InfoSec Daily Podcast Episode 607 for February 29, 2012. Tonight's podcast is hosted by Rick Hayes, Dave Kennedy, Boris Sverdlik, Beau Woods, Adrian Crenshaw, Karthik Rangarajan, Geordy Rostad, Themson Mester, Dr. Bonez, and Varun Sharma.
Announcements:
Social Engineering Training When: March 5-9, 2012
Where: Seattle, Washington When: July 21-24, 2012
Where: Black Hat Vegas When: August 20-24, 2012 Where: Bristol, UK When: November 12-16, 2012
Linuxfest Northwest 2012 When: Saturday, April 28th-29th, 2012 Where: Bellingham Technical College – Bellingham, WA http://www.linuxfestnorthwest.org/ CFP now open!
AIDE 2012 When: May 21-25, 2012 Where: MU Forensic Science Center Huntington, West Virginia http://aide.marshall.edu
LayerOne 2012 When: May 26-27, 2012 Where: Clarion Hotel – Anaheim, CA http://www.layerone.org CFP now open!
Defcon 20 When: July 26-29, 2012 Where: Rio Hotel and Casino – Las Vegas, NV http://defcon.org/ CFP & Room reservations now open!
DerbyCon 2012 – The “Deuce” Reunion When: September 27-30, 2012 Where: Louisville, KY http://www.derbycon.com
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go tohttp://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
Pentest Lessons:
During a pentest, if you upload a web shell to a website, at least password protect it so someone else does not make use of it too.
If you tell the customer you will have their report on a particular date, then you better make every effort to make that deadline!
After a pentest, make sure you clean up after yourself (i.e. do not leave the systems worse than you found them).
Popping a server with the same account as the one you previously created, the year before, is probably more than just cheating.
If you IP is included in the assessment scope (internal NVA/PT), make sure to remove any findings from the report that relate to your box.
When performing a pentest, make sure that the box you are targeting is not your box (or a VM on your box).
Always back up your pentest/assessment data. You never know when the hard-drive in your system will decide to die!
Forcing a criminal suspect to decrypt hard drives so their contents can be used by prosecutors is a breach of the Fifth Amendment right against compelled self-incrimination, a federal appeals court ruled Thursday.
It was the nation’s first appellate court toissue such a finding. And the outcome comes a day after a different federal appeals court refused to entertain an appeal from another defendant ordered by a lower federal court to decrypt a hard drive by month’s end.
Thursday’s decision by the 11th U.S. Circuit Court of Appeals said that an encrypted hard drive is akin to a combination to a safe, and is off limits, because compelling the unlocking of either of them is the equivalent of forcing testimony.
The case at hand concerns an unidentified “Doe” defendant believed to be in possession of child pornography on 5 terabytes of data on several drives and laptops seized in a California motel with valid court warrants.
The Atlanta-based circuit held: First, the decryption and production of the hard drives would require the use of the contents of Doe’s mind and could not be fairly characterized to a physical act that would be non-testimonial in nature. We conclude that the decryption and production would be tantamount to testimony by Doe of his knowledge of the existence and location of potentially incriminating files; of his possession, control and access to the encrypted portions of the drives; and of his capability to decrypt the files.
The court added: “Requiring Does to use a decryption password is most certainly more akin to requiring the production of a combination because both demand the use of the contents of the mind, and the production is accompanied by the implied factual statements noted above that could prove to be incriminatory.” ….
Linuxfest Northwest 2012 When: Saturday, April 28th-29th, 2012 Where: Bellingham Technical College – Bellingham, WA http://www.linuxfestnorthwest.org/ CFP now open!
AIDE 2012 When: May 21-25, 2012 Where: MU Forensic Science Center Huntington, West Virginia http://aide.marshall.edu
LayerOne 2012 When: May 26-27, 2012 Where: Clarion Hotel – Anaheim, CA http://www.layerone.org CFP now open!
Defcon 20 When: July 26-29, 2012 Where: Rio Hotel and Casino – Las Vegas, NV http://defcon.org/ CFP & Room reservations now open!
DerbyCon 2012 – The “Deuce” Reunion When: September 27-30, 2012 Where: Louisville, KY http://www.derbycon.com
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go tohttp://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
Stories
Source: http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=688 When a hacker manages to penetrate Air Force computer networks, it generally takes experts more than a month to piece together what went wrong. A forensics investigation into a network breach lasts an average of 45 days, said Arthur L. Wachdorf, senior advisor for intelligence and cyber-operations for the 24th Air Force, the organization that operates and defends the service’s networks. “That’s way better than we used to be, but that’s not tactically acceptable,” he told an AFCEA information technology conference in Tysons Corner, Va. The Air Force needs hardware and software that leaves no back doors to the network open, officials said. Currently, if hackers find a hole they can unload “truckloads of information” without the service even knowing they were even on the network, said Lt. Gen. Marc Rogers, inspector general of the Air Force. Officials asked for industry help to improve its ability to watch over the network and detect and respond to unauthorized activity. “We can do some but not enough,” Rogers said. “All of our cyber-moats and fort walls and locks and doors we build aren’t quite good enough.” Companies looking for business opportunities in this arena should turn to Air Force Space Command. “That’s where we’re going to spend our money,” said Lt. Gen. William Lord, chief of warfighting integration and chief information officer of the Air Force. …. Source: http://www.symantec.com/about/news/release/article.jsp?prid=20120215_01 Norton teamed up with independent research firm Sperling’s BestPlaces to uncover the nation’s top 10 cities that have the highest number of cybercrime risk factors.
This year marks the second time Norton and Sperling’s BestPlaces have collaborated to highlight the various factors that contribute to potential risk.
The Top 10 Riskiest Online Cities in the U.S. are:
#1 – Washington, D.C. #2 – Seattle #3 – San Francisco #4 – Atlanta #5 – Boston #6 – Denver #7 – Minneapolis #8 – Sacramento, Calif. #9 – Raleigh, N.C. #10 – Austin, Texas
Cities with the greatest risk factors do not necessarily correlate with the highest infection rates, reflecting the fact that many consumers are taking precautions to keep themselves safe. …. Source: http://www.forbes.com/sites/jodywestby/2012/02/27/cyber-legislation-will-cost-businesses-and-hurt-economy/ Most businesses have paid little attention to the sweeping cybersecurity legislation introduced on Valentine’s Day by Senators Lieberman, Collins, Rockefeller, and Feinstein, even though it could be one of the most expensive and intrusive pieces of legislation proposed since Sarbanes-Oxley. Intended to help protect the nation against a major cyber attack by improving the security and resiliency of the computer systems of critical infrastructure companies, theCybersecurity Act of 2012 (S. 2105) actually would put a federal agent inside most of these businesses’ data centers and require assessments and reporting that could make Sarbanes-Oxley seem inexpensive.
Since 1998, the number of critical infrastructure sectors, now designated byHomeland Security Presidential Directive-7, has grown from six to eighteen, encompassing a huge number of U.S. businesses. Each designated sector is aligned with a federal agency (referred to as aSector-Specific Agency) that is tasked with identifying key risks and vulnerabilities associated with systems and assets within the sector. For example, the banking and financial sector is assigned to the Treasury Department, electricity grids are assigned to the Energy Department, and transportation systems are assigned to the Department of Transportation and Coast Guard. This coupled and stove-piped approach has not been emulated globally because it is not sustainable and, for the most part, cyber attacks are not sector-specific – they involve civilians and rapidly spread across sectors. …. Source: http://www.h-online.com/security/news/item/PostgreSQL-updates-close-security-holes-1444327.html ThePostgreSQL development team has published updates for all actively supported branches of its open source relational database to fix bugs and close security holes found in the previous releases. Versions 9.1.3, 9.0.7, 8.4.11 and 8.3.18 correct a problem that prevented permission checks from being performed and a bug that may result in the successful verification of a spoofed SSL certificate. An input sanitisation error that could be used to execute code when loading a pg_dump file has also been fixed.
These vulnerabilities could be exploited by an attacker to bypass some security restrictions or conduct spoofing attacks and manipulate data. Versions up to and including 9.1.2, 9.0.6, 8.4.10 and 8.3.17 are affected; all users are advised to upgrade.
Further information about the updates, including a full list of fixes and changes, can be found in the9.1.3,9.0.7,8.4.11 and8.3.18 release notes. The new versions of PostgreSQL are available todownload from the project's site.Source code for PostgreSQL is made available under the terms of thePostgreSQL License, described as "a liberal open source licence, similar to the BSD or MIT licences". …. Source: http://www.wtol.com/story/17011513/noris-computer-system-shut-down-over-virus A critical computer network is down after falling victim to a sophisticated worm. Friday, that system is down for the third day, impacting about 200 different agencies, including police departments, jails and courts all over northwest Ohio. A computer worm infected the Northwest Ohio Regional Information System this week, causing a shutdown of the system Wednesday. It is still unclear what caused the problem, but system administrators believe it was unlikely from hacking. The Toledo Police Department uses the system to check for warrants, criminal histories, mug shots and other records on their laptops while patrolling. The TPD said they do have other systems to use for accessing records while experts from NORIS work around the clock to fix the problem, but it is slowing down their work. "We're unable to run records, checks license plates and other things of that nature through NORIS. We have other means of doing it, but this clearly is slowing us down," explained Sgt. Kelly Thibert of the Oregon Police Department. The Toledo Municipal Court has a fully computerized record-keeping system, but is having trouble without case numbers. In fact, three dozen workers stayed home Friday. Court proceedings did go on as planned Friday with information recorded by hand, but it will all need to be entered into the system once the problem is resolved. "Unfortunately, this is having a major impact on our operations. This is the one thing we were told could not happen to us and it has happened to us," said Vallie Bowman-English, a clerk at the Toledo Municipal Court. Technicians at NORIS headquarters are working nonstop to battle the worm, in what has essentially become a game of whack-a-mole. "Our virus protection software identifies it and says it's removing it, but it's actually popping back up," explained System Director Pat Wright. While still unsure what caused the worm, Wright is confident NORIS was not hacked. "We do not know patient zero where it popped up. It kind of showed up on a bunch of desktops at once," said Wright. Technicians are working on bring servers online one by one. If that strategy fails, they may need to rebuild the entire system from scratch. ….
Linuxfest Northwest 2012 When: Saturday, April 28th-29th, 2012 Where: Bellingham Technical College – Bellingham, WA http://www.linuxfestnorthwest.org/ CFP now open!
AIDE 2012 When: May 21-25, 2012 Where: MU Forensic Science Center Huntington, West Virginia http://aide.marshall.edu CFP now open! If you have some Anti-Forensics talks, that would be awesome.
LayerOne 2012 When: May 26-27, 2012 Where: Clarion Hotel – Anaheim, CA http://www.layerone.org CFP now open!
Defcon 20 When: July 26-29, 2012 Where: Rio Hotel and Casino – Las Vegas, NV http://defcon.org/ CFP & Room reservations now open!
DerbyCon 2012 – The “Deuce” Reunion When: September 27-30, 2012 Where: Louisville, KY http://www.derbycon.com
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go tohttp://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
Microsoft has performed an about-turn in India and revealed that a recent hack of its online store may have compromised credit card details belonging to customers in the country. When the Microsoft India Store washacked earlier this month, the company emailed its customers to assure them that “databases storing credit card details and payment information were not affected during this compromise”. However, it now appears that this is incorrect. As Wall Street Journal columnist Amit Agarwal writes on his own blog, a new update from Microsoft, which was sent to its customers today, has rather different news:
Further detailed investigation and review of data provided by the website operator revealed that financial information may have been exposed for some Microsoft Store India customers.
Furthermore, the store itself is still down, some two weeks after the incident, suggesting that there are serious problems afoot.
As Facebook grows ever bigger, its popularity among persons seeking financial gains through digital deception increases commensurately. Witness the lawsuit filed this week by Washington State Attorney General Rob McKenna against the co-owners of Adscend Media, LLC. The complaint alleges that the ad network operated by Adscend Media was intended to “encourage others to spread spam through misleading and deceptive tactics.”
Foremost among these tactics was “life-jacking“ which is a variation on “click-jacking” or tricking people into clicking links that do something other than what the clicker expects. Because legitimate companies often pay ad agencies “per click” for the display of digital ads or delivery of website traffic, a click-jacking scam rips-off the advertiser and may also deceive the ad agency that bought traffic or clicks on behalf of the advertiser, not to mention deceiving the consumer who does the clicking. This fraudulent triple-play can be very profitable. If you recall the DNSchanger scam to which the FBI put an end last November, the estimated profits were $14 million in just a few years. The click-jacking revenue figure quoted In the Adscend complaint is “gross monthly revenues of up to $1.2 million.”
For details of this scam, check out the news release from the Washington State Office of the Attorney General. Because “likes” on Facebook have considerable perceived value to advertisers, a variety of fraudulent techniques were used to generate clicks on the "Like" button, including bogus “Click here to continue” links. Facebook users temped by such salacious News Feed posts as “OMG! See what happened to his Ex Girlfriend”were fed a series of intermediary pages that harvested clicks and Likes while never presenting the promised content. At the same time, their friends were being fed links to the same bogus pages to spread and perpetuate the scam. There is an excellent description of the entire business model in the fascinatingAdscend complaint filed in U.S. District Court, Seattle (pdf file).
A report from Mac security specialistIntego describes the Mac Flashback trojan as malware that “patches web browsers and network applications essentially to search for user names and passwords.” The assumption is that the target is bank details for immediate use, and passwords for longer term use. “Hint:” says Intego, “don’t use the same password for all websites!” Intego first reported on this Flashback variant earlier this month, but has now seen increasing signs of its success.
If the trojan cannot install itself directly – for example if Java is fully patched – Flashback attempts to trick the user into doing so. An “applet displays a self-signed certificate, claiming to be issued by Apple. Most users won’t understand what this means, and click on Continue to allow the installation to continue.” But the trojan won’t attempt to install itself if the Mac has anti-virus. “It seems that the malware writers feel it is best to avoid Macs where the malware might be detected, and focus on the many that aren’t protected.”
Apart from attempting to steal user credentials, Flashback also introduces instability causing a number of applications such as Safari and Skype to crash, “because the injected code interferes with the program making it unstable.” The two defenses are to install anti-virus and keep applications such as Java fully patched – advice that should be heeded by all computer users all of the time. Mac users, however, should also take this as a warning that Macs are not as secure as their reputation suggests. …. Source: http://www.networkworld.com/news/2012/022712-crowdstrike-ceo-to-reveal-major-256617.html
A significant vulnerability affecting all versions of the Webkit mobile browser could give malware complete control of your phone. The malware could listen in on your conversations, view through your camera and record everything in your email and messages. It can also track your locations at the time. George Kurtz, CEO of the new security company CrowdStrike, has told CSO he'll demonstrate how the vulnerability works at a presentation at RSA Wednesday.
According to Kurtz, the new vulnerability affects all Android, iOS and newer BlackBerry devices. It does not affect devices running Microsoft Windows Phone 7. Kurtz said this means virtually every smartphone and tablet in use globally shares this vulnerability. Worse, security software currently available for mobile devices won't detect such malware and won't protect against it.
Facebook admitted reading text messages belonging to smartphone users who downloaded the social-networking app and said that it was accessing the data as part of a trial to launch its own messaging service, The (London) Sunday Times reported.
Other well-known companies accessing smartphone users' personal data – such as text messages – include photo-sharing site Flickr, dating site Badoo and Yahoo Messenger, the paper said.
It claimed that some apps even allow companies to intercept phone calls – while others, such as YouTube, are capable of remotely accessing and operating users' smartphone cameras to take photographs or videos at any time. Security app My Remote Lock and the app Tennis Juggling Game were among smaller companies' apps that may intercept users' calls, the paper said. Emma Draper, of the Privacy International campaign group, said, "Your personal information is a precious commodity, and companies will go to great lengths to get their hands on as much of it as possible."
Facebook statement: "Facebook is currently running a limited test of mobile features which integrate with SMS functionality. SMS read/write is not currently implemented for most users of the mobile app. As part of this test, we declared the presence of that functionality within our app store permissions starting with the 1.7 version of our application. If Facebook ultimately launches any feature that makes use of these permissions, we will ensure that this is accompanied by appropriate guidance/educational materials." ….
Episode 604 – Weekly wrap up with Dr. b0n3z InfoSec Daily Podcast Episode 604 for February 25, 2012. Tonight's podcast is hosted by Dr. Bonez and Boris Sverdlik.
Guests: aricon, oncee, and spridel
Announcements:
Social Engineering Training When: March 5-9, 2012
Where: Seattle, Washington When: July 21-24, 2012
Where: Black Hat Vegas When: August 20-24, 2012 Where: Bristol, UK When: November 12-16, 2012
Linuxfest Northwest 2012 When: Saturday, April 28th-29th, 2012 Where: Bellingham Technical College – Bellingham, WA http://www.linuxfestnorthwest.org/ CFP now open!
AIDE 2012 When: May 21-25, 2012 Where: MU Forensic Science Center Huntington, West Virginia http://aide.marshall.edu CFP now open! If you have some Anti-Forensics talks, that would be awesome.
LayerOne 2012 When: May 26-27, 2012 Where: Clarion Hotel – Anaheim, CA http://www.layerone.org CFP now open!
Defcon 20 When: July 26-29, 2012 Where: Rio Hotel and Casino – Las Vegas, NV http://defcon.org/ CFP & Room reservations now open!
DerbyCon 2012 – The “Deuce” Reunion When: September 27-30, 2012 Where: Louisville, KY http://www.derbycon.com
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go tohttp://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
Stories
Pentest Lessons: 1.When performing a pentest, make sure that the box you are targeting is not your box (or a VM on your box). 2. If you IP is included in the assessment scope (internal NVA/PT), make sure to remove any findings from the report that relate to your box. 3. After a pentest, make sure you clean up after yourself (i.e. do not leave the systems worse than you found them). 4. If you tell the customer you will have their report on a particular date, then you better make every effort to make that deadline!
Source: https://community.rapid7.com/community/metasploit/blog/2012/02/22/metasploit-42-released Since our last release in October, we've added 54 new exploits, 66 new auxiliary modules, 43 new post-exploitation modules, and 18 new payloads — that clocks in at just about 1.5 new modules per day since version 4.1. Clearly, this kind of volume is way too much to detail in a single update blog post. Of course, you could just dive in and download the latest version to get started. In the meantime, here are the highlights for this latest release of Metasploit.
IPv6 Coverage Virtualization as an Attack Vector New Resource Scripts The Ghost of Updates Past Details and Availability For detailed information on this release, check out Jcran's most excellent release notes. To start playing with the shiny new Metasploit 4.2, download your free copy now. …. Source: https://community.rapid7.com/community/metasploit/blog/2012/02/21/metasploit-javascript-keylogger Rarely does a week go by without a friend or family member getting their login credentials compromised, then reused for malicious purposes. My wife is always on the lookout on Facebook, warning relatives and friends to change their passwords. Many people don't understand how their credentials get compromised. Password reuse on several websites is usually the culprit. Password reuse is a problem even if the website encrypts the passwords in their databases. An attacker only needs to insert some evil code, and allow it to do the work for them.
So I sat down a couple of weeks ago and wrote a Metasploit based Javascript keylogger from scratch. I have to give props to Wei, Tod, and HD for motivation and help with fine tuning the module. Adding exploitation techniques to Metasploit solves any scalability and deploy-ability issues. James "@egyp7" Lee presented a talk at the last BSides Las Vegas, on why it makes sense to develop these types of tools using Metasploit. The reason is Metasploit has tons of code that you can reuse to build anything, almost like Lego blocks. The Metasploit Javascript Keylogger sets up a HTTP/HTTPS listener which serves the Javascript keylogger code and captures the keystrokes over the network. I've include a demo page within the module for testing purposes. Just enter "set DEMO true" during module setup as you can see below to activate the demo page. To access the demo page, just append "/demo" to the URL provided. …. Source:https://www.secmaniac.com/blog/2012/02/20/the-social-engineer-toolkit-set-3-0-wethrowbaseballs-has-been-released/ Greetings all. I’m excited to release the 3.0 version of the Social-Engineer Toolkit (SET) Codename “#WeThrowBaseballs”. This release has been one of the most challenging ones thus far with the largest changelog, code rehaul, and features. I’ve literally been working on this for a solid three months. Please note that this is a major rehaul on the existing codebase, there are bound to be bugs. Please report bugs to davek [at] secmaniac.com. There’s really way to much to cover on whats changed but here are a couple of major highlights (also check out the video!). It’s truly humbling and inspiring to see how far SET has gone as being a tool used by virtually every penetration tester and security-minded folks. Could have never envisioned what it’s turned into and can’t thank everyone enough for the support.
1. Support for Windows – Tested on XP, Windows 7, and Windows Vista. Note that the Metasploit-based payloads to not work yet – when SET detects Windows they will not be shown only RATTE and SET Shell 2. New attack vector added – QRCode Attack – Generates QRCodes that you can direct to SET and perform attacks like the credential harvester and Java Applet attacks 3. Improved A/V avoidance on the SETShell and better performance. I’ve also fixed the non-encrypted communications when AES was not installed 4. Added a number of improvements and enhancements to all aspects of SET including major rehauls of the coding population and moved from things like subprocess.Popen(“mv etc.”) to shutil.copyfile(“etc”) 5. Rehauled SET Interactive Shell and RATTE to support Windows 6. New Metasploit exploits added to SET …
InfoSec Daily Podcast Episode 603 for February 24, 2012. Tonight's podcast is hosted by Rick Hayes, Boris Sverdlik, Karthik Rangarajan, Geordy Rostad, and Dr. Bonez.
Announcements:
Social Engineering Training When: March 5-9, 2012
Where: Seattle, Washington When: July 21-24, 2012
Where: Black Hat Vegas When: August 20-24, 2012 Where: Bristol, UK When: November 12-16, 2012
Linuxfest Northwest 2012 When: Saturday, April 28th-29th, 2012 Where: Bellingham Technical College – Bellingham, WA http://www.linuxfestnorthwest.org/ CFP now open!
AIDE 2012 When: May 21-25, 2012 Where: MU Forensic Science Center Huntington, West Virginia http://aide.marshall.edu CFP now open! If you have some Anti-Forensics talks, that would be awesome.
LayerOne 2012 When: May 26-27, 2012 Where: Clarion Hotel – Anaheim, CA http://www.layerone.org CFP now open!
Defcon 20 When: July 26-29, 2012 Where: Rio Hotel and Casino – Las Vegas, NV http://defcon.org/ CFP & Room reservations now open!
DerbyCon 2012 – The “Deuce” Reunion When: September 27-30, 2012 Where: Louisville, KY http://www.derbycon.com
Thanks to everyone that has purchased products from Amazon through the affiliate program. If you’re not familiar with the affiliate program, simply go tohttp://www.isdpodcast.com and locate the Affiliate Program link on the right hand side.
Stories
Source: http://www.siliconrepublic.com/strategy/item/25941-high-numbers-of-irish-firms Almost two-thirds of Irish businesses in a survey said staff members have sent confidential business information over email. Of the total 63pc, 35pc had sent out proprietary company details by email, and 28pc had sent customers’ financial or identity information the same way. Almost one in four respondents (23pc) said they had to discipline an employee for sending confidential business information over email, and in 4pc of cases such an incident led to dismissal. Some 200 Irish IT executives were polled for the survey carried out by iReach on behalf of the IT distributor DataSolutions. The research was split into two parts, covering intrusion prevention from external threats and data loss caused by the accidental or intentional actions of internal personnel. The survey also suggests that as many as 14,000 Irish businesses have had their data compromised. The figure was arrived at by using the total number of active Irish enterprises as registered with the Central Statistics Office and the survey finding that 7pc of respondents admitted their data had been compromised. In this case, respondents were asked the question: “There have been a lot of high-profile hacks recently – has your data ever been compromised or lost?” ….
Source: http://www.darkreading.com/authentication/167901072/security/encryption/232601373/survey-post-it-notes-spreadsheets-used-to-manage-digital-certificates.html Certificate authorities (CA's) are still reeling from the wave of hacks against them over the past year. And it turns out their most of their customers are struggling to keep on top of their SSL certificates despite the increased threats. A new survey found that 54 percent of organizations say they don't have a complete or correct accounting of their SSL certificates, and 44 percent manage their lifecycle manually — with Post-It notes and spreadsheets. Michael Osterman, president of Osterman Research, which was commissioned by key management vendor Venafi to conduct the survey, says he was shocked by the lack of a sense of urgency about properly managing and protecting digital certificates. "Organizations are already behind in properly managing their certificate population via manual policies. With the expected growth in certificates, we anticipate more incursions, certificate breaches and other risks than we saw in 2011," he said in a statement.
The survey of 174 IT and IT security pros had several red flags about digital certificate management. Some 72 percent of organizations don't have an automated process in place in case their CA is hacked, so they can't automatically replace digital certificates. The risk there, of course, is a website or application outage in the event of an expired certificate. Many (46 percent) can't even generate a report on digital certificates that are about to expire; it's a manual process to track certs that are reaching their expiration date. ….
Source: http://www.net-security.org/malware_news.php?id=2013 From 2010 to 2011, Android officially overtook Symbian as the most targeted mobile platform in the world by cyber criminals, according to NQ Mobile.
In 2011, newer and more advanced forms of malware have successfully infected an estimated 10.8 million Android devices worldwide. This is expected to increase throughout 2012.
"Smartphones and tablets are finally delivering consumers with these converged and connected experiences we've been promised for so long," says Omar Khan, Co-CEO NQ Mobile. "But this is a double edged sword: as smart device usage becomes more sophisticated, so too are cyber criminals' methods of attacking consumers' personal information."
Key findings for 2011: Malware threats to Android devices increased 1880 percent from January to December 2011 More than 10.8 million Android devices worldwide were infected by malware The top countries with infected Android devices were China, India, the United States of America, Russia and the United Kingdom. …. Source: http://secday.blogspot.in/2012/02/skype-cross-site-vulnerabilities.html Skype is a proprietary voice-over-Internet Protocol service and software application originally created by Niklas Zennström, and owned by Microsoft since 2011.
The service allows users to communicate with peers by voice, video, and instant messaging over the Internet. Phone calls may be placed to recipients on the traditional telephone networks. Calls to other users within the Skype service are free of charge, while calls to landline telephones and mobile phones are charged via a debit-based user account system. Skype has also become popular for its additional features, including file transfer, and videoconferencing. Competitors include SIP and H.323-based services, such as Empathy, Linphone, Ekiga as well as the Google Talk service.
Skype has 663 million registered users as of September 2011. The network is operated by Microsoft, which has its Skype division headquarters in Luxembourg. Most of the development team and 44% of the overall employees of the division are situated in the offices of Tallinn and Tartu, Estonia.
I reported Cross Site Scripting Vulnerabilities on skype official website, i will update this post and share more information when they fix there problem. ….
Hackers claiming allegiance to the loose-knit Anonymous movement have claimed responsibility for vandalizing an Ohio FBI partner website, replacing its homepage with the video for rap hit "Gangsta's Paradise." The hackers said Friday that they were responsible for defacing the website of the Dayton, Ohio-based chapter of Infragard, a public-private partnership for critical infrastructure protection sponsored by the FBI. The Ohio site was replaced with the video for Coolio's 1995 rap hit and a profane message attacking Infragard as a "sinister alliance" between corporations and law enforcement. Anonymous has promised weekly hacks as the amorphous group continues its campaign against law enforcement worldwide.
The latest attack started on Wednesday, according to a Pastebin post on its website. Pastebin said it blocked 4,000 malicious IP addresses initially. But the attack grew. Pastebin said in Twitter messages that the number of attacking computers increased to 9,000, then to 12,000, then to 17,000 and up to 20,000.
"This number is growing by the minute," Pastebin wrote. By Thursday, Pastebin said some 22,000 computers were attacking it.
"These IP's are most likely from innocent people who have no clue that their computer is being used for this purpose," Pastebin said. "It is highly recommended that you always have up-to-date antivirus software installed and a good firewall active."
The website said it plans to publish a list of the attack IP addresses so people can check to see if their computer is infected with the botnet code. ….
Support our show by clicking here by making hosting donations:
Support our show by clicking here before you make your purchases on Amazon. You pay the same price and it helps us offset the costs of doing the show. US visitors, please use the following:
UK visitors, please use the following:
If you are unable to see any images above, turn off Ad Block.
