outofluck70 writes: Got an email today from Microsoft, text is below. They are no longer going to send out emails regarding patches, you have to use RSS or keep visiting their security sites. They blame "governmental policies" as the reason. What could the real reason be? Anybody in the know?
From the email:
******************************************************************** Title: Microsoft Security Notifications Issued: June 27, 2014 ********************************************************************
Notice to IT professionals:
As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following:
* Security bulletin advance notifications * Security bulletin summaries * New security advisories and bulletins * Major and minor revisions to security advisories and bulletins
In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website.
The new data was released by the Office of the Director of National Intelligence on Friday as part of its effort to comply with a directive from President Obama to declassify and release as much information as possible about a variety of tools that the government uses to collect intelligence. The directive came in the immediate aftermath of the first revelations by former NSA contractor Edward Snowden about the agency’s capabilities, methods and use of legal authorities.
The use of NSLs is far from new, dating back several decades. But their use was expanded greatly after 9/11 and NSLs are different from other tools in a number of ways, perhaps most importantly in the fact that recipients typically are prohibited from even disclosing the fact that they received an NSL. Successfully fighting an NSL is a rare thing, and privacy advocates have been after the government for years to release data on their use of the letters and the number of NSLs issued. Now, the ODNI is putting some of that information into the public record.
msm1267 writes: Controversial spyware commercially developed by Italy’s HackingTeam and sold to governments and law enforcement for the purpose of surveillance, has a global command and control infrastructure and for the first time, security experts have insight into how its mobile malware components work.
Collaborating teams of researchers from Kaspersky Lab and Citizen Lab at the Monk School of Global Affairs at the University of Toronto today reported on their findings during an event in London. The breadth of the command infrastructure supporting HackingTeam’s Remote Control System (RCS) is extensive, with 326 servers outed in more than 40 countries; the report also provides the first details on the inner workings of the RCS mobile components for Apple iOS and Android devices.
msm1267 writes: Much like the Year of PKI that has never come to be, information sharing has been one of security’s more infamous non-starters. While successful in heavily siloed environments such as financial services, enterprises industry-wide are hesitant to share threat and security data for fear of losing a competitive edge or exposing further vulnerabilities.
Microsoft hopes the latest tweak to its Microsoft Active Protections Program (MAPP) will calm the waters a bit and engage companies and industries to share threat data in an effort to stem the effects of targeted and persistent attacks and speed up incident response recovery.
A private preview is scheduled to open this week for Microsoft Interflow, a distributed platform for information exchange that is built on open specifications such as the Structured Threat Information eXpression (STIX), the Trusted Automation eXchange of Indicator Information (TAXII), and the Cyber Observable eXpression standards (CybOX). Today’s announcement comes 11 months after Microsoft expanded MAPP, its vendor partner information-sharing program to include incident responders.
msm1267 writes: Much has been written about the insecurity of the IPMI protocol present inside embedded baseboard management controllers (BMCs). Serious vulnerabilities can be exploited to gain remote control over big servers running BMCs, in particular in hosting environments where the controllers help admins with remote management of crucial industrial functions, for example. And despite alerts and warnings from prominent figures in computer security such as Dan Farmer and HD Moore, and patches from vendors, the news keeps getting worse.
The security incident response team for San Diego-based cloud-based hosting provider CARI.net yesterday disclosed that a file storing passwords in plain text is open over port 49152. Close to 32,000 vulnerable systems responded to a GET/PSBlock query on the Shodan search engine over port 49152; more than 9.8 million hosts responded in total.
“You can quite literally download the BMC password file from any UPnP enabled Supermicro motherboard running IPMI on a public interface,” said Zachary Wikholm, senior security engineer with CARI.net.
The PSBlock password file is found in a XML file stored inside a particular directory, Wikholm said, adding that he notified Supermicro of the issue in November to no avail. Wikholm said anything stored in the directory, including server.pem files, wsman admin passwords and netconfig files, are available.
The results toss a big bucket of cold water on long-standing security awareness training advice that urges people not to trust third-party downloads from unknown sources in order to guard the sanctity of their computer. A Hershey bar or a Kennedy half-dollar, apparently, sends people spiraling off course pretty rapidly and opens up a potential new malware distribution channel for hackers willing to compensate users.
The study was released recently in a paper called: “It’s All About The Benjamins: An empirical study on incentivizing users to ignore security advice.” While fewer than half of the people who viewed the task actually ran the benign executable when offered a penny to do so, the numbers jumped to 58 percent when offered 50 cents, and 64 percent when offered $1.
msm1267 writes: A new banking Trojan has surfaced on hacker forums called Pandemiya. While the malware offers many of the same features criminals would find in Zeus, Citadel or Carberp, the malware is a completely new offering, a yearlong project, written from scratch featuring more than 25,000 lines of original C code.
msm1267 writes: If enterprises are indeed moving services off premises and into the cloud, there are four letters those companies’ IT organizations should be aware of: IPMI.
Short for Intelligent Platform Management Interface, these tiny computers live as an embedded Linux system attached to the motherboards of big servers from vendors such as IBM, Dell and HP. IPMI is used by a Baseboard Management Controller (BMC) to manage Out-of-Band communication, essentially giving admins remote control over servers and devices, including memory, networking capabilities and storage. This is particularly useful for hosting providers and cloud services providers who must manage gear and data in varied locations.
Noted researchers Dan Farmer, creator of the SATAN vulnerability scanner, and HD Moore, creator of Metasploit, have been collaborating on research into the vulnerabilities present in IPMI and BMCs and the picture keeps getting uglier. Last July, Farmer and Moore published some research on the issue based upon work Farmer was doing under a DARPA Cyber Fast Track Grant that uncovered a host of vulnerabilities, and Internet-wide scans for the IPMI protocol conducted by Moore.
Yesterday, Farmer released a paper called “Sold Down the River,” in which he chastises big hardware vendors for ignoring security vulnerabilities and poor configurations that are trivial to find and exploit.
msm1267 writes: A cryptanalysis of TrueCrypt will proceed as planned, said organizers of the Open Crypto Audit Project who announced the technical leads of the second phase of the audit and that there will be a crowdsourcing aspect to phase two. The next phase of the audit, which will include an examination of everything including the random number generators, cipher suites, crypto protocols and more, could be wrapped up by the end of the summer.
The data could be extracted by gaining access to the read-only public SNMP community string, which enables outside access to device information. While only vulnerabilities in three brands were disclosed today, a Shodan search turns up potentially hundreds of thousands of devices that are exposing SNMP to the Internet that could be equally vulnerable.
Facebook said it believes STARTTLS support has achieved “critical mass,” and backs that up with data that indicates 76 percent of unique MX (mail exchange) hostnames that receive email from Facebook, such as notifications, support the extension. Facebook said that 58 percent of its notification email messages were successfully encrypted and that certificate validation passed for about half of the encrypted email. The other half were opportunistically encrypted, Facebook said.
Decades-old RSA-based handshakes don’t cut it anymore, according to experts, who are anxious to put a modern protocol in place, one that can fend off an intense commitment from cybercriminals and intelligence agencies to snoop and steal data. The consensus is to support Diffie-Hellman Exchange or Elliptic Curve Diffie-Hellman Exchange, both of which support perfect forward secrecy, which experts are urging developers and standards-bearers to instill as a default encryption technology in new applications and build-outs.
msm1267 writes: Microsoft announced it will release an out-of-band security update today to patch a zero-day vulnerability in Internet Explorer, and that the patch will also be made available for Windows XP machines through Automatic Update. At the same time, researchers said they are now seeing attacks specifically targeting XP users.
Microsoft no longer supports XP as of April 8, and that includes the development and availability of security updates. But the about-face today speaks to the seriousness of the vulnerability, which is being exploited in limited targeted attacks, Microsoft said.
Researchers at FireEye, meanwhile, said multiple attackers are now using the exploit against XP machines, prompting the inclusion of XP systems in the patch.
msm1267 writes: DNS service provider UltraDNS dealt with a DDoS attack for most of yesterday. Parent company Neustar announced late yesterday that it had mitigated the attack for most of its customers, but Western U.S. customers were still down. Meanwhile, the SANS Institute received reports from UltraDNS customers that a 100 Gbps DDoS attack was causing latency issues.
curtwoodward writes: Amazon is well-established as an e-commerce and cloud computing pioneer. So why do its ambitions include a bigger push into consumer electronics, including a long-rumored leap into the very competitive smartphone market? In a word, control — of data, consumer profiles, and royalties on purchases.