Information Security

News aggregatorDELETE

PHP Fixes Several Bugs in Version 5.4 and 5.5, (Fri, Sep 19th)

Windows Security - Fri, 09/19/2014 - 18:41

PHP announced the released of version 5.5.17 and 5.4.33. Ten bugs were fixed in version 5.4.33 and 15 bugs were fixed in version 5.5.17. All PHP users are encouraged to upgrade.The latest version are available for download here.

[1] http://php.net/ChangeLog-5.php#5.4.33
[2] http://php.net/ChangeLog-5.php#5.5.17
[3] http://windows.php.net/download

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Vulnerability Pipes

Friday Squid Blogging: Colossal Squid Dissected in New Zealand

Bruce Shneier's Blog - Fri, 09/19/2014 - 16:29
Months after it was found in August, scientists have dissected a colossal squid. There's even video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Categories: Security News

iOS 8 Security

Bruce Shneier's Blog - Fri, 09/19/2014 - 12:54
Apple claims that they can no longer unlock iPhones, even if the police show up with a warrant. Of course they still have access to everything in iCloud, but it's a start. EDITED TO ADD (9/19): Android is doing the same thing....
Categories: Security News

Fake Cell Phone Towers Across the US

Bruce Shneier's Blog - Fri, 09/19/2014 - 06:11
Earlier this month, there were a bunch of stories about fake cell phone towers discovered around the US These seems to be IMSI catchers, like Harris Corporation's Stingray, and are used to capture location information and potentially phone calls, text messages, and smart-phone Internet traffic. A couple of days ago, the Washington Post ran a story about fake cell phone...
Categories: Security News

Web Scan looking for /info/whitelist.pac, (Fri, Sep 19th)

Windows Security - Thu, 09/18/2014 - 20:37

Nathan reported today that he has been seeing a new trend of web scanning against his webservers looking for /info/whitelist.pac. The scanning he has observed is over SSL. He has been observing this activity since the 22 Aug.

[22/Aug/2014:18:55:32 -0500]    xx.12.93.178    GET /info/whitelist.pac HTTP/1.1   Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
[...]
[14/Sep/2014:11:10:05 -0500]    xx.216.137.7    GET /info/whitelist.pac HTTP/1.1   Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
[14/Sep/2014:13:16:19 -0500]    xx.174.190.254 GET /info/whitelist.pac HTTP/1.1   Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
[14/Sep/2014:14:03:48 -0500]    xx.252.188.49   GET /info/whitelist.pac HTTP/1.1   Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
[14/Sep/2014:17:10:40 -0500]    xx.17.199.47     GET /info/whitelist.pac HTTP/1.1   Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
[14/Sep/2014:21:10:26 -0500]    xx.13.136.13     GET /info/whitelist.pac HTTP/1.1   Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
[16/Sep/2014:06:30:15 -0500]    xx.10.51.74       GET /info/whitelist.pac HTTP/1.1   Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
[16/Sep/2014:14:03:54 -0500]    xx.240.174.203  GET /info/whitelist.pac HTTP/1.1   Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)

Is anyone else seeing similar activity against their webservers?

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Vulnerability Pipes

Vuln: Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability

Linux Security - Thu, 09/18/2014 - 19:00
Apache Subversion 'mod_dav_svn' Module SVNListParentPath Denial of Service Vulnerability
Categories: Vulnerability Pipes

Apple Phishing emails, (Thu, Sep 18th)

Other Security - Thu, 09/18/2014 - 18:58

With today being "buy an Apple phone" day it should not be surprising that there are already some phishing emails going around to try and take advantage of the publicity.  

Jan sent this in this morning (thanks):

-------------
Dear Client,

We inform you that your account is about to expire in less 48 hours, it's imperative to update your information with our audit forms, otherwise your session and/or account will be a limited access.

just click the link below and follow the steps our request form

Update now...

This is an automatically generated message. Thank you not to answer.  If you need help, please visit the Apple Support.

Apple Client Support.
-------------

A variation on the many phishing emails we see regularly, just taking advantage of two public events, the celebrity photos and the release of the new phone.

Maybe a reminder to staff as well as friends and family to ignore emails that say "click here"

Happy buying a phone day or if not phonically inclined, happy talk like a pirate day, or just plain enjoy your Friday. 

Mark 

 

 

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Vulnerability Pipes

Terrible Article on Vernam Ciphers

Bruce Shneier's Blog - Thu, 09/18/2014 - 14:09
If there's anything that confuses wannabe cryptographers, it's one-time pads....
Categories: Security News

The Full Story of Yahoo's Fight Against PRISM

Bruce Shneier's Blog - Thu, 09/18/2014 - 07:13
In 2008, Yahoo fought the NSA to avoid becoming part of the PRISM program. It eventually lost the court battle, and at one point was threatened with a $250,000 a day fine if it continued to resist. I am continually amazed at the extent of the government coercion....
Categories: Security News

The Dark Web Gets Darker With Rise of the ‘Evolution’ Drug Market

Wired Threat Level - Thu, 09/18/2014 - 05:30

Evolution’s popularity has been driven not only by a more secure and professional operation than its competitors, but also by a more amoral approach to the cryptomarket than the strict libertarian ethos the Silk Road preached.

The post The Dark Web Gets Darker With Rise of the ‘Evolution’ Drug Market appeared first on WIRED.








Categories: Security News

Identifying Dread Pirate Roberts

Bruce Shneier's Blog - Wed, 09/17/2014 - 14:30
According to court documents, Dread Pirate Roberts was identified because a CAPTCHA service used on the Silk Road login page leaked the users' true location....
Categories: Security News

Tracking People From their Cell Phones with an SS7 Vulnerability

Bruce Shneier's Blog - Wed, 09/17/2014 - 07:15
What's interesting about this story is not that the cell phone system can track your location worldwide. That makes sense; the system has to know where you are. What's interesting about this story is that anyone can do it. Cyber-weapons arms manufacturers are selling the capability to governments worldwide, and hackers have demonstrated the capability....
Categories: Security News

Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying

Wired Threat Level - Wed, 09/17/2014 - 05:30

The best hope of shielding your metadata from the NSA was invented by a middle-school dropout in his spare time.

The post Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying appeared first on WIRED.








Categories: Security News

Vuln: Microsoft Internet Explorer CVE-2014-4092 Remote Memory Corruption Vulnerability

Windows Security - Tue, 09/16/2014 - 19:00
Microsoft Internet Explorer CVE-2014-4092 Remote Memory Corruption Vulnerability
Categories: Vulnerability Pipes

Vuln: Microsoft Internet Explorer 'CAttrValue' Style Attribute Remote Memory Corruption Vulnerability

Windows Security - Tue, 09/16/2014 - 19:00
Microsoft Internet Explorer 'CAttrValue' Style Attribute Remote Memory Corruption Vulnerability
Categories: Vulnerability Pipes

Vuln: Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability

Linux Security - Tue, 09/16/2014 - 19:00
Apache Tomcat CVE-2014-0119 XML External Entity Information Disclosure Vulnerability
Categories: Vulnerability Pipes

Vuln: Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability

Linux Security - Tue, 09/16/2014 - 19:00
Apache Tomcat CVE-2014-0096 XML External Entity Information Disclosure Vulnerability
Categories: Vulnerability Pipes

Vuln: Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability

Linux Security - Tue, 09/16/2014 - 19:00
Apache Xalan-Java Library CVE-2014-0107 Security Bypass Vulnerability
Categories: Vulnerability Pipes

Vuln: Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability

Linux Security - Tue, 09/16/2014 - 19:00
Apache Tomcat CVE-2014-0075 Chunk Request Remote Denial Of Service Vulnerability
Categories: Vulnerability Pipes

FreeBSD Denial of Service advisory (CVE-2004-0230), (Tue, Sep 16th)

Other Security - Tue, 09/16/2014 - 17:54

A vulnerability has been discovered by Johnathan Looney at the Juniper SIRT in FreeBSD (base for Junos and many other products) in the way that FreeBSD processes certain TCP packets (https://www.freebsd.org/security/advisories/FreeBSD-SA-14:19.tcp.asc)  If you send TCP SYN packets for an existing connection (i.e. the correct source IP, source port, destination IP, destination port combination) the operating system will tear down the connection.  

The attack is similar to the "slipping in the TCP window" attack described back in 2004 by Paul Watson (http://packetstormsecurity.com/files/author/3245/), but using SYN packets instead of RST.  One of the Handlers has successfully reproduced the attack in their lab.  

For those of you that don't have FreeBSD in your environment, you probably do. There are a number of products that utilise FreeBSD as their base operating system. A few that spring to mind are OSX, Bluecoats, CheckPoint, Netscaler and more (A partial list is here http://en.wikipedia.org/wiki/List_of_products_based_on_FreeBSD).  

Keep an eye out for updates from your vendors, Juniper's is here  -->  http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10638">=SIRT_1">M

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Categories: Vulnerability Pipes
Syndicate content