(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Last week at a Chaos Computer Club (CCC) convention in Hamburg, Germany, German hacker Starbug claimed he reproduced a fingerprint belonging to German defense minister Ursula von der Leyen using nothing but some commercially-available software and a number of high-resolution photos of her hand.

Starbug, whose real name is Jan Krissler, said that he used a close-up photo of von der Leyen's thumb that was taken with a “standard photo camera” at a press conference from a distance of three meters (about 10 feet). He also used several other pictures of her thumb which had been taken from different angles at different times. Then, according to VentureBeat, Starbug used a program called Verifinger to recreate the print.

Fingerprint readers like those that are commonly found on more recent iPhone models have been hacked in the past. Starbug himself is famous for circumventing Apple's Touch ID in just 48 hours—and he spoke to Ars about the feat at length in an interview. But recreating a fingerprint with just a photo takes a well-known hack a step further. On CCC's website, the group described the conclusions of Starbug's most recent hack: "In the past years, it was successfully demonstrated a number of times how easily fingerprints can be stolen from [their] owner if a person touched any object with a polished surface (like glass or a smartphone)... With this knowledge [of recreating fingerprints from photos] there will be no need to steal objects carrying the fingerprints anymore."

Read 3 remaining paragraphs | Comments


Among the events of the past few days during the holidays was a DDoS attack on Sonys Playstation network and on Xbox Lives network. The attack was reportedly carried out by a group called Lizard Squad and by all measures is not precisely the profile of a highly sophisticated attack. Such attacks have increased in both intensity and frequency in the past year but, to an extent, are not terribly new.

The question is, why are these low-skill attacks still happening and what can be done to stop them. This week I hope to put up a series of posts on some things every organization can do, this one is the first.

Many of these attacks rely on spoofing source IPs to an open UDP service (i.e. NTP, DNS, etc) that respond with traffic much larger to the spoofed target. Since some protocols can respond with hundreds of times larger of a response than the request, it makes it easy for someone with a gigabit connection to the internet to direct large DDoSs at a victim assume they know enough open services.

The first step to deal with this problem is for organizations to stop running open UDP services without a really really good reason (which you dont have). Usually, this involves very minor configuration changes. If you do need to run open services to the internet (you dont) than to use rate-limiting to prevent the service from being abused.
Does your network run any open UDP services? There are 4 websites that will help you find such services on your network.


These are the four biggest offenders in reflective DDoS attacks and eliminating them would go a long way to taking a bite out of the DDoS threat. In all cases, there are good reasons to disable the services even if you are not a victim. First, could be the potential of civil liability from a victim. Second, is the possibility of information leakage (i.e. SNMP).
Be sure to check your organizations IP space and for fun, check your home networks as well and/or your favorite WiFi hotspot.

If we all take some time to clean up our small corners of the net, we can start tamping down on DDoS and get back to our XBox.

John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

The FBI is reported to be investigating the people responsible for the denial of service attacks that rendered Microsoft's Xbox Live and Sony's PlayStation Network inaccessible for much of Christmas Day, according to sources speaking to the Daily Dot.

A group calling itself Lizard Squad has claimed responsibility for the Christmas attacks. The group has raised its profile over the Christmas period by speaking with a variety of media outlets, including BBC Radio 5 Live and Sky News. Talking to WinBeta, group members said that the denial of service attacks were being done to demonstrate poor security on the part of Microsoft and Sony.

The Lizard Squad members call themselves "Ryan Cleary" (after Ryan "ViraL" Cleary, the LulzSec collaborator imprisoned for hacking and possession of child pornography) and "Vinnie Omari." They claim that their denial of service attacks used undersea routers and that a total of 1.2 terabits per second of data flooded the gaming networks.

Read 6 remaining paragraphs | Comments

nullcon HackIM Challenge 9-11 Jan 2015
Multiple F5 Products CVE-2014-8730 Man In The Middle Information Disclosure Vulnerability
Microsoft Windows Graphics Component CVE-2014-6355 Information Disclosure Vulnerability


The Separation of Information Security & IT
Many organizations have historically lumped together the information security ("InfoSec") and information technology ("IT") functions. Because anti-virus software, firewalls and proxies were primary tools used in securing the network -- and IT was ...
The Extended Enterprise #Cloud Perimeter By @E_deSouza | @CloudExpoSYS-CON Media (press release)

all 2 news articles »
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: Multiple vulnerabilities have been found in Wireshark which could allow remote attackers to cause Denial of Service.
LinuxSecurity.com: Multiple vulnerabilities have been found in Asterisk, the worst of which could lead to Denial of Service, bypass intended ACL restrictions or allow an authenticated user to gain escalated privileges.
LinuxSecurity.com: Multiple vulnerabilities have been discovered in getmail, allowing remote attackers to obtain sensitive information.
LinuxSecurity.com: Multiple vulnerabilities have been found in fish, the worst of which could result in local privilege escalation or remote arbitrary code execution.
LinuxSecurity.com: Security Report Summary
LinuxSecurity.com: A vulnerability in file could allow a context-dependent attack to create a Denial of Service condition.
LinuxSecurity.com: Multiple vulnerabilities have been found in TORQUE Resource Manager, possibly resulting in escalation of privileges or remote code execution.
LinuxSecurity.com: Multiple buffer overflow flaws and a parser error in LittleCMS could cause Denial of Service.
LinuxSecurity.com: An untrusted search path vulnerability in Facter could lead to local privilege escalation.
LinuxSecurity.com: A vulnerability in policycoreutils could lead to local privilege escalation.
LinuxSecurity.com: Multiple vulnerabilities have been found in MuPDF, possibly resulting in remote code execution or Denial of Service.
Linux Kernel 'fs/isofs/rock.c' Infinite Loop Denial of Service Vulnerability
file CVE-2014-8117 Denial of Service Vulnerability
[SECURITY] [DSA 3114-1] mime-support security update
[SECURITY] [DSA 3113-1] unzip security update
Multiple Asterisk Products WebSocket Server Denial of Service Vulnerability
Wireshark Sniffer File CVE-2014-6430 Remote Denial of Service Vulnerability

Norks blame US for TITSUP internet, unleash racist rant against Obama
The Register
But the US Federal Bureau of Investigation has continued to blame Norks for the crushing assault on the struggling film studio, even as infosec experts remain sceptical about the claims. The NDC hit back with its own accusations against Washington:.

Internet Storm Center Infocon Status