Information Security News
What InfoSec can learn from the insurance industry
iT News (blog)
Step into the branch of any bank and you can see they are clearly designed to resist robbery at several levels and - up to a certain point - keep the instituion's teller staff safe. That design comes from empirical experience, as in bank robberies ...
InfoSec's Holy Grail: Data Sharing & Collaboration
Despite all the best intentions, cooperation around internet security is a still a work in progress. Case in point: Microsoft's unilateral action against No-IP. “We need more collaboration, we need more data sharing!” This obligatory refrain perenially ...
by Dan Goodin
The head of the Central Intelligence Agency has apologized to leaders of the Senate Intelligence Committee after determining that his officers improperly accessed computers that were supposed to be available only to committee investigators, according to multiple reports on Thursday.
The mea culpa from CIA Director John O. Brennan was in sharp contrast to a defiant statement he made in March. After US Senator Dianne Feinstein accused the agency of breaching long-recognized separations between employees of the legislative and executive branches, Brennan maintained that there had been no inappropriate monitoring of Senate staffers' computer activity.
"When the facts come out on this, I think a lot of people who are claiming that there has been this tremendous sort of spying and monitoring and hacking will be proved wrong," he said at the time.
In numerous previous Diaries, my fellow Internet Storm Center Handlers have talk on honeypots, the values of full packet capture and value of sharing any attack data. In this Diary I'm going to highlight a fairly simple and cost effective way of rolling those together.Â
If you have an always on internet connection, having a honeypot listening to what is being sent your way is never bad idea. There's plenty of ways to set up a honeypot, but a inexpensive way is toÂ set up one up at home is with a Raspberry Pi . The Raspberry Pi is a credit-card sized computer, which can be hidden away out of sight easily, has a very low power consumption and is silent but works very well for a home honeypot. Â
These are plenty of install guides to install the OS (I like using Raspbian), secure it then, drop your pick, or mix, of honeypot such as Kippo , Glastopf  or Dionaea  on it. Again, guides on how to set these up litter the intertubes, so take your pick. As additional step, I like to install tcpdump and plug in a Linux formatted 4Gb USB drive in to the Pi and then do full packet capture of any traffic that is directed to the Pi's interface to the USB drive. Other thanÂ who doesn't like to sifted through packet captures during downtime,Â there are times capturing the full stream providesÂ insights and additionalÂ options (like running it through your IDS of choice) onÂ the connections being made to you.
Once you have it all set up, secured, tested and running don't forget to share the data with us, especially if you install Kippo 
From my observations, don't expect a massive amount of interaction with your home honeypot, but you will see plenty of scanning activity. It's a fairly interesting insight, especially if you pick a number of ports to forward on from your router/modem for the honeypot to listen on.Â If you do set up tcpdump to capture any traffic hitting the Raspberry Pi network interface (and haven't set up a firewall to drop all non-specified traffic) is that it'll pick up any chatty, confused or possibly malicious connections within your home network if they are broadcasting or scanning the subnet as well. With the Internet of Things being plugged in to home networks now, it's always handy to have a little bit of notification if your fridge starts port scanning every device on your network...
As one of my fellow Handler, Mark Hofman, sagely mentioned:
"if you are going to set one up, make sure you fully understand what you are about to do. Â You are placing a deliberately vulnerable device on the internet. Â Depending on your location you may be held liable for stuff that happens (IANAL). Â It it gets compromised, make sure it is somewhere where it can't hurt you or others."
So keep an eye on your Pi!
Chris Mohan --- Internet Storm Center Handler on Duty(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
When creators of the state-sponsored Stuxnet worm used a USB stick to infect air-gapped computers inside Iran's heavily fortified Natanz nuclear facility, trust in the ubiquitous storage medium suffered a devastating blow. Now, white-hat hackers have devised a feat even more seminal—an exploit that transforms keyboards, Web cams, and other types of USB-connected devices into highly programmable attack platforms that can't be detected by today's defenses.
Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices.
"If you put anything into your USB [slot], it extends a lot of trust," Karsten Nohl, chief scientist at Security Research Labs in Berlin, told Ars. "Whatever it is, there could always be some code running in that device that runs maliciously. Every time anybody connects a USB device to your computer, you fully trust them with your computer. It's the equivalent of [saying] 'here's my computer; I'm going to walk away for 10 minutes. Please don't do anything evil."
Posted by InfoSec News on Jul 31http://www.news9.com/story/26146017/man-arrested-after-security-breach-at-the-oklahoma-county-jail
Posted by InfoSec News on Jul 31http://allafrica.com/stories/201407300414.html
Posted by InfoSec News on Jul 31http://www.defensenews.com/article/20140730/DEFFEAT05/307300017/Commentary-Cyber-Deterrence-Working
It was May of 2012 at a security conference in Calgary, Alberta, when professor Ron Deibert heard a former high-ranking official suggest he should be prosecuted.
This wasn't too surprising. In Deibert's world, these kinds of things occasionally get whispered through the grapevine, always second-hand. But this time he was sitting on a panel with John Adams, the former chief of the Communications Security Establishment Canada (CSEC), the National Security Agency's little-known northern ally. Afterward, he recalls, the former spy chief approached and casually remarked that there were people in government who wanted Deibert arrested—and that he was one of them.
Adams was referring to Citizen Lab, the watchdog group Deibert founded over a decade ago at the University of Toronto that's now orbited by a globe-spanning network of hackers, lawyers, and human rights advocates. From exposing the espionage ring that hacked the Dalai Lama to uncovering the commercial spyware being sold to repressive regimes, Citizen Lab has played a pioneering role in combing the Internet to illuminate covert landscapes of global surveillance and censorship. At the same time, it's also taken the role of an ambassador, connecting the Internet's various stakeholders from governments to security engineers and civil rights activists.
The people at Offensive Security have announced that in the course of a penetration test for one of their customers they have found several vulnerabilities in the Symantec Endpoint Protection product.Â While details are limited, the vulnerabilities appear to permit privilege escalation to the SYSTEM user which would give virtually unimpeded access to the system. Â Offensive Security has posted a video showing the exploitation of one of the vulnerabilities.
Symantec has indicated they are aware of the vulnerabilities and are investigating.
There is some irony in the fact that there are ZeroÂ Day vulnerabilities in the software that a large portion of users count on to protect their computer from malware and software vulnerabilities. The fact is that software development is hard andÂ even security software is not immune from exploitable vulnerabilities. If there is a bright side, it appears that there areÂ no exploits in the wild yet and that local access to the machine is required to exploit these vulnerabilities.
-- Rick Wanner - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.