Hackin9
Facebook has blocked Vintage Camera, an Instagram-like photo app, from accessing its API (application programming interface). The move follows the recent blocking of other apps by the social networking giant.
 
Cisco Systems has entered the list of the top 5 server vendors for the first time, drawing level with Fujitsu and Oracle in a tie for fourth place, research firm IDC said on Wednesday.
 
RSA exhibitors offered a range of mobile application management solutions, intended to ease the challenges of monitoring BYOD environments.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
In his RSA Conference 2013 keynote, Microsoft's Scott Charney struck an optimistic note when talking about the future of information security.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

[Guest Diary: Dylan Johnson BSc.CISSP] [Theres value in them there logs!]

Today we bring you a guest diary from Dylan Johnson where he shows us a really cool way to aggregate logs into one place, search, trend, analyze in realtime and graph.

Events in Logs tell a story and are invaluable as a data source. Logs can be used as a source to create complex instrumentation, aid with root cause analysis, and provide real time analysis, during a security incident for example and a plethora of other uses such as trend analysis and forecasting. One of the problems with logs is their non standard use of timestamps, so if you want to correlate across logs you need some pretty tasty regular expression skills. It would be great if your search terms dealt with a single time stamp format and could also query the intrinsic values in all of these logs, across multiple machines, in real-time and with trending information + time series data. Sounds like a big ask for free? Read on!

This diary slot is not large enough to go into any great detail, however I wanted to share a event management framework that concerns itself with shipping, normalisation, filtering, output, time series data and trending of data in log files, from here on referred to as events.

Below is the architecture:



Lets look at the architecture above as there a fair amount of independent moving parts.

Logstash is a stupendous Java application created by Jordan Sissel (see www.logstash.net) which takes data from multiple sources such as file, syslog, message queues, pipes etc and gives you the power to splice and dice, top and tail and mangle this data or event stream via filters (more on these later) and importantly gives each event a standard time stamp. Once you have filtered or normalised your data Logstash gives you plenty of output options for this data such as Elasticsearch, email, graphite and Nagios. So in a nutshell Logstash takes your event streams, does stuff to them and outputs them somewhere useful. This architecture utilises the Elasticsearch output filter (www.elasticsearch.org) an extremely fast, scalable database with Lucene (http://lucene.apache.org/core/) built in for good measure. You can query Elasticsearch via simple REST based calls. As you can see we use Kibana (www.kibana.org) as the query interface and its great as you will see later. There is also Graylog (www.graylog2.org) and one thing to note about Graylog is that is has alerting a feature currently missing in kibana.

Statsd is an aggregation service that listens for events from the Logstash Statsd (https://github.com/etsy/statsd/) output plug-in, counts the events up over time and emits them to graphite (http://graphite.wikidot.com/), a real time scalable time series data application.

One last tool to mention is GROK. GROK is utilised in Logstash filtering, its goal is to bring more semantics to regular expressions allowing expression of ideas rather than complex syntax. (http://code.google.com/p/semicomplete/wiki/GrokConcepts) There is a great tool to help with creating your GROK filters here (http://grokdebug.herokuapp.com/)

Here is a simple Logstash.conf file that reads in an Apache log from a file, parses all of the fields from each event in the log and outputs to Elasticsearch and Graphite. You can find more information on Logstash.net and there is a big community offering support on IRC Freenode.net #logstash

input {


file {


type = Apache


path = [/var/log/httpd/access_log]

}}

filter {


grok {


type = Apache


patterns_dir = /data/syslog_inbound/grok_pat


pattern = %{COMBINEDAPACHELOG}

}}

output {

elasticsearch {


bind_host = 0.0.0.0

}

statsd {


increment = Apache.Verbs.%{verb}

}}

As you can see the pattern %COMBINEDAPACHELOG is doing some pretty powerful stuff. Its breaking the log up into its constituent parts. This is really useful if you want to get trending metrics from Elasticsearch. For example, tell me what hosts are trending up and down for GETS or 404s etc.

To end on here are a few screen shots showing what you get from all of this effort.

Trending



Output to Graphite via Statsd



Base Line Stats



We have only just scratched the surface here! The framework detailed has limitless potential to solve many complex security event management problems. I hope this has given you an idea of what can be achieved with a bit of research and hard work.



Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form

--

Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center https://isc.sans.edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Can't wait to try a pair of Google's upcoming computerized glasses? You better get your request to be a Glass explorer in today.
 
Two U.S. lawmakers have introduced legislation that would require a losing plaintiff to pay legal costs in many patent infringement lawsuits, in an effort to discourage so-called patent trolls from filing court cases.
 
[SECURITY] [DSA 2634-1] python-django security update
 
Facebook is rolling out a patch to fix a rare bug in its API that had apparently been leaking users' phone numbers to app developers.
 
After creating a ruckus for calling all of its telecommuters back into the office, Yahoo is trying to quell some of the furor.
 
Some Republican lawmakers on Wednesday accused two U.S. agencies of wasting hundreds of millions of dollars in broadband stimulus money on failed projects, but supporters of the broadband spending questioned the Republican numbers.
 
ARM is promising close to 70% processor power savings with a new chip design called Big.Little, and mobile devices on display at the Mobile World Congress provided the first glimpse of how the technology works.
 
Cisco Unified Communications Domain Manager Unspecified Cross Site Scripting Vulnerability
 
Microsoft's top Office executive, Kurt DelBene, yesterday dodged questions about plans to bring its lucrative suite to Apple's iPad.
 
Dell has taken the wraps off the Dell Wireless Dock, which allows the company's Latitude 6430u Ultrabook to connect to peripherals wirelessly using the WiGig standard.
 
Security researchers have identified an ongoing cyber-espionage campaign that compromised 59 computers belonging to government organizations, research institutes, think tanks and private companies from 23 countries in the past 10 days.
 
A deep-dive review of Google's new Chromebook Pixel laptop, which has high-quality hardware and an amazing touch-based display -- and a few limitations. So at $1,300, is it the laptop for you?
 
[SECURITY] [DSA 2633-1] fusionforge security update
 

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form

--

Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center https://isc.sans.edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Products from several smartphone vendors and processors from the likes of Nvidia are helping drive down the cost of LTE-enabled devices.
 
Microsoft is about to embark on a second wave of Windows 8 client hardware promotions and user education, an executive said Wednesday.
 
Google says its risk-based monitoring system has allowed it to reduce account compromises by over 99 per cent


 
War FTP Daemon Log Messages Denial of Service Vulnerability
 
CISOs at RSA Conference 2013 say identifying attack campaigns means taking security big data to the next level. The hard part? Finding data analysts.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
A US company has filed complaints against seven major IT companies, accusing them of infringing a file encryption patent. The company reached an out-of-court settlement with Microsoft five years ago


 
Sony Mobile will provide an experimental version of the Firefox OS on one of its smartphones so that developers can try it out and start working on applications.
 
A Texas federal judge denied Apple's move to reduce last year's $368 million jury verdict in a patent infringement case it lost, and ordered the Cupertino, Calif., company to pay more than $363,000 daily in interest and damages until a final judgment is awarded, the plaintiff said today.
 
One of the first low-cost Android tablets with an Intel x86 processor was announced at Mobile World Congress, setting the stage for a long battle between the world's largest chip maker and ARM, whose processors go into most tablets today.
 
The history of the Stuxnet worm that targets uranium enrichment plants must be rewritten. First variants were in circulation before 2009 – the version that has now been found was first uploaded to the net in 2007, and its C&C server was already registered in 2005


 
GnuTLS TLS And DTLS Information Disclosure Vulnerability
 

BankInfoSecurity.com

Daniel Sees Path to New Infosec Law
BankInfoSecurity.com
Debate over cybersecurity bills last year coupled with recent, highly publicized attacks have raised the visibility of the threat, and that could push Congress to enact IT security legislation in 2013, White House Cybersecurity Coordinator Michael ...

and more »
 
OK, lots of interesting stuff for you this week. First up, LinkedIn has open sourced a system called Databus, a real-time database change capture system that provides a "timeline-consistent stream of change capture events ... grouped in transactions, in source commit order."
 
Oracle CEO Larry Ellison has added a local airline to his Hawaiian holdings, following his purchase last year of Lanai, one of the state's islands.
 
Security company Maz Encryption Technologies sued seven large technology companies for allegedly infringing on several of its security patents. The suits target security technology used in the iPhone and iPad as well as the BlackBerry Enterprise Solution, among other products.
 
Microsoft will upgrade on Wednesday its existing Office 365 cloud email and collaboration suites for businesses, as well as introduce new bundles, growing even more the list of Office 365 editions, which some analysts and users had already termed somewhat confusing.
 
Smartphones, it seems, can do anything.
 
Microsoft has joined the Open Data Center Alliance, a user-led organization that aims to simplify the purchasing of data center and cloud services by promoting interoperability and common standards.
 
Nokia Siemens Networks says it can prevent LTE base stations from getting overloaded while extra capacity in nearby cells goes to waste, even if the cells use different types of spectrum.
 
Noah Kravitz built up quite a following at PhoneDog, a mobile-phone news and reviews website. By late 2010 his @PhoneDog_Noah Twitter account had amassed more than 17,000 followers. That was all well and good, until Kravitz resigned and went to work for a competitor.
 
The emergence of the Firefox OS is just one more reason that Microsoft and BlackBerry will need to sharpen their marketing savvy to sell more smartphones in 2013.
 
Xen AMD IOMMU CVE-2013-0153 Local Denial of Service Vulnerability
 
Xen OXenstored Daemon CVE-2013-0215 Local Denial of Service Vulnerability
 
Xen Linux netback CVE-2013-0216 Local Denial of Service Vulnerability
 
Xen Linux netback CVE-2013-0217 Local Denial of Service Vulnerability
 
In the third part of a three-part series, we look at two organizations that have chosen WordPress as their content management system.
 
Iceotope's immersively cooled server racks are now in production, and the company has named its first customer, the University of Leeds, in the north of England.
 
China Mobile has unveiled four smartphones built to run on its upcoming 4G LTE TDD network, with the handsets coming from foreign brands including HTC and LG, and Chinese handset makers Huawei and ZTE.
 
An investor advisor group is asking shareholders of Hewlett-Packard not to re-elect two long-standing board members and to oppose the ratification of the company's audit firm in connection with the continuing controversy over the company's purchase of Autonomy.
 
Sapphire could someday be used in some smartphone displays instead of the toughened Gorilla Glass popular today
 
ARM creates the intellectual property used in the designs used to run more than 95% of the smartphones in the world, but the company had only a small booth at the edge of Hall 6 at Mobile World Congress this week.
 
Customers who purchased a Windows 7 PC from June 2012 through January 2013 have just two more days to submit their claims for a discounted copy of Windows 8, Microsoft said yesterday.
 
Latest blend of Exchange, SharePoint, and Lync servers in the cloud combines an excellent feature set with easier setup and management
 
Rsync Daemon Excludes Multiple File Access Vulnerabilities
 
Adobe Flash Player CVE-2013-0504 Buffer Overflow Vulnerability
 
Adobe Flash Player CVE-2013-0648 Remote Code Execution Vulnerability
 
Indian outsourcer Tata Consultancy Services has agreed to settle a class action lawsuit by paying $30 million to employees deputed for work in the U.S. from India.
 
Another emergency update for Flash this month, this time to block an exploit in the wild that is using two vulnerabilities together to break into systems using the Firefox web browser


 
Adobe Flash Player CVE-2013-0643 Unspecified Security Vulnerability
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status