Information Security News
by Sean Gallagher
While digging through the data unearthed in an unprecedented census of nearly the entire Internet, Researchers at Rapid7 Labs have discovered a lot of things they didn't expect to find openly responding to port scans. One of the biggest surprises they discovered was the availability of data that allowed them to track the movements of more than 34,000 ships at sea. The data can pinpoint ships down to their precise geographic location through Automated Identification System receivers connected to the Internet.
The AIS receivers, many of them connected directly to the Internet via serial port servers, are carried aboard ships, buoys, and other navigation markers. The devices are installed at Coast Guard and other maritime facilities ashore to prevent collisions at sea within coastal waters and to let agencies to track the comings and goings of international shipping. Rapid7 security researcher Claudio Guarnieri wrote in a blog post on Rapid7's Security Street community site that he, Rapid7 Chief Research Officer H.D. Moore, and fellow researcher Mark Schloesser discovered about 160 AIS receivers still active and responding over the Internet. In 12 hours, the trio was able to log more than two gigabytes of data on ships' positions—including military and law enforcement vessels.
For many of the ships, the vessel's name was included in the broadcast data pulled from the receivers. For others, the identification numbers broadcast by their beacons are easily found on the Internet. By sifting through the data, the researchers were able to plot the location of individual ships. "Considering that a lot of military, law enforcement, cargoes, and passenger ships do broadcast their positions, we feel that this is a security risk," Guarnieri wrote.
Ongoing exploits infecting tens of thousands of reputable sites running the Apache Web server have only grown more powerful and stealthy since Ars first reported on them four weeks ago. Researchers have now documented highly sophisticated features that make these exploits invisible without the use of special forensic detection methods.
Linux/Cdorked.A, as the backdoor has been dubbed, turns Apache-run websites into platforms that surreptitiously expose visitors to powerful malware attacks. According to a blog post published Friday by researchers from antivirus provider Eset, virtually all traces of the backdoor are stored in the shared memory of an infected server, making it extremely hard for administrators to know their machine has been hacked. This gives attackers a new and stealthy launchpad for client-side attacks included in Blackhole, a popular toolkit in the underground that exploits security bugs in Oracle's Java, Adobe's Flash and Reader, and dozens of other programs used by end users. There may be no way for typical server admins to know they're infected.
"Unless a person really has some deep-dive knowledge on the incident response team, the first thing they're going to do is kill the evidence," Cameron Camp, a security researcher at Eset North America, told Ars. "If you run a large hosting company you're not going to send a guy in who's going to do memory dumps, you're going to go on their with your standard tool sets and destroy the evidence."
Previously we detailed this project in Feature of the Week: Report Fake Tech Support Calls and some initial statistic reports at Feature of the Week: Report Fake Tech Support Call Statistics.
We have steadily been receiving first and second hand information emails about fake tech support calls and sms spam. I wanted to highlight our data collection project again at https://isc.sans.edu/reportfakecall.html where you, or anyone that reports these to you, can submit as much information as you are comfortable sending us to help better understand how common "Fake Tech Support" calls are, and what they are trying to achieve.
The emphasis today is on SMS (texting) type messages! The first question on the form "Was the call automated or did a person call you?" has choices for automated, personal or SMS. Follow on questions for SMS can include message language, URL if any and the phone number. Fill in any or all of the information, nothing is required but anything is helpful.
I can't wait to get my first call and go round-and-round trying to find the start button on my linux system :D but I have received numerous SMS spam and submitted to the form.
Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form
Adam Swanger, Web Developer (GWEB, GWAPT)
Internet Storm Center https://isc.sans.edu
by Casey Johnston
The password creation process on different websites can be a bit like visiting foreign countries with unfamiliar social customs. This one requires eight characters; that one lets you have up to 64. This one allows letters and numbers only; that one allows hyphens. This one allows underscores; that one allows @#$&%, but not ^*()!—and heaven forbid you try to put a period in there. Sometimes passwords must have a number and at least one capital letter, but no, don’t start the password with the number—what do you think this is, Lord of the Flies?
You can’t get very far on any site today without making a password-protected account for it. Using the same password for everything is bad practice, so new emphasis has emerged on passwords that are easy to remember. Sentences or phrases of even very simple words have surfaced as a practical approach to this problem. As Thomas Baekdal wrote back in 2007, a password that’s just a series of words can be “both highly secure and user-friendly.” But this scheme, as well as other password design tropes like using symbols for complexity, does not pass muster at many sites that specify an upper limit for password length.
Most sites seem to have their own particular password bugaboos, but it’s rarely, if ever, clear why we can’t create passwords as long or short or as varied or simple as we want. (Well, the argument against short and simple is concrete, but the others are not immediately clear). Regardless of the password generation scheme, there can be a problem with it: a multi-word passphrase is too long and has no symbols; a gibberish password is too short, and what’s the % doing in there?
Infosec 2013: cyber security sector failing to attract new talent
Infosec 2013: cyber security sector failing to attract new talent. Sophie Curtis | April 29, 2013. The cyber security sector in the UK is failing to attract young people into the industry – especially women – according to research released this week by ...
by willert sammy
i recently just contacted a hacker his email is kross30[email protected] he helped me hack my husbands email and i found out he was cheating i filled for divorce and was able to use theinformation from the email against him,just wanted to thanks the hacker [email protected] again he really helped me took him about 1 to 2 day to finish the job too, he should be able to help you,thanks,,..
Posted by InfoSec News on Apr 29http://www.itnews.com.au/News/341328,nato-conducts-annual-cyber-defence-exercise.aspx
Posted by InfoSec News on Apr 29http://arstechnica.com/security/2013/04/why-livingsocials-50-million-password-breach-is-graver-than-you-may-think/
Posted by InfoSec News on Apr 29Forwarded from: bluknight <bluknight (at) skytalks.info>
Posted by InfoSec News on Apr 29http://focustaiwan.tw/news/aall/201304270016.aspx
Posted by InfoSec News on Apr 29http://www.washingtonpost.com/world/national-security/us-response-to-bank-cyberattacks-reflects-diplomatic-caution-vexes-bank-industry/2013/04/27/4a71efe2-aea2-11e2-98ef-d1072ed3cc27_story.html