Chris Mohan --- Internet Storm Center Handler on Duty

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A team of researchers has developed an Android app to help people better understand when their location is being accessed, something that happens more often than people think.
Corona del Mar sits on an idyllic part of the Orange County coastline.

A hacking scandal involving keyloggers and electronic grade-changing at a high school in Newport Beach, a well-to-do area of Southern California, has resulted in the expulsion of 11 students. The Orange County Register reported Wednesday that six of those students had already left the district, but five had been transferred to another local school.

“The Board’s action imposes discipline upon these students for the maximum allowed by the Education Code for what occurred at Corona del Mar High School,” Laura Boss, the Newport Mesa Unified School District spokesperson wrote in a statement on Wednesday.

US News and World Report ranked the high school in question as the 46th best within California.

Read 23 remaining paragraphs | Comments


Microsoft's cloud chief, Satya Nadella, will lead the company as its next chief executive, according to a report from Bloomberg.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Yahoo has been resetting email accounts that were targeted in an attack apparently aimed at collecting personal information from recently sent messages, the company said Thursday.

Yahoo said it is resetting passwords for some of its e-mail users after discovering a coordinated effort to compromise accounts.

Attackers behind the cracking campaign used usernames and passwords that were probably collected from a compromised database belonging to an unidentified third party, according to Jay Rossiter, Yahoo senior vice president of platforms and personalization products, who wrote an advisory published Thursday. A large percentage of people use the same password to protect multiple Internet accounts, a practice that allows attackers holding credentials taken from one site to compromise accounts on other sites. There's no evidence the passwords used in the attack came from Yahoo Systems.

"Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts," Rossiter wrote. "The information sought in the attack seems to be names and e-mail addresses from the affected accounts' most recent sent e-mails."

Read 3 remaining paragraphs | Comments


Yahoo announced they discovered attempts to access Yahoo mail accounts [1]. Not a huge amount of information has currently been released about what happened, but the usernames and passwords have come from some unnamed third party source, not from Yahoo.
Yahoo, and we at the Storm Center, advises you change your Yahoo email account passwords.
I’d also recommend being wary of any odd email messages from friends with Yahoo accounts that send you links or attachments in the next few days.
[1] http://yahoo.tumblr.com/post/75083532312/important-security-update-for-yahoo-mail-users

Chris Mohan --- Internet Storm Center Handler on Duty

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Beijing-based Lenovo Group's plan to buy Google's Motorola Mobility unit and an IBM server division for a combined $5.2 billion will likely face strict and lengthy national security scrutiny by an inter-agency committee of the U.S. government, two Washington attorneys who are veterans of the review process said Thursday.
Google reported a healthy 17 percent increase in revenue for the fourth quarter, even as sales by its Motorola mobile unit, which the company is selling to Lenovo, dropped again from the same period last year.
Payment card data was stolen during the past three months from several dozen retailers that had their point-of-sale systems infected with a memory-scraping malware program called ChewBacca.

Over the last month or so, new gTLDs (generic top level domains) have been added to the root zone by ICANN. This is the beginning of a process of adding a couple hundred new gTLDs which ICANN colleted applications for last year.

To get a full list of current valid gTLDs see http://newgtlds.icann.org/en/program-status/delegated-strings

It is up to the individual registrars who received the gTLDs to decide how to use them. Some are limited to particular organizations. Others are already available to the public for pre-registration.

This is important if you are doing more detailed input validation on domain names, for example to validate e-mail addresses. For example, the longest name I was able to spot was ".INTERNATIONAL" . 



Johannes B. Ullrich, Ph.D.
SANS Technology Institute

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The U.S. Federal Communications Commission has voted to allow telecom carriers to run trials with Internet Protocol networks replacing traditional, copper-based telephone systems.
Open source office suite LibreOffice has overhauled its spreadsheet program, Calc, to try to make it better suited to the needs of enterprise users who handle big data sets.
Apple won't lose any sleep over the Lenovo acquisition of Google's Motorola handset business, analysts said today.
A former network engineer at a West Virginia oil and gas company could face up to 10 years in federal prison after pleading guilty this week to sabotaging the company's systems so badly that its operations were affected for a month.
Dell has started shipping the Android-based Wyse Cloud Connect, a $129 device that is slightly larger than a USB stick and can be used by consumers to watch movies in HD or by enterprises as a virtual desktop client.
Google is moving aggressively on -- and paying billions of dollars for -- the technology and talent it needs to create successful smart home and robotics businesses even as it acknowledges its failure to run a strong smartphone business.
SkyBlueCanvas 'index.php' Multiple Remote Command Injection Vulnerabilities
Brocade Network Advisor Multiple Remote Code Execution Vulnerabilities
WordPress Nokia Maps & Places Plugin 'href' Parameter Cross Site Scripting Vulnerability

About 4 years ago, I published a quick diary summarizing our experience with IPv6 at the time [1]. Back then, the IPv6 traffic to our site was miniscule. 1.3% of clients connecting to our server used IPv6. Since then, a lot has changed in IPv6. Comcast, one of the largest US ISPs and an IPv6 pioneer now offers IPv6 to more then 25% of its users [2] . Many mobile providers enable IPv6, and more users access our site from mobile devices then before. So I expected a bit of an increase in IPv6 traffic. Lets see what I found.

The short summary is: We do see A LOT more IPv6 traffic, but auto-configured tunnels pretty much went away (probably a good thing)

Overall, the number of IPv6 clients multiplied by about 3 and about 4% of requests received by our web server now arrive via IPv6. Given that we use a tunnel and proxy at this point to provide IPv6 access, we can only assume that there are more IPv6 capable clients out there but technologies like "happy eyeballs" make them prefer IPv4.

The difference is even more significant looking at tunnels. 6-to-4 tunnels only make up 0.3 % of all IPv6 requests, and Terredo is not significant (only about 100 requests total for all of last month). 2001::/16 remains the most popular /16 prefix, but 2002::/16 which was #2 in 2010 no longer shows up.

Within 2001::/16, Hurricane Electric (2001:470::/32) still dominates, indicating that we still have a lot of tunnels. But it is now followed by 2607:f740::/32 (Host Virtual) , 2401:c900::/32 (Softlayer) , 2a01:7a0::/32 (Velia) and 2607:f128::/32 (Steadfast). 

As far as reverse DNS resolution goes, still only very few ISPs appear to have it configured for IPv6. 

[1] https://isc.sans.edu/diary/IPv6+and+isc.sans.org/7948
[2] http://www.comcast6.net

and of course our IPv6 Security Essentials class. 

Johannes B. Ullrich, Ph.D.
SANS Technology Institute

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A year after the launch of Microsoft's ambitious Office 365, it's almost impossible for outsiders to get a grip on how the software-by-subscription program has done, analysts admitted today.
Now that Google has gotten rid of Motorola Mobility, the company can focus on its newest projects, like the smart home, wearable computers and robotics.
LIVE555 Streaming Media 'parseRTSPRequestString()' Function Buffer Overflow Vulnerability

Demonstrators protesting Ukrainian President Viktor Yanukovych suspected their cellphone location data was being tracked since at least last week, when people in the vicinity of a clash between riot police and protesters received a chilling text message. It read: "Dear subscriber, you are registered as a participant in a mass disturbance."

The country's three cellphone companies denied they had turned over subscribers' location data or had sent the message. Instead, some suggested the "Dear subscriber" text, and others like it sent to other protestors, were the work of hackers using rogue base stations that mimicked those belonging to the carriers. Now, the protesters and civil liberties advocates around the world have cited official confirmation of the cellphone monitoring—a ruling made public on Wednesday formally ordering a telephone company to hand over such data.

From The New York Times:

Read 2 remaining paragraphs | Comments


OpenStack Compute (Nova) Compressed 'qcow2' Disk Images Denial of Service Vulnerability
Marketing organizations are continuing to increase their budgets for big data marketing initiatives, but most are focusing on technology, not talent. That could be a costly mistake.
Facebook has introduced Paper, a mobile app that mixes content from a user's own feed with articles from "well-known publications" and displays it all with a new interface.
AlgoSec Firewall Analyzer Cross Site Scripting Vulnerability
Facing escalating competition in the mobile payments revolution, a new CIO banks on data analytics to map out a profitable future, writes Editor in Chief Maryfran Johnson.
Pidgin CVE-2013-6486 Incomplete Fix Remote Code Execution Vulnerability
Cisco Identity Services Engine HTTP Control Interface for NAC Web Cross Site Scripting Vulnerability
IDG Communications CEO Michael Friedenberg says it already has, as he contemplates 3-D printing technology that can create things as varied as a human liver and a new home.
Cisco Identity Services Engine Report Page HTML Injection Vulnerability
OTRS Customer Web Interface Cross Site Request Forgery Vulnerability
A court in California has decided not to sanction Samsung Electronics for the leak of confidential Apple licensing information, stating that the information had not been misused in patent negotiations.
Intel is closing down its AppUp online application store as it sees a shift in the market and consumer needs.
Modern business applications need a social network at their core and should be so easy to use that even a CEO can figure them out, said Oracle CEO Larry Ellison.
Look out Amazon, Larry Ellison has got his eye on you.
Often considered a second-class career choice, quality assurance is gaining prominence as automated testing demands more sophisticated talent and high-profile project failures highlight its importance.
PC makers have often struggled to sell smartphones, but China's Lenovo could be on the cusp of making a breakthrough. The company's $2.9 billion deal to buy Motorola Mobility from Google might end up paving the way for Lenovo to become one of the rare PC makers with a prominent handset business.
Ruby Phusion Passenger 'server instance directory' Insecure Temporary File Creation Vulnerability
Ektron CMS Take Over - Hijacking Accounts
Oracle Multiple SPARC Products CVE-2012-3206 Local Security Vulnerability
SimplyShare v1.4 iOS - Multiple Web Vulnerabilities

Posted by InfoSec News on Jan 30


By John Leyden
The Register
30th January 2014

Vulnerabilities in a number of 3G and 4G USB modems can be exploited to
steal login credentials -- or rack up victims' mobile bills by sending
text messages to premium-rate numbers -- a security researcher warns.

Andreas Lindh claims that all the devices he has looked at so far are
managed via their built-in web servers and --...

Posted by InfoSec News on Jan 30


By Brian Krebs
Jan 29, 2014

An examination of the malware used in the Target breach suggests that the
attackers may have had help from a poorly secured feature built into a
widely-used IT management software product that was running on the
retailer’s internal network.

As I noted in Jan. 15′s story – A First Look at the Target Intrusion,
Malware –...

Posted by InfoSec News on Jan 30


By Matthew Panzarino
January 29, 2014

An update in the @N account hacking case has just come through from
GoDaddy, one of the companies involved in the somewhat convoluted social
engineering case. The company admits that one of its employees was
'socially engineered' into giving out...

Posted by InfoSec News on Jan 30


By James Hayes
Engineering and Technology Magazine
28 January 2014

Data available from mainstream online media -- such as blogs, social
networking websites, and specialist online publications -- could be used
by malevolent agents to mount a cyber-attack on UK critical national
infrastructure (CNI), the findings of an investigative assessment to be
presented next week will warn.


Posted by InfoSec News on Jan 30


By Ryan Huang
ZDNet News
January 30, 2014

Over 2,000 websites from India and Pakistan have been defaced so far in
the past two days, as hackers from both countries duke it out in

More than 100 Pakistani websites were defaced on Wednesday, apparently in
retaliation for the defacement of more than 2,000 Indian websites by...
Internet Storm Center Infocon Status