update
 
Microsoft today declared Windows 8.1 ready for computer and tablet makers, saying the update had reached its RTM, or "release to manufacturing" milestone.
 
Winamp CVE-2013-4694 Multiple Stack Buffer Overflow Vulnerabilities
 
TYPO3 Javascript and CSS Optimizer Unspecified Cross Site Scripting Vulnerability
 
CEO Ballmer and his predecessor shared a vision of how Microsoft could stay on top by focusing on Windows.
 
LinuxSecurity.com: It was discovered that PHP, a general-purpose scripting language commonly used for web application development, did not properly process embedded NUL characters in the subjectAltName extension of X.509 certificates. Depending on the application and with [More...]
 
LinuxSecurity.com: Updated lcms packages fix security vulnerability: Three buffer overflows in Little CMS version 1.19 that could possibly be exploited through user input (CVE-2013-4276). [More...] _______________________________________________________________________
 
LinuxSecurity.com: Several vulnerabilities have been discovered in the FreeBSD kernel that may lead to a privilege escalation or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
 
Samsung Electronics claims that Ericsson demanded billions more for patent licenses after their license agreement expired in 2007.
 
Citrix Systems will use its NetScaler Control Center for VMware to manage NetScaler functionality within virtualized networks that use VMware's NSX platform.
 
PuTTY SSH keyboard Interactive Authentication Password Information Disclosure Weakness
 
FreeBSD 'nfsserver' Module CVE-2013-4851 Access Bypass Vulnerability
 
FreeBSD IP_MSFILTER Local Privilege Escalation Vulnerability
 
Drupal Imagemenu Module Cross Site Scripting Vulnerability
 
ARM has acquired Sensinode in Finland in its bid to provide technology and processors for the 'Internet of things' consisting of a variety of low-power and inexpensive devices including sensors communicating with the Internet and one another.
 
A version of Google Glass for people who already wear glasses will arrive in a few months, the head of the Google project said Monday.
 
Google has told Android developers that they can start offering free apps in Iran, while Apple has removed Iran from among the countries to which sales of its products are prohibited.
 
In new jobs after graduating from university, Eric Perriard and Tom Wright found their employers could articulate grandiose strategies for their businesses. But there was little connection to how the average employee could help out.
 
Buyback firms today remained unconcerned about a reported Apple in-store iPhone trade-in program, saying that if accurate, it simply vindicated their business models.
 
Mere days into the Steve Ballmer Successor Watch, guessing his successor has become a tech industry pastime.
 
A U.S. judge has put a stamp of approval on a $20 million fund for Facebook to settle a class-action advertising suit, despite objections from groups representing minors on the site.
 
Windows 8 may be seeing sluggish demand, but Dell believes its the best OS for business tablets and plans to roll out more products built with the operating system later this year, a senior executive said Tuesday.
 
IBM WebSphere Extended Deployment Compute Grid CVE-2013-4039 Information Disclosure Vulnerability
 

Posted by InfoSec News on Aug 27

http://news.techworld.com/security/3465607/china-suffers-major-ddos-attack-on-cn-domain/

By Michael Kan
Techworld.com
26 August 2013

China's Internet on early Sunday morning suffered a major distributed
denial of service (DDoS) attack that briefly disrupted and slowed access
to sites in the .cn domain.

The DDoS attack was the largest in history against the domain servers for
China's .cn ccTLD (country code top level domain),...
 

Posted by InfoSec News on Aug 27

http://blogs.fas.org/secrecy/2013/08/cyber-offense/

By Steven Aftergood
Secrecy News
August 26, 2013

The subject of offensive cyber action by the U.S. government was
classified for many years and was hardly discussed in public at all. Then
several years ago the possibility of U.S. cyber offense was formally
acknowledged, though it was mostly discussed in the conditional mood, as a
capability that might be developed and employed under...
 

Posted by InfoSec News on Aug 27

http://www.computerworld.com/s/article/9241833/Hackers_may_cash_in_when_XP_is_retired

By Gregg Keizer
Computerworld
August 26, 2013

Hackers could find themselves in the catbird seat on April 8, 2014 -- the
day Microsoft plans to stop patching Windows XP. As security expert Jason
Fossen sees it, those who have zero-day exploits for XP will bank them
until that day and then sell them to crooks or loose them themselves on
unprotected PCs....
 

Posted by InfoSec News on Aug 27

http://investigations.nbcnews.com/_news/2013/08/26/20197183-how-snowden-did-it

By Richard Esposito and Matthew Cole
NBC News
August 26, 2013

When Edward Snowden stole the crown jewels of the National Security
Agency, he didn't need to use any sophisticated devices or software or go
around any computer firewall.

All he needed, said multiple intelligence community sources, was a few
thumb drives and the willingness to exploit a gaping...
 

Posted by InfoSec News on Aug 27

http://www.nextgov.com/cybersecurity/2013/08/contractors-now-using-encrypted-calls-and-text-legal-advice/69341/

By Aliya Sternstein
Nextgov
August 26, 2013

With economic espionage and domestic surveillance creating a climate of
cyber insecurity, some intellectual property attorneys now employ
encrypted communications to correspond with federal contractor clients.

Tools such as RedPhone, a mobile voice app, and Silent Circle, a text,
video...
 
Internet Storm Center Infocon Status