Information Security News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

With the increasing convenience and availability of mobile technology, small businesses are finding it easier to compete. The Small Business Mobility Report by CDW found that nearly all respondents -- 94% -- agreed that their use of mobile devices for work tasks has made them more efficient. This efficiency boost grants small businesses an opportunity to extend reach and increase productivity without emptying the piggy bank.

While digging through the data unearthed in an unprecedented census of nearly the entire Internet, Researchers at Rapid7 Labs have discovered a lot of things they didn't expect to find openly responding to port scans. One of the biggest surprises they discovered was the availability of data that allowed them to track the movements of more than 34,000 ships at sea. The data can pinpoint ships down to their precise geographic location through Automated Identification System receivers connected to the Internet.

The AIS receivers, many of them connected directly to the Internet via serial port servers, are carried aboard ships, buoys, and other navigation markers. The devices are installed at Coast Guard and other maritime facilities ashore to prevent collisions at sea within coastal waters and to let agencies to track the comings and goings of international shipping. Rapid7 security researcher Claudio Guarnieri wrote in a blog post on Rapid7's Security Street community site that he, Rapid7 Chief Research Officer H.D. Moore, and fellow researcher Mark Schloesser discovered about 160 AIS receivers still active and responding over the Internet. In 12 hours, the trio was able to log more than two gigabytes of data on ships' positions—including military and law enforcement vessels.

For many of the ships, the vessel's name was included in the broadcast data pulled from the receivers. For others, the identification numbers broadcast by their beacons are easily found on the Internet. By sifting through the data, the researchers were able to plot the location of individual ships. "Considering that a lot of military, law enforcement, cargoes, and passenger ships do broadcast their positions, we feel that this is a security risk," Guarnieri wrote.

Read 1 remaining paragraphs | Comments

A former executive with AU Optronics was sentenced Monday to serve two years in prison and pay a $50,000 fine for participating in a worldwide LCD screen price-fixing conspiracy, the U.S. Department of Justice said.

Hewlett-Packard on Monday said it has created a business unit that will deal in purpose-built systems based on specific applications and usage models, and also announced the reorganization of its server unit.

AsatorArise

Ongoing exploits infecting tens of thousands of reputable sites running the Apache Web server have only grown more powerful and stealthy since Ars first reported on them four weeks ago. Researchers have now documented highly sophisticated features that make these exploits invisible without the use of special forensic detection methods.

Linux/Cdorked.A, as the backdoor has been dubbed, turns Apache-run websites into platforms that surreptitiously expose visitors to powerful malware attacks. According to a blog post published Friday by researchers from antivirus provider Eset, virtually all traces of the backdoor are stored in the shared memory of an infected server, making it extremely hard for administrators to know their machine has been hacked. This gives attackers a new and stealthy launchpad for client-side attacks included in Blackhole, a popular toolkit in the underground that exploits security bugs in Oracle's Java, Adobe's Flash and Reader, and dozens of other programs used by end users. There may be no way for typical server admins to know they're infected.

"Unless a person really has some deep-dive knowledge on the incident response team, the first thing they're going to do is kill the evidence," Cameron Camp, a security researcher at Eset North America, told Ars. "If you run a large hosting company you're not going to send a guy in who's going to do memory dumps, you're going to go on their with your standard tool sets and destroy the evidence."

Read 7 remaining paragraphs | Comments

Ushahidi Unspecified HTML Injection Vulnerability

CHICKEN 'qs' Function Local Command Injection Vulnerability

Previously we detailed this project in Feature of the Week: Report Fake Tech Support Calls and some initial statistic reports at Feature of the Week: Report Fake Tech Support Call Statistics.

We have steadily been receiving first and second hand information emails about fake tech support calls and sms spam. I wanted to highlight our data collection project again at https://isc.sans.edu/reportfakecall.html where you, or anyone that reports these to you, can submit as much information as you are comfortable sending us to help better understand how common "Fake Tech Support" calls are, and what they are trying to achieve.

The emphasis today is on SMS (texting) type messages! The first question on the form "Was the call automated or did a person call you?" has choices for automated, personal or SMS. Follow on questions for SMS can include message language, URL if any and the phone number. Fill in any or all of the information, nothing is required but anything is helpful.

I can't wait to get my first call and go round-and-round trying to find the start button on my linux system :D but I have received numerous SMS spam and submitted to the form.

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form
--
Adam Swanger, Web Developer (GWEB, GWAPT)
Internet Storm Center https://isc.sans.edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Some things never happen the way that us pundits expect. Back on Independence Day in 1999 I wrote this about government taxing the purchase of goods over the Internet: "I fully believe in the ingenuity of the government when it comes to imposing taxes. We will be paying these taxes soon." Well, "soon" has not happened yet, but maybe it is getting closer.

Linux Kernel Virtual Ethernet Driver Denial of Service Vulnerability

After four years of helping scientists understand how stars and planets form, the Herschel space telescope has stopped working.

In 2013, the number of messages sent via chat app will hit 41 billion per day, more than double the number of text messages sent globally, according to data from Informa.

Opera Software has sued a former designer, claiming that work he did for the company ended up in a project at rival Mozilla, according to Norwegian press reports today.

Preparing its customers to join the emerging 'Internet of things', IBM has released a new appliance built to manage and route a voluminous amount of machine-to-machine small data messages

Virgin Galactic is one flight closer to space tourism, launching its first rocket-powered flight of a space vehicle earlier Monday.

Opera Software has sued a former designer, claiming that work he did for the company ended up in a project at rival Mozilla, according to Norwegian press reports today.

Why are there so many password restrictions to navigate? Characters want to be free.

Daremoshiranai

The password creation process on different websites can be a bit like visiting foreign countries with unfamiliar social customs. This one requires eight characters; that one lets you have up to 64. This one allows letters and numbers only; that one allows hyphens. This one allows underscores; that one allows @#$&%, but not ^*()[]!—and heaven forbid you try to put a period in there. Sometimes passwords must have a number and at least one capital letter, but no, don’t start the password with the number—what do you think this is, Lord of the Flies?

You can’t get very far on any site today without making a password-protected account for it. Using the same password for everything is bad practice, so new emphasis has emerged on passwords that are easy to remember. Sentences or phrases of even very simple words have surfaced as a practical approach to this problem. As Thomas Baekdal wrote back in 2007, a password that’s just a series of words can be “both highly secure and user-friendly.” But this scheme, as well as other password design tropes like using symbols for complexity, does not pass muster at many sites that specify an upper limit for password length.

Most sites seem to have their own particular password bugaboos, but it’s rarely, if ever, clear why we can’t create passwords as long or short or as varied or simple as we want. (Well, the argument against short and simple is concrete, but the others are not immediately clear). Regardless of the password generation scheme, there can be a problem with it: a multi-word passphrase is too long and has no symbols; a gibberish password is too short, and what’s the % doing in there?

Read 12 remaining paragraphs | Comments

Re: Nginx ngx_http_close_connection function integer overflow

Global CRM (customer relationship management) revenue grew 12.5 percent last year to US$18 billion, a rate three times that of all enterprise software segments on average, as companies look to acquire more business and serve existing customers better, according to a new Gartner report.

[KIS-2013-04] Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability

[ MDVSA-2013:155 ] fuse

[ MDVSA-2013:154 ] util-linux

Cisco/Linksys E1200 N300 Reflected XSS

The Samsung Galaxy S4 is more susceptible to damage from average drops and water than its predecessor, the Galaxy S III, or even the iPhone 5, according to tests by SquareTrade, which sells damage warranties for all kinds of smartphones.

If Qualcomm's vision becomes a reality, users will be able to wirelessly recharge smartphones and tablets without placing them in direct contact with charging pads.

Watch out, Siri. Apple's iPhones and iPads are getting a new talking assistant -- and it's not you!

Linux Kernel CVE-2013-3233 Local Information Disclosure Vulnerability

[ MDVSA-2013:152 ] subversion

EDSC 2013 CFP Open

Hacking IPv6 networks training (slideware, upcoming trainings, etc.)

Throughout U.S. history, our nation has rarely experienced the conflict, terrorism, death and destruction seen so often in many other countries. But now that we have once again experienced the horribleness of an attack on the innocent, we evaluate the situation. Patriotic pride and compassion has engulfed the nation, authorities are on high alert and security has tightened. But has it awakened citizens from the unrealistic dream of total reliance upon authorities for their safety?

SAP has expanded its foray into corporate sustainability with the release of a carpooling application called TwoGo.

[security bulletin] HPSBPI02868 SSRT101017 rev.1 - HP Managed Printing Administration (MPA), Remote Cross Site Scripting (XSS)

Re: Nginx ngx_http_close_connection function integer overflow

McAfee ePolicy Orchestrator CVE-2013-0140 SQL Injection Vulnerabilitiy

[ MDVSA-2013:151 ] curl

[security bulletin] HPSBPI02869 SSRT100936 rev.1 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files

Samsung on Monday unveiled a sleek update to its Galaxy Tab product line, the 7-in. Galaxy Tab 3.

Severe weather shifts are forcing companies to rethink their energy strategies; they're using both technology and geography to become more energy independent.

McAfee ePolicy Orchestrator CVE-2013-0141 Unspecified Directory Traversal Vulnerability

util-linux Package 'mount' and 'umount' Information Disclosure Vulnerability

ClamAV Multiple Remote Code Execution and Denial of Service Vulnerabilities

We lead rich virtual lives on social networking sites like Google+, Facebook, and Twitter. So what happens when real life catches up, and our flesh-and-blood bodies succumb to mortality? For our virtual selves, at least, some concrete answers are available--ways to settle our digital affairs after death, while minimizing hassle and heartache for loved ones.

Cloud storage isn't just for files and photos. With the right tools and services, you can do much more: organize data, or automate uploads and downloads. Synchronize, of course. Score extra space without paying an extra cent. Run a basic Web site from a cloud service, manage media, or even fax.

LG Electronics has begun accepting pre-orders for its 55-inch curved OLED TV in South Korea, with deliveries to begin next month.

Google plans to shut down in June the Meebo Bar for receiving and sharing personalized content from websites in favor of Google+ tools for interaction between websites and users.

Google this month paid a security researcher $31,336 for reporting a trio of bugs in Chrome.

Google puts a block on apps that want to update themselves without using the Google Play store - this means Facebook's "silent update beta" will have to be withdrawn

The operators of the discount marketplace web site LivingSocial have contacted around 50 million of their customers and recommended them to change their passwords after the service suffered a hacker attack

McAfee said it has found a vulnerability in Adobe Systems' Reader program that reveals when and where a PDF document is opened.

The man suspected of participating in a large DDoS attack on an antispam organization that caused intermittent Internet hiccups drove around Spain in a van he used as a mobile office, Spain's Interior Ministry said Sunday.

Google has apparently rethought a change to its Chrome browser that had users up in arms and has restored an older design of its popular New Tab Page in the newest beta of Chrome 27.

Samsung's Galaxy S4 has great hardware and some great added functionality -- but some of its new features are baffling or downright silly.

Viber says it has fixed the flaw in its Android app which enabled attackers to unlock Android phones. But it has not updated the app on the Google Play store so many users are unaware of the problem and fix

Severe weather shifts are forcing companies to rethink their energy strategies; they're using both technology and geography to become more energy independent.

Smart gun company SGTi is ready to begin production of a new prototype technology that would use a fingerprint scanner to enable a weapon to fire. But like similar ventures, the company is struggling for financial backing.

Security firms say that they have found hundreds of modified Apache servers that are under the control of attackers. The compromised servers redirect requests to malware servers and pornographic sites

Linux Kernel CVE-2013-3076 Multiple Local Information Disclosure Vulnerabilities

Infosec 2013: cyber security sector failing to attract new talent
MIS Asia
Infosec 2013: cyber security sector failing to attract new talent. Sophie Curtis | April 29, 2013. The cyber security sector in the UK is failing to attract young people into the industry – especially women – according to research released this week by ...

i recently just contacted a hacker his email is kross30[email protected] he helped me hack my husbands email and i found out he was cheating i filled for divorce and was able to use theinformation from the email against him,just wanted to thanks the hacker [email protected] again he really helped me took him about 1 to 2 day to finish the job too, he should be able to help you,thanks,,..

Telepathy Idle SSL/TLS Certificate Validation Security Bypass Vulnerability

Linux Kernel CIFS NULL Pointer Dereference Denial of Service Vulnerability

Twig Templates Directory Traversal Vulnerability

Linux Kernel CVE-2013-3234 Local Information Disclosure Vulnerability

Linux Kernel CVE-2013-3228 Local Information Disclosure Vulnerability

Linux Kernel CVE-2013-3225 Local Information Disclosure Vulnerability