Hackin9
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Chris Mohan --- Internet Storm Center Handler on Duty

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Some of those seeking to scrub their histories from the Web under Europe's "right to be forgotten" rule are being economical with the truth when making their requests, Google said Thursday.
 

InfoSec's Holy Grail: Data Sharing & Collaboration
Dark Reading
Despite all the best intentions, cooperation around internet security is a still a work in progress. Case in point: Microsoft's unilateral action against No-IP. “We need more collaboration, we need more data sharing!” This obligatory refrain perenially ...

 
Computer problems with the U.S. State Department's system for issuing passports and visas may have affected up to 200,000 people, it emerged Thursday, as the scale of the problem became clear for the first time.
 

US Computer Emergency Response Team, in cooperation with the Secret Service and researchers at Trustwave’s Spiderlabs, have issued an alert about a newly identified variant of malware installed on point-of-sale (POS) systems that was used in a series of recent attacks by cyber criminals. Called “Backoff,” the malware shares characteristics with the one used to attack Target’s point of sale systems last year: it scrapes credit card data out of the infected computer’s memory. Until now, it was undetectable by antivirus software.

POS machines are a big target for hackers, who use malware like Backoff to collect data from credit cards and other transaction information to either create fraudulent credit cards or sell the data. In many ways, the Backoff-based attacks were similar to the attack in 2011 on Subway franchises—hackers used remote desktop software left active on the machines to gain entry, either by brute-force password attacks or by taking advantage of a default password, and then installing the malware on the hacked system.

According to US-CERT, Backoff runs in the background watching memory for the “track” data from credit card swipes, which can be used to both obtain the account number on the card and to create fraudulent cards that can be used in ATMs and other point-of-sale systems. Backoff also has a keylogger function that records the key-presses on the infected computer. The malware installs a malicious stub in Internet Explorer that can reload the in-memory component if it crashes and communicates with the criminals’ command and control network—sending home captured credit card data and checking for malware updates.

Read 1 remaining paragraphs | Comments

 
The Maine-docked Google barge, which created so much curiosity and brouhaha last fall, is on the move.
 
A couple of weeks ago I wrote about Automatic, a dongle that plugs into your car's OBD-II connector and sends data about your car's performance and your driving via Bluetooth LE to an app on your iOS or Android smartphone.
 
Most USB devices have a fundamental security weakness that can be exploited to infect computers with malware in a way that cannot easily be prevented or detected, security researchers found.
 
French carrier Iliad's surprise unsolicited bid for T-Mobile US may be good news for everyone but Sprint.
 
Tor CVE-2014-5117 RELAY_EARLY Security Vulnerability
 
The National Institute of Standards and Technology (NIST) will hold a workshopxa0on the Framework for Improving Critical Infrastructure Cybersecurity, Oct. 29 and 30, 2014, hosted by the Florida Center for Cybersecurity(FC2) located at ...
 
Server sales could spike with the expiration of extended support for Microsoft's Windows Server 2003 OS in July next year, a Dell executive said.
 
I love my Victorian flat. But like many buildings from that era, it has lots of doors, lots of walls, and lots of old-school wiring, all of which interfere with my Wi-Fi network. My signal is quite strong in my office, where my router is, but the farther I move away the weaker the signal. I got tired of watching my iPhone drop connections in the living room so I decided to extend my network.
 
NASA has planned out the new and improved scientific instruments that will be included onboard the next robotic Mars rover. The instruments will look for signs of past life and the ability to create oxygen and rocket fuel on the Red Planet.
 
 
Microsoft Office CVE-2013-5057 ASLR Security Bypass Vulnerability
 
SAP is struggling to convince some customers that a pricier support service it introduced several years ago provides additional value compared to the standard support option.
 
Malicious hackers are using remote access tools to break into retail point-of-sale systems and plant malware on them, the Department of Homeland Security warned.
 
Schneider Electric OPC Factory Server Local Stack Buffer Overflow Vulnerability
 

What InfoSec can learn from the insurance industry
iT News (blog)
Step into the branch of any bank and you can see they are clearly designed to resist robbery at several levels and - up to a certain point - keep the instituion's teller staff safe. That design comes from empirical experience, as in bank robberies ...

 

InfoSec's Holy Grail: Data Sharing & Collaboration
Dark Reading
Despite all the best intentions, cooperation around Internet security is a still a work in progress. Case in point: Microsoft's unilateral action against No-IP. “We need more collaboration, we need more data sharing!” This obligatory refrain perenially ...

 
An internal CIA investigation has determined its employees improperly accessed computers used by the Senate Intelligence Committee while it was working on a report about the agency's post-9/11 detention and interrogation program, according to a report by McClatchy.
 
Despite becoming one of the most widely used programming languages on the Web, PHP didn't have a formal specification -- until now.
 

The head of the Central Intelligence Agency has apologized to leaders of the Senate Intelligence Committee after determining that his officers improperly accessed computers that were supposed to be available only to committee investigators, according to multiple reports on Thursday.

The mea culpa from CIA Director John O. Brennan was in sharp contrast to a defiant statement he made in March. After US Senator Dianne Feinstein accused the agency of breaching long-recognized separations between employees of the legislative and executive branches, Brennan maintained that there had been no inappropriate monitoring of Senate staffers' computer activity.

"When the facts come out on this, I think a lot of people who are claiming that there has been this tremendous sort of spying and monitoring and hacking will be proved wrong," he said at the time.

Read 2 remaining paragraphs | Comments

 
AT&T Connect Participant Application '.SVT' File Processing Buffer Overflow Vulnerability
 
Oxwall '/admin/settings/user' Multiple Arbitrary PHP Code Execution Vulnerabilities
 
Hewlett-Packard has changed its direction on OpenVMS, giving the operating system -- and users -- something of a reprieve.
 
French mobile operator Iliad has offered to buy T-Mobile US, the fourth-largest U.S. cellular carrier, in a bid that could complicate an offer reportedly in the works at Sprint.
 
Chief information security officers (CISOs) continue to have a hard time gaining the respect of other C-suite executives despite the heightened focus overall on information security.
 
The Qi wireless charging spec added a resonance extension to its existing induction spec, meaning enabled mobile devices can be charged more than an inch away from the pad.
 

In numerous previous Diaries, my fellow Internet Storm Center Handlers have talk on honeypots, the values of full packet capture and value of sharing any attack data. In this Diary I'm going to highlight a fairly simple and cost effective way of rolling those together. 

If you have an always on internet connection, having a honeypot listening to what is being sent your way is never bad idea. There's plenty of ways to set up a honeypot, but a inexpensive way is to set up one up at home is with a Raspberry Pi [1]. The Raspberry Pi is a credit-card sized computer, which can be hidden away out of sight easily, has a very low power consumption and is silent but works very well for a home honeypot.  

These are plenty of install guides to install the OS (I like using Raspbian), secure it then, drop your pick, or mix, of honeypot such as Kippo [2], Glastopf [3] or Dionaea [4] on it. Again, guides on how to set these up litter the intertubes, so take your pick. As additional step, I like to install tcpdump and plug in a Linux formatted 4Gb USB drive in to the Pi and then do full packet capture of any traffic that is directed to the Pi's interface to the USB drive. Other than who doesn't like to sifted through packet captures during downtime, there are times capturing the full stream provides insights and additional options (like running it through your IDS of choice) on the connections being made to you.

Once you have it all set up, secured, tested and running don't forget to share the data with us, especially if you install Kippo [5]

From my observations, don't expect a massive amount of interaction with your home honeypot, but you will see plenty of scanning activity. It's a fairly interesting insight, especially if you pick a number of ports to forward on from your router/modem for the honeypot to listen on. If you do set up tcpdump to capture any traffic hitting the Raspberry Pi network interface (and haven't set up a firewall to drop all non-specified traffic) is that it'll pick up any chatty, confused or possibly malicious connections within your home network if they are broadcasting or scanning the subnet as well. With the Internet of Things being plugged in to home networks now, it's always handy to have a little bit of notification if your fridge starts port scanning every device on your network...

As one of my fellow Handler, Mark Hofman, sagely mentioned:

"if you are going to set one up, make sure you fully understand what you are about to do.  You are placing a deliberately vulnerable device on the internet.  Depending on your location you may be held liable for stuff that happens (IANAL).  It it gets compromised, make sure it is somewhere where it can't hurt you or others."

So keep an eye on your Pi!

Happy honeypotting!

 

[1] http://www.raspberrypi.org/
[2] https://github.com/desaster/kippo
[3] http://glastopf.org/
[4] http://dionaea.carnivore.it/
[5] https://isc.sans.edu/diary/New+Feature%3A+%22Live%22+SSH+Brute+Force+Logs+and+New+Kippo+Client/18433

 

Chris Mohan --- Internet Storm Center Handler on Duty

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
IBM has added to its security software portfolio with the purchase of Italian access control and identity management firm CrossIdeas for an undisclosed sum, the companies said Thursday.
 

When creators of the state-sponsored Stuxnet worm used a USB stick to infect air-gapped computers inside Iran's heavily fortified Natanz nuclear facility, trust in the ubiquitous storage medium suffered a devastating blow. Now, white-hat hackers have devised a feat even more seminal—an exploit that transforms keyboards, Web cams, and other types of USB-connected devices into highly programmable attack platforms that can't be detected by today's defenses.

Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices.

"Please don't do anything evil"

"If you put anything into your USB [slot], it extends a lot of trust," Karsten Nohl, chief scientist at Security Research Labs in Berlin, told Ars. "Whatever it is, there could always be some code running in that device that runs maliciously. Every time anybody connects a USB device to your computer, you fully trust them with your computer. It's the equivalent of [saying] 'here's my computer; I'm going to walk away for 10 minutes. Please don't do anything evil."

Read 10 remaining paragraphs | Comments

 
Oracle is fleshing out its family of cloud applications and taking a competitive step against the likes of Salesforce.com with the acquisition of TOA Technologies, maker of software for companies centered around field services. Terms were not disclosed.
 
Advanced Micro Devices wants to help gamers build cheaper, smaller desktops through new processors the company started shipping on Thursday
 
The European Commission is stepping up its inquiry into Google's alleged anti-competitive behavior in the market for mobile software, making a formal investigation into the company's Android business more likely, according to a report.
 

Posted by InfoSec News on Jul 31

http://www.news9.com/story/26146017/man-arrested-after-security-breach-at-the-oklahoma-county-jail

By Evan Anderson
News 9
July 29, 2014

OKLAHOMA CITY -- A man is accused of impersonating a law enforcement
officer and visiting an inmate after a security breach at the Oklahoma
County Jail.

James Keeter, 70, made his way inside the Oklahoma County Jail with little
resistance.

“He claimed to be an active probation officer or a deputy...
 
Elasticsearch CVE-2014-3120 Arbitrary Java Code Execution Vulnerability
 
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
 
RE: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
 
Scientists at the University of California, Berkeley, are working on computer screens that would adjust their images to accommodate individual user's visual needs. Think of it as a display that wears the glasses so users don't have to.
 
Facebook introduced an app on Thursday that will give mobile phone subscribers in Zambia access to a set of free basic mobile data services -- and Facebook.
 
Xiaomi became the world's fifth-largest smartphone vendor in the second quarter, catapulted into the top five for the first time by its hit products in its home market of China, according to research firm Strategy Analytics.
 
Google's dominance of the smartphone market has reached new heights, with its Android operating system now accounting for a record 84.6 percent share of global smartphone shipments, according to research by Strategy Analytics.
 
Only one person clicks on a bad link, and she had all her files properly backed up. Maybe employees aren't a security manager's nightmare after all.
 
After years of cajoling their users into sharing every thought, emotion and selfie, online firms are seeing that providing more private online spaces might also be profitable.
 
ppc64-diag CVE-2014-4039 Multiple Insecure File Permissions Vulnerabilities
 
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
 
[ MDVSA-2014:144 ] live
 
Re: [FD] Beginner's error: import function of Windows Mail executes rogue program C:\Program.exe with credentials of other account
 
[ MDVSA-2014:143 ] phpmyadmin
 

Posted by InfoSec News on Jul 31

http://allafrica.com/stories/201407300414.html

By Chusa Sichone
Times of Zambia
July 30, 2014

VISITING International Telecommunications Union (ITU) deputy
secretary-general Houlin Zhao has launched the first-ever cyber security
laboratory in Zambia, which will enable law-enforcement agencies to combat
Information Communication Technology (ICT)-related crimes.

The laboratory is based at the Zambia Police Service headquarters in
Lusaka,...
 

Posted by InfoSec News on Jul 31

http://www.defensenews.com/article/20140730/DEFFEAT05/307300017/Commentary-Cyber-Deterrence-Working

By Jason Healey
Defense News
July 30, 2014

Despite the mainstream view of cyberwar professionals and theorists, cyber
deterrence is not only possible but has been working for decades.

Cyberwar professionals are in the midst of a decades-old debate on how
America could deter adversaries from attacking us in cyberspace. In 2010,
then-Deputy...
 
phpMyAdmin 'functions.js' Multiple Cross Site Scripting Vulnerabilities
 
phpMyAdmin 'structure.lib.php' Cross Site Scripting Vulnerability
 
phpMyAdmin 'rte_list.lib.php' Cross Site Scripting Vulnerability
 
phpMyAdmin CVE-2014-4987 Remote Security Bypass Vulnerability
 
Internet Storm Center Infocon Status