Thursday, January 29, 2009

IEC Web Site Compromised

Websense Security Labs™ ThreatSeeker™ Network has discovered that a subdomain of the International Electrotechnical Commission (IEC) Web site has been compromised. The IEC is an international standards organization that prepares and publishes International Standards for all electrical, electronic, and related technologies. Member countries include Japan, Australia, U.S.A., central European countries, and numerous others. Read more...

Taps vs Span Ports

Tao of Security provided a great discussion regarding taps or SPAN ports.
  1. Taps free SPAN ports for tactical, on-demand monitoring, especially intra-switch monitoring. Many switches have only two ports capable of SPAN, and some offer only one. If you commit a SPAN port for permanent monitoring duties, and you need to reassign it for some sort of troubleshooting on a VLAN or other aspect of the traffic, you have to deny traffic to your sensor while the SPAN port is doing other work. Keep your SPAN ports free so you can do intra-switch monitoring when you need it.

  2. Taps provide strategic, persistent monitoring. Installing a tap means you commit to a permanent method of access to network traffic. Once the tap is installed you don't need to worry about how you are going to access network traffic again. Taps should really be part of any network deployment, especially at key points in the network.

  3. Selected taps do not permit injected traffic onto the monitored link. Depending on the tap you deploy, you will find that it will not be physically capable of transmitting traffic from the sensor to the monitored link. This is not true of SPAN ports. Yes, you can configure SPAN ports to not transmit traffic, and that is the norm. However, from my consulting days I can remember one location where I was told to deploy a sensor on a box with one NIC. Yes, one NIC. That meant the same NIC used for remote SSH access also connected to a switch SPAN port. Yes, I felt dirty.

  4. What taps see is not influenced by configuration (as is the case with SPAN ports); i.e., what you see is really what is passing on the link. This is key, yet underestimated. If you own the sensor connected to a SPAN port, but not the switch, you are at the mercy of the switch owner. If the switch owner mistakenly or intentionally configures the SPAN port to not show all the traffic it should, you may or may not discover the misconfiguration. I have seen this happen countless times. With a network tap, there's no hiding the traffic passing on the monitored link. Many shops have been surprised by what is traversing a link when the finally take a direct look at the traffic.

  5. Taps do not place traffic on a switch data plane, like a SPAN port does. This point is debatable. Depending on switch architecture, SPAN ports may or may not affect the switch's ability to pass traffic. By that I mean a SPAN port may not receive all traffic when the switch is loaded, because forwarding may take precedence over SPANning.
Read more...

The Veterans Affairs Department has agreed to pay $20 million

The Veterans Affairs Department has agreed to pay $20 million to settle a lawsuit filed by veterans over the risk of potential identity theft when a VA laptop PC that contained their sensitive information was stolen in 2006. The laptop contained files with personally identifiable information on millions of veterans, such as names, birth dates and Social Security numbers. Read more...

Tuesday, January 27, 2009

Serious security alert for Monster.com and USAJobs.gov users, Sophos reports

Job websites struck by hackers once again, putting identities at risk

IT security and control firm Sophos is advising all users of careers website Monster.com and USAJobs.gov, the official job site of the US Federal Government, to change their passwords following news that both sites have been the victim of a serious hacking attack which has compromised both and usernames and passwords.

Furthermore, as research has discovered that 41 percent of people use the same password for every website they access, many Monster and USAJobs users are likely to be at risk of their accounts on other websites are at risk of being hacked. Read more...

Obama smartphone conforms to military standards

Contrary to some media reports, Obama won’t simply be trading in one BlackBerry — the ubiquitous e-mail and smartphone device made by Research In Motion (RIM) — for a more secure version. Rather, he’ll be switching altogether to a maximum-security smart phone — most likely the Sectéra Edge made by General Dynamics C4 Systems Group.

The Sectera Edge is actually a re-purposed Palm Treo 750 that has been reconfigured to send and receive wireless classified e-mail messages and attachments, as well as access Web sites on the government’s Secure IP Router Network (SIPRnet). It features a single-touch button that permits authorized users to toggle between SIPRnet and government’s non-secure network, NIPRnet. And it would allow the president to have secure voice conversations. Read more...

My personal opinion. I think L-3 guardian is much better.
http://www.l-3com.com/cs-east/ia/smeped/ie_ia_smeped.shtml

Sunday, January 25, 2009

Hoax that claims Apple CEO Steve Jobs has had a heart attack

"A widely-circulated URL which points to an image that purports to be a wired.com story about Steve Jobs health is a hack job," Wired.com said. "We won't provide the URL here but the Twitterverse quickly surmised that the item was not correct." It appears to have first been reported by Mashable.

Someone created a legitimate-looking Web page using Wired's public upload image viewer, which generates a page containing an image under a Wired logo banner, Wired.com said. The hole has been patched, the news site added. Read more...

Friday, January 23, 2009

Trojan Attack Masquerades as E-ticket notice

Jan 22, 2009 | 05:19 PM

By Tim Wilson
DarkReading

Security researchers have spotted a new attack designed to fool users into thinking that airline tickets have been purchased with their credit cards.

The attack, which was first spotted as an email from Northwest Airlines, and subsequently as a message from United Airlines, is a realistic-looking "receipt" that contains an attachment bearing the name Your_ETicket.zip or eTicket.zip, according to researchers at security vendor Sophos. Read more...

Wednesday, January 21, 2009

To disclose or not to

Security researchers should stop publishing vulnerabilities in the traditional way because cyber-criminals are using the code to generate zero-day exploits at record speeds, says a recent report. Read more...

Cheap cracks

Modern cryptological attacks can crack mobile phone calls, as well as debit and credit card systems, in seconds. The trick is to find a practical compromise between computing time and memory space with the help of precomputed tables. Probably no algorithm is immune to such an approach, but special techniques can thwart such attacks. Read more...

ARIZONA MAN INDICTED FOR SELLING COUNTERFEIT SOFTWARE ON EBAY

PHOENIX- A federal grand jury returned a 7-count indictment on Wednesday, January 13, 2009, against Kurt Kunselman, 44, of Waddell, Ariz., for violations of wire fraud, criminal copyright infringement and destruction of records with intent to obstruct a federal investigation. Kunselman was issued a summons and is set to appear before U.S. Magistrate Judge Lawrence O. Anderson at 10:45 a.m. on January 28, 2009. Read more...

Friday, January 16, 2009

Preemptive Blocklist and More Downadup Numbers

Updated Downadup from F-Secure.

The number of Downadup infections are skyrocketing based on our calculations. From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That's just amazing. Read more...

Wednesday, January 14, 2009

RealVNC 4.1.2 'vncviewer.exe' RFB Protocol Remote Code Execution Vulnerability

RealVNC Viewer is prone to a remote code-execution vulnerability because it fails to adequately handle certain encoding types.

An attacker can exploit this issue to execute arbitrary code in the context of the vulnerable process. Failed exploit attempts are likely to result in denial-of-service conditions.

This issue may be related to the vulnerability discussed in BID 30499 (RealVNC 4.1.2 'vncviewer.exe' Remote Denial of Service Vulnerability).

RealVNC 4.1.2 is vulnerable; earlier versions may also be affected.

Read more...

Tuesday, January 13, 2009

Serious security vulnerability in Safari web browser reported

An open source software engineer with a history of uncovering flaws in Mac OS X, claims to have uncovered a security vulnerability in Apple’s web browser Safari, affecting both Windows and Apple Mac users. Read more...

Monday, January 12, 2009

Mysterious credit card charge may have hit millions of users

Several Internet complaint boards are filled with comments from credit card customers from coast to coast who have noticed a mysterious charge for about 25 cents on their statements. Read more...

CheckFree warns 5 million customers after hack

January 6, 2009 (IDG News Service) CheckFree Corp. and some of the banks that use its electronic bill payment service are notifying more than 5 million customers that criminals took control of several of the company's Internet domains and redirected customer traffic to a malicious Web site hosted in the Ukraine. Read more...

Friday, January 9, 2009

F-Secure Warns about a new Worm

Downadup uses several different methods to spread. These include using the recently patched vulnerability in Windows Server Service, guessing network passwords and infecting USB sticks. As an end result, once the malware gains access to the inside of a corporate network, it can be unusually hard to eradicate fully.

Typical problems generated by the worm include locking network users out of their accounts. This happens because the worm tries to guess (or brute-force) network passwords, tripping the automatic lock-out of a user who has too many password failures.



more technical details

Thursday, January 8, 2009

Friendster Users Beware!!!

A lot of Friendster users have been complaining about receiving lots of invitations to view a fake video from their contacts (who presumably would not usually send malicious content to their friends). Read more....

Hack the Box Blue

https://arcy24.medium.com/hack-the-box-blue-f5ae5b602a5c