http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com Secuobs.com : 2010-09-10 14:53:05 - Wired Danger Room - It s been a dream of scientists, interrogators and law enforcement professionals for years Strap a terrorist suspect to a couple of electrodes, start asking him questions, and watch his brainwaves rat him out In a recent paper, a Northwestern University professor uses some of his recent fieldwork to urge the intelligence community to give the science http://www.secuobs.com/revue/news/256740.shtmlhttp://www.secuobs.com/revue/news/256740.shtml Secuobs.com : 2010-09-10 14:52:22 - Graham Cluley's blog - If you were reading the SophosLabs blog overnight you'll have seen Boris Lau's report of a mass-mailing worm that has been seen widely across the internet Email messages with the subject line Here you have are pretending to point to documents or free sex movies, but are really designed to infect your PC What may be fooling http://www.secuobs.com/revue/news/256739.shtmlhttp://www.secuobs.com/revue/news/256739.shtml Secuobs.com : 2010-09-10 14:50:42 - Security Bloggers Network - Seclore Technology, a major player in the Enterprise Rights Management marketplace has just released version 220 of its flagship product, FileSecure The enhancements include the addition of a number of frameworks to increase the openness of FileSecur http://www.secuobs.com/revue/news/256738.shtmlhttp://www.secuobs.com/revue/news/256738.shtml Secuobs.com : 2010-09-10 14:50:42 - Security Bloggers Network - I saw this floating around in IRC and on a couple of hacking forums I guess script kiddies and malware authors must really be pressed for time, because here comes a Terms of Service generator You simply enter your name, email, product name and c http://www.secuobs.com/revue/news/256737.shtmlhttp://www.secuobs.com/revue/news/256737.shtml Secuobs.com : 2010-09-10 14:50:04 - Schneier on Security - Interesting case study IMAGE http://www.secuobs.com/revue/news/256736.shtmlhttp://www.secuobs.com/revue/news/256736.shtml Secuobs.com : 2010-09-10 14:48:32 - Help Net Security News - The payment system at a number of properties of HEI Hospitality - the hospitality operator that runs over 30 upscale hotels across the US under brand names as Marriott, Hilton, Sheraton and others - http://www.secuobs.com/revue/news/256735.shtmlhttp://www.secuobs.com/revue/news/256735.shtml Secuobs.com : 2010-09-10 14:47:00 - Educational Security Incidents ESI - Quick Facts Date 9 2 2010 Institution Western State College of Colorado Type of Incident Unauthorized Disclosure Number Affected Unknown Source ESI Abstract Source Western State College of Colorado Personal Information Security Alert Abstract Western State College of Colorado recently alerted employees after personal information was accidentally emailed to an unauthorized individual The information in the email contained the names, bank account numbers, bank routing information and Social Security numbers for all employees that participated in direct deposit in May 2010 The incident occurred during testing of the Banner 8 system when an email containing employee information was sent to an incorrect email address In the notice on the web site, the college tells employees to assume the information is in the hands of someone that will misuse the information Along with information on how to monitor credit reports and place fraud alerts on their accounts, the college is offering credit monitoring reimbursement six months for any employee, and their spouse in the event of joint bank accounts College officials have notified law enforcement of the incident and the investigation is ongoing IMAGE http://www.secuobs.com/revue/news/256734.shtmlhttp://www.secuobs.com/revue/news/256734.shtml Secuobs.com : 2010-09-10 14:39:21 - BankInfoSecurity.com Blogs RSS Syndication - Message Looked Real Till a Closer Examination The latest e-mail scam exploits compassion, not greed http://www.secuobs.com/revue/news/256733.shtmlhttp://www.secuobs.com/revue/news/256733.shtml Secuobs.com : 2010-09-10 14:37:34 - Security - There s a rarely mentioned move from 1024-bit to 2048-bit key lengths in the security demesne are you ready More importantly, are your infrastructure and applications ready f5friday Everyone has likely read about DNSSEC and the exciting day on which the root servers were signed In response to security concerns and very valid ones at that around the veracity of responses returned by DNS, which underpins the entire Internet, the practice of signing responses was introduced Everyone who had anything to do with encryption and certificates said something about the initiative But less mentioned was a move to leverage longer RSA key lengths as a means to increase the security of the encryption of data, a la SSL Secure Socket Layer While there have been a few stories on SSL vulnerabilities Dan Kaminsky illustrated flaws in the system at Black Hat imagelast year there s been very little public discussion about the transition in key sizes across the industry The last time we had such a massive move in the cryptography space was back when we moved from 128-bit to 256-bit keys Some folks may remember that many early adopters of the Internet had issues with browser support back then, and the impact on the performance and capacity of infrastructure were very negatively impacted Well, that s about to happen again as we move from 1024-bit keys to 2048-bit keys and the recommended transition deadline is fast approaching In fact, NIST is recommending the transition by January 1st, 2011 and several key providers of certificates are already restricting the issuance of certificates to 2048-bit keys NIST Recommends transition to 2048-bit key lengths by Jan 1st 2011 Special Publication 800-57 Part 1 Table 4 VeriSign Started focusing on 2048-bit keys in 2006 complete transition by October 2010 Indicates their transition is to comply with best practices as recommended by NIST GeoTrust Clearly indicates why it transitioned to only 2048-bit Keys in June 2010 Entrust Also following NIST recommendations TN 7710 - Entrust is moving to 2048-bit RSA keys GoDaddy We enforced a new policy where all newly issued and renewed certificates must be 2048-bit Extended Validation EV required 2048-bit keys on 1 1 09 Note that it isn t just providers who are making this move Microsoft uses and recommends 2048-bit keys per the NIST guidelines for all servers and other products Red Hat recommends 2048 length for keys using RSA algorithm And as of December 31, 2013 Mozilla will disable or remove all root certificates with RSA key sizes smaller than 2048 bits That means sites that have not made the move as of that date will find it difficult for customers and visitors to hook up, as it were THE IMPACT on YOU The impact on organizations that take advantage of encryption and decryption to secure web sites, sign code, and authenticate access is primarily in performance and capacity The decrease in performance as key sizes increase is not linear, but more on the lines of exponential For example, though the key size is shifting by a factor of two, F5 internal testing indicates that such a shift results in approximately a 5x reduction in performance as measured by TPS Transactions per Second This reduction in performance has also been seen by others in the space, as indicated by a recent Citrix announcement of a 5x increase in performance of its cryptographic processing This decrease in TPS is due primarily to heavy use of the key during the handshaking process The impact on you is heavily dependent on how much of your infrastructure leverages SSL For some organizations those that require SSL end-to-end the impact will be much higher Any infrastructure component that terminated SSL and re-encrypted the data as a means to provide inline functionality think imageIDS, Load balancer, web application firewall, anti-virus scan will need to also support 2048-bit keys, and if new certificates are necessary these, too, will need to be deployed throughout the infrastructure Any organization with additional security encryption requirements over and above simply SSL encryption, such as FIPS 140-2 or higher, are looking at new additional hardware to support the migration Note There are architectural solutions to avoid the type of forklift upgrade necessary, we ll get to that shortly If your infrastructure is currently supporting SSL encryption decryption on your web application servers, you ll certainly want to start investigating the impact on capacity and performance now SSL with 1024-bit keys typically requires about 30pourcents of a server s resources RAM, CPU and the increase to 2048-bit keys will require more, which necessarily comes from the resources used by the application That means a decrease in capacity of applications running on servers on which SSL is terminated and typically a degradation in performance In general, the decrease we ve and others have seen in TPS performance on hardware should give you a good idea of what to expect on software or virtual network appliances As a general rule you should determine what level of SSL transaction you are currently licensed for and divide that number by five to determine whether you can maintain the capacity you have today after a migration to 2048-bit keys It may not be a pretty picture ADVANTAGES of SSL OFFLOAD If the advantages of offloading SSL to an external infrastructure component were significant before the move from 1024-bit keys to 2048-bit keys makes them nearly indispensable to maintaining performance and capacity of existing applications and infrastructure Offloading SSL to an external infrastructure component enabled with specialized hardware further improves the capacity and performance of these mathematically complex and compute intensive processes image ARCHITECTURAL SOLUTION to support 1024-bit key only applications If you were thinking about leveraging a virtual network appliance for this purpose, you might want to think about that one again Early testing of RSA operations using 2048-bit keys on 64-bit commodity hardware shows a capacity in the hundreds of transactions per second Not tens of thousands, not even thousands, but hundreds Even if the only use of SSL in your organization is to provide secure web-based access to e-mail, a la Microsoft Web Outlook, this is likely unacceptable Remember there is rarely a 1 1 relationship between connections and web applications today, and each connection requires the use of those SSL operations, which can drastically impact the capacity in terms of user concurrency Perhaps as important is the ability to architect around limitations imposed by applications on the security infrastructure For example, many legacy applications Lotus Notes, IIS 50 do not support 2048-bit keys Thus meeting the recommendation to migrate to 2048-bit keys is all but impossible for this class of application Leveraging the capabilities of an application delivery controller that can support 2048-bit keys, however, allows for the continued support of 1024-bit keys to the application while supporting 2048-bit keys to the client ARE YOU READY That s a question only you can answer, and you can only answer that by taking a good look at your infrastructure and applications image Creative Commons License Now is a good time to evaluate your SSL strategy to ensure it s up to the challenge of 2048-bit keys Check your licenses, determine your current capacity and requirements, and compare those to what can be realistically expected once the migration is complete Validate that applications currently requiring 1024-bit keys can support 2048-bit keys or whether such a migration is contraindicated by the application, and investigate whether a proxy-based mediation solution might be appropriate And don t forget to determine whether or not compliance with regulations may require new hardware solutions Now this is an F5 Friday post, so you knew there had to be some tie-in, right Other than the fact that the red-ball glowing ball on every BIG-IP just looks hawesome in the dim light of a data center, F5 solutions can mitigate many potential negative impacts resulting from a migration of 1024-bit to 2048-bit key lengths BIG-IP Specialized Hardware BIG-IP hardware platforms include specialized RSA acceleration hardware that improves the performance of the RSA operations necessary to support encryption decryption and SSL communication and enables higher capacities of the same EM Enterprise Manager Streamlines Certificate Management F5 s centralized management solution, EM Enterprise Manager , allows an organization to better manage a cryptographic infrastructure by providing the means to monitor and manage key expirations across all F5 solutions and collect TPS history and usage when sizing to better understand capacity constraints BIG-IP Flexibility BIG-IP is a full proxy-based solution It can mediate between clients and applications that have disparate requirements, such as may be the case with key sizes This allows you to use 2048-bit keys but retain the use of 1024-bit keys to web application servers and other infrastructure solutions Strong partnerships and integration with leading centralized key management and crypto vendors that provide automated key migration and provisioning through open and standards-based APIs and robust scripting capabilities DNSSEC Enhance security through DNSSEC to validate domain names Although it has been suggested that 1024-bit keys might be sufficient for signing zones, with the forced migration to 2048-bit keys there will be increased pressure on the DNS infrastructure that may require a new solution for your DNS systems THIS IS IN MANY REGARDS INFOSEC S Y2K In many ways a change of this magnitude is for Information Security professionals their Y2K because such a migration will have an impact on nearly every component and application in the data center Unfortunately for the security folks, we had a lot more time to prepare for Y2K so get started, go through the checklist, and get yourself ready to make the switch now before the eleventh hour is upon us --------------------------------------------------------------------- Related blogs articles The Anatomy of an SSL Handshake Network Computing DNSSEC Readiness ISCorg Get Ready for the Impact of 2048-bit RSA Keys Network Computing SSL handshake latency and HTTPS optimizations semicompletecom Pete Silva Demonstrates the FirePass SSL-VPN Data Center Feng Shui SSL WILS SSL TPS versus HTTP TPS over SSL SSL performance - DevCentral - F5 DevCentral Community Group DevCentral Weekly Roundup Audio Podcast - SSL iControl Apps - 12 - Global SSL Statistics DevCentral F5 Oracle 10g SSL Offload - JInitiator X509CertChainInvalidErr error Requiring an SSL Certificate for Parts of an Application The Order of Network Operations Follow me on Twitter View Lori's profile on SlideShare friendfeed icon_facebook AddThis Feed Button Bookmark and Share Technorati Tags MacVittie,F5,F5 friday,SSL,DNSSEC,offload,security,keys,performance,proxy IMAGE http://www.secuobs.com/revue/news/256732.shtmlhttp://www.secuobs.com/revue/news/256732.shtml Secuobs.com : 2010-09-10 14:37:06 - Crabbyolbastard Ruminates - There s an article on Wiredcom that talks about the hack attacks in 2008 around 9 11 that happened to the boys at Faloja Evidently the faloja kids are worried again that they are about to get popped this weekend too because they keep hitting my post on this site about that And they should be worried http://www.secuobs.com/revue/news/256731.shtmlhttp://www.secuobs.com/revue/news/256731.shtml Secuobs.com : 2010-09-10 14:27:44 - Common Exploits - This is a great little exploit to use Works on Windows 7, Windows 2008 SP1 and all the way back to Windows XP This was released around November 2009 and Microsoft released the patch around Feb 2010 Ms10-015 Most AV scanners pick this up now, but did have a good few months of fun with http://www.secuobs.com/revue/news/256730.shtmlhttp://www.secuobs.com/revue/news/256730.shtml Secuobs.com : 2010-09-10 14:27:44 - Common Exploits - Target system Windows XP SP3 running Adobe Acrobat PDF Reader V9 Metasploit is packed with great PDF exploits Most AV pick this up but not all Also try the web URL PDF exploits that work by just browsing to a URL Just shows how important it is to update things like PDF, Java etc into http://www.secuobs.com/revue/news/256729.shtmlhttp://www.secuobs.com/revue/news/256729.shtml Secuobs.com : 2010-09-10 14:27:44 - Common Exploits - Client side exploit Internet Explorer 6 on Windows XP using Metasploit MS10-002 http://www.secuobs.com/revue/news/256728.shtmlhttp://www.secuobs.com/revue/news/256728.shtml Secuobs.com : 2010-09-10 14:27:44 - Common Exploits - A couple of methods you can use to gain a shell through a Tomcat server when you find weak credentials Method 1 Uploading a war jsp command shell direct in the web manager Method 2 using Metasploit to gain a reverse shell http://www.secuobs.com/revue/news/256727.shtmlhttp://www.secuobs.com/revue/news/256727.shtml Secuobs.com : 2010-09-10 14:27:44 - Common Exploits - Tool by BL4CK to bypass VNC authentication This is now patched in the latest VNC version, but I do come across quite a few tests running vulnerable versions such as 411 http://www.secuobs.com/revue/news/256726.shtmlhttp://www.secuobs.com/revue/news/256726.shtml Secuobs.com : 2010-09-10 14:27:44 - Common Exploits - Great little client side exploit It exploits a vulnerability in the LNK process and uses Webdav to run the exploit Patch released August 2nd 2010 MS10-046 CVE-2010-2568 http wwwmicrosoftcom technet security bulletin MS10-046mspx Affected Operating Systems Windows XP Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 http://www.secuobs.com/revue/news/256725.shtmlhttp://www.secuobs.com/revue/news/256725.shtml Secuobs.com : 2010-09-10 14:27:44 - Common Exploits - Token kidnapping returns You may remember back in 2009 a token kidnapping issue was discovered and exploited by Cesar Cerrudo This allowed you to impersonate a service in use running as a higher service account network service to system and compromise the server This was patched by Microsoft in April 2009 MS09-012 Cesar is http://www.secuobs.com/revue/news/256724.shtmlhttp://www.secuobs.com/revue/news/256724.shtml Secuobs.com : 2010-09-10 14:27:44 - Common Exploits - A nice little client side exploit here Download the very latest Quicktime version from Applecom 767750 3rd Sept 2010 and check for updates to ensure you have the latest version It is fully exploitable Within Metasploit it creates a webserver that the client must browse to, once the client browses it exploits a vulnerability within Quicktime http://www.secuobs.com/revue/news/256723.shtmlhttp://www.secuobs.com/revue/news/256723.shtml Secuobs.com : 2010-09-10 14:27:44 - Common Exploits - There has been lots of recent press relating to DLL hijacking I have tested this out and created a video demonstration to help clear this up as slightly confusing This is a client side exploit so the user must browse the SMB share or the HTTP server There is no so called patch from Microsoft http://www.secuobs.com/revue/news/256722.shtmlhttp://www.secuobs.com/revue/news/256722.shtml Secuobs.com : 2010-09-10 14:11:03 - SecurityPark.net - A recent survey has discovered an apparent disconnect that exists between senior management, the IT department and the employees of companies Although 64pourcents of senior managers see IT as being strategic to the business alarmingly a fifth view IT as a necessary evil In addition, researchers found that only 45pourcents of senior managers have a good understanding of the IT function, which perhaps explains w more http://www.secuobs.com/revue/news/256721.shtmlhttp://www.secuobs.com/revue/news/256721.shtml Secuobs.com : 2010-09-10 14:11:03 - SecurityPark.net - Check Point has announced that its Endpoint Security Media Encryption solution has received Common Criteria Evaluation Assurance Level 4 EAL4 certification from the National Information Assurance Partnership NIAP Media Encryption 495 HFA 01 build 238 adds to the extensive portfolio of certified Check Point Endpoint Security products available to those customers that require the highe more http://www.secuobs.com/revue/news/256720.shtmlhttp://www.secuobs.com/revue/news/256720.shtml Secuobs.com : 2010-09-10 14:11:03 - SecurityPark.net - FreeSpace Networks have supplied radio-based CCTV data transmission to Asda petrol stations The wireless bridging solutions are producing financial savings for the client by removing the need to lay cable as well as eliminating the risk of damage to water supplies, mains power and other utility trunking Client revenue is protected since there is minimal disruption to the core activity of the fil more http://www.secuobs.com/revue/news/256719.shtmlhttp://www.secuobs.com/revue/news/256719.shtml Secuobs.com : 2010-09-10 14:11:03 - SecurityPark.net - Vancouver Community College, one of British Columbia's oldest and largest colleges, has deployed the Avigilon HD Surveillance System in an effort to improve staff and student safety across its two campuses in the Vancouver, British Columbia area The College security team seamlessly manages the Avigilon HD Surveillance System using Avigilon Control Center Network Video Management Software NVMS more http://www.secuobs.com/revue/news/256718.shtmlhttp://www.secuobs.com/revue/news/256718.shtml Secuobs.com : 2010-09-10 14:11:03 - SecurityPark.net - Honda New Zealand has deployed FortiGate-310B appliances as well as Fortinet's analysis and management appliances, FortiAnalyzer and FortiManager The FortiGate appliances are being used for broad network security protection including firewall, antivirus, Web content filtering, intrusion prevention and SSL VPN functionality In addition, franchises can securely connect via SSL VPN tunnels back t more http://www.secuobs.com/revue/news/256717.shtmlhttp://www.secuobs.com/revue/news/256717.shtml Secuobs.com : 2010-09-10 14:06:36 - PornoSecurity - - it bypasses DEP and ASLR using impressive tricks and unusual methods - Vupen - it uses a previously unpublished technique to bypass ASLR - Metasploit Blog - exploit uses the ROP technique to bypass the ASLR and DEP - ZDnet Kasperky - it's so scary I ran away screaming - anonymous Is that PDF so scary I don't think so DEP is an hardware feature that prevents execution of data, it obviously works if software sets the execution flag only on memory pages containing code If you VirtualAlloc all of your memory with PAGE_EXECUTE_READWRITE DEP can't help If you opt-out, it can't help If you disable it system-wide guess what Is directly executing injected data the only way to get arbitrary code execution Answer is nope It is possible to get arbitrary code execution by taking advantage of the call return mechanism of x86 This was called ret2libc more than ten years ago and it works by injecting fake stack frames instead of code The return addresses of those stack frames are used to jump to code already in memory that belongs to main executable or libraries By chaining stack frames, if enough functions are present in memory, you can achieve arbitrary code execution Since windows is pretty happy to give you memory with write and execution permissions and there are even a few api to programmatically disable DEP, there's no really need to use ret2libc to implement the entire shellcode Instead you use it to call just a couple of functions or pieces of functions gadgets to ask for RWX memory, copy the shellcode there, jump to it All you need is the addresses of those functions gadgets Is that a DEP bypass nope but it's smart and convenient, isn't it Is it something new, at least in the wild nope ret2what ret2libc, but cool guys now call it ROP ASLR is a software feature that randomizes memory allocations and should stop ret2libc because it makes hard to guess the location of a piece of code It works if software does not give the attacker too much control over memory allocations If software does leak pointers ASLR can't help If you don't opt-in, it can't help How that scary exploit works It uses heap-spray to fill the memory with fake stack frames and ret2libc to bypass DEP as describe above, the addresses of functions gadgets used to put the shellcode in an rwx area come from a DLL that does not opt-in to ASLR Is that an ASLR bypass nope, it's sounds to me like bypassing ASLR when ASLR is disabled http://www.secuobs.com/revue/news/256716.shtmlhttp://www.secuobs.com/revue/news/256716.shtml Secuobs.com : 2010-09-10 14:02:34 - Just ask Gemalto - http://www.secuobs.com/revue/news/256715.shtmlhttp://www.secuobs.com/revue/news/256715.shtml Secuobs.com : 2010-09-10 13:41:51 - Infosecurity USA Latest News - Last night the Global Risk Register a non-profit organisation seeking to improve the risk management of businesses was launched in at a special event in the London Cabinet War Rooms http://www.secuobs.com/revue/news/256714.shtmlhttp://www.secuobs.com/revue/news/256714.shtml Secuobs.com : 2010-09-10 13:41:51 - Infosecurity USA Latest News - Research just published claims that the majority of UK businesses are currently completing or actively implementing a cloud migration strategy http://www.secuobs.com/revue/news/256713.shtmlhttp://www.secuobs.com/revue/news/256713.shtml Secuobs.com : 2010-09-10 13:41:20 - ISN InfoSec News Mailing List - InfoSec News Kenya tops list of EA countries worst-hit by computer viruses http wwwbusinessdailyafricacom Companypourcents20Industry Kenyapourcents20topspourcents20listpourcents20ofpourcents20EApourcents20countriespourcents20worstpourcents20hitpourcents20bypourcents20computerpourcents20viruses - 539550 1006422 - vyb5f - By Kui Kinyanjui Business Daily September 9 2010 Kenya has risen to become the most insecure country in East Africa in http://www.secuobs.com/revue/news/256712.shtmlhttp://www.secuobs.com/revue/news/256712.shtml Secuobs.com : 2010-09-10 13:41:20 - ISN InfoSec News Mailing List - InfoSec News Secunia Weekly Summary - Issue 2010-36 The Secunia Weekly Advisory Summary 2010-09-02 - 2010-09-09 This week 89 advisories http://www.secuobs.com/revue/news/256711.shtmlhttp://www.secuobs.com/revue/news/256711.shtml Secuobs.com : 2010-09-10 13:41:20 - ISN InfoSec News Mailing List - InfoSec News Film studios 'launch cyber attacks on torrent sites' http wwwtgdailycom games-and-entertainment-features 51458-film-studios-launch-cyber-attacks-on-torrent-sites By Emma Woollacott TG Daily 9th Sep 2010 An Indian firm has blithely admitted carrying out DDoS attacks on illegal torrent websites on behalf of movie companies including 20th http://www.secuobs.com/revue/news/256710.shtmlhttp://www.secuobs.com/revue/news/256710.shtml Secuobs.com : 2010-09-10 13:41:20 - ISN InfoSec News Mailing List - InfoSec News Employee charged with hacking computer with porn http weblogsbaltimoresuncom news crime blog 2010 09 employee_charged_with_hackinghtml By Peter Hermann The Baltimore Sun September 9, 2010 It happened one day last year, as more than a dozen board members of a Baltimore substance abuse center had gathered around a conference room http://www.secuobs.com/revue/news/256709.shtmlhttp://www.secuobs.com/revue/news/256709.shtml Secuobs.com : 2010-09-10 13:41:20 - ISN InfoSec News Mailing List - InfoSec News Symantec HackIsWack site still open to rickrolling http wwwtheregistercouk 2010 09 09 symantec_hackiwack_rickrolled_again By John Leyden The Register 9th September 2010 Symantec's hapless HackIsWack cybercrime rap competition site can still be rickrolled, despite assurances to the contrary from the security giant http://www.secuobs.com/revue/news/256708.shtmlhttp://www.secuobs.com/revue/news/256708.shtml Secuobs.com : 2010-09-10 13:39:20 - Global Security Mag Online - Sophos vient de publier son rapport semestriel sur la sécurité, qui recense les évolutions et tendances de la sécurité informatique au cours de la première moitié de 2010, ainsi que les résultats d'une enquête portant sur l'attitude des internautes vis-à-vis de la cyber-guerre Cette étude, menée auprès de 1077 utilisateurs du monde entier, dévoile des opinions alarmantes face à l'espionnage informatique international Les questions portaient en particulier sur ce qu'ils pensaient de l'espionnage par - Info Malwares http://www.secuobs.com/revue/news/256707.shtmlhttp://www.secuobs.com/revue/news/256707.shtml Secuobs.com : 2010-09-10 13:37:41 - Exploit DB updates - http://www.secuobs.com/revue/news/256706.shtmlhttp://www.secuobs.com/revue/news/256706.shtml Secuobs.com : 2010-09-10 13:37:41 - Exploit DB updates - http://www.secuobs.com/revue/news/256705.shtmlhttp://www.secuobs.com/revue/news/256705.shtml Secuobs.com : 2010-09-10 13:37:41 - Exploit DB updates - http://www.secuobs.com/revue/news/256704.shtmlhttp://www.secuobs.com/revue/news/256704.shtml Secuobs.com : 2010-09-10 13:37:41 - Exploit DB updates - http://www.secuobs.com/revue/news/256703.shtmlhttp://www.secuobs.com/revue/news/256703.shtml Secuobs.com : 2010-09-10 13:32:12 - CNIS mag - Elle a tout pour plaire, cette faille Acrobat Acrobat Reader à la fois critique et dans la nature, exploitée in the wild par une campagne email ayant pour sujet David Leadbetter s One Point Lesson Lequel email contient un fichier pdf forgé qui ne fait réagir, à l heure où nous rédigeons http://www.secuobs.com/revue/news/256702.shtmlhttp://www.secuobs.com/revue/news/256702.shtml Secuobs.com : 2010-09-10 13:32:12 - CNIS mag - Secunia vient d annoncer l entrée en phase beta marketing de son logiciel d inventaire de failles PSI 20 personnal software inspector La première édition était déjà une bénédiction pour qui ne souhaite pas passer du temps à chasser la mise à jour ou traquer le correctif sauvage, puisqu en regard de chaque vulnérabilité détectée et listée, http://www.secuobs.com/revue/news/256701.shtmlhttp://www.secuobs.com/revue/news/256701.shtml Secuobs.com : 2010-09-10 13:31:24 - BiometricNewsPortal.com - Intelligent Fingerprinting has developed an innovative test to simultaneously detect identity and drug use The technology has a wide range of potential applications in forensics and policing Intelligent Fingerprinting enables forensic scientists to extract more information from the fingerprints they routinely collect Knowing if their suspect was http://www.secuobs.com/revue/news/256700.shtmlhttp://www.secuobs.com/revue/news/256700.shtml Secuobs.com : 2010-09-10 12:36:19 - Security Bloggers Network - This evening while I was driving to an open house at my daughter's school very cool proud of you, Kyriae a journalist called to ask me about the major new email worm that everyone is talking about Insert sound of cricketsI asked him for more det http://www.secuobs.com/revue/news/256699.shtmlhttp://www.secuobs.com/revue/news/256699.shtml Secuobs.com : 2010-09-10 12:36:19 - Security Bloggers Network - I picked up a jar of Bolani Sweet Jalapeno condiment the other day Instead of the usual expiration warning found on condiments I noticed the label said no refrigeration necessary and that it keeps for multiple years with natural preservatives It has only Bell Pepper, Jalapeno, Pepper, Vinegar, Sugar and Spice Impressive My jar is http://www.secuobs.com/revue/news/256698.shtmlhttp://www.secuobs.com/revue/news/256698.shtml Secuobs.com : 2010-09-10 12:36:19 - Security Bloggers Network - The story in the BBC called US Marines capture ship hijacked by pirates off Somalia started to get me all excited about new methods of anti-piracy from the US military Several things stood out as different from past anti-pirate exercises Marines, not Special Forces or Commandos No shots fired Rapid response and conclusion Then I read through to http://www.secuobs.com/revue/news/256697.shtmlhttp://www.secuobs.com/revue/news/256697.shtml Secuobs.com : 2010-09-10 12:36:19 - Security Bloggers Network - A recent World Cup data theft confirms something we've been saying for some time, namely that most organizations defend their digital assets against external attack, but they ignore the internal threat at their peril And the interesting thing about this breach The stolen data dates back to the 2006--not 2010 --World Cup Reports are coming in that the Information Commissioner's Office has started investigating FIFA, the world football governing body, over allegations that details of thousands of World Cup fans' - including their passport data - were accessed by one or more members of staff and then sold on the black http://www.secuobs.com/revue/news/256696.shtmlhttp://www.secuobs.com/revue/news/256696.shtml Secuobs.com : 2010-09-10 12:33:53 - Darknet The Darkside - http://www.secuobs.com/revue/news/256695.shtmlhttp://www.secuobs.com/revue/news/256695.shtml Secuobs.com : 2010-09-10 12:24:49 - BankInfoSecurity.com Blogs RSS Syndication - We Have a Problem Now, What to Do About It Clearinghouse fraud pushes the financial industry to its limit It's growing so quickly, no one can keep up Is the tipping point here http://www.secuobs.com/revue/news/256694.shtmlhttp://www.secuobs.com/revue/news/256694.shtml Secuobs.com : 2010-09-10 12:14:39 - Collin R. Mulliner - So I survived Black Hat and Defcon, it was great fun, f ing expensive and totally exhausting but totally worth it Saw a bunch of talks at Black Hat some of which where cool stuff but others sadly where not worth it Defcon was way too crowded 12K people I was told Therefore I couldn't attend any talk - Talking to cool new people made up for it Now I'm at Stanford for a couple of days Many things planed but ping me if you want to chat http://www.secuobs.com/revue/news/256693.shtmlhttp://www.secuobs.com/revue/news/256693.shtml Secuobs.com : 2010-09-10 12:14:39 - Collin R. Mulliner - So the PalmPre seems to have a small problem with vCards Pwn20wn Nils found a nice little bug that seems to be exploitable Nice find Then we got the first Android trojan that sends premium SMS messages Jon did a nice decode of the trojan over here Since this is now on a public website I want to mention it once Decrypting GSM phone calls by Karsten and other from the Security Research Labs Berlin http://www.secuobs.com/revue/news/256692.shtmlhttp://www.secuobs.com/revue/news/256692.shtml Secuobs.com : 2010-09-10 12:14:39 - Collin R. Mulliner - In a couple of days I'm travelling to Darmstadt to attend the CAST-Workshop on Embedded Security to talk about our embedded systems security lab http://www.secuobs.com/revue/news/256691.shtmlhttp://www.secuobs.com/revue/news/256691.shtml Secuobs.com : 2010-09-10 12:14:39 - Collin R. Mulliner - At T2 Nils talks about some WebOS and Android vulns this should be quite interesting since he likely will cover the bugs he recently found T2 is really one of the European cons I want to go to, very high priority Especially since I can't go to SEC-T this year hacking the RKF ticket system and How to stay invisible while still using cellphones sounds quite interesting The BruCON schedule looks quite interesting GSM Security Fact and Fiction NFC Malicious Content sharing, the abstract sounds like something I've done some years ago - I wonder what kind of new stuff they found The Monkey Steals the Berries The State of Mobile Security So BruCON actually looks quite good, another CON I need to go to at some point At SecTor there seems to be a single mobile talk Black Berry Security FUD Free Thats it for August as far as I can see Update I totallty forgot DeepSec This year it seems like a mobile only security conference Talks are Pentesting Internet Handheld Devices Debugging GSM Targeted DOS Attack and various fun with GSM Um Mobile VoIP Steganography From Framework to Implementation Mobile privacy Tor on the iPhone and other unusual devices OsmocomBB A tool for GSM protocol level security analysis of GSM networks Malicious applications for Smartphones All your baseband are belong to us Android Reverse Engineering and Forensics LTE Radio Interface structure and its security mechanism http://www.secuobs.com/revue/news/256690.shtmlhttp://www.secuobs.com/revue/news/256690.shtml Secuobs.com : 2010-09-10 12:14:39 - Collin R. Mulliner - So since I have decided to use Flattr I also decided to put my own Thing for Mobile Security News on Flattr Flattr this http://www.secuobs.com/revue/news/256689.shtmlhttp://www.secuobs.com/revue/news/256689.shtml Secuobs.com : 2010-09-10 12:14:39 - Collin R. Mulliner - I've been playing with Android desktop widgets in the past days - so here is my first widget IP Addr Widget is a simple widget that displays the IP address of the current default route the network interface that currently is in use You can tap click the widget to resolve the external public IP address and FQDN of your phone I know there are about 10 other widgets that do the same I just wrote it for practice So enjoy http://www.secuobs.com/revue/news/256688.shtmlhttp://www.secuobs.com/revue/news/256688.shtml Secuobs.com : 2010-09-10 12:14:39 - Collin R. Mulliner - Mobile phone HTTP header privacy issue in Spain 1 xuf got them to fix it 2 In October I will present two papers First, Privacy Leaks in Mobile Phone Internet Access which is about mobile phone HTTP header leakage Second, Rise of the iBots 0wning a telco network a paper on smartphone botnet C C The Osmocom people have added a security section to their wiki One really interesting part is the section on Will my Phone Show An Unencrypted Connection Conferences ToorCon has a nice lineup sofar Real Men Carry Pink Pagers The Carmen San Diego Project iPhone Rootkit There's an App for That The Hidden Nemesis Backdooring Embedded Controllers Smartphone Ownage The State of Mobile Botnets and Rootkits Moving Target Location-Based Threats and Mitigations Black Hat Abu Dhabi Mobile Phony Why You Can't Trust Mobile Phone Networks For Critical Infrastructure Need some hints I'm looking for a number of statistics 1 How many people update their mobile phones I don't care about smartphones such as iPhone or Android 2 The most popular mobile phones around the world There should be some sales stats on this, right Any help will be very welcome Email collin at mullinerorg The thing called a phone by Scott Adams I almost never use it as a phone IMAGE http://www.secuobs.com/revue/news/256687.shtmlhttp://www.secuobs.com/revue/news/256687.shtml Secuobs.com : 2010-09-10 12:12:26 - Exploit DB updates - http://www.secuobs.com/revue/news/256686.shtmlhttp://www.secuobs.com/revue/news/256686.shtml Secuobs.com : 2010-09-10 12:04:44 - Computer Security News - HEI Hospitality, owner and operator of upscale hotels operating under the Marriott, Sheraton, Westin and other monikers, has sent letters informing some 3,400 customers that their credit card data may have been compromised http://www.secuobs.com/revue/news/256685.shtmlhttp://www.secuobs.com/revue/news/256685.shtml Secuobs.com : 2010-09-10 12:03:48 - SPAMfighter News - The fourth largest credit card payments company of the United States' Heartland Payment Systems has decided to disburse a US 5 million 54 million payment to its financial services client 'Discover' on the grounds of data breach caused by a malware infection A whooping amount of US 36 Million had been already paid by the payments processor to American Express over the same breach, whereas Visa settled to limit its compensation claims to US 592 Million The entire agreement amount has come from the 140 Million Heartland set aside to cover up the overheads associated to the breach That sum comprises more than 26 million in lawful costs Remarkably, on January 20, 2009, the company proclaimed that unidentified attackers had penetrated its network's security and stole transaction data by means of malicious software The attack was noticed during an internal inquiry driven by warnings sent by Visa and MasterCard, regarding fake activity on some credits cards processed by the company Afterwards, authorities stated that as many as 130 Million debit and credit cards data was stolen that made it the biggest ever breach related to payment card data Owing to this incident, Heartland was detached from both Visa's and MasterCard's lists of providers in mid-march The company's subsidized banks have also been charged by both MasterCard and Visa as an end result of the attack, but though the Visa fines sum to under 1 Million, the ones charged by MasterCard represent above 50pourcents of the 126 Million The latter alleges that Heartland was unsuccessful to act correctly after learning of the breach, a claim that the company is determined to confront in court The attacks at Heartland and various other key retailers were afterwards traced to a bunch of cybercriminals headed by Miami-based Albert Gonzalez who was sentenced to 20 years federal prison in March 2010 Commenting on this recent settlement the Princeton, NJ based Heartland said that the agreement would clear out all issues amid the two companies, arising from the intrusion, as reported by The Security Pub on September 2, 2010 Robert Carr CEO, Heartland said that this agreement marked their final settlement with a card brand linked to the attack, as reported by The Security Pub on September 2, 2010 http://www.secuobs.com/revue/news/256684.shtmlhttp://www.secuobs.com/revue/news/256684.shtml Secuobs.com : 2010-09-10 12:03:48 - SPAMfighter News - The security company, Kaspersky Lab, lately released its publication, Monthly Malware Statistics for August 2010 As per the statistics, exploits and worms attacking Windows' shortcut vulnerabilities were the most prolific during August 2010 August 2010 witnessed a striking growth in malware attacking the CVE-2010-2568 vulnerability It was first employed by WormWin32Stuxnet, a network which gained infamy in late July 2010 and then again by VirusWin32Salityag, the Trojan-Dropper program that injects the most recent version of the Sality virus Naturally, the hackers grasped this new security breach in the most famous version of Windows Stuxnet worms which are made to exploit the Windows vulnerability stood at 9th and 12th place amid the list of top 20 harmful programs found by Kaspersky, while a Trojan dropper distributing Sality virus acquired 17th place Both of the exploits attacking CVE-2010-2568 that appear in the ranking are commonly detected in Russia, India, and Brazil as is Trojan-DropperWin32Salityr Remarkably, India is also the main source of the Stuxnet worm Vyacheslav Zakorzhevsky, Senior Malware Analyst at Kaspersky Labs said that the exploit, which prompted Microsoft to issue an emergency patch, generated vulnerable LNK shortcuts with names made to catch attention and circulated these across local networks, as reported by InfoSecuirty on August 2, 2010 Further, he stated that the malware gets initiated when a user opened a folder carrying one of these shortcuts Moreover, he added that the chief motive of Trojan dropper Trojan-DropperWin32Salityr was to download the recent and modified version of the Sality virus, a piece of malware that occupied 16th place on the lists Another remarkable finding is the constant production of Conficker alternatives being found by Kaspersky Following the last month's data, the firm informed that the worm's variants continue to hold three out of the top four positions on its harmful program list, which includes the number one spot too The ranking also has two harmful packers- PackedWin32Krapao twentieth place makes its first appearance, whereas WormWin32VBNAb fourteenth place featured in the June 2010 rankings Both of the programs protect malware from being found by security software and can be used to pack virtually any harmful programs http://www.secuobs.com/revue/news/256683.shtmlhttp://www.secuobs.com/revue/news/256683.shtml Secuobs.com : 2010-09-10 12:00:57 - Rootsecure.net - techdirt Are Swedish Police Violating Copyright Law In Creating Shoe Database http://www.secuobs.com/revue/news/256682.shtmlhttp://www.secuobs.com/revue/news/256682.shtml Secuobs.com : 2010-09-10 12:00:57 - Rootsecure.net - TCP IP World DNS Made Easy Suffers from Break in DDOS Attack http://www.secuobs.com/revue/news/256681.shtmlhttp://www.secuobs.com/revue/news/256681.shtml Secuobs.com : 2010-09-10 12:00:57 - Rootsecure.net - Softpedia Advanced Spam Sent via PHP Tool Hosted on Compromised Web Servers http://www.secuobs.com/revue/news/256680.shtmlhttp://www.secuobs.com/revue/news/256680.shtml Secuobs.com : 2010-09-10 11:26:04 - Crash Dump Analysis - Books in the post The German Genius, The Evolution Controversy, Prince Henry the Navigator A Life Memory dump analysis while listening to Raul Di Blasio Barroco Memory dump analysis while listening to 60s US-Punk Garage Psych Management bit and tip 0 100000 http wwwmanagementbitscom 2010 09 09 management-bit-and-tip-0 100000 Memorianic lunch Cultural Amnesia, Under the Loving Care of the Fatherly Leader, Secret Societies, The Slave Soul http://www.secuobs.com/revue/news/256679.shtmlhttp://www.secuobs.com/revue/news/256679.shtml Secuobs.com : 2010-09-10 11:23:38 - CNET France Spécial - Une vulnérabilité de type zero-day a été découverte dans le logiciel Adobe Les versions de Reader et Acrobat pour Windows, Mac et Linux sont concernées Lire l'article http://www.secuobs.com/revue/news/256678.shtmlhttp://www.secuobs.com/revue/news/256678.shtml Secuobs.com : 2010-09-10 10:43:16 - TrendLabs Malware Blog by Trend Micro - In this YouTube video, Trend Micro CTO Raimund Genes discusses how an attacker can use information from social networks such as LinkedIn and Facebook to hack into a corporate network The picture Raimund paints shows how attackers can get publicly available email addresses on social networks and send a customized targeted email to the person Post from TrendLabs Malware Blog - by Trend Micro Be Careful What You Reveal Online http://www.secuobs.com/revue/news/256677.shtmlhttp://www.secuobs.com/revue/news/256677.shtml Secuobs.com : 2010-09-10 10:39:34 - Security Bloggers Network - Each week, we ll highlight a major city in the US and cover the places and events you can go to in that area to get your security information fix This post is part of the information security communities People of the world probably know Houston as the location of NASA s Mission Control Center It s also the http://www.secuobs.com/revue/news/256676.shtmlhttp://www.secuobs.com/revue/news/256676.shtml Secuobs.com : 2010-09-10 10:39:34 - Security Bloggers Network - The dust has finally settled on the Australian federal election As everyone ought to know, the previous ruling party, and the previous Prime Minister, managed to cling somewhat precariously to power They didn't really win, since they ended up with fewer than half the seats in the House of Representatives But they didn't lose, either, http://www.secuobs.com/revue/news/256675.shtmlhttp://www.secuobs.com/revue/news/256675.shtml Secuobs.com : 2010-09-10 10:37:14 - Help Net Security News - In the video below, Trend Micro CTO Raimund Genes discusses how an attacker can use information from social networks such as LinkedIn and Facebook to hack into a corporate network http://www.secuobs.com/revue/news/256674.shtmlhttp://www.secuobs.com/revue/news/256674.shtml Secuobs.com : 2010-09-10 10:32:45 - Securosis Blog - I attended the OWASP Phoenix chapter meeting earlier this week, talking about database encryption The crowd was small as the meeting was the Tuesday after Labor day, rather than the normal Thursday slot Still, I had a good time, especially with the discussion afterwards We talked about a few things I know very little about Actually, there are several areas of security that I know very well There are a few that I know reasonably well, but as I don't practice them day to day I really don't consider myself an expert And there are several that I don't know at all And I find this odd, as it seemed that 15 years ago a single person could 'know' computer security If you understood netword security, access controls, and crypto, you had a pretty good handle on things Throw in some protocol design, injection, and pen test concepts and you were a freakin' guru Given the handful of people at the OWASP meeting, there were diverse backgrounds in the audience After the presentation we were talking about books, tools, and approaches to security We were talking about setting up labs and CTF training sessions Somewhere during the discussion it dawned on me just how much things have changed there are a lot of different subdisciplines in computer security Earlier this week Marcus Carey marcusjcarey tweeted There is no such thing as a Security Expert , which I have to grudgingly admit is probably true Looking across the spectrum we have everything from reverse engineering malware to disk drive forensics It's reached a point where it's impossible to be a 'security' expert, rather you are an application security expert, or a forensic auditor, or a cryptanalyst, or some other form of specialist We've undergone several evolutionary steps in understanding how to compromise computer systems, and there are a handful of signs we are getting better at addressing bad security The depth of research and knowledge in the field of computer security has progressed at a staggering rate, which keeps things interesting and means there is always something new to learn With Rich in Babyland, the Labor Day holiday, and me travelling this week, you'll have to forgive us for the brevity of this week's summary Webcasts, Podcasts, Outside Writing, and Conferences ---------------------------------------------------- Seven Features To Look For In Database Assessment Tools Adrian's Dark Reading post Favorite Securosis Posts ------------------------ Adrian Lane Market For Lemons Mike Rothman This week's Incite Iconoclastic Idealism Yes, voting for myself is lame, but it's a good piece Will be hanging on my wall as a reminder of my ideals Other Securosis Posts --------------------- New Release Data Encryption 101 for PCI Understanding and Selecting an Enterprise Firewall Technical Architecture, Part 1 Understanding and Selecting an Enterprise Firewall Application Awareness, Part 2 Favorite Outside Posts ---------------------- Adrian Lane Interview Questions I know it's a week old, but I just saw it, and some of it's really funny Mike Rothman Marketing to the Bottom of the Pyramid We live a cloistered, ridiculously fortunate existence Godin provides interesting perspective on how other parts of the world buy or don't buy innovation Project Quant Posts ------------------- NSO Quant Take the Survey and Win an iPad NSO Quant Manage IDS IPS Process Revisited NSO Quant Manage IDS IPS -- Monitor Issues Tune Research Reports and Presentations ---------------------------------- Data Encryption 101 A Pragmatic Approach to PCI White Paper Understanding and Selecting SIEM Log Management White Paper Endpoint Security Fundamentals Top News and Posts ------------------ IE 8 Bug Vuln popped up late last Friday Adobe Patches via Brian Krebs Apple OS X Security Patch Blog Comment of the Week ------------------------ Remember, for every comment selected, Securosis makes a 25 donation to Hackers for Charity This week's best comment goes to ds, in response to FireStarter Market for Lemons I guess this could be read both ways more insight as would be gained from researchers could help shift the ballance of information to the consumer, but it could also confirm the conclusion that a product was low quality I don't know of any related research that shows that consumer information helps improve consumer outcomes, though that would be interesting to see Does anyone know if the security seal programs actually improve user's perceptions And do those perceptions materialize in greater adoption Also may be interesting I don't think we need something like lemon laws for two reasons 1 The provable cost of buying a bad product for the consumer is nominal not likely to get any attention The cost of the security product failing are too hard to quantify into actual numbers so I am not considering these 2 Corporations that buy the really expensive security products have far more leverage to conduct pre-purchase evaluations, to put non-performance clauses into their contracts and to readily evaulate ongoing product suitability The fact that many don't is a seperate issue that won't in any case be fixed by the law - Adrian Lane 0 Comments IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/256673.shtmlhttp://www.secuobs.com/revue/news/256673.shtml Secuobs.com : 2010-09-10 10:32:06 - PenTestIT - USBsploit is a tool that is still in beta version and has been created by an Infosec researcher and owner of the popular portal Secubsimage This tool makes it simple for any person wanting to dump files from remote USB drives on multiple targets at the same time It works http://www.secuobs.com/revue/news/256672.shtmlhttp://www.secuobs.com/revue/news/256672.shtml Secuobs.com : 2010-09-10 10:31:05 - HiR Information Report - Ethercodes Is a Web-based, Collaborative Programming Notepad Beta goes live tomorrow Broadcom releases an open-source driver for its wireless chipsets LWNnet Finally IMAGE http://www.secuobs.com/revue/news/256671.shtmlhttp://www.secuobs.com/revue/news/256671.shtml Secuobs.com : 2010-09-10 10:20:03 - Infosec Island Latest Articles - The pace of growth at Reliance Communications is faster than that of other leading telcos in India, says Alpna Doshi, CIO, Reliance Communications In a chat with Rahul Neel Mani, she outlines the company s IT plans and growth initiatives in the immediate future http://www.secuobs.com/revue/news/256670.shtmlhttp://www.secuobs.com/revue/news/256670.shtml Secuobs.com : 2010-09-10 10:20:03 - Infosec Island Latest Articles - Recently I put four Windows 7 systems, fully patched updated, with current anti-virus, through the most difficult security test that I could imagine I unleashed seven teenagers upon them Two hours later, each computer was full of viruses http://www.secuobs.com/revue/news/256669.shtmlhttp://www.secuobs.com/revue/news/256669.shtml Secuobs.com : 2010-09-10 10:20:03 - Infosec Island Latest Articles - Understanding the DISA UNIX STIGs is difficult for first-timers and sends chills down the spines of system administrators who have used them before They are probably the most detailed set of security controls available which apply to a wide variety of operating systems http://www.secuobs.com/revue/news/256668.shtmlhttp://www.secuobs.com/revue/news/256668.shtml Secuobs.com : 2010-09-10 10:17:37 - Exploit DB updates - http://www.secuobs.com/revue/news/256667.shtmlhttp://www.secuobs.com/revue/news/256667.shtml Secuobs.com : 2010-09-10 10:17:37 - Exploit DB updates - http://www.secuobs.com/revue/news/256666.shtmlhttp://www.secuobs.com/revue/news/256666.shtml Secuobs.com : 2010-09-10 10:14:08 - Security Blog by Nagareshwar - We have been busy working on lot of things amid of next major release of SpyDLLRemover as mentioned in previous posts We also planned for minor update on StreamArmor Here is the brief update on each of these tools SpyDllRemover 40 We were right on schedule for last week mega release of SpyDllRemover but due http://www.secuobs.com/revue/news/256665.shtmlhttp://www.secuobs.com/revue/news/256665.shtml Secuobs.com : 2010-09-10 10:01:48 - Rootsecure.net - Net Security How your identity could be stolen on Facebook http://www.secuobs.com/revue/news/256664.shtmlhttp://www.secuobs.com/revue/news/256664.shtml Secuobs.com : 2010-09-10 09:56:38 - LinuxSecurity.com Latest News - LinuxSecuritycom News of the German ID card The sensitive personal information found on the new German identification cards with data chips scheduled for nationwide introduction this November can be easily hacked, according to testing done by a TV news show http://www.secuobs.com/revue/news/256663.shtmlhttp://www.secuobs.com/revue/news/256663.shtml Secuobs.com : 2010-09-10 09:26:19 - DarkReading All Stories - No zero-days on 'Exploit Hub' http://www.secuobs.com/revue/news/256662.shtmlhttp://www.secuobs.com/revue/news/256662.shtml Secuobs.com : 2010-09-10 09:26:19 - DarkReading All Stories - Experts say the right cyber risk insurance policy could save even small enterprises from catastrophic losses http://www.secuobs.com/revue/news/256661.shtmlhttp://www.secuobs.com/revue/news/256661.shtml Secuobs.com : 2010-09-10 09:23:12 - adafruit industries blog - Hans writes - I posted a quick How-To for the PowerSwitchTail Thanks for including the extra components, they worked like a charm with a low-current digital output pin Adapter Circuit The PowerSwitchTail requires 40ma to control the internal relay The IO-204 supplies 20ma on each of its 4 I O channels In order for the IO-204 to trigger http://www.secuobs.com/revue/news/256660.shtmlhttp://www.secuobs.com/revue/news/256660.shtml Secuobs.com : 2010-09-10 09:23:12 - adafruit industries blog - Nice USBTinyISP drivers for 64-bit Windows 7 Vista x64, Jeff writes - For some reason, the 32-bit versions of these operating systems don t prevent the unsigned drivers from being installed, although they do complain There are a few workarounds that involve hacking Windows or disabling digital signature checking, but thanks to a tip by user wayneft on the http://www.secuobs.com/revue/news/256659.shtmlhttp://www.secuobs.com/revue/news/256659.shtml Secuobs.com : 2010-09-10 08:53:19 - Slashdot Your Rights Online - Spliffster writes The German Pirate Party has disclosed some secret documents on how the EU is planning to monitor citizens The so called INDECT Documents describe how a seamless surveillance could or should be implemented across Europe The use of CCTV cameras, the internet social networks and even the use of UAVs are mentioned as data sources Two of the nine documents can be downloaded from the German Pirate Party's website PDFs in English IMAGE IMAGE Read more of this story at Slashdot IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/256658.shtmlhttp://www.secuobs.com/revue/news/256658.shtml Secuobs.com : 2010-09-10 08:52:40 - Risky Business - Tagline Are Flash and Air apps the mess you'd expect them to be Media URL http mediariskybiz RB167mp3Content HeadersContent Length 26468833 Content Type audio mpeg On this week's show we're taking a look at Flash applications With tonnes of thick client apps being replaced with apps built on Flash, we thought we'd have a chat to Azimuth Security's Alex Kouzemtchenko about what some of the pitfalls in developing Flash apps are This week's edition of the show is brought to you by Symantec, and we're stoked to have that company's CTO, Marc Bregman, on the show for this week's sponsor interview He's an interesting guy and he's got a lot to say, not surprisingly, about where we're all headed as an industry in light of the McAfee Intel deal Forum Topic Risky Business 167 -- Kuza talks about Flash and Air apps read more http://www.secuobs.com/revue/news/256657.shtmlhttp://www.secuobs.com/revue/news/256657.shtml Secuobs.com : 2010-09-10 08:22:38 - Spyware Sucks - The IP range 6525460 is a cesspool of badness at the moment, as evidenced by bad domains appearing in that IP range in recent times Here are some more for you If anybody using those domains approaches you for advertising, or they are given as credit references for a domain that doesn't appear here, or they are used for tags, proceed with extreme caution Feel free to leave a comment if you encounter other domains in association with those below hyperadnetworkscom ICANN Registrar BIZCNCOM, INC Created 30 August 2010 IP 6525460250 - Atlanta, Georgia, Global Net Access Llc Registrant HyperAdNetworks, Michael Heflin, info hyperadnetworkscom medjamcom ICANN Registrar BIZCNCOM, INC Created 30 August 2010 IP 6525460229 Registrant Media Jam LLC, James Calkins, domain medjamcom midsimcom ICANN Registrar BIZCNCOM, INC Created 26 August 2010 IP 6525460237 Shares IP with dbtrawcom Registrant medsimcom, DNS Admin, dns midsimcom dbtrawcom ICANN Registrar BIZCNCOM, INC Created 26 August 2010 Registrant dbtrawcom, DNS Admin, dns dbtrawcom creektelmediacom ICANN Registrar BIZCNCOM, INC Created 30 August 2010 IP 6525460242 Registrant Creek Media, Mike Hart, contact creektelmediacom pure-adscom ICANN Registrar BIZCNCOM, INC Created 1 September 2010 IP 6525460236 Registrant pure-adscom, Domain Admin, contact pure-adscom blerincom ICANN Registrar BIZCNCOM, INC Created 9 September 2010 IP 6525460240 Shares IP with jectarcom Registrant blerincom, Samantha Thompson, domains blerincom jectarcom ICANN Registrar BIZCNCOM, INC Created 7 September 2010 Registrant jectarcom, Loren Nelson, domains jectarcom foldntcom ICANN Registrar BIZCNCOM, INC Created 7 September 2010 IP 6525460251 Shares IP with compadarcom Registrant foldntcom, Andy Maddel, domains foldntcom compadarcom ICANN Registrar BIZCNCOM, INC Created 7 September 2010 Registrant compadarcom, Greg Madden, domains compadarcom fdcastcom ICANN Registrar BIZCNCOM, INC Created 25 August 2010 IP 6525460254 Shares IP with srapexcom and tecsrcom Registrant fdcastcom, DNS Admin, dns fdcastcom srapexcom ICANN Registrar BIZCNCOM, INC Created 25 August 2010 Registrant srapexcom, DNS Admin, dns srapexcom tecsrcom ICANN Registrar BIZCNCOM, INC Created 25 August 2010 Registrant tecsrcom, DNS Admin, dns tecsrcom fdflexcom ICANN Registrar BIZCNCOM, INC Created 26 August 2010 IP 6525460247 Registrant fdflexcom, DNS Admin, dns fdflexcom IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/256656.shtmlhttp://www.secuobs.com/revue/news/256656.shtml Secuobs.com : 2010-09-10 08:21:27 - Jon's Network - During Q3 2010, NSS Labs performed an independent group test of network intrusion prevention systems IPS currently on the market Each product was subjected to thorough testing at http://www.secuobs.com/revue/news/256655.shtmlhttp://www.secuobs.com/revue/news/256655.shtml Secuobs.com : 2010-09-10 08:10:31 - Social Media Security - This is the 16th episode of the Social Media Security Podcast recorded July 2, 2010 This episode was hosted by Tom Eston and Scott Wright Below are the show notes, links to articles and news mentioned in the podcast Quick update on Diaspora pronounced Di-as-para Here is a video update as well FTC nails Twitter http://www.secuobs.com/revue/news/256654.shtmlhttp://www.secuobs.com/revue/news/256654.shtml Secuobs.com : 2010-09-10 08:10:31 - Social Media Security - This is the 17th episode of the Social Media Security Podcast recorded August 13th, 2010 This episode was hosted by Tom Eston and Scott Wright Below are the show notes, links to articles and news mentioned in the podcast Researchers Show How Twitter, Twitpic Make Stalking Simple Check out ICanStalkUcom Robin Sage revealed at BlackHat http://www.secuobs.com/revue/news/256653.shtmlhttp://www.secuobs.com/revue/news/256653.shtml Secuobs.com : 2010-09-10 08:10:31 - Social Media Security - Just a quick post that I have updated the Facebook Privacy Security Guide to include information on configuring the privacy settings for Facebook Places You can find this on the first page under Sharing on Facebook Stay tuned for more information on Facebook Places in the next day or so Download the updated Facebook http://www.secuobs.com/revue/news/256652.shtmlhttp://www.secuobs.com/revue/news/256652.shtml Secuobs.com : 2010-09-10 08:10:31 - Social Media Security - This is the 18th episode of the Social Media Security Podcast recorded September 3, 2010 This episode was hosted by Tom Eston and Scott Wright and is our 1 year anniversary episode Thanks to everyone that has supported the podcast over the last year we really appreciate it Below are the show notes, links to articles http://www.secuobs.com/revue/news/256651.shtmlhttp://www.secuobs.com/revue/news/256651.shtml Secuobs.com : 2010-09-10 08:08:01 - Chosen Plaintext - One of the fun things about working for a small company is the sheer variety of the work I get to do Ostensibly, I have a Ruby on Rails job, but like all the developers I work with, I wear a variety of other hats, including Mac Linux sysadmin, HL7 interface developer, database driver debugger, resident http://www.secuobs.com/revue/news/256650.shtmlhttp://www.secuobs.com/revue/news/256650.shtml Secuobs.com : 2010-09-10 07:59:55 - Computer Security News - A former employee of a Baltimore drug abuse program was indicted Thursday on charges that he hacked into office computers and caused a pornographic image to be displayed during a PowerPoint presentation his boss was giving to the board of directors http://www.secuobs.com/revue/news/256649.shtmlhttp://www.secuobs.com/revue/news/256649.shtml Secuobs.com : 2010-09-10 07:59:07 - SPAMfighter News - Applicants for the CAT Common Admission Test, a test conducted to get admission into the most esteemed management institutes in India, the Indian Institutes of Management IIM , got a shock as the official website set up for the test was found infected with malware, as reported by Indiaedunews on September 02, 2010 The website started performing slow on August 31, 2010, distressing so many visitors Whenever the applicants visited the official CAT website wwwcatiimin an alert message popped up saying that the particular web page at catiimin had been reported as an attack page and had been blocked on user's security preference Even Google search declared that the CAT website may harm user's computer Although the website is not used for the purpose of online registration, candidates depend on this website for all important details such as dates and announcements As per the reports, by now this bug has affected many users who visited the website In the past also 2009 , the online exam proved to be a big failure as computers across various examination centres crashed because of technical faults Hence, now the crashing of website is panicking candidates about one more series of technical faults Moreover, the timing of the malware attack has panicked the candidates even more because as it has been just two days since the sale of CAT-2010 brochures and online registration commenced CAT officials admitted that the website was infected owing to some of the files they uploaded previously, as reported by Znews24 on September 2, 2010 Further, he clarified that the registration data was safe on other servers This particular website is primarily an information based website Thus, usually it does not save any sort of data All important details and CAT's data is stored safely on their other website iimprometriccom Prometric, the agency conducting the exam, released a statement saying that the matter was resolved and the affected website does not stock up any details or information about the candidate, as reported by Hindustan times on September 3, 2010 On the other hand, the website, wwwcatiimin, is still displaying alert messages when accessed through some specific browsers Security experts are recommending people who were affected by this website that they must be aware of the fact that even the best and reputed websites can prove dangerous to computers Thus, it's always secure to have a effective antivirus program running http://www.secuobs.com/revue/news/256648.shtmlhttp://www.secuobs.com/revue/news/256648.shtml Secuobs.com : 2010-09-10 07:59:07 - SPAMfighter News - According to the news published by SCMagazine on September 2, 2010, cybercriminals have stolen an approximate of 1 million from The University of Virginia UVA, USA This attack on the satellite campus of the University of Virginia's College Wise took place in the last week of August As per various sources aware of the case, cyber criminals stole money after hacking the computer of the university's accountant The criminals employed a computer virus to access the internet banking information for the University's accounts at BB T Bank, and commenced a single counterfeit wire transfer in the sum of 996,000 to the Agricultural Bank of China However, BB T rejected to comment on the issue On the other hand, Director of News and Media relations at UVA Wise, Kathy Still, rejected to provide details of the theft and said that the school was inspecting the hacking incident, as reported by SCMagazine on September 2, 2010 She added that what all she could say then was they have a possible computer hacking situation under investigation She also stated that no student data had been hacked According to the sources, FBI is exploring the matter and has the hard drive from the comptroller's system Commenting on the issue, a spokeswoman at FBI Headquarters in Washington, DC said that as a subject of organizational policy, the FBI does not accept or reject the reality of investigations, as reported by KrebsonSecurity on September 1, 2010 As per the security experts, attack on UVA Wise is the newest in a series of online bank crimes targeting towns, businesses, nonprofits, and schools Cybercriminals stole around more than 600,000 from the Catholic Diocese of Des Moines, Iowa The United States in the last week of August 2010 Besides, universities and schools were attacked by a gang of professional cyber thieves who stole around 117,000 from the Sanford School District in Sanford, Colorado United States in 2009, whereas funds were also stolen from schools in Oklahoma United States and Wisconsin United States http://www.secuobs.com/revue/news/256647.shtmlhttp://www.secuobs.com/revue/news/256647.shtml Secuobs.com : 2010-09-10 07:15:33 - Hack In The Box - Wednesday during an interview, Acer founder Stan Shih took a slight jab at Apple, comparing its products--namely the iPad, iPhone, and iPod Touch--to mutant viruses According to the exec, its difficult to find a cure for said viruses in the short-term, however he believes that the PC industry will eventually find a way to contain the infection, and become immune to its effects However Shih didn't completely devalue Steve Jobs and his accomplishments He noted the success of Apple's innovation and creativity through iTunes and the introduction of apps Shih said that PC vendors need to follow the lead and focus less on hardware and more on innovative software in order to grab a portion of the growing market Shih also added that Apple actually deserves a little respect While PC manufacturers have evolved naturally and developed products in a more solid way, the Apple boss has taken a different strategy, looking for a revolution But despite Apple's success, Shih believes that the PC market will eventually come out on top, as history dictates that a natural evolution builds a stronger industry backbone http://www.secuobs.com/revue/news/256646.shtmlhttp://www.secuobs.com/revue/news/256646.shtml Secuobs.com : 2010-09-10 06:38:38 - Slashdot Your Rights Online - angry tapir writes After weeks of a hung parliament following the Australian federal election, the incumbent Labor Party has garnered enough support among independent MPs to form a minority government Broadband was central to clinching the independents' support Labor's victory means the 43 billion National Broadband Network will push ahead The policy has generally been popular among ISPs and telcos though some rebel operators preferred a policy that emphasized wireless technologies, similar to the proposals put forward by Labor's opponents The primarily fiber-based NBN is set to offer Australians 1Gbps broadband IMAGE IMAGE Read more of this story at Slashdot IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/256645.shtmlhttp://www.secuobs.com/revue/news/256645.shtml Secuobs.com : 2010-09-10 06:25:04 - Information Security Resources - The CIO, CFO, and CEO Reporting Circle - Mobile Banking Application Development - Cloud Computing Definitions and Use Cases - Defense Industry to Become Big Cybersecurity Player - Memory-Only Malware Look Mom, No Files - Facebook Bug Invades Your Privacy Again - Stealing Secrets Social Engineering on the Phone http://www.secuobs.com/revue/news/256644.shtmlhttp://www.secuobs.com/revue/news/256644.shtml Secuobs.com : 2010-09-10 06:17:58 - Security Bloggers Network - I found this interesting article on the computer weekly website on how to protect data that is circling outside the enterprise firewall on non-IT-controlled devices, written by Andrew Jaquith of Forrester Research This article recognises that the ente http://www.secuobs.com/revue/news/256643.shtmlhttp://www.secuobs.com/revue/news/256643.shtml Secuobs.com : 2010-09-10 06:17:58 - Security Bloggers Network - We have secretary's day, presidents day, mothers day, fathers day, etc But I never suspected there would be a 'software developers day' or other professional recognition day in our field Twitter educated me otherwise, so I'm going with it Our profes http://www.secuobs.com/revue/news/256642.shtmlhttp://www.secuobs.com/revue/news/256642.shtml Secuobs.com : 2010-09-10 06:16:54 - Raymond.CC Blog - IMAGE IMAGE So yesterday, shortly after I finished writing last night s post on HMTL5, my girlfriend messaged me and asked me what the heck was going on with Google For those not living in US, UK, France, Germany, Italy, Spain or Russia, Google Instant was rolled out last night Seeing as I m a person who uses Google IMAGE http://www.secuobs.com/revue/news/256641.shtmlhttp://www.secuobs.com/revue/news/256641.shtml Secuobs.com : 2010-09-10 06:06:56 - Network Security Blog - Last week I joined Chris Hoff, aka Beaker, and Team Squirrel down in Palo Alto to play v0dgeball for the evening I can t say I was of much use, but it was awesome to watch Kim shimmy and twist her way out of almost every ball thrown at her And when it came down to http://www.secuobs.com/revue/news/256640.shtmlhttp://www.secuobs.com/revue/news/256640.shtml Secuobs.com : 2010-09-10 06:06:56 - Network Security Blog - Here s the CISSP Song by Rob Slade I m not going to try to sing it, but I hope someone does And I hope that someone sends me the recording to play on the podcast Thanks Rob CISSP Song Lyrics by Rob Slade slade victoriatcca Sung to the tune of The Major General s Song, from Pirates of http://www.secuobs.com/revue/news/256639.shtmlhttp://www.secuobs.com/revue/news/256639.shtml Secuobs.com : 2010-09-10 06:06:32 - Infosec Ramblings - Hi folks As you may have noticed, there has not been an IISB post in the last week or so Unfortunately, this is going to continue for a little bit I am taking a break from the IISB There is some other stuff that is taking some of my attention right and I also have some other http://www.secuobs.com/revue/news/256638.shtmlhttp://www.secuobs.com/revue/news/256638.shtml Secuobs.com : 2010-09-10 05:45:27 - Security Labs - So now pretty much everyone knows about the Adobe 0-day vulnerability found in the wild It is a classic stack buffer overflow inside CoolTypedll CoolTypedll has developed a bad reputation during the last few months This module has become a popular target for attackers Interestingly, the last jailbreakmecom exploit against iPhone also leverages a vulnerability inside a font processing routine And it is also a stack overflow You can check out our analysis here Looks like it's not using return address or SEH overwriting to gain EIP control, but controls some stack data and takes advantage of the calls made after the buffer overflow The buffer overflow itself is caused by a strcat API call on a fixed-size stack variable You might wonder what element of a PDF document can cause this issue A blog post titled Return of the Unpublished Adobe Vulnerability from the Metasploit project identifies the uniqueName field in a SING table as causing the issue So we dug into the issue by writing our own PDF parser to see what we can find The SING specification can be found in GlyDevKitzip The archive contains the specification file named Gaiji SING Glyphlet Specpdf Illustration 1 Malicious PDF Dissection Illustration 1 shows the SING table that is breaking Adobe parsing code The uniqueName field is supposed to hold an ASCII string The specification document clearly states that the uniqueName field is 28 bytes long and 7-bit ASCII with null-termination The problem with the data here is that it's not null-terminated Illustration 2 Raw Data of SING Table Illustration 2 shows the raw data causing the overflow Illustration 3 The Vulnerable Code with Unsafe strcat Call Illustration 3 shows the actual code that leads to buffer overflow When the block starts, the eax register holds the pointer to the start of the SING table The offset to uniqueName 10h is added to the register at the first instruction 00803DD9F It is used directly for strcat operation without any kind of sanitization or verification At the very least, the code should force null termination or verify null termination Or they can just copy a fixed size of data out of the uniqueName field because it's a fixed-sized field Illustration 4 Contaminated Stack after Overflow After the strcat call is performed the stack is ruined as shown in Illustration 4 So with this Adobe 0-day, we can learn two lessons First, don't trust any user data and don't pass any data without sanitization or verification Second, it might be time to throw away old unsafe string APIs Thanks to Mila Parkour for providing the sample http://www.secuobs.com/revue/news/256637.shtmlhttp://www.secuobs.com/revue/news/256637.shtml Secuobs.com : 2010-09-10 05:34:54 - Reverse Engineering - submitted by agustingianni link comment http://www.secuobs.com/revue/news/256636.shtmlhttp://www.secuobs.com/revue/news/256636.shtml Secuobs.com : 2010-09-10 05:34:54 - Reverse Engineering - submitted by rolfr link comment http://www.secuobs.com/revue/news/256635.shtmlhttp://www.secuobs.com/revue/news/256635.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - DNS has restored services and mended customer relationship since being victim to a denial of service attack at a 50Gbps It still remains unclear who the hacking culprits are and for what reason they interfered with DNS Made Easyâ s System One forecasted reason is that hackers with a possible grudge with the DNS Made Easy Website may have hired a botnet to flood DNS Made Easy with endless and worthless traffic Lasting up to eight hours, the company said that 15 hours of actual downtime was experienced at the time of the attack Just after the first sign of attack carriers such as Level3, Tata, Tinet, GlobalCrossing, and Deutsche Telekom supported DNS Made Easy to block the hackers The size of the attack was so large that it immediately infested the core of the network with junky traffic http://www.secuobs.com/revue/news/256634.shtmlhttp://www.secuobs.com/revue/news/256634.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - Apple on Thursday loosened rules for applications built for its iPhones, iPods, and iPads in a move that promises to make it easier for friends and rivals to get programs on the popular gadgets The California company also pulled back the curtain on its long private review guidelines that third-party applications must meet to get into Apple's online App Store The announcement was expected to appease software makers who have complained about constraints on code for Apple gadgets and the mystery shrouding the App Store vetting process We are continually trying to make the App Store even better, Apple said in its announcement We have listened to our developers and taken much of their feedback to heart http://www.secuobs.com/revue/news/256633.shtmlhttp://www.secuobs.com/revue/news/256633.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - Microsoft plans to release nine patches for security holes in a handful of its products when it ships its September security fixes on Tuesday, the company said The patches, which can each include numerous fixes, are part of Microsoft's NASDAQ MSFT regular monthly Patch Tuesday security release, during which the company issues most of its fixes for security-related holes in its software On the Thursday prior to Patch Tuesday, Microsoft sends advance notifications to customers as a heads-up to give them some idea of how much time and effort they'll have to plan for installing and testing the coming patches This month we will be releasing nine bulletins addressing 13 vulnerabilities affecting Windows, Internet Information Services IIS , and Microsoft Office, Carlene Chmaj, security response communications manager, said in a post to the Microsoft Security Response Center MSRC blog Four of the nine patches are rated as critical, the highest in Microsoft's four-tier vulnerability severity ranking http://www.secuobs.com/revue/news/256632.shtmlhttp://www.secuobs.com/revue/news/256632.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - When Apple offered patches last month for two software vulnerabilities in its iOS operating system that allowed usersâ or cybercriminalsâ to completely take control of the phone, the company put customers who had used that â Jailbreakmeâ exploit in a quandary Patch the system and stay secure from malicious attacks, or keep their freedom to install much-loved unauthorized apps Just hours after Apple released iOS 41 today, however, a group of hackers confirmed that theyâ ve created a new method for jailbreaking iPhones And this time the security-inclined neednâ t worry Unlike Jailbreakme, which required merely visiting a website, the new â bootromâ exploit, which has yet to be released, requires the phone to be hooked up to a computer with a cable That means itâ s fairly impossible for a cybercriminal to reverse engineer the exploit and use it for unfriendly purposes â This is unlikely to create malware problems, as it can not be used to execute code just by clicking a link as jailbreakme did ,â F-secure researcher Mikko Hypponen reassured me in an email Hypponen had been one of the most vocal critics of Jailbreakme, predicting that if Apple didnâ t release a patch, it would be a matter of days until the exploit was reverse-engineered and used by malicious hackers http://www.secuobs.com/revue/news/256631.shtmlhttp://www.secuobs.com/revue/news/256631.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - Traditional Web hackers are increasingly landing their services to spammers by allowing them to run advanced mass mailing tools from the compromised servers Such a specialized Web-based application was located by security researchers from antivirus vendor Kaspersky Lab on hacked servers in Brazil, a country where spam and phishing are amongst the top cybercriminal activities During my daily analysis, I found an interesting shell for mass mailing The code shows it was developed locally in Brazil, Dmitry Bestuzhev, a Kaspersky Lab expert, writes By editing the original PHP code, the criminal can fake the 'original headers' of the messages they send, he explains http://www.secuobs.com/revue/news/256630.shtmlhttp://www.secuobs.com/revue/news/256630.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - HEI Hospitality, owner and operator of upscale hotels operating under the Marriott, Sheraton, Westin and other monikers, has sent letters informing some 3,400 customers that their credit card data may have been compromised The warning stems from an intrusion into point of sale systems at several HEI properties earlier this year, which could have allowed card holder data being to be illegally accessed, the company said in the letter The intrusion could have exposed to hackers a variety of information, including credit card types, credit card numbers, expiration dates and security codes stored in the magnetic stripe on the back of each card The intrusions occurred between March and April, and the company sent out notification letters in August The breach appears to have stayed largely under the media radar until it was reported this week by Databreachesnet http://www.secuobs.com/revue/news/256629.shtmlhttp://www.secuobs.com/revue/news/256629.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - The biggest mobile phone chip designer successfully keeps competition at bay while venturing into new segments The demand for chipsets and microprocessors in the mobility space â mobile phones, navigation devices, iPods, music players and cameras â is virtually exploding No wonder that chip manufacturer Intel has been trying to garner a pie of this growing market, which so far has been dominated by UK-based ARM With a revenue of close to 490 million and a market cap of about 6 billion, ARM is no match to Intel because of the latter's sheer size But the company ARM , which is an undisputed leader in the mobile phone market has been giving Intel a run for its money http://www.secuobs.com/revue/news/256628.shtmlhttp://www.secuobs.com/revue/news/256628.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - The Internet is a vehicle for bringing together people with common interests, but Shadowcrew was not your everyday social network Shadowcrew was a notorious criminal conspiracy that operated from August 2002 to October 2004 It was a wake-up call for corporations, particularly retailers, with vulnerable networks This community of credit-card fraudsters and identity thieves participated in an Internet-based exchange, a high-tech twist on trafficking in stolen goods Shadowcrewcom was like a version of eBay for buyers and sellers from the black hat, or criminal side, of the hacker community The Shadowcrew conspiracy revealed network and database security problems were pervasive Despite a decade of Internet commerce and an even longer history of criminal exploitation of credit cards, Shadowcrew confirmed there was still big money to be made due to weak security measures It revealed a global community of criminal hackers was profiting from exploiting vulnerable networks and servers the hacker's penetrations were not always detected Why would a bank robber risk using explosives if he can find a bank vault that's routinely left open and no one notices repeated intrusions http://www.secuobs.com/revue/news/256627.shtmlhttp://www.secuobs.com/revue/news/256627.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - Judicial authorities in Greece say they have ordered a new investigation into wiretapping that targeted Greece's prime minister and other senior officials during the 2004 Olympic Games in Athens Senior judge Yiannis Sakellakos ordered the investigation Thursday A probe that ended in 2008 failed to produce any suspects The new investigation broadens the scope of potential charges from violation of privacy to espionage Former Prime Minister Costas Karamanlis and senior government and military officials, as well as human rights activists and journalists, were among 106 users of the Greece Vodafone mobile network targeted by unknown hackers from just before the August 2004 Games until March 2005 http://www.secuobs.com/revue/news/256626.shtmlhttp://www.secuobs.com/revue/news/256626.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - The more apps companies deploy, the more complicated vulnerability management becomes In the rush to find every security hole and seal it off from potential hackers, it's easy to let something important slip through That's especially true if you're an IT administrator juggling several tasks of which security is one Security practitioners can't catch everything But by breaking vulnerability management down to the basic parts, it may be possible to mount a more effective defense CSO attended SANS Boston 2010 last month in search of those basics What follows is the first of a three-part series on vulnerability management, based on a training session taught by SANS Institute President Stephen Northcutt called SANS Security Leadership Essentials for Managers with Knowledge Compression Before getting into all the vulnerability management tools and techniques, which we'll cover in the next two articles, we begin by getting to the bottom of what vulnerability management is http://www.secuobs.com/revue/news/256625.shtmlhttp://www.secuobs.com/revue/news/256625.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - With the release of yesterday's PS3_FTP_Server which enabled easy access to dev_hdd0, dev_flash, dev_flash2, dev_flash3 and dev_bdvd on the PS3, several developers are now examining the PlayStation 3's dev_flash and registry entries Forum user diemetal has let us know today that Spanish PS3 developer DemonHades has began to analyze dev_flash from PS3 Firmware version 341, stating the following roughly translated TeamHades has removed the three dev_flash that PS3 has Thanks to the Homebrew PS3News we needed to extract PS3 FTP Server We begin the analysis with some pictures of their content, we will later file by file documenting that we are not able to do anything and escape in the future a stable CFW RichDevx has also tweeted some pictures of the PS3 flash contents and registry entries today http://www.secuobs.com/revue/news/256624.shtmlhttp://www.secuobs.com/revue/news/256624.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - A new variant of the SMS trojan for Android-based devices is being distributed through poisoned search results as an adult content video player Early last month Kaspersky Lab discovered a trojan packaged as an APK application for the Android smartphone operating system, which sent SMS messages to premium rate numbers without authorization Security researchers from the Russian antivirus vendor have now identified a new version of the same malware being distributed through black hat search engine optimization BHSEO techniques BHSEO involves artificially inflating the PageRank of malicious websites, with the purpose of pushing them at the top of the search engine results for particular keywords http://www.secuobs.com/revue/news/256623.shtmlhttp://www.secuobs.com/revue/news/256623.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - Google launched its streaming search engine yesterday called Google Instant, which provides people with instant, real-time search results, and also opens the doors to search engine optimisation SEO poisoning and other problems, according to insecurity experts The problem comes from hackers who create malware or fake antivirus programs and then manage to poison Google's search results in order to get their software high on the list This is often called blackhat SEO, as it will use traditional SEO tactics but for malicious reasons All search engines, but Google in particular, are at risk of blackhat SEO and that is not a new problem However, because Google Instant literally searches for everything as you type, you could be forced into a situation where you are unwittingly searching for rogueware http://www.secuobs.com/revue/news/256622.shtmlhttp://www.secuobs.com/revue/news/256622.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - The government is to review the extradition situation between the UK and the US, prompted by cases such as the tug of war over accused hacker Gary McKinnon In a speech in the House of Commons, home secretary Theresa May said I am today announcing to parliament the government's plans to review the UK's extradition arrangements , before acknowledging the flack that it has faced over McKinnon's and others' possible treatment in the US There are a number of areas of the UK's extradition arrangements which have attracted significant controversy in recent years, she noted, explaining that perhaps there is a need to give the UK some discretion in its extradition requirements The review will also consider whether the US-UK extradition treaty is unbalanced May said that the laws would be subject to review, and that she expected this to be completed by the summer of 2011 http://www.secuobs.com/revue/news/256621.shtmlhttp://www.secuobs.com/revue/news/256621.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - Apple's servers are probably still steaming hot from the rush to download iOS41 but hackers have already found a bootrom-based exploit which will could allow them to tinker with any device that uses the mobile operating system The recent update slammed the door on a number of methods including the web-based JailbreakMe, which allowed a number of iDevices to run unapproved software, but coders from both the infamous iPhone Dev Team and Chronic Dev Team are already reporting successful exploits aimed at the gadgets' bootroms If this turns out to be the case, Apple will have its work cut out stopping jailbreakers, as a simple firmware update won't be enough to close the hole Could this be the Holy Grail for iPhone fans a permanent jailbreak that can't be circumvented my an iOS4 software update We'll have to wait and see http://www.secuobs.com/revue/news/256620.shtmlhttp://www.secuobs.com/revue/news/256620.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - Hot on the heels of Appleâ s decision to increase, ever so slightly, the opportunities for devs to use different frameworks for iPhone app creation, Adobe announced that its resuming work on its Flash-to-iPhone system for Flash Professional CS5 Here is the relevant quote Appleâ s announcement today that it has lifted restrictions on its third-party developer guidelines has direct implications for Adobeâ s Packager for iPhone, a feature in the Flash Professional CS5 authoring tool This feature was created to enable Flash developers to quickly and easily deliver applications for iOS devices The feature is available for developers to use today in Flash Professional CS5, and we will now resume development work on this feature for future releases http://www.secuobs.com/revue/news/256619.shtmlhttp://www.secuobs.com/revue/news/256619.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - If you have in-demand skills, your asking price is probably above market rateâ even with the slow growth of technology jobs, say hiring managers and recruiters polled in an August survey by online job board Dicecom Fifty-one percent of 1,350 IT decision makers polled said they are having to sweeten salaries for highly sought-after tech talent, though about 22 percent of workers are not willing to leave their current jobs Caution about the economy is still in the air for employers and workers alike But if you are receiving offers, don't be afraid to try to get the best salary possible Indeed, money dominates the enticement list, whether it's higher salaries or sign-on bonuses sometimes necessary to help with relocation, Tom Silver, senior vice president of Dice, said in a Sept 8 statement But No 3 on the list might surprise you flexible work options, including telecommuting http://www.secuobs.com/revue/news/256618.shtmlhttp://www.secuobs.com/revue/news/256618.shtml Secuobs.com : 2010-09-10 05:08:45 - Hack In The Box - The obscure Christian pastor who planned to mark the ninth anniversary of September 11 attacks by burning copies of the Koran has had his website pulled from the internet, the hosting company said Dan Goodgame, a spokesman for popular web host Rackspace Hosting, said two websites operated by the Dove World Outreach Center, the tiny Gainesville, Florida church run by pastor Terry Jones, had been shut down Jones, 58, has generated international attention and has been widely condemned for arguing that as an American Christian he has a right to burn Islam's holy book because it's full of lies One of two websites, used to drum up publicity ahead of Jones's planned Koran book-burning on Saturday, used the domain name Islam is of the Devil Goodgame said Dove World Outreach Center had violated hate speech provisions of its contract with Rackspace http://www.secuobs.com/revue/news/256617.shtmlhttp://www.secuobs.com/revue/news/256617.shtml Secuobs.com : 2010-09-10 05:05:20 - Exploit DB updates - http://www.secuobs.com/revue/news/256616.shtmlhttp://www.secuobs.com/revue/news/256616.shtml Secuobs.com : 2010-09-10 05:05:20 - Exploit DB updates - http://www.secuobs.com/revue/news/256615.shtmlhttp://www.secuobs.com/revue/news/256615.shtml Secuobs.com : 2010-09-10 04:56:08 - Mind Of Root - Recorded September 9, 2010 Your Host Keith Albright Show Length 26 16 Topics Links Promise VessRAID iSCSI Storage Appliance BackupExec problem - Sector size on destination drive causing problems backing up Exchange Logs Main Backup server died - primarily used with DFS to mirror main site Epson Workforce 520 AIO TWAIN SANE Read the full show notes here Website Picks Sorry - None this week Listen Now Download Here http://www.secuobs.com/revue/news/256614.shtmlhttp://www.secuobs.com/revue/news/256614.shtml Secuobs.com : 2010-09-10 04:29:20 - securitystream.info - I'd just bought Barnaby Jack a pint of Harp when it hit me Shouldn't he be buying my beer Jack, as you might know, is the good-guy hacker who figured out a way to digitally hijack ATMs and command them to spit out 20 bills Related posts 1 Hacker develops multi-platform rootkit for ATMs 2 BofA Worker to Plead Guilty for Hacking ATMs 3 McAfee s Network Security Share Will Grow http://www.secuobs.com/revue/news/256613.shtmlhttp://www.secuobs.com/revue/news/256613.shtml Secuobs.com : 2010-09-10 04:06:50 - Security Bloggers Network - Police raids of parties in San Francisco at the end of 2009 started a series of protests and then legal action by the EFF The EFF site makes the case that police acted in violation of the law San Francisco law currently requires after-hours parties with live DJs to get a permit, and failure of those http://www.secuobs.com/revue/news/256612.shtmlhttp://www.secuobs.com/revue/news/256612.shtml Secuobs.com : 2010-09-10 03:58:24 - Office of Inadequate Security - As if we needed yet another reminder of why you need to ensure ex-employees can no longer access the network, the Baltimore Sun reports It happened one day last year, as more than a dozen board members of a Baltimore substance abuse center had gathered around a conference room The CEO was giving a PowerPoint http://www.secuobs.com/revue/news/256611.shtmlhttp://www.secuobs.com/revue/news/256611.shtml Secuobs.com : 2010-09-10 03:55:41 - EEVblog Electronics Engineering Video Blog - Dave takes you step-by-step through designing a DC-DC converter using the venerable MC34063 And then he build it and checks the performance http://www.secuobs.com/revue/news/256610.shtmlhttp://www.secuobs.com/revue/news/256610.shtml Secuobs.com : 2010-09-10 03:52:09 - Cryptome - September 9, 2010 http://www.secuobs.com/revue/news/256609.shtmlhttp://www.secuobs.com/revue/news/256609.shtml Secuobs.com : 2010-09-10 03:43:22 - Bluetouff's blog - Il y a quelques semaines maintenant je vous disais que l ACTA était une bataille gagnable Mercredi dernier, ce sont 377 sur 736 députés, soit une petite majorité, qui ont signé la Déclaration 12, un texte dénonçant l absence d un processus transparent et la présence d un contenu potentiellement controversé Le texte met aussi en garde sur la responsabilité http://www.secuobs.com/revue/news/256608.shtmlhttp://www.secuobs.com/revue/news/256608.shtml Secuobs.com : 2010-09-10 03:35:17 - Symantec Connect Security Response Blog Entries - Security Response has confirmed reports of a worm spreading through email under the subject Here you have The mail to the unsuspecting recipient claims to be providing a document available through a URL The URL is spoofed and actually points to a malicious binary being hosted on a different server The email will appear similar to the following In this instance, the actual file downloaded would be named PDF_Document21_025542010_pdfscr and is housed on the domain membersmultimaniacouk This file is a minor variation of W32ImsolkA mm The main characteristics of the worm s functionality are as follows Spread through mapped drives through autorun Spread through email by taking contacts from the address book Spread through instant messenger Disables various security related programs Symantec users will be protected from this threat under the name Trojan Horse , if virus definitions version 20100909023 or later are applied Additionally, products that support Download Insight functionality will trigger on the attempted download A forthcoming update will identify the malware under a more appropriate W32ImsolkB mm detection name http://www.secuobs.com/revue/news/256607.shtmlhttp://www.secuobs.com/revue/news/256607.shtml Secuobs.com : 2010-09-10 03:30:43 - Threat Level - A new TSA terror warning seems to be targeting photographers in hoodies as a national security threat That s the way photographers are viewing a new poster distributed by the Transportation Security Administration to encourage airport employees to report suspicious activity The poster shows a man in a hooded sweatshirt pointing a telephoto lens at something on an http://www.secuobs.com/revue/news/256606.shtmlhttp://www.secuobs.com/revue/news/256606.shtml Secuobs.com : 2010-09-10 03:29:51 - Computer Security News - I'd just bought Barnaby Jack a pint of Harp when it hit me Shouldn't he be buying my beer Jack, as you might know, is the good-guy hacker who figured out a way to digitally hijack ATMs and command them to spit out 20 bills http://www.secuobs.com/revue/news/256605.shtmlhttp://www.secuobs.com/revue/news/256605.shtml Secuobs.com : 2010-09-10 03:29:10 - Information Security Videos The Academy Pro - Today we have five Panda Security videos The featured video of the day demonstrates how to manage bandwidth classes with Panda Cloud Internet Protection We also take a look at adding bandwidth policies, creating a streaming policy and an alert recipient, as well as viewing the admin audit log You can follow The Academy Pro updates http://www.secuobs.com/revue/news/256604.shtmlhttp://www.secuobs.com/revue/news/256604.shtml Secuobs.com : 2010-09-10 02:42:40 - adafruit industries blog - NEW TUTORIALS Chumby hackerboard Wi-Fi and audio streaming http://www.secuobs.com/revue/news/256603.shtmlhttp://www.secuobs.com/revue/news/256603.shtml Secuobs.com : 2010-09-10 02:39:41 - threatpost The First Stop for Security News - There appears to be an actual email worm in circulation right now, using the tried-and-true infection method of sending emails containing malicious executables to all of the names in a user's email address book Shorten URL Click to copy short URL Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/256602.shtmlhttp://www.secuobs.com/revue/news/256602.shtml Secuobs.com : 2010-09-10 02:21:42 - Sh4ka.fr Security For Fun - Second write up concernant le leetMore CTF, il s agit d une épreuve sur laquelle j ai travaillé avec un collègue de Nibbles, j ai nommé StalkR Voici l énoncé qui nous était fournis Task LameHackers Points 200 Category crypto Greetings from LameHackers Inc We have hacked into the internal Pentagon computer system and managed to steal their text-file-where-they-keep-the-root-password But http://www.secuobs.com/revue/news/256601.shtmlhttp://www.secuobs.com/revue/news/256601.shtml Secuobs.com : 2010-09-10 02:20:06 - SecureState Information Security Blog - http://www.secuobs.com/revue/news/256600.shtmlhttp://www.secuobs.com/revue/news/256600.shtml Secuobs.com : 2010-09-10 02:17:34 - Slashdot Your Rights Online - An anonymous reader writes The Swedish police, who have been instrumental in various raids against file sharing sites apparently may have a bit of a piracy problem on their own hands It seems that they wanted to put together a database of shoe print info for matching shoe prints to the type of shoe at crime scenes To do so, they used images found online, and some Swedish copyright experts have noted that this appears to violate Swedish copyright law The police claim that there's an exception for police investigations, but people and some shoe companies are pointing out that creating a database isn't about an investigation IMAGE IMAGE Read more of this story at Slashdot IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/256599.shtmlhttp://www.secuobs.com/revue/news/256599.shtml Secuobs.com : 2010-09-10 02:10:49 - National Vulnerability Database - Double free vulnerability in WebKit in Apple iOS before 41 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to the rendering of an inline element http://www.secuobs.com/revue/news/256598.shtmlhttp://www.secuobs.com/revue/news/256598.shtml Secuobs.com : 2010-09-10 02:10:49 - National Vulnerability Database - The Accessibility component in Apple iOS before 41 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors http://www.secuobs.com/revue/news/256597.shtmlhttp://www.secuobs.com/revue/news/256597.shtml Secuobs.com : 2010-09-10 02:10:49 - National Vulnerability Database - FaceTime in Apple iOS before 41 on the iPhone and iPod touch does not properly handle invalid X509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate http://www.secuobs.com/revue/news/256596.shtmlhttp://www.secuobs.com/revue/news/256596.shtml Secuobs.com : 2010-09-10 02:10:49 - National Vulnerability Database - ImageIO in Apple iOS before 41 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted TIFF file http://www.secuobs.com/revue/news/256595.shtmlhttp://www.secuobs.com/revue/news/256595.shtml Secuobs.com : 2010-09-10 02:10:49 - National Vulnerability Database - Use-after-free vulnerability in WebKit in Apple iOS before 41 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving selections http://www.secuobs.com/revue/news/256594.shtmlhttp://www.secuobs.com/revue/news/256594.shtml Secuobs.com : 2010-09-10 02:10:49 - National Vulnerability Database - WebKit in Apple iOS before 41 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors involving HTML object outlines http://www.secuobs.com/revue/news/256593.shtmlhttp://www.secuobs.com/revue/news/256593.shtml Secuobs.com : 2010-09-10 02:10:49 - National Vulnerability Database - WebKit in Apple iOS before 41 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors involving form menus http://www.secuobs.com/revue/news/256592.shtmlhttp://www.secuobs.com/revue/news/256592.shtml Secuobs.com : 2010-09-10 02:10:49 - National Vulnerability Database - Use-after-free vulnerability in WebKit in Apple iOS before 41 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving scrollbars http://www.secuobs.com/revue/news/256591.shtmlhttp://www.secuobs.com/revue/news/256591.shtml Secuobs.com : 2010-09-10 02:10:49 - National Vulnerability Database - Buffer overflow in ImageIO in Apple iOS before 41 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted GIF file http://www.secuobs.com/revue/news/256590.shtmlhttp://www.secuobs.com/revue/news/256590.shtml Secuobs.com : 2010-09-10 02:10:49 - National Vulnerability Database - Stack-based buffer overflow in CoolTypedll in Adobe Reader and Acrobat 934 and earlier allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted TTF font in a PDF document, as exploited in the wild in September 2010 NOTE some of these details are obtained from third party information http://www.secuobs.com/revue/news/256589.shtmlhttp://www.secuobs.com/revue/news/256589.shtml Secuobs.com : 2010-09-10 02:10:49 - National Vulnerability Database - Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition SSE , 3x before build 56936 and 4x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors http://www.secuobs.com/revue/news/256588.shtmlhttp://www.secuobs.com/revue/news/256588.shtml Secuobs.com : 2010-09-10 02:10:49 - National Vulnerability Database - Unspecified vulnerability in RSA Access Manager Agent 471 before 4717, when RSA Adaptive Authentication Integration is enabled, allows remote attackers to bypass authentication and obtain sensitive information via unknown vectors http://www.secuobs.com/revue/news/256587.shtmlhttp://www.secuobs.com/revue/news/256587.shtml Secuobs.com : 2010-09-10 02:10:49 - National Vulnerability Database - RSA Access Manager Server 553 before 553172, 604 before 60453, and 61 before 61201 does not properly perform cache updates, which allows remote attackers to obtain sensitive information via unspecified vectors http://www.secuobs.com/revue/news/256586.shtmlhttp://www.secuobs.com/revue/news/256586.shtml Secuobs.com : 2010-09-10 01:56:28 - Hack a Day - Here s a watering can and water vortex that are controlled with a webkit browser interface The interface displays a drawing of the watering can on your browser If you grab one of the handles on the circle around the image and move it, the can will rotate as well Okay, so this isn t going to http://www.secuobs.com/revue/news/256585.shtmlhttp://www.secuobs.com/revue/news/256585.shtml Secuobs.com : 2010-09-10 01:53:47 - TrendLabs Malware Blog by Trend Micro - Trend Micro received several reports of a spammed message containing a link that leads to the download of a malware detected as WORM_MEYLMEB The spammed message bears the subject, Here you have and informs users of a certain PDF document When the users point the mouse in the URL, hxxp www BLOCKED ocumentscom library PDF_Document21025542010pdf or hxxp www BLOCKED oviescom library SEX21025542010wmv, it indicates a Post from TrendLabs Malware Blog - by Trend Micro Old Malware Out of its Shell http://www.secuobs.com/revue/news/256584.shtmlhttp://www.secuobs.com/revue/news/256584.shtml Secuobs.com : 2010-09-10 01:53:08 - SophosLabs blog - Just a quick update that we are seeing reports of an old-school mass-mailing worm doing the rounds currently The emails it sends contain a link that pretends to point to a PDF, but it in fact points to a VisualBasic PE executable So it has nothing to do with the latest Adobe 0-day we mentioned http://www.secuobs.com/revue/news/256583.shtmlhttp://www.secuobs.com/revue/news/256583.shtml Secuobs.com : 2010-09-10 01:49:13 - Security Bloggers Network - One trend in the past few years is the elimination of printed paper bills, those things that used to arrive in your mail box every month The San Jose Water Company was one of the last holdouts in this, and even they've finally made the move to electronic bills, so that I now write a total of ZERO checks per month This move to electronic bills has probably had some negative affects for some people, however I remember talking to a person in the finance department of Cincinnati Gas and Electric several years ago who told me about how they http://www.secuobs.com/revue/news/256582.shtmlhttp://www.secuobs.com/revue/news/256582.shtml Secuobs.com : 2010-09-10 01:49:13 - Security Bloggers Network - Adobe has confirmed active attacks on a new vulnerability in their Reader and Acrobat software, which if exploited, could lead to full system compromise The attacks, based on recent research, are using ROP Return Oriented Programming to bypass DEP a http://www.secuobs.com/revue/news/256581.shtmlhttp://www.secuobs.com/revue/news/256581.shtml Secuobs.com : 2010-09-10 01:49:13 - Security Bloggers Network - Microsoft's September Security Updates will have a quite substantial 9 bulletins addressing a total of 13 vulnerabilities Four bulletins have a rating of Critical and affect Windows XP, Windows 2003 and Vista Once again, Windows 7 and Wind http://www.secuobs.com/revue/news/256580.shtmlhttp://www.secuobs.com/revue/news/256580.shtml Secuobs.com : 2010-09-10 01:49:13 - Security Bloggers Network - Accountability is a problem that I come across in PCI DSS time and time again Recent challenges with ownership and accountability prompts me to write this post Complex systems require a complex set of controls to ensure that these systems work as http://www.secuobs.com/revue/news/256579.shtmlhttp://www.secuobs.com/revue/news/256579.shtml Secuobs.com : 2010-09-10 01:49:13 - Security Bloggers Network - Adobe Acrobat Reader and Adobe Acrobat contains a programming error that may allow a remote attacker to execute code on an affected system The problem occurs when parsing TrueType font data More info http wwwsnortorg vrt advisories 2010 09 09 v http://www.secuobs.com/revue/news/256578.shtmlhttp://www.secuobs.com/revue/news/256578.shtml Secuobs.com : 2010-09-10 01:42:10 - 4sysops - Google Public DNS is an open DNS service that could be an interesting alternative to your ISP s DNS service DNS is a very simple but essential service Without a proper functioning DNS server, nothing works in IT A sluggish DNS server can slow down your surfing speed dramatically, and a hacked DNS server is a http://www.secuobs.com/revue/news/256577.shtmlhttp://www.secuobs.com/revue/news/256577.shtml Secuobs.com : 2010-09-10 01:42:10 - 4sysops - System Center Operations Manager 2007 R2 Documentation New Amazon EC2 Micro Instances New, Low Cost Option for Low Throughput Applications Linux 002, Windows 003 Microsoft IT Starts Migration of Microsoftcom to Windows Azure Platform Copyright 2006-2010, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/256576.shtmlhttp://www.secuobs.com/revue/news/256576.shtml Secuobs.com : 2010-09-10 01:37:21 - InfoSecPodcast.com - Normally I let the vendors communicate this stuff out but this is spreading like crazy A mass-mailing worm that McAfee is calling VBMania is on the loose We ve stopped an ton of these this afternoon More information here wwwavertlabscom research blog indexphp 2010 09 09 widespread-reporting-of-here-you-have-virus Chris Related Posts Worm articles presentationsSocial Engineering, Search Engines and the Massachusetts RMVCell phone virus writer http://www.secuobs.com/revue/news/256575.shtmlhttp://www.secuobs.com/revue/news/256575.shtml Secuobs.com : 2010-09-10 01:34:32 - Cryptome - September 9, 2010 http://www.secuobs.com/revue/news/256574.shtmlhttp://www.secuobs.com/revue/news/256574.shtml Secuobs.com : 2010-09-10 01:25:42 - Infosec Island Latest Articles - IT spending typically represents the biggest single area of capital expenditures Couple that with the clout CFOs typically gain during tough times along with the increase in regulations and it stands to reason why a most of CIOs and IT organizations now fall under the CFO s watch http://www.secuobs.com/revue/news/256573.shtmlhttp://www.secuobs.com/revue/news/256573.shtml Secuobs.com : 2010-09-10 01:21:54 - Security Garden - A botnet is a network of computers hijacked by bot-herders to spread malware, send spam and commit other forms of cyber crime, such as click fraud and DDoS Distributed Denial of Service attacks on websites In the case of the Waledac botnet, the network comprised tens of thousands of hijacked computers Waledac botnet background described by USA Today The Waledac botnet was a major source of spam and PC infections, at its peak in 2009 delivering 15 billion spam messages daily Microsoft added detection and filtering for Waledac infections to its free malicious software removal tool But cleaning infected PCs one by one did not stop the command PCs By December, Microsoft Hotmail accounts were getting swamped with more than 650 million e-mail spam messages sent out by Waledac That helped motivate the company to pursue a court order to shut down the command domains Even after the botnet's command center got knocked out, tens of thousands of infected PCs continued trying to phone home for instructions Waledac botnet take down Through the efforts of Microsoft s Digital Crimes Unit, in partnership with Microsoft s Trustworthy Computing team and the Microsoft Malware Protection Center, Microsoft undertook a combination of technical measures and previously untried legal techniques to disrupt and control the Waledac botnet, referenced by Microsoft as Operation b49, The result of this effort takes us from this to this IMAGE Image from Accelerating Change through Technology Additional background information is available in my earlier post, Waledac Botnet Takedown Clean-up The exciting news is that the legal action by Microsoft to permanently shut down the botnet was successful As a result, Microsoft is now in a position to work with Internet Service Providers ISPs and CERTS to help customers remove the Waledac infection from their computers Although communications with the Waledac botnet remain dead, there are still If you believe your computer is infected by Waledac, free help is available at the Microsoft Virus and Security Solution Center Prevention The standard advice applies 1 Keep a software firewall turned on at all times 2 Update not only your computer operating system but third-party software ie, Adobe products, Quick-Time and Java, as well 3 Maintain up-to-date antivirus and anti-malware software The future of botnets from the Microsoft Blog The Waledac takedown is the first undertaking in a larger Microsoft-led initiative called Project MARS Microsoft Active Response for Security , which is a joint effort between Microsoft s Digital Crimes Unit, the Microsoft Malware Protection Center MMPC , Microsoft Support and the Trustworthy Computing team to annihilate botnets and help make the Internet safer for everyone We believe the Waledac takedown will be the first of many successful endeavors for Project MARS and we re already working to apply the lessons we learned from this operation to future initiatives We re also seeing other members of the security industry and law enforcement taking proactive action to both study and dismantle other botnets, such as the recent actions against Mariposa and Pushdo Cutwail While the approaches to these actions have differed somewhat from the Waledac takedown, all of these efforts demonstrate that the industry is beginning to take a more aggressive stance against botnets References Microsoft B49 Virus Removal Virus and Security Solution Center Microsoft Blog RIP Waledac Undoing the damage of a botnet Microsoft on the Issues Cracking Down on Botnets MMPC An Update on Operation b49 and Waledac MMPC Blog What we know and learned from the Waledac takedown USA Today Microsoft gets legal might to target spamming botnets Clubhouse Tags Clubhouse, Microsoft, Windows, Security, Vulnerabilities, Information Remember - A day without laughter is a day wasted May the wind sing to you and the sun rise in your heart Computer security news information, help, tips and more, licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 30 Unported License IMAGE http://www.secuobs.com/revue/news/256572.shtmlhttp://www.secuobs.com/revue/news/256572.shtml Secuobs.com : 2010-09-10 01:14:43 - Threat Level - A massive cache of previously unpublished classified US military documents from the Iraq War is being readied for publication by WikiLeaks, a new report has confirmed The documents constitute the biggest leak of military intelligence that has ever occurred, according to Iain Overton, editor of the UK-based Bureau of Investigative Journalism, a non-profit organization that is http://www.secuobs.com/revue/news/256571.shtmlhttp://www.secuobs.com/revue/news/256571.shtml Secuobs.com : 2010-09-10 01:13:48 - Computer Security News - Tom Watson MP The barons of the media have no predators MPs have approved a fresh parliamentary inquiry into phone hacking allegations following criticism of the actions of News of the World journalists http://www.secuobs.com/revue/news/256570.shtmlhttp://www.secuobs.com/revue/news/256570.shtml Secuobs.com : 2010-09-10 01:09:40 - Rootsecure.net - Iron Geek Password Exploitation Class http://www.secuobs.com/revue/news/256569.shtmlhttp://www.secuobs.com/revue/news/256569.shtml Secuobs.com : 2010-09-10 01:09:40 - Rootsecure.net - Microsoft Own Your Space--Keep Yourself and Your Stuff Safe Online http://www.secuobs.com/revue/news/256568.shtmlhttp://www.secuobs.com/revue/news/256568.shtml Secuobs.com : 2010-09-10 01:07:51 - Reverse Engineering - submitted by arebc link comment http://www.secuobs.com/revue/news/256567.shtmlhttp://www.secuobs.com/revue/news/256567.shtml Secuobs.com : 2010-09-10 01:07:51 - Reverse Engineering - submitted by bigmac link comment http://www.secuobs.com/revue/news/256566.shtmlhttp://www.secuobs.com/revue/news/256566.shtml Secuobs.com : 2010-09-10 01:03:27 - LinuxSecurity.com Latest News - LinuxSecuritycom The race to accelerate browser features continues as Mozilla developers race towards the finish line to get the finished version of the Firefox 4 Web browser out the door http://www.secuobs.com/revue/news/256565.shtmlhttp://www.secuobs.com/revue/news/256565.shtml Secuobs.com : 2010-09-10 00:28:10 - EFF.org Updates - Vanity Fair suggests that Sarah Palin's distinctive voice on Facebook and Twitter is actually someone else's According to the article, she appears to have given a ghostwriter access to her social networking accounts to speak on her behalf When it was first set up, in January 2009, Palin's Facebook page might as well have been a file cabinet for official press releases Palin Pushes Parental Consent Legislation written mostly in a stiff, third-person form The same was true of her Twitter feed, which went live in April After writer Rebecca Mansour's voice disappeared on the pro-Palin blog C4P, however, Palin's voice on Facebook and Twitter started sounding increasingly provocative and irascible A company called Aries Petra Consulting was formed in September and registered to Mansour's home address, but under someone else's name In astrology, Aries is the ram or RAM SarahPAC's first payment to the firm was made in October, about two weeks before Palin began her book tour By then, Palin's new virtual voice was growing in intensity The more shrill it became, the more news Palin made QUIT MAKING THINGS UP DNC OBAMA ADMINISTRATION'S ATROCIOUS DECISION HORRIBLE DECISION, ABSOLUTELY HORRIBLE ARE YOU CAPABLE OF DECENCY, RAHM EMANUEL The payments to Mansour were not made public until February 1, 2010, when SarahPAC had to disclose its quarterly filings with the Federal Elections Commission The day before the disclosure, knowing what was coming, C4P made an official announcement acknowledging that Mansour had left the site months earlier and gone to work for SarahPAC Let's assume that Palin created her own Facebook account, and then hired Mansour to manage it So what, right Lots of high-profile people probably don't update their own Facebook pages In fact, President Obama's Facebook page explicitly says that it's maintained by Organizing for America The problem is that Facebook's terms of use prohibit several things that Palin and her ghostwriter may have done Specifically, it forbids users from accessing someone else's account sharing their passwords to let someone else access their accounts transferring their accounts to someone else without Facebook's written permission providing false personal information facilitating or encouraging someone else to violate the terms of use If Palin and her ghostwriter are in fact violating Facebook's terms of use, that probably doesn't seem like a big deal to most people Just by surfing around the internet, we agree to dozens of website terms of use every day, usually before we even read them These terms can say anything a website operator wants, and often specifically note that they can be changed at any time without notice or with minimal notice But violating a website's terms of use is a big deal, according to Facebook In fact, Facebook says it's a federal crime In Facebook v Power Ventures, Facebook has sued a service that lets social network users view all their information from various social networking sites on one page Like the way Sarah Palin's ghostwriter accesses Sarah's account, Power's service uses your password to access your account, with your permission Facebook claims that this violates its terms of use, and any act that violates its terms of use is a violation of computer intrusion laws such as the federal Computer Fraud and Abuse Act, which prohibits intentionally accessing certain computers without authorization or in excess of authorization Violations of this law are punishable by both civil and criminal penalties Facebook also tried to claim that Power's service violated California's state computer crime law, but a federal court recently rejected pdf that argument In short, Facebook believes that if you use Facebook in a way that Facebook doesn't like as defined by its terms of use you commit a federal crime Facebook's position is ridiculous It's also dangerous If we commit a crime every time we violate a website's terms of use, then millions of Americans are becoming criminals every day through routine online behavior and could be subject to lawsuits or even prosecution And worse, internet companies have the power to decide what behavior a person could go to prison for, simply by instructing their lawyers to draft a document to forbid certain acts Are Sarah Palin and Barack Obama computer criminals We don't think so Facebook and other companies need to stop trying to misuse computer crime laws to turn violations of terms of use into crimes http://www.secuobs.com/revue/news/256564.shtmlhttp://www.secuobs.com/revue/news/256564.shtml Secuobs.com : 2010-09-10 00:22:52 - adafruit industries blog - NEW PRODUCT USB WiFi adapter Chumby - TL-WN321G Whats the point of running your Chumby Hacker Board off of a battery if you cant use it to get online Add this WiFi USB adapter to your hacker board for access anywhere We even have a tutorial on how to get it set http://www.secuobs.com/revue/news/256563.shtmlhttp://www.secuobs.com/revue/news/256563.shtml Secuobs.com : 2010-09-10 00:20:51 - threatpost The First Stop for Security News - Microsoft's S eptember batch of security patches will include fixes for 13 documented vulnerabilities affecting Windows, Internet Information Services IIS , and Microsoft Office Shorten URL Click to copy short URL Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/256562.shtmlhttp://www.secuobs.com/revue/news/256562.shtml Secuobs.com : 2010-09-09 23:50:01 - Slashdot Your Rights Online - wiedzmin writes This month, officials from the Unique Identification Authority of India UIDAI , armed with fingerprinting machines, iris scanners and cameras hooked to laptops, will fan out across the towns and villages of southern Andhra Pradesh state in the first phase of the project whose aim is to give every Indian a lifelong Unique ID UID number for 'anytime, anywhere' biometric authentication While enrolling with the UIDAI may be voluntary, other agencies and service providers might require a UID number in order to transact business Usha Ramanathan, a prominent legal expert who is attached to the Center for the Study of Developing Societies in the national capital, said that, 'taken to its logical limit, the UID project will make it impossible, in a couple of years, for an ordinary citizen to undertake a simple task such as traveling within the country without a UID number' Next step, tying that UID number and biometric information to to their RIM BlackBerry PIN number IMAGE IMAGE Read more of this story at Slashdot IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/256561.shtmlhttp://www.secuobs.com/revue/news/256561.shtml Secuobs.com : 2010-09-09 23:44:23 - National Vulnerability Database - Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3512 and 36x before 369, Thunderbird before 307 and 31x before 313, and SeaMonkey before 207 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a dangling pointer vulnerability NOTE this issue exists because of an incomplete fix for CVE-2010-2753 http://www.secuobs.com/revue/news/256560.shtmlhttp://www.secuobs.com/revue/news/256560.shtml Secuobs.com : 2010-09-09 23:44:23 - National Vulnerability Database - The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper aka SJOW implementation in Mozilla Firefox 36x before 369 and Thunderbird 31x before 313 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object http://www.secuobs.com/revue/news/256559.shtmlhttp://www.secuobs.com/revue/news/256559.shtml Secuobs.com : 2010-09-09 23:44:23 - National Vulnerability Database - The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper aka SJOW implementation in Mozilla Firefox before 3512, Thunderbird before 307, and SeaMonkey before 207 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via a crafted function http://www.secuobs.com/revue/news/256558.shtmlhttp://www.secuobs.com/revue/news/256558.shtml Secuobs.com : 2010-09-09 23:44:23 - National Vulnerability Database - Mozilla Firefox before 3512 and 36x before 369, Thunderbird before 307 and 31x before 313, and SeaMonkey before 207 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests http://www.secuobs.com/revue/news/256557.shtmlhttp://www.secuobs.com/revue/news/256557.shtml Secuobs.com : 2010-09-09 23:44:23 - National Vulnerability Database - Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3512 and 36x before 369, Thunderbird before 307 and 31x before 313, and SeaMonkey before 207 might allow remote attackers to execute arbitrary code via a large number of values in the cols aka columns attribute, leading to a heap-based buffer overflow http://www.secuobs.com/revue/news/256556.shtmlhttp://www.secuobs.com/revue/news/256556.shtml Secuobs.com : 2010-09-09 23:44:23 - National Vulnerability Database - The normalizeDocument function in Mozilla Firefox before 3512 and 36x before 369, Thunderbird before 307 and 31x before 313, and SeaMonkey before 207 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object http://www.secuobs.com/revue/news/256555.shtmlhttp://www.secuobs.com/revue/news/256555.shtml Secuobs.com : 2010-09-09 23:44:23 - National Vulnerability Database - The navigatorplugins implementation in Mozilla Firefox before 3512 and 36x before 369, Thunderbird before 307 and 31x before 313, and SeaMonkey before 207 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service application crash or execute arbitrary code via crafted access to the navigator object, related to a dangling pointer vulnerability http://www.secuobs.com/revue/news/256554.shtmlhttp://www.secuobs.com/revue/news/256554.shtml Secuobs.com : 2010-09-09 23:44:23 - National Vulnerability Database - Mozilla Firefox before 3512 and 36x before 369, Thunderbird before 307 and 31x before 313, and SeaMonkey before 207 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting XSS protection mechanisms via UTF-7 encoding http://www.secuobs.com/revue/news/256553.shtmlhttp://www.secuobs.com/revue/news/256553.shtml Secuobs.com : 2010-09-09 23:44:23 - National Vulnerability Database - Cross-site scripting XSS vulnerability in Mozilla Firefox before 3512 and 36x before 369, Thunderbird before 307 and 31x before 313, and SeaMonkey before 207 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled http://www.secuobs.com/revue/news/256552.shtmlhttp://www.secuobs.com/revue/news/256552.shtml Secuobs.com : 2010-09-09 23:44:23 - National Vulnerability Database - Mozilla Firefox before 3512 and 36x before 369, Thunderbird before 307 and 31x before 313, and SeaMonkey before 207 on Mac OS X allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via a crafted font in a data URL http://www.secuobs.com/revue/news/256551.shtmlhttp://www.secuobs.com/revue/news/256551.shtml Secuobs.com : 2010-09-09 23:44:23 - National Vulnerability Database - Heap-based buffer overflow in the nsTextFrameUtils TransformText function in Mozilla Firefox before 3512 and 36x before 369, Thunderbird before 307 and 31x before 313, and SeaMonkey before 207 might allow remote attackers to execute arbitrary code via a bidirectional text run http://www.secuobs.com/revue/news/256550.shtmlhttp://www.secuobs.com/revue/news/256550.shtml Secuobs.com : 2010-09-09 23:44:23 - National Vulnerability Database - The nsTreeContentView function in Mozilla Firefox before 3512 and 36x before 369, Thunderbird before 307 and 31x before 313, and SeaMonkey before 207 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a dangling pointer vulnerability http://www.secuobs.com/revue/news/256549.shtmlhttp://www.secuobs.com/revue/news/256549.shtml Secuobs.com : 2010-09-09 23:44:23 - National Vulnerability Database - Mozilla Firefox before 3512 and 36x before 369, Thunderbird before 307 and 31x before 313, and SeaMonkey before 207 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service deleted memory access and application crash or possibly execute arbitrary code by setting unspecified properties http://www.secuobs.com/revue/news/256548.shtmlhttp://www.secuobs.com/revue/news/256548.shtml Secuobs.com : 2010-09-09 23:44:23 - National Vulnerability Database - Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3512 and 36x before 369, Thunderbird before 307 and 31x before 313, and SeaMonkey before 207 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors http://www.secuobs.com/revue/news/256547.shtmlhttp://www.secuobs.com/revue/news/256547.shtml Secuobs.com : 2010-09-09 23:41:27 - InSecurity Complex - Clickjacking attack hid behind content warning and antispam mechanism before posting your prurient interests to all of your friends http://www.secuobs.com/revue/news/256546.shtmlhttp://www.secuobs.com/revue/news/256546.shtml Secuobs.com : 2010-09-09 23:41:27 - InSecurity Complex - Four critical bulletins and five important bulletins coming on Patch Tuesday http://www.secuobs.com/revue/news/256545.shtmlhttp://www.secuobs.com/revue/news/256545.shtml Secuobs.com : 2010-09-09 23:34:27 - SANS Internet Storm Center InfoCON green - We are aware of the Here you have malware that is spreading via email As we find more http://www.secuobs.com/revue/news/256544.shtmlhttp://www.secuobs.com/revue/news/256544.shtml Secuobs.com : 2010-09-09 23:32:06 - Hack a Day - Jonathan Crawford is ready and willing to fire things up with his flaming trombone A couple of years back his band teacher was going through the storage room triaging instruments This trombone suffered from a bad case of red rot and would never function well again so Jonathan was able to get his hands on it http://www.secuobs.com/revue/news/256543.shtmlhttp://www.secuobs.com/revue/news/256543.shtml Secuobs.com : 2010-09-09 23:32:06 - Hack a Day - Bart figured out how to use his laser cutter as a 3D printer We ve checked in on his open source laser cutter in the past and we re happy to see he s now done with the build But rather than stop there he took it a step further For less than 200 he built an extruder http://www.secuobs.com/revue/news/256542.shtmlhttp://www.secuobs.com/revue/news/256542.shtml Secuobs.com : 2010-09-09 23:30:07 - eWeek Security Watch - New research from Panda Security shows eBay and Western Union are among the favorite sites for cyber-criminals to try to emulate for their schemes IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/256541.shtmlhttp://www.secuobs.com/revue/news/256541.shtml Secuobs.com : 2010-09-09 23:26:52 - Zero Day Blog RSS ZDNet - Cisco is warning that its Wireless LAN Controller WLC product family is affected by seven separate security  vulnerabilities that could allow  a remote attacker to launch denial-of-service attacks, modify device configurations, or bypass access control listsIn an alert issued today, Cisco warned that there are no workarounds to mitigate these issues and urged affected users http://www.secuobs.com/revue/news/256540.shtmlhttp://www.secuobs.com/revue/news/256540.shtml Secuobs.com : 2010-09-09 23:26:52 - Zero Day Blog RSS ZDNet - The zero-day attacks against Adobe PDF Reader Acrobat includes the use of clever techniques to bypass anti-exploit roadblocks in Microsoft s newest operating systems and a signed digital certificate belonging to a US credit union http://www.secuobs.com/revue/news/256539.shtmlhttp://www.secuobs.com/revue/news/256539.shtml Secuobs.com : 2010-09-09 23:26:52 - Zero Day Blog RSS ZDNet - Microsoft s September batch of security patches will include fixes for 13 documented vulnerabilities affecting Windows, Internet Information Services IIS , and Microsoft Office http://www.secuobs.com/revue/news/256538.shtmlhttp://www.secuobs.com/revue/news/256538.shtml Secuobs.com : 2010-09-09 23:23:50 - Security Bloggers Network - Although the essay does not present much new information, it is the most cogent description of the issues, challenges and potential solutions on the table that I have read in one easy-to-read article http://www.secuobs.com/revue/news/256537.shtmlhttp://www.secuobs.com/revue/news/256537.shtml Secuobs.com : 2010-09-09 23:23:50 - Security Bloggers Network - For the past couple weeks things have NOT been normal for the Spam Phishing folks at the UAB Computer Forensics Research Laboratory The Phishing Operations team has been inundated by URLs being reported to them as potential phish that are not onl http://www.secuobs.com/revue/news/256536.shtmlhttp://www.secuobs.com/revue/news/256536.shtml Secuobs.com : 2010-09-09 23:23:50 - Security Bloggers Network - It's competition time We're all very excited here at Sophos Towers because next month we hope to roll out a whole new blog for you, our faithful readers We'll be bringing together our star bloggers Chet and Duck, and yours truly as well as the gang who write the SophosLabs blog - amalgamating all of our articles, http://www.secuobs.com/revue/news/256535.shtmlhttp://www.secuobs.com/revue/news/256535.shtml Secuobs.com : 2010-09-09 23:23:50 - Security Bloggers Network - Over the past couple of months I've been compiling a report from a TCPDUMP that has been pulled on our old DNS servers to determine what internal IP addresses are still using the servers I've been refining the report over time but have been frustratin http://www.secuobs.com/revue/news/256534.shtmlhttp://www.secuobs.com/revue/news/256534.shtml Secuobs.com : 2010-09-09 23:23:50 - Security Bloggers Network - So, Google it seems being leveraged to host malicious code No shock there The code in question in this case is a toolkit referred to as the Ultimate BlackHat Tool Kit which web delivered collection of applications and scripts that are a few years dated From Websense Last week, the media picked up that the http://www.secuobs.com/revue/news/256533.shtmlhttp://www.secuobs.com/revue/news/256533.shtml Secuobs.com : 2010-09-09 23:23:50 - Security Bloggers Network - If you want to meet the people who make the best darn Data Loss Prevention DLP solutions in the world, but can t make it into our offices, don t give up hope We re traveling the US at trade shows and conferences for the next cou http://www.secuobs.com/revue/news/256532.shtmlhttp://www.secuobs.com/revue/news/256532.shtml Secuobs.com : 2010-09-09 23:23:50 - Security Bloggers Network - I just found out my name is on board the IKAROS spacecraft, which is currently solar sailing its way from Earth to Venus Apparently this is a benefit of my membership of the Planetary Society yes I do have other interests outside information secur http://www.secuobs.com/revue/news/256531.shtmlhttp://www.secuobs.com/revue/news/256531.shtml Secuobs.com : 2010-09-09 23:23:50 - Security Bloggers Network - Here are a few papers and articles that have become available in the last week or two Shortcuts to Insecurity LNK Exploits is an article for Security Week http wwwsecurityweekcom on the LNK vulnerability classified as CVE-2010-2568 and exploited by Win32 Stuxnet Stuxnet is not the only malware that exploits this vulnerability, of course, and the September issue of Virus Read More http://www.secuobs.com/revue/news/256530.shtmlhttp://www.secuobs.com/revue/news/256530.shtml Secuobs.com : 2010-09-09 23:22:32 - Schneier on Security - In Japan These balls full of orange paint are anti-theft devices When someone robs a store, the clerk can throw the ball at the perp or at the perp's feet so they're easily identified after they escape Seems to me the best way to escape from a robbery would be to throw a bunch of orange balls at a crowd IMAGE http://www.secuobs.com/revue/news/256529.shtmlhttp://www.secuobs.com/revue/news/256529.shtml Secuobs.com : 2010-09-09 23:19:05 - Help Net Security News - PayPal credentials are one of the most sought after by phishers, so it stands to reason that the company would try to educate its users on Internet safety And it does - by offering a can-you-spot-phi http://www.secuobs.com/revue/news/256528.shtmlhttp://www.secuobs.com/revue/news/256528.shtml Secuobs.com : 2010-09-09 23:19:05 - Help Net Security News - The recently released results of a security audit performed on the various systems used by the US-CERT to accomplish its cybersecurity mission revealed an unpleasant reality a total of 671 unique vul http://www.secuobs.com/revue/news/256527.shtmlhttp://www.secuobs.com/revue/news/256527.shtml Secuobs.com : 2010-09-09 23:12:08 - TorrentFreak - Today, BitTorrent Inc officially debuts the BitTorrent Apps platform in a non-Beta client The company chose the smaller BitTorrent Mainline client over their leading brand uTorrent for the release, giving 14 million users access to their App platform The question is, however, how big the demand for Apps among BitTorrent users will be http://www.secuobs.com/revue/news/256526.shtmlhttp://www.secuobs.com/revue/news/256526.shtml Secuobs.com : 2010-09-09 23:08:24 - McAfee Avert Labs - Preliminary Information McAfee Labs is currently investigating a new threat commonly referred to as the Here you have virus due to the email subject line the worm uses during propagation It looks like multiple variants may be spreading and may take some time to work through them all to paint a clearer picture Here s http://www.secuobs.com/revue/news/256525.shtmlhttp://www.secuobs.com/revue/news/256525.shtml Secuobs.com : 2010-09-09 23:02:07 - Channel 9 - IMAGE Today on Silverlight TV, Deepesh Mohnani answers four of the questions most frequently asked in the popular WCF RIA Services forums This is a great episode to watch and the first in a periodic series from the RIA Services team in which we will address the top questions from developers In this episode, Deepesh addresses the following questions POCO model How do I pull data from a non-ef data source How do I do CUD on that Client Side Computed Properties How do I create a client side computed property like total amount How do I update a computed property when one of the dependency property changes Protect my service How do I control access to methods How do I control access by Roles Windows Authentication How do I enable Windows Authentication How do I integrate with Active Directory properties Relevant links John's blog and on Twitter john_papa Deepesh's Blog and on Twitter deepeshm More about RIA Services RIA Services Forums Follow us on Twitter SilverlightTV or on the web at http silverlighttv book Are you developing with Windows Phone 7 You can pre-order Learning Windows Phone Programming by Jaime Rodriguez, Yochay Kiriaty, and John Papa Or check out the book's website http://www.secuobs.com/revue/news/256524.shtmlhttp://www.secuobs.com/revue/news/256524.shtml Secuobs.com : 2010-09-09 22:55:10 - Fortinet Security Blog - f you re in the US, look for the new NASDAQ Fortinet TV commercial spotlighting Ken Xie, CEO and founder, and Fortinet It is part of NASDAQ s 2010 2011 Dream It Do It campaign that highlights a handful of visionary leaders and their companies The campaign will run on Fox network programs and http://www.secuobs.com/revue/news/256523.shtmlhttp://www.secuobs.com/revue/news/256523.shtml Secuobs.com : 2010-09-09 22:53:43 - Off by On - Build Security In has a interesting if dry paper on using static analysis Yannick notes that static analysis can be a good buddy in a pair programming sense for use in complex projects At least, that's what the conclusion says, since I honestly couldn't get through the full paper Oh, and the paper is in PDF format, so watch out How ironic would it be if the PDF had a payload the exploited the latest vulnerability http://www.secuobs.com/revue/news/256522.shtmlhttp://www.secuobs.com/revue/news/256522.shtml Secuobs.com : 2010-09-09 22:47:57 - Cybercriminalité sécurité et ordre public - Une étude démontre que les deux-tiers des utilisateurs du web ont été victimes d attaques en ligne, mais que peu d entre eux portent plainte Lire http://www.secuobs.com/revue/news/256521.shtmlhttp://www.secuobs.com/revue/news/256521.shtml Secuobs.com : 2010-09-09 22:47:57 - Cybercriminalité sécurité et ordre public - Les Montréalais seraient les moins inquiets au pays en matière de cybercriminalité, alors que seulement 11 pourcents des habitants de la métropole craindraient d en être victimes, selon un sondage mené par Symantec Cette étude, réalisée par le géant de la sécurité informatique, fonde ses résultats sur un sondage mené auprès de 514 répondants dans cinq http://www.secuobs.com/revue/news/256520.shtmlhttp://www.secuobs.com/revue/news/256520.shtml Secuobs.com : 2010-09-09 22:47:57 - Cybercriminalité sécurité et ordre public - Plus de 7 000 adultes répartis dans 14 pays ont répondu au rapport de Norton sur la Cybercriminalité et l impact sur l humain En savoir plus ici http://www.secuobs.com/revue/news/256519.shtmlhttp://www.secuobs.com/revue/news/256519.shtml Secuobs.com : 2010-09-09 22:47:57 - Cybercriminalité sécurité et ordre public - Comme on peut l imaginer, se faire arnaquer sur le Web met en colère bon nombre d internautes, mais en pousse également un très fort pourcentage à se sentir responsable de sa situation c est ce que révèle le nouveau rapport sur la cybercriminalité publié aujourd hui par l éditeur Symantec L étude commence par dresser un état des lieux http://www.secuobs.com/revue/news/256518.shtmlhttp://www.secuobs.com/revue/news/256518.shtml Secuobs.com : 2010-09-09 22:47:57 - Cybercriminalité sécurité et ordre public - Découvrez le passeport de conseils aux voyageurs dans ce document http://www.secuobs.com/revue/news/256517.shtmlhttp://www.secuobs.com/revue/news/256517.shtml Secuobs.com : 2010-09-09 22:47:57 - Cybercriminalité sécurité et ordre public - L ouvrage de Myriam QUÉMÉNER et Yves CHARPENEL Cybercriminalité Droit pénal appliqué sortira le 13 septembre 2010 Résumé L omniprésence de l informatique et d Internet dans la vie quotidienne a contribué au progrès social dans de nombreux domaines Elle s est aussi accompagnée de cybermenaces qui visent aussi bien les entreprises, le secteur bancaire, les internautes et http://www.secuobs.com/revue/news/256516.shtmlhttp://www.secuobs.com/revue/news/256516.shtml Secuobs.com : 2010-09-09 22:45:40 - Infosec Island Latest Articles - As network security professionals, we definitely understand the importance of antivirus software, as it is always the first choice for most enterprises and home users But it disappoints me that although antivirus software has adapted to cloud computing, it still works on signature detection method http://www.secuobs.com/revue/news/256515.shtmlhttp://www.secuobs.com/revue/news/256515.shtml Secuobs.com : 2010-09-09 22:38:40 - Security Garden - On Tuesday, September 14, 2010, Microsoft is planning to release nine 9 bulletins addressing 13 vulnerabilities affecting Windows, Internet Information Services IIS , and Microsoft Office Four of those bulletins carry a Critical rating, with the rest rated Important All except two relate to Remote Code Execution Bulletin ID Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software Bulletin 1 Critical Remote Code Execution Requires restart Microsoft Windows Bulletin 2 Critical Remote Code Execution May require restart Microsoft Windows Bulletin 3 Critical Remote Code Execution May require restart Microsoft Windows, Microsoft Office Bulletin 4 Critical Remote Code Execution May require restart Microsoft Office Bulletin 5 Important Remote Code Execution May require restart Microsoft Windows Bulletin 6 Important Remote Code Execution Requires restart Microsoft Windows Bulletin 7 Important Remote Code Execution May require restart Microsoft Windows Bulletin 8 Important Elevation of Privilege Requires restart Microsoft Windows Bulletin 9 Important Elevation of Privilege Requires restart Microsoft Windows References MSRC Blog September 2010 Bulletin Release Advance Notification TechNet Microsoft Security Bulletin Advance Notification for September 2010 Clubhouse Tags Clubhouse, Microsoft, Windows, Security, Updates, Vulnerabilities, Information, Remember - A day without laughter is a day wasted May the wind sing to you and the sun rise in your heart Computer security news information, help, tips and more, licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 30 Unported License IMAGE http://www.secuobs.com/revue/news/256514.shtmlhttp://www.secuobs.com/revue/news/256514.shtml Secuobs.com : 2010-09-09 22:26:47 - Threat Level - The website of the church that plans to burn a Koran on Saturday to commemorate 9 11 was removed from the internet after its hosting service said the site violated its terms of service agreement The removal of the doveworldorg site comes as President Barack Obama urged the Florida pastor not to burn the Koran on the http://www.secuobs.com/revue/news/256513.shtmlhttp://www.secuobs.com/revue/news/256513.shtml Secuobs.com : 2010-09-09 22:13:44 - Network World on Security - A new study by security vendor Symantec reports that Internet crime has grown into a widespread problem globally It also provides intriguing insights into consumers' lax attitudes toward online piracy, plagiarism, and other illegally or unethical activities http://www.secuobs.com/revue/news/256512.shtmlhttp://www.secuobs.com/revue/news/256512.shtml Secuobs.com : 2010-09-09 22:13:44 - Network World on Security - Nearly two thirds 65 percent of web users across the world have been the victim of cybercrime, says Symantec http://www.secuobs.com/revue/news/256511.shtmlhttp://www.secuobs.com/revue/news/256511.shtml Secuobs.com : 2010-09-09 22:13:44 - Network World on Security - As a regular speaker at conferences, I carry my presentations on a USB memory key and plug it into the organiser's laptop to access them In doing so, I believe my USB drive has picked up some malware In Windows it appears on the desktop as a green icon with 'Keygen' written on it It also creates a message box saying 'UpdateNetFramework' If I delete the file it simply reappears Norton Antivirus 2009 hasn't managed to eradicate it, and I now have the same message on all the USB drives I use http://www.secuobs.com/revue/news/256510.shtmlhttp://www.secuobs.com/revue/news/256510.shtml Secuobs.com : 2010-09-09 22:13:44 - Network World on Security - Criminals intent on attacking others can lease networks of compromised computers, or botnets, from other criminals serving the underground community These resources could be considered clouds in their own right, but researchers warn that operators of legitimate clouds need to worry about being used for illicit attacks as well http://www.secuobs.com/revue/news/256509.shtmlhttp://www.secuobs.com/revue/news/256509.shtml Secuobs.com : 2010-09-09 22:13:44 - Network World on Security - Microsoft Security Essentials has quarantined VIR Tool JS ObfuscatorP' The program advises me to 'Remove this software immediately' How do I do this http://www.secuobs.com/revue/news/256508.shtmlhttp://www.secuobs.com/revue/news/256508.shtml Secuobs.com : 2010-09-09 22:13:44 - Network World on Security - The more apps companies deploy, the more complicated vulnerability management becomes In the rush to find every security hole and seal it off from potential hackers, it's easy to let something important slip through That's especially true if you're an IT administrator juggling several tasks of which security is one http://www.secuobs.com/revue/news/256507.shtmlhttp://www.secuobs.com/revue/news/256507.shtml Secuobs.com : 2010-09-09 22:10:27 - LinuxSecurity.com Latest News - LinuxSecuritycom My favourite change in the world of GNU Linux this year is that GNU Linux is being accepted by more people as a better way to do IT on the desktop as well as the server, said blogger and educator Robert Pogson All the advantages of stability, efficiency, security, low cost, etc, that benefit us who use GNU Linux on the server also apply to those using GNU Linux on the desktop http://www.secuobs.com/revue/news/256506.shtmlhttp://www.secuobs.com/revue/news/256506.shtml Secuobs.com : 2010-09-09 22:10:27 - LinuxSecurity.com Latest News - LinuxSecuritycom Less than a day after Apple released its iOS 41 operating system, hackers say they have jailbroken the software for the iPhone 4 In doing so, hackers have shown time and again that they can beat the security systems that Apple puts in place to keep control of its hardware devices http://www.secuobs.com/revue/news/256505.shtmlhttp://www.secuobs.com/revue/news/256505.shtml Secuobs.com : 2010-09-09 21:27:58 - Forensic Focus - The new 282 release of Oxygen Forensic Suite 2010 adds support for iTunes 10 as well as newest Blackberry and Samsung devices All registered customers may download the new version immediately from their personal pages, a trial version is available for immediate download here IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/256504.shtmlhttp://www.secuobs.com/revue/news/256504.shtml Secuobs.com : 2010-09-09 21:27:18 - Exploit DB updates - http://www.secuobs.com/revue/news/256503.shtmlhttp://www.secuobs.com/revue/news/256503.shtml Secuobs.com : 2010-09-09 21:23:56 - Emerging Threats - The OISF is proud to announce that NVIDIA has joined the foundation as a technology partner to help develop and enhance CUDA GPU based acceleration within Suricata This exciting development gives the foundation access and assistance from NVIDIA engineers and designers to bring you Suricata IDS IPS GPU acceleration on standard hardware Watch for new developments with GPU acceleration to hit the streets very soon NVIDIA http://www.secuobs.com/revue/news/256502.shtmlhttp://www.secuobs.com/revue/news/256502.shtml Secuobs.com : 2010-09-09 21:23:39 - EFF.org Updates - In a victory for democracy and transparency, the European Parliament adopted Written Declaration 12 2010 WD 12 on the proposed Anti-counterfeiting Trade Agreement earlier this week WD 12 calls on EU negotiators to ensure that ACTA does not weaken citizens' fundamental rights of freedom of expression, privacy, and judicial due process, and will not require Internet intermediaries to act as copyright police at the behest of the Entertainment Industry WD 12 also calls on EU negotiators to make the ACTA negotiation texts public, and to ensure that ACTA's proposed border measures do not interfere with access to affordable medicines WD 12 became the official position of the European Parliament on ACTA when it was signed by 377 Members of the European Parliament prior to today's deadline - more than the required majority of MEPs 369 While the written declaration is not binding on the European Parliament, its adoption by a clear majority sends an important political signal to EU ACTA negotiators at a critical time - just before the next, and possibly final, round of ACTA negotiations taking place in Japan later this month The European Parliament must give a consent vote for the EU to be bound by ACTA WD 12 should be seen by EU negotiators as a clear statement about how the MEPs will approach that vote Kudos and special thanks to our friends at La Quadrature du Net who led this effort, our amazing European EFF activists, fellow members of EDRi and the TransAtlantic Consumer Dialogue, and our other allies who worked tirelessly to explain the impact of ACTA and convince Members of the European Parliament to sign WD 12 despite various pressures and constraints Let's hope that EU negotiators now recognize that ACTA should protect the fundamental rights of all citizens and 'net users, and not just the narrow interests of major content businesses http://www.secuobs.com/revue/news/256501.shtmlhttp://www.secuobs.com/revue/news/256501.shtml Secuobs.com : 2010-09-09 21:16:35 - adafruit industries blog - Mintyboost v30 works with the new Apple iPod nano with Multi-Touch http://www.secuobs.com/revue/news/256500.shtmlhttp://www.secuobs.com/revue/news/256500.shtml Secuobs.com : 2010-09-09 21:12:07 - The Invisible Things Lab's blog - Why do we need secure desktop systems Why support from hardware is necessary to build secure desktop OSes Does virtualization make things more, or less complex Why Dynamic RTM Intel TXT is better than Static RTM Can we have untrusted GUI domain subsystem I tried to cover those questions in my recent keynote at ETISS, and you can grab the slides here Particularly, the slide 18 presents the idealistic view of an OS that could be achieved through the use of hardware virtualization and trusted boot technologies It might look very similar to many other pictures of virtualized systems one can see these days, but what makes it special is that all the dark gray boxes represent untrusted domains so, their compromise is not security-critical, except for the potential of a denial-of-service No OS currently implements this architecture, even Qubes We still have Storage and GUI subsystem in Dom0 so they are both trusted , although we already know we think how to implement the untrusted storage domain this is described in detail in the arch spec , and the main reason we don't have it now is that TXT market adoption is so poor, that very few people could make use of it The GUI subsystem is, however, a much bigger challenge When we think about, it should really feel impossible to have an untrusted GUI subsystem, because the GUI subsystem really sees all the pixmaps that are to be displayed to the user, so also all the confidential emails, documents, etc The GUI is different in nature than the networking subsystem, where we can use encrypted protocols to prevent the netvm from sniffing or meaningfully intercepting the application-generated traffic, or the storage subsystem, where we can use fs-encryption and trusted boot technologies to keep the storage domain off from reading or modifying the files used by apps in a meaningful ways We cannot really encrypt the pixmaps in the apps, or AppVMs , because for this to work we would need to have graphics cards that would be able to do the decryption and key exchange note how this is different from the case of an untrusted storage domain, where there is no need for internal hardware encryption , and the idea of putting, essentially an HTTPS webserver on your GPU is doubtful at best, because it would essentially move the target from the GUI domain to the GPU, and there is really no reason why lots-of-code in the GPU were any harder to attack than lots-of-code in the GUI domain So we came out recently with an idea of a Split I O model that is also presented in my slides, where we separate the user input keyboard, mouse , and keep it still in dom0 trusted domain , from the output GUI, audio , which is moved into an untrusted GUI domain We obviously need to make sure that the GUI domain cannot talk to other domains, to make sure it cannot leak out the secrets that it sees while processing the various pixmaps For this we need to have the hypervisor ensure that all the inter-domain shared pages mapped into the GUI domain are read-only for the GUI domain, and this would imply that we need the GUI protocol, exposed by the GUI domain to other AppVMs, to be unidirectional There are more challenges though, eg how to keep the bandwith of timing covert channels, such as those through the CPU caches, between the GUI domain and other AppVMs on a reasonably low level please note the distinction between a covert channel, which require cooperation of two domains, and a side-channel, which requires just one domain to be malicious - the latter are much more of a theoretical problem, and are of a concern only in some very high security military systems, while the former are easy to implement in practice usually, and present a practical problem in this very scenario Another problem, that was immediately pointed out by the ETISS audience, is that an attacker, who compromised the GUI domain, can manipulate the pixmaps that are being processed in the GUI subsystem to present false picture to the user remember, the attacker should have no way to send them out anywhere This includes attacks such as button relabeling OK becomes Cancel and the other way around , content manipulation 1,000,000 instead of 100 , and vice-versa , security labels spoofing red -labeled windows becoming green -labeled , and so on It's an open question how practical these attacks are, at least when we consider automated attacks, as they require ability to extract some semantics from the pixmaps where is the button, where is the decoration , as well as understanding the user's actions, intentions, and behavior just automatically relabeling my Friefox label to green would be a poor attack, as I would immediately realize something is going wrong Nevertheless this is a problem, and I'm not sure how this could be solved with the current hardware architecture But do we really need untrusted GUI domain That depends Currently in Qubes the GUI subsystem is located in dom0, and thus it is fully trusted, and this also means that a potential compromise of the GUI subsystem is considered fatal We try to make an attack on GUI as hard as possible, and this is the reason we have designed and implemented special, very simple GUI protocol that is exposed to other AppVMs instead of eg using the X protocol or VNC But if we wanted to add some more features , such as 3D hardware acceleration for the apps 3D acceleration is already available to the Window Manager in Qubes, but not for the apps , then we would not be able to keep the GUI protocol so simple anymore, and this might result in introducing exploitable fatal bugs So, in that case it would be great to have untrusted GUI domain, because we would be able to provide feature-rich GUI protocols, with all the OpenGL-ish like things, without worrying that somebody might exploit the GUI backend We would also not need to worry about putting all the various 3rd party software in the GUI domain, such as KDE, Xorg, and various 3rd party GPU drivers, like eg NVIDIA's closed source ones, and that some of it might be malicious So, generally, yes, we would like to have untrusted GUI domain - we can live without it, but then we will not have all the fancy 3D acceleration for games, and also need to carefully choose and verify the GUI-related software which is lots of software But perhaps in the next 5 years everybody will have a computer with a few dozens of cores, and also the CPU-to-DRAM bandwidth will be orders of magnitude faster than today, and so there will be no longer a need to offload graphic intensive work to a specialized GPU, because one of our 64 cores will happily do the work Wouldn't that be a nicer architecture, also for many other reasons eg better utilization of power circuit real estate In that case nobody will need OpenGL, and so there will be no need for a richer GUI protocol than what is already implemented in Qubes It's quite exciting to see what will happen and what we will come up for Qubes BTW, some people might confuse X server de-privileging efforts, ie making the X server run without root privileges, which is being done in some Linux distros and BSDs, with what had been described in this article, namely making the GUI subsystem untrusted Please note that a de-priviliged X server doesn't really solve any major security problems related to GUI subsystem, as whoever controls 0wns the X server depriviliged or not can steal or manipulate all the data that this X server is processing displaying Apparently there are some reasons why people want to run Xorg as non-root, but in case of typical desktop OSes this provides little security benefit unless you want to run a few X servers with different user accounts, and on different vt's, which most people would never do anyway http://www.secuobs.com/revue/news/256499.shtmlhttp://www.secuobs.com/revue/news/256499.shtml Secuobs.com : 2010-09-09 20:38:46 - Tim Callan's SSL Blog - In the next month the Symantec SSL business will be participating in these events The week of September 20 I'll be in attendance at the Online Trust Alliance's Online Trust and Cybersecurity Forum in Washington DC This forum will be chock full of key players from private industry and government alike We'll be discussing the initiatives needed to ensure that our online systems continue to be secure and trustworthy in the landscape of constantly evolving threats I'm fortunate enough to be moderating a panel on Thursday If you're attending the forum, please come to my panel and ask a question or two If you're not registered yet, better do it soon There are still a few seats left, but don't waste time The next week we'll be exhibiting at Search Marketing Expo in New York City Our objective there is to demonstrate how recognized security indicators improve site performance in terms of completed transactions, average ticket value, and traffic to site Online commerce blogger Bob Angus will be giving a speech there as well If you haven't registered yet, you can save 25pourcents on your registration fee by putting in the discount code smx10verisign Finally, the newly acquired businesses from VeriSign will be a highlight of the upcoming Symantec Vision conference in Barcelona If you're planning on attending Vision, it will be a great oppotunity to learn which services came over from VeriSign as part of the acquisition and how the company plans on using them going forward http://www.secuobs.com/revue/news/256498.shtmlhttp://www.secuobs.com/revue/news/256498.shtml Secuobs.com : 2010-09-09 20:37:52 - Slashdot Your Rights Online - Tootech writes In a case of physician, heal thyself, the agency which forms the operational arm of DHS's National Cyber Security Division, or NCSD failed to keep its own systems up to date with the latest software patches Auditors working for the DHS inspector general ran a sweep of US-CERT using the vulnerability scanner Nessus and turned up 1,085 instances of 202 high-risk security holes The majority of the high-risk vulnerabilities involved application and operating system and security software patches that had not been deployed on computer systems located in Virginia, reads the report from assistant inspector general Frank Deffer IMAGE IMAGE Read more of this story at Slashdot IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/256497.shtmlhttp://www.secuobs.com/revue/news/256497.shtml Secuobs.com : 2010-09-09 20:32:51 - Packet Storm Security Headlines - http://www.secuobs.com/revue/news/256496.shtmlhttp://www.secuobs.com/revue/news/256496.shtml Secuobs.com : 2010-09-09 20:32:51 - Packet Storm Security Headlines - http://www.secuobs.com/revue/news/256495.shtmlhttp://www.secuobs.com/revue/news/256495.shtml Secuobs.com : 2010-09-09 20:32:51 - Packet Storm Security Headlines - http://www.secuobs.com/revue/news/256494.shtmlhttp://www.secuobs.com/revue/news/256494.shtml Secuobs.com : 2010-09-09 20:32:51 - Packet Storm Security Headlines - http://www.secuobs.com/revue/news/256493.shtmlhttp://www.secuobs.com/revue/news/256493.shtml Secuobs.com : 2010-09-09 20:19:59 - Hack a Day - Fileark built an RFID entry system that uses a pretty ingenious alternative to an electronic strike plate An electronic strike is a rather expensive hinged plate that mounts in the door frame and catches the door latch But this system opens a set of double doors The door without the handle is fixed in place and has http://www.secuobs.com/revue/news/256492.shtmlhttp://www.secuobs.com/revue/news/256492.shtml Secuobs.com : 2010-09-09 20:18:30 - Wired Danger Room - The Pentagon s blue-sky research arm wants to trick out troops brains, from the areas that regulate alertness and cognition to pain treatment and psychiatric well-being And the scientists want to do it all from the outside in with a gadget installed inside the troops helmets Remote Control of Brain Activity Using Ultrasound, the Defense http://www.secuobs.com/revue/news/256491.shtmlhttp://www.secuobs.com/revue/news/256491.shtml Secuobs.com : 2010-09-09 20:17:37 - Graham Cluley's blog - It's competition time We're all very excited here at Sophos Towers because next month we hope to roll out a whole new blog for you, our faithful readers We'll be bringing together our star bloggers Chet and Duck, and yours truly as well as the gang who write the SophosLabs blog - amalgamating all of our articles, http://www.secuobs.com/revue/news/256490.shtmlhttp://www.secuobs.com/revue/news/256490.shtml Secuobs.com : 2010-09-09 20:15:32 - Security Bloggers Network - Web of Trust, the free website reputation rating tool, is recommending GFI-Sunbelt s VIPRE anti-virus package to its members and GFI is giving them a 10 discountWeb of Trust VIPRE offer hereWeb of Trust is going to be promoting VIPRE as a recommen http://www.secuobs.com/revue/news/256489.shtmlhttp://www.secuobs.com/revue/news/256489.shtml Secuobs.com : 2010-09-09 20:15:32 - Security Bloggers Network - Pouring over the news this morning and down the rabbit hole I went Finally snapped back before lunch So, here is the news in a not so timely fashion Have a great day cheers, Dave Click here to subscribe to Liquidmatrix Security Digest And now, the news iPhone hacker discovers a new Jailbreaking exploit to http://www.secuobs.com/revue/news/256488.shtmlhttp://www.secuobs.com/revue/news/256488.shtml Secuobs.com : 2010-09-09 20:14:56 - SecTechno - Hackers create about 57 000 new pages each week to use them for spreading malware on Internet this is according to PandaLabs 65pourcents of the fake sites are for banking, 27pourcents online purchasing website such as eBay, 23pourcents other financial institutions, mutual funds or brokers, and 19pourcents governmental organizations etc 375 keywords http://www.secuobs.com/revue/news/256487.shtmlhttp://www.secuobs.com/revue/news/256487.shtml Secuobs.com : 2010-09-09 20:10:06 - TripleCheck Consulting Blog - IMAGE So, it used to take at least some time before published 0-day vulnerabilities were weaponized into malicious trojans and other exploit code Now it appears that they time to develop exploit modules is extremely limited, and possibly in some cases prepared before public release As referenced in the slashdot story an Adobe spokesman described that the situation could change with the availability of the public samples and exploit code I think these types of advisories should be changed to the situation has changed, exploit code certainly already exists and has been used privately for some time http://www.secuobs.com/revue/news/256486.shtmlhttp://www.secuobs.com/revue/news/256486.shtml Secuobs.com : 2010-09-09 20:07:51 - The Tech Herald Security News - Operationb49, the internal name for Microsoft s takedown of the Waledac botnet, made headlines earlier this year, when a federal judge in the US District Court of Eastern Virginia blocked 277 domains Now, Microsoft could take ownership of those domains completely In February, Microsoft went to the courts asking for a restraining order on 277 domains that were pushing Malware on behalf of the Waledec botnet http://www.secuobs.com/revue/news/256485.shtmlhttp://www.secuobs.com/revue/news/256485.shtml Secuobs.com : 2010-09-09 20:07:51 - The Tech Herald Security News - Adobe has confirmed active attacks on a new vulnerability in their Reader and Acrobat software, which if exploited, could lead to full system compromise The attacks, based on recent research, are using ROP Return Oriented Programming to bypass DEP and ASLR protections offered by Windows http://www.secuobs.com/revue/news/256484.shtmlhttp://www.secuobs.com/revue/news/256484.shtml Secuobs.com : 2010-09-09 19:56:36 - Bill Mullins' Weblog Tech Thoughts - Virtual CloneDrive is a small freeware application that allows you to mount image files, from a hard drive, as a virtual CD or DVD drive, just as if you had inserted the application into a physical CD DVD drive To explain briefly a disk image is a computer file containing the complete contents and structure of http://www.secuobs.com/revue/news/256483.shtmlhttp://www.secuobs.com/revue/news/256483.shtml Secuobs.com : 2010-09-09 19:54:25 - viaForensics viaForensics - Danny Lieberman explains why it is so difficult to prevent data breaches To summarize, he says Defenses don t improve your understanding of threats Security products firewall, IDS IPS, malware filters lag behind new threats, because they are reactive and have a much longer cycle than malware development Threats keep evolving quickly Any organization with significant data to protect identity http://www.secuobs.com/revue/news/256482.shtmlhttp://www.secuobs.com/revue/news/256482.shtml Secuobs.com : 2010-09-09 19:53:52 - Infosec Island Latest Articles - An active discussion on cloud computing use cases brings a somewhat more practical approach to what this service might offer to a company and how it might evolve over time Not everyone can use Salesforcecom or Google mail services, which are the most frequently cited examples of cloud computing http://www.secuobs.com/revue/news/256481.shtmlhttp://www.secuobs.com/revue/news/256481.shtml Secuobs.com : 2010-09-09 19:50:58 - CounterMeasures Security Privacy Trust - Hopefully regular readers of the blog will have noticed that I try to avoid using Countermeasures to push product However, this afternoon I have been offered 100 licence keys for our new Windows security software to give away to readers of the blog and I thought giving you free stuff was definitely something I should http://www.secuobs.com/revue/news/256480.shtmlhttp://www.secuobs.com/revue/news/256480.shtml Secuobs.com : 2010-09-09 19:47:02 - WhiteSpace - August was a busy month for IT security professionals Not only were they dealing with significant developments in malware threats, many experts were left dumbfounded by Intel s announcement that it would acquire McAfee While we are all trying to make sense of it all, only time will tell Here are some of the top endpoint http://www.secuobs.com/revue/news/256479.shtmlhttp://www.secuobs.com/revue/news/256479.shtml Secuobs.com : 2010-09-09 19:43:15 - Computer Security News - Just as Apple has released the iOS 41 update, iPhone hackers have found a new way to jailbreak the latest iOS that will be hard for Apple to patch http://www.secuobs.com/revue/news/256478.shtmlhttp://www.secuobs.com/revue/news/256478.shtml Secuobs.com : 2010-09-09 19:32:00 - LinuxSecurity.com Latest News - LinuxSecuritycom Mozilla released two new versions of its browser on Tuesday, Firefox 369 and Firefox 3512, to close 10 critical security vulnerabilities in each and to help Web site operators block a risk called clickjacking Firefox 369 is also available from CNET Downloadcom for Windows, Mac, and Linux http://www.secuobs.com/revue/news/256477.shtmlhttp://www.secuobs.com/revue/news/256477.shtml Secuobs.com : 2010-09-09 19:32:00 - LinuxSecurity.com Latest News - LinuxSecuritycom Small and medium-sized businesses are increasingly turning to cloud computing as an easier, cheaper alternative to in-house IT or shared and dedicated server hosting solutions And, they are finding social media to be an accessible, inexpensive way to build brands, distribute content, and assist customers http://www.secuobs.com/revue/news/256476.shtmlhttp://www.secuobs.com/revue/news/256476.shtml Secuobs.com : 2010-09-09 19:12:43 - Global Security Mag Online - A l'occasion du Festival du Jeu Vidéo qui se déroulera du 10 au 12 septembre à Paris, G Data fait un état des lieux des menaces liées aux jeux en ligne et donne les conseils pour que le jeu en ligne reste un plaisir Selon l'Interactive Software Federation of Europe, 253 millions de jeux ont été vendus dans le commerce de détail en Europe de l'Ouest en 2009 En ajoutant à cela une forte croissance de l'offre des jeux en ligne gratuits ou payants disponibles sur les plateformes de réseaux sociaux, il - Info Malwares http://www.secuobs.com/revue/news/256475.shtmlhttp://www.secuobs.com/revue/news/256475.shtml Secuobs.com : 2010-09-09 19:12:43 - Global Security Mag Online - GrIDsure dévoile les conclusions d'une enquête sur le télétravail réalisée auprès de plus de 100 employés français qui travaillent sur ordinateur L'étude révèle que 64pourcents d'entre eux considèrent le télétravail comme un critère essentiel dans le choix d'un nouvel emploi et un élément primordial dans l'appréciation de leur poste Pourtant, si le télétravail est fortement plébiscité par les employés interrogés, seuls 7pourcents d'entre eux y ont réellement accès Au cours des cinq dernières années, les employés sont devenus - Investigations http://www.secuobs.com/revue/news/256474.shtmlhttp://www.secuobs.com/revue/news/256474.shtml Secuobs.com : 2010-09-09 19:12:04 - F Secure Antivirus Research Weblog - Apple released iOS version 41 yesterday and it patches 24 security vulnerabilities 20 of the vulnerabilities are related to WebKit Two flaws that are of interest are related to image handling vulnerabilities that could allow for arbitrary code execution iOS Security Updates 20100908 Last month, JailbreakMe 20 was released which used a combination of two vulnerabilities CVE-2010-1797 and CVE-2010-2973 JailbreakMe users can patch CVE-2010-1797, the vulnerability exploited by a PDF document with maliciously crafted embedded fonts It should be interesting to see if patches for these new vulnerabilities will be developed as some of them could possibly be used with CVE-2010-2973, putting JailbreakMe users at risk to remote attack We've updated our spreadsheet indexing Apple's iOS Security Advisories XLSX There's an HTML version here Also of note iPhone enthusiasts have discovered a bootrom exploit that will allow for jailbreaking via a vulnerability embedded at the hardware level not remotely exploitable Hat tip to Chris Wysopal On 09 09 10 At 02 11 PM http://www.secuobs.com/revue/news/256473.shtmlhttp://www.secuobs.com/revue/news/256473.shtml Secuobs.com : 2010-09-09 19:08:17 - Crash Dump Analysis - Today we introduce an icon for Wait Chain general pattern B W Color - Dmitry Vostokov DumpAnalysisorg TraceAnalysisorg - Memory Dump It http://www.secuobs.com/revue/news/256472.shtmlhttp://www.secuobs.com/revue/news/256472.shtml Secuobs.com : 2010-09-09 19:05:56 - CNET France Spécial - C'est au tour d'Opera de proposer une mise à jour qui fixe plusieurs problèmes de sécurité et bugs divers C'est aussi l'occasion de découvrir comment le rendre compatible avec la recherche instanée de Google Lire l'article http://www.secuobs.com/revue/news/256471.shtmlhttp://www.secuobs.com/revue/news/256471.shtml Secuobs.com : 2010-09-09 19:05:31 - Les derniers documents du CERTA. - De multiples vulnérabilités affectent la famille des produits Cisco Wireless LAN Controller, nommés ci-après WLC http://www.secuobs.com/revue/news/256470.shtmlhttp://www.secuobs.com/revue/news/256470.shtml Secuobs.com : 2010-09-09 19:05:31 - Les derniers documents du CERTA. - Plusieurs vulnérabilités dans Apple iOS permettent à une personne malintentionnée de contourner la politique de sécurité ou d'exécuter du code arbitraire à distance http://www.secuobs.com/revue/news/256469.shtmlhttp://www.secuobs.com/revue/news/256469.shtml Secuobs.com : 2010-09-09 19:05:31 - Les derniers documents du CERTA. - Une vulnérabilité dans RSA Access Manager Server permet à un attaquant de contourner certaines restrictions dans la politique de sécurité http://www.secuobs.com/revue/news/256468.shtmlhttp://www.secuobs.com/revue/news/256468.shtml Secuobs.com : 2010-09-09 19:05:31 - Les derniers documents du CERTA. - Une vulnérabilité permettant de contourner la politique de sécurité a été découverte dans RSA Access Manager Agent http://www.secuobs.com/revue/news/256467.shtmlhttp://www.secuobs.com/revue/news/256467.shtml Secuobs.com : 2010-09-09 19:02:02 - threatpost The First Stop for Security News - Attackers are using a previously unknown exploitation technique that bypasses both ASLR and DEP to exploit the unpatched Adobe Reader bug that Adobe warned users about on Wednesday The exploit works on machines running either Windows Vista or Windows 7 and is also dropping a file on compromised machines that is signed using a stolen, valid digital certificate Shorten URL Click to copy short URL Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/256466.shtmlhttp://www.secuobs.com/revue/news/256466.shtml Secuobs.com : 2010-09-09 19:01:14 - Tactical Web Application Security - The Web Hacking Incident Database WHID is a project dedicated to maintaining a record of web application-related security incidents WHID s purpose is to serve as a tool for raising awareness of web application security problems and to provide information for statistical analysis of web application security incidents Unlike other resources covering web site security which focus on the technical aspect of the incident the WHID focuses on the impact of the attack Breach Security Labs is a WHID project contributor Report Summary Findings An analysis of the Web hacking incidents from the first half of 2010 performed by Trustwave s SpiderLabs Security Research team shows the following trends and findings A steep rise in attacks against the financial vertical market is occurring in 2010, and is currently the no 3 targeted vertical at 12 percent This is mainly a result of cybercriminals targeting small to medium businesses SMBs online banking accounts Corresponding to cybercriminals targeting online bank accounts, the use of Banking Trojans which results in stolen authentication credentials made the largest jump for attack methods Banking Trojans Stolen Credentials Application downtime, often due to denial of service attacks, is a rising outcome Organizations have not implemented proper Web application logging mechanisms and thus are unable to conduct proper incident response to identify and correct vulnerabilities This resulted in the no 1 unknown attack category WHID Top 10 Risks for 2010 As part of the WHID analysis, here is a current Top 10 listing of the application weaknesses that are actively being exploited with example attack method mapping in parentheses Hopefully this data can be used by organizations to re-prioritize their remediation efforts WHID Top 10 for 2010 1 Improper Output Handling XSS and Planting of Malware 2 Insufficient Anti-Automation Brute Force and DoS 3 Improper Input Handling SQL Injection 4 Insufficient Authentication Stolen Credentials Banking Trojans 5 Application Misconfiguration Detailed error messages 6 Insufficient Process Validation CSRF and DNS Hijacking 7 Insufficient Authorization Predictable Resource Location Forceful Browsing 8 Abuse of Functionality CSRF Click-Fraud 9 Insufficient Password Recovery Brute Force 10 Improper Filesystem Permissions info Leakages Download the full report and Join the live Trustwave Webinar Sept 16th Web Hacking Incidents Revealed Trends, Stats and How to Defend registration required http://www.secuobs.com/revue/news/256465.shtmlhttp://www.secuobs.com/revue/news/256465.shtml Secuobs.com : 2010-09-09 18:45:47 - Sh4ka.fr Security For Fun - Hier Mercredi 8septembre , s est déroulé le leetmore ctf à partir de 9h du matin et pour une durée de 24h J y ai participé comme à mon habitude avec l équipe francaise Nibbles, et nous avons finis premier Pour ceux qui veulent, le scoreboard et le graph d évolution du top 15 sont en ligne L objet de ce http://www.secuobs.com/revue/news/256464.shtmlhttp://www.secuobs.com/revue/news/256464.shtml Secuobs.com : 2010-09-09 18:40:34 - Slashdot Your Rights Online - wiredmikey writes In a recent investigation, it was discovered that cybercriminals are creating 57,000 new 'fake' websites each week looking to imitate and exploit approximately 375 high-profile brands eBay and Western Union were the most targeted brands, making up 44 percent of exploited brands discovered Visa, Amazon, Bank of America and PayPal also heavily targeted by cybercriminals Banks comprise the majority of fake websites by far with 65 percent of the total Online stores and auction sites came in at 27 percent, with eBay taking the spot as the No 1 most targeted brand on the Web today IMAGE IMAGE Read more of this story at Slashdot IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/256463.shtmlhttp://www.secuobs.com/revue/news/256463.shtml Secuobs.com : 2010-09-09 18:28:15 - ITAC Blog - Many believe that youth today have become too dependent on mom and dad s credit cards As a result, things are given to them way too easily While this mindset may have shifted over the past few years heck, mom and dad can no longer buy unnecessary junk for their kids the home http://www.secuobs.com/revue/news/256462.shtmlhttp://www.secuobs.com/revue/news/256462.shtml Secuobs.com : 2010-09-09 18:27:56 - SANS Internet Storm Center InfoCON green - more http://www.secuobs.com/revue/news/256461.shtmlhttp://www.secuobs.com/revue/news/256461.shtml Secuobs.com : 2010-09-09 18:25:57 - ha.ckers.org web application security lab - 13 posts left The post I did a few days ago apparently resonated with a lot of people So I decided to do a quick follow up If a true ecosystem is not like two guys being chased by a bear in the woods, what is it like I think the closest real http://www.secuobs.com/revue/news/256460.shtmlhttp://www.secuobs.com/revue/news/256460.shtml Secuobs.com : 2010-09-09 18:25:12 - Hack a Day - Irongeekcom is hosting an online class on password exploitation The event was a fundraiser called ShoeCon, but they are hosting the entire series for everyone to share Not only are the videos there, but you can download the powerpoint slides as well There is a massive amount of information here on various topics like Hashcat, http://www.secuobs.com/revue/news/256459.shtmlhttp://www.secuobs.com/revue/news/256459.shtml Secuobs.com : 2010-09-09 18:23:08 - Graham Cluley's blog - We're seeing many messages right now being posted from the accounts of Facebook users saying Cheerleaders gone wild - have to see this accompanied by the image of a midriff-baring cheerleader carrying two pom-poms If that's enough to tempt you into investigating further, you may well click on the link which will take you to the following Facebook http://www.secuobs.com/revue/news/256458.shtmlhttp://www.secuobs.com/revue/news/256458.shtml Secuobs.com : 2010-09-09 18:22:45 - Zero Day Blog RSS ZDNet - The iOS 41 update includes fixes for a total of 24 documented security holes, most in the open-source WebKit rendering engine http://www.secuobs.com/revue/news/256457.shtmlhttp://www.secuobs.com/revue/news/256457.shtml Secuobs.com : 2010-09-09 18:21:11 - Security Bloggers Network - Beta tests are always popular with gamers, and it seems some unscrupulous individuals are stepping up their campaign to make some easy money A site called gamertestingground dot com has been the subject of complaints for some time now see an o http://www.secuobs.com/revue/news/256456.shtmlhttp://www.secuobs.com/revue/news/256456.shtml Secuobs.com : 2010-09-09 18:18:56 - Help Net Security News - Cisco WLCs and Cisco WiSMs are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service, and mobility These devices co http://www.secuobs.com/revue/news/256455.shtmlhttp://www.secuobs.com/revue/news/256455.shtml Secuobs.com : 2010-09-09 18:18:56 - Help Net Security News - Adobe has released a security advisory warning users about a newly discovered 0-day vulnerability that has already been spotted getting exploited in the wild The flaw affects all current version http://www.secuobs.com/revue/news/256454.shtmlhttp://www.secuobs.com/revue/news/256454.shtml Secuobs.com : 2010-09-09 18:14:05 - PenTestIT - We had written about DVWA or the Damn Vulnerable Web App here Now, many additions and improvements later, the author has released a version 107 Damn Vulnerable Web App DVWA is a PHP MySQL web application that is damn vulnerable Its main goals are to be an aid for security professionals http://www.secuobs.com/revue/news/256453.shtmlhttp://www.secuobs.com/revue/news/256453.shtml Secuobs.com : 2010-09-09 18:13:37 - Office of Inadequate Security - Attorney Andy Serwin writes California Penal Code Section 502 regulates unauthorized access to computers and computer networks and has implications for employers with employees in California It is an offense if any person knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order http://www.secuobs.com/revue/news/256452.shtmlhttp://www.secuobs.com/revue/news/256452.shtml Secuobs.com : 2010-09-09 18:13:37 - Office of Inadequate Security - If you re supposed to report a breach to the state of California, you d darn well better report it in a timely fashion HealthLeaders Media reports that Lucile Salter Packard Children s Hospital at Stanford University has been fined 250,000 by the California Department of Public Health for failing to report a patient records breach by April 23 The http://www.secuobs.com/revue/news/256451.shtmlhttp://www.secuobs.com/revue/news/256451.shtml Secuobs.com : 2010-09-09 18:08:35 - Neil MacDonald - I ve written multiple times on the power of whitelisting default deny for applications running on end-user workstations and servers I am convinced that whitelisting should be foundational in our strategy for securing endpoints So far, the application control vendors have focused on whitelisting what applications are allowed to run This is straightforward in concept, but more http://www.secuobs.com/revue/news/256450.shtmlhttp://www.secuobs.com/revue/news/256450.shtml Secuobs.com : 2010-09-09 18:04:45 - Off by On - Last week I mentioned security issues with Twitter This week it's a spamming vulnerability in Facebook So no matter which social media avenue you take it looks like spam will still be an issue Lovely Of course, you could just skip the whole social media experiment and just read PDFs all day Whoops, turns out Adobe announced another PDF security hole Ah well http://www.secuobs.com/revue/news/256449.shtmlhttp://www.secuobs.com/revue/news/256449.shtml Secuobs.com : 2010-09-09 18:01:33 - Infosec Island Latest Articles - Within a short time frame, two years at the most, the security industry will no longer be dominated by the handful of large security vendors, Symantec, McAfee, RSA the Security Division of EMC, or IBM It will be dominated by large defense contractors http://www.secuobs.com/revue/news/256448.shtmlhttp://www.secuobs.com/revue/news/256448.shtml Secuobs.com : 2010-09-09 17:59:53 - Exploit DB updates - http://www.secuobs.com/revue/news/256447.shtmlhttp://www.secuobs.com/revue/news/256447.shtml Secuobs.com : 2010-09-09 17:55:44 - Security Labs - Last week, the media picked up that the Google Code project Web site is used to host malicious files I decided to have a look at what kinds of malicious Web-based code Threatseeker has detected on the site In particular, one interesting example came up one of the pages hosted on Google Code was a PHP-based Web console code - you might ask, what's a Web console It's a Web tool that enables its user to control remote shells - it's like telling a remote-controlled host what to do via the Web So the one we've got is certainly one used by the baddies and is known by the name of r57shell I just want to be clear that remote PHP shells can be used by black-hats and also by penetration testers This variant was developed by the black-hat community and is also known to be backdoored, which means that some versions are planted with backdoor code, so users of this software themselves are exposed to an attack Here are some screen-shots of the Web console code and the various options it offers This code is located at http removed googlecodecom svn removed webshells r57shellphp When browsing the project's SVN, a whole set of penetration and black hat tools is revealed, of which some are also Trojan files It looks like the person that initiated this project tried to stay anonymous, as every link to the author's Web site was inactive However, looking at the Wiki page of the project revealed some interesting information The repository also contains a text file with a list of 50,000 compromised MySpace accounts below is a screenshot of a small part of it However, this list hosted by Google isn't new, as it has been circulating from around 2007 in the underground black-hat community and initially sold for a price, until it surfaced and revealed by the white-hat community One of the staggering facts is that this project has been hosted on Google Code since 2007 last updated on Februrary 2010 In conclusion, we saw that the Google Code Web site isn't just used to host malicious files, but is also used to host malicious Web content and tools Abusing Google's services isn't new with so many offered services as a platform, it follows that attackers will naturally use and abuse it, but it certainly looks like it doesn't have to be through the back door Coming though the front one can also be an easy option http://www.secuobs.com/revue/news/256446.shtmlhttp://www.secuobs.com/revue/news/256446.shtml Secuobs.com : 2010-09-09 17:55:44 - Security Labs - A new critical vulnerability has been discovered in Adobe Reader that can be exploited by malicious content The vulnerability could crash the reader due to a stack buffer overflow bug, which then potentially allows an attacker to run malicious code on the user's computer This vulnerability is reported to be widely exploited and the exploit has been added to MetaSploit, therefore the severity is critical http twittercom hdmoore status 23982529312 All 934 and earlier versions of Adobe Reader are affected including Windows, Macintosh and Unix ones The vulnerability is relying on a buffer boundary checking issue in the font parsing code in the cooltypedll file Adobe is currently evaluating the schedule for an update The sample has been detected by many antivirus products http wwwvirustotalcom file-scan reporthtml id d55aa45223606db795d29ab9e341c1c703e5a2e26bd98402779f52b6c2e9da2b-1284031469 This sample checks the version of Adobe Reader and sprays different shellcodes for different versions If it is not satisfied with the version number then it displays an alert Please update your PDF viewer software The exploit code in the vulnerable PDF file The shellcode then downloads a fake antivirus onto the user's computer http wwwvirustotalcom file-scan reporthtml id d6d089fcbd886363cfbc23c237cab8d99d5033eff9f6a4a3eeb95e32f5b80113-1283836305 The security advisory from Adobe http wwwadobecom support security advisories apsa10-02html We have proved that ACE is protecting against the samples we have seen so far http://www.secuobs.com/revue/news/256445.shtmlhttp://www.secuobs.com/revue/news/256445.shtml Secuobs.com : 2010-09-09 17:51:07 - usken.no VoIP news - Xtranormalcom is an easy way to make simpel videos You can see mine about telecom fraud here 37 seconds Enjoy http://www.secuobs.com/revue/news/256444.shtmlhttp://www.secuobs.com/revue/news/256444.shtml Secuobs.com : 2010-09-09 17:47:58 - SecurityCurve - I m a huge fan of Security Park I don t know if you subscribe to it or not, but it s a security news outlet in the UK I happen to like it because they cover both physical and information security and the physical side is something most of the other outlets don t cover Anyway, today I http://www.secuobs.com/revue/news/256443.shtmlhttp://www.secuobs.com/revue/news/256443.shtml Secuobs.com : 2010-09-09 17:42:19 - Network World on Security - As expected, Apple today released the iOS 41 update for its iPhone and iPod Touch and patched two dozen security vulnerabilities in its mobile operating system http://www.secuobs.com/revue/news/256442.shtmlhttp://www.secuobs.com/revue/news/256442.shtml Secuobs.com : 2010-09-09 17:42:19 - Network World on Security - Four months ago, amidst a backlash from government regulators and privacy advocates, Google stopped collecting Wi-Fi data with its Street View cars But that doesn't mean Google has stopped collecting wireless data altogether, and neither have other companies such as Apple http://www.secuobs.com/revue/news/256441.shtmlhttp://www.secuobs.com/revue/news/256441.shtml