Security News May 2011

Advanced Persistent Tweets: Zero-Day in 140 Characters

http://krebsonsecurity.com/2011/05/advanced-persistent-tweets-zero-day-in-140-characters/

Interesting report on “a Chinese hacker”  bragging about zero-day attacks.

Sony Online loses 12,700 credit card account numbers, 24.6 million accounts compromised [update]

http://www.joystiq.com/2011/05/02/sony-hit-with-second-attack-loses-12-700-credit-card-nu/

A second hack has occurred.

Bruce Schneier’s TED talk on security trade-offs

http://www.ted.com/talks/bruce_schneier.html?awesm=on.ted.com_Schneier

Bruce always has an interesting view on security. This one discusses how we react and evaluate security.

Crimeware Kit Emerges for Mac OS X

http://threatpost.com/en_us/blogs/crimeware-kit-emerges-mac-os-x-050211

“Crimeware kits have become a ubiquitous part of the malware scene in the last few years, but they have mainly been confined to the Windows platform. Now, reports are surfacing that the first such kit targeting Apple’s Mac OS X operating system has appeared.”

Best Buy Suffers Second Email Breach

Epsilon hack victim’s customer emails exposed yet again — via a different vendor

http://www.darkreading.com/database-security/167901020/security/attacks-breaches/229402808/best-buy-suffers-second-email-breach.html

“The Best Buy spokesman noted that the second breach was similar to that of Epsilon’s”

The X Factor hit by database breach, leading to quarter of a million personal details being stolen

http://www.scmagazineuk.com/the-x-factor-hit-by-database-breach-leading-to-quarter-of-a-million-personal-details-being-stolen/article/202078/

“The personal details of 250,000 The X Factor hopefuls may have been compromised following a database hack. A Fox network spokesperson confirmed that no financial information was accessed”

Bin Laden Death Triggers Cyber Scams

http://www.techweb.com/news/229402787/bin-laden-death-triggers-cyber-scams.html

As expected. There are many other links as well.

Five Biggest Recipients Of Corporate Tax Breaks Spent $8 Million In 2010 Elections (UPDATED)

http://www.huffingtonpost.com/2011/05/03/recipients-corporate-tax-breaks-elections_n_856630.html

GE is listed as one of the top 5 companies that received a tax break.

Other references regarding lobbying include

http://www.opensecrets.org/orgs/list.php?order=A

http://www.opensecrets.org/orgs/totals.php?cycle=2010&id=D000000125

Sony notes deception in their attack

http://www.scmagazineuk.com/sony-blames-anonymous-for-playstation-hack-but-confirms-it-has-not-identified-those-responsible/article/202140/

“Hirai went on to claim that the breach occurred at the same time as the DoS attack, which was not immediately detected because of its ‘sheer sophistication’ and because a ‘system software vulnerability’ was exploited.”

An example of  deceptive hacking – Bruce

North Korea hackers blamed for bank crash in South

http://www.globalpost.com/dispatch/news/regions/asia-pacific/south-korea/110504/north-korea-hackers-kim-jong-ill

Michael Stores reports PIN pad attack in Chicago, according to email I just received.

Lastpass forces everyone to change their master password after a hack.

http://www.pcworld.com/article/227268/exclusive_lastpass_ceo_explains_possible_hack.html#tk.twt_pcw

This may not be necessary, but the CEO felt it is best to be conservative regarding security.  – Bruce

Scammers Swap Google Images for Malware

http://krebsonsecurity.com/2011/05/scammers-swap-google-images-for-malware/

Homeland Security Demands Mozilla Remove Firefox Extension That Redirects Seized Domains

http://www.techdirt.com/articles/20110505/14444714170/homeland-security-demands-mozilla-remove-firefox-extension-that-redirects-seized-domains.shtml

Latvian energy grid hacked? Chinese hacking group claims responsibility all details; keys, rules.

http://seclists.org/fulldisclosure/2011/May/85

This is the URL to the bragging

The third Sony hack

http://mobile.reuters.com/article/idUSL3E7G701T20110507?irpc=932

http://www.thehackernews.com/2011/05/thn-hacker-news-exclusive-report-on.html

Vulnerability in Skype exposes MacOS to worm

http://www.networkworld.com/news/2011/050611-skype-to-fix-wormable-bug.html?source=nww_rss

Congress Bans Scientific Collaboration with China, Cites High Espionage Risks

http://blogs.forbes.com/williampentland/2011/05/07/congress-bans-scientific-collaboration-with-china-cites-high-espionage-risks/

“The clause prohibits the White House Office of Science and Technology Policy (OSTP) and the National Aeronautics and Space Administration (NASA) from coordinating any joint scientific activity with China.”

Renren (China’s equivalent to Facebook) Changes Key User Figure Before IPO

http://online.wsj.com/article/SB10001424052748704729304576286903217555660.html?KEYWORDS=renren

“Chinese social-networking company Renren Inc., which is hoping to raise $584 million in a public listing on the New York Stock Exchange, revised a key user number in its prospectus, highlighting the murkiness of data in China’s high-flying Internet sector.”

Phishing Becomes More Sophisticated

http://www.networkworld.com/news/2011/050911-phishing-becomes-more.html?source=nww_rss

“Organized cybercrime groups are using convincingly crafted emails to target high-level executives and employees within the organizations they want to attack. In many cases, the phishing emails are personalized, localized and designed to appear as though they originated from a trusted source. ”

Some pen test  experts say they are 70% successful for each individual email. – Bruce

The hackers hacked: main Anonymous IRC servers invaded

http://arstechnica.com/tech-policy/news/2011/05/the-hackers-hacked-main-anonymous-irc-servers-seized.ars

OpenID warns of ‘psychic paper’ authentication attack

http://www.theregister.co.uk/2011/05/09/openid_security_bug/

Baddies can modify cross-site personal data … though no one has yet

Vulnerabilities in Online Payment Systems

http://www.schneier.com/blog/archives/2011/05/vulnerabilities_2.html

Paypal –based authentication flaw with third party

CS2: A Semantic Cryptographic Cloud Storage System

http://research.microsoft.com/apps/pubs/default.aspx?id=148632

“This paper presents CS2, a cryptographic cloud storage system that provides provable guarantees of confidentiality, integrity, and verifiability without sacrificing utility. In particular, while CS2 provides security against the cloud provider, clients are still able to efficiently access their data through a search interface and to add and delete files. ”

Metasploit 3.7 Takes Aim at Apple iOS

http://www.esecurityplanet.com/news/article.php/3932861/Metasploit-37-Takes-Aim-at-Apple-iOS.htm

“The Metasploit 3.7 release provides an enhanced session tracking backend that is intended to improve performance. Metasploit 3.7 also provides over 35 new exploit modules for security researchers to test, including new ones designed to test Apple’s iOS mobile operating system security”

Backtrack 5 released

http://www.backtrack-linux.org/

Backtrack is an exploitation distribution. The maintainers said on Twitter that they DoS on server the night before. Bruce

Google’s South Korea Office Raided over Location Privacy

http://www.eweek.com/c/a/Search-Engines/Googles-South-Korea-Office-Raided-Over-Location-Privacy-398433/

“Google’s South Korean office was raided by police in that country over the use of location data in its AdMob mobile ad platform, which delivers ads on Android handsets and tablets.”

Breach at Michaels Stores extends nationwide. 70 hacked PIN pads found in stores from DC to West Coast

http://krebsonsecurity.com/2011/05/breach-at-michaels-stores-extends-nationwide/

Facebook Applications Accidentally Leaking Access to Third Parties

http://www.symantec.com/connect/blogs/facebook-applications-accidentally-leaking-access-third-parties

Unpatched DLL bugs let hackers exploit Windows 7 and IE9, says researcher

http://www.computerworld.com/s/article/9216483/Unpatched_DLL_bugs_let_hackers_exploit_Windows_7_and_IE9_says_researcher?taxonomyId=17&pageNumber=1

Problematic Certificates

http://www.f-secure.com/weblog/archives/00002155.html

Nothing new – just a discussion of the problem with certificates

Two Zero-Day Flaws Used To Bypass Google Chrome Security

French researchers say they hacked their way out of browser’s sandbox, bypassed DES and ASLR

http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/229403161/two-zero-day-flaws-used-to-bypass-google-chrome-security.html

Google responds

http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/229500054/google-vupen-spar-over-chrome-hack.html

NASA, Stanford Hacked by Software Scammers

http://www.foxnews.com/scitech/2011/05/10/nasa-stanford-hit-software-scammers/

Shady online salesmen offering cheap Adobe software have hacked into several Web pages belonging to NASA and Stanford University.

Database of Fox Employees’ Passwords and Emails Leaked

http://gawker.com/5800366/database-of-fox-employees-passwords-and-emails-leaked

Finally Source code of ZeuS Botnet Version: 2.0.8.9 available for Download !

http://www.thehackernews.com/2011/05/finally-source-code-of-zeus-crimeware.html

Security Fixes for Microsoft Windows, Office

http://krebsonsecurity.com/2011/05/security-fixes-for-microsoft-windows-office/

“Microsoft issued just two updates today to fix at least three security flaws in its Windows and Microsoft Office products, a merciful respite following last month’s record-setting patch push. One of the patches issued today earned a critical rating, the company’s most serious.”

Preventive and protective measures against insider threats in nuclear facility

http://www-pub.iaea.org/MTCD/publications/PDF/Pub1359_web.pdf

Facebook worm w/cut&paste javascript

http://blog.trendmicro.com/dubious-javascript-code-found-in-facebook-application/

Businesses Need to Look at Security as a Military Operation

http://www.pcworld.com/businesscenter/article/227678/businesses_need_to_look_at_security_as_a_military_operation.html

“Businesses need to look at security as a military exercise and can benefit from strategies that have proved useful in battle, a former military security expert told an Interop audience this week”

Exposing the Lack of Privacy in File Hosting Services

http://www.usenix.org/event/leet11/tech/full_papers/Nikiforakis.pdf

File hosting services like Rapidshare provide an apparently obscure and secret way to exchange files. Not so. The URL’s are guessable, and being actively examined by third parties.

ActiveX Flaw Affecting SCADA systems

http://isc.sans.edu/diary/ActiveX+Flaw+Affecting+SCADA+systems/10873

“If you are running a power plant, a refinery or any other system using ICONICS’ GENESIS32 and BizViz software[[…]please patch your plant.”

Amazon.com Server Said to Have Been Used in Sony Network Attack

http://www.businessweek.com/news/2011-05-14/amazon-com-server-said-to-have-been-used-in-sony-network-attack.html

Not surprising, as a stolen credit card can be used to create untraceable accounts.

Critical Flash Player Update Plugs 11 Holes

http://krebsonsecurity.com/2011/05/critical-flash-player-update-plugs-11-holes/

Final Fantasy maker Square Enix hacked

http://www.bbc.co.uk/news/technology-13394968

Hackers have broken into two websites belonging to Japanese video games maker Square Enix.

Pentesting Vulnerable Study Frameworks Complete List

http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/

Useful list of tools and links for pentesters – Bruce

More details and theories on the Sony PSN hack

http://www.theregister.co.uk/2011/05/13/veracode_playstaion_hack_analysis/

And then it came up, and went down again.

Review of various password managers

http://blog.danielfischer.com/2011/05/12/its-time-to-start-using-a-password-manager/

Killerbee is an exploitation for 802.15.4/ZigBee sensor networks

http://code.google.com/p/killerbee/

Stuxnet: How It Happened

http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/229500805/stuxnet-how-it-happened-and-how-your-enterprise-can-avoid-similar-attacks.html

The paper recommendations:

* prevent unauthorized media

* Use host-based firewalls to disable P2P protocols

* Use tripwire, etc. to detect unauthorized changes

Qakbot Virus Causes Possible Data Breach at Mass. Agencies

http://threatpost.com/en_us/blogs/qakbot-virus-causes-possible-data-breach-mass-agencies-051811

“An untold number of computers at the Massachusetts Department of Unemployment Assistance and Department of Career Services were compromised in April, leading state officials to warn hundreds of thousands of people that their personal information may have been stolen as part of the attack.”

Code wars

http://www.cnbc.com/id/42210831/

CNBC’s “Code Wars”, hosted by Melissa Lee, takes you onto the frontlines of the war on cyber. Cyber attacks are almost impossible to trace, making cyber crime and acts of cyber warfare the ultimate anonymous crime. So how do we protect our systems whose components are largely manufactured abroad? Can our nation’s infrastructure be protected from cyber attacks? And how can the U.S. win a war in which conventional rules of combat do not apply? CNBC tackles the tough questions in “Code Wars: America’s Cyber Threat.”

TV show is Thursday May 26th

Hack Targets NASA’s Earth Observation System

http://threatpost.com/en_us/blogs/hack-targets-nasas-earth-observation-system-051711

A hacker is claiming that a security hole in a server at NASA’s Goddard Space Flight Center has exposed data related to a satellite-based Earth observation system used to aid in disaster relief.

Executives underestimate cybercrime danger

http://www.dw-world.de/dw/article/0,,15083403,00.html?maca=en-rss-en-top-1022-xml-atom

“However, Ernst & Young found a remarkable contradiction in its poll. While 94 percent of those leaders surveyed talked about the growing danger of cybercrime, 38 percent said they thought the threat to their own firm was rather small.”

SCADA hack talk canceled after U.S., Siemens request

http://news.cnet.com/8301-27080_3-20064112-245.html

A security research cancelled his talk  by request of DHS and Siemens.

And the related post:

Siemens working on vulnerability that threatens critical infrastructure

http://www.gsnmagazine.com/article/23386/siemens_working_vulnerability_threatens_critical_i

Hackers attack Norwegian Defense

http://www.norwaypost.no/news/hackers-attack-norwegian-defence-25222.html

U.S. Infrastructure Is Vulnerable to Cyber Attack, but No One Will Do Anything

http://www.bnet.com/blog/technology-business/us-infrastructure-is-vulnerable-to-cyber-attack-but-no-one-will-do-anything/4568

Protecting Your Industrial Control System from Zero-Day Attacks

http://scadahacker.com/factorylink-video.html

NIST publishes BIOS recommendations

http://csrc.nist.gov/publications/nistpubs/800-147/NIST-SP800-147-April2011.pdf

Sony hacked again/Phishing

http://thenextweb.com/industry/2011/05/20/sony-hacked-again-this-time-its-not-its-playstation-network/

Hackers Infiltrate Sony So-net Subsidiary, Steal $1,125 in Points

http://www.pcmag.com/article2/0,2817,2385715,00.asp

“To So-net’s credit, whatever security system the company employs for its point system did manage to hold for quite a bit of time. That, or the hackers really had no other strategies other than what appears to be a brute-force attack on accounts. It allegedly took the attackers more than 10,000 different attempts before they were finally successful in accessing So-net’s system. “

Sony BMG Greece the latest hacked Sony site

http://nakedsecurity.sophos.com/2011/05/22/sony-bmg-greece-the-latest-hacked-sony-site/

This makes the 7th attack on Sony. -Bruce

Common Vulnerability Reporting Framework

http://isc.sans.edu/diary/Common+Vulnerability+Reporting+Framework+CVRF+/10900

Cyber-security legislation sent to Congress by President

http://www.gsnmagazine.com/article/23319/cyber_security_legislation_sent_congress_president

and another view:

Congress Just Sold You Out: Leadership Plans To Extend Patriot Act For Four Years With NO Concessions

http://www.techdirt.com/articles/20110519/13502414343/congress-just-sold-you-out-leadership-plans-to-extend-patriot-act-four-years-with-no-concessions.shtml

Credit processors targeted in fight against spam

http://www.theregister.co.uk/2011/05/23/spam_economics/

“The researchers have discovered that the vast majority (95 per cent) of the credit card payments to unlicensed pharmaceutical sites are handled by just three payment processing firms – based in Azerbaijan, Denmark and Nevis, in the West Indies, respectively.”

There is also a 16-page paper “Click Trajectories: End-to-End Analysis of the Spam Value Chain” referenced

Researchers find irreparable flaw in popular CAPTCHAs

Decaptcha pierces Live.com, Yahoo!, Digg

http://www.theregister.co.uk/2011/05/23/microsoft_yahoo_captchas_busted/

“Decaptcha is a two-phase audio-CAPTCHA solver that correctly breaks the puzzles with a 41-percent to 89-percent success rate on sites including eBay, Yahoo, Digg, Authorize.net, and Microsoft’s Live.com. The program works by removing background noise from the audio files, allowing only the spoken characters needed to complete the test to remain.”

The creator of the “Great Firewall of China” was pelted with shoes

http://packetstormsecurity.org/news/view/19192/Chinas-Great-Firewall-Creator-Pelted-With-Shoes.html

“While many of China’s estimated 477 million internet users appear largely indifferent to the firewall because they use almost solely domestic sites and services, a growing number of young people are frustrated by curbs that not only prevent them accessing foreign news and social media sites, but increasingly make it hard or even impossible to use apparently uncontroversial sites, such as the Internet Movie Database (IMDb).”

Google notes that SSL False Start negotiation increases https connect time by 30%

http://blog.chromium.org/2011/05/ssl-falsestart-performance-results.html

Google has been verifying this in their Chrome browser.

9th attack on Sony

http://www.thehackernews.com/2011/05/lulzsec-leak-sonys-japanese-websites.html

False Positives – The Dirty Secret of the Web Security Scanning Industry

http://www.mavitunasecurity.com/blog/false-positives-the-dirty-secret-of-the-web-security-scanning-industry/

When using automated tools to test a web application for security, there are large number of false positives which must be manually and tediously examined. If the skill of the white hat pen tester is limited, they may overlook real vulnerabilities by assuming it’s a false positive.

Alienvault announces a SCADS SIEM (Security and Information Event Management)

http://alienvault.com/products/industrial-control-system-siem

A demo is coming soon. Alienvault had a VM image of their original SIEM that was impressive.

Senate debates president’s power during cyber-attack

http://www.washingtontimes.com/news/2011/may/23/senate-debates-presidents-power-during-cyber-attac/

“The Senate Homeland Security and Governmental Affairs Committee held a hearing on the administration’s legislative proposal, announced two weeks ago, that would rely on a pre-World War II radio emergency law to provide the president with authority to protect key computer and communication networks — like those mainly in private hands that run power grids, phone systems and banking services — from a cyber-attack.”

More news about the SCADA/Siemens hack that was cancelled at the last minute

http://www.networkworld.com/news/2011/052311-a-botched-fix-not-legal.html

For the next two days speculation swirled as to whether DHS weighed in with a heavy hand to pull the talk, or if Siemens threatened legal action against the security firm. “That’s not what happened here,” says Vik Phatak, chief technology officer at NSS Labs. “Siemens found out, near the last minute, that the mitigation they had planned didn’t work. It could be bypassed,” Phatak says.

Related: http://threatpost.com/en_us/blogs/metasploit-holding-siemens-exploits-052311

The exploits are ready to be released into the Metaspolit framework.

Hotmail Exploit Has Been Silently Stealing E-mail

http://www.darknet.org.uk/2011/05/hotmail-exploit-has-been-silently-stealing-e-mail/

The latest news is there has been a nasty bug in Hotmail for a while that has been actively exploited allowing malicious senders to snoop on e-mail and even add forwarding rules to the victim account.

negative reaction to Siemens for their reaction to discovery of security flaws in their SCADA equipment.

http://www.securitycurve.com/wordpress/archives/4164

http://threatpost.com/en_us/blogs/researcher-says-siemens-downplaying-serious-scada-holes-052411

http://ht.ly/51LPs

UPDATE 2-U.S. government warns about Siemens security flaw

http://www.reuters.com/article/2011/05/24/siemens-security-idUSN2428619720110524

“But a spokesman for Siemens denied any fault, saying company officials are in a better position to assess potential security risks than researchers from an outside firm.”

I think this is a grave error on Siemens part, because it erodes confidence in their company – especially their denial of any problem.

Bruce Schneier discusses this here

http://www.schneier.com/blog/archives/2011/05/new_siemens_sca.html

I believe each company should have a “dry run” exercise to see how they will handle such an event. All public statements regarding security should be carefully managed, to prevent a public relations disaster. There should be a policy, and everyone should know what that policy is.

Vulnerabilities on Cisco Device

http://www.isssource.com/vulnerabilities-on-cisco-devices/

Cisco network equipment is still vulnerable to a single security vulnerability flaw nearly two years after the company issued a patch, according to an analysis of network scans by Dimension Data for its 2011 Network Barometer Report.

MacOS

I haven’t been reporting this, but Apple malware has been in the news. First a IOS Malware generation package was released, along with MacOS plugins for Metasploit, which makes writing malware for IOS easier. Next, Mac users have been tricked to install malware, named “Mac Defender”,  masquerading as an anti-virus package. , Apple,  as their policy, refuses to tell infected users how to remove the malware. Now Apple is issuing an OS update, but the malware authors are modifying the malware to defeat Apple’s response.

http://blogs.pcmag.com/securitywatch/2011/05/mac_defender_20_released.php

http://www.us-cert.gov/current/index.html#apple_mac_defender_macprotector_and

And now a Russian company has released a toolkit to decrypt MacOS’s full disk encryption

http://www.h-online.com/security/news/item/ElcomSoft-cracks-iOS-encryption-system-1250526.html

And now we know more about the people behind the MacDefender malware: ChronoPay

http://krebsonsecurity.com/2011/05/chronopay-fueling-mac-scareware-scams/

Bank of America Breach

http://www.latimes.com/business/la-fi-lazarus-20110524,0,1687635.column

An inside employee leaked personal account information that cost $10 million in damages. They have arrested 95 suspects, and apparently it took a year before BofA told their customers that thieves have been siphoning money from the customers  bank accounts.

Microsoft finds 427K email addresses on knocked-out Rustock server

http://www.networkworld.com/news/2011/052411-microsoft-finds-427k-email-addresses.html?source=nww_rss

US Cert has released Common Cybersecurity Vulnerabilities in Industrial Control Systems

http://www.us-cert.gov/control_systems/pdf/DHS_Common_Cybersecurity_Vulnerabilities_ICS_2010.pdf

Vendor backdoors in Siemens, HP, and  Allied Telesis

https://threatpost.com/en_us/blogs/hardware-vendor-offers-backdoor-every-product-052611

Lockheed network hit by major disruption: sources

http://www.nw32.com/business/sns-rt-us-lockheed-networktre74p7u3-20110526,0,5678682.story

http://www.reuters.com/article/2011/05/26/lockheed-network-idUSN2613783420110526

Congress approves extension of USA Patriot Act provisions

http://www.washingtonpost.com/politics/senate-approves-extension-of-patriot-act-provisions/2011/05/26/AGGgXICH_story.html?wprss=rss_politics

Advertisements
This entry was posted in Hacking, Politics, Security, Technology. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s