Topic: SECURITY - on April 12, 2012 at 10:27:00 AM CEST
Critical Flaw Found In Security Pros' Favorite: Backtrack Linux
A critical security flaw has been identified in the latest version of Backtrack, a popular version of Linux that is used by security professionals for penetration testing.
The previously undiscovered privilege escalation hole was disclosed in a post on the Web site of the Infosec Institute. It was discovered by a student taking part in an InfoSec Instutite Ethical Hacking class, according to the post.
"The student in our ethical hacking class that found the 0day was using backtrack and decided to fuzz the program, as well as look through the source code," wrote Jack Koziol, the Security Program Manager at the InfoSec Institute. "He found that he could overwrite config settings and gain a root shell."
... Link (0 comments) ... Comment
Topic: SECURITY - on April 1, 2012 at 9:42:00 AM CEST
Wie man die Vorratsdatenspeicherung umgeht
IP-Adresse, Standort, Sender und Empfänger von SMS, MMS, E-Mails und Telefondienste inklusive der Internettelefonie (VoIP) - die Vorratsdatenspeicherung betrifft viele Aspekte unseres alltäglichen Kommunikationsverhaltens. Doch nicht betroffen sind viele andere Kanäle, die sich ebenfalls etabliert haben und gern genutzt werden.
Man muss kein Internet-Gauner sein, um die Vorratsdatenspeicherung umgehen zu wollen. Auf Privatsphäre bedachte Personen sehen ihre Verbindungsdaten genausowenig gern abgespeichert wie Anwälte, Ärzte, Journalisten oder Seelsorger, die Verpflichtungen zur Geheimhaltung haben.
... Link (0 comments) ... Comment
Topic: SECURITY - on March 29, 2012 at 9:24:00 AM CEST
Digitaler Waffenhandel: Wie Staaten Sicherheitslücken und Exploits kaufen
In den letzten Jahren ist der ehemals schwarze Markt für Sicherheitslücken und Exploits zum Tummelplatz für staatliche Institutionen geworden. Das amerikanische Wirtschaftsmagazin Forbes hat nun eine der sonst nicht gerade öffentlichkeits-geilen Firmen dahinter porträtiert und eine Preisliste für Exploits veröffentlicht.
Mehrere Projekte versuchen, Licht ins Dunkel der digitalen Überwachungsindustrie zu bringen, darunter The Spyfiles von WikiLeaks, Blue cabinet von Telecomix, Bugged Planet von Andy-Müller Maguhn, und der Surveillance Catalog vom Wall Street Journal.
... Link (0 comments) ... Comment
Topic: SECURITY - on March 20, 2012 at 1:40:00 PM CET
DI2E framework seeks to unite wealth of intelligence data
The first annual Defense Intelligence Information Enterprise (DI2E) Conference “Converging the ISR Enterprise” spoke to the OUSD(I)’s strategy to build upon Distributed Common Ground/Surface System (DCGS) successes and expand them to include the Combatant Command’s (COCOM) Joint Intelligence Operation Center (JIOC) enterprise builds.
The conference agenda consisted of four Plenary Sessions, eight Panel Sessions, seventeen Workshops and six Technology/Networking demonstrations. Over 1,050 participants and 90 exhibiting technology vendors attended; including representatives from DoD, the Services, Combat Support Agencies (CSAs), multi-national representatives (AUS, CAN, NLD, GBR), industry, and academia. The conference provided a mix of strategic, operational, and tactical user perspectives focused on the need to integrate the DCGS and JIOC enterprises to support overseas contingency operations.
gcn.com ncsi.com DI2E - USGIF [pdf] Defense Intelligence Information Enterprise Enabling Mission [pdf]
... Link (0 comments) ... Comment
Topic: SECURITY - on March 14, 2012 at 12:28:00 PM CET
Tupper-Party mit Trojanern auch in Kanada, USA und Israel
In zahlreichen internationalen Veranstaltungen trägt das Bundeskriminalamt seine Erfahrungen mit staatlich genutzter Spionagesoftware vor. Auch der britische Trojaner-Hersteller Gamma durfte sich präsentieren
Der Austausch zwischen deutschen und ausländischen Behörden zur Nutzung staatlicher Trojaner-Programme ist weit umfangreicher als bisher bekannt. Dies geht aus der Antwort des Parlamentarischen Staatssekretärs Ole Schröder auf eine neue Parlamentarische Initiative hervor. Demnach hat sich das Bundeskriminalamt unter anderem mit entsprechenden Abteilungen in Großbritannien, den USA, Kanada, Österreich, Luxemburg und Liechtenstein getroffen. Vor sechs Wochen besuchten die digitalen Ermittler die israelische Polizei. Neben dem Bundeskriminalamt haben auch der deutsche Inlandsgeheimdienst sowie das Bundesinnenministerium an Treffen teilgenommen.
... Link (0 comments) ... Comment
Topic: SECURITY - on March 6, 2012 at 11:04:00 AM CET
GitHub hacked, millions of projects at risk of being modified or deleted
GitHub, one of the largest repositories of commercial and open source software on the web, has been hacked. Over the weekend, developer Egor Homakov exploited a gaping vulnerability in GitHub that allowed him (or anyone else with basic hacker know-how) to gain administrator access to projects such as Ruby on Rails, Linux, and millions of others. Homakov could’ve deleted the entire history of projects such as jQuery, Node.js, Reddit, and Redis.
... Link (0 comments) ... Comment
Topic: SECURITY - on March 4, 2012 at 6:03:00 PM CET
Scareware Locks Down Computer Due To Child Porn and Terrorism
Recently, my sandbox came across a scareware that locks down the victim’s computer due to “terrorism and child pornography”. The malware is being detected by some AV vendors as “Win32/LockScreen”.
The schema is pretty simple: The criminals try to infect computers with scareware (eg. through Drive-By exploits). As soon as the computer is infected, the malware locks down the machine so that the user won’t be able to log in any more. The malware then displays a message to the user that the law enforcement agency XY found child pornography on the victims computer and that the his computer was used to send out “spam mails with terrorist motives”:
... Link (0 comments) ... Comment
Topic: SECURITY - on March 3, 2012 at 11:49:00 AM CET
NASA Was Hacked 13 Times Last Year
It seems not even the high-tech NASA is safe from digital intruders: The space agency’s computer systems were breached by hackers 13 times last year, according to Congressional testimony this week.
“These incidents spanned a wide continuum from individuals testing their skill to break into NASA systems, to well-organized criminal enterprises hacking for profit, to intrusions that may have been sponsored by foreign intelligence services seeking to further their countries’ objectives,” said Paul Martin, NASA’s inspector general, in his Congressional testimony released on Wednesday.
... Link (0 comments) ... Comment
Topic: SECURITY - on February 29, 2012 at 6:08:00 PM CET
Hacker Shows Off Lethal Attack By Controlling Wireless Medical Device
In his San Francisco apartment, Barnaby Jack waves a small antenna to demonstrate how a deadly hacker attack against a diabetic would begin.
The 34-year-old is best known for hacking into cash machines and making them spit out money on stage at a Black Hat computer security conference in 2010. Today, he is hunting security holes in wireless medical devices, and his latest stunt involves insulin pumps, the pager-sized devices that diabetics wear to dispense the lifesaving hormone into the body.
... Link (0 comments) ... Comment
Topic: SECURITY - on February 29, 2012 at 3:46:00 PM CET
Das Geschäft mit den Informationen
Im Dezember 2010 veröffentlicht Wikileaks hunderttausende geheimer Diplomaten-Depeschen der amerikanischen Regierung. Die USA sind in Aufruhr. Auch beim texanischen Informationsdienstleister Stratfor schlägt die Empörung hoch. In internen E-Mails lassen Stratfor-Mitarbeiter ihren Emotionen freien Lauf. Julian Assange, der Gründer der Enthüllungsplattform Wikileaks, hasse „Amerika mehr als Osama bin Laden“, heißt es dort. Assange, so ein anderer Mitarbeiter, sei „ein beschissener Idiot“. Sein Kopf solle in „eine volle Toilette getunkt“ werden.
taz.de List of documents > Release Das Geschäft mit den Informationen
... Link (0 comments) ... Comment
Topic: SECURITY - on February 29, 2012 at 2:48:00 PM CET
RSA Conference 2012: Day One Highlights
I attended the professional development track, and pulled most of these quotes from there. Follow me on twitter to see what strikes my fancy in real-time.
Remember that being a security leader is first and foremost about leading. Too often we get bogged down in management. Managers deal with complexity, scheduling and resource allocation. Leaders deal with setting a direction and figuring out how to get there. The quote which was used in this session, which I love, was “managers follow a map, leaders follow a compass.”
... Link (0 comments) ... Comment
Topic: SECURITY - on February 29, 2012 at 1:23:00 PM CET
Wikileaks Stratfor Emails Devastating - TheYoungTurks
... Link (0 comments) ... Comment
