More News

This section is for more news for you.

Security Basics

This list is for the new security administrator.

Security Basics

A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.

Skype / Vsee -
Posted by W W on Mar 18
Does anyone have any recommendations or thoughts on the use of Skype
or Vsee in the enterprise. I have done some research on the
vulnerabilities found in the products themselves. Quite frankly most
software have vuls so that doesn't buy me a whole lot. What security
risks are we exposing ourselves too by allowing these products into
our network? Are there any good references or guidelines for locking
these products down in order to mitigate...
Re: Change in Focus or Losing Focus? -
Posted by Leonardo Cavallari Militelli on Mar 18
Sum up the facts that every reference to Securityfocus articles will
not work anymore, that's another big issue.
I'm for this cause.
RE: Home wireless free hotspot -
Posted by David Gillett on Mar 18
ay

-----Original Message-----
From: Reginald Wheeler [mailto:wheeler90 () comcast net]
Sent: Tuesday, March 16, 2010 17:34
To: Jay Vlavianos
Cc: martinez85 () att blackberry net; John Lightfoot;
listbounce () securityfocus com; security-basics () securityfocus com
Subject: Re: Home wireless free hotspot

Dude the guy is not asking if it is safe to operate a freaking tor proxy
server. He is asking if he set up something like what you would get...
RE: Home wireless free hotspot -
Posted by David Gillett on Mar 18
-----Original Message-----
From: Reginald Wheeler [mailto:wheeler90 () comcast net]
Sent: Tuesday, March 16, 2010 17:34
To: Jay Vlavianos
Cc: martinez85 () att blackberry net; John Lightfoot;
listbounce () securityfocus com; security-basics () securityfocus com
Subject: Re: Home wireless free hotspot

Dude the guy is not asking if it is safe to operate a freaking tor proxy
server. He is asking if he set up something like what you would get if...
RE: Home wireless free hotspot -
Posted by Channel, Lawrence F CTR USAF ACC ACC/A8ZX on Mar 18
John,

If this is really what you want to do then this is how I would implement it with limited cost/equipment.

Set up you public wireless router as the primary(first) one that connect to the cable modem. I would let this one
advertise its SSID, but limit the number of address that can utilize it at once. I would then connect your private
network router to the public router. On the private router I would not advertise the SSID, make...
Re: Home wireless free hotspot -
Posted by Shawn Merdinger on Mar 18
i suppose one could also do what Bruce Schneier does...

"My Open Wireless Network" --
http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html

cheers,
--scm

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your...
Re: Home wireless free hotspot -
Posted by Adam Mooz on Mar 18
Assuming you're going to go with a dual-AP setup (highly recommended) you could put an Untangle box infront of the AP
(between the AP and the modem) and monitor who's doing what, this at least gives you the option to point a finger at
someone else (if Untangle handles the DHCP). You can also block protocols, access to specific sites, and a whole host
of other things that will help mitigate your liability by simply denying access to those...
Re: Home wireless free hotspot -
Posted by Dale Stirling on Mar 17
John,

I did this myself for some time with wrt54g running openwrt, I did
this to see what people would do with the link.

What I didi was run a DHCP server on the WRT54g and nat the DHCP
subnet to an IP (this then passed through another server where I was
running stuff to look at the traffic) and then ran that straight into
the back of my Cisco router on a second subnet and the 2 were made
unable to communicate.

My intention was if people were...
Re: Blocking Outlook External POP/SMTP -
Posted by krymson on Mar 17
I'll try to stay agnostic about the topic, as I could argue both ways for allowing people to do their personal stuff
but also locking it down. You've asked your question in the direction of how to lock it down, so I'll defend that side
of this discussion. :) I also tend to avoid the productivity arguments in this topic, as that is a management/HR issue.

REASONS

- Others have given some good reasons. I'll stress that you don't want to...
RE: Home wireless free hotspot -
Posted by Jay Vlavianos on Mar 17
Um.... opening his wireless access point allows people to run a tor exit node on their own... does it not? As well as
seeding torrents? As well as hosting warez? As well as running a dyndns'd porn server? As well as hacking NSA
servers? As well as making all of your other neighbors zombie DDOS robots?

He doesn't have to run the exit node himself, it only has to leave his pipe for him to get the finger... right?

I think you are missing...

Information Security

Info Security News

Carries news items (generally from mainstream sources) that relate to security.

SyScan'10 CFP -
Posted by InfoSec News on Mar 18
Forwarded from: thomas <thomas (at) syscan.org>

*SyScan'10 CALL FOR PAPERS*

*ABOUT SYSCAN'10*
This year, SyScan'10 will be held in the 4 exciting cities of Singapore,
Hangzhou, Taipei and Ho Chi Minh City. Details are as follows:

*/SyScan'10 Singapore
/*date: 17 – 18 June 2010

*/SyScan'10 HangZhou
/*date: 10 - 11 July 2010

*/SyScan'10 Taipei
/*date: 19 – 20 August 2010

*/SyScan'10 Ho Chi Minh City/*

date: 23 – 24 September 2010...
Hacker Disables More Than 100 Cars Remotely -
Posted by InfoSec News on Mar 18
http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/

By Kevin Poulsen
Threat Level
Wired.com
March 17, 2010

More than 100 drivers in Austin, Texas found their cars disabled or the
horns honking out of control, after an intruder ran amok in a web-based
vehicle-immobilization system normally used to get the attention of
consumers delinquent in their auto payments.

Police with Austin's High Tech Crime Unit on Wednesday arrested...
Researchers Map Multi-Network Cybercrime Infrastructure -
Posted by InfoSec News on Mar 18
http://www.krebsonsecurity.com/2010/03/researchers-map-multi-network-cybercrime-infrastructure/

By Brian Krebs
Krebs on Security
March 17th, 2010

Last week, security experts launched a sneak attack to disconnect
Troyak, an Internet service provider in Eastern Europe that served as a
global gateway to a nest of cyber crime activity. For the past seven
days, unnamed members of the security community reportedly have been
playing Whac-a-Mole...
Hackers offered $100,000 for browser and phone exploits -
Posted by InfoSec News on Mar 18
http://news.techworld.com/security/3217625/hackers-offered-100000-for-browser-and-phone-exploits/

By John E. Dunn
Techworld
17 March 2010

Security company 3Com TippingPoint has jacked up to $100,000 (65,000)
the prize money on offer to anyone able to hack a range of browsers and
mobile devices at the forthcoming CanSecWest security conference.

Running for the fourth year at the event, $40,000 of the Pwn2Own
contest pot will be on offer...
VA faces major hurdles to comply with FISMA, audit finds -
Posted by InfoSec News on Mar 17
http://fcw.com/articles/2010/03/17/audit-says-va-faces-significant-issues-with-fisma-compliance.aspx

By Alice Lipowicz
FCW.com
March 17, 2010

Despite a major improvement in cybersecurity, the Veterans Affairs
Department still has "significant" obstacles to overcome to meet federal
cybersecurity standards, according to a new report released by the VA's
Office of Inspector General.

According to a summary of the report, the VA...
'Cyber attack brought down national election website' -
Posted by InfoSec News on Mar 17
http://colombiareports.com/colombia-news/news/8728-cyber-attack-brought-down-national-election-website.html

By Brett Borkan
Colombia Reports
17 March 2010

Arolen S.A., a firm contracted by private telecommunications company UNE
to provide technical services for the recent congressional elections,
blamed a cyber attack for downing the national elections webpage of the
National Registry.

The National Registry's website and the website...
Revised cybersecurity bill introduced in Senate -
Posted by InfoSec News on Mar 17
http://www.computerworld.com/s/article/9172438/Revised_cybersecurity_bill_introduced_in_Senate?taxonomyId=17

By Jaikumar Vijayan
Computerworld
March 17, 2010

A revised version of a cybersecurity bill first proposed last year was
introduced again in the U.S. Senate today, notably without a
controversial provision that would have given the President authority to
disconnect networks from the Internet during a national emergency.

The bill,...
PlumberCon 10 - Call for Papers -
Posted by InfoSec News on Mar 16
Forwarded from: astera <astera (at) plumbercon.org>

PlumberCon 10 Call For Participation

====================================

The Call For Papers for PlumberCon 10, 2nd edition, taking place in
Vienna (Austria) is now open!

This year the conference will be held from July 09th - 11th (Fri - Sun)
- in other words, the week between HitB Amsterdam and The Next H.O.P.E.

Introduction

------------

PlumberCon is a very unique hacker...
Spencer Pratt uses cyber crime fighting tale to hide truth that he's taking anger management classes -
Posted by InfoSec News on Mar 16
http://www.nydailynews.com/gossip/2010/03/16/2010-03-16_spencer_pratt_uses_cyber_crime_fighting_tale_to_hide_truth_that_hes_taking_anger.html

By Cristina Everett
Daily News Staff Writer
March 16th 2010

Spencer Pratt recently announced he was leaving "The Hills" to pursue
his "new passion" of fighting cyber crime, however the reality show
villain may have been covering up something more dangerous.

According to...
MOD website still under intense attack -
Posted by InfoSec News on Mar 16
http://www.chinadaily.com.cn/china/2010-03/16/content_9599708.htm

Xinhua
2010-03-16

BEIJING - A chief editor with the official website of China's Ministry
of National Defense (MOD), www.mod.gov.cn, said Tuesday the site still
receives thousands of overseas-based hacking attacks everyday after more
than six months of trial operations.

"Although the number of hacking attacks has declined since the first
month of trial operations, we...

Security Wire - Search Security News

SearchSecurity: Security Wire Daily News

The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.

Robert Maley dismissal, in retrospect, not surprising - The Pennsylvania CISO was fired for commenting on the state's information security program at RSA Conference 2010, but other reasons may have played a part.
Major ISPs can remove botnets, malware, CISO says - The CSO of tier-1 ISP Tata Communications Ltd., says the technology is available to eradicate most malicious traffic without treading on privacy and civil liberties.
Microsoft Virtual PC zero-day flaw weakens virtual sessions - An error in Microsoft Virtual PC can make some harmless bugs on physical PCs much more serious in virtual environments, according to an advisory by Core Security Technologies Inc..
Social networks, financial firms getting used in phishing, brand abuse - Social network names are increasingly being used by phishers and other attackers. But most sites fight back swiftly, according to MarkMonitor Inc.
Survey stresses need for information security career plan - Many infosec pros claim to feel confident about their career's trajectory, but few are actually planning for it, according to survey results from Information Security Leaders.
MD5 hash vulnerability is expert's top Web security flaw - Jeremiah Grossman told RSA Conference 2010 attendees that a successful defense against Web-based flaws requires both a secure browser and a secure website infrastructure.
Zeus botnet temporarily disrupted, but back in full force - Despite a quarter of the Zeus command- and- control network being wiped out, security researchers observed a quick recovery of the notorious botnet.
Experts see DNSSEC deployments gaining traction - Increased authentication at the DNS layer will block DNS cache poisoning and create new services, experts say. The root zone should be signed and verified by July.
Noted cryptographer on SSL, encryption and cloud computing - Cryptographer, Taher Elgamal of Axway Inc., the inventor and initial driving force behind SSL, explains how applications may be better adapted to defend against attacks.
Social networking risks, benefits for enterprises weighed by RSA panel - Social networking risks to enterprises may be outweighed by the benefits, but experts at the 2010 RSA Conference say infrastructure providers must improve security.

Zero Day

This is the Security Digest of Kapersky Labs.

Zero Day

Tracking the hackers

Pwn2Own predictions: iPhone will be hacked - Experts are predicting that hackers at this year's CanSecWest Pwn2Own contest will definitely break into an Apple iPhone by exploiting a remote code execution vulnerability.
A Special Offer From Our Sponsor -
The new disclosure debate and the evil Mr Moore - Sourcefire's Matthew Olney examines vendor response to security issues and highlights the value of exploit code as part of defending computer systems.
TROYAK-AS: the cybercrime-friendly ISP that just won't go away - Over the past week, security researchers and vendors have been playing a cat-and-mouse game with a cybercrime-friendly ISP known as TROYAK-AS, one of the key "phone back" locations for the command and control servers of Zeus-serving malware campaigns for Q1, 2010.
Vulnerability in Microsoft Virtual PC exploits the unexploitable - Some applications with bugs that are not exploitable when running in a not-virtualized operating system are rendered exploitable if running within a guest OS in Virtual PC.
Mac OS X SMS ransomware - hype or real threat? - In need of a fresh example that cybercriminals are actively looking for ways to monetize infected Mac OS X hosts? Early-stage discussions at several web forums, including a PoC, offer an insight into the potential to monetize OS X infected hosts using SMS-based ransomware.
Microsoft offers 'fix-it' workaround for IE zero-day - Microsoft has released a one-click "fix-it" workaround to help Web surfers block malware attacks against an unpatched Internet Explorer vulnerability.
The cadence of Microsoft security patches - While the exact details of Microsoft's security patches are generally treated as news, the expected workload each month really shouldn't be a guessing game because Microsoft's patch releases are predictably cyclical.
Can Apple Safari avoid another Pwn2Own embarrassment? - Apple has released a critical Safari security update but, based on what I'm hearing, this patching frenzy may not be enough to avoid another embarrassment at this year's CanSecWest Pwn2Own hacker challenge.
Advanced Persistent Threats: Should your panties be in a bunch, and how do you un-bunch them? - Marketers are starting to abuse the APT (Advanced Persistent Threat) term but that doesn't dilute the true meaning of this adversary.

Threat Post

Security News from Kapersky Labs.

threatpost - The First Stop for Security News

Facebook Spam Tries to Phish Credentials -
Hackers have flooded the Internet with virus-tainted spam that targets Facebook's estimated 400 million users in an effort to steal banking passwords and gather other sensitive information. The emails tell recipients that the passwords on their Facebook accounts have been reset, urging them to click on an attachment to obtain new login credentials, according to researchers.
Shorten URL: http://threatpost.com/en_us/Ol3. Click to copy to clipboard or post to Twitter
New Security Updates for Drupal Modules -
The Drupal team has just released a whole heap of security advisories. Drupal's Email Input Filter, Keys and Tag Order modules all contain security vulnerabilities. Updated versions, in which the problems are fixed, are now available. Read the full article. [The H Security]
Shorten URL: http://threatpost.com/en_us/Oqh. Click to copy to clipboard or post to Twitter
Sizing Up Activist Hacking -
Whatever the Chaos Computer Club's name suggests, Europe's largest hacker group is not intent on bedlam. Read the full article. [BBC News]
Shorten URL: http://threatpost.com/en_us/Oqu. Click to copy to clipboard or post to Twitter
Mariposa Bot Found Pre-Loaded on Second Vodafone Handset -
It seems that the HTC Magic phone distributed by Vodafone in Spain that security researchers discovered recently was pre-loaded with the Mariposa bot client was not an isolated incident after all, as the concerned party had claimed. An employee of another Spanish security vendor found the same malware pre-installed on the same model phone this week bought directly from Vodafone.
Shorten URL: http://threatpost.com/en_us/Oqz. Click to copy to clipboard or post to Twitter
Pwn2Own Predictions: Apple iPhone Will Fall -
Hackers at this year’s CanSecWest Pwn2Own contest will definitely break into an Apple iPhone by exploiting a remote code execution vulnerability.
That’s the prediction from Charlie Miller and Aaron Portnoy, two security researchers who are monitoring events leading to next week’s hacker challenge.
Shorten URL: http://threatpost.com/en_us/Oqs. Click to copy to clipboard or post to Twitter
Charlie Miller on Mac OS X, Pwn2Own and Writing Exploits -
The following is the full transcript of a live Threatpost chat with Charlie Miller, a vulnerability researcher at Independent Security Evaluators. During this session, Miller discussed his approach to finding security flaws, his work on fuzzing applications, his plans for this year's Pwn2Own hacker challenge and his thoughts on improvements in Apple's Mas OS X.
Shorten URL: http://threatpost.com/en_us/Oqv. Click to copy to clipboard or post to Twitter
What Researchers Are Gaining from Troyak's De-Peering -
Over the past week, security researchers and vendors have been playing a cat-and-mouse game with a cybercrime-friendly ISP known as TROYAK-AS. The results so far? A series of attempts by the cybercriminals to restore access to their botnet, and an invaluable learning experience for the community, with the gang exposing node after node of malicious activity. Read the full article. [ZDNet]
Shorten URL: http://threatpost.com/en_us/OqZ. Click to copy to clipboard or post to Twitter
Mapping the Criminal-ISP Infrastructure -
According to a report issued today, eight networks connect directly to the botnet-hosting ISP Troyak and four other upstream providers that “surround the malicious core,” and help to “mask the true malware-hosting armada and provide solid uptime to the malware servers” for ZeuS botnets, Gozi, and RockPhish among others. Read the full article. [KrebsonSecurity]
Shorten URL: http://threatpost.com/en_us/Oqa. Click to copy to clipboard or post to Twitter
Real 'Mafia Wars': Facebook Helps Nab Actual Criminal -
Pasquale Manfredi, 33, who reportedly calls himself Scarface and allegedly runs the 'Ndrangheta mafia, was captured in Calabria using intelligence gleaned from the social networking site. Manfredi, who used the alias Georgie on Facebook, is suspected of using social networking to exchange coded instructions and stay in contact with other mobsters. Read the full article. [The Register]
Shorten URL: http://threatpost.com/en_us/Oqx. Click to copy to clipboard or post to Twitter
Using Live Data In Development Is Risky -
Those charged with the care and feeding of database information stores, beware: A new statistic tucked into a comprehensive study of financial services firms' data protection policies shows that even at the most security-aware organizations, application developers still use live data in their development and test environments including many in financial firms. Read the full article. [Dark Reading]
Shorten URL: http://threatpost.com/en_us/OqO. Click to copy to clipboard or post to Twitter