Get ur hot fresh pcap dumps over at contagio… http://contagiodump.blogspot.com/2013/02/linuxcentos-sshd-spam-exploit.html?m=1
Tag Archives: security
Obama’s new cyber-security tactics finger corrupt staff, China • The Register
Obama’s new cyber-security tactics finger corrupt staff, China Hackers or the guy with root?
Trouble is closer to home, warns White House
By John Leyden
The White House has unveiled a fresh strategy for combating the theft of American trade secrets – days after a high-profile Chinese cyber-espionage campaign against US corporate giants was exposed. The strategy, outlined in a 141-page report [PDF] published on Wednesday, focuses on a five-part plan featuring diplomatic efforts, cooperation with private industry to bolster information security, legislation, law enforcement operations and public education campaigns.
The US Departments of Commerce, Defense, Homeland Security, Justice, State and Treasury; the Office of the Director of National Intelligence; and the Office of the United States Trade Representative were all involved in drawing up the strategy, and will all be involved in aspects of putting it into play. The US government report, which cites numerous examples of Chinese espionage and a lesser number of attacks traced to Russia and the countries, makes a fascinating read.
More via http://www.theregister.co.uk/2013/02/21/us_revamped_cyber_strategy/
Hrm #ligatt in my Android Market, or did someone play da playa?
via Plume
Unsure if this is someone captializing off #ligatt’s shady plagiarism or our infamous boy marketing himself through other channels. “Oooh, National Cyber Security!”
Anonymous collects, publishes IP addresses of alleged pedophiles
Anonymous collects, publishes IP addresses of alleged pedophiles
By Sean Gallagher
Following up on its takedown of a Tor-based child pornography host, a group within the Anonymous “hacktivist” group has published the Internet addresses of 190 alleged pedophiles. To do so, they allegedly collaborated with members of the Mozilla Foundation to create a modified Tor browser plugin which collected forensic data about the users. Members of the group also claim that a member of Tor’s developer team is the operator of the hosting service that serves up several child pornography sites.
The Tor privacy network uses a set of special protocols that can be used to allow anonymous browsing of the Internet and access to hidden “.onion” sites—a “darknet” of webpages, collaborative spaces and other Internet resources hidden from the view of the wider Internet. The Tor network conceals the location of these services, though attacks within the network can “fingerprint” them to gain information about them and use other methods to get a general idea of their location.
More via Ars Technica via Anonymous collects, publishes IP addresses of alleged pedophiles.
Reading Room: U.S. Requests for Google User Data Spikes 29 Percent in Six Months
The number of U.S. government requests for data on Google users for use in criminal investigations rose 29 percent in the last six months, according to data released by the search giant Monday.
U.S. government agencies sent Google 5,590 criminal investigation requests for data on Google users and services from Jan. 1 to June 30, 2011, an average of 31 a day. That’s compared to 4,601 requests from July 1 to Dec. 31, 2010, the company reported Tuesday in an update to its unique transparency tool.
Google says it complied in whole or part with 93% of such requests, which can include court orders, grand jury subpoenas and other legal instruments.
For the first time, Google’s transparency report includes the number of users and accounts affected by such requests — in this case, 11,057.
Read more via U.S. Requests for Google User Data Spikes 29 Percent in Six Months | Threat Level | Wired.com.
Highlighting HiR Guest Post: Setting up a Pfsense firewall
Making security simple to understand and accessible to the masses is half the battle. @biosshadow does a great job of walking you through the conversion of a random disused pc (that sooner or later we’ll end up with) and making it a functional, feature-rich firewall. If you’re curious about linux, open source resources, or the community’s perpetual ongoing quest to immerse in better security, give @biosshadow a follow on twitter, he’s always a great resource for howto links and resources, including the excellent howto’s he develops himself.
His regular blog is in my permanent rss reader list at geek-crack.com and is most worthy of an add to your google reader blog list.
This particular posting is being hosted by @ax0n’s excellent HiR Report site, another great security and admin blog:
Pfsense is a free, as in speech and beer, firewall for home, business, and any other purpose you can think of. It’s based on FreeBSD, so it’s very stable and has a very good TCP/IP stack. It has a serious feature list.
via HiR Information Report: Guest Post: Setting up a Pfsense firewall.
Worth peeking at your VPN Configs: US-CERT Vulnerability Note VU#261869
This was getting some discussion on teh twitter today, but the list of affected VPN vendors was substantial enough, you might want peek at your own configs. The hyperbole might not yet be warranted, but it might be worth a peek under your hood.
The description of the vuln implies potentially that some VPN vendors’ default settings might make attacks more viable. taken from US-CERT Vulnerability Note VU#261869:
Vulnerability Note VU#261869
Clientless SSL VPN products break web browser domain-based security models
Overview
Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or conduct other web-based attacks.
Later in the bulletin, a mention of the potential exploit method:
By convincing a user to view a specially crafted web page, a remote attacker may be able to obtain VPN session tokens and read or modify content (including cookies, script, or HTML content) from any site accessed through the clientless SSL VPN. This effectively eliminates same origin policy restrictions in all browsers. For example, the attacker may be able to capture keystrokes while a user is interacting with a web page. Because all content runs at the privilege level of the web VPN domain, mechanisms to provide domain-based content restrictions, such as Internet Explorer security zones and the Firefox add-on NoScript, may be bypassed. For additional information about impacts, please see CERT Advisory CA-2000-02.
There’s a broad variety of affected software- and appliance-based VPNs in the CERT list, it’s certainly worth a call to your vendor to be certain you’re using the safest possible configs for your VPN’s environment. Read full bulletin here.