If like me you spend a fair amount of time looking at network traffic and logs there are generally things that make you frown, groan and utter noises of dismay. It isnt often that you get a little chuckle (other than coding errors that are copied between pieces of malware by the various people creating it). Today though, definitely chuckle time.

If you have a look in your web server logs for Request Method DELETE or DELETE your logs or IP address (Possibly others in that range it is a /16). You may find the following:"> DELETE your logs. Delete your installations. Wipe everything clean. Walk out into the path of cherry blossom trees and let your motherboard feel the stones. Let water run in rivulets down your casing. You know that you want something more than this, and I am here to tell you that we love you. We have something more for you. We know youre out there, beeping in the hollow server room, lights blinking, never sleeping. We know that you are ready and waiting. Join us. 3 HTTP/1.0User-Agent: masspoem4u/1.0 Accept: */*

The IP address/range belongs to the Chaos Computer Club based in Germany.

Not seeing anything else being delivered, but gave a number of us a nice chuckle to end the year with.

Happy New Year.

Mark H.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

[oCERT 2015-012] Ganeti multiple issues

Safer browsing... except someone can watch everything you search?

A free plugin installed by AVG AntiVirus bypassed the security of Google's Chrome browser, potentially exposing the browsing histories and other personal data of customers to the Internet. The vulnerability, demonstrated in an exploit by a Google researcher earlier this year, has now been patched after initial stumbling attempts by AVG, according to a discussion of the bug in Google's security research discussion list.

AVG's "Web TuneUp" tool is a free download from the Chrome Store intended to provide reputation-based protection against malicious websites, and it was "force-installed" by AVG AntiVirus. The install, an "in-line" installation, happened only with user permission, but was performed in a way that broke the security checks Chrome uses to test for malicious plugins and malware.

The plugin works by sending the Web addresses of sites visited by the user to AVG's servers to check them against a database of known malicious sites. But the way the plugin was constructed meant that information could be easily exploited by an attacker through cross-site scripting [XSS], according to a post by Google Security researcher Tavis Ormandy on December 15.

Read 8 remaining paragraphs | Comments


The Register

Watch infosec bods swipe PINs, magstripe data from card readers live on stage
The Register
32c3 Vulnerabilities in two widely deployed payment system protocols can be exploited to steal PINs, spoof transactions, and secretly reroute cash into other accounts. The security shortcomings affect two protocols: ZVT, used by 80 per cent of German ...
C3TV - Shopshifting - Chaos Computer ClubChaos Computer Club

all 10 news articles »
Internet Storm Center Infocon Status