AusCERT: Cisco IP phones prone to hackers

Darren Pauli,auscert-cisco-ip-phones-prone-to-hackers.aspx



'....Security consultant Chris Gatford showed SC Magazine how internet-protocol phone systems from market leader Cisco were vulnerable out of the box to attacks that were widely known. He said customers of his had lost $20,000 a day through such exploits....'





White House Proposed Legislation Would Regulate ICS

Dale G Peterson



'....Last week President Obama provided a legislative proposal on cybersecurity with a potentially large impact on the ICS community.

Companies responsible for critical infrastructure ICS would be put into "Risk-Based Tiers". If your company is in one of the higher, as yet undefined, risk-based tier, a cybersecurity plan must be developed, signed by a corporate officer and "be available for review, inspection, and evaluation by an evaluator pursuant to section 6, the Secretary, or a agency with responsibility for regulating the entity."

DHS then sets up third party evaluators, like FERC did in selecting NERC, to consider if the cybersecurity plan is sufficient. Evaluations must occur annually....'





The five best privacy downloads

PC Advisor



'....Everyone is concerned about privacy and security online, and online tracking is a problem that has worried internet net users for many years. However, here's five free downloads to help you discover what info (if any is being tracked) while the others can help you erase the data and prevent yourself from......'





Security experts go to war: wife targeted

Ben Grubb



'....The wife of an Australian security expert has been targeted by another security expert in a Facebook privacy vulnerability test demonstrated at a security conference in Queensland. ......'





Back Link Checker




'....backlink checker creates a detailed analysis about the websites, which are linking to your own site. These backlinks are important, because the search engine ranking is heavily influenced by how well your website is linked......'





CERT warns of critical industrial control bug

Dan Goodin



'....A group collaborating with the US Computer Emergency Readiness Team is warning oil refineries, power plants, and other industrial facilities of a bug in a popular piece of software that could allow attackers to take control of their computer systems. ......'





Xplico - Internet Traffic Decoder. Network Forensic Analysis Tool (NFAT)

Andrea De Franceschi and Gianluca Costa



'....he goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn't a network protocol analyzer. Xplico is an open source......'




Leak Site Directory

Leak Directory



'....Leak Sites that publish leaks and accept.....'



Facebook Busted in Clumsy Smear on Google

Dan Lyons



'....The social network secretly hired a PR firm to plant negative stories about the search giant, The Daily Beast's Dan Lyons reveals......'



Download the ZeuS Source Code




'....May 10 was a big day for the Information Security community! Backtrack 5 was released (and finally Gnome is an option instead of KDE) and in a big surprise, the source code to Zeus was leaked.....'



Cyberwarfare rules included in Defense bill

Suzanne Kubota



'....Released Monday, chairman of the House Armed Services Committee, Rep. Howard P. "Buck" McKeon, (R-Calif.) helps to define the Rules of Engagement in cyberspace for the Defense Department, noting "because of the evolving nature of cyber warfare, there is a lack of historical precedent for what constitutes traditional military activities in cyberspace."


"In particular, this section (962) would clarify that the Secretary of Defense has the authority to conduct clandestine cyberspace activities in support of military operations pursuant to the Authorization for the Use of Military Force...'



Anonymous: peering behind the mask

Jana Herwig



'....Are members of the 'hacktivist group' Anonymous defenders of truth and seekers of knowledge.....'



The £12m question: how WikiLeaks gags its own staff

David Allen Green



'....for some time it has been apparent that WikiLeaks and its founder Julian Assange have had a "pick'n'mix" attitude to legal obligations. They seem to feel free from any restrictions in respect of confidentiality and official secrecy; but on the other hand they make routine legal threats, especially against the Guardian...'




Ryan Barnett



'....The Web Hacking Incident Database, or WHID for short, is a Web Application Security Consortium project dedicated to maintaining a list of web applications related security incidents. WHID's goal is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web applications security incidents. WHID has been featured in Information Week and slash dot......'



Cyberwarfare May Be A Bust For Many Defense Contractors

Loren Thompson



'....As federal spending on national security has leveled off in recent years, big defense contractors have worked hard to secure a role in one of the few market segments expected to keep growing: cyberwarfare. It's a relatively new field where the terminology hasn't stabilized yet, but for the purposes of this posting, cyberwarfare means three things: attacking enemy networks, exploiting enemy information flows, and defending friendly networks. Most of the money Washington is currently spending on cyberwarfare goes to the latter activity — securing friendly networks — but offensive activities seem to be growing faster over time......'




N.Korea's Highly Trained Hacker Brigades Rival CIA




'....North Korea's 1,000 or so hackers are as good as their CIA counterparts, experts believe. Due to difficulties in expanding its conventional weapons arsenal following the economic hardships during the 1990s, North Korea apparently bolstered electronic warfare capabilities.

The regime opened Mirim University, now renamed Pyongyang Automation University, in the mid-1980s to train hackers in electronic warfare tactics. A defector who graduated from Mirim University said classes were taught by 25 Russian professors from......'



Anonymous says Sony accusations over PlayStation Network hack are lies




'....The online activism group Anonymous has denied insinuations by Sony that it was involved in the hacker breaches of the PlayStation Network (PSN) and Online Entertainment (SOE) systems in which between 77m and 100m personal details were stolen, and potentially as many credit card details.

The riposte was delivered in a letter published online soon after the corporation delivered a letter to US politicians in which it claimed that private investigators called in to examine the break-in had discovered a file entitled "Anonymous" and containing the words "We are Legion" - part of Anonymous's slogan......'



Osama bin Laden Files May Be Impossible to Crack

Author: Matt Liebowitz



'....U.S. forces recovered a wealth of computer files, hard drives, thumb drives and electronic equipment from Osama bin Laden's Pakistan compound after his killing this past weekend, but security experts say that if the files were correctly encrypted, it will be nearly impossible for intelligence experts to ever see what is stored on them.

"Correctly implemented encryption is very difficult to break," Steve Santorelli, director of global outreach at the Internet security research group Team Cymru, told SecurityNewsDaily....'



Financial crisis causing young to turn to cybercrime

Tim Lohman



'....The GFC-induced economic slowdown in Europe is having a direct impact on the growth of cybercrime and other organised crime according to the European Union's law enforcement agency, Europol. In a recent report into organised crime, the agency said the recent economic crisis had resulted in a surplus of young people with advanced technical skills who were vulnerable to involvement in criminal activity......'



PC rental store hid secret spy hardware in laptop, suit says

Dan Goodin



'....A Wyoming couple has filed a federal lawsuit claiming a computer they purchased came with secret spying hardware that allowed the seller to monitor their every move.

According to the complaint, Brian and Crystal Byrd first learned of the snoop device when they received a visit at home from a manager of the local Aaron's rent-to-own store falsely claiming they hadn't made required payments on their Dell Inspiron laptop. During the conversation, manager Christopher Mendoza said he had a photo of Mr. Byrd using the computer and as proof showed a picture that had been taken remotely using an off-the-shelf device called PC Rental Agent......'



Feds Demand Firefox Remove Add-On That Redirects Seized Domains

David Kravets



'....The Department of Homeland Security has requested that Mozilla, the maker of the Firefox browser, remove an add-on that allows web surfers to access websites whose domain names were seized by the government for copyright infringement, Mozilla's lawyer said Thursday.

But Mozilla did not remove the MafiaaFire add-on, and instead has demanded the government explain why it should. Two weeks have passed, and the government has not responded to Mozilla's questions, including whether the government considers the add-on unlawful and whether Mozilla is "legally obligated" to remove it. The DHS has also not provided the organization with a court order requiring its removal, the lawyer said.......'



Did Syria replace Facebook's security certificate with a forged one?

Author: Anas Qtiesh



'....Ana Souri [I'm Syrian in Arabic] tumblr user is claiming that Syrian Telecom Ministry has replaced Facebook's security certificate with a forged one that makes it easy to spy on users, record their passwords, and view their private content.

The post notes that the browser would alert users to the untrusted certificate issue, but says that most people would allow an exception for the suspicious certificate because they might not really understand what's going on......'



Social Media, Emerging Street Opposition Are Forces Behind Syrian Uprising

Margaret Besheer



'....Despite periodic cuts in the Internet and mobile network, young Syrian activists have been working their computers and mobile phones for weeks, updating Facebook pages, sending out messages over Twitter, uploading videos onto YouTube and speaking to human rights campaigners, journalists and others outside their country. They try to tell the world what is happening, as most foreign reporters have been banned.

Activists say tools such as Facebook and Twitter were not widely known in Syria until just a few months ago......'



LastPass CEO Explains Possible Hack

Author: PCWorld



'....Speaking exclusively with PCWorld, LastPass CEO Joe Siegrist explained how his company came to the conclusion that its servers, which provide cross-platform password storage for millions of customers, may have been accessed by an outside party. Just one day earlier, LastPass announced via its blog that it had noticed a "network traffic anomaly" and was implementing additional security as a result......'



Al-Qaida Not Seen as a Cyberthreat

Eric Chabrow,



'....The federal government isn't taking any extraordinary measures to defend government and critical information networks following the killing Sunday by American forces of al-Qaida leader Osama bin Laden.

"Our efforts to combat terrorism, however, do not fixate on one individual, and we remain completely focused on protecting our nation against violent extremism of all kinds," Homeland Security Secretary Janet Napolitano said in a statement.....'



Microsoft, Juniper urged to patch dangerous IPv6 DoS hole

Julie Bort



'....Despite growing pressure from security experts, Microsoft and Juniper have so far refused to patch a dangerous hole that can freeze a Windows network in minutes.

The vulnerability was initially discovered in July 2010 by Marc Heuse, an IT security consultant in Berlin. He found that products from several vendors were vulnerable, including all recent versions of Windows, Cisco routers, Linux and Juniper's Netscreen.....'



The 10 Tools of Online Oppressors

Danny O'Brien



'....To mark World Press Freedom Day, May 3, the Committee to Protect Journalists is examining the 10 prevailing tactics of online oppression worldwide and the countries that have taken the lead in their use. What is most surprising about these Online Oppressors is.....'



CNET sued over LimeWire, blamed for "Internet Piracy Phenomenon"

Nate Anderson



'....Alki David, the wealthy film producer and entrepreneur behind sites like FilmOn, announced last year in a YouTube video that he intended to sue CNET and its owner, CBS, for providing hundreds of millions of downloads of LimeWire P2P software over the last decade. Today, he made good on his threat, rounding up some rap and R&B musicians to join his case......'


SSL Renegotiation DOS attack – an iRule Countermeasure

David Holmes



'....If a client connection attempts to renegotiate more than five times in any 60 second period, that client connection is silently dropped.By silently dropping the client connection, the iRule causes the attack tool to stall for long periods of time, fully negating the attack.......'



Chat Log: What It Looks Like When Hackers Sell Your Credit Card Online

Kevin Poulsen



'....Vendors advertise their stolen data on web-based "carder"forums, and sometimes operate their own virtual storefronts. But the detailed negotiations over price and quantity often take place in private chats......'



How to Extract Flash Objects from Malicious PDF Files

Lenny Zeltser



'....The steps to locate and extract JavaScript from PDF files using these tools have been documented fairly well. Fortunately, the same tools can help us locate and extract embeded Flash programs......'



Combating Cybercrime - Principles, Policies, and Programs

Michael Barrett, Andy Steingruebl, Bill Smith



'....In this white paper, the authors lay out an entire framework of practical actions that could be taken to reduce the impact of cybercrime, and substantially make the Internet safer. Even if only some of these recommendations are implemented......'



Mission helo was secret stealth Black Hawk

Sean D. Naylor



'....The helicopters that flew the Navy SEALs on the mission to kill Osama bin Laden were a radar-evading variant of the special operations MH-60 Black Hawk......'



New FBI Documents Provide Details on Government's Surveillance Spyware

Jennifer Lynch



'....EFF recently received documents from the FBI that reveal details about the depth of the agency's electronic surveillance capabilities and call into question the FBI's controversial effort to push Congress to expand the Communications Assistance to Law Enforcement Act (CALEA)......'



Bahrain says Iranian hackers hit government website




'....But the agency gave no further details, although the hacking could be conceivably linked to Shiite allegations that a disproportionate share of housing aid goes to Sunnis.To retaliate, the Bahrain Chamber for Commerce and Industry called for a countrywide boycott of all Iranian goods and services because of "blatant interference in Bahrain's domestic affairs and threats to the kingdom's national security.".....'



Banks go social to collaborate, reach customers

Lucas Mearian



'...."Using Twitter, we increased fivefold the visits to our websites,"she said. "When we use Twitter, we'll sometimes embed links to more information. We're building new tools now for deep dives to analyze what people are looking at in our posts, and what links they're clicking on.".....'



Russia-U.S. Bilateral on Cybersecurity: Critical Terminology Foundations

Karl Frederick Rauscher and Valery Yaschenko



'....On Wednesday April 27, the EastWest Institute and the Information Security Institute released the first joint Russian-American report to define critical terms for cyber and information security.......'



How an IP address can reveal your location

Kathleen Hickey



'....A team of researchers from Northwestern University and Microsoft Research recently announced a new method by which a computer's IP address can be used to pinpoint a user's location within a half-mile, a geolocation accuracy that is 50 times more accurate......'



Wrongly Jailed Security Whistleblower Caught Up in PlayStation Hacker Hunt

Kevin Poulsen



'....Armchair cybersleuths on the trail of the PlayStation Network hackers have been focusing attention on a chat log that shows several technically sophisticated PlayStation tinkerers discussing Sony's security vulnerabilities in knowing detail just two months before the breach."If Sony is watching this channel they should know that running an older version of Apache on a RedHat server with known vulnerabilities is not wise, especially when that server freely reports its version and it's the auth[entication] server," writes "Trixter," one of the chatters.......'



Terrorists discover uses for Twitter

Shaun Waterman



'....Banned from Facebook and censored on YouTube, al Qaeda and Taliban jihadists are turning to Twitter to spread their propaganda in a new social media front in the terrorists......'



Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity Policy

Jerry Brito, and Tate Watkins



'....Part I of this article draws a parallel between today's cybersecurity debate and the run-up to the Iraq War and looks at how an inflated public conception of the threat we face may lead to unnecessary regulation of the Internet. Part II draws a parallel between the emerging cybersecurity establishment and the military-industrial complex of the Cold War ......'



Rwanda: New ICT Plan to Target Local Communities

Frank Kanyesigye



'....The National ICT Plan (NICI 3), to run from 2011-2015, will focus more on using Information Communication Technology (ICT) for community service delivery, David Kanamugire, the Permanent Secretary in the Ministry in the Office of the President in charge of ICT, has disclosed.......'



Government Cyber-Security Spending Breakdown

Eric Doyle



'....The big spend on cyber-security was outlined by Ian McGhie at the Counter Terror Expo in Olympia.....'



The Power Grid Brings Cyber-Security Concerns

Mark Weatherford,

Government Technology



'....The topic du jour across government and the electricity industry is the smart grid and the amazing efficiencies it will bring to the nation. There's also, however, a growing chorus about potential cyber-security dangers as new smart grid infrastructures are designed and installed across North America. Is it real, hype or somewhere in between?......'



Court Approves Nortel's Sale of IPv4 Addresses to Microsoft

Benson Schliesser




'....Yesterday morning (26-April-2011), in US Bankruptcy Court for the District of Delaware, Judge Kevin Gross signed an order authorizing Nortel's sale of IPv4 addresses to Microsoft. This is an important moment for the Internet community, as it represents the beginning of a new market-based mechanism for the distribution of scarce IPv4 address resources......'



FBI Launches Investigation of Attacks

Gerry Shih

The Bay Citizen



'....The company's executives have blamed the attacks on hackers based in China, claiming they are in retaliation for the company's hosting a petition calling for the release of Ai Weiwei, the prominent Chinese artist. Ai, an outspoken critic of the government, was detained by authorities in Beijing on April 3......'