Information Security News
I spend a lot of time using R, theprogramming language and software environment for statistical computing and graphics. Its incredibly useful for visualization and analysis, consider Data-Driven Security as a great starting point and reference, along with this article,if youre further interested.
One of my recent discoveries (I">system toinvoke">system, in two lines I can call Log Parser, pull the Windows security event log, write it to CSV, and create a data frame out of it that I can then do any number of other cool things with. Note: to pull the Windows security event log you need to be running with elevated privilege and need to run R as admin for this example scenario.
Set a working directory:">setwd(D:/coding/R/EventVizWork)
Call Log Parser with system:">system(logparser Select * into security.csv from Security -i:evt -o:csv)
Elements processed: 112155
Elements output: 112155
Execution time: 26.80 seconds
Read the results into a data frame:">secevtlog - read.csv(security.csv)
Tomorrow I">|">@holisticinfosec(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
by Sean Gallagher
Samy Kamkar, a Los Angeles-based security researcher and hardware hacker, has created a device called OwnStar that can find, unlock, and remote start General Motors cars equipped with OnStar. The hack, which is based on an exploit of OnStar's mobile software communications channel, exposes the credentials of a car's owner when it intercepts communications with OnStar's service. The device will be demonstrated at next week's DefCon security conference in Las Vegas.
The OwnStar device can detect nearby users of the OnStar RemoteLink application on a mobile phone and can then inject packets into the communication stream to the phone, getting it to give up additional information about the user's credentials. Those credentials can then be used to gain access to the vehicle's OnStar account and the full functionality of the OnStar RemoteLink app.
Kamkar says the vulnerability is in the app itself and not the OnStar hardware in GM vehicles. He added that GM and OnStar are working to correct the flaw in the vulnerable mobile application. GM customers who use OnStar can protect themselves for the time being by not using the RemoteLink app.
A recently disclosed vulnerability in Bind, the most widely used software for translating human-friendly domain names into IP addresses used by servers, makes it possible for lone-wolf attackers to bring down huge swaths of the Internet, a security researcher has warned.
The flaw, which involves the way that Bind handles some queries related to transaction key records, resides in all major versions of the software from 9.1.0 to 9.8.x, 9.9.0 to 9.9.7-P1, and 9.10.0 to 9.10.2-P2. Attackers can exploit it by sending vulnerable servers a malformed packet that's trivial to create. Vulnerable servers, in turn, will promptly crash. There are no indications that the vulnerability is being actively exploited in the wild, and the bug wasn't disclosed until a fix was in place. Still, the critical vulnerability underscores the fragility of Bind, which despite its three decades in use and unwieldy code remains the staple for the Internet's domain name system.
Rob Graham, CEO of penetration testing firm Errata Security, reviewed some of the Bind source code and the advisory that Bind developers issued earlier this week and made this sobering assessment:
Posted by InfoSec News on Jul 30http://www.scmp.com/tech/enterprises/article/1845102/united-airlines-hacked-china-linked-group-believed-responsible
Posted by InfoSec News on Jul 30http://english.yonhapnews.co.kr/full/2015/07/30/41/1200000000AEN20150730005700315F.html
Posted by InfoSec News on Jul 30http://fortune.com/2015/07/29/crowdstrike-cybersecurity-george-kurtz/
Posted by InfoSec News on Jul 30http://krebsonsecurity.com/2015/07/windows-10-shares-your-wi-fi-with-contacts/
Posted by InfoSec News on Jul 30http://www.wired.com/2015/07/hackers-can-disable-sniper-rifleor-change-target/