Notices
General Discussion and Debate Discuss, Debate, and Converse with other Honda-Tech members in a mature, intelligent manner.
Sponsored by:
Sponsored by:

Today in InfoSec

 
Old 12-11-2014, 06:17 AM
  #51  
0x5359-0055
Thread Starter
 
213374U's Avatar
 
Join Date: Feb 2005
Location: Texas doe, they do everything big. u mad?
Posts: 5,758
Default Re: Today in InfoSec

213374U is offline  
Old 12-18-2014, 08:37 AM
  #52  
0x5359-0055
Thread Starter
 
213374U's Avatar
 
Join Date: Feb 2005
Location: Texas doe, they do everything big. u mad?
Posts: 5,758
Default Re: Today in InfoSec

This could have been bad....

Global Internet Authority ICANN Has Been Hacked

Originally Posted by Article Text
The Internet Corporation for Assigned Names and Numbers (ICANN) has been hacked by unknown attackers that allowed them to gain administrative access to some of the organization's systems, the organization confirmed.

The attackers used "spear phishing" campaign to target sensitive systems operated by ICANN and sent spoofed emails disguised as internal ICANN communications to its staff members. The link in the emails took the staff to bogus login page, where they provided their usernames and passwords with the keys to their work email accounts.

The data breach began in late November 2014 and was discovered a week later, ICANN, which oversees the Internet's address system, said in a release published Tuesday. ICANN is the organization that manages the global top-level domain system.

"We believe a 'spear phishing' attack was initiated in late November 2014," Tuesday's press release stated. "It involved email messages that were crafted to appear to come from our own domain being sent to members of our staff. The attack resulted in the compromise of the email credentials of several ICANN staff members."

With those details, the hackers then successfully managed to access a number of systems within ICANN, including the Centralized Zone Data System (CZDS), the wiki pages of the ICANN Governmental Advisory Committee (GAC), the domain registration Whois portal, and the ICANN blog.

The CZDS is a service used by domain registries and other interested parties to request access to the DNS root zone files and sensitive data associated with users’ online accounts. This provided hackers access to zone files and sensitive information such as names, postal addresses, email addresses, fax and phone numbers, usernames and cryptographically hashed passwords of account holders who used those systems.

The zone files contain sensitive and valuable information, including domain names, the name server names associated with those domains and the IP addresses for the name servers.

In an email sent to every CZDS user, ICANN has warned that "the attacker obtained administrative access to all files in the CZDS including copies of the zone files in the system. The information you provided as a CZDS user might have been downloaded by the attacker. This may have included your name, postal address, email address, fax and telephone numbers, and your username and password."

Since the passwords were salted cryptographic hashes that are unlikely to use by the attacker, but ICANN is urging users to immediately change their accounts passwords just to be on the safer side. The organization is also providing notices to users whose personal information may have been compromised.

The organization has found no evidence of compromise of any Internet Assigned Numbers Authority (IANA) systems and the other systems. The IANA is also a part of ICANN which performs the actual management of the DNS root zone, globally-unique names and numbers.
"Based on our investigation to date, we are not aware of any other systems that have been compromised, and we have confirmed that this attack does not impact any IANA-related systems," ICANN stated.

ICANN had implemented enhanced security measures earlier this year, which likely helped prevent further damage from the cyber-attack, the officials investigating the issue said.
213374U is offline  
Old 12-19-2014, 11:58 AM
  #53  
0x5359-0055
Thread Starter
 
213374U's Avatar
 
Join Date: Feb 2005
Location: Texas doe, they do everything big. u mad?
Posts: 5,758
Default Re: Today in InfoSec

Hackers Can Read Your Private SMS and Listen to Phone Calls

Security researchers have discovered a massive security flaw that could let hackers and cybercriminals listen to private phone calls and read text messages on a potentially vast scale – no matter if the cellular networks use the latest and most advanced encryption available.

The critical flaw lies in the global telecom network known as Signal System 7 that powers multiple phone carriers across the world, including AT&T and Verizon, to route calls, texts and other services to each other. The vulnerability has been discovered by the German researchers who will present their findings at a hacker conference in Hamburg later this month.

"Experts say it's increasingly clear that SS7, first designed in the 1980s, is riddled with serious vulnerabilities that undermine the privacy of the world's billions of cellular customers," said The Washington Post, which first uncovered flaws in the system earlier this year.

NUMBER OF SECURITY FLAWS IN SS7
SS7 or Signaling System Number 7 is a protocol suite used by most telecommunications operators throughout the world to communicate with one another when directing calls, texts and Internet data. It allows cell phone carriers to collect location information from cell phone towers and share it with each other. A United States carrier will find its customer, no matter if he or she travels to any other country.

According to the security researchers, the outdated infrastructure of the SS7 makes it very easy for hackers to hack, as it is loaded with some serious security vulnerabilities which can lead to huge invasions of privacy of the billions of cellular customers worldwide.

"The flaws discovered by the German researchers are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network," the report reads.

BACKDOOR OPEN FOR HACKERS
So far, the extent of flaws exploited by hackers have not been revealed, but it is believed that using the flaws hackers can locate or redirect users' calls to themselves or anywhere in the world before forwarding to the intended recipient, listen to calls as they happen, and record hundreds of encrypted calls and texts at a time for later decryption.

No matter how much strong or advanced encryption the carriers are using, for example AT&T and Verizon use 3G and 4G networks for calls, messages, and texts sent from people within the same network, but the use of that old and insecure SS7 for sending data across networks the backdoor open for hackers.

Not just this, use of SS7 protocol also makes the potential to defraud users and cellular carriers, according to the researchers.

ACLU – STOP USING TELEPHONE SERVICE, BUT WAIT!! IS THAT POSSIBLE?
The American Civil Liberties Union (ACLU) has also warned people against using their handset in light of the breaches.

"Don't use the telephone service provided by the phone company for voice. The voice channel they offer is not secure," principle technologist Christopher Soghoian told Gizmodo. "If you want to make phone calls to loved ones or colleagues and you want them to be secure, use third-party tools. You can use FaceTime, which is built into any iPhone, or Signal, which you can download from the app store. These allow you to have secure communication on an insecure channel."

Soghoian also believes that security agencies – like the United states' NSA and British security agency GCHQ – could be using these flaws. "Many of the big intelligence agencies probably have teams that do nothing but SS7 research and exploitation. They've likely sat on these things and quietly exploited them," he said.

However, the poor security capabilities of SS7 protocol is not hidden from the people and its not at all a new, just three months ago we reported How a Cell Phone User Can be Secretly Tracked Across the Globe. But the era where each and every person care about privacy and security of their data, things like this really publicize exactly how big this threat really is and make many worried of its consequences.
213374U is offline  
Old 12-19-2014, 02:15 PM
  #54  
.dumbguy
 
Join Date: Nov 2014
Posts: 9
Default Re: Today in InfoSec

Originally Posted by 213374U View Post
This could have been bad....
No doubt. Domain hijack google.com, lol.
I'm waiting for some of the major cloud providers to get hacked.
That will be a big news day.
lllll is offline  
Old 12-21-2014, 08:25 PM
  #55  
Honda-Tech Member
 
DaveSi677's Avatar
 
Join Date: Sep 2003
Location: Toronto, Canada but from Montreal
Posts: 8,117
Default Re: Today in InfoSec

had to endure an Infosec course a few days ago... omg was it ever the most torturing thing ever!

It pretty much covered home and simple office security. For an IT guy having to listen to this, which was mandatory, was probably one of the longest 2 hours of my life.

Only good thing was there was free food
DaveSi677 is offline  
Old 12-21-2014, 08:26 PM
  #56  
Honda-Tech Member
 
DaveSi677's Avatar
 
Join Date: Sep 2003
Location: Toronto, Canada but from Montreal
Posts: 8,117
Default Re: Today in InfoSec

But interesting topic none the less!

Alot of good stories and interesting things you can learn.
DaveSi677 is offline  
Old 12-21-2014, 09:34 PM
  #57  
0x5359-0055
Thread Starter
 
213374U's Avatar
 
Join Date: Feb 2005
Location: Texas doe, they do everything big. u mad?
Posts: 5,758
Default Re: Today in InfoSec

Originally Posted by DaveSi677 View Post
had to endure an Infosec course a few days ago... omg was it ever the most torturing thing ever!

It pretty much covered home and simple office security. For an IT guy having to listen to this, which was mandatory, was probably one of the longest 2 hours of my life.
The "IT guys" are my biggest offenders when it come to InfoSec
213374U is offline  
Old 12-30-2014, 03:11 PM
  #58  
Hookers and blow
 
dipsy's Avatar
 
Join Date: Jan 2008
Location: GS15 Classified
Posts: 6,253
Default Re: Today in InfoSec

dipsy is offline  
Old 12-30-2014, 08:52 PM
  #59  
0x5359-0055
Thread Starter
 
213374U's Avatar
 
Join Date: Feb 2005
Location: Texas doe, they do everything big. u mad?
Posts: 5,758
Default Re: Today in InfoSec

Sup bae
213374U is offline  
Old 01-01-2015, 11:58 AM
  #60  
0x5359-0055
Thread Starter
 
213374U's Avatar
 
Join Date: Feb 2005
Location: Texas doe, they do everything big. u mad?
Posts: 5,758
Default Re: Today in InfoSec

Report: Chick-Fil-A data breach affects locations nationwide

Popular fast-food chain Chick-Fil-A Inc. is investigating a payment card data breach affecting an unknown number of its U.S. locations, but early indications suggest many thousands of customer accounts may have been compromised.

First reported Tuesday evening by Krebs on Security, the Chick-Fil-A data breach may date back to December 2013.

Financial institutions told veteran security reporter Brian Krebs they first discovered a pattern of fraud in November, but a credit card association alert issued shortly before Christmas 2014 indicated the breach window may have stretched from Dec. 2, 2013, through Sept. 30, 2014.

While the credit card association declined to identify the retailer, a separate financial institution told Krebs that Chick-Fil-A was the only common point-of-purchase among the nearly 9,000 customer card accounts assigned to its customers and listed in the alert.

The financial firm also noted that the 9,000-account number was more compromised accounts than it experienced as a result of 2013's epic Target Corp. data breach that involved the compromise of 40 million credit and debit cards, email addresses and telephone numbers of up to 70 million customers.

By comparison, Target's period of compromise lasted about three weeks and affected the majority of its 1,700 U.S. stores, suggesting that a Chick-Fil-A breach lasting as long as 10 months and affecting even a somewhat smaller percentage of its 1,850 U.S. locations may be comparable in size and scale to the massive breaches at Target and Home Depot Inc.
213374U is offline  
Old 01-09-2015, 02:49 PM
  #61  
Honda-Tech Member
 
raceACCORDingly's Avatar
 
Join Date: Jan 2002
Location: socal, usa
Posts: 2,707
Default Re: Today in InfoSec

'Hacktivist' group Anonymous says it will avenge Charlie Hebdo attacks by shutting down jihadist websites


Hacker group Anonymous have released a video condemning the Paris attacks, saying "freedom of expression has suffered an inhuman assault"

Hacker group Anonymous have released a video and a statement via Twitter condemning the attacks on Charlie Hebdo, in which 12 people, including eight journalists, were murdered.
The video description says that it is "a message for al-Qaeda, the Islamic State and other terrorists", and was uploaded to the group's Belgian account.
In the clip, a figure wearing the group's symbolic Guy Fawkes mask is seated in front of a desk with the hashtag #OpCharlieHebdo - which stands for Operation Charlie Hebdo - featured on screen.
The figure, whose voice is obscured says: "We are declaring war against you, the terrorists."
They add that the group will track down and close all accounts on social networks related to terrorists in order to avenge those who have been killed.
raceACCORDingly is offline  
Old 01-09-2015, 02:54 PM
  #62  
0x5359-0055
Thread Starter
 
213374U's Avatar
 
Join Date: Feb 2005
Location: Texas doe, they do everything big. u mad?
Posts: 5,758
Default Re: Today in InfoSec

Nice, this should be interesting
213374U is offline  
Old 01-13-2015, 09:56 AM
  #63  
0x5359-0055
Thread Starter
 
213374U's Avatar
 
Join Date: Feb 2005
Location: Texas doe, they do everything big. u mad?
Posts: 5,758
Default Re: Today in InfoSec

For those of you whom this topic interests, I need to recommend a couple books:



Shane dives into the history and current events surrounding America's place in cyberspace. Their abilities and their aspirations. He gives tons of information on a broad range of topics, allowing the reader to do extensive research beyond the pages of his book, but keeps the story moving and always interesting. Too much content for a single sitting, I'll be reading it again in the near future.




A great fiction piece with plenty of real-world infosec principles and tools demonstrated throughout. It's a look at the worst case scenario regarding our ever eroding civil liberties in the face of terrorism. An easy read (it's targeted at a teenage audience) but fun through and through. Just finished this one last night, I'll be picking up the sequel "Homeland" shortly. He also has several titles aimed at adults that I'll be checking out as well.
213374U is offline  
Old 01-26-2015, 07:47 AM
  #64  
0x5359-0055
Thread Starter
 
213374U's Avatar
 
Join Date: Feb 2005
Location: Texas doe, they do everything big. u mad?
Posts: 5,758
Default Re: Today in InfoSec

The 7 biggest lies you've been told about hacking

Online security is increasingly an issue rich for headlines as everyone from movie studios and celebrities to major retailers and CENTCOM find themselves the victims of digital infiltrators. However, "hacking" is also a very technical issue and, like many technical issues, one the media often gets wrong.

So as a citizen of the 21st century, it's increasingly important to arm yourself with some basic facts about hacking, cybersecurity, and the real threats they pose, as well as those they don't. With that in mind, here are seven common misconceptions you might have about hacking.

1) Taking down a site is akin to hacking that site

One of the most common headline-grabbing moves by so-called hackers is to take down their site through a DDoS attack. A group calling itself Lizard Squad has been using this method to take down the networks of Playstation and Xbox Live. It's a common method of protest by the hacker collective Anonymous, which has used it against such varied entities as the Westboro Baptist Church and, most recently, French jihadists.

These are not "hacks," however, in the traditional sense of the term. A "hacker" is defined by the National Initiative for Cybersecurity as "an unauthorized user who attempts to or gains access to an information system." Taking down a website or even a server does not take so much effort and certainly doesn't demand infiltrating the host of the target. All you need is a simple distributed denial of service, or DDoS.

A DDoS is a network of computers all sending data packets towards one server with the goal of overloading said server. Far from many individuals sending data from their computers, however, the most common form of DDoS consists of networks of computers — typically hacked for this purpose without their owners knowing — all being used to flood a particular target.

These networks of pirate zombie computers are typically open for business: You can special order a DDoS attack on the black market for about $150 a week, similar to hiring a hitman. The attacks on PSN and Xbox, for example, are believed to have been a publicity stunt for Lizard Squad's very own network-for-hire of home routers it has hacked for the expressed purpose of large-scale DDoS attacks.

But it's important to remember that a DDoS site takedown is very different from hacking a site. Being able to overload a site or server is a far cry from ransacking the databases of a company, like what happened to Sony last November. To paraphrase a popular xkcd comic, it's the difference between robbing a store and tearing down a poster the store put up.

2) A hijacked Twitter account means that company has been hacked

Last week, the Twitter and YouTube accounts for CENTCOM — the Central Command of the Pentagon — were disrupted by hackers claiming to be fighting in the name of ISIS. While that sounds scary, it's actually far more common and far less frightening than a successful attack on CENTCOM or any defense agency.

So let's say you have a Twitter account. As it has happened to many of us, a friend contacts you and asks why you're tweeting about this great new weight loss method you found. You think: "Crap! Someone hacked into my Twitter account!" Do you then think: "Crap! They must have all my files on my computer?" Of course not. That's all that has happened with CENTCOM.

This is not to say the CENTCOM hijack isn't important or doesn't have grave implications for the Pentagon. Social media accounts are a good judge for password security as a whole, and if your password and username for Twitter is the same as it is on Instagram, there's a good chance that, if one is compromised, so is the other. This is why you should be forgoing choosing your own passwords altogether and using a password manager.

Third party apps within sites, however, can threaten the stability of a service. The Syrian Electronic Army, a hacker collective of uncertain origin, has redirected hundreds of URLs by hacking software used to manage banner ads and comment boards. Still, this is a far cry from accessing sensitive data hosted by, say, Forbes or CNN.

3) Hacking takes skill and high-tech software

When a massive cache of nude photos of celebrities hit the internet last August, the media made the perpetrators into cyberterrorism masterminds. It's a common mistake to assume "hacks" like the Celebgate leak are done by modern-day wizards, fingers rushing over a keyboard as they coordinate some massive operation. In reality, all this kind of infiltration takes is some simple assumptions.

One of the purposes for security questions on any website is to help the site verify your identity, asking for answers about you (so you won't forget them) but impersonal enough a stranger couldn't easily learn them. But when you tell the site the name of your favorite pet, your mother's maiden name, or your elementary school, you might not think about how easy that information is to find.

Have you ever mentioned your elementary school on Facebook? How about a childhood photo where you've tagged your favorite pet? Maybe a memoriam to your late mother wherein you use her maiden name? All of that information can be used by someone to access any account using this information as a "Forgot Password" measure.

Now, instead of just the information you put on social media, imagine you're a huge celebrity with a Wikipedia page, hundreds of interviews, and a fanbase ravenous for any and every detail about you. What information is so private it can be trusted as a security question?

This is part of a too-often overlooked part of hacking, known as social engineering. Some of the most notorious hackers in history were best at manipulating people into revealing enough data about themselves or their systems. And it's not just your passwords that are at risk: In 2011, security firm Bancsec showed how, with little more than an email and a phone call, you could rob a bank of $25,000 with no one the wiser.

So with just a little bit of googling and an understanding of human nature, you, too, can be a master hacker like 4chan. Popular culture often gives people the impression that computers and security systems are complex mechanisms that only an engineering whiz can understand. But these portrayals forget that humans are often the weakest part of any system and, therefore, the easiest target.

4) Anonymous is a well-organized group of genius hackers

Perhaps no group has gotten more press for its cyber exploits than Anonymous. As noted above, they often choose high-profile targets for largely simple attacks with explosive results. In the wake of the Sony Pictures hack, for instance, they managed to disrupt the entire North Korean internet with a single DDoS attack.

Far be it for anyone, however, to perceive them as some elite squadron centrally controlled and spread throughout the globe. While their cyberactivism is often impressive, they are purely an opt-in organization. This means that anyone who does anything representing Anonymous is, ipso facto, representing Anonymous. While there does appear to be a core group of organizers, they lack much power over their army of uncertain numbers.

As Gabriella Coleman of The Atlantic wrote back in 2010, "it may be impossible to gauge the intent and motive of thousands of participants, many of whom don't even bother to leave a trace of their thoughts, motivations, and reactions. Among those that do, opinions vary considerably."

This apparent organizational uncertainty and lack of "true" hacking methods has made the group more of a band of merry pranksters than some digital warrior elite. Their reliance on otherwise harmless methods like DDoS are why CNN once called them "the graffiti artists of the internet."

But that's not to say fairly sophisticated hacks haven't been carried out by people claiming to represent Anonymous. Back in 2011, Sony's Playstation Network was compromised by Anonymous, revealing the personal and financial data of over 100 million users. After that, they moved on to more serious prey, releasing the personal data of the security firm the FBI had hired to help investigate Anonymous. LulzSec, an Anonymous spin-off group, likewise purged information from security contractors and the U.S. Senate. Still, the vast majority of Anonymous actions amount to little more than temporary vandalism.

5) China is the biggest source of hacks against the U.S.

While fighting for the memory of murdered satirists like Anonymous or taking down huge gaming networks like Lizard Squad are good for headlines, they are far afield from the typical large-scale hacking incident.

Real hacks — attempts to steal personal and financial data — actually most often come from low-key targets in Eastern Europe. According to security firm Gartner, 8 percent of all noted hacks come from within Russia. U.S. ally Taiwan, curiously, comes in at second with 3 percent of hacks and Germany and the Ukraine come in at 2.6 percent and 1.8 percent, respectively. For all the hubbub about Chinese hackers, only 0.5 percent of hacks directed at the U.S. or U.S. companies have come from China.

There's also the problem of finding where a hack came from in the first place, the primary job of firms like Gartner, Norse, and Mandiant. As Gartner Research Director Lawrence Pingree noted in the above blog post, "It is fairly well known by most security professionals that the best hackers on the planet often originate from Russia."

You wouldn't know this from looking at the headlines. The idea of Chinese cyberespionage, for whatever reason, often finds its way into the news media while Russia's status as our primary cyberwar antagonist goes mostly unknown among laymen.

6) Cyberattacks by countries are rare and equivalent to an act of war

Despite the notoriety of the supposedly North Korean attack against Sony Pictures, attacks against the U.S. government and American businesses by other countries are astonishingly common.

Every industry is suspect to cyberespionage by nation-states, usually in an attempt to gain an economic advantage. As DJ Summers wrote for Fortune last October, "Pilfered research from the biomedical, energy, finance, software, IT, defense, and aerospace industries creates not only economic gain but state-related advantage." Such varied data as medical patents and the source code for Microsoft applications have been stolen by Chinese and Russian hackers in the interest of competing against US firms.

Just last September, a Senate panel found 20 intrusions by Chinese hackers of defense contractors specializing in the movement and deployment of US troops. The agency that coordinates these efforts, U.S. Transportation Command, only knew about two.

Moves like these, however, are the new face of spying. And much like the cloak-and-dagger tactics of the Cold War, everybody's doing it. Despite government claims to the contrary, NSA whistleblower Edward Snowden has implicated the U.S. in the same sort of corporate intellectual theft it has decried China for. "If there's information at Siemens [a German manufacturer and conglomerate] that's beneficial to U.S. national interests — even if it doesn't have anything to do with national security," Snowden said in an interview on German television, "then they'll take that information nevertheless."

The drama surrounding the Sony Pictures hack might confuse some people into believing cyberattacks will ultimately reach the front page because they're so rare and damaging. However, the more salacious attacks are the ones that happen to U.S. companies every day but never make the front page of the paper.

7) Companies have to disclose if they've been breached

This is probably the most important misconception to have about cybersecurity as it provides a dangerously false sense of protection. In actuality, most cyberattacks are not merely underreported by the press but never publically disclosed in the first place.

Huge data breaches of credit card numbers and other data at retailers like Home Depot and Target sound the scariest, but most credit card breaches go completely unnoticed. A presentation at last year's Blackhat Convention (a meeting of the cybersecurity industry) showed how small, point-of-sale companies can be hacked with relative ease. Even though they hold sensitive data, such companies can rarely afford the type of software and staff necessary to thwart a concerted effort by determined identity thieves.

But that's not to say larger companies with sizable budgets and staff will always report the extent which they've been hacked or even be aware that they are currently victim to a hack. Last October, The New York Times reported hackers had free reign on the computers of JPMorgan for two solid months before anyone noticed. Retailer Neiman Marcus had a similar situation for five months and non-profit Goodwill allowed hackers into their system for a year and a half.

But even the hacks that reach the press cannot possibly represent all the hacking that is being done. As Bitsight cofounder Stephen Boyer told Forbes, "The math does not add up between public disclosure and what is actually going on. We know that the problem is much worse than is communicated by breach disclosure."

There is no law forcing companies to reveal when customer data has been breached and many might avoid doing so to save face and profit. Such disclosures, experts believe, are actually crucial to the future of cybersecurity and a central part of President Barack Obama's new push for
increased cyberdefense.

Such measures could further illuminate the real risks companies, governments, and citizens face online. Cybersecurity, like any complex topic, is often subject to oversimplification and misguided half-truths. In the wake of the Sony Pictures hack, it is clear breaches, leaks, and attacks will continue to be a popular news item, making it more important than ever that every news consumer arm themselves with even a basic understanding of what's really happening online.
213374U is offline  
Old 01-26-2015, 08:41 AM
  #65  
The Science Guy
 
Xentropa's Avatar
 
Join Date: Jun 2008
Location: Japan, UCLA
Posts: 748
Default Re: Today in InfoSec

very informative read. Though most have pretty much confirmed my speculations.
Xentropa is offline  
Old 01-26-2015, 10:10 PM
  #66  
Honda-Tech Member
 
raceACCORDingly's Avatar
 
Join Date: Jan 2002
Location: socal, usa
Posts: 2,707
Default Re: Today in InfoSec

Sup with this LizardSquad claiming to be a cause of the major social media outage? Real or taking claim for results of bad weather?

@LizardMafia: Facebook, Instagram, Tinder, AIM, Hipchat #offline #LizardSquad
@LizardMafia: If only we didn't use twitter to communicate...


Edit: Early reports are saying they were all DDoS'd.
raceACCORDingly is offline  
Old 01-27-2015, 06:38 AM
  #67  
0x5359-0055
Thread Starter
 
213374U's Avatar
 
Join Date: Feb 2005
Location: Texas doe, they do everything big. u mad?
Posts: 5,758
Default Re: Today in InfoSec

Yes, LizardSquad is a bunch of juvenile skiddies (script kiddies; non-technical "hackers") looking to make a name for themselves. From what everyone has seen from them so far, they couldn't write a password cracker to save their lives. 2 of their members came forward laying claim to the PSN and XBL DDOS' over the Christmas holidays (a billboard for their newly plagiarized DDOS for hire service) ..... got arrested within 48 hours. Check out what Brian Kreb's has to say about them, he's been following the group for months now and really doesn't think too highly of them.
213374U is offline  
Old 01-28-2015, 08:48 AM
  #68  
0x5359-0055
Thread Starter
 
213374U's Avatar
 
Join Date: Feb 2005
Location: Texas doe, they do everything big. u mad?
Posts: 5,758
Default Re: Today in InfoSec

Critical GHOST vulnerability affects most Linux Systems



A highly critical vulnerability has been unearthed in the GNU C Library (glibc), a widely used component of most Linux distributions, that could allow attackers to execute malicious code on servers and remotely gain control of Linux machines.

The vulnerability, dubbed "GHOST" and assigned CVE-2015-0235, was discovered and disclosed by the security researchers from Redwood Shores, California-based security firm Qualys on Tuesday.

CRITICAL AS HEARTBLEED AND SHELLSHOCK
GHOST is considered to be critical because hackers could exploit it to silently gain complete control of a targeted Linux system without having any prior knowledge of system credentials (i.e. administrative passwords).

The flaw represents an immense Internet threat, in some ways similar to the Heartbleed, Shellshock and Poodle bugs that came to light last year.

WHY GHOST ?
The vulnerability in the GNU C Library (glibc) is dubbed GHOST because it can be triggered by the library's gethostbyname family of functions. Glibc is a repository of open-source software written in the C and C++ coding languages that defines system calls.

The problem actual originates from a heap-based buffer overflow found in the __nss_hostname_digits_dots() function in glibc. This function is especially invoked by the _gethostbyname and gethostbyname2() function calls.

According to the researchers, a remote attacker has ability to call either of these functions which could allow them to exploit the vulnerability in an effort to execute arbitrary code with the permissions of the user running the application.

EXPLOIT CODE
In an attempt to highlight the severity of the risk, security researchers were able to write proof-of-concept exploit code that is capable to carry out a full-fledged remote code execution attack against the Exim mail server.

The researcher’s exploit able to bypass all existing exploit protections (like ASLR, PIE and NX) available on both 32-bit and 64-bit systems, including position independent executions, address space layout randomization and no execute protections.

Using the exploit, an attacker is able to craft malicious emails that could automatically compromise a vulnerable server without the email even being opened, according to Amol Sarwate, director of engineering with Qualys.
So far, the company has not published the exploit code to the public but eventually it plans to make the exploit available as a Metasploit module.

VERSIONS AFFECTED
The vulnerability affects versions of glibc as far back as glibc-2.2, which was released in 2000.

"Unfortunately, it was not recognized as a security threat; as a result, most stable and long-term-support distributions were left exposed (and still are): Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04, for example," researchers from Qualys said in an advisory published Tuesday.

FIXES AVAILABLE FOR SOME LINUX DISTRIBUTIONS
However, major distributors of the Linux operating system, including Red Hat, Debian and Ubuntu, updated their software on Tuesday to thwart the serious cyber threat. In order to update systems, core functions or the entire affected server reboot is required.

Red Hat, the No. 1 provider of Linux software to businesses, recommends its customers to update their systems "as soon as possible to mitigate any potential risk."
Cliffs:
- Security teams are busy today
213374U is offline  
Old 02-03-2015, 07:29 AM
  #69  
0x5359-0055
Thread Starter
 
213374U's Avatar
 
Join Date: Feb 2005
Location: Texas doe, they do everything big. u mad?
Posts: 5,758
Default Re: Today in InfoSec

China Demands Tech Companies to give them Backdoor and Encryption Keys

A number of western companies are doing big business in China, but now they may have to pay a huge value for to do so.

China has introduced strict new banking cyber security regulations on western companies selling technology to Chinese banks. The Chinese government wants backdoors installed in all technologies that imports into the Middle Kingdom for the benefit of Chinese security services.

The latest rules also state that western companies must hand over the Encryption Keys and secret source code as well.
The requirements are so absurd that it would be impossible for companies like Apple to comply, which could harm American businesses.

"The Chinese government has adopted new regulations requiring companies that sell computer equipment to Chinese banks to turn over secret source code, submit to invasive audits and build so-called back doors into hardware and software, according to a copy of the rules obtained by foreign technology companies that do billions of dollars’ worth of business in China," The New York Times reports.

The new requirements, detailed in a 22-page long document approved late last year, are in response to Edward Snowden’s revelations about the United States National Security Agency’s surveillance activities on Chinese networks.

In May 2014, Chinese government announced that it will roll out a new set of regulations for IT hardware and software being sold to key industries in their country. China have repeatedly blamed U.S. products and criticize that U.S. products are itself threat to national security, as they may also contain NSA backdoors, among other things.

The US Chamber of Commerce and other groups called these new rules by Chinese official "intrusive". They has also called Chinese government for talks on the issue.

"An overly broad, opaque, discriminatory approach to cybersecurity policy that restricts global internet and ICT products and services would ultimately isolate Chinese ICT firms from the global marketplace and weaken cybersecurity, thereby harming China's economic growth and development and restricting customer choice," the paper read.

U.S. businesses fear that the latest regulations by China will effectively shove them out of the world's largest and fastest-growing market. Recently, it was announced that Apple became the biggest smartphone seller in China in the final quarter of last year. The scale of effect could be calculated from this.

Last week, it was revealed that Tim Cook had agreed to "security audits" of its products sold in the country, but Apple has always insisted that it will never allow backdoor access to its products nor compromise the encryption used by its products and services, "and we never will."

However, many firms may not find this demand to meet, due to intellectual property and security concerns. So just wait and watch how other companies respond to this fresh regulations of China demands backdoor access.
Cliffs:

.......... ...........
213374U is offline  
Old 02-03-2015, 08:16 AM
  #70  
I like to party
iTrader: (1)
 
2LEM1's Avatar
 
Join Date: Mar 2008
Location: Yay Area, CA
Posts: 4,377
Default Re: Today in InfoSec

2LEM1 is offline  
Old 02-03-2015, 08:23 AM
  #71  
.dumbguy
 
Join Date: Nov 2014
Posts: 9
Default Re: Today in InfoSec

^^^ Things like this make me nervous to use a Lenovo.
What are the odds all Lenovos are backdoored by China?
lllll is offline  
Old 02-03-2015, 09:00 AM
  #72  
The Science Guy
 
Xentropa's Avatar
 
Join Date: Jun 2008
Location: Japan, UCLA
Posts: 748
Default Re: Today in InfoSec

So when you can't break an encryption (within reasonable time) make laws that require them to be compromised.
Xentropa is offline  
Old 02-04-2015, 08:50 AM
  #73  
0x5359-0055
Thread Starter
 
213374U's Avatar
 
Join Date: Feb 2005
Location: Texas doe, they do everything big. u mad?
Posts: 5,758
Default Re: Today in InfoSec

Apple iOS Now Targeted In Massive Cyber Espionage Campaign

Attack campaign tied to Russia now zeroing in on mobile user's iPhones, iPads.


Dangerous IE vulnerability opens door to powerful phishing attacks

An Internet Explorer vulnerability lets attackers bypass the Same-Origin Policy, a fundamental browser security mechanism, to launch highly credible phishing attacks or hijack users’ accounts on any website.
213374U is offline  
Old 02-16-2015, 11:43 AM
  #74  
0x5359-0055
Thread Starter
 
213374U's Avatar
 
Join Date: Feb 2005
Location: Texas doe, they do everything big. u mad?
Posts: 5,758
Default Re: Today in InfoSec

Carbanak bank malware attack causes nearly $1 billion in losses

A malware attack on more than 100 banks around the globe has led to one of the largest bank heist schemes in history, with losses potentially $1 billion.

A campaign to insert malware into banking institutions around the globe may be responsible for one of the largest bank heist schemes in history, new research shows, with attackers getting away with as much as $1 billion.

Researchers from Moscow-based Kaspersky Lab revealed new details Monday on the attack and the group responsible, which it has dubbed the Carbanak gang, based on the type of malware used. According to the report, Carbanak targeted more than 100 banks in at least 30 countries, and was responsible for the theft of anywhere between $300 million and $1 billion, and possibly more.

The attacks were first revealed in December 2014 by researchers at Russian research firm Group-IB and Dutch security intelligence firm Fox-IT. The attack group, first called Anunak, was said to have used a custom-made banking Trojan known as Canberp to steal more than $15 million from Eastern European banks.

The data for Kaspersky's research came through its own research in addition to research from INTERPOL and Europol. It found that known vulnerabilities in Microsoft Office were used to send phishing attachments to bank employees. The employees, by clicking links and opening attachments, would unsuspectingly instigate malware installs, which allowed attackers access to bank networks. There they would find and target employees responsible for cash transfer systems and remotely connected ATMs.

Kaspersky said that the Carbanak group didn't go after customer data -- including account information, and payment card numbers -- but instead attacked the banks directly by installing RAT software, which recorded video and screenshots of employee computers in order to learn how to best mimic normal bank transfers.

Carbanak reportedly lurked for months, enabling attackers to impersonate bank officers, turn on ATMs to release cash at random, and transfer millions of dollars from target banks into dummy accounts around the world. Each bank was said to have lost at least $2.5 and $10 million.

The Carbanak group is said to be made up of members mainly from Russia, China and Europe. While the group targeted dozens of banks, Kaspersky said that banks in Russia, the United States, Japan and Eastern Europe were hit the most frequently. The names of the banks attacked were not released due to non-disclosure agreements, and not one of the institutions has come forward to acknowledge any theft.
213374U is offline  
Old 02-16-2015, 02:00 PM
  #75  
"Haters Gonna Hate"
 
FrostyDC4's Avatar
 
Join Date: Dec 2000
Location: ¯\_(ツ)_/¯, AZ, USA
Posts: 6,831
Default Re: Today in InfoSec

Scary
FrostyDC4 is online now  

Thread Tools
Search this Thread
Quick Reply: Today in InfoSec


Contact Us - About Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service

© 2019 MH Sub I, LLC dba Internet Brands

We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.