Security Hero Rotating Header Image

May, 2009:

Obama gives fresh impetus to cybercrime battle

Obama gives fresh impetus to cybercrime battle

Barack Obama, US president, yesterday lifted cybersecurity high up his administration’s agenda as he promised to name a White House co-ordinator to oversee policy and responses to threats to government and private communications networks.

Mr Obama cited an industry report that put losses from cybercrime – including industrial espionage and identity theft – at $1,000bn (€706bn, £617bn). He de-clared that the increased dependence on electronic banking and commerce made improved security a matter of economic necessity as well as a key plank of national defence.

“Our defence and military networks are under constant attack,” he said. “Al-Qaeda and other terrorist groups have spoken of their desire to unleash a cyberattack on our country – attacks that are harder to detect and harder to defend against.” Releasing a review of federal policy on cybersecurity, Mr Obama said the government had been hamstrung so far by its complexity and conflicts among agencies.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31515

Whitepaper

Re: Whitepaper

Posted by Jeffrey Walton on May 29

Hi Jared,

Regarding ‘The Digital Examination Process: Closing Gaps with New
Technology’,et al. From the page: "This paper introduces new
technology called Crucial Vision that addresses this widespread need."

It seems to me that if Crucial Security wants to reach the widest
audience…

URL: http://seclists.org/fulldisclosure/2009/May/0273.html

Formal audit background for the penetration tester?

Re: Formal audit background for the penetration tester?

Posted by natron on May 29

On Fri, May 29, 2009 at 10:18 AM, <lister_at_lihim.org> wrote:
> As I am not familiar with the CISA certification or the audit field of work, I’m not sure
> if this would be a step backward or beneficial to a penetration tester or
> someone with purely technical skills in…

URL: http://seclists.org/pen-test/2009/May/0070.html

[InterN0T] Achievo 1.3.4 – XSS Vulnerability

Bugtraq: Re: [InterN0T] Achievo 1.3.4 – XSS Vulnerability

Re: [InterN0T] Achievo 1.3.4 – XSS Vulnerability

URL: http://www.securityfocus.com/archive/1/503920

Mass Injection Compromises More than Twenty-Thousand Web Sites

Malicious Web Site / Malicious Code: Mass Injection Compromises More than Twenty-Thousand Web Sites

Websense Security Labs™ Threatseeker™ Network has detected that a large compromise of legitimate Web sites is currently taking place around the globe. Thousands of legitimate Web sites have been discovered to be injected with malicious Javascript, obfuscated code that leads to an active exploit site. The active exploit site uses a name similar to the legitimate Google Analytics domain (google-analytics.com), which provides statistical services to Web sites.

This mass injection attack does not seem related to Gumblar. The location of the injection, as well as the decoded code itself, seem to indicate a new, unrelated, mass injection campaign.

Screeenshot of injected code in an injected site:

 

The exploit site is laden with various attacks. After successful exploitation, a malicious file is run on the exploited computer. The executed malware file has a very low AV detection rate.

Websense® Messaging and Websense Web Security customers are protected against this attack.

URL: http://securitylabs.websense.com/content/Alerts/3405.aspx

SonicWALL SSL-VPN Appliance Format String Vulnerability

SonicWALL SSL-VPN Appliance Format String Vulnerability

<!– Envelope-to: email@address Delivery-date: Fri, 29 May 2009 19:43:06 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1MA72n-0005qs-Te for email@address; Fri, 29 May 2009 19:43:06 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id B755D14408F; Fri, 29 May 2009 11:35:15 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 23829 invoked from network); 29 May 2009 05:14:40 -0000 MIME-Version: 1.0 Message-ID: <df4671b50905282214s713db594n18bc480fc46ac1cb@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-IMAPbase: 1176125385 9237 Status: O X-UID: 9237 Content-Length: 3083 X-Keywords:

SonicWALL SSL-VPN Appliance Format String Vulnerability

Bugtraq: SonicWALL SSL-VPN Appliance Format String Vulnerability

SonicWALL SSL-VPN Appliance Format String Vulnerability

URL: http://www.securityfocus.com/archive/1/503913

Its summer…Do you know what your kids are doing?, (Fri, May 29th)

Its summer…Do you know what your kids are doing?, (Fri, May 29th)

School is over or about to be over for many kids. With that comes many families whose parents work and kids will be left at home to relax and enjoy their summer vacation. This means alot of free time and an internet out there just waiting to be explored. Everyone is aware of the need to keep your kids safe while on the internet. But in some cases, there is a need to keep the internet and others safe from your kids. Let me explain that last comment. Kids with too much time on their hands get into trouble. You hear about it all the time on the news with kids getting into trouble with things such as vandalism, stealing,etc. What about kids getting into trouble on the internet?
Do a google search on the phrase teenage hacker and see what comes up. Kids are curious and learn fast. The internet can become a playground for them to explore and test out cool new programs and tools they find on the internet or write themselves. Chat rooms are available where kids can learn many things from others and want to try them for themselves. They can also get pulled into the wrong crowd on the internet and get in way over their heads fast. They may not even see anything wrong with it, its just computers after all.
Most of the filtering technology today focuses on web traffic. What are your kids looking at on the web. That is a good thing, but there are many other ports and protocols available and nothing watching them. Would you know if your child was running a botnet? Stealing credit card numbers? Hacking into websites? Its not a game and there are real consequences to it, even sometimes when the intent may have been to do good.Here are some recent examples:
Nineteen-year-old Dmitriy Guzner from New Jersey was part of an underground hacking group named ‘Anonymous’ that targeted the church with several attacks. He could face ten years in prison on computer hacking charges and is due to be sentenced on August 24. http://www.securecomputing.net.au/News/144850,teenage-hacker-pleads-guilty-to-church-of-scientology-cyber-attacks.aspx

Twitter has announced a review into four worm attacks on the site as a teenage hacker admits he could be jailed for his role in the stunt. http://news.sky.com/skynews/Home/Technology/Twitter-Worm-Attack-Biz-Stone-Announces-Review-As-Teenage-Hacker-Michael-Mooney-Speaks-Out/Article/200904215261579
A teenage hacker whose campaign to expose holes in Internet security sparked an FBI investigation was being sentenced in court today. http://www.independent.co.uk/news/business/news/teenage-hacker-to-be-sentenced-for-internet-crusade-676871.html

As parents, we need to also talk to our kids about the other dangers that are on the internet. Dangers such as hacking, virus making, botnet creation, stealing, etc. You may think your child is doing nothing but sitting on a computer playing. But keep in mind that computer on the internet is a portal to a whole nother world.

URL: http://isc.sans.org/diary.php?storyid=6490&rss

Nonprofit releases security configuration standards for iPhone

Nonprofit releases security configuration standards for iPhone

Organizations issuing iPhones to their employers can now apply security configuration best practices, which were introduced this week by the Center for Internet Security.


URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/_97AOURFipo/

Nonprofit releases security configuration standards for iPhone

Nonprofit releases security configuration standards for iPhone

Organizations issuing iPhones to their employers can now apply security best practices, which were introduced this week by the Center for Internet Security.


URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/_97AOURFipo/

VMware fixes security bugs

VMware fixes security bugs

VMware has released fixes for multiple vulnerabilities in several of its products, including VMware Workstation, Player, ACE, Server, Fusion, ESX and ESXi. One of the vulnerabilities was caused by an error in the VMware Descheduled Time Accounting driver, which could open a way for hackers to launch a denial-of-service attack in Windows-based virtual machines. Another vulnerability identified by VMware could have enabled an attacker to execute arbitrary code. X CAM


URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/ExodS3v11PI/

increased Backdoor.Coreflood infections

increased Backdoor.Coreflood infections

Posted by auto319326_at_hushmail.com on May 29

Is anyone else seeing an increasing in Backdoor.Coreflood
infections on their network? I have not yet been able to pinpoint
the infection vector. Has anyone seen coreflood being dropped by a
specific set of web pages?

Cheers,
Tim

URL: http://seclists.org/incidents/2009/May/0001.html

President Obama address nation on cyber security

President Obama address nation on cyber security

Within the past hour, President Obama addressed the nation from the White House to emphasize the importance of cyber security, to announce the release of the administration’s report of its 60-day cyberspace policy review, and to announce the creation of a new White House position, the Coordinator of National Cyber Security.

This represents an enormous step forward in national awareness of the role cyber security in general and malware in particular play in our economy and our physical security. Having the "leader of the free world" describe the threat of botnets and spyware on national television will expand press and citizen interest in this issue.

As important as the threats, though, are the freedoms that the President discussed. He emphasized the importance of preserving both personal privacy and net neutrality while securing our infrastructure. He also pointed out that this will require a collaborative effort amongst individuals, schools, corporations, and governments from the local level through the national level, not just in the U.S., but internationally, as well.

The attention is an important start, but of course execution is the key. Melissa Hathaway, Cybersecurity Chief at the National Security Council, posted some information about the policy review she led, as well as links to the report (PDF) and to the papers that informed the report. Based on a preview of the report that Melissa Hathaway delivered at the Kennedy School last night, I expect the administration is moving in the right direction. I look forward to reading the report, and I encourage others to do so, as well. Meanwhile, it’s up to all of us to work together to build a safer Internet. StopBadware looks forward to playing a role in bringing together the people, the organizations, and the data that make this possible.

URL: http://blog.stopbadware.org/2009/05/29/president-obama-address-nation-on-cyber-security

VMWare Patches Released, (Fri, May 29th)

VMWare Patches Released, (Fri, May 29th)

Patches were released yesterday to fix a DoS vulnerability and potential arbitrary code execution. Here are the two vulnerabilities:
1. VMWare Descheduled Time Accounting driver:
The issue affects the VMWare Descheduled Time Accounting driver and can cause a denial of service in Windows based virtual machines on the vulnerable versions. This driver is an optional (non-

default) part of the VMware Tools installation. However, if the following conditions are met and their tools are not upgraded, virtual machines that are migrated from vulnerable releases are still vulnerable if the following three conditions exist:
– The virtual machine is running a Windows operating system.

– The VMware Descheduled Time Accounting driver is installed

in the virtual machine.

– The VMware Descheduled Time Accounting Service is not running

in the virtual machine

2. libpng package for the ESX 2.5.5 Service Console
The libpng package is used for creating and manipulating PNG (Portable Network Graphics) image format files. A crafted PNG file loaded by an application and linked against libpng could cause the application to crash or to allow arbitrary code execution that would run with the priveleges of the user that is using the application.
Another flaw addresses PNG images that contain unknown chunks. If an application linked against libpng

attempted to process a malformed, unknown chunk in a malicious PNG image, it could cause the application to crash.

URL: http://isc.sans.org/diary.php?storyid=6487&rss

Blackberry Server Vulnerability, (Fri, May 29th)

Blackberry Server Vulnerability, (Fri, May 29th)

For all of you running around with a Blackberry, be careful of opening .pdf files. A vulnerability announced on Tuesday allows for specially crafted .pdf files when opened on your blackberry to potentially cause memory corruption and possibly lead to arbitrary code execution on the computer that hosts the BlackBerry Attachment Service. If you have not done so, please make sure your servers are patched. The versions afftected are:

BlackBerry Enterprise Server software version 4.1 Service Pack 3 (4.1.3) through 5.0
BlackBerry Professional Software4.1 Service Pack 4 (4.1.4)

URL: http://isc.sans.org/diary.php?storyid=6484&rss