Google has given Symantec an offer it can't refuse: give a thorough accounting of its ailing certificate authority process or risk having the world's most popular browser—Chrome—issue scary warnings when end users visit HTTPS-protected websites that use Symantec credentials.

The ultimatum, made in a blog post published Wednesday afternoon, came five weeks after Symantec fired an undisclosed number of employees caught issuing unauthorized transport layer security certificates. The misissued certificates made it possible for the holders to impersonate HTTPS-protected Google webpages.

Symantec first said it improperly issued 23 test certificates for domains owned by Google, browser maker Opera, and three other unidentified organizations without the domain owners' knowledge. A few weeks later, after Google disputed the low number, Symantec revised that figure upward, saying it found an additional 164 certificates for 76 domains and 2,458 certificates for domains that had never been registered. The misissued certificates represented a critical threat to virtually the entire Internet population because they made it possible to cryptographically impersonate the affected sites and monitor communications sent to and from the legitimate servers.

Read 5 remaining paragraphs | Comments

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Arbitrary code execution resp. escalation of privilege with Mozilla's SETUP.EXE

Network World

How CSC can help build your InfoSec framework
Network World
Just as a house built on sand is not going to last, an InfoSec strategy that lacks a solid foundation is going to fail, no matter how much money you throw at it. We hear plenty about the growth in software vulnerabilities, the rise of malware and ...


Enlarge (credit: Troy Hunt)

A security researcher has discovered a trove of more than 13 million plaintext passwords that appear to belong to users of 000Webhost, a service that says it provides reliable and high-speed webhosting for free.

The leaked data, which also includes users' names and e-mail addresses, was obtained by Troy Hunt, an Australian researcher and the operator of Have I Been Pwned?, a service that helps people figure out if their personal data has been exposed in website breaches. Hunt received the data from someone who contacted him and said it was the result of a hack five months ago on 000Webhost.

Hunt has so far confirmed with five of the people included in the list that it contains the names, passwords, and IP addresses they used to access 000Webhost. "By now there’s no remaining doubt that the breach is legitimate and that impacted users will have to know," he wrote in a blog post published Wednesday. He said that he worked hard to notify company officials and get them to publicly warn users that their passwords have been exposed. So far, all that's happened, he said, is that the service has notified users who log in that their passwords have been reset "by 000Webhost system for security reasons."

Read 4 remaining paragraphs | Comments


This story originally appeared on Electronic Frontier Foundation's website and is republished with EFF's permission.

Law enforcement agencies around the country have been all too eager to adopt mass surveillance technologies, but sometimes they have put little effort into ensuring the systems are secure and the sensitive data they collect on everyday people is protected.

Case in point: automated license plate recognition (ALPR) systems.

Read 49 remaining paragraphs | Comments


This morning, I faced an interesting case. We were notified that one of our computers was doing potentially malicious HTTP requests. The malicious URL was: api.wipmania.com. We quickly checked and detected to many hosts were sendingrequests to this API. It is a website hosted in France which provides geolocalisation services via a text/json/xml API. The usage is pretty quick and">[email protected]$curl http://api.wipmania.com/ip_address

You provide an IP address and it returns its 2-letters country code. They provide also a paying version with more features.We investigated deeper and found that one request was indeed performed by a single host using a fake User-Agent.">alert http $HOME_NET any - $EXTERNAL_NET any (msg:ET POLICY External IP Lookup Attempt To Wipmania content:Host|3A 20|api.wipmania.com|0d 0a|)
alert http $HOME_NET any - $EXTERNAL_NET any (msg:ET TROJAN Dorkbot GeoIP Lookup to wipmania content:User-Agent|3a| Mozilla/4.0|0d 0a|Host|3a| api.wipmania.com|0d 0a|)
sid-msg.map:2015800 || ET TROJAN Dorkbot GeoIP Lookup to wipmania

I found references to api.wipmania.com in the following malwares:

  • Dorkbot
  • Ruskill

VT reported 97 occurrences of the domain wipmania.comin malicious files:https://www.virustotal.com/intelligence/search/?query=wipmania.com

Conclusion: if you provide online services and they become popular be careful to not be (ab)used by malwares! It could affect your overall reputation and make you flagged/blocked in black lists.

Xavier Mertens
ISC Handler - Freelance Security Consultant

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.


Enlarge (credit: Shaik, et al.)

Researchers have devised a low-cost way to discover the precise location of smartphones using the latest LTE standard for mobile networks, a feat that shatters widely held perceptions that the standard is immune to the types of attacks that targeted earlier specifications.

The attacks target the LTE specification, which is expected to have a user base of about 1.37 billion people by the end of the year, and require about $1,400 worth of hardware that run freely available open source software. The equipment can cause all LTE-compliant phones to leak their location to within a 32- to 64-foot (about 10 to 20 meter) radius and in some cases their GPS coordinates, although such attacks may be detected by savvy phone users. A separate method that's almost impossible to detect teases out locations to within an area of roughly one square mile in an urban setting.

The researchers have devised a separate class of attacks that causes phones to lose connections to LTE networks, a scenario that could be exploited to silently downgrade devices to the less secure 2G and 3G mobile specifications. The 2G, or GSM, protocol has long been known to be susceptible to man-in-the-middle attacks using a form of a fake base station known as an IMSI catcher (like the Stingray). 2G networks are also vulnerable to attacks that reveal a phone's location within about 0.6 square mile. 3G phones suffer from a similar tracking flaw. The new attacks, described in a research paper published Monday, are believed to be the first to target LTE networks, which have been widely viewed as more secure than their predecessors.

Read 12 remaining paragraphs | Comments



Young adults unaware of infosec job opportunities
Information security professionals frequently talk about the talent and skills gap, where there are plenty of security jobs but not enough people to fill them. Young adults between 18 to 26 years of age are not aware about cyber security career ...
Cyber security talent shortage: Business is struggling to keep up with ...City A.M.

all 84 news articles »
[SECURITY] [DSA 3381-1] openjdk-7 security update
[SECURITY] [DSA 3380-1] php5 security update
Internet Storm Center Infocon Status