Hackin9

GovInfoSecurity.com

CEO Support for Voluntary Best Practices
GovInfoSecurity.com
A memo from the majority staff of the U.S. Senate Commerce Committee says most chief executive officers from major American corporations, responding to a survey, see a role for the federal government in working with business to develop IT security best ...

and more »
 
Apple software hackers unveiled a website late Wednesday where the latest untethered jailbreak is expected to be released soon.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Service providers will be able to launch Ethernet services more quickly and make them work across other carriers more easily with a new set of standards for carrier Ethernet equipment, backers of the specifications say.
 
Expert Brian Zimmet believes the electric industry is the one to watch for a look at the future of critical infrastructure security regulations.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
The Iomega px2-300d is a two-bay NAS box that delivers very good performance, excellent backup and surveillance features, and a helpful LCD that reports on the unit's status (IP address, current time, storage remaining, and so on). Its EMC LifeLine operating system is also one of the more feature-rich ones in the industry. But you should buy this box bare--Iomega populates it with enterprise-class hard drives that jack up the price.
 

Handler Note

This diary is part of the path to becoming a handler. Todays peice was written by Russell Eubanks and is on his path to becoming a handler.

You can find out more at: https://isc.sans.edu/handlerroadmap.html

Russell can be reached at securityeverafter at gmail dot com.



Russells Diary

The beginning of the year is a great time to commit yourself to a local security community. These organizations exist to foster active and lively security conversations through regular meetings. Many opportunities exist, especially in larger cities to attend and participate on a regular basis.The following are many of the popular security communities that may very well be available in your area. Listings for them and their link to learn more about them follows.


Defcon Groups -https://www.defcon.org/html/defcon-groups/dc-groups-index.html

InfraGard -http://www.infragard.net/chapters/index.php?mn=3

ISSA -http://www.issa.org/?page=ChaptersContact

NAISG -http://www.naisg.org/default.asp

OWASP -https://www.owasp.org/index.php/Category:OWASP_Chapter

Security BSides -http://www.securitybsides.com/w/page/12194156/FrontPag


Every person should strongly consider becoming more involved in their local security community. Both the individual and the community will benefit in the following ways.




You will have the opportunity to meet like minded people.

You will learn something new and could very well learn a new skill.

You will be able to avoid a pitfall previously encountered by others.

You will very likely become inspired to improve yourself.

You will become known in the community as a leader.

You will improve the community by your involvement.

You will have the chance to share something you have recently learned with the community.


I have been involved with the leadership of my local InfraGard and OWASP chapters for the last five years. I have found this to be beneficial to both myself and the organizations. It has required a little bit of work every week and can start to resemble a part time job without the involvement of others. The leaders of these security communities serve by finding interesting speakers, securing a location for the meeting and by encouraging others to attend. I know from experience that the leaders would absolutely welcome your active involvement and participation by sharing the work needed to conduct a successful security community.

If you are not involved in a local security community, I encourage you to do find one and become more involved this year. If you are already a regular attender, strongly consider offering your time in a leadership position. The current leaders will certainly welcome your help. You will find this experience to be rewarding as you actively participate and give back to your local security community. Watching a local security community grow is very rewarding and will often encourage continued involvement from others.

What is keeping you from being involved in your local security community this year?




(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Watson, IBM's supercomputer that came to fame besting a Jeopardy champion, is going to college, to Rensselaer Polytechnic Institute, to hone its skills.
 
Facebook posted a revenue increase of 40 percent in the fourth quarter as the number of daily mobile users exceeded daily Web users for the first time ever, the company reported.
 
Microsoft Internet Explorer Address Bar CVE-2013-1451 URI Spoofing Vulnerability
 
Whether you're upgrading from Office 2007 or an earlier version, we've got the goods on how to find your way around Microsoft Office 2010 and make the most of its new features.
 
Microsoft's low-end Surface Pro tablet, slated to start shipping Feb. 9, sports just 23GB of free storage space out of the box, Microsoft confirmed today.
 
Like you, I was horrified by the school shooting in Newtown, Conn. I am hopeful that it will awaken communities around the country to the risks our schools face. They are the quintessential "soft targets," and they need special attention.
 
RIM's share price dropped more than 6% Wednesday, after the company announced it was changing its name to BlackBerry and unveiled two new smartphones, the touchscreen Z10 and the qwerty Q10.
 
The newly rechristened BlackBerry has delivered on its promise to breathe new life into its aging, iconic product line for diehard fans, but faces an uphill battle against the iPhone and devices based on Google's Android operating system.
 
Kaspersky Lab made its bid to reduce the complexity associated with managing IT security processes in corporate environments, with a new product that combines the company's anti-malware technology with new mobile and system management tools.
 
Adobe Reader 'util.printf()' JavaScript Function Stack Buffer Overflow Vulnerability
 
Adobe Reader Unspecified Remote Denial Of Service Vulnerability
 
Researchers at Johns Hopkins University are using Twitter to track what has been a particularly severe flu season across the U.S.
 
Can the release of a new OS, new handsets and a new company name make a difference this late in the game?
 
A large map by the Centers for Disease Control and Prevention tracks the flu epidemic in the U.S.
 
Microsoft's new pay-as-you-go Office 365 subscription plans differ from traditional buy-once software in one important aspect: When customers stop paying, the applications stop working.
 
Poweradmin 'index.php' Cross Site Scripting Vulnerability
 
OpenStack Compute (Nova) 'nova-volume' Security Bypass Vulnerability
 
Once vehemently opposed to open-source software, Microsoft has warmed to the development model over the years and will now take the unusual step of incorporating an open-source program developed by Linus Torvalds into its own development tools.
 
If you missed today's big BlackBerry 10 OS announcement, you can still watch this archived UStream video to see what happened.
 
With its future in the balance, the company until now known as Research In Motion launched its new BlackBerry 10 operating system, two new handsets and a new company name on Wednesday.
 
Few would dispute that QNAP makes very fast NAS hardware--the company's boxes are consistently at the top of PCWorld's performance charts. The TS-269 Pro is no exception, being the overall fastest two-bay NAS box that we've scrutinized on our new test platform. The margin of victory, however, wasn't that great. What really sets this $600 (unpopulated) unit apart from the crowd is its slew of software features and its superior connectivity.
 
Salesforce.com is "aggressively investigating" a database software error that led to temporary performance problems in part of its infrastructure.
 
If you have multiple PCs in your home or small office, you can save time and look professional by storing your documents and media on one PC and using network sharing to access them across all your computers and devices. This prevents you from having to store duplicate copies of files and reduces confusion when trying to find which PC a file is stored on. Additionally, you only reallyA need to worry about backing up one PC (though for safety's sake you shouldA alwaysA back up everything on a regular basis.)
 
Researchers have examined the security of passwords that were derived from grammatically correct sentences. And indeed: incorrect grammar can improve security


 
A buffer overflow when decoding ASF files has been found and patched in VLC, but the fix is currently only available in source or in nightly binaries. Users should be aware and should avoid ASF files from untrustworthy sources


 
The touch-screen smartphone retains most of the strengths that made the platform a corporate favorite while making a play for consumers.
 
Research In Motion is changing its name to BlackBerry, a move it hopes will signify a fresh start for the company.
 
With its future in the balance, the company until now known as Research In Motion launched its new BlackBerry 10 operating system, two new handsets and a new company name on Wednesday.
 
[SECURITY] [DSA 2613-1] rails security update
 
Lenovo CEO Yang Yuanqing said sales of its Windows 8 PCs have been 'normal' to date;, neither surpassing nor falling behind expectations, but added that convertible devices using the OS are helping the company break into the high-end segment for the North American market.
 
The U.S. Forest Service deploys a mobile map application for firefighters and emergency responders to use in the field and for tactical planning
 
Sometimes tech startups make deals with the very industry players they're trying to disrupt.
 
Teradici has been forced to delay the release of Arch, which combines VMware and Microsoft server-based desktops using its PCoIP protocol, due to a scalability issue. But a new tech preview will still allow enterprises to familiarize themselves with the product.
 
Mozilla announced it would automatically disable all plug-ins in Firefox except the latest version of Adobe's Flash Player, citing security and stability reasons for the move.
 
Chinese phone maker ZTE is planning to launch a smartphone based on Mozilla's Firefox OS at the Mobile World Congress in Barcelona next month.
 
As German government officials prepared to meet to discuss a controversial online copyright bill on Wednesday, Yahoo, Facebook and German online startups slammed the proposal that would allow publishers to charge search engines such as Google for reproducing short snippets from news articles.
 
With its future in the balance, Research In Motion launched its new BlackBerry 10 operating system, two new handsets and a new company name on Wednesday.
 
Despite saying in December that talks with Google could not go on forever, European Union Competition Commissioner Joaquin Almunia seems resigned to keep waiting.
 
If your IT organization doesn't have a clear core strategy, it's easy to get caught up in--and spend too much on--technology trends. Learn about six CIOs' strategies for 2013 and see how they compare to your plans for the rest of the year.
 
 
Cisco Security Advisory: Portable SDK for UPnP Devices Contains Buffer Overflow Vulnerabilities
 
In future versions of Firefox, most plugins will be set to "Click to Play" to prevent auto-running plugin content being easily exploited for drive-by attacks


 

Rapid7 conducted a widely quoted study, scanning the Internet on port 1900/udp to find devices that expose UPnP [1]. Universal Plug and Play (UPnP) is a protocol frequently supported by home gateways to automate firewall configurations. For example, an IP based security camera may use the protocol to instruct a firewall to open a port and redirect incoming traffic to it, allowing the user to monitor the camera from outside the own network. Online games use it in similar fashion to allow game servers to reach the host participating in the game.While UPnP itself is not exactly a secure protocol, in addition, implementations suffer from various flaws as the paper by Rapid 7 points out.

Rapid7 does offer a free Windows tool to scan your network. In addition, you could use nmap to find hosts supporting UPNP, but you will need a NSE script that sends an M-SEARCH request to trigger a response [2]. A UPnP listener will not respond to a typical empty nmap UDP scan.

Here is a sample nmap scan using this NSE script:

sudo nmap --script upnp-info.nse -p 1900 -sU 192.0.2.1

Nmap scan report for somehost.mynet (192.0.2.1)
Host is up (0.067s latency).
PORT STATE SERVICE
1900/udp open upnp
| upnp-info:
| 72.92.145.199
| Server: Custom/1.0 UPnP/1.0 Proc/Ver
| Location: http://192.168.1.1:5431/dyndev/uuid:3872c05b-c117-17c1-5bc0-12345
| Webserver: LINUX/2.4 UPnP/1.0 BRCM400/1.0
| Name: Broadcom ADSL Router
| Manufacturer: Comtrend
| Model Descr: (null)
| Model Name: AR-5381u
| Model Version: 1.0
| Name: WANDevice.1
| Manufacturer: Comtrend
| Model Descr: (null)
| Model Name: AR-5381u
| Model Version: 1.0
| Name: WanConnectionDevice.1
| Manufacturer: Comtrend
| Model Descr: (null)
| Model Name: AR-5381u
|_ Model Version: 1.0

Or you could try to scan on port 5431/tcp if you dont want to install the NSE script, or dont have root permission:

CPE: cpe:/o:linux:kernel



The difficult part is that the most vulnerable devices are the once with UPnP exposed on the external interface. In many cases these are ISP supplied routers and the end user may not be able to turn off UPnP.

[1]https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play

[2]https://svn.nmap.org/nmap/scripts/upnp-info.nse

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
During an IP scan, security firm Rapid7 said that it found countless network-enabled devices that responded via UPnP and are, therefore, vulnerable to attacks via critical holes


 
Lenovo's profit for its fiscal third quarter grew by 34% from a year earlier, as the company also reported that its smartphone business in China had become profitable for the first time.
 
Oracle may have had its hands full lately dealing with Java security issues, but the company's acquisition of Java founder Sun Microsystems three years ago this month still has paid off, company President Mark Hurd said. An investment research firm, though, still has listed Oracle's Sun acquisition as reason to sell off Oracle stock.
 
A court in California denied Samsung Electronics a retrial in a patent infringement dispute with Apple, and also declined to raise the damages earlier awarded to Apple by a jury.
 
Apple has been granted a service mark in the U.S. for the design and layout of its retail store, reflecting the company's interest to protect the design of its popular stores from copycat retailers.
 
Research In Motion's long-anticipated release of its BlackBerry 10 OS at 10 a.m. ET today could be a make or break moment for the company.
 
Back-end as a service offers standard features to drop into your apps, so your developers can spend their time on the most strategic pieces.
 
Vendors offer code drop-ins that standardize common mobile features, including messaging and payment, so your in-house developers can focus on the functions that are most important to your business.
 
The German Federal Police are warning of new malware which displays child pornography while claiming that victims' computers have been used for illegal purposes. The BKA and BSI are warning users not to save the displayed image


 
Linux Kernel 'dvb_net_ule()' Remote Denial of Service Vulnerability
 
Linux Kernel USB interface Local Information Disclosure Vulnerability
 
Red Hat Enterprise Linux 'ptrace()' Local Privilege Escalation Vulnerability
 
Python 'Imageop' Module Argument Validation Buffer Overflow Vulnerability
 
Python 'stringobject.c' Multiple Remote Buffer Overflow Vulnerabilities
 
Python 'expandtabs' Multiple Integer Overflow Vulnerabilities
 
Python Multiple Buffer Overflow Vulnerabilities
 
Evolution Data Server 'ntlm_challenge()' Memory Contents Information Disclosure Vulnerability
 
GNOME Evolution S/MIME Email Signature Verification Vulnerability
 
Multiple Asterisk Products CVE-2012-5977 Denial of Service Vulnerability
 
The file-sharing service Mega has fielded 150 copyright warnings since its recent launch as founder Kim Dotcom grows a risky new business while under indictment by U.S. prosecutors for running Megaupload.
 
Internet Storm Center Infocon Status