By Kelly Jackson Higgins
DarkReading
Jan 12, 2010
Romanian hackers continue to have a field day with SQL injection flaws in major Website applications: A vulnerability in a U.S. Army Website that leaves the database wide open to an attacker has now been exposed.
"TinKode," a Romanian hacker who previously found holes in NASA's Website, has posted a proof-of-concept on his findings on a SQL injection vulnerability in an Army Website that handles military housing, Army Housing OneStop. TinKode found a hole that leaves the site, which has since been taken offline, vulnerable to a vulnerable to a SQL injection attack. "With this vulnerability I can see/extract all things from databases," he blogged.
TinKode was able to gain access to more than 75 databases on the server, according to his research, including potentially confidential Army data.
He also discovered that the housing site was storing weak passwords in plain text. One password was AHOS, like the site's name.
"Four-character passwords that are the same name as the database table names are inexcusable," says Robert "RSnake" Hansen, founder of SecTheory.
Friday 15 January 2010
Google Hack Attack Was Ultra Sophisticated, New Details Show
By Kim Zetter
Threat Level
Wired.com
January 14, 2010
Hackers seeking source code from Google, Adobe and dozens of other high-profile companies used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by researchers at anti-virus firm McAfee.
“We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack,”
says Dmitri Alperovitch, vice president of threat research for McAfee.
“It’s totally changing the threat model.”
In the wake of Threat Level’s story disclosing that a zero-day vulnerability in Internet Explorer was exploited by the hackers to gain access to Google and other companies, Microsoft has published an advisory about the flaw that it already had in the works. McAfee has also added protection to its products to detect the malware that was used in the attacks and has now gone public with a number of new details about the hacks.
Google announced Tuesday that it had been the target of a “highly sophisticated” and coordinated hack attack against its corporate network. It said the hackers had stolen intellectual property and sought access to the Gmail accounts of human rights activists. The attack had originated from China, the company said.
Minutes later, Adobe acknowledged in a blog post that it discovered Jan.
2 that it also had been the target of a “sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”
Threat Level
Wired.com
January 14, 2010
Hackers seeking source code from Google, Adobe and dozens of other high-profile companies used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by researchers at anti-virus firm McAfee.
“We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack,”
says Dmitri Alperovitch, vice president of threat research for McAfee.
“It’s totally changing the threat model.”
In the wake of Threat Level’s story disclosing that a zero-day vulnerability in Internet Explorer was exploited by the hackers to gain access to Google and other companies, Microsoft has published an advisory about the flaw that it already had in the works. McAfee has also added protection to its products to detect the malware that was used in the attacks and has now gone public with a number of new details about the hacks.
Google announced Tuesday that it had been the target of a “highly sophisticated” and coordinated hack attack against its corporate network. It said the hackers had stolen intellectual property and sought access to the Gmail accounts of human rights activists. The attack had originated from China, the company said.
Minutes later, Adobe acknowledged in a blog post that it discovered Jan.
2 that it also had been the target of a “sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”
Surge in e-crimes in Dubai
By Sharmila Dhal
Senior Reporter
Gulfnews.com
January 14, 2010
Dubai Most cyber attacks in the UAE last year targeted banks and were perpetrated by electronic criminals from outside the country, a government report has revealed, adding that the number of hacking and defacement incidents quadrupled in 2009 from 2008.
It added that of all the electronic breaches during 2009, "phishing"
comprised the main offence - 62 per cent of which targeted local banks, followed by UAE branches of international banks and other institutions at 19 per cent each.
Emergency plan
The report was presented by Mohammad Geyath, Executive Director, Technology Development Affairs, Telecom Regulatory Authority (TRA), at the Crises and Emergency Management Conference in Abu Dhabi which concluded on Wednesday. The report was put together by the Computer Emergency Response Team (CERT), a consultative body that advises TRA.
The total number of cyber-related offences recorded by CERT was 51 in 2009, up from 47 in 2008, while incidents of phishing and defacement had increased to 26 in 2009, from six in 2008.
Meanwhile, the TRA announced at the conference an Emergency Plan for the country's telecom sector. Making the announcement Mohammad Nasser Al Ganem, Director-General of TRA, said the plan has been developed in co-operation with the National Crisis and Emergency Management Authority
(NCEMA) and in consultation with key stake-holders, telecom operators and service providers.
Senior Reporter
Gulfnews.com
January 14, 2010
Dubai Most cyber attacks in the UAE last year targeted banks and were perpetrated by electronic criminals from outside the country, a government report has revealed, adding that the number of hacking and defacement incidents quadrupled in 2009 from 2008.
It added that of all the electronic breaches during 2009, "phishing"
comprised the main offence - 62 per cent of which targeted local banks, followed by UAE branches of international banks and other institutions at 19 per cent each.
Emergency plan
The report was presented by Mohammad Geyath, Executive Director, Technology Development Affairs, Telecom Regulatory Authority (TRA), at the Crises and Emergency Management Conference in Abu Dhabi which concluded on Wednesday. The report was put together by the Computer Emergency Response Team (CERT), a consultative body that advises TRA.
The total number of cyber-related offences recorded by CERT was 51 in 2009, up from 47 in 2008, while incidents of phishing and defacement had increased to 26 in 2009, from six in 2008.
Meanwhile, the TRA announced at the conference an Emergency Plan for the country's telecom sector. Making the announcement Mohammad Nasser Al Ganem, Director-General of TRA, said the plan has been developed in co-operation with the National Crisis and Emergency Management Authority
(NCEMA) and in consultation with key stake-holders, telecom operators and service providers.
Lincoln National Discloses Breach Of 1.2 Million Customers
By Tim Wilson
DarkReading
Jan 14, 2010
Lincoln National Corp. (LNC) last week disclosed a security vulnerability in its portfolio information system that could have compromised the account data of approximately 1.2 million customers.
In a disclosure letter (PDF) sent to the attorney general of New Hampshire Jan. 4, attorneys for the financial services firm revealed that a breach of the Lincoln portfolio information system had been reported to the Financial Industry Regulatory Authority (FINRA) by an unidentified source last August. The company was planning to issue notification to the affected customers on Jan. 6, the letter says.
The letter does not give technical details about the breach, but it indicates the unidentified source sent FINRA a username and password to the portfolio management system.
"This username and password had been shared among certain employees of [Lincoln Financial Services] and employees of affiliated companies," the letter says. "The sharing of usernames and passwords is not permitted under the LNC security policy."
FINRA declined to tell Lincoln whether the source of the username and password was a current employee or some other party, according to the letter.
DarkReading
Jan 14, 2010
Lincoln National Corp. (LNC) last week disclosed a security vulnerability in its portfolio information system that could have compromised the account data of approximately 1.2 million customers.
In a disclosure letter (PDF) sent to the attorney general of New Hampshire Jan. 4, attorneys for the financial services firm revealed that a breach of the Lincoln portfolio information system had been reported to the Financial Industry Regulatory Authority (FINRA) by an unidentified source last August. The company was planning to issue notification to the affected customers on Jan. 6, the letter says.
The letter does not give technical details about the breach, but it indicates the unidentified source sent FINRA a username and password to the portfolio management system.
"This username and password had been shared among certain employees of [Lincoln Financial Services] and employees of affiliated companies," the letter says. "The sharing of usernames and passwords is not permitted under the LNC security policy."
FINRA declined to tell Lincoln whether the source of the username and password was a current employee or some other party, according to the letter.
Google Hackers Targeted Source Code of More Than 30 Companies
By Kim Zetter
Threat Level
Wired.com
January 13, 2010
A hack attack that targeted Google in December also hit 33 other companies, including financial institutions and defense contractors, and was aimed at stealing source code from the companies, say security researchers at iDefense.
The hackers used a zero-day vulnerability in Adobe Reader to deliver malware to many of the companies and were in some cases successful at siphoning the source code they sought, according to a statement distributed Tuesday by iDefense, a division of VeriSign. The attack was similar to one that targeted other companies last July, the company said.
A spokeswoman for iDefense wouldn't name any of the other companies that were targeted in the recent attack, except Adobe.
Adobe acknowledged Tuesday in a blog post that it discovered Jan. 2 that it had been the target of a "sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies."
The company didn.t say whether it was a victim of the same attack that struck Google. But Adobe.s announcement came just minutes after Google revealed that it had been the target of a "highly sophisticated" hack attack originating in China in December.
Neither Google nor Adobe provided details about how the hacks occurred.
Google said only that the hackers were able to steal unspecified intellectual property from it, and that they had focused their attack on obtaining access to the Gmail accounts of human rights activists who were involved in China rights issues.
But according to iDefense, whose customers include some of the 33 companies that were hacked, the attacks were well targeted and "unusually sophisticated" and aimed at grabbing source code from several hi-tech companies based in Silicon Valley as well as financial institutions and defense contractors.
Threat Level
Wired.com
January 13, 2010
A hack attack that targeted Google in December also hit 33 other companies, including financial institutions and defense contractors, and was aimed at stealing source code from the companies, say security researchers at iDefense.
The hackers used a zero-day vulnerability in Adobe Reader to deliver malware to many of the companies and were in some cases successful at siphoning the source code they sought, according to a statement distributed Tuesday by iDefense, a division of VeriSign. The attack was similar to one that targeted other companies last July, the company said.
A spokeswoman for iDefense wouldn't name any of the other companies that were targeted in the recent attack, except Adobe.
Adobe acknowledged Tuesday in a blog post that it discovered Jan. 2 that it had been the target of a "sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies."
The company didn.t say whether it was a victim of the same attack that struck Google. But Adobe.s announcement came just minutes after Google revealed that it had been the target of a "highly sophisticated" hack attack originating in China in December.
Neither Google nor Adobe provided details about how the hacks occurred.
Google said only that the hackers were able to steal unspecified intellectual property from it, and that they had focused their attack on obtaining access to the Gmail accounts of human rights activists who were involved in China rights issues.
But according to iDefense, whose customers include some of the 33 companies that were hacked, the attacks were well targeted and "unusually sophisticated" and aimed at grabbing source code from several hi-tech companies based in Silicon Valley as well as financial institutions and defense contractors.
Hackers of the world unite
By Mark Fonseca Rendeiro
Comment is free
guardian.co.uk
13 January 2010
The 26th edition of the world's largest annual hacker conference, 26C3, took place in Berlin last week. With about 2,500 attendees, a combined total of 9,000 participants worldwide (via live streams), and an array of features that no other conference in the world can match, it was very much a milestone.
A bit on the word "hacker", as I know the term might be bothering some of you. I am not using it in the stereotypical way mainstream society often does, to refer to criminal and malicious activity. The hackers I am talking about go back to the origins of the word: one who tinkers, one who deconstructs out of a natural curiosity about how something works and how it could be made to do something it wasn't originally intended to do. Such abilities are akin to the skilled locksmith, and do not automatically make a hacker a criminal. Unfortunately for many who work in mainstream media, the word has been hijacked to be synonymous with "electronic evildoer". Yet, like many words that have been used to keep minority groups down, hackers are taking the label back.
Announcements such as the GSM encryption crack may have made international headlines last month, but something much more significant is clear: throughout the world, hackers have come out from their bunkers and opened up community spaces. They go by various names (co-working spaces, clubhouses, hideouts, space stations) and are a global-scale breakthrough for a community that for decades has not always been willing or able to go public. By opening up, they've not only gone public, but have also opened their doors to anyone curious or interested in the world of technology and how things work.
This phenomenon may be bigger than it has ever been, but in some corners of the world, it is not altogether new. Groups of German hackers have long organised themselves as officially recognised clubs and taken on challenges of a technical (or non-technical) nature. In North America, the movement has seen its greatest expansion in the past few years, with spaces such as NYC Resistor in Brooklyn, Pumping Station: One in Chicago and Noisebridge in San Francisco providing a creative space for a rapidly growing membership. The hacker space movement includes clubs in different parts of Latin America, as well as in South Africa, Israel, Iran, Dubai, Thailand, Malaysia, Singapore, Indonesia, Japan and Australia. Every month, the list gets longer as more groups come forward and post their details online at hackerspaces.org, a central hub and wiki for all info about spaces, including how to start one.
Comment is free
guardian.co.uk
13 January 2010
The 26th edition of the world's largest annual hacker conference, 26C3, took place in Berlin last week. With about 2,500 attendees, a combined total of 9,000 participants worldwide (via live streams), and an array of features that no other conference in the world can match, it was very much a milestone.
A bit on the word "hacker", as I know the term might be bothering some of you. I am not using it in the stereotypical way mainstream society often does, to refer to criminal and malicious activity. The hackers I am talking about go back to the origins of the word: one who tinkers, one who deconstructs out of a natural curiosity about how something works and how it could be made to do something it wasn't originally intended to do. Such abilities are akin to the skilled locksmith, and do not automatically make a hacker a criminal. Unfortunately for many who work in mainstream media, the word has been hijacked to be synonymous with "electronic evildoer". Yet, like many words that have been used to keep minority groups down, hackers are taking the label back.
Announcements such as the GSM encryption crack may have made international headlines last month, but something much more significant is clear: throughout the world, hackers have come out from their bunkers and opened up community spaces. They go by various names (co-working spaces, clubhouses, hideouts, space stations) and are a global-scale breakthrough for a community that for decades has not always been willing or able to go public. By opening up, they've not only gone public, but have also opened their doors to anyone curious or interested in the world of technology and how things work.
This phenomenon may be bigger than it has ever been, but in some corners of the world, it is not altogether new. Groups of German hackers have long organised themselves as officially recognised clubs and taken on challenges of a technical (or non-technical) nature. In North America, the movement has seen its greatest expansion in the past few years, with spaces such as NYC Resistor in Brooklyn, Pumping Station: One in Chicago and Noisebridge in San Francisco providing a creative space for a rapidly growing membership. The hacker space movement includes clubs in different parts of Latin America, as well as in South Africa, Israel, Iran, Dubai, Thailand, Malaysia, Singapore, Indonesia, Japan and Australia. Every month, the list gets longer as more groups come forward and post their details online at hackerspaces.org, a central hub and wiki for all info about spaces, including how to start one.
DARPA moves ahead with National Cyber Range project for advanced cyber security research
By John Keller
Military & Aerospace Electronics
13 Jan. 2010
ARLINGTON, Va. -- The U.S. Defense Advanced Research Project Agency
(DARPA) in Arlington, Va., is awarding multimillion-dollar contracts to two research organizations to build prototype advanced computing centers to demonstrate and test cyber security, defensive information warfare, and information assurance technologies.
DARPA awarded a $30.8 million contract to the Lockheed Martin Simulation, Training, & Support segment in Orlando, Fla., and a $24.8 million contract to the Johns Hopkins University Applied Physics Laboratory in Laurel, Md., to develop prototypes of the National Cyber Range (NCR), which is to revolutionize the state of the art for large-scale cyber testing.
The National Cyber Range will provide an advanced computer and data networking laboratory in which experts can assess information assurance and survivability tools; replicate the kinds of large and complex computer networks that support U.S. Department of Defense weapons and operations; conduct several large cyber security experiments at the same time. conduct realistic tests of the U.S. Global Information Grid (GIG); and develop and deploy revolutionary cyber testing capabilities.
The National Cyber Range is DARPA's contribution to the federal Comprehensive National Cyber Initiative (CNCI), a secret multibillion-dollar project to build defenses for government computers against foreign and domestic hackers and cyber terrorists.
Military & Aerospace Electronics
13 Jan. 2010
ARLINGTON, Va. -- The U.S. Defense Advanced Research Project Agency
(DARPA) in Arlington, Va., is awarding multimillion-dollar contracts to two research organizations to build prototype advanced computing centers to demonstrate and test cyber security, defensive information warfare, and information assurance technologies.
DARPA awarded a $30.8 million contract to the Lockheed Martin Simulation, Training, & Support segment in Orlando, Fla., and a $24.8 million contract to the Johns Hopkins University Applied Physics Laboratory in Laurel, Md., to develop prototypes of the National Cyber Range (NCR), which is to revolutionize the state of the art for large-scale cyber testing.
The National Cyber Range will provide an advanced computer and data networking laboratory in which experts can assess information assurance and survivability tools; replicate the kinds of large and complex computer networks that support U.S. Department of Defense weapons and operations; conduct several large cyber security experiments at the same time. conduct realistic tests of the U.S. Global Information Grid (GIG); and develop and deploy revolutionary cyber testing capabilities.
The National Cyber Range is DARPA's contribution to the federal Comprehensive National Cyber Initiative (CNCI), a secret multibillion-dollar project to build defenses for government computers against foreign and domestic hackers and cyber terrorists.
U.S. law firm behind China piracy suit targeted in attacks
By Elinor Mills
InSecurity Complex
CNET News
January 13, 2010
A U.S. law firm representing a Web content-filtering company in a piracy lawsuit against the Chinese government said on Wednesday that it received malicious e-mails in a targeted attack from China similar to recent attacks on Google and other U.S. companies.
At least 10 employees at Gipson Hoffman & Pancione received the e-mails on Monday and Tuesday, according to Gregory Fayer, a lawyer at the Los Angeles-based firm.
The firm filed a $2.2 billion lawsuit last week on behalf of Solid Oak Software against the Chinese government, two Chinese software developers, and seven PC manufacturers. The suit alleges that they illegally copied code from Solid Oak's Cybersitter Web content-filtering program and distributed the code as part of a Chinese government-sponsored censorship program involving China-created Green Dam Youth Escort filtering software.
The e-mails sent to the law firm, mostly to lawyers, came in three different formats, were made to look like they came from Fayer or one of two other lawyers at the firm, and had attachments or included links to outside Web sites, Fayer said. Some of the content of the e-mails expressed concern over viruses and other potential security issues, while another gave a link to an FTP site where large files could be downloaded, he said.
InSecurity Complex
CNET News
January 13, 2010
A U.S. law firm representing a Web content-filtering company in a piracy lawsuit against the Chinese government said on Wednesday that it received malicious e-mails in a targeted attack from China similar to recent attacks on Google and other U.S. companies.
At least 10 employees at Gipson Hoffman & Pancione received the e-mails on Monday and Tuesday, according to Gregory Fayer, a lawyer at the Los Angeles-based firm.
The firm filed a $2.2 billion lawsuit last week on behalf of Solid Oak Software against the Chinese government, two Chinese software developers, and seven PC manufacturers. The suit alleges that they illegally copied code from Solid Oak's Cybersitter Web content-filtering program and distributed the code as part of a Chinese government-sponsored censorship program involving China-created Green Dam Youth Escort filtering software.
The e-mails sent to the law firm, mostly to lawyers, came in three different formats, were made to look like they came from Fayer or one of two other lawyers at the firm, and had attachments or included links to outside Web sites, Fayer said. Some of the content of the e-mails expressed concern over viruses and other potential security issues, while another gave a link to an FTP site where large files could be downloaded, he said.
Subscribe to:
Posts (Atom)
