Linux Kernel CVE-2013-2851 Memory Corruption Vulnerability
Linux Kernel 'key_notify_policy_flush()' Function Local Information Disclosure Vulnerability
A team from the University of Texas spoofed the GPS receiver on a live superyacht in the Ionian Sea.

One of the world’s foremost academic experts in GPS spoofing—University of Texas assistant professor Todd Humphreys—released a short video on Monday showing how he and his students spoofed the GPS equipment aboard an expensive superyacht.

Humphreys conducted the test in the Ionian Sea in late June 2013 and early July 2013 with the full consent of the “White Rose of Drachs” yacht captain. His work shows just how vulnerable and relatively easy it is to send out a false GPS signal and trick the on-board receiver into believing it.

“What we did was out in the open, it was against a live vehicle, a vessel—an $80 million superyacht, controlling it with a $2,000 box,” he told Ars. “This is unprecedented. This has never been shown in this kind of demonstration. That’s what so sinister about the attack that we did. There were no alarms on the bridge. The GPS receiver showed a strong signal the whole time. You just need to have approximate line of sight visibility. Let’s say you had an unmanned drone, you could do it from 20 to 30 kilometers away or on the ocean you could do two to three kilometers.”

Read 8 remaining paragraphs | Comments


(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

BGP multiple banking addresses hijacked

On 24 July 2013 a significant number of Internet Protocol (IP) addresses that belong to banks suddenly were routed to somewhere else. An IP address is how packets are routed to their destination across the Internet. Why is this important you ask? Well, imagine the Internet suddenly decided that you were living in the middle of Asia and all traffic that should go to you ends up traveling through a number of other countries to get to you, but you aren't there. You are still at home and haven't moved at all. All packets that should happily route to you now route elsewhere. Emails sent to you bounce as undeliverable, or are read by other people. Banking transactions fail. HTTPS handshakes get invalid certificate errors. This defeats the confidentiality, integrity, and availability of all applications running in the hijacked address spaces for the time that the hijack is running. In fact this sounds like a nifty way to attack an organization doesn't it? The question then would be how to pull it off, hijack someone else's address? The Autonomous System (AS) in question is owned by NedZone Internet BV in the Netherlands. This can be found by querying whois for the AS 25459. According to RIPE this AS originated 369 prefixes in the last 30 days, of these 310 had unusually small prefixes. Typically a BGP advertisement is at least a /24 or 256 unique Internet addressable IPs. A large number of these were /32 or single IP addresses. The short answer is that any Internet Service Provider (ISP) that is part of the global Border Gateway Protocol (BGP) network can advertise a route to a prefix that it owns. It simply updates the routing tables to point to itself, and then the updates propagate throughout the Internet. If an ISP announces for a prefix it does not own, traffic may be routed to it, instead of to the owner. The more specific prefix, or the one with the shortest apparent route wins. That's all it takes to disrupt traffic to virtually anyone on the Internet, connectivity and willingness to announce a route that does not belong to you. This is not a new attack, it has happened numerous times in the past, both malicious attacks and accidental typos have been the cause.

The announcements from AS 25459 can be seen at:

A sampling of some of the owners of the IP addresses that were hijacked follow:
1  AMAZON-AES - Amazon.com, Inc.
2  AS-7743 - JPMorgan Chase & Co.
1  ASN-BBT-ASN - Branch Banking and Trust Company
2  BANK-OF-AMERICA Bank of America
1  CEGETEL-AS Societe Francaise du Radiotelephone S.A
1  PFG-ASN-1 - The Principal Financial Group

Some on the list were owned by that ISP, the prefix size is what was odd about them. The bulk of the IP addresses were owned by various hosting providers. So, the question is:

What happened?

Makes you wonder about the fundamental (in)security of this set of experimental protocols we use called the Internet doesn't it?

Adrien de Beaupré
Intru-shun.ca Inc.

My SANS Teaching Schedule


(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
LinuxSecurity.com: The system could be made to crash or run programs as an administrator.
LinuxSecurity.com: The system could be made to crash or run programs as an administrator.
LinuxSecurity.com: The system could be made to crash or run programs as an administrator.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: The system could be made to crash or run programs as an administrator.
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Yarom and Falkner discovered that RSA secret keys in applications using the libgcrypt11 library, for example GnuPG 2.x, could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. [More...]
LinuxSecurity.com: Yarom and Falkner discovered that RSA secret keys could be leaked via a side channel attack, where a malicious local user could obtain private key information from another user on the system. [More...]
LinuxSecurity.com: Little CMS could be made to crash if it opened a specially crafted file.
mysecureshell 'SftpWho.c' Local Information Disclosure Vulnerability
MySecureShell Local Denial of Service Vulnerability
Drupal Google Authenticator Login Module Access Bypass Vulnerability
U.S. law enforcement officials have charged eight people in an extensive bribery and kickback scheme it alleges involved fake companies, sham invoices and made-up IT consulting services.

On Monday, a major Russian newspaper reported that Moscow’s metro system is planning what appears to be a mobile phone tracking device in its metro stations—ostensibly to search for stolen phones.

According to Izvestia (Google Translate), Andrey Mokhov, the operations chief of the Moscow Metro system’s police department, said that the system will have a range of five meters (16 feet). “If the [SIM] card is wanted, the system automatically creates a route of its movement and passes that information to the station attendant,” Mokhov said.

Many outside experts, both in and outside Russia, though, believe that what local authorities are actually deploying is a “stingray,” or “IMSI catcher”—a device that can fool a phone and SIM into reading from a fake mobile phone tower. (IMSI, or an International Mobile Subscriber Identity number, is a 15-digit unique number that sits on every SIM card.) Such devices can be used as a simple way to see what phone numbers are being used in a given area or even to intercept the audio of voice calls.

Read 9 remaining paragraphs | Comments


Galil RIO-47100 'Pocket PLC' Component Local Denial of Service Vulnerability
Researchers at the University of Pennsylvania have created a robot with six curved legs that can do a hand-stand, jump over gaps and climb over rocks.
Privacy and digital rights groups have dug in for a longer fight against massive surveillance programs at the U.S. National Security Agency, even after the House of Representatives voted last week against an amendment to curtail the agency's data collection.
A year on from the London 2012 Olympics, Transport for London (TfL) CIO Steve Townsend is still buoyed by his organisation's success in delivering a smooth service during Games time and is looking forward to his next projects, which include building on the underground WiFi rollout and a complete overhaul of TfL's end-user computing.
IBM Java CVE-2013-3007 Unspecified Arbitrary Code Execution Vulnerability

Remote Workers' Success Starts With IT Support
Allan Pratt, an InfoSec strategist and Computing Technology Industry Association (CompTIA) certification instructor, said that if employees spend a great deal of time traveling or working in public work spaces, it is best to invest in VPN. "VPNs can be ...

From books to videos to online tutorials -- most free! -- here are plenty of ideas to burnish your R knowledge.
SAP has broadened its partner program for companies that want to develop applications using its technology and then sell them through the SAP online store.
Strip away preconceptions about why technology doesn't or shouldn't work and people are likely to embrace the change that tech brings. That's what electronic health record and practice management software vendor athenahealth learned when it helped a hospital in Haiti implement a cloud-based EHR system.
Some popular new tablets come equipped with storage expansion slots; others do not. Which is better?
Ledcor finds that a spreadsheet can't handle the complex 'chess game' of scheduling 800 technicians in the field, so it deploys a cloud-based workforce-management system.
LinuxSecurity.com: Bind could be made to crash if it received specially crafted networktraffic.
LinuxSecurity.com: A vulnerability has been discovered and corrected in bind: The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote [More...]
LinuxSecurity.com: OpenAFS, the implementation of the distributed filesystem AFS, has been updated to no longer use DES for the encryption of tickets. Additional migration steps are needed to fully set the update into effect. For more information please see the upstream advisory: [More...]
LinuxSecurity.com: Maxim Shudrak and the HP Zero Day Initiative reported a denial of service vulnerability in BIND, a DNS server. A specially crafted query that includes malformed rdata can cause named daemon to terminate with an assertion failure while rejecting the malformed query. [More...]
ESA-2013-033: EMC NetWorker Information Disclosure Vulnerability
As the dust settles after SoftBank's US$21.6 billion acquisition of Sprint, losing bidder Dish Network may be just getting started at stirring up the U.S. mobile industry.
Microsoft is expanding a program that shares information with select security firms, giving a new class of researchers access to threat data before the company patches its software.
Consumer tech giants Sony and Panasonic said they plan to jointly develop a next-generation standard for professional-use optical disks, with the objective of expanding their archive business for long-term digital data storage.
Toshiba has two new thin laptops, including one that is tuned so users can use voice commands to post messages on social networks, search the Web or listen to music.
Bland by name and superficially viewed as gee-whiz technology never to be realized, the Internet of things has significant potential to transform business. Early forays into Net-enabling physical objects are already pointing the way.
The takeover bout for Dell resumed on Monday, with investor Carl Icahn sounding off on the proposal from Michael Dell and Silver Lake Partners to change rules governing the shareholder vote for a revised bid to take the PC maker private.
Unsafe at any speed: The speedometer of a 2010 Toyota Prius that has been hacked to report an incorrect reading.
Chris Valasak

Just about everything these days ships with tiny embedded computers that are designed to make users' lives easier. High-definition TVs, for instance, can run Skype and Pandora and connect directly to the Internet, while heating systems have networked interfaces that allow people to crank up the heat on their way home from work. But these newfangled features can often introduce opportunities for malicious hackers. Witness "Smart TVs" from Samsung or a popular brand of software for controlling heating systems in businesses.

Now, security researchers are turning their attention to the computers in cars, which typically contain as many as 50 distinct ECUs—short for electronic control units—that are all networked together. Cars have relied on on-board computers for some three decades, but for most of that time, the circuits mostly managed low-level components. No more. Today, ECUs control or finely tune a wide array of critical functions, including steering, acceleration, braking, and dashboard displays. More importantly, as university researchers documented in papers published in 2010 and 2011, on-board components such as CD players, Bluetooth for hands-free calls, and "telematics" units for OnStar and similar road-side services make it possible for an attacker to remotely execute malicious code.

The research is still in its infancy, but its implications are unsettling. Trick a driver into loading the wrong CD or connecting the Bluetooth to the wrong handset, and it's theoretically possible to install malicious code on one of the ECUs. Since the ECUs communicate with one another using little or no authentication, there's no telling how far the hack could extend.

Read 8 remaining paragraphs | Comments



A high court judge has ruled that a computer scientist cannot publish an academic paper over fears that it could lead to vehicle theft.

Flavio Garcia, from the University of Birmingham, has cracked the algorithm behind Megamos Crypto—a system used by several luxury car brands to verify the identity of keys used to start the ignition. He was intending to present his results at the Usenix Security Symposium.

But Volkswagen's parent company, which owns the Porsche, Audi, Bentley and Lamborghini brands, asked the court to prevent the scientist from publishing his paper. It said that the information could "allow someone, especially a sophisticated criminal gang with the right tools, to break the security and steal a car."

Read 4 remaining paragraphs | Comments


Multiple ASUS Devices Directory Traversal and Unspecified Security Vulnerabilities
The Netherlands banking regulator has approved Amazon Web Services for use by financial organizations, Amazon said on Monday.
[ MDVSA-2013:202 ] bind
WebDisk 3.0.2 PhotoViewer iOS - Command Execution Vulnerability
Re: DEFCON London - DC4420 July - social event - Tuesday 30th July 2013
Oracle Java SE CVE-2013-2454 Remote Security Vulnerability
Private Photos v1.0 iOS - Persistent Path Web Vulnerability
Private Photos v1.0 iOS - Persistent Path Web Vulnerability
Android smartphones and tablets have become ubiquitous at our manager's company. What happens now that the Android ecosystem appears to be riddled with security pitfalls?
libgcrypt RSA Secret Keys Information Disclosure Vulnerability
[SECURITY] [DSA 2729-1] openafs security update
Defense in depth -- the Microsoft way (part 5): sticky, persistent vulnerabilities
[SECURITY] [DSA 2728-1] bind9 security update
DEFCON London - DC4420 July - social event - Tuesday 30th July 2013
HP LoadRunner CVE-2013-2370 Remote Code Execution Vulnerability
The U.S. Patent and Trademark Office has rejected claims of an Apple patent that figures prominently in a patent infringement lawsuit against Samsung Electronics, according to documents filed by the South Korean company in a U.S. federal court.
A steady stream of questionable applications is flowing daily into Google's Play store for Android devices, according to security vendor Symantec.
Flowing Data's Nathan Yau offers advice on how to ensure viewers' eyes are drawn to points of interest.
Chrome is Google and Google is Chrome. The Chrome browser is Google's most potent strategic weapon, a former Microsoft program manager says.
Enterprises like Sears, Starbucks and Harvard are hiring Chief Digital Officers to help monetize digital content, better connect with customers and drive their businesses forward. But does every company need one?
Apple supplier Pegatron is facing criticism from a watchdog group for poor working conditions at its factories in China.
Bob Mansfield, one of Apple top executives, has been dropped from the company's leadership team and will instead work on special projects, according to online reports yesterday.
Microsoft Internet Explorer CVE-2013-3145 Memory Corruption Vulnerability

Calls for incoming government to develop another cyber security white paper
ABC Online
As well as monitoring digital intelligence, it also works on what's known as InfoSec - information and communications security. In 2011-2012, DSD reported more than 400 cyber incidents against government systems. But it's not only government ...

and more »
Microsoft Internet Explorer CVE-2013-3143 Memory Corruption Vulnerability
OpenAFS CVE-2013-4134 Information Disclosure Vulnerability
OpenAFS CVE-2013-4135 Information Disclosure Vulnerability
HP LoadRunner CVE-2013-4800 Remote Code Execution Vulnerability

So you call yourself a geek?
ZDNet (blog)
Wannabe infosec geeks squawk "Linux is more secure". Wannabe design geeks squawk "Comic Sans isn't a proper typeface". Dressing up as a hacktivist no more grants you "1337 H4x0r skillz" than sitting in a hen-house holding a feather grants you the ...


Posted by InfoSec News on Jul 29


By Rachel Oswald
Global Security Newswire
July 26, 2013

The Pentagon has documented a sharp increase in military espionage from
the Asia-Pacific region that focuses on specialized electronics designed
to withstand radiation, such as that caused by nuclear warfare or
accidents, according to an official review released...

Posted by InfoSec News on Jul 29


Daily Nation
July 27, 2013

The Central Bank of Kenya has been hit by a string of thefts in the last
12 months where staff carted away cash in scenes resembling those in the

A top CBK manager who did not want to be named because he is not
authorised to speak to the Press, said the workers were...

Posted by InfoSec News on Jul 29


By John E Dunn
28 July 2013

A malware outbreak that downed the entire network of the highways agency
serving the city of Chicago for two weeks last month was probably caused
by a single employee or infected USB stick, a local TV station has

The June “virus” attack eventually affected 200 PCs, disrupting...

Posted by InfoSec News on Jul 29


By Steve Ragan
Staff Writer
CSO Online
July 26, 2013

The security community remains in a mixed state of grief and confusion
this morning, as word of Barnaby Jack's passing spreads. Known for his
work on embedded devices, from the financial world to the medical one, the
35 year-old hacker was a beloved family member to the InfoSec...

Posted by InfoSec News on Jul 29


By Phil Muncaster
The Register
29th July 2013

Chinese PC giant Lenovo has been banned from supplying kit for the top
secret networks of western intelligence agencies after security concerns
emerged when backdoor vulnerabilities were detected, according to a new

Unnamed intelligence and defence “sources” in the UK and Australia
confirmed to the...
Internet Storm Center Infocon Status