Monday, May 11, 2009

Monday 05/11/09

How SCAP Brought Sanity to Vulnerability Management
Orbitz CISO Ed Bellis explains how the proliferation of vulnerability assessment products and services has created chaos, and how SCAP may be the answer.
Read more

----------

Sysinternal Updates 3 Applications
Autoruns v9.5: This update to Autoruns, a powerful autostart manager, adds display of audio and video codecs, which are gaining popularity as an extension mechanism used by malware to gain automatic execution.

PsLoglist v2.7: This version of PsLoglist, a command-line event log display utility, now properly displays event log entries for default event log sources on Windows Vista and higher and accepts wildcard matching for event sources.

PsExec v1.95: This version of PsExec, a utility for executing applications remotely, fixes an issue that prevented the -i (interactive) switch from working on Windows XP systems with a recent hotfix and includes a number of minor bug fixes.

----------

Is your Symantec Antivirus Alerting working correctly?
In the past several months multiple difficulties have arisen with Symantec AMS (Alert Management System). The situation may sound familiar. One minute the settings are configured correctly and alerting properly, the next thing you know, days have gone by without any detection. This is great, right? No viruses in our network! Wrong… A careful inspection of the SAV console showed numerous detections without any alerts. AMS doesn’t show alerting is configured.

Symantec informed the network technician that the AMS server needed to be reloaded. This method was tried a few times each time services stopped again within days. Finally a Symantec tech said that this was a “known issue”. The workaround was to continue to reload the AMS services every time they stop working and take a chance we wouldn’t receive alerts or to use the alternative, the Reporting Server for alerting.

Days later on April 28, 2009, Symantec released four security vulnerabilities in SYM-09-007 involving some of the same Intel services that were involved in the issues experienced above. At this point, it is unclear as to whether the vulnerabilities are related to the malfunctioning alerts, but it wouldn’t hurt to check your configurations. The mitigations sound familiar.
...

----------

Shared SQL Injection Lessons Learned blog item
The X-Force Frequency Blog has a great read posted yeaterday by Harlan Carvey sharing some IR lessons learned, SQL Injection Lessons from X-Force Emergency Response Service Investigations.

The Frequency X blog has visited the topic of SQL Injection on a number of occasions; however, it is worth delving into again to emphasize exactly how much internal network access attackers can gain through vulnerable web applications. Over the past several years, SQL injection has been THE means for accessing entire infrastructures on many of the engagements that our Emergency Response Service (ERS) team has handled.
...

----------

Malicious Content on the Web

The first is a fake/Trojanized Windows 7 Release Candidate (RC) build release. The Trojan is being referred too as TROJ_DROPPER.SPX.

The second item is a possible infection your typical "your computer is infected, click here to scan and clean it" on the usatoday.com website. We have received more than one report of this but have not been able to confirm. We suspect if it indeed is there that it is an ad somewhere on their site. Several of the handlers have tried to find the offending ad and have so far been unsuccessful. We have contacted the appropriate individuals at usatoday.com to advise them of the reports.

Other reports that we have received is that an adware program is being installed on computers when clicking on the link to get the free chicken coupon from Oprah's website. I have sent an email to the webmaster and have heard nothing back yet. The scary thing about the chicken coupon is that hundreds of people have downloaded this coupon. Just think of all of the computers that now have the malware installed. Again I can't confirm this because I haven't tried to download the coupon and I haven't heard anything back from their webmaster.

----------

Unusable, Unreadable, or Indecipherable? No Breach reporting required
Recent HIPAA legislation promised guidance identifying "the Technologies and Methodologies That Render Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals for Purposes of the Breach Notification Requirements under Section 13402 of Title XIII (Health Information Technology for Economic and Clinical Health Act) of the American Recovery and Reinvestment Act of 2009" (ARRA). The guidance was issued (link below).

So if a covered entity loses the jewels and it's technoligies and methodologies are up to snuff, they do not have to report it.

At this point, the way TLS is referenced, it looks to me that the guidance points to TLS impacts on organizations and security vendors/service providers. YMMV.

There are a large number of high impact HIPAA changes written into ARRA, see;
The American Recovery and Reinvestment Act of 2009
For TITLE XIII-HEALTH INFORMATION TECHNOLOGY - see Page 112 of 407For PART 1-IMPROVED PRIVACY PROVISIONS AND SECURITY PROVISIONS see Page 146 0f 407

The Guidance;
DEPARTMENT OF HEALTH AND HUMAN SERVICES45 CFR PARTS 160 and 164Guidance Specifying the Technologies and Methodologies That Render Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals for Purposes of the Breach Notification Requirements under Section 13402 of Title XIII (Health Information Technology for Economic and Clinical Health Act) of the American Recovery and Reinvestment Act of 2009
...

----------

Jamming cell phones in prisons? "We're not there yet."
May 11, 2:31 p.m. UTC - by Matthew Lasar Posted in: Law & Disorder
If cell phone use in prisons is a growing problem, what's the solution? Not signal jamming, says the mobile industry. Ars spoke with a CTIA Vice President about alternative fixes.
Read more

----------

Flu cases subside as people contemplate "flu parties"
May 8, 8:06 p.m. UTC - by John Timmer Posted in: Nobel Intent
As public health authorities clear their testing backlog, it looks like the number of new flu infections is declining precipitously. After the fact, a debate is emerging about the wisdom of "flu parties" and deliberate infections.
Read more

----------

New finds in latest iPhone beta: compass, parental controls

----------

Windows 7 and Server 2008 R2 will be ready by holiday 2009
At Microsoft TechEd North America 2009, Microsoft today announced that Windows 7 and Windows Server 2008 R2 will both be available to customers in time for the holiday shopping season.

----------

What is new in TrueCrypt 6.2 (released May 11, 2009)

----------

A secure USB disk from Lenovo
Having examined some low cost USB crypto hard disks and found them disappointing we take a look at a more up-market product from Lenovo more…
http://www.h-online.com/security/A-secure-USB-disk-from-Lenovo--/features/113192

Looks like our current standard for USB sticks, with a keypad on the outside of the drive to unlock it!

----------

"Baby monitors and wireless TV transmitters are responsible for slowing down Wi-Fi connections in built-up areas, according to a report commissioned by British telecoms regulator Ofcom. The research smashes the myth that overlapping Wi-Fi networks in heavily congested towns and cities are to blame for faltering connection speeds. Instead it claims that unlicensed devices operating in the 2.4GHz band are dragging down signals. "It only requires a single device, such as an analogue video sender, to severely affect Wi-Fi services within a short range, such that a single large building or cluster of houses can experience difficulties with using a single Wi-Fi channel," the report claims."

----------

Multiple Antivirus Websites XSSed in One Hit

Websites belonging to no less than six antivirus vendors have been found to suffer from cross-site scripting weaknesses that could facilitate phishing attacks. Most of these companies were faced with similar flaws affecting their online resources in the past.

A grey-hat hacker, going by the name of Methodman, who seems to have specialized in finding XSS vulnerabilities in high-profile websites, has just announced another hit. More specifically, he has disclosed cross-site scripting flaws in eight websites operated by six antivirus vendors: Symantec, Kaspersky, AVG, Eset, F-Secure and Trend Micro.

----------

Incoming - Real and fake Win7 patches
Mary Jo Foley: Microsoft has made available a patch to a Windows 7 bug in the Release Candidate and is preparing to roll out some "fake" test patches to verify Windows 7's automatic-updating abilities this week.

----------

Woman Can Sue Over Indecent Yahoo! Profiles
By ANNIE YOUDERIAN
(CN) - Yahoo! is not immune from a lawsuit accusing the Internet company of failing to remove two bogus online profiles that a woman's ex-boyfriend posted, the 9th Circuit ruled. The phony profiles contained nude photographs, purportedly solicited sex, and listed her actual work email, phone number and address.

----------

NERC president: Emergency cybersecurity help needed
Angela Moscaritolo
Efforts of the North American Electric Reliability Corp. (NERC) to secure the nation's power grid against cyberthreats cannot substitute for additional emergency authority at the federal level, urged Richard Sergel, president and CEO of NERC, in testimony during a Senate hearing on cybersecurity Tuesday.

----------

Air Marshals’ Secret Communication Weapon
If you’re a U.S. Air Marshal patrolling the friendly skies, you’ll want to communicate discreetly with fellow on-board marshals, airport ground crew, cockpit crew and flight attendants if you need to thwart an attack.

You might also want to tap into the plane’s digital system to know where you are at any time, how far the nearest airport is and how much fuel you have left on the plane.

To do this, you’ll want something like the Federal Air Marshal Service Communication System (FAMSCOM), an application that runs on any off-the-shelf wireless PDA.
Continue Reading “Air Marshals’ Secret Communication Weapon” »

----------

It’s a man baby!
In the last few days, the story of Yinghacker, “the most beautiful female hacker in China,” has been making the rounds in Chinese news outlets and blogs. Her exploits and earnings, in this male dominated society, have been posted by numerous online sources. The number of male friends added to her blog since the story first appeared have been impressive.

Problem: Yinghacker is a man baby! He thinks it’s kinda funny to pretend to be a MM (girl) online.

----------

Elsevier Had A Whole Division Publishing Fake Medical Journals
Remember a week ago when we wrote about pharma giant Merck and publishing giant Elsevier working together to publish a fake journal that talked up various Merck drugs and was used by doctors to show that the drugs were safe and useful? Well, you knew the story wouldn't end there, right? Slashdot points us to the discovery that there is actually a whole division at Elsevier that would publish such journals and tried to duck this fact before sort of (but not fully) admitting it...

----------

Do Social Networks Invite Hackers into the Office?
Social networks are proving a useful professional tool, but they may raise security risks for the enterprise.

----------

Digitize Everything for Lasting Family Archives
Life happens, and here's why (and how) you might find value in digitizing all of the items that are important to you.

----------

In China, $700 Puts a Spammer in Business
PC World - Fri May 8, 7:30 PM ET
It's a great deal, if you're a spammer.

You pay US$700 to use a server in China that lets you send all the spam you like. It's called bulletproof hosting, and to the people who fight spam and cybercrime it's becoming a big problem.
...

----------

Inside a data leak audit
When the director of IT at a Boston-based, midsize pharmaceutical firm was first approached to participate in a data leakage audit, he was thrilled. He figured the audit would uncover a few weak spots in the company's data leak defenses and he would then be able to leverage the audit results into funding for additional security resources. Read more...

...

That said, Spinosa was shocked at what he found -- more than 700 leaks of critical information, such as Social Security numbers, pricing, financial information and other sensitive data in violation of the Payment Card Industry's standards. He also found serious lapses – more than 4,000 – that ran counter to HIPAA and Defense Department Information Assurance Certification rules.

----------

No comments: