JohnBert writes: "As reported last week, LinkedIn had 6.5 million users' passwords leaked. The company is now working with the FBI to track down the party responsible for stealing their data. None of the member information has been published other than a small list of passwords themselves. LinkedIn director, Vicente Silveira, stated that the company has disabled passwords of members who they believe were at risk and that they "take this criminal activity very seriously so we are working closely with the FBI as they aggressively pursue the perpetrators of this crime.""
JohnBert writes: "British, Dutch, Finnish and Belgian judges and governments have been forcing ISPs to block The Pirate Bay and drop thepiratebay.org from their DNS servers. To avoid the blockade, The Pirate Bay has now enabled IPv6 and obtained a/32 block. This enables The Pirate Bay to simply change their IP address, which they can do another 18 quintillion times to avoid being blocked. It can be assumed that, at some point, ISPs and governments will give up trying to block The Pirate Bay."
JohnBert writes: "India is beefing up their cyber security capabilities to protect their national infrastructure from a Stuxnet-like attack. Prime minister, Manmohan Singh, is finalizing plans to give the Defense Intelligence Agency (DIA) and National Technical Research Organization (NTRO) the authorization to commit undisclosed offensive operations. Although not deliberate and no revealed serious damage was caused, India has already been hit by Stuxnet. This added initiative will increase security for the country that has been criticized in the past for having slow responses to DoS and web defacement attacks."
JohnBert writes: "A security bug in MariaDB and MySQL has been revealed, allowing a known username and password to access the master user table of a MySQL server and dump it into a locally-stored file. By using a tool like John the Ripper, this file can be easily cracked to reveal text passwords that can provide further access. By committing a threaded brute-force module that abuses the authentication bypass flaw to automatically dump the password database, you can access the database using the cracked password hashes even if the authentication bypass vulnerability is fixed."
JohnBert writes: "April 25, 2012 – Members of the Anonymous Collective have posted a single file from the VMware ESX source code and announced that they will release more of the code on May 5th. According to the hackers, they have downloaded over 300 Megabytes of source code. The leaked document includes internal VMWare communications. This security issue could have a widespread impact due to the number of organizations that run vSphere. The hacker known as Hardcore Charlie is taking credit for the leak of this information. The source of the leaked information is believed to be a Chinese firm that was compromised earlier this year."
JohnBert writes: "A great deal has been made lately about Botnetz and Command & Control (C&C) Architecture and for good reason. They are wily and today pose the greatest challenge to organizational security.
Botnetz and C&C tend to be hard to detect via signature approaches due to a number of factors. These include:
The large number of unique and one-off botz that operate as Zero day (no known signatures)
Use of Droppers for payload delivery. Droppers are pre-bot applications that are not malicious, but are used to retrieve the malicious applications based on some criteria.
Use of hard to detect algorithms to select predetermined fresh download points that thwart IP reputation systems.
Leveraging encrypted communications to bypass perimeter defenses and retain anonymity
All of this makes Botnetz/C&Cs very difficult to detect. Even if your organization has invested in tools specifically geared to identify such, Botmasters leverage their agility to adapt to static techniques used by these tools.
JohnBert writes: "I was working with a client at a mid-size carrier on their security operations process. On several occasions we identified threats on their threat management platform, however when we went to cross correlate this on their log server we could not find the event logs. This made me suspicious of their logging infrastructure. The customer never thought to be concerned since they were collecting 1 Gig of logs per hour, and as far as they knew there were no issues."
JohnBert writes: "Many top websites share their visitors' names, usernames or other personal information with their partners without telling users and, in some cases, without knowing they're doing it, according to a new study from Stanford University.
Many websites "leak" usernames to third-party advertising networks by including usernames in URLs that the ad networks can see in referrer headers, said the study, released Tuesday by Stanford Law School's Center for Internet and Society. While there's a debate in legal circles whether usernames are personal information, there's a growing consensus among computer scientists that Web-based companies can use usernames to identify their owners, said Jonathan Mayer, a Stanford graduate student who led the study.
Other websites share first names, email addresses and other information with advertising or other partners, Mayer said at a privacy conference in Washington. Those identifiers "get associated not just with what you're doing right now, but get associated with what you've done in the past, and what Web browsing activity you may have in the future," he said."
JohnBert writes: "The 4GB worth of email stolen by the LulzSec hacking group from The Sun tabloid site earlier this year are sitting on a server in China, according to "Sabu," the outfit's alleged leader. "We got them stashed on a Chinese storage server. Alongside the dumps of a whole bunch of hits we did," Sabu said during a question and answer session held on Reddit this weekend.
LulzSec kept corporate IT security departments on their toes for weeks back in May and June when the group randomly attacked many companies for fun. The hacking group said they disbanded on June 26, after 50 days of mayhem that left thousands of innocent users with their personal information and passwords exposed, only to re-emerge a month later.
On July 18, at a time when new revelations were being made in the News of the World phone hacking case, LulzSec attacked its sister publication, The Sun. The hackers managed to post a fake story on the newspaper's website and claimed to have copied its email database."
JohnBert writes: "Countries need to take steps to upgrade critical infrastructure for protection from attacks by cybercombatants or rival countries conducting cyberwarfare, security experts said at a panel discussion this week.
Critical infrastructure such as industrial systems, transportation and power grids are easy targets for cyberattacks and people responsible for IT and national security are worried about the future, said Eugene Kaspersky, founder of Kaspersky Lab, during a panel discussion that was part of the company's Endpoint Security 8 launch event in New York. Cyberattacks could cause massive damage to the tune of billions of dollars, he said.
Some attacks in recent memory such as Stuxnet, which hit industrial systems, and the Blaster worm, which possibly hurt the electrical grid on the U.S. East Coast, were damaging and exposed the weaknesses of national infrastructures, Kaspersky said. Countries like North Korea, China, the U.S. and South Korea, and organizations like NATO are establishing cybermilitary units to protect infrastructure and respond to attacks."
Huang said that the attackers used the Black Hole exploit kit to attack visitors to the site, but his team had not yet figured out what the malicious software that it installed was designed to do. Typically, criminals install malware to steal victims' passwords, pop up advertisements for fake antivirus software, or to create botnet computers that can be rented out to others.
Highly trafficked open-source websites such as MySQL.com have been hit hard in recent months. In the past weeks the Linux Foundation was forced to take a number of websites offline, including Kernel.org and Linux.com after a compromise. And MySQL.com itself was hit earlier this year."
JohnBert writes: "Security firms today warned Mac users of a new Trojan horse that masquerades as a PDF document. The malware, which was spotted by U.K.-based Sophos and Finnish antivirus vendor F-Secure, uses a technique long practiced by Windows attackers.
"This malware may be attempting to copy the technique implemented by Windows malware, which opens a PDF file containing a '.pdf.exe' extension and an accompanying PDF icon," said F-Secure today. That practice relies on what is called the "double extension" trick: adding the characters ".pdf" to the filename to disguise an executable file.
The Mac malware uses a two-step process, composed of a Trojan "dropper" utility that downloads a second element, a Trojan "backdoor" that then connects to a remote server controlled by the attacker, using that communications channel to send information gleaned from the infected Mac and receiving additional instructions from the hacker."
JohnBert writes: "Despite the increasing use of smartphones at work, more than one-third of companies still don't provide any support for personal phones or outright prohibit their use at the office. The reported data found that while 26% of the companies don't provide support for personal mobile phones and smartphones, another 10% prohibited use of personal devices, for a total of 36%.
Some companies have developed long sets of policies for when and how to support personal devices used by workers. The most progressive companies are investing in mobile device management software, available from many vendors, to track employee devices and the applications used on them. This software also has the ability to wipe sensitive data off a lost device.
Forrester said in a new research note that increasing numbers of employee-owned devices and questions of supporting them are "crippling" existing mobile strategies. The effect has led companies to rethink their strategies and to begin supporting both company-owned devices and those owned by employees."
JohnBert writes: "Microsoft re-released an update today for Windows XP to correct a snafu that left users vulnerable to potential "man-in-the-middle" attacks for most of last week. This update addressed a gaffe introduced last week when Microsoft blocked six additional root certificates issued by DigiNotar that were cross-signed by a pair of other certificate authorities (CAs).
Servers run by Dutch CA DigiNotar were hacked starting in June, and attackers stole over 500 SSL (secure socket layer) certificates, including many used by the Dutch government.
SSL certificates are used by websites and browsers to identify a site as legitimate — that gmail.com or hotmail.com are actually what they claim — and illegally-obtained certificates can be abused to disguise unauthorized domains using "man-in-the-middle" attacks to snoop on digital communications and harvest account credentials."
JohnBert writes: "StrikeForce Technologies, a small vendor of a keystroke encryption technology, is accusing Microsoft of not acting fast enough to fix a browser issue that it says is preventing StrikeForce's technology from working with Internet Explorer 9.
The problem was first reported to Microsoft, and acknowledged by the company, in April, said George Waller, executive vice president of StrikeForce. Since then, Microsoft has been saying it will fix the problem but has not gotten around to doing it yet, Waller said.
In an emailed statement, Microsoft told Computerworld that it is looking into the matter. "Our engineering team is actively investigating the claim that this third-party toolbar is no longer working in IE9; upon completion of that investigation, any necessary updates will be provided," the company said."