http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2009-07-04 02:01:30 - Computer Security News : Commonwealth Bank says it still cannot pinpoint the source of apresumed cyber attack blamed for preventing customers from accessingtheir online accounts, highlighting a security risk expected to becomemore common in coming yearshttp://www.secuobs.com/revue/news/116874.shtmlhttp://www.secuobs.com/revue/news/116874.shtml 2009-07-03 15:43:02 - The Dark Visitor : If you don’t read Chinayouren, you should Hell, I didn’t even know that“anonymous” netizens had planned an attack on Chinese censorsChinayouren is one of those people who is not only a fantasticlinguist but also very well attuned to the current social issues onthe Chinese net He certainly knows more about the http://www.secuobs.com/revue/news/116732.shtmlhttp://www.secuobs.com/revue/news/116732.shtml 2009-07-03 12:41:58 - Rootsecure.net : The Register: Boomerang attack against AES better than blind chance"Instead of such a brute force approach, the researchers have deriveda technique based on finding local collisions in block ciphers andenhanced with the boomerang switching techniques"http://www.secuobs.com/revue/news/116701.shtmlhttp://www.secuobs.com/revue/news/116701.shtml 2009-07-03 11:21:18 - Security Bloggers Network : Several security vendors are issuing reports about MichaelJackson-related Malware, either in the form of a mass-mailing Worm orsearch-related domains that offer images The aim is to use the shockof the pop star's death to lure victims into downloading images,videos, music, and news articles with the latest information OnMonday, F-Secure discovered several domains spreading Malware relatedto the singer’s recent deathhttp://www.secuobs.com/revue/news/116672.shtmlhttp://www.secuobs.com/revue/news/116672.shtml 2009-07-03 03:15:32 - Hack In The Box : Cryptographic researchers have uncovered a chink in the armour of thewidely used AES algorithm The attacks pose no immediate threat to thesecurity of AES, but they do illustrate a technique for extractingkeys that is better than simply trying every possible key combinationInstead of such a brute force approach, the researchers have derived atechnique based on "finding local collisions in block ciphers andenhanced with the boomerang switching techniques to gain free roundsin the middle" Collisions in cryptographic happen when two differentinputs produce the same output The approach, in this case, can beused to infer clues about the key used by the AES encryption cypherAES is an encryption standard recently adopted by the US government,and widely used commercially as a resulthttp://www.secuobs.com/revue/news/116558.shtmlhttp://www.secuobs.com/revue/news/116558.shtml 2009-07-03 02:06:06 - TorrentFreak : With millions of pageviews every day TorrentReactornet is ranked inthe top 5 of all torrent sites in terms of traffic which makes it alucrative target for malicious attacks The site is currentlysuffering from a serious security breach resulting in a rootkit beinginstalled on the computers of some of its visitorsWith millions of pageviews every day TorrentReactornet is ranked inthe top 5 of all torrent sites in terms of traffic which makes it alucrative target for malicious attacks The site is currentlysuffering from a serious security breach resulting in a rootkit beinginstalled on the computers of some of its visitorshttp://www.secuobs.com/revue/news/116526.shtmlhttp://www.secuobs.com/revue/news/116526.shtml 2009-07-02 22:36:42 - Threatpost Feed : It's been quite a week in the world of cryptography For a field inwhich advancements are measured in the smallest of terms and majorbreakthroughs can take decades, the three big news stories involvingcryptography in the last few days comprise an epochal eventhttp://www.secuobs.com/revue/news/116478.shtmlhttp://www.secuobs.com/revue/news/116478.shtml 2009-07-02 21:48:54 - The Tech Herald Security News : Several security vendors are issuing reports about Michael Jacksonrelated Malware, either in the form of a mass-mailing Worm or searchrelated domains that offer images The aim is to use the shock of thepop star's death to lure victims into downloading images, video,music, and news articles with the latest information F-Secure, onMonday, discovered several domains that are spreading Malware relatedto the singer’s deathhttp://www.secuobs.com/revue/news/116416.shtmlhttp://www.secuobs.com/revue/news/116416.shtml 2009-07-02 21:33:41 - MX Logic Security News : Global Gaming Factory's announcement Tuesday that it plans to purchasethe file-swapping BitTorrent site The Pirate Bay for $78 million hasset off distributed denial-of-service DDOS attacks on the Swedishcompany's website, likely from disgruntled members who have cast thefounders as sell-outsThe Pirate Bay website was down for long periods of time on Tuesday,fueling speculation that hacker-members were launching attacks,according to TomshardwarecomPeter Sunde, one of the company's four founders - each of whom arefacing prison time for illegal file sharing - said on his Twitteraccount that the reason for the down time was a DDOS"Yup, DDOS Understand the people doing it as well I hope people willcalm down and understand what it means logically instead," SundeTweeted, according to TomshardwarecomSome of the Pirate Bay's 20 million users have asked to have theiraccounts canceled since the announcement of the sale"Many people have asked about having their account removed and we willnot force anyone to stay on of course," the company said on its blogTuesdayAfter acknowledging the sale, the company said on its blog thatprofits will go into a foundation to support freedom of speech,freedom of information and "openness of the nets"ADNFCR-1765-ID-19248546-ADNFCRhttp://www.secuobs.com/revue/news/116403.shtmlhttp://www.secuobs.com/revue/news/116403.shtml 2009-07-02 17:15:22 - Help Net Security News : Alex Biryukov and Dmitry Khovratovich from University of Luxembourgpublished a paper titled "Related-key Cryptanalysis of the FullAES-192 and AES-256"In this paper we present two related-key attachttp://www.secuobs.com/revue/news/116318.shtmlhttp://www.secuobs.com/revue/news/116318.shtml 2009-07-02 08:49:37 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/116198.shtmlhttp://www.secuobs.com/revue/news/116198.shtml 2009-07-02 05:57:37 - Hack In The Box : Cyber criminals work hard each day trying to spread their maliciousactivities, and there are no signs that they are going to stop On thecontrary, they are doing their best to improve their attacks andincrease the success of them This time security experts from Finjanare warning everybody against the hacked 'iirs-nrsagovin' website ofIndia's Institute of Remote Sensing Cyber criminals are using thiswebsite as a malicious code distribution channel How does the wholeattack occur And what is the hackers purpose of using it The attackinvolves the injection of a script into a website which adds an IFrameto the page The researchers from Finjan explained that "The IFramecreated by this script points to malicious content hosted on a serverin Texas armed with the LuckySploit attack toolkit"http://www.secuobs.com/revue/news/116163.shtmlhttp://www.secuobs.com/revue/news/116163.shtml 2009-07-02 05:57:37 - Hack In The Box : In its quarterly threat update, security company F-Secure warned thatmany known vulnerabilities remain unpatched, and flaws in popularAdobe software are at the top of that list Despite the availabilityof patches to fix security holes, "statistics from our Health Checkapplication show that during the month of May, one in three computersscanned were vulnerable to an Adobe Reader flaw reported in the monthof February," F-Secure said The findings mark the latest example ofhow large numbers of users and system administrators fail to properlyupdate their systems with the latest -- and most secure -- softwareIn April, a Microsoft study concluded that much of users' problemswith infected files stems from not being diligent in updating theirsoftwarehttp://www.secuobs.com/revue/news/116155.shtmlhttp://www.secuobs.com/revue/news/116155.shtml 2009-07-02 01:19:23 - Computer Security News : An anonymous reader sends news from The Washington Post's Security Fixblog of a new Trojan horse program that takes click fraud to the nextlevel http://www.secuobs.com/revue/news/116079.shtmlhttp://www.secuobs.com/revue/news/116079.shtml 2009-07-02 01:16:23 - Security Park : Traditionally, organisations' network security relies mainly on theperimeter security enforcement, while encrypted web channels haveacted as a means to bypass the security functions Stonesoft hasintroduced the new StoneGate IPS-1030 appliance with the uniquecapability of inspecting encrypted web traffic This eliminates thetraditional blind spot in network protection The new appliance pmorehttp://www.secuobs.com/revue/news/116075.shtmlhttp://www.secuobs.com/revue/news/116075.shtml 2009-07-02 00:13:13 - Schneier on Security : There's a new cryptanalytic attack on AES that is better than bruteforce: Abstract In this paper we present two related-key attacks onthe full AES For AES-256 we show the first key recovery attack thatworks for all the keys and has complexity 2119, while the recentattack by Biryukov-Khovratovich-Nikolic works for a weak key class andhas higherIMAGEhttp://www.secuobs.com/revue/news/116042.shtmlhttp://www.secuobs.com/revue/news/116042.shtml 2009-07-01 21:03:43 - eSecurity Planet Features : A security expert notes an alarming trend, and provides guidance toprotect yourself against ithttp://www.secuobs.com/revue/news/115993.shtmlhttp://www.secuobs.com/revue/news/115993.shtml 2009-07-01 20:46:34 - Threatpost Feed : From SearchSecuritycom Robert WesterveltA Juniper Networks Inc security researcher who planned to demonstratea way to hack the software of an ATM at the Black Hat Briefings in LasVegas had his presentation pulled at the request of the ATM vendorBarnaby Jack's"Jackpotting Automated Teller Machines," presentation,which was to take place on July 30, was pulled from the schedule onMonday Juniper Networks confirmed the cancellation In a statementthe vendor said it received a request to pull the presentation from anATM vendor Read the full story SearchSecuritycomhttp://www.secuobs.com/revue/news/115982.shtmlhttp://www.secuobs.com/revue/news/115982.shtml 2009-07-01 19:37:09 - MX Logic Security News : Federal authorities have charged Bruce Raisley, of Monaca, Pennsylvania,in connection with a series of distributed denial-of-service DDOSattacks on news websites hosting articles that detailed embarrassingfacts about his online relationship with a man pretending to be awomanRaisley allegedly used a botnet - a collection of compromised PCs - tolaunch the DDOS attacks to overwhelm the websites with traffic inorder to shut them downAccording to the criminal complaint filed in the New Jersey USdistrict court, Raisley targeted specific pages at websites includingrollingstonecom and radarcom that hosted one of two articles abouthis falling out with the cyber vigilante group Perverted Justice,which works to identify sexual predatorsThe article allegedly targeted by Raisley - called To Catch aPredator: The New American Witch Hunt, which originally appeared inRolling Stone - reported that Raisley had a falling out with theleaders of Perverted Justice, who sought revenge against him forcriticizing their tactics To pay him back, one man allegedlypretended to be a woman online and lured Raisley into a relationshipto embarrass himThe complaint, with signed testimony by FBI special agent Susan Secco,said one of the compromised computers used by the botnet to launch theattacks belonged to a Slovenian network security group that trackedthe malware back to Raisley's IP addressADNFCR-1765-ID-19245601-ADNFCRhttp://www.secuobs.com/revue/news/115891.shtmlhttp://www.secuobs.com/revue/news/115891.shtml 2009-07-01 09:25:57 - eWeek Security Watch : Juniper Networks has agreed to pull a talk on ATM security slated for theupcoming Black Hat and DefCon security conferencesIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/115728.shtmlhttp://www.secuobs.com/revue/news/115728.shtml 2009-07-01 06:18:39 - Hack In The Box : A Pennsylvania man has been charged with allegedly launching distributeddenial-of-service DDoS attacks against at least nine Web sites,including Rolling Stone magazine's site, which was attacked multipletimes for nearly a year Bruce Raisley, of Monaca, Pa, has beencharged with intentionally causing damage to a protected computerRaisley, who surrendered to authorities, is scheduled for a courthearing this afternoon in US District Court in Newark, NJAccording to FBI Special Agent Susan Secco's written account in acriminal complaint, Raisley allegedly launched repeated DDoS attacksagainst several Web sites for close to a year All of the sitestargeted ran one of two articles about the controversial organizationPerverted Justice, which works to identify sexual predators andpedophiles The group worked with the producers of Dateline NBC'spopular To Catch a Predator reality TV show, which aimed to catchadults in the act of contacting minors for sexual liaisonshttp://www.secuobs.com/revue/news/115692.shtmlhttp://www.secuobs.com/revue/news/115692.shtml 2009-07-01 00:58:36 - News : A Pennsylvania man has been charged with allegedly launchingdistributed denial-of-service DDoS attacks against at least nine Websites, including Rolling Stone magazine's site, which was attackedmultiple times for nearly a yearread moreIMAGEhttp://www.secuobs.com/revue/news/115519.shtmlhttp://www.secuobs.com/revue/news/115519.shtml 2009-06-30 20:55:42 - Security Bloggers Network : Security researchers are tracking a Trojan that has swiped as many as88,000 FTP credentials for organizations such as Symantec, McAfee,Amazon, Cisco and the Bank of America According to Read the restof the story herehttp://www.secuobs.com/revue/news/115423.shtmlhttp://www.secuobs.com/revue/news/115423.shtml 2009-06-30 20:35:04 - SecurityTube.Net : Dictionary Attack on a Wireless Router using Hydra Video TutorialIMAGEhttp://www.secuobs.com/revue/news/115382.shtmlhttp://www.secuobs.com/revue/news/115382.shtml 2009-06-30 19:57:09 - 1 Raindrop : Last week, I blogged about using threat models to identify and locatecountermeasures Now, I would like to add a little more detail andcontext Recall, the purpose of the threat model is to map threats tocountermeasures, but he catalyst comes through some parts of theattack surface There are several attack surface models out there, Iuse a simple one where the attack surface is the sum of the data +method + channel, that entail the wayshttp://www.secuobs.com/revue/news/115359.shtmlhttp://www.secuobs.com/revue/news/115359.shtml 2009-06-30 18:04:50 - Computer Security News : RICHMOND, Va - Some doctors are holding off prescribing painkillersafter a hacker accessed more than 355 million of Virginia's mostsensitive prescription drug records two months ago, a state officialtold a legislative panel Mondayhttp://www.secuobs.com/revue/news/115328.shtmlhttp://www.secuobs.com/revue/news/115328.shtml 2009-06-30 16:44:49 - eWeek Security Watch : Data theft is at the center of the malware torrent and will continue tobe so for the forseeable future, Trend Micro reportsIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/115297.shtmlhttp://www.secuobs.com/revue/news/115297.shtml 2009-06-30 05:34:35 - Homeland Security News : A man with two tons of explosives in his possession has been arrested inPakistan's capital Islamabad According to reports the man had plannedto blow up the Norwegian and Swedish embassies in the city Inaddition, the Hungarian, Czech and South African embassies were alsoamong the targets for the http://www.secuobs.com/revue/news/115150.shtmlhttp://www.secuobs.com/revue/news/115150.shtml 2009-06-30 05:27:41 - Hack In The Box : A website belonging to security expert Kevin Mitnick was compromisedafter hackers managed to access a domain name server maintained by thesite's webhost and redirect visitors to pages that displayedpornographic images It was the second time in the past few years thata security lapse at hostedherenet has allowed hackers to redirect thesite, Mitnick told The Register At time of writing, domain namesystem records for Mitnick Security have been restored, but some userscontinue to see the fraudulent website because many DNS caches stillhow the incorrect information "It's a general pain in the ass foreverybody around because my site was redirected and now thiswebhosting provider has to rebuild all their customer boxes," Mitnicksaid "So they're not happy with the hours of work they're going tohave to spend doing it"http://www.secuobs.com/revue/news/115138.shtmlhttp://www.secuobs.com/revue/news/115138.shtml 2009-06-30 04:23:13 - Security Bloggers Network : Late last week someone began attacks on the California company whose codewas illegally used in China’s Green Dam-Youth Escort spywareIn Maythe Chinese Ministry of Industry and Information Technology announcedthat computers sold in the country afthttp://www.secuobs.com/revue/news/115088.shtmlhttp://www.secuobs.com/revue/news/115088.shtml 2009-06-30 03:38:15 - BadwareBusters.org Most recent topics : Hi – Goggle reported our site wwwstupidcom as hosting Malware onFriday… Since then I’ve removed a bunch of files that could havepotentially been infected How do I make sure I’ve gotten rid of anypotentially infected fileshttp://www.secuobs.com/revue/news/115061.shtmlhttp://www.secuobs.com/revue/news/115061.shtml 2009-06-30 01:09:29 - Security : Modern operating systems contain a feature to give previews of contentin files without opening them So as you browse through a folder,you’ll see the layout of your office documents, thumbnails of yourpictures, and the opening screen of your videos In usability terms,this is a great feature for some—documents are easily found if theyhave distinguishing characteristics that are obvious from the frontpageUnfortunately, in order to provide this functionality, the documentsare processed by the operating system and potentially will exposeusers to security vulnerabilities At the end of May, Microsoftdisclosed a vulnerability in DirectShow, and at the beginning of JuneApple updated QuickTime for a number of security vulnerabilities Inthe wake of these releases, I’ve prepared a quick tip about an easy,complementary hardening step that can take away some automation froman attacker’s arsenalhttp://www.secuobs.com/revue/news/115057.shtmlhttp://www.secuobs.com/revue/news/115057.shtml 2009-06-29 20:58:45 - PenTestIT : Recently, we had a rootkit infect a customers Linux machine It wentun-noticed for almost 10 hours until, one of their users could not geta proper out from netstat The machine was spewing out SYN flood inthe network at a random time and we could not actually see the entriesin netstat We then remembered http://www.secuobs.com/revue/news/114966.shtmlhttp://www.secuobs.com/revue/news/114966.shtml 2009-06-29 20:51:06 - SecurityFocus News : Jackson searches resemble attack to Googlehttp://www.secuobs.com/revue/news/114964.shtmlhttp://www.secuobs.com/revue/news/114964.shtml 2009-06-29 20:07:44 - Threatpost Feed : Digital Underground podcast with Dennis Fisher - June 29, 2009In this episode, Dennis Fisher talks with Robert “Rsnake” Hansen abouthis Slowloris tool, low-bandwidth DoS attacks and the law ofunintended consequencesYou are missing some Flash content that should appear here Perhapsyour browser cannot display it, or maybe it did not initialisecorrectlyhttp://www.secuobs.com/revue/news/114948.shtmlhttp://www.secuobs.com/revue/news/114948.shtml 2009-06-29 19:30:37 - Security Bloggers Network : "A big challenge for identifying web application attacks is to detectmalicious activity that cannot easily be spotted using usingsignatures Remote file inclusion RFI is a popular technique used toattack web applications especially php applications from a remoteserver RFI attacks are extremely dangerous as they allow a clienthttp://www.secuobs.com/revue/news/114902.shtmlhttp://www.secuobs.com/revue/news/114902.shtml 2009-06-29 19:15:08 - SecurityTube.Net : A Live Twitter Phishing Attack Video TutorialIMAGEhttp://www.secuobs.com/revue/news/114875.shtmlhttp://www.secuobs.com/revue/news/114875.shtml 2009-06-29 15:06:44 - Security Database Tools Watch : Interoute's Internet Barometer shows real-time statistics on Internetattacks worldwide and provides information on the source of thoseattacks The source of attacks indicates potentially hostileorganizations and networks So, the Barometer identifies whether theperpetrator is a "known Bad Guy"; a spoofer who is trying to hide hisor her identity by using different IP addresses; or an unknownattackerThe Internet Barometer is only possible because of the integral roleInteroute plays - Security Tools / Data Mining, NetworkMonitoring, InterouteIMAGE IMAGE IMAGE IMAGE IMAGEIMAGEhttp://www.secuobs.com/revue/news/114817.shtmlhttp://www.secuobs.com/revue/news/114817.shtml 2009-06-29 15:01:57 - Help Net Security News : Learn about web-based threats, the impact to your business, and the mosteffective solution to implementhttp://www.secuobs.com/revue/news/114800.shtmlhttp://www.secuobs.com/revue/news/114800.shtml 2009-06-29 12:03:02 - Rootsecure.net : PC Authority: Google mistook MJ searches for net attack "Web giant Googlehas admitted it thought the sudden spike in searches for MichaelJackson on Thursday was a massive, coordinated internet attack"http://www.secuobs.com/revue/news/114774.shtmlhttp://www.secuobs.com/revue/news/114774.shtml 2009-06-29 07:26:14 - CGISecurity Website and Application Security News : "In Session Attacks and ASPNET - Part 1, I introduced one type of attackagainst the session called Session Fixation as well as ASPNET’ssession architecture and authentication architecture In this post,I’ll delve into a couple specific attack scenarios, cover riskreduction, and countermeasures" Read:https://blogssansorg/appsecstreetfighter/2009/06/24/session-attacks-and-aspnet-part-2/http://www.secuobs.com/revue/news/114718.shtmlhttp://www.secuobs.com/revue/news/114718.shtml 2009-06-28 14:28:25 - Steve on Security : http://www.secuobs.com/revue/news/114613.shtmlhttp://www.secuobs.com/revue/news/114613.shtml 2009-06-28 14:28:25 - Steve on Security : http://www.secuobs.com/revue/news/114602.shtmlhttp://www.secuobs.com/revue/news/114602.shtml 2009-06-28 04:20:30 - ha.ckers.org web application security lab : Because of all of the stuff that happened over the last week or soregarding Slowloris, I started thinking about other ways to use DoS toaid in existing attacks A lot of times it’s really the opposite ofwhat an attacker wants to do Typically the attacker wants to keep thesystem http://www.secuobs.com/revue/news/114489.shtmlhttp://www.secuobs.com/revue/news/114489.shtml 2009-06-27 20:24:08 - Computer Security News : Intelligence agencies led by GCHQ, the government's electronic spycentre, are to step up operations against a growing threat ofcyber-attacks, the government announcedtoday as part of an updated"national security strategy" A new cyber-security operations centrewill be attached to GCHQ in Cheltenhamhttp://www.secuobs.com/revue/news/114465.shtmlhttp://www.secuobs.com/revue/news/114465.shtml 2009-06-27 11:57:48 - Network World on Security : If you happen to see a too-good-to-be-true offer to watch the latestHarry Potter movie online for free, watch outhttp://www.secuobs.com/revue/news/114428.shtmlhttp://www.secuobs.com/revue/news/114428.shtml 2009-06-27 03:02:34 - Hack In The Box : 'Basic Input/Output System', a firmware run by a PC at the time ofboot-up, is increasingly targeted by malware attacks as modern hackershaving administrative OS rights are effectively conducting BIOSupdates or BIOS on the Internet to load customized low-level firmwareRecently, experts have shown how BIOS malware could be used to attackmultiple operating systems and infect different kinds of motherboardsAccording to them, BIOS-based malicious software can disseminate notjust on various OSs, but also by a number of hardware These attacksare hard to identify and block Earlier during March 2009 at theVancouver CanSecWest security conference, researchers Anibal Sacco andAlfredo Ortega of Core Security Technologies Inc performed a generalBIOS attack that could push malware inside various BIOS types, asreported by search security on June 18, 2009http://www.secuobs.com/revue/news/114365.shtmlhttp://www.secuobs.com/revue/news/114365.shtml 2009-06-26 22:48:10 - eWeek Security Watch : Spammers are taking advantage of reports on the deaths of celebritiesMichael Jackson and Farrah Fawcett to infect users with malwareIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/114256.shtmlhttp://www.secuobs.com/revue/news/114256.shtml 2009-06-26 22:44:45 - Security Bloggers Network : Portaledge has an event hierarchy The hierarchy from smallest tolargest consists of: Event Triggers, which cause Events, which arecorrelated in a class into Event Class Events Events and Event ClassEvents can be correlated across classes into Meta Events Today I amgoing to discuss Event Class Events Triggers and Events were coveredlast http://www.secuobs.com/revue/news/114250.shtmlhttp://www.secuobs.com/revue/news/114250.shtml 2009-06-26 22:41:36 - News : Within hours of the death of pop star Michael Jackson, spam trading onhis demise hit inboxes, a security firm said today as it warned thatmore was in the offingread moreIMAGEhttp://www.secuobs.com/revue/news/114236.shtmlhttp://www.secuobs.com/revue/news/114236.shtml 2009-06-26 19:39:26 - Network World on Security : Intelligence agents and computer experts are to step up operationsagainst a growing online threat from "criminals, terrorists andhostile states", as part of the government's updated national securitystrategyhttp://www.secuobs.com/revue/news/114186.shtmlhttp://www.secuobs.com/revue/news/114186.shtml 2009-06-26 19:31:18 - ISN InfoSec News Mailing List : InfoSec News: GCHQ steps up strategy to combat cyber-attacks, Brownannounces:http://wwwguardiancouk/politics/2009/jun/25/cyberspace-war-computer-hacking-fraudBy Richard Norton-Taylor guardiancouk 25 June 2009Intelligence agencies led by GCHQ, the government's electronic spycentre, are to step up operations against a growing threat of http://www.secuobs.com/revue/news/114179.shtmlhttp://www.secuobs.com/revue/news/114179.shtml 2009-06-26 19:03:35 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/114161.shtmlhttp://www.secuobs.com/revue/news/114161.shtml 2009-06-26 17:52:31 - CERTLEXSI Weblog : Denial of service encouragement messages have been published on variouswebsites since roughly a week ago These messages target Iraniangovernmental websites; see, for instance, this blog post that waspublished on June 21st on Twitter This call to action was relayedthrough hundreds of Twitterhttp://www.secuobs.com/revue/news/114114.shtmlhttp://www.secuobs.com/revue/news/114114.shtml 2009-06-26 17:39:29 - BadwareBusters.org Most recent topics : anybody from the group can help us to find out which code havingproblem why we are getting this waringhttp://www.secuobs.com/revue/news/114105.shtmlhttp://www.secuobs.com/revue/news/114105.shtml 2009-06-26 10:48:15 - TrendLabs Malware Blog by Trend Micro : We have recently discovered a version, of online fraud that takes theguise of a legitimate-lookng news website At first glance, thecontent of the purported news page appears real but after conductingfurther analysis, one will realize that the news page is actually aspammy site What’s supposed to be a news article is actually Post from: TrendLabs | Malware Blog - by Trend MicroGoogle Cash Club Makes Headlines in Phishing Attackhttp://www.secuobs.com/revue/news/113994.shtmlhttp://www.secuobs.com/revue/news/113994.shtml 2009-06-26 02:49:13 - Threatpost Feed : From CERT Will DormannTwo recent US-CERT Vulnerability Notes certorg describe similarissues in the Adobe Reader and Foxit Reader PDF viewing applicationsThe vulnerabilities, that both applications failed to properly handleJPEG2000 JPX data streams, were discovered as part of ourVulnerability Discovery initiative The two vulnerability notes arequite similar, except for one aspect: attack surface Read the fullblog post certorghttp://www.secuobs.com/revue/news/113892.shtmlhttp://www.secuobs.com/revue/news/113892.shtml 2009-06-26 02:47:52 - Tactical Web Application Security : Submitted by Ryan Barnett 6/22/2009There was an interesting article posted over on Inforworld's websiteentitled We've been blind to attacks on our Web sites that drives homean important use-case for web application firewalls - visibility ofweb traffic Too many people get caught up in the "Block attacks witha WAF" mentality that they forget about the insight that can be gainedinto simply having full access to the inbound request and responsedata From the article -Of course, as the security manager, I can't afford a false senseof security, so I recently took some steps to find out just whatwas going on within our Web servers' network traffic And it turnsout that many attacks have been getting through our firewallsundetected We'll never know how long this has been going onThis is a typical first reaction Most of today's network firewallshave some sort of Deep Packet Inspection capabilities however mostpeople don't use it due to performance hits The firewalls are mainlygeared towards either allowing a connection or not based on the sourcedestination IPs and Port combos instead of the actual applicationpayloads This is somewhat like when you use the telephone to callsomeone A firewall would just check to see if you are allowed to callthat phone number or not but it doesn't usually look at what you areactually saying in the conversation once you are connected The otherbig hindrance to inspecting web traffic at a network firewall is SSLYou have to be able to decrypt the layer 7 data in order to inspectitMy company's front-end Web servers, which directly receiveconnections from the Internet through our firewalls, aredefinitely a hot spot in our network The firewalls and IDS allowus to see some of what's going on, but can they really detectactive content-based attacks To find out, I installed a Webapplication firewall in my company's DMZ to tell us about activeattacks that may not be identified by our other devices I set thedevice up in monitor mode, though it can be set up to blockattacks, because my goal was just to see what was going on Iwanted to know more about what's inside the connections to thoseWeb serversThis section shows that the WAF can initially be deployed in a"Detection Only" or monitoring mode to allow for visibilityWhat I discovered is that our Web sites are being "scraped" byother companies -- our competitors Some of the information on oursites is valuable intellectual property It is provided online, ina restricted manner passwords and such, to our customers Suchrestrictions aren't very difficult to overcome for the Webcrawlers that our competitors are using, because webmastersusually don't know much about security They make a token attemptto put passwords and restrictions on sensitive files, but theyoften don't do a very good jobScraping attacks that are executed by legitimate users and aim tosiphon off large amounts of data are a serious threat to manyorganizations They types of attacks can not be identified bysignature based rules as there is no overt malicious behavior toidentify if only one individual transaction is inspected Behavioralanalysis needs to be employed to correlate multiple transactions overa specified time period to see if the there is an excessive rate beingused Anti-automation defenses here are criticalOur Web application firewall found some other problems as well Weexperience hundreds of SQL injection attack attempts every day Sofar, none has been successful, but I'm amazed at the sheer volumeI can't imagine anyone having the time to sit around trying SQLinjection attacks against random Web servers, so I have to assumethat these attacks are coming from automated scripts In any case,they are textbook examples of SQL injection, each one walkingthrough various combinations of SQL code embedded in HTML Itlooks like we've done a good job of securing our Web applicationsagainst these attacks, but it's always a little disconcerting tohear invaders pounding on the doorAs this section of the article shows, having visibility into the typesof automated attacks being launched against a web application providestwo key pieces of data -1 Understanding of the Threat component of the Risk equation -there are many academic types of debates and discussions thathappen early on in the development of software One of the morechallenging aspects to quantify is the threat Is there reallyanyone out there targeting our sites Where are they coming fromWhat attacks are they launching Without this type of confirmeddata obtained from the production network, it is difficult toaccurately do threat modeling2 Validation of secure coding practices - it will become evidentvery quickly whether or not the web application is vulnerable tothese types of injection attacks If the application does notimplement proper input validation mechanisms, then there is apossibility that the injected code will be executed and theapplication will respond abnormally By inspecting both theinbound request and the outbound response, it is possible toconfirm if/when/where input validation is falteringIMAGEhttp://www.secuobs.com/revue/news/113888.shtmlhttp://www.secuobs.com/revue/news/113888.shtml 2009-06-26 01:17:45 - BadwareBusters.org Most recent topics : pls chk my site wwwsangeethamusiccom we hav removed malwares fromthis site please review and do the needfulhttp://www.secuobs.com/revue/news/113838.shtmlhttp://www.secuobs.com/revue/news/113838.shtml 2009-06-25 23:13:34 - Rootsecure.net : BBC News: UK 'has cyber attack capability' "The UK has the ability tolaunch cyber attacks but does not use it for industrial espionage likesome other countries, minister Lord West has said"http://www.secuobs.com/revue/news/113824.shtmlhttp://www.secuobs.com/revue/news/113824.shtml 2009-06-25 22:33:36 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/113806.shtmlhttp://www.secuobs.com/revue/news/113806.shtml 2009-06-25 22:00:15 - Help Net Security News : According to Symantec's MessageLabs Intelligence, botnets wereresponsible for 90% of spam in 2008 More importantly, thesecompromised "robot" computer networks do not seem to be going awayanytime shttp://www.secuobs.com/revue/news/113765.shtmlhttp://www.secuobs.com/revue/news/113765.shtml 2009-06-25 19:00:09 - Network World on Security : Guy Kawasaki -- a Silicon Valley venture capitalist who was partiallyresponsible for marketing the Macintosh in 1984 -- has almost 140,000Twitter followers Many of those followers likely thought it wasstrange that Kawasaki was suddenly into shilling porn, when a linkpurporting to host a pornographic video of "Gossip Girl" star LeightonMeester appeared on June 23 Anyone who downloaded the videodiscovered a virus that ravaged both PCs and Macshttp://www.secuobs.com/revue/news/113731.shtmlhttp://www.secuobs.com/revue/news/113731.shtml 2009-06-25 17:46:39 - Security Bloggers Network : There is an unofficial patch for Apache"Finally, an unofficial patch has been released athttp://synfloodat/tmp/anti-slowlorisdiff - I haven't tested it butthe patch is supposed to dynamically change the TimeOut valuedepending on the load which depends on the number of Apache processesthat are currently processing HTTP requests"http://iscsansorg/diaryhtmlstoryid=6622* There is no compiled list of who is vulnerable and who not but ifyou are in the money or government business or can have the attentionof some angry and stupid people and are running Apache, sun or someother vulnerable server, you should take attention to DDOS or justdrop incomplete packets faster* more attack and discovery tools can be found here, at the father ofthis kind of attack against Apache He says that the new tool doesn'tstill use the full capacity of the attack method THis promises* do not buy any anti DDOS equipment that is not designed to cope withthis kind of attack and contact your account manager if you haveanti-DDOS equipment to ask if they protect you against this if youare running an Apache or other vulnerable server* you can think about a proxy or copy of your webserver on anotherenvironment like windows so you can swith according to thevulnerabilities and attacksIMAGE IMAGE IMAGE IMAGE IMAGE IMAGEhttp://www.secuobs.com/revue/news/113707.shtmlhttp://www.secuobs.com/revue/news/113707.shtml 2009-06-25 13:38:49 - TrendLabs Malware Blog by Trend Micro : Earlier today Rik Ferguson at the Countermeasures blog posted about a newmalware threat that came from Twitter The details are at his post butthe short version is as follows: Somehow, the Twitter account of notedventure capitalist and writer/columnist, Guy Kawasaki, was hacked intoposting a malicious tweet/update see Figure 1 It came with Post from: TrendLabs | Malware Blog - by Trend MicroAnother Sex Tape, Another Malware Attackhttp://www.secuobs.com/revue/news/113588.shtmlhttp://www.secuobs.com/revue/news/113588.shtml 2009-06-25 10:34:19 - Homeland Security News : Pakistani police today claimed to have foiled terror attacks in majorcities across the country, including on parliament here, with thearrest of 25 “significant terrorists”, including at least two would-besuicide bombers Interior minister Mr Rehman Malik said one of the twowould-be suicide bombers had plans to target the http://www.secuobs.com/revue/news/113553.shtmlhttp://www.secuobs.com/revue/news/113553.shtml 2009-06-25 09:24:16 - Security Bloggers Network : In a high profile recent hack of Twitter, the account of well-known Macevangelist Guy Kawasaki was breached Kawasaki's tweets were sendingout a link to a porn video, something the tech guru isn't knownforIt's not clear exactly how the account washttp://www.secuobs.com/revue/news/113522.shtmlhttp://www.secuobs.com/revue/news/113522.shtml 2009-06-25 06:37:18 - Security : As a quick recap, "E4X" is the name of a Javascript standard relating tostrong XML support in the language Firefox has had an implementationfor quite some time but no other major browser seems to have followedsuitMy colleages Filipe Almeida and Michal Zalewski led the way in E4Xsecurity; check out:http://codegooglecom/p/doctype/wiki/ArticleE4XSecurityHowever, the attack scenarios in that document are in my opinion notlikely to occur in many web apps It so happens that I was fiddlingaround the night before my HiTB talk which briefly covers E4X and Icame up with something more compelling Take a hypothetical web mailservice which provides an XML feed format of the inbox, which mightlook something like this:evil@hackercom{ x = 'PWNbank@bankcomSuper sensitiveNew pin: 9976' }edOne general concept of interest in the above fragment is the abilityof the attacker to echo little pieces of attacker-controlled text ontoa trusted domain Specifically, in e-mail subject text More on thisin another postWith this realization, we're all set to mount an E4X-based theftattack First, you'll want to see it in action You'll need Firefox tosee the popup alert indicating cross-domain XML theft:https://cevans-appappspotcom/static/e4xthefthtmlThe attack works by cross-domain including the XML formatted inboxinto the attacker's page via Raw XML is validJavascript in Firefox, thanks to E4X, so this parses and executes inthe attacker's context The reason the attacker is able to mount atheft is that E4X looks for curly braces in XML values and tries tointerpret the surrounded text as a Javascript expression to evaluateLooking again at our above XML, we see the following in the middle: { x = 'PWNbank@bankcomSuper sensitiveNew pin: 9976' } As you can see, the attacker's sneaky choice of subject lines hascaused an expression to be evaluated which:* Wraps a part of the XML in single quotes, forming a Javascriptstring literal* Assigns said string literal to a Javascript variable in theattacker's domain* Leaves the XML tag structure balanced, thanks to the repeatingnature of the XML treeFor the attack to work, there are constraints:* There must be no newlines in the part of the XML structure thatyou are stealing, because Javascript literals cannot spanunescaped newlines* There must be no XML prolog or DTD since these break the FirefoxE4X parser* The single quote character must be rendered into XML valuesunescaped and double quotes must be used to surround XMLattributes or visa versaThere will be real-world services matching these constraints When youfind them, drop me an e-mail or leave a commentAs always, Mozilla security responded wonderfully to this advance inE4X theft A behavioural tweak was committed and is due in Firefox35, which will break this attackIMAGEhttp://www.secuobs.com/revue/news/113492.shtmlhttp://www.secuobs.com/revue/news/113492.shtml 2009-06-25 06:37:18 - Security : Safari 4 was just released and among the various improvements is a rangeof security fixes One of these fixes is for an XXE attack against theparsing of the XSL XML Full technical details may be found here:http://scarybeastsorg/security/CESA-2009-006htmlOr for the lazy, you can skip straight to the:Demo for Safari 3 / MacOSDemo for Safari 3 / WindowsI found it interesting that Safari 3 seemed robust against XXE attacksin general -- there are a lot of places that browsers find themselvesparsing XML XmlHttpRequest, prettifying XML mime type documents, SVG,E4X, etc However, the relatively obscure area of the XSL XMLsuccumbed to an XXE attackNote: awareness of XXE attacks remains low despite the issue beingdocumented since at least 2002IMAGEhttp://www.secuobs.com/revue/news/113490.shtmlhttp://www.secuobs.com/revue/news/113490.shtml 2009-06-25 05:07:16 - eWeek Security Watch : Attackers hijacked the Twitter account of venture capitalist and ex-Appleevangelist Guy Kawasaki in a bid to lure users to a site hosting aTrojan The catch -- the malware affects both Windows PCs and AppleMac computersIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/113444.shtmlhttp://www.secuobs.com/revue/news/113444.shtml 2009-06-25 01:49:42 - Computer Security News : One of the potentially most dangerous emerging security threats to theInternet isn't even showing up on antivirus radarhttp://www.secuobs.com/revue/news/113394.shtmlhttp://www.secuobs.com/revue/news/113394.shtml 2009-06-25 00:06:05 - The Old New Thing : The people who run this site think they have a handle on the trackbackspam attack that raged for three and a half weeks All the bad IPaddresses have been blocked, and hopefully we didn't lose any babieswith the bathwaterHere are the statistics for the final wave:SiteFromToCountRate pings/hrwwwenglishsoftwareinfo6/10/2009 02:56 AM6/10/2009 02:56 AM1accountingfinancenewstodaycom6/10/2009 08:34 AM6/10/2009 08:34 AM1bloga-fotonru6/10/2009 09:20 AM6/10/2009 09:20 AM1castironbakewareinfo6/11/2009 07:20 PM6/11/2009 07:57 PM2742backyardshedinfo6/11/2009 07:59 PM6/11/2009 08:11 PM310weakbladderinfo6/12/2009 03:51 PM6/12/2009 05:48 PM3819greenteafatburnerinfo6/12/2009 06:00 PM6/12/2009 08:02 PM8943besteyecreamsiteinfo6/12/2009 08:04 PM6/12/2009 09:02 PM3333jointpainreliefsinfo6/12/2009 09:07 PM6/12/2009 10:12 PM2825insomniacuresiteinfo6/12/2009 10:19 PM6/13/2009 12:00 AM9254insomniacuresiteinfo6/13/2009 12:49 AM6/13/2009 12:56 AM534menopausereliefsiteinfo6/13/2009 12:58 AM6/13/2009 01:33 AM1524cellulitecreamsiteinfo6/13/2009 01:43 AM6/13/2009 03:38 AM15982toenailfungusiteinfo6/13/2009 03:39 AM6/13/2009 05:09 AM10972hairgrowthproductsinfo6/13/2009 05:11 AM6/13/2009 06:00 AM6173quickdietsiteinfo6/13/2009 06:02 AM6/13/2009 07:24 AM11483outdoordecorationinfo6/13/2009 02:26 PM6/13/2009 03:23 PM4142onlyoutdoorrugsinfo6/13/2009 04:20 PM6/13/2009 04:46 PM2146ebeanbagchairinfo6/13/2009 05:33 PM6/13/2009 05:48 PM1036homelightingconceptinfo6/13/2009 06:42 PM6/13/2009 07:02 PM3293firepitideainfo6/13/2009 08:08 PM6/13/2009 08:27 PM35107wheelbarrowstyleinfo6/13/2009 09:19 PM6/13/2009 09:25 PM13120barstoolsiteinfo6/13/2009 10:25 PM6/13/2009 10:48 PM2563gardendecordesigninfo6/13/2009 11:46 PM6/14/2009 12:02 AM2383fancyporchswinginfo6/14/2009 01:17 AM6/14/2009 01:27 AM1690thestoragebenchinfo6/14/2009 02:52 AM6/14/2009 03:21 AM3162wwwbaby-parentingcouk6/14/2009 03:22 AM6/14/2009 03:22 AM1thestoragebenchinfo6/14/2009 03:23 AM6/14/2009 03:29 AM870gardenstatuesgaloreinfo6/14/2009 04:30 AM6/14/2009 04:54 AM2150adirondackchairshubinfo6/14/2009 06:06 AM6/14/2009 06:40 AM4069cutebirdbathsinfo6/14/2009 07:46 AM6/14/2009 08:10 AM2253patiocushionsourceinfo6/14/2009 09:16 AM6/14/2009 09:23 AM15120patiosetsiteinfo6/14/2009 10:04 AM6/14/2009 10:04 AM2tempusfactorcom6/14/2009 05:07 PM6/14/2009 05:07 PM1edebtsettlementprograminfo6/15/2009 09:51 AM6/15/2009 10:27 AM2743mydebtconsolidatorinfo6/15/2009 12:29 PM6/15/2009 01:46 PM8162debtsolutionsnowinfo6/15/2009 04:52 PM6/15/2009 06:21 PM6946einternetmarketingtoolsinfo6/15/2009 09:04 PM6/15/2009 09:53 PM3339wwwbaby-parentingcom6/15/2009 09:53 PM6/15/2009 09:53 PM1einternetmarketingtoolsinfo6/15/2009 10:01 PM6/15/2009 10:43 PM2636unemploymentofficeresourceinfo6/16/2009 12:25 AM6/16/2009 01:20 AM5155workfromhomecareerinfo6/16/2009 04:10 AM6/16/2009 06:26 AM8939bloga-fotonru6/16/2009 09:29 AM6/16/2009 09:29 AM1fixmycrediteasilyinfo6/16/2009 06:23 PM6/16/2009 07:43 PM5641lowcostcarinsurancesinfo6/16/2009 09:15 PM6/16/2009 10:12 PM100104topalternativedatinginfo6/16/2009 11:58 PM6/17/2009 01:10 AM11595buildesignwebpagecom6/17/2009 06:07 PM6/17/2009 06:08 PM4180patiosetsiteinfo6/17/2009 07:03 PM6/17/2009 07:24 PM1026patioumbrellasourceinfo6/17/2009 08:31 PM6/17/2009 09:08 PM3454buildesignwebpagecom6/17/2009 09:12 PM6/17/2009 09:12 PM3thebasketballhoopinfo6/17/2009 11:30 PM6/18/2009 12:01 AM4381pooltoysiteinfo6/18/2009 01:31 AM6/18/2009 02:20 AM111135imagesarchiveorg6/18/2009 04:23 AM6/18/2009 04:23 AM1buildesignwebpagecom6/18/2009 02:06 PM6/18/2009 02:06 PM1outdoordecorationinfo6/18/2009 08:53 PM6/18/2009 09:43 PM4755onlyoutdoorrugsinfo6/18/2009 09:51 PM6/18/2009 10:13 PM1846ebeanbagchairinfo6/18/2009 10:13 PM6/18/2009 10:27 PM726homelightingconceptinfo6/18/2009 10:30 PM6/18/2009 10:55 PM47110firepitideainfo6/18/2009 10:55 PM6/18/2009 11:17 PM55147wheelbarrowstyleinfo6/18/2009 11:18 PM6/18/2009 11:27 PM29187barstoolsiteinfo6/18/2009 11:28 PM6/19/2009 12:00 AM86159gardendecordesigninfo6/19/2009 12:00 AM6/19/2009 12:26 AM57129fancyporchswinginfo6/19/2009 12:27 AM6/19/2009 12:43 AM32116thestoragebenchinfo6/19/2009 12:43 AM6/19/2009 01:29 AM84108gardenstatuesgaloreinfo6/19/2009 01:30 AM6/19/2009 01:56 AM3885adirondackchairshubinfo6/19/2009 01:56 AM6/19/2009 02:34 AM69107cutebirdbathsinfo6/19/2009 02:36 AM6/19/2009 03:03 AM3882patiocushionsourceinfo6/19/2009 03:04 AM6/19/2009 03:12 AM16113patiosetsiteinfo6/19/2009 03:13 AM6/19/2009 03:27 AM517patioumbrellasourceinfo6/19/2009 03:36 AM6/19/2009 04:08 AM1424thebasketballhoopinfo6/19/2009 04:15 AM6/19/2009 04:46 AM4381edebtsettlementprograminfo6/19/2009 06:28 AM6/19/2009 07:10 AM3549mydebtconsolidatorinfo6/19/2009 07:14 AM6/19/2009 09:10 AM216111debtsolutionsnowinfo6/19/2009 09:14 AM6/19/2009 11:24 AM15169wireless-mouseinfo6/20/2009 06:14 PM6/20/2009 06:14 PM1bloga-fotonru6/22/2009 08:16 AM6/22/2009 08:16 AM1IMAGEhttp://www.secuobs.com/revue/news/113341.shtmlhttp://www.secuobs.com/revue/news/113341.shtml 2009-06-24 21:12:49 - SecurityTube.Net : Attack of the Trojans Funny Video TutorialIMAGEhttp://www.secuobs.com/revue/news/113245.shtmlhttp://www.secuobs.com/revue/news/113245.shtml 2009-06-24 18:30:34 - About.com Internet Network Security : There are a couple of new spam / phishing attacks which have beensuccessful at circumventing my Junkmail filter and making it to myInbox One is titled 'Statement Request'http://www.secuobs.com/revue/news/113213.shtmlhttp://www.secuobs.com/revue/news/113213.shtml 2009-06-24 10:02:26 - Homeland Security News : Two children suffered serious burns and six others were injured aftersomeone threw a bottle containing dangerous chemicals at them whilethey played outside over the weekend in Brooklyn The incidenthappened about 8 pm on Sunday at S 8th Street in the Williamsburgsection of the borough One of the http://www.secuobs.com/revue/news/113043.shtmlhttp://www.secuobs.com/revue/news/113043.shtml 2009-06-24 08:53:05 - Security Bloggers Network : This is a continuation of multiple educational video demonstrationsrelated to Web application attacks This video is focused on CookiePoisoning The definition can be found in the Imperva ADC GlossaryAsalways, these videos are in HDhttp://www.secuobs.com/revue/news/113016.shtmlhttp://www.secuobs.com/revue/news/113016.shtml 2009-06-23 21:30:24 - Rootsecure.net : Saarland University ISetC: Acoustic Side-Channel Attacks on Printershttp://www.secuobs.com/revue/news/112854.shtmlhttp://www.secuobs.com/revue/news/112854.shtml 2009-06-23 21:02:46 - CGISecurity Website and Application Security News : "Iran's foreign ministry spokesman accused the cable network CNN of"officially" training people to "hack government and foreign ministry"websites on Monday, citing a CNNcom article that explained howhackers were launching distributed denial-of-service DDOS attacks onIranian government sites "They officially trained the people to comeand hack Iran's governmenthttp://www.secuobs.com/revue/news/112838.shtmlhttp://www.secuobs.com/revue/news/112838.shtml 2009-06-23 20:38:11 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/112816.shtmlhttp://www.secuobs.com/revue/news/112816.shtml 2009-06-23 19:35:32 - BadwareBusters.org Most recent topics : My companies joomla site was attacked by a hijacker code, examplebelow:I have located this code on indexphp, index2php, mainphp etc etc Iwas able to remove the code from the site and upload clean versionsbut am still getting the warning reported site attack page beforeentering siteWhat can I do to remove thishttp://www.secuobs.com/revue/news/112755.shtmlhttp://www.secuobs.com/revue/news/112755.shtml 2009-06-23 15:35:30 - Tenable Network Security : Nessus Web Attacks The Tenable research and development team has releaseda new set of plugins and options to dramatically improve the webapplication testing functionality of Nessus The new plugins give theend user more control over how Nessushttp://www.secuobs.com/revue/news/112661.shtmlhttp://www.secuobs.com/revue/news/112661.shtml 2009-06-23 12:56:54 - Threatpost Feed : From Websense Security LabsEarly last week, we posted an alert about a mass injection attack inthe wild we named Nine-Ball This attack compromised over 40,000legitimate Web sites in an ongoing campaign The scale of the attackwas spotted June 2, 2009, and since then the campaign has evolvedseveral times In this blog we will provide further detail andanalysis on the Nine-Ball campaign Read the full post Websensecomhttp://www.secuobs.com/revue/news/112641.shtmlhttp://www.secuobs.com/revue/news/112641.shtml 2009-06-23 12:23:40 - SANS Internet Storm Center, InfoCON green : In last couple of days we posted two diaries http://iscsansmorehttp://www.secuobs.com/revue/news/112623.shtmlhttp://www.secuobs.com/revue/news/112623.shtml 2009-06-23 11:25:48 - Beast Or Buddha : Still not convinced I haven’t missed the section that makes this article“for the laugh”: We’ve been blind to attacks on our websites fromComputerworld Checked date - current Re-read article to look for thehints of sarcasm and potential wit beyond the means of mycomprehension - nothing …I would not have picked it http://www.secuobs.com/revue/news/112607.shtmlhttp://www.secuobs.com/revue/news/112607.shtml 2009-06-23 03:32:46 - Latest articles from SC Magazine US : Never mind optimizing search result rankings, malicious attackers now aretrying to optimize their tweetsIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/112472.shtmlhttp://www.secuobs.com/revue/news/112472.shtml 2009-06-23 00:16:05 - Threatpost Feed : Mozilla's security engineers are working on new technology thatpromises to mitigate a large class of Web application vulnerabilities,especially the cross-site scripting XSS plague against modern WebbrowsersThe project, called Content Security Policy, is designed to shut downXSS attacks by providing a mechanism for sites to explicitly tell thebrowser which content is legitimate It can also help mitigateclickjacking and packet sniffing attacks Read the full storyzdnetcom Also see Mozilla's explanation of the technologymozillaorghttp://www.secuobs.com/revue/news/112433.shtmlhttp://www.secuobs.com/revue/news/112433.shtml 2009-06-22 20:51:47 - Network World on Security : Security vendor Websense has been blasted for allegedly hyping up theso-called 'Nine-Ball' mass website compromise it made public earlierthis weekhttp://www.secuobs.com/revue/news/112358.shtmlhttp://www.secuobs.com/revue/news/112358.shtml 2009-06-22 20:43:27 - FSecure Antivirus Research Weblog : Rogue Antivirus AKA scareware continues to be a pervasive threatagainst consumersByron Acohido recently posted an excellent article on the topicThe related posts on the business of scareware and rogues are alsowell worth readingThe Last Watchdog, June 10thCheck them outOn 22/06/09 At 12:29 PMhttp://www.secuobs.com/revue/news/112353.shtmlhttp://www.secuobs.com/revue/news/112353.shtml 2009-06-22 19:49:12 - Security Wire Weekly : Most security pros don’t give the system BIOS a second thought, or evena first one, but today’s BIOS types are highly susceptible tomalicious hackers Information security threats expert Sherri Davidoffexplains how attackers can plant BIOS malware and how security proscan thwart such attackshttp://www.secuobs.com/revue/news/112329.shtmlhttp://www.secuobs.com/revue/news/112329.shtml 2009-06-22 19:26:03 - MX Logic Security News : Security researchers at Trend Micro reported last week that two newvariants of a Trojan malware, called RSPlug, have been infecting MacsAnother variant of the Trojan has been spotted at websites fordownloading video games, according to the Mac Security BlogTrend Micro said two versions of the Trojan appear on websites thatencourage users to download a file to play a promised pornographicvideo The file is actually a Trojan downloader that can connect toservers to download and execute malicious scripts on the user'scomputerThe Trojan modifies the settings of the computer's DNS servers andredirects users to phishing sites or sites where other malware can bedownloaded, Trend Micro reportedAnother version of the RSPlug Trojan downloader has been found atgaming websites, where it appears to be a file for downloading piratedversions of video games, the Mac Security Blog saidSome commentators have observed that only users involved in illegalfile-sharing activities are likely to get infected, the Mac SecurityBlog notedAlthough "some of the games are intended to be pirated copies oflow-priced commercial games," others are often found on websites forfree online play, the blog saidThe growing share of Macs has made them a more appealing target forcybercriminals, researchers saidADNFCR-1765-ID-19230001-ADNFCRhttp://www.secuobs.com/revue/news/112284.shtmlhttp://www.secuobs.com/revue/news/112284.shtml 2009-06-22 14:43:24 - BadwareBusters.org Most recent topics : This website makes an unbreakable loop with pop-ups claiming "VirusI-WorkTrojanb was found " and forcing user to download one“installexe”It might behave differently when given argumetns like affid=17701By locking the webbrowser gui it makes it hard to report – do nowvisit the website before you turn javascript offTried to report it with IE – it fails, says ‘try again later’Did report successfully with ChromeCould now find an easy report function in firefox, but ended up hereinsteadhttp://www.secuobs.com/revue/news/112199.shtmlhttp://www.secuobs.com/revue/news/112199.shtml 2009-06-22 12:09:55 - Threatpost Feed : Enterprise IT security staffs looking for some mitigation for thenewly released HTTP DoS tool may have a few options The analysts atthe SANS Internet Storm Center are recommending that organizationsrunning Web servers that are vulnerable to the tool's attack make somebasic configuration changes to their servers to help mitigate theeffects of the attackhttp://www.secuobs.com/revue/news/112162.shtmlhttp://www.secuobs.com/revue/news/112162.shtml 2009-06-22 04:24:13 - Hack In The Box : Internet security in Asia Pacific is expected to deteriorate with morepeople transacting online and the emergence of well-organisedweb-based attackers aiming for quick profits Symantec Corpvice-president sales and engineering for Asia-Pacific Vic Mankotiasaid the region was one of the fastest growing in terms of cyberattacks like spam and phising Spam is essentially unsolicited andunwanted e-mail that is sent to grab the attention of the userPhising, on the other hand, is the criminally fraudulent process ofattempting to acquire sensitive information from consumers such asuser names, passwords and credit card details US-based Symantec isthe leading security and storage software company in the worldMankotia said in an interview that countries like China and India hadbeen experiencing more cyber attacks of late due to their hugepopulation and rising online connectivityhttp://www.secuobs.com/revue/news/112123.shtmlhttp://www.secuobs.com/revue/news/112123.shtml 2009-06-21 08:33:11 - Computer Security News : Rogue employees and hackers were the most commonly cited sources ofdata breaches reported during the first half of 2009, according tofigures released this week by the Identity Theft Resource Center , aSan Diego based nonprofithttp://www.secuobs.com/revue/news/112008.shtmlhttp://www.secuobs.com/revue/news/112008.shtml 2009-06-21 02:24:12 - BadwareBusters.org Most recent topics : Hello,I have a small problem and am looking for a solution if any of yournice people are willing to help outMy Joomla website, wwwkatajhr is now classified as a malware site byGoogle It was attacked by hackers a few weeks ago and it was downafter that I managed to restore the site by overwriting an oldindexphp file that I had on my HDD but it is still classified byGoogle as malwaredCan anyone give me any tips about where to look for malicious codestringshttp://www.secuobs.com/revue/news/111979.shtmlhttp://www.secuobs.com/revue/news/111979.shtml 2009-06-20 00:51:00 - Slashdot Your Rights Online : David Hume writes "electronicmaji is reporting on the Daily Kos that theindividual known as ProtesterHelp also to be found on twitter wasattacked in Ohio for providing network security for Twitterers inIran, setting up private networks to provide secure proxies, callingfor media networks to remove the Iranians Twitterers information fromtheir broadcast, and providing counter-intelligence servicesincluding Basiji and Army Locations within the Twitter communityProtesterHelp was allegedly attacked by a group of men while walkingto class in Ohio The men, who appeared to ProtesterHelp to be eitherIranian or Lebanese, drove up besides him and threw rocks at him whileshouting, 'Mousavi Fraud' ProtesterHelp further reported that hispersonal information has been leaked, and is currently being spreadboth online and inside of Iran amongst the government" RelatedlyWired is also reporting that Google and Facebook have rushed outsupport for Persian This move has allowed many pro-democracy groupsto connect and translate their message to a broader audienceIMAGERead more of this story at SlashdotIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/111759.shtmlhttp://www.secuobs.com/revue/news/111759.shtml 2009-06-20 00:07:17 - MX Logic Security News : Tech-savvy Iranians have been using social networking sites such asTwitter and YouTube to transmit information about protests againstthat country's ruling regime since a disputed election on FridayBut web security researchers say Twitter is now being used to launchdistributed denial-of-service attacks on Iranian websitesRichard Stiennon, founder of a Michigan-based IT security consultancy,said Twitter has been used recently to launch DDOS attacks on URLsinside Iran, including government sites of security forcesStiennon has spotted Twitter messages with embedded links that allowusers to launch a DDOS simply clicking on the URL in the message, hetold ComputerworldcomSome commentators are cautioning that participating in thecyberattacks could end up backfiring and hurting Iranian dissidentsEvgeny Morozov, a fellow at the Open Society Institute, blogged at theneteffect website of Foreign Policy magazine that the DDOS attackscould overwhelm Iran's networks, leaving the protesters without anycommunication with the outside worldEveryone, it seems, is rushing to join the web-based support forIranian protesters Google announced that it had added Farsi to itstranslation service to help Farsi-speakers communicate to people inother languages and vice versaSpammers are also jumping on the bandwagon Researchers spottedTwitter spam that includes keywords connected to the Iranian crisis toattract more attention, PC World reportedADNFCR-1765-ID-19228604-ADNFCRhttp://www.secuobs.com/revue/news/111734.shtmlhttp://www.secuobs.com/revue/news/111734.shtml 2009-06-19 21:20:48 - TrendLabs Malware Blog by Trend Micro : The Australian Taxation Office ATO is calling the people to startthinking about lodging their 2008-2009 tax returns And with thissignificant event on the rise, spammers are using this as a bait topromote phishing mails The mail contains a letter stating that it wasfrom ATO It informs the receiver that he or she Post from: TrendLabs | Malware Blog - by Trend MicroAustralian Taxpayers Targeted by Phishing Attackhttp://www.secuobs.com/revue/news/111668.shtmlhttp://www.secuobs.com/revue/news/111668.shtml 2009-06-19 20:59:02 - SecurityTube.Net : Sidejacking Attack against a client connected via Jasager on a Fon VideoTutorialIMAGEhttp://www.secuobs.com/revue/news/111648.shtmlhttp://www.secuobs.com/revue/news/111648.shtml 2009-06-19 20:59:02 - SecurityTube.Net : DNS Cache Poisoning Attack Video TutorialIMAGEhttp://www.secuobs.com/revue/news/111647.shtmlhttp://www.secuobs.com/revue/news/111647.shtml 2009-06-19 18:53:09 - eSecurity Planet News : Security vendor Symantec warns of yet another worm attack on Twitterhttp://www.secuobs.com/revue/news/111623.shtmlhttp://www.secuobs.com/revue/news/111623.shtml 2009-06-19 10:43:31 - MalwareCity News : More than 40,000 Web sites have been hit by a mass-compromise attackdubbed Nine Ball that injects malware into pages and redirects victimsto a site that will then try to download Trojans and keylogger code,Websense said todayIMAGEhttp://www.secuobs.com/revue/news/111495.shtmlhttp://www.secuobs.com/revue/news/111495.shtml 2009-06-19 04:02:45 - News : The unrest in Iran is serving as a warning on how easy it is forindividuals and groups to use a social networking tool like Twitter tomobilize a cyber-army against a political or commercial targetanywhere in the worldread moreIMAGEhttp://www.secuobs.com/revue/news/111404.shtmlhttp://www.secuobs.com/revue/news/111404.shtml 2009-06-19 00:28:50 - The Tech Herald Security News : Websense has been monitoring a massive attack online since June 3, whichto date has compromised over 40,000 Web sites The attack redirectsusers to a site hosting Malware, ninetoraqin, earning it the nameNine-Ball However, one expert disagrees with some of the hype thisstory has earned in the press, centered on AV coverage First thefacts as presented by Websense This is a massive injection attack on40,000 legitimate sites onlinehttp://www.secuobs.com/revue/news/111354.shtmlhttp://www.secuobs.com/revue/news/111354.shtml 2009-06-18 22:14:07 - Security for the Masses : The recent hack of up to 40,000 web sites has been dubbed the Beladenattack The Unmask Parasites blog was also hit with this attack Theowner shares his experience with you on this attackRead it hereIMAGEhttp://www.secuobs.com/revue/news/111324.shtmlhttp://www.secuobs.com/revue/news/111324.shtml 2009-06-18 20:52:49 - BadwareBusters.org Most recent topics : I work too hard to keep my adult/over18 site cleanRight now they are using some strange hack/import of unwanted fileBadware domain : see screnshot and iframe attackhttp://i40tinypiccom/kej62ujpgrude hack with severe damage of indexphp on my site, and this contentis extremly hard to clean, indexphp CORRUPTI restored my site but this is WARNING for organization an websiteowners to checkI will report all attacks if this crap shows more or so…frequentlyhttp://www.secuobs.com/revue/news/111289.shtmlhttp://www.secuobs.com/revue/news/111289.shtml 2009-06-18 19:35:01 - Rootsecure.net : Silicon: Zombie attacks on sale for a fiverhttp://www.secuobs.com/revue/news/111279.shtmlhttp://www.secuobs.com/revue/news/111279.shtml 2009-06-18 19:04:57 - Threatpost Feed : From Just Ask Gemalto Dennis FisherComputer users have been conditioned over the last few years torecognize and avoid many of the more common scams and threats on theInternet: email viruses, phishing, spam, Nigerian 419 ploys andwork-at-home money-mule schemes You know that an email promisingfunny pictures of Britney Spears is probably more likely to installmalware on your machine than to brighten up your day with more ofBritney's zany anticshttp://www.secuobs.com/revue/news/111261.shtmlhttp://www.secuobs.com/revue/news/111261.shtml 2009-06-18 18:59:30 - SecurityShell : AbstractThis paper presents a technique for finding security vulnerabilitiesin Web applications SQL Injection SQLI and cross-site scriptingXSS attacks are widespread forms of attack in which the attackercrafts the input to the application to access or modify user data andexecute malicious code In the most serious attacks calledsecond-order, or persistent, XSS, an attacker can corrupt a databaseso as to cause subsequent users to execute malicious codepresents an automatic technique for creating inputs that expose SQLIand XSS vulnerabilities The technique generates sample inputs,symbolically tracks taints through execution including throughdatabase accesses, and mutates the inputs to produce concreteexploits Ours is the first analysis of which we are aware thatprecisely addresses second-order XSS attacksOur technique creates real attack vectors, has few false positives,incurs no runtime overhead for the deployed application, works withoutrequiring modification of application code, and handles dynamicprogramming-language constructs We implemented the technique for PHP,in a tool Ardilla We evaluated Ardilla on five PHP applications andfound 68 previously unknown vulnerabilities 23 SQLI, 33 first-orderXSS, and 12 second-order XSSDownload: PDFIMAGEhttp://www.secuobs.com/revue/news/111259.shtmlhttp://www.secuobs.com/revue/news/111259.shtml 2009-06-18 16:01:42 - DarkReading All Stories : Experts warn that distributed denial-of-service DDoS attacks couldbackfirehttp://www.secuobs.com/revue/news/111197.shtmlhttp://www.secuobs.com/revue/news/111197.shtml 2009-06-18 15:49:55 - Threatpost Feed : From The Baltimore Sun Gus G SentementesThe Web site for the Johns Hopkins University's Applied PhysicsLaboratory, which works closely with the military and NASA on researchprojects, was hit with a cyber attack that officials discovered Sundayand which led them to take down the site until they analyze theircomputer systems, a spokesman confirmed Tuesday Read the full reportBaltimoresuncomhttp://www.secuobs.com/revue/news/111192.shtmlhttp://www.secuobs.com/revue/news/111192.shtml 2009-06-18 15:09:53 - Security Bloggers Network : As our second release of Portaledge Event Modules is forthcoming, I amcontinuing with a series of posts on Portaledge fundamentals My goalis to provide an overview of how Portaledge functions, and it role asa Security Event Manager for control systems Portaledge relies on avariety of data sources to monitor a system and http://www.secuobs.com/revue/news/111180.shtmlhttp://www.secuobs.com/revue/news/111180.shtml 2009-06-18 05:47:03 - Hack In The Box : This comment by Philip Reitinger, director of the National CybersecurityCenter at the Department of Homeland Security, is interestingconsidering what's going on in Iran as the opposition uses digitalwarfare tactics to bring down government and pro-government Web sitesafter what many see as a fraudulent election on Friday Quoted byAgence France Presse yesterday on the threat malware poses to bothgovernment and personal sensitive material, Reitinger spoke about anemergent market for on-demand, pay-as-you-go denial of service attacksDOS "There is certainly a market economy for botnets, where peoplewill buy and sell botted computers, so you could go online and say'I'd like to launch a denial of service attack against XYZ,' and youcould pay money and have that denial of service attack launched"http://www.secuobs.com/revue/news/111090.shtmlhttp://www.secuobs.com/revue/news/111090.shtml 2009-06-18 05:47:03 - Hack In The Box : A new injection attack that redirects users' Web search queries is in thewild, and researchers at Websense believe it may have already affectedmore than 40,000 sites In a blog posted yesterday, Websenseresearchers indicated that more than 40,000 legitimate sites have beencompromised with "obfuscated code that leads to a multilevelredirection attack, ending in a series of drive-by exploits which, ifsuccessful, install a Trojan downloader on the user's machine" Whenusers visit one of the infected sites, they are redirected through aseries of different sites owned by the attacker and brought to thefinal landing page containing the exploit code, the researchers sayThe final landing page records the visitor's IP addresshttp://www.secuobs.com/revue/news/111088.shtmlhttp://www.secuobs.com/revue/news/111088.shtml 2009-06-18 01:16:43 - 4sysops : Free Microsoft Press e-Book: Microsoft Office Communications Server 2007R2 Resource Kit Microsoft To Allow Windows 7-To-XP Downgrades UntilApril 2011 ‘Nine Ball’ attack hits 40,000 websites Citrix XenServer55, Essentials 55 ship Wireshark 120 released What’s new in theWindows 7 Firewall Hands on with the Windows 7 Touch Pack Copyright ©2006-2009, http://www.secuobs.com/revue/news/110966.shtmlhttp://www.secuobs.com/revue/news/110966.shtml 2009-06-18 01:01:39 - Latest articles from SC Magazine US : A new threat dubbed "Nine-Ball" has compromised up to 40,000 legitimatewebsites that are now infecting users with an information-stealingtrojan, according to security vendor WebsenseIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/110963.shtmlhttp://www.secuobs.com/revue/news/110963.shtml 2009-06-17 23:06:32 - CGISecurity Website and Application Security News : Sans has published part 1 of an article discussing Session Fixationattacks against NET applications "I’ve spent some time recentlylooking for updated information regarding session attacks as theyapply to ASPNET and am still not completely satisfied with howMicrosoft has decided to implement session management in ASPNET 20+haven’thttp://www.secuobs.com/revue/news/110945.shtmlhttp://www.secuobs.com/revue/news/110945.shtml 2009-06-17 22:04:31 - Latest articles from SC Magazine US : The number of breaches caused by insider malfeasance or hacker attacks iscreeping upward, according to the nonprofit Identity Theft ResourceCenter The organization said Tuesday that 185 percent of 250breaches reported to the center so far this year were related toinsider theft, compared to 15 percent last year and six percent in2007 Similarly, the number of incidents caused by hackers rose to 18percent this year, compared to 12 percent in 2008 and 14 percent in2007 Combined, the two categories represent a 10 percent hike overlast year - DKIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/110898.shtmlhttp://www.secuobs.com/revue/news/110898.shtml 2009-06-17 19:39:37 - Security for the Masses : The Daily NK is reporting the level of attacks has risen 20% over 2008According to a recent conference by the South Korean DSC, the attacksare of the following type:"Methods of attack on an average day include: ▲ 81,700 incidents ofvirus propagation; ▲ 10,450 attempted hacks; ▲ 1,900 alterations tointernet homepages; and ▲ 950 incidents of denial-of-service DoSattacks, which cause websites to crash"Read more hereIMAGEhttp://www.secuobs.com/revue/news/110841.shtmlhttp://www.secuobs.com/revue/news/110841.shtml 2009-06-17 15:55:58 - eWeek Security Watch : Researchers have unearthed two new Apple OS X Trojan attacks as malwareschemers continue to rachet up their focus on the company'sincreasingly popular productsIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/110736.shtmlhttp://www.secuobs.com/revue/news/110736.shtml 2009-06-17 15:55:46 - TrendLabs Malware Blog by Trend Micro : The violent protests by activists unhappy with the results of therecently concluded Iran presidential elections are being paralleled byDDoS attacks organized by hacktivists to bring down Iran governmentwebsites Although it hasn’t been confirmed if the DDoS attacks wereindeed successful, several Iranian government websites have beenreported inaccessible Noah Shachtman from Wired expressed Post from: TrendLabs | Malware Blog - by Trend MicroIran: Street Protests Paralleled by DDoS Attackshttp://www.secuobs.com/revue/news/110735.shtmlhttp://www.secuobs.com/revue/news/110735.shtml 2009-06-17 13:36:02 - Computer Security News : Officials at Johns Hopkins University's Applied Physics Laboratoryhave taken down their Web site to analyze their computer systems aftera cyber attackhttp://www.secuobs.com/revue/news/110660.shtmlhttp://www.secuobs.com/revue/news/110660.shtml 2009-06-17 13:01:38 - Security for the Masses : Chinese government websites are constantly being attacked according toexperts there Up to 60K attacks are attempted each year Also,according to the article, compromised computers are being sold orrented, similiar to my previous post on GoldenCashWorld The articlequotes an un-named hacker:"A Shenzhen-based hacker, who declined to be named, said hackedcomputers costing as much as hundreds of yuan are so popular they areoften sold or rented in groups"Even so, the prices in China are still seven to eight times lowerthan in the United States," said the hacker, who also added thepractice is widely known throughout the information technologyindustry, with licensed companies also taking a piece from the pie"Read more at ChinaViewIMAGEhttp://www.secuobs.com/revue/news/110635.shtmlhttp://www.secuobs.com/revue/news/110635.shtml 2009-06-17 07:50:55 - SecurityTube.Net : Backtrack Series 10 MITM Attack With Rogue AP Using AirolibNG andEttercapNG Video TutorialIMAGEhttp://www.secuobs.com/revue/news/110589.shtmlhttp://www.secuobs.com/revue/news/110589.shtml 2009-06-17 07:09:46 - BadwareBusters.org Most recent topics : Great site, lots of wonderful help Was hacked June 3, what an eyeopener Changed FTP passwords et made much stronger Replaced infectedfiles with clean copies Reviewed FTP logs Checked all files foriframe reference and items listed in various help areas Have a simplesite w/out Java or Flash In queue for check at stopbadwarecomChecked all links UnmaskParasites shows one link as suspisious,napsaonline com but now shows clean Could this be what is keeping mefrom getting a clean rating Google has re-crawled my site, shows noinfection, but still not cleared yet I’ve read this is because thescans after an infection are to a higher standard After 20+ hrsreading and looking for the problem, could use some help O yeastreetsweeper comhttp://www.secuobs.com/revue/news/110581.shtmlhttp://www.secuobs.com/revue/news/110581.shtml 2009-06-17 04:48:20 - Hack In The Box : South Korea's military computer networks are under ever-growing cyberattack with 95,000 cases reported daily on average, officials saidThe Defence Security Command said in a report to a security forum thatevery day the military counters an average of 10,450 hacking attemptsand 81,700 computer virus infections in addition to other cases Theattacks increased 20 percent this year compared to 2008, it said Aspokesman for the command told AFP most of the attacks are the same asordinary people experience at home, but one-tenth are serioushttp://www.secuobs.com/revue/news/110566.shtmlhttp://www.secuobs.com/revue/news/110566.shtml 2009-06-17 03:28:10 - News : More than 40,000 Web sites have been hit by a mass-compromise attackdubbed Nine Ball that injects malware into pages and redirects victimsto a site that will then try to download Trojans and keylogger code,Websense said todayread moreIMAGEhttp://www.secuobs.com/revue/news/110500.shtmlhttp://www.secuobs.com/revue/news/110500.shtml 2009-06-17 03:20:33 - TorrentFreak : With millions of page views every month PizzaTorrent was one of theInternet’s larger torrent meta-search engines Unfortunately for thesite’s owner, being in the spotlight also had its downsides Afterongoing DDoS attacks on the site the founder decided to pull the plugand shut the site down for goodWith millions of page views every month PizzaTorrent was one of theInternet's larger torrent meta-search engines Unfortunately for thesite's owner, being in the spotlight also had its downsides Afterongoing DDoS attacks on the site the founder decided to pull the plugand shut the site down for goodhttp://www.secuobs.com/revue/news/110495.shtmlhttp://www.secuobs.com/revue/news/110495.shtml 2009-06-16 23:21:29 - News : Microsoft offers up security advice on how to fend off attacks againstcorporate IT resources by looking at ways that attackers can underminean organization in its “IT Infrastructure Threat Modeling Guide”published todayread moreIMAGEhttp://www.secuobs.com/revue/news/110431.shtmlhttp://www.secuobs.com/revue/news/110431.shtml 2009-06-16 23:15:41 - The Tech Herald Security News : On Monday, Cligs, the 4th largest URL shortening service used on Twitter,fell victim to an attack on its editing functions, resulting in 22million shortened URLs pointing to an Orange County Register articleThe article’s author, Kevin Sablan, noticed the issue after he saw ahuge jump in incoming links and hits to his story As of this morning,Cligs has corrected the issue and restoring all of the edited URL’sfrom an existing backup Cligs http://clihttp://www.secuobs.com/revue/news/110415.shtmlhttp://www.secuobs.com/revue/news/110415.shtml 2009-06-16 20:42:11 - Rootsecure.net : eWeek: Hacker Hits URL Shortening Service Cligs "The attack redirected22 million of the miniature URLs to a single URL"http://www.secuobs.com/revue/news/110393.shtmlhttp://www.secuobs.com/revue/news/110393.shtml 2009-06-16 19:55:09 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/110353.shtmlhttp://www.secuobs.com/revue/news/110353.shtml 2009-06-16 19:37:04 - Wired Danger Room : More and more of Iran’s pro-government websites are under assault, asopposition forces launch web attacks on the Tehran regime’s onlinepropaganda arms What started out as an attempt to overload a smallset of official sites has now expanded, network security consultantDancho Danchev notes News outlets like Raja News are being attacked,too The http://www.secuobs.com/revue/news/110340.shtmlhttp://www.secuobs.com/revue/news/110340.shtml 2009-06-16 04:18:17 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/110085.shtmlhttp://www.secuobs.com/revue/news/110085.shtml 2009-06-16 03:44:53 - News : An apparently ad-hoc cyber protest against the results of recentIranian elections has knocked key Web sites off-lineread moreIMAGEhttp://www.secuobs.com/revue/news/110038.shtmlhttp://www.secuobs.com/revue/news/110038.shtml 2009-06-15 20:22:33 - Wired Danger Room : While demonstrators gather in the streets to contest Iran’s riggedelection, online backers of the so-called “Green Revolution” arelooking to strike back at the Tehran regime — by attacking thegovernment’s websites Pro-democracy activists on the web are askingsupporters to use relatively simple hacking tools to flood theregime’s propaganda sites with junk traffic http://www.secuobs.com/revue/news/109871.shtmlhttp://www.secuobs.com/revue/news/109871.shtml 2009-06-15 20:21:03 - Zero Day : Approximately 24 hours ago, the Iranian oposition coordinated an ongoingcyber attack that has successfully managed to disrupt access to majorpro-Ahmadinejad Iranian web sites, including the President’s homepagewhich continues returning a “The maximum number of user reached,Server is too busy, please try again later…” message Through acombination of DIY do it yourself IMAGEhttp://www.secuobs.com/revue/news/109867.shtmlhttp://www.secuobs.com/revue/news/109867.shtml 2009-06-15 17:07:23 - Threatpost Feed : By Alex Rothacker, Team SHATTERIt seems as though the latest rash of threats and attacks all have afamiliar ring to them: they’re all aimed at social networking siteslike Twitter and Facebook, which is interesting, because smartattackers will use whatever means possible to get to the stuff thatreally counts – enterprise datahttp://www.secuobs.com/revue/news/109810.shtmlhttp://www.secuobs.com/revue/news/109810.shtml 2009-06-15 09:55:38 - Amrit Williams Blog : Consolidation is the major benefit or “killer app” for server/datacenter virtualization Standardization is the major benefit or “killerapp” for client-side virtualization As I was pondering the challengesof current systems management processes, researching the latest andgreatest from the client-side virtualization vendors, and talking to alot of large organizations I was trying to http://www.secuobs.com/revue/news/109698.shtmlhttp://www.secuobs.com/revue/news/109698.shtml 2009-06-15 09:02:19 - BadwareBusters.org Most recent topics : I Arman from indonesia, I have problem in my web, that is the addressand http://loan-lendersorg http://babygiftsname, both considereddangerous web How can I make it disappear thankshttp://www.secuobs.com/revue/news/109692.shtmlhttp://www.secuobs.com/revue/news/109692.shtml 2009-06-15 07:32:24 - Computer Security News : Hackers launched an unprecedented attack on Israel's Internetinfrastructure during the January military offensive in the GazaStrip, and briefly paralyzed government sites, government officialssaid last weekhttp://www.secuobs.com/revue/news/109691.shtmlhttp://www.secuobs.com/revue/news/109691.shtml 2009-06-13 03:37:38 - Security for the Masses : Nice read on asynchronous programming and internet scaleattacksexplains why the new tool NKiller2 is so effectiveErrata SecurityIMAGEhttp://www.secuobs.com/revue/news/109269.shtmlhttp://www.secuobs.com/revue/news/109269.shtml 2009-06-13 00:15:44 - milw0rm.com : http://www.secuobs.com/revue/news/109232.shtmlhttp://www.secuobs.com/revue/news/109232.shtml 2009-06-12 22:38:59 - terminal23 : Kinda like malware fears on a Mac, most people use what they want to useand turn an ignorant eye to any issues that may be present Me I'mparanoid I'm wary about things like LogMeIn, and this post fromSecureThoughtscom illustrates why this is a healthy dispositionAs one of the commentors states, LogMeIn is used by more than justhome users, but also by technical support teams and maybe even byusers in your office to get home or vice versa Remote management in acontrolled manner is one thing, remote management using a browser andthe web just because it's easy is entirely anotherhttp://www.secuobs.com/revue/news/109203.shtmlhttp://www.secuobs.com/revue/news/109203.shtml 2009-06-12 21:59:09 - Security Bloggers Network : The sci-fi masterpiece Ender's Game details the formative years of thestory's hero - Ender Wiggin Upon entering battle school, he isimmediately made into an outcast by his superiors and begins an uphillclimb to gain power and a following Early on, he figures out that hecan send messages that appear to come from other students He doesthis by creating a new identity in the shcool computers and exploitingan implementation flaw within the system Ender leverages the weaknessto twist his opponent's words, humiliating his adversary and winningover his friendsThe 44th president has a LinkedIn profile and a Twitter account Howdo we know that it's actually Barack tweeting and making connectionsIgnoring the fact that an aid is probably responsible for managingBarack's online identities, what is to stop any barely computerliterate individual from setting up a facebook account in your nameHow long could an impostor go undetected Social networks naturallysupport multiplicities of an identity Take for example the many facesof Paris Hilton on LinkedInImpersonating online identities, or "Endering", uses personalinformation from one or more sources and turns that into an onlineidentity within a social network The potential sources vary wildlyand include court records, job boards, wikipedia, mailing lists,social networks, background checks, credit reports etc In itssimplest form, Endering involves an exact duplication of an existingonline identityEndering is actively being conducted on popular social networksTweeple were left confused in May of this year after witnessing whatappeared to be an MP's tweets indicating inside knowledge of anupcoming general election At least one Moroccan individual hasreceived Jail time for Endering Less extreme cases in the US haveresulted in Law SuitsEndering and its variations are attacks with political implicationsand consequences In practical terms, these attacks can be used tomarket products, stage hilarious practical jokes, subvert employees,distribute propaganda, manipulate the press, recruit talent, monitoremployees, and moreMore ExamplesFake facebook student used to monitor student bodyNorthwestern officials declined to comment on whether they use orwould consider using a false Facebook account to gain access tostudents’ information But in general, they said, they would notrule out using information found through Facebook, or other Webcommunication, in disciplinary mattersGuyana President ImpersonatedFacebook said that under the network's terms of use members arebanned from attempting to "impersonate any person or entity"Stealing FriendsOnce your fake identity has been setup, you'll want to do somethingwith it Before you can do much of anything useful, you will need toconvince some of your target's associates to become your clone'sassociates A little research goes a long way here Some of the bestcandidates are those you can learn about from public sources but donot have accounts on the social network you're operating within Forexample, you want to impersonate the CEO of a company You know thatthe CEO is friends with a VP of the same company however the VP doesnot have a Facebook/LinkedIn/Hi5/YouNameIt accountAnother option is to hijack connections This one requires somegrifting but can be just as fruitful The associate being targetedalready has an account on the social network but you will need totrick them into becoming your associate, so in your invitation toconnect message, you let them know that your other account was hacked,you lost the password, or some other form of "my dog ate it" It'salready fairly common for this to happen without attackers beingthrown into the mixIMAGEhttp://www.secuobs.com/revue/news/109185.shtmlhttp://www.secuobs.com/revue/news/109185.shtml 2009-06-12 19:34:02 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/109129.shtmlhttp://www.secuobs.com/revue/news/109129.shtml 2009-06-12 19:14:18 - MX Logic Security News : An Eastern European gang of cybercriminals known as Group A hasre-emerged after several months without activity to launch a newspear-phishing attack targeting small business owners, the WashingtonPost reportedThe gang was believed to be responsible for earlier spear-phishingattacks that spoofed websites for the Better Business Bureau and theIRS in order to steal victims' login credentials for bank accountsIn the latest attack, spotted by IT security firm iDefense, the gangsends out phishing emails to business owners telling them that theirmoney transfer has gone through and they should click a link toconfirm, the Post's Security Fix blog reportedThe link downloads a Trojan horse onto the user's computer When theuser attempts to sign on to a bank website, the Trojan steals thepassword information so the hackers can steal from the user's accountPhishing attacks are highly effective against users who don't spot thetelltale signs of a fake website, such as spelling mistakes orsuspiciously altered domain names, according to research from websecurity firm VeriSignADNFCR-1765-ID-19216804-ADNFCRhttp://www.secuobs.com/revue/news/109062.shtmlhttp://www.secuobs.com/revue/news/109062.shtml 2009-06-12 10:17:14 - Homeland Security News : Six Italians were arrested Thursday on suspicion of plotting to attackGroup of Eight summit facilities The Rome-based group was trying torevive the Red Brigades terrorist organization that plagued Italy inthe 1970s and '80s, officials said Italian Interior Minister RobertoMaroni congratulated Italian Police Chief Antonio Manganelli, saying:''The operation http://www.secuobs.com/revue/news/108940.shtmlhttp://www.secuobs.com/revue/news/108940.shtml 2009-06-12 07:28:10 - Silver Tail Blog : I’ve always been confused by why the bad guys target banks in the UK andSouth America so much differently than they target banks in the US Inthe UK and especially in Brazil you hear of extremely sophisticatedattacks to steal or covertly use login credentials of unsuspectingconsumers And yet, in the US, http://www.secuobs.com/revue/news/108920.shtmlhttp://www.secuobs.com/revue/news/108920.shtml 2009-06-12 06:40:50 - BadwareBusters.org Most recent topics : Hello everyone,I’m learning how to use Joomla to make a website, and so i applied itfor my siteUnfortunately, my site were hacked with this“http://toplitesitecn:8080” in the index fileFirst time, i was able to delete that infected index file and my siteon againSecondtime being hacked, my site was listed as reported attack siteIf you guys have any ideas or know why and how can i get rid of thoseattack to make my site clean, please give me some advises as i’m anamateur web design for my own web siteThanks a lotJhttp://www.secuobs.com/revue/news/108915.shtmlhttp://www.secuobs.com/revue/news/108915.shtml 2009-06-12 04:19:35 - From a malicious attacker : The sci-fi masterpiece Ender's Game details the formative years of thestory's hero - Ender Wiggin Upon entering battle school, he isimmediately made into an outcast by his superiors and begins an uphillclimb to gain power and a following Early on, he figures out that hecan send messages that appear to come from other students He doesthis by creating a new identity in the shcool computers and exploitingan implementation flaw within the system Ender leverages the weaknessto twist his opponent's words, humiliating his adversary and winningover his friendsThe 44th president has a LinkedIn profile and a Twitter account Howdo we know that it's actually Barack tweeting and making connectionsIgnoring the fact that an aid is probably responsible for managingBarack's online identities, what is to stop any barely computerliterate individual from setting up a facebook account in your nameHow long could an impostor go undetected Social networks naturallysupport multiplicities of an identity Take for example the many facesof Paris Hilton on LinkedInImpersonating online identities, or "Endering", uses personalinformation from one or more sources and turns that into an onlineidentity within a social network The potential sources vary wildlyand include court records, job boards, wikipedia, mailing lists,social networks, background checks, credit reports etc In itssimplest form, Endering involves an exact duplication of an existingonline identityEndering is actively being conducted on popular social networksTweeple were left confused in May of this year after witnessing whatappeared to be an MP's tweets indicating inside knowledge of anupcoming general election At least one Moroccan individual hasreceived Jail time for Endering Less extreme cases in the US haveresulted in Law SuitsEndering and its variations are attacks with political implicationsand consequences In practical terms, these attacks can be used tomarket products, stage hilarious practical jokes, subvert employees,distribute propaganda, manipulate the press, recruit talent, monitoremployees, and moreMore ExamplesFake facebook student used to monitor student bodyNorthwestern officials declined to comment on whether they use orwould consider using a false Facebook account to gain access tostudents’ information But in general, they said, they would notrule out using information found through Facebook, or other Webcommunication, in disciplinary mattersGuyana President ImpersonatedFacebook said that under the network's terms of use members arebanned from attempting to "impersonate any person or entity"Stealing FriendsOnce your fake identity has been setup, you'll want to do somethingwith it Before you can do much of anything useful, you will need toconvince some of your target's associates to become your clone'sassociates A little research goes a long way here Some of the bestcandidates are those you can learn about from public sources but donot have accounts on the social network you're operating within Forexample, you want to impersonate the CEO of a company You know thatthe CEO is friends with a VP of the same company however the VP doesnot have a Facebook/LinkedIn/Hi5/YouNameIt accountAnother option is to hijack connections This one requires somegrifting but can be just as fruitful The associate being targetedalready has an account on the social network but you will need totrick them into becoming your associate, so in your invitation toconnect message, you let them know that your other account was hacked,you lost the password, or some other form of "my dog ate it" It'salready fairly common for this to happen without attackers beingthrown into the mixIMAGEhttp://www.secuobs.com/revue/news/108855.shtmlhttp://www.secuobs.com/revue/news/108855.shtml 2009-06-12 02:08:01 - BindShell.Net : http://hackersorg|RSnake has a writeup of his attack technique forhttp://wwwsectheorycom/rfc1918-security-issueshtm|exploiting webbrowser caching to attackhttp://wwwfaqsorg/rfcs/rfc1918html|RFC1918 networks The attackuses persistent JavaScript backdoors, long-term browser caching andhttp://wwwfaqsorg/rfcs/rfc1918html|RFC1918 collisionshttp://www.secuobs.com/revue/news/108814.shtmlhttp://www.secuobs.com/revue/news/108814.shtml 2009-06-11 22:48:42 - The Old New Thing : The trackback spam attack is well into its second week now The peoplewho run blogsmsdncom blocked all access from the IP address block,which not only blocks trackbacks but also prevents them from readingthe content and therefore prevents them from scrapingUndaunted, the sites just moved to a new IP addressSiteFromToCountRate pings/hrasp-net-hostingsimplynetdevcom6/02/2009 07:32 AM6/02/2009 07:32 AM1microsoft-sharepointsimplynetdevcom6/02/2009 07:42 AM6/02/2009 07:42 AM1outdoorceilingfansiteinfo6/02/2009 10:31 AM6/02/2009 11:07 AM1828woodtvstandinfo6/02/2009 02:18 PM6/02/2009 05:50 PM18853dsecurenet6/02/2009 06:46 PM6/02/2009 06:46 PM1patiochairsiteinfo6/02/2009 7:28 PM6/02/2009 7:50 PM1744hammockstandsiteinfo6/02/2009 9:22 PM6/02/2009 9:35 PM1042indoorgrillsrecipesinfo6/02/2009 11:04 PM6/02/2009 11:19 PM828portablegreenhousesiteinfo6/03/2009 12:58 AM6/03/2009 01:30 AM2443888phonecardscom6/03/2009 02:53 AM6/03/2009 02:53 AM1baby-parentingcouk6/03/2009 03:29 AM6/03/2009 03:29 AM1uniformstoresinfo6/03/2009 03:23 AM6/03/2009 03:51 AM2449asp-net-hostingsimplynetdevcom6/03/2009 07:12 AM6/03/2009 07:12 AM1microsoft-sharepointsimplynetdevcom6/03/2009 07:16 AM6/03/2009 07:16 AM1castironbakewareinfo6/03/2009 12:44 PM6/03/2009 12:45 PM260backyardshedinfo6/03/2009 12:47 PM6/03/2009 12:47 PM1mesotheliomalawyer4ucom6/04/2009 11:35 PM6/04/2009 11:35 PM1catastrophiceffectsblog-giantcom6/06/2009 01:21 AM6/06/2009 01:21 AM1weakbladderinfo6/07/2009 06:15 PM6/07/2009 06:55 PM4059greenteafeatburnerinfo6/07/2009 06:56 PM6/07/2009 07:39 PM125173besteyecreamsiteinfo6/07/2009 07:40 PM6/07/2009 08:30 PM5362jointpainreliefsinfo sic6/08/2009 11:17 AM6/08/2009 12:00 PM4156insomniacuresiteinfo6/08/2009 02:48 PM6/08/2009 03:51 PM155147menopausereliefsiteinfo6/08/2009 05:00 PM6/08/2009 05:15 PM45176cellulitecreamsiteinfo6/08/2009 07:31 PM6/08/2009 08:17 PM118153toenailfungusiteinfo sic6/08/2009 10:44 PM6/08/2009 11:23 PM6294hairgrowthproductsinfo6/09/2009 01:13 AM6/09/2009 01:48 AM5999quickdietsiteinfo6/09/2009 03:47 AM6/09/2009 04:43 AM94100weakbladderinfo6/09/2009 11:15 AM6/09/2009 12:00 PM6079greenteafatburnerinfo6/09/2009 12:01 PM6/09/2009 12:44 PM135187besteyecreamsiteinfo6/09/2009 12:44 PM6/09/2009 01:05 PM51143jointpainreliefsinfo sic6/09/2009 01:06 PM6/09/2009 01:11 PM772jointpainreliefsinfo sic6/09/2009 04:48 PM6/09/2009 05:08 PM48141insomniacuresiteinfo6/09/2009 05:11 PM6/09/2009 06:05 PM167184menopausereliefsiteinfo6/09/2009 06:04 PM6/09/2009 06:18 PM33137cellulitecreamsiteinfo6/09/2009 06:18 PM6/09/2009 06:59 PM133193toenailfungusiteinfo sic6/09/2009 06:59 PM6/09/2009 07:36 PM77123hairgrowthproductsinfo6/09/2009 07:37 PM6/09/2009 08:01 PM64158quickdietsiteinfo6/09/2009 08:02 PM6/09/2009 08:46 PM133180IMAGEhttp://www.secuobs.com/revue/news/108697.shtmlhttp://www.secuobs.com/revue/news/108697.shtml 2009-06-11 21:44:33 - Rootsecure.net : H Security: Attacks on SHA-1 made even easierhttp://www.secuobs.com/revue/news/108689.shtmlhttp://www.secuobs.com/revue/news/108689.shtml 2009-06-11 21:22:48 - Threatpost Feed : From The H SecurityAustralian researchers have described a new and faster way ofprovoking collisions of the SHA-1 hash algorithm With their method, acollision can be found using only 252 attempts This makes practicalattacks feasible and could have an impact on the medium-term use ofthe algorithm in digital signatureshttp://www.secuobs.com/revue/news/108674.shtmlhttp://www.secuobs.com/revue/news/108674.shtml 2009-06-11 18:48:43 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/108583.shtmlhttp://www.secuobs.com/revue/news/108583.shtml 2009-06-11 13:55:23 - ISN InfoSec News Mailing List : InfoSec News: Death of software exec adds pathos to attack on Web hostingfirm:http://blogscomputerworldcom/death_of_software_exec_adds_pathos_to_attack_on_web_hosting_firmBy Jaikumar Vijayan Second Take Computerworld Blogs June 10, 2009The apparent suicide earlier this week by the owner of a company thatdevelops virtualization software used by low cost Web hostingcompanies has added pathos to a massive hacking incident at one of thefirm's UK-based customersKT Ligesh, the 32-year old owner of Bangalore based LX Labs was founddead in his home on Monday morning according to a report in the Timesof India The paper quoting local police said the suicide might havebeen prompted by Lx Lab's recent loss of a contract to a rival firmand other personal issues stemming from the suicide of his mother andsister a few years agoLigesh's death came just a day after VAserv, a UK Web hostingcompany disclosed that unknown hackers had breached its virtual serverinfrastructure and completely deleted 100,000 Web sites being hostedby the company Nearly half of those might have irretrievably lostdata because they did not have back-ups of their data according to astory in The RegisterAccording to VAserv the hackers breached the company's servers bytaking advantage of a zero-day flaw in HyperVM, a virtualizationplatform sold by LX Lab But a note published ostensibly by the hackerclaimed that the attacks had happened because VAserv had insecurepassword management practices and not because of HyperVM flawshttp://www.secuobs.com/revue/news/108461.shtmlhttp://www.secuobs.com/revue/news/108461.shtml 2009-06-11 11:32:58 - Rootsecure.net : H Security: Google closes vulnerabilities in Chrome 2 "A vulnerability inWebKit can be exploited by an attacker to crash a tab or executearbitrary code in Google Chrome"http://www.secuobs.com/revue/news/108428.shtmlhttp://www.secuobs.com/revue/news/108428.shtml 2009-06-11 10:48:59 - Help Net Security News : Stonesoft introduced the new StoneGate IPS-1030 appliance with the uniquecapability of inspecting encrypted Web traffic inside of the SSLtunnel This improves the organization's end-to-end network shttp://www.secuobs.com/revue/news/108412.shtmlhttp://www.secuobs.com/revue/news/108412.shtml 2009-06-11 08:00:01 - BadwareBusters.org Most recent topics : I learn here but I can t find problem I cheked for code "iframe " butdon t have, i remove site and after i update again,i chancked pasword…Please help meSafe BrowsingDiagnostic page for filiala-prahovaroWhat is the current listing status for filiala-prahovaroSite is listed as suspicious – visiting this web site may harm yourcomputer Part of this site was listed for suspicious activity 1times over the past 90 daysWhat happened when Google visited this siteOf the 40 pages we tested on the site over the past 90 days, 3 pagesresulted in malicious software being downloaded and installed withoutuser consent The last time Google visited this site was on2009-05-31, and the last time suspicious content was found on thissite was on 2009-05-31 Malicious software includes 3 scriptingexploits Malicious software is hosted on 2 domains, includingmartuzcn/, findbigbearpropertycn/ This site was hosted on 1networks including AS39758 SIMPLIQHas this site acted as an intermediary resulting in furtherdistribution of malwareOver the past 90 days, filiala-prahovaro did not appear to functionas an intermediary for the infection of any sitesHas this site hosted malwareNo, this site has not hosted malicious software over the past 90 daysHow did this happenIn some cases, third parties can add malicious code to legitimatesites, which would cause us to show the warning messageNext steps:* Return to the previous page* If you are the owner of this web site, you can request a review ofyour site using Google Webmaster Tools More information about thereview process is available in Google’s Webmaster Help Centerhttp://www.secuobs.com/revue/news/108390.shtmlhttp://www.secuobs.com/revue/news/108390.shtml 2009-06-11 04:12:49 - Hack In The Box : Cryptographers have found new chinks in a widely-used digital-signaturealgorithm that have serious consequences for applications that signemail, validate websites, and carry out dozens of other onlineauthentication functions The researchers, from Macquarie Universityin Sydney, Australia, found a way to break the SHA-1 algorithm insignificantly fewer tries than previously required Although the hashfunction was previously believed to withstand attempts numbering 263,the researchers have been able to whittle that down to 252, a numberthat puts practical attacks well within grasp of well-fundedorganizations Secure hashing algorithms are designed to reduce textor digital files to a unique series of letters and numbers that isoften compared to the document's signature The findings, which werepublished Wednesday, mean it's easier to create what cryptographerscall collisions in SHA-1, in which two different sources share thesame the same outputhttp://www.secuobs.com/revue/news/108300.shtmlhttp://www.secuobs.com/revue/news/108300.shtml 2009-06-10 22:36:50 - Threatpost Feed : A security researcher has developed an interesting new class ofattacks that exploit the problems caused by organizations usingnon-routable IP space on their internal networks, including one attackthat compromises VPN users through the use of a persistent JavaScriptbackdoorhttp://www.secuobs.com/revue/news/108190.shtmlhttp://www.secuobs.com/revue/news/108190.shtml 2009-06-10 22:29:05 - root labs rdist : I have now posted slides for the talk I gave yesterday at Yahoo SecurityWeek I also took this opportunity to upload the previous talks I havegiven since 2004 to Slideshare The talk was mostly an in-depth listof attacks against various crypto implementations The good news isthat developers seem to have gotten the http://www.secuobs.com/revue/news/108177.shtmlhttp://www.secuobs.com/revue/news/108177.shtml 2009-06-10 22:12:18 - News : The continuing fallout from a hacking incident at UK-based Webhosting company VAserv should serve as a powerful reminder thatcompanies need proper data backup and disaster recovery proceduresread moreIMAGEhttp://www.secuobs.com/revue/news/108159.shtmlhttp://www.secuobs.com/revue/news/108159.shtml 2009-06-10 19:45:50 - TrendLabs Malware Blog by Trend Micro : Analysts of the recent Gumblar attack that compromised thousands oflegitimate websites stated that the unauthorized modifications in thewebsites were possibly executed not only through SQL injection Thecompromise was also reportedly done through accessing web server filesthrough stolen FTP credentials gathered by one of the final malwarepayloads of the same attack The Post from: TrendLabs | Malware Blog - by Trend MicroStolen FTP Credentials Key to Gumblar Attackhttp://www.secuobs.com/revue/news/108098.shtmlhttp://www.secuobs.com/revue/news/108098.shtml 2009-06-10 17:34:57 - Threatpost Feed : Threatpost editors Ryan Naraine and Dennis Fisher discuss this week’smassive patch releases by Microsoft, Adobe and Apple, the RFC1918attack paper by Robert Hansen and who they’d pick in a rotisseriehacker draftYou are missing some Flash content that should appear here Perhapsyour browser cannot display it, or maybe it did not initialisecorrectlyhttp://www.secuobs.com/revue/news/108038.shtmlhttp://www.secuobs.com/revue/news/108038.shtml 2009-06-10 17:08:37 - Wired Danger Room : In Afghanistan, the battle for hearts and minds moves swiftly TheTaliban is quick to exploit reports of civilian casualties, and theUS military often struggles to counter insurgent propaganda Arecent incident in Asadabad, the capital of Kunar province, however,has been a notable exception Asadabad was the scene of a deadlygrenade attack yesterday, http://www.secuobs.com/revue/news/108025.shtmlhttp://www.secuobs.com/revue/news/108025.shtml 2009-06-10 07:41:55 - Hak5 Large Xvid : The gang gathers at a dive in Hoboken, NJ during their trip to NYC forthe live Diggnation and discuss wireless packet injection with airpwn,advancements in WPA-PSK attacks and of course, virtualizationhttp://www.secuobs.com/revue/news/107847.shtmlhttp://www.secuobs.com/revue/news/107847.shtml 2009-06-10 02:42:41 - SecDocs Feed : http://www.secuobs.com/revue/news/107753.shtmlhttp://www.secuobs.com/revue/news/107753.shtml 2009-06-10 02:42:41 - SecDocs Feed : http://www.secuobs.com/revue/news/107751.shtmlhttp://www.secuobs.com/revue/news/107751.shtml 2009-06-09 19:33:17 - Threatpost Feed : From The Register Dan GoodinA targeted attack against a UK-based Web hosting company hasdestroyed the data of an estimated 100,000 of the company's customers'sites Vaservcom was hit by an attack this weekend that exploited aflaw in a virtualization application the company was running, leadingto the erasure of mass amounts of customer datahttp://www.secuobs.com/revue/news/107577.shtmlhttp://www.secuobs.com/revue/news/107577.shtml 2009-06-09 19:22:52 - milw0rm.com : http://www.secuobs.com/revue/news/107572.shtmlhttp://www.secuobs.com/revue/news/107572.shtml 2009-06-09 19:13:31 - SearchSecurity Network Security Tactics : Ever wonder if someone is monitoring everywhere you go on the InternetIn this chapter excerpt from Chained Exploits: Advanced HackingAttacks from Start to Finish, learn how to keep corporate spies atbayIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/107561.shtmlhttp://www.secuobs.com/revue/news/107561.shtml 2009-06-09 19:12:11 - Security Bloggers Network : Amit Klein posted the following to the web security mailing listyesterday "User tracking across domains, processes in some casesand windows/tabs is demonstrated by exploiting several vulnerabilitiesin major browsers Microsoft Internet Explorer, Mozilla Firefox, AppleSafari, and to a limited extent Google Chrome Additionally, newcross-domain information leakage, andhttp://www.secuobs.com/revue/news/107548.shtmlhttp://www.secuobs.com/revue/news/107548.shtml 2009-06-09 07:24:02 - Security Bloggers Network : I'm happy to announce that carnal0wnage and Attack Research have joinedblog forcesthe new home for the blog willbe:http://carnal0wnageattackresearchcom/please point your RSSreaders to the new location and enjoyWith the new blog is the abilityforhttp://www.secuobs.com/revue/news/107278.shtmlhttp://www.secuobs.com/revue/news/107278.shtml 2009-06-09 03:35:54 - Lookout : More from: http://supportapplecom/kb/HT3613 CVE-ID: CVE-2006-2783Available for: Mac OS X v10411, Mac OS X Server v10411, Mac OS Xv1057, Mac OS X Server v1057, Windows XP or Vista Impact: Visitinga maliciously crafted website may lead to a cross-site scriptingattack Description: WebKit ignores Unicode byte order mark sequenceswhen parsing web pages Certain websites and web content http://www.secuobs.com/revue/news/107239.shtmlhttp://www.secuobs.com/revue/news/107239.shtml 2009-06-09 02:24:35 - BadwareBusters.org Most recent topics : Hi guys I have a problem with one of my sites, everytime we usefirefox we see a screen that says site under attack, Me and mycoworkers scanned the whole site with different antiviruses and noviruses were found… can somebody help me to get rid of that screenand find the real cause of that screenthx in advancehttp://www.secuobs.com/revue/news/107183.shtmlhttp://www.secuobs.com/revue/news/107183.shtml 2009-06-09 00:07:37 - News : Cybersecurity researchers trying to stop users from inadvertentlycompromising their machines have come up with a novel idea: Give themPCs running virtual machine software so they can act as sensors thatdetect malware infections and prevent them from infecting enterprisenetworksread moreIMAGEhttp://www.secuobs.com/revue/news/107160.shtmlhttp://www.secuobs.com/revue/news/107160.shtml 2009-06-08 22:51:59 - Rootsecure.net : Network World: T-Mobile net reportedly hit by hacker/extortion attackhttp://www.secuobs.com/revue/news/107146.shtmlhttp://www.secuobs.com/revue/news/107146.shtml 2009-06-08 22:15:28 - Security Bloggers Network : Websense Security Labs has detected a mass injection attack affecting20,000 web sites with malicious JavaScript that hides code redirectingusers to a site with active exploits The attack, uncovered last week,used a domain similar to the legitimate http://www.secuobs.com/revue/news/107126.shtmlhttp://www.secuobs.com/revue/news/107126.shtml 2009-06-08 12:43:38 - BadwareBusters.org Most recent topics : Hi, i’ve been probably attacked couple of times, via JavaScriptInjection The hosting provider says its due to weak codingthe website addresses are:wwwvisititechcomcurrently, i’ve deleted the site to upload the fresh clean copy2nd site :wwwascocompkNote both websites are uploaded over a same hosting providerwhen i viewed the source code of the online site, it contained iniframe tag :iframe src=“http://hugetoplocatecn:8080/indexphp” width=153height=198 style=“visibility: hidden”I’ve removed it several times, but my site got infected againNeed guidelinehttp://www.secuobs.com/revue/news/106893.shtmlhttp://www.secuobs.com/revue/news/106893.shtml 2009-06-08 07:08:44 - Hack In The Box : Humanity has entered into an era of cyberwarfare The word "cyber" only60 years old and it corresponds to the name of Norbert Wiener Itinvolves new technologies and their progress The word "war" isalready known to mankind for thousands of years A consistentdefinition of war has given Carl von Clausewitz in his book "On War" asound perspective According to von Clausewitz, "War is an instrumentof policy; it must inevitably have a political nature Therefore, theconduct of wars in its main outlines is the very policies thatreplaced the stylus on the sword" He writes - "War is an act ofviolence intended to compel the enemy to fulfill our will To crushthe enemy, we must match our efforts with the strength of hisresistance; the latter represents the result of two non-factors: theamount of funds the enemy holds and the force of his will "War - asan act of violence, is understandable to all The question is, can"cyberspace attacks" be called "violence"http://www.secuobs.com/revue/news/106843.shtmlhttp://www.secuobs.com/revue/news/106843.shtml 2009-06-07 22:23:10 - Computer Security News : June 3, 2009 By Alex Goldman : Be careful of links in Twitter Thelatest malware attack on the social network links to a video hosted ona site that installs scareware as victims watch the videohttp://www.secuobs.com/revue/news/106734.shtmlhttp://www.secuobs.com/revue/news/106734.shtml 2009-06-07 03:53:47 - Homeland Security News : Al Qaeda is planning a major attack on Germans before September'selection to wreak revenge for the deployment of troops in Afghanistan,a German magazine cited security officials as saying on Saturday DerSpiegel said German intelligence officials and the Federal CrimeOffice believed German firms based in Algeria and German http://www.secuobs.com/revue/news/106624.shtmlhttp://www.secuobs.com/revue/news/106624.shtml 2009-06-07 03:17:50 - Security Bloggers Network : Websense Security Labs has detected a mass injection attack affecting20,000 web sites with malicious JavaScript that hides code redirectingusers to a site with active exploits The attack, uncovered last week,used a domain similar to the legitimatehttp://www.secuobs.com/revue/news/106606.shtmlhttp://www.secuobs.com/revue/news/106606.shtml 2009-06-06 22:15:11 - eWeek Security Watch : This week's ATM-based malware run stands as evidence of the fact that asa society we must recognize the ubiquitous threat for attack over anyform of computing deviceIMAGEIMAGEIMAGEhttp://www.secuobs.com/revue/news/106584.shtmlhttp://www.secuobs.com/revue/news/106584.shtml 2009-06-06 17:32:47 - SecurityTube.Net : Backtrack Series 3 Cracking Clientless WEP Protected Network Using ChopChop Attack Video TutorialIMAGEhttp://www.secuobs.com/revue/news/106534.shtmlhttp://www.secuobs.com/revue/news/106534.shtml 2009-06-06 17:32:47 - SecurityTube.Net : Backtrack Series 4 Cracking Clientless WEP Protected Network UsingFragmentation Attack Video TutorialIMAGEhttp://www.secuobs.com/revue/news/106533.shtmlhttp://www.secuobs.com/revue/news/106533.shtml 2009-06-06 17:32:47 - SecurityTube.Net : Backtrack Series 5 Cracking WPA Protected Network Using ASCII DictionaryAttack Video TutorialIMAGEhttp://www.secuobs.com/revue/news/106532.shtmlhttp://www.secuobs.com/revue/news/106532.shtml 2009-06-06 17:32:47 - SecurityTube.Net : Backtrack Series 6 Cracking WPA Protected Network Using Precomputed WPAKeys Database Attack Video TutorialIMAGEhttp://www.secuobs.com/revue/news/106531.shtmlhttp://www.secuobs.com/revue/news/106531.shtml 2009-06-06 17:32:47 - SecurityTube.Net : Backtrack Series 7 Cracking APless WEP Protected Network Using HirteAttack Video TutorialIMAGEhttp://www.secuobs.com/revue/news/106530.shtmlhttp://www.secuobs.com/revue/news/106530.shtml 2009-06-06 17:32:47 - SecurityTube.Net : Typo3 Encryption Key Attack Video TutorialIMAGEhttp://www.secuobs.com/revue/news/106528.shtmlhttp://www.secuobs.com/revue/news/106528.shtml 2009-06-06 12:27:52 - SecDocs Feed : http://www.secuobs.com/revue/news/106506.shtmlhttp://www.secuobs.com/revue/news/106506.shtml 2009-06-06 12:27:52 - SecDocs Feed : http://www.secuobs.com/revue/news/106505.shtmlhttp://www.secuobs.com/revue/news/106505.shtml 2009-06-06 12:27:52 - SecDocs Feed : http://www.secuobs.com/revue/news/106504.shtmlhttp://www.secuobs.com/revue/news/106504.shtml 2009-06-05 20:07:25 - News : Forget spam, viruses, worms, malware and phishing These threats areapparently old school when compared to a new class ofdenial-of-service DOS attacks that threaten wireless data networksread moreIMAGEhttp://www.secuobs.com/revue/news/106320.shtmlhttp://www.secuobs.com/revue/news/106320.shtml 2009-06-05 10:14:20 - BadwareBusters.org Most recent topics : Hi guys,I just joined this community 5 of my sites were recently attacked Aniframe was inserted on the indexpage, leading to a trojan horseFixed this for now, but i feel not sure How can i check my sitesonline for security weaknesses Any ideas or am i looking at thewrong place here I don’t know if this message belongs here, so ifnot, please tell me…http://www.secuobs.com/revue/news/106130.shtmlhttp://www.secuobs.com/revue/news/106130.shtml 2009-06-05 06:22:49 - DarkReading All Stories : 'Cloudburst' memory-corruption exploit released with Immunity Inc's newversion of Canvas penetration testing softwarehttp://www.secuobs.com/revue/news/106111.shtmlhttp://www.secuobs.com/revue/news/106111.shtml 2009-06-05 03:21:00 - SANS Internet Storm Center, InfoCON green : There is a new e-mail wave doing the rounds we have reports from June 34 It is a very targ morehttp://www.secuobs.com/revue/news/106040.shtmlhttp://www.secuobs.com/revue/news/106040.shtml 2009-06-04 19:44:12 - SecurityShell : McAfee whitepaper about Browser Security and AttacksThe widespread use of highly interactive “rich client” webapplications for e-commerce, business networking, and onlinecollaboration has finally catapulted web browsers from straightforwardHTML viewers to a full-blown software platform And as corporate usersare performing a significant portion of their work on the web, whetherit’s researching or collaborating, the safety of the underlyingplatform is critical to the company’s success ”Other areas the paper covers include:• The shift in spam to mainly malicious web link usage• “Web 20” sites—whether weblogs, social networking or portalsites—are increasingly spammed with links to malicious sites• Legitimate sites are compromised and misused to either hostmalicious code or link to a malicious website• Use of malicious video banners placed in advertisement networks• Use of popular search terms to advertise and drive search querytraffic to a malicious website In a recent case in Germany, attackersused Google AdWords to attract users who searched for “flash player”to the attacker’s fake Adobe-look-alike siteDownload PaperIMAGEhttp://www.secuobs.com/revue/news/105895.shtmlhttp://www.secuobs.com/revue/news/105895.shtml