InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
One practice I strongly suggest you undertake, for both yourselves and your organizations, is Open Source Intelligence (OSINT) gathering. OSINT is actively utilized as part of the reconnaissance phase for penetration testing. Assume the bad guys are doing it too, so add it to the list of tactics in which you need to be proficient so as to better defend yourselves. Per Sec. 931 of Public Law 109-163, or the National Defense Authorization Act for Fiscal Year 2006, OSINT is intelligence that is produced from publicly available information and is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement. As a tool aficionado and regular author on tool topics I am occasionally faced with a scenario we in the information security practices struggle with at times. Some of the tools I discuss and espouse are as easily used for evil as they are for good. Ive seen very recent evidence of this as it pertains to articles Ive written about OSINT tools FOCA and Maltego. Quoting the Roman philosopher Seneca the Younger, its a tool in the killers hand. As one who would rather see the sword in the good guys hand, I was recently asked by a fellow white hat if there is an elegant way to export FOCA results for direct import into Maltego. The short answer is no, so I endeavored to solve the problem. FOCA includes the option to Save log to File resulting in a tab separated values text file inclusive of Time, Source, Severity, and Message. As an example, from a FOCA analysis of my domain, log file output resembles:
11:25:23 PM ShodanSearch medium Found IP Information
8:50:18 AM DNSCommonNames medium feel free to rip and replace for use in Python or your preferred scripting venue.

From a PowerShell prompt run .\ipAddress.ps1 or .\URI.ps1. Youll be asked to provide the path to your FOCA log file then the script will write a CSV file to your working directory (IP_parsed.csv or domain_parsed.csv).
In Maltego, click the Maltego menu icon then Import | Import graph from table | select CSV from the file type drop down menu | select CSV created by script | click on unmapped column to highlight it select appropriate entity type (Domain, DNS Name, IPv4 Address, etc.) then Next | keep default in Sampling window click Next | click Finish.
Once all the entities populate the Maltego UI (there may be many if your FOCA output was extensive), you can select them in groups or as individuals to conduct further analysis and establish possible relationships.

The regex is really lean and probably overly simple. As an example \b(?:[a-z0-9]+(?:-[a-z0-9]+)*\.)+[a-z]{2,}\b for domain name parsing misinterprets .txt or .pdf in a full URI for a file as a TLD. As such, I built a not match exclusion for PDF, as an example. Feel free to expand on it as you see fit. I also dropped the ShodanHQ name space and URLs from the FOCA output as there is an entire Shodan toolkit for Maltego. Given my poor excuse for scripting and development skills you may likely find shortcomings or better ways to solve the task. Do feel free to enlighten me and our readers via the comments form. I youre welcome to contribute.

Russ McRee
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
OpenTTD 'pause on join' Feature Denial Of Service Vulnerability
Ruby Random Number Values Security Weakness
Security firm M86 Security has discovered hundreds of WordPress websites compromised by Phoenix.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Presented By:
Helping government serve the public with NEC
  We bring you tailor-made solutions built on an in-depth understanding of your unique needs. Learn how NEC?s solutions and expertise in voice and data communications, biometrics, networks and data storage can elevate your performance at www.nec.com/government

Ads by Pheedo

DMARC creates an authentication loop that could help people determine the legitimacy of an email.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
The U.S. and U.K. are relatively well prepared for cyberattacks, compared to many other developed nations, but everyone has more work to do, according to a new cybersecurity study from McAfee and Security & Defence Agenda (SDA).
cURL/libcURL Remote Input Validation Vulnerability
Intel has rolled out a handful of new Core i5 desktop processors, including one that raises the clock speed and qualifies for a new protection plan under which CPUs can be replaced.
The U.S. Federal Communications Commission is seeking public comment on a petition by embattled mobile startup LightSquared that says GPS receivers aren't entitled to protection from interference.

Atlassian launches a hack house
ZDNet Australia
RT @threatpost: Skipping security is human nature - http://t.co/xjQdGKt7 - via @ZDNet #security #infosec RT @eEye: Good stuff. RT @threatpost: Skipping security is human nature - http://t.co/xjQdGKt7 - via @ZDNet #security #infosec Mobile phones ...

and more »
An iPhone developer has acknowledged that a recent update to one of his apps includes the hidden ability to tether the smartphone to a laptop, circumventing carrier fees for the service.
U.S. Rep. Edward Markey (D-Mass.) has proposed a bill that would require all phone companies to notify consumers of any user tracking and monitoring software in their cell phones.
Microsoft announced it has kicked off a 'technical preview' of the next version of its money-making Office suite and promised a public beta will ship this summer.
When you start out with a fresh new hard drive, it may seem like it has virtually unlimited capacity. The reality, though, is that it won't take nearly as long to max out that drive as you might think, and you will need to find some way to expand your storage.
For a while now I've been using Google Music as a kind of cloud-based backup for my music library. Except that it wasn't really a backup, because I couldn't easily retrieve all the songs I'd uploaded. In the event of a system failure, I'd have to download tunes in batches of 100. Bleh.
Joomla! Multiple Unspecified Cross Site Scripting and Information Disclosure Vulnerabilities
IBM SPSS Data Collection and Dimensions ActiveX Control Remote Code Execution Vulnerabilities
Advisory: sudo 1.8 Format String Vulnerability
[ GLSA 201201-19 ] Adobe Reader: Multiple vulnerabilities
External developers will be able to build much more sophisticated applications and tools for Office 365 once Microsoft releases the next upgrade of that cloud-hosted communication and collaboration suite, according to a Microsoft partner.
Lenovo plans to upgrade its popular ThinkPad Tablet to the latest version of the Android 4.0 operating system in the second quarter this year, the company said on Monday.
WHMCompleteSolution 'functions.php' Arbitrary Code Execution Vulnerability
[ GLSA 201201-18 ] bip: Multiple vulnerabilities
Multiple vulnerabilities in OSClass
Multiple vulnerabilities in postfixadmin
Federal prosecutors say that two companies hosting Megaupload's servers in the U.S. could begin deleting all user content on them as early as Thursday.
Mibew messenger multiple XSS
FAA US Academy (AFS) - Auth Bypass Vulnerability
eBank IT Online Banking - Multiple Web Vulnerabilities
[ GLSA 201201-17 ] Chromium: Multiple vulnerabilities
Google is widening the potential user base for Google+ by lowering the age requirement from 18 to 13 years old -- a move that could help it grow in Facebook's shadow.
Facebook is adding Angry Birds to its site starting on Feb. 14, adding one of the world's most popular mobile video games to the world's largest social network.
The Galaxy Note smartphone with tablet features and a stylus hits AT&T stores Feb. 19 for $299.99 and a two-year agreement, the carrier announced Monday.
[SECURITY] [DSA 2396-1] qemu-kvm security update
[SECURITY] [DSA 2395-1] wireshark security update
Andrey Sabelnikov, the Russian programmer accused by Microsoft of creating and operating the Kelihos spam botnet said he's innocent.
Companies such as Facebook, Google and PayPal are pushing for widespread use of a new technical specification, DMARC, that could make it harder for phishers to reach their victims.
Amazon will announce fourth-quarter earnings Tuesday on the heels of what analysts called stronger-than-expected fourth quarter Kindle Fire tablet sales.
Wlpncp plans to upgrade his wife's PC from Vista to Windows 7. He asked the Laptops forum for advice.
A computer is only as useful as the software you run on it, so you should keep your PC's software current--and not necessarily with the latest version of a program that's getting long in the tooth. Sometimes, switching to a new application can help you speed up your work or make your system more efficient.

Resume makeover: How an information security professional can target CSO jobs
Executive resume writer Donald Burns helps an information security professional position his resume for management-level infosec jobs. January 27, 2012, 6:18 PM — Cole Hanson's career goal is to become an information security executive.

and more »
Switching from CDs and DVDs to digital equivalents is a great way to unclutter your life, but what do you do with all your outmoded discs once you've transferred their contents to your computer? In the first part of this series, we discussed how to get rid of unneeded books; but if you're like me, you also have a large collection of old DVDs and CDs taking up space--and disposing them has its challenges. I'll discuss the problems to watch out for, and describe how to make the switch.
Face it. Emails, digital pictures, video clips, and other data can quickly fill up hundreds of gigabytes of space. As your remaining space dwindles to nothing, you have a decision to make in terms of how you're going to expand capacity.
I met with a bunch of the vendors at Macworld | iWorld who are touting tools they say will make iPads and iPhones better business tools. Two in particular stood out.
BI vendor Pentaho is open sourcing a number of tools related to "big data" in its Kettle data-integration platform and has moved the project overall to the Apache 2.0 license, the company announced Tuesday.
Tech companies Google, PayPal, Microsoft, AOL and 11 others are uniting in an effort called DMARC.org to stop email spoofing known as phishing attacks.
Mozilla developers have given the green light to ship Firefox 10 on Tuesday.
This promises to be a break-out year for storage technology with the use of more NAND flash in devices and smarter storage that can be tailored to applications.
Kenneth Van Wyk warns that vulnerabilities in programming frameworks are slipping through the cracks. (Insider; registration required)
We take a comprehensive look at the new green-IT metrics for measuring data center efficiency and productivity from The Green Grid and other industry groups. Insider, registration required.
Mozilla developers have given the green light to ship Firefox 10 on Tuesday.
Tilera on Monday announced availability of its new 36-core processor, which the company says can trump traditional x86 server chips from Intel in performance-per-watt.
Gitorious 'git_shell.rb' Remote Command Execution Vulnerability

Posted by InfoSec News on Jan 29


By Aliya Sternstein

Internet privacy protections that the European Commission introduced
this week could undermine American investigations into stateside data
breaches, some security and legal experts say.

Several of the reforms focus on safeguarding data in the cloud, where
online applications are managed by an offsite company's computer
centers. Europe's...

Posted by InfoSec News on Jan 29


By Iain Thomson in San Francisco
The Register
27th January 2012

Three high school juniors have been arrested after they devised a
sophisticated hacking scheme to up their grades and make money selling
quiz answers to their classmates.

The students are accused of breaking into the janitor’s office of
California's Palos Verdes High School and making a copy of the...

Posted by InfoSec News on Jan 29


By Gregg Keizer
January 27, 2012

Researchers with Symantec have uncovered additional clues that point to
Chinese hacker involvement in attacks against a large number of Western
companies, including major U.S. defense contractors.

The attacks use malicious PDF documents that exploit an Adobe Reader bug

Posted by InfoSec News on Jan 29

Forwarded from: Simon Taplin <simon (at) simontaplin.net>


By Jordan Robertson
January 26, 2012

Tal Be’ery was happy helping Facebook fight hackers for free. In 2010,
when the computer security professional was looking into how identity
thieves, spammers, and other con artists used fake Facebook profiles to
mount scams, he...

Posted by InfoSec News on Jan 29


By Kim Zetter
Threat Level
January 26, 2012

A government memo saying a railway was hacked in a targeted attack was
incorrect, according to a spokeswoman for the Association of American

“There was no targeted computer-based attack on a railroad,” according
to spokeswoman Holly Arthur. “The memo on which the story was based has
numerous inaccuracies.”


Posted by InfoSec News on Jan 29


By Bill Brenner
Salted Hash
CSO Online
January 28, 2012

It's rare that I write here on the weekend, but I just got word that the
Security B-Sides event in San Francisco is in danger. This is my plea to
the RSA Conference organizers to let this event proceed.

Let's start with the following message from the BSidesSF team, and then
I'll tell...

Posted by InfoSec News on Jan 29


By J. Nicholas Hoover
January 27, 2012

Building the architecture necessary to prevent another Wikileaks might
take several years, director of national intelligence James Clapper said
at an event Thursday in Washington, D.C.

The Wikileaks scandal, in which 260,000 diplomatic cables, many of them
sensitive, were burned onto CD-RWs and later published online, has...

Getting to know you — how internet security is changing
At the time, many infosec professionals scoffed. I mean, how many critical infrastructure systems actually get connected to the internet, and what the hell for? Well, jump forward a year to January 2012 and we finally have a bit more of an idea.

Internet Storm Center Infocon Status