[ISN] InfoSec News Mailing List

Some Students, Parents Defend New Trier Hacker

InfoSec News: Some Students, Parents Defend New Trier Hacker: http://www.wbbm780.com/Hacker-Defended/2150588
WBBM780.com 08 May 2008
Some students and parents at Winnetka's New Trier High School are rallying to the defense of a senior who's now charged criminally for hacking into the school's computerized records. [...]

MoD fights data losses with encryption

InfoSec News: MoD fights data losses with encryption: http://www.silicon.com/publicsector/0,3800010403,39214543,00.htm
By Nick Heath Silicon.com 8 May 2008
The Ministry of Defence (MoD) is to protect 20,000 laptops using encryption software.
Machines used by the army, navy and RAF will be given password-protected [...]

Shuttle Columbia's hard drive data recovered from crash site

InfoSec News: Shuttle Columbia's hard drive data recovered from crash site: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9083718
By Brian Fonseca May 7, 2008 Computerworld
Researchers who extracted data from a hard drive onboard the ill-fated space shuttle Columbia say the device was so thoroughly damaged in the [...]

I Was A Teenage Bot Master

InfoSec News: I Was A Teenage Bot Master: http://www.theregister.co.uk/2008/05/08/downfall_of_botnet_master_sobe_owns/
By Dan Goodin in San Francisco The Register 8th May 2008
Exclusive -- One day in May 2005, a 16-year-old hacker named SoBe opened his front door to find a swarm of FBI agents descending on his family's [...]

F.B.I. Says the Military Had Bogus Computer Gear

InfoSec News: F.B.I. Says the Military Had Bogus Computer Gear: http://www.nytimes.com/2008/05/09/technology/09cisco.html
By JOHN MARKOFF The New York Times May 9, 2008
SAN FRANCISCO — Counterfeit products are a routine threat for the electronics industry. However, the more sinister specter of an electronic Trojan horse, lurking in the circuitry of a computer or a network router and allowing attackers clandestine access or control, was raised again recently by the F.B.I. and the Pentagon.
The new law enforcement and national security concerns were prompted by Operation Cisco Raider, which has led to 15 criminal cases involving counterfeit products bought in part by military agencies, military contractors and electric power companies in the United States. Over the two-year operation, 36 search warrants have been executed, resulting in the discovery of 3,500 counterfeit Cisco network components with an estimated retail value of more than $3.5 million, the F.B.I. said in a statement.
The F.B.I. is still not certain whether the ring’s actions were for profit or part of a state-sponsored intelligence effort. The potential threat, according to the F.B.I. agents who gave a briefing at the Office of Management and Budget on Jan. 11, includes the remote jamming of supposedly secure computer networks and gaining access to supposedly highly secure systems. Contents of the briefing were contained in a PowerPoint presentation leaked to a Web site, Above Top Secret.
A Cisco spokesman said that the company had investigated the counterfeit gear seized by law enforcement agencies and had not found any secret back door.
“We did not find any evidence of re-engineering in the manner that was described in the F.B.I. presentation,” said John Noh, a Cisco spokesman. He added that the company believed the counterfeiters were interested in copying high volume products to make a quick profit. “We know what these counterfeiters are about.”
An F.B.I. spokeswoman, Catherine L. Milhoan, said the agency was not suggesting that the Chinese government was involved in the counterfeiting ring. “We worked very closely with the Chinese government,” she said. Arrests have been made in China as part of the investigation, she said. “The existence of this document shows that the cyber division of the F.B.I. has growing concerns about the production and distribution of counterfeit network hardware.”
Despite Cisco’s reassurance, a number of industry executives and technologists said that the threat of secretly added circuitry intended to subvert computer and network gear is real.
[...]

What is your stolen data worth?

InfoSec News: What is your stolen data worth?: http://www.news.com/8301-10784_3-9939862-7.html
By Elinor Mills News Blog News.com May 8, 2008
You think your personal information is priceless. But everything has a price, even your stolen bank account information.
McAfee Avert Labs has discovered a price list that criminals use to buy [...]

Secunia Weekly Summary - Issue: 2008-19

InfoSec News: Secunia Weekly Summary - Issue: 2008-19: ========================================================================
The Secunia Weekly Advisory Summary 2008-05-01 - 2008-05-08
This week: 62 advisories [...]

CFP: Security and Privacy Day @ Stony Brook [May 30] -- please register now !

InfoSec News: CFP: Security and Privacy Day @ Stony Brook [May 30] -- please register now !: Forwarded from: Radu Sion <sion (at) crypto.cs.sunysb.edu>
Dear Colleague,
This is a call for participation to this year's Security and Privacy Day, at Stony Brook on May the 30th. We are very excited for the first time to have a *2-day* event, including (depending on interest) a second [...]

New wi-fi devices warn doctors of heart attacks

InfoSec News: New wi-fi devices warn doctors of heart attacks: http://technology.timesonline.co.uk/tol/news/tech_and_web/article3883082.ece
By Adam Sherwin Media Correspondent The Times May 7, 2008
The Bluetooth wireless technology that allows people to use a hands-free earpiece while making a mobile telephone call could soon alert the [...]

Windows Vista More Vulnerable To Malware Than Windows 2000

InfoSec News: Windows Vista More Vulnerable To Malware Than Windows 2000: http://www.informationweek.com/news/windows/operatingsystems/showArticle.jhtml?articleID=207601217
By Thomas Claburn InformationWeek May 8, 2008
Microsoft (NSDQ: MSFT)'s Vista operating system is more susceptible to malware than Windows 2000, and though it's 37% more secure than Windows [...]

Call For Papers - Bellua Cyber Security Asia 2008

InfoSec News: Call For Papers - Bellua Cyber Security Asia 2008: Forwarded from: Jim Geovedi <jim.geovedi (at) bellua.com>
Dear InfoSec News Readers,
The call for papers and conference registration is now open for Bellua Cyber Security Asia 2008, our fourth annual information security & hacking conference.
Speakers from numerous disciplines are invited to join Bellua Cyber Security Asia 2008 to discuss present and future information security and hacking issues through an intensive series of business and technical sessions and demonstrations.
From 18th—19th November 2008, Bellua Cyber Security Asia 2008 will take place in the city of Jakarta, Indonesia, with sessions hosted at Jakarta Convention Centre.
We invite proposals for paper presentations and demonstrations on any topic relevant to information security and hacking including but not limited to:
Business Topics * ISO 27001—Information Security Management Systems (ISMS) * Business processes & security * Compliance management * Handling security failure & incidents * Banking security * Telecommunication security * Internet fraud * Security awareness * Social engineering * Privacy, anonymity, ethics * Cyberlaw and enforcement
Technical Topics * 0-day hacking & security * Penetration testing * Telecom security/phreaking * Secure programming * Reverse engineering * Exploit development * Computer forensics * Wireless security & hacking * Web application security * Cryptography * Spyware/malware/worm/virus * Physical security
Your submission should include: 1. Name, title, address, email and phone number 2. Draft of the proposed presentation (in PDF, PowerPoint or Keynote format), proof of concept for tools and exploits, etc. 3. Short biography, qualification, occupation, achievement and affiliations (limit 150 words). 4. Summary or abstract for your presentation (limit 150 words) 5. Time (40-60 minutes). Include time for discussion and questions. 6. Technical requirements (video, internet, wireless, audio, etc.)
Please send your proposal to bcs2008-cfp at bellua.com as soon as possible and no later than 30 September 2008. Proposals will be evaluated in the order received; submit early to maximise your chances of being selected.
Each non-resident speaker will receive accommodation for 3 nights at the Hotel Mulia Senayan and Bellua Cyber Security Asia 2008 will cover travel expenses up to USD 1,000.
We do not accept product, service or vendor related presentations.
Bellua Cyber Security is endorsed by the Ministry of Communication and Information of Republic Indonesia and is hosted by Bellua Asia Pacific.
Links: * Bellua Cyber Security Asia 2008 http://www.bellua.com/bcs/ * Bellua Cyber Security Annual Conferences in Facebook: http://www.facebook.com/group.php?gid=8357873979

WabiSabiLabi to help build 0day security box

InfoSec News: WabiSabiLabi to help build 0day security box: http://www.techworld.com/security/news/index.cfm?newsID=12186
By Robert McMillan IDG News Service 07 May 2008
WabiSabiLabi, the company best known for building an online marketplace for security flaws, is getting into the hardware business.
The company is working with a so-far unknown Italian company called Oneshield Security to build a unified threat management (UTM) appliance that will integrate the research generated by WabiSabiLabi's network of researchers.
WabiSabiLabi did not say how this partnership will benefit the independent researchers who contribute to the company's marketplace of unpatched "0day" vulnerabilities, but that information will be forthcoming, said founder Roberto Preatoni in a blog posting.
UTM appliances blend several security products into one server. In addition to protecting from the WabiSabiLabi 0day attacks, the Oneshield device can serve as a firewall and anti-virus device and will provide protection from many different threats, including denial of service (DOS) attacks.
Since its founding nearly a year ago, WabiSabiLabi has garnered a lot of attention because of its controversial open-market approach to selling software vulnerabilities, as well as the legal troubles of Preatoni, who was arrested by Italian police in November on spying charges.
Preatoni, a colourful and well-known figure in security research circles, had worked as a penetration tester for Italy's largest telecommunications company, Telecom Italia. According to news reports, Preatoni helped staff a 10-member "Tiger Team" that has now been accused of hacking and spying on business executives and journalists in Italy.
Last month, Preatoni broke his silence on the case and said that he would stay on with WabiSabiLabi.
By integrating its unique research into a single device, Oneshield is doing the same thing as many larger security companies, said Jon Oltsik, senior analyst at Enterprise Strategy Group. "It's not unusual for companies to integrate customer premise equipment with threat research that they do," he said. "The thing that's unusual here is that they're looking to recruit partners to provide these services."
Oneshield expects to start shipping its appliance at the beginning of June. The company has not said what it plans to charge for the appliance, or for the optional managed security services package that will ship with it.

Hackers Join Social Network Craze With 'House Of Hackers'

InfoSec News: Hackers Join Social Network Craze With 'House Of Hackers': http://www.informationweek.com/news/internet/social_network/showArticle.jhtml?articleID=207600657
By Thomas Claburn InformationWeek May 7, 2008
Hackers now have their own social network. GnuCitizen, a computer security consultancy, has set up a social network for hackers called [...]

Afghanistan Firefight Heard On Voice Mail

InfoSec News: Afghanistan Firefight Heard On Voice Mail: http://www.kptv.com/news/16161182/detail.html
[I know I've gotten more than a few accidental cell-phone calls, but this should be a good heads-up for why you should lock the keypad on your personal and/or work cellphones. - WK]
KPTV.com May 5, 2008
OTIS, Ore. [...]

Denial of service hole in WonderWare SCADA systems

InfoSec News: Denial of service hole in WonderWare SCADA systems: http://www.heise-online.co.uk/news/Denial-of-service-hole-in-WonderWare-SCADA-systems--/110681
Heise Online 7 May 2008
Core Security [1] has discovered a vulnerability in WonderWare [2] industrial automation products that are used worldwide in power, [...]

Chinese espionage alert in Belgium

InfoSec News: Chinese espionage alert in Belgium: http://www.dofonline.co.uk/economy/chinese-espionage-alert-in-belgium5458.html
By Adrie van der Luijt Director of Finance Online 03 May 2008
The Belgian government has warned of Chinese cyber attacks on its computer systems.
Justice minister Jo Vandeurzen said on Friday that the national [...]

White House Admits It Is Missing Email Backup Tapes From Start of Iraq War

InfoSec News: White House Admits It Is Missing Email Backup Tapes From Start of Iraq War: http://www.motherjones.com/mojoblog/archives/2008/05/8165_white_house_adm.html
By Nick Baumann Mother Jones Blog 05/06/08
The White House acknowledged in a court filing last night that it no longer has backup tapes of email from between March 1 and May 22, 2003, [...]

Crimeware server exposes breadth of data theft

InfoSec News: Crimeware server exposes breadth of data theft: http://www.gcn.com/online/vol1_no1/46228-1.html
By William Jackson GCN.com 05/06/08
Last month Researchers at online security company Finjan uncovered a 1.4 gigabyte cache of stolen data from North America, Europe, the Middle East and India on a Malaysian server that provided command and control functions for malware attacks in addition to being a drop site for data harvested from compromised computers.
“This is a unique example of what we have been talking about for the last year,” said Yuval Ben-Itzhak, chief technical officer at Finjan. Online thieves are using sophisticated tools to plant malicious code on legitimate Web pages, compromising visiting PCs and stealing data.
The data included 5,388 unique log files collected in just a three-week period. The files included personal and business e-mails, medical records, and financial log-in and transaction information with not only credit card and account numbers but also passwords and security codes. Although the trend of using Web exploits to steal and market personal data has been identified for some time, the discovery of the cache still was an eye-opener, Ben-Itzhak said.
“When you see a server with the data there, it’s the difference between theory and reality,” he said. “When you see people’s medical records and e-mail in this volume, we were kind of shocked.”
Since the discovery in early April, the company’s Malicious Code Research Center has discovered two similar servers in different parts world with similar data. They appeared to have been in operation for shorter periods of time.
Finjan reported the discovery today in the latest issue of the “Malicious Page of the Month” bulletin [1].
The crimeserver was discovered by analysts monitoring outgoing traffic from a Finjan customer’s network. Following the traffic to its destination led them to the unprotected server holding the data. The server contained several Trojans and the payload injected into compromised Web sites in addition to command and control software for the attacks and the stolen data.
“It was just waiting for someone to collect it,” Ben-Itzhak said. Most of the data was in raw log files, although “in some parts of the server, we found data that had already been processed.”
Finjan analysts needed a week to process the 1.4 gigabytes and determine what was there. The log files were traced to 5,878 distinct IP addresses. The number of compromised PCs the data was lifted from has not been determined, but Ben-Itzhak said it could be as high as double the number of IP addresses. Files on the server included 571 log files from the United States, 621 from Germany, 322 from France, 308 from India, 232 from Great Britain, 150 from Spain, 86 from Canada, 58 from Italy, 46 from the Netherlands and 1,037 from Turkey.
The server was registered to a man from Moscow and was hosted in Singapore at the time it was discovered. It has since been shut down.
“About every week he was moving the server,” from Russia to China, Hong Kong and finally Singapore, Ben-Itzhak said.
In the online black market for stolen information, raw data can be sold in bulk for $1,000 for about 100 megabytes, but individual credit card numbers with accompanying information can sell for $20 to $50 each. Other files can bring hundreds of dollars, depending on their contents.
Ben-Itzhak said the discovery illustrates the breadth of the data theft threat. It is not just personal financial data at risk but corporate data also. The files included information from what Finjan described as 40 top-tier global businesses and included sensitive corporate e-mails.
“We entered a new era in which criminals just need to log into their ‘data supplier’ and download any information suitable for them to conduct their crime, be it financial fraud, industrial espionage or identity theft,” Ben-Itzhak said.
The company notified more than 40 major international financial institutions in the United States, Europe and India whose customers were compromised in addition to international law enforcement agencies including the FBI.
Ben-Itzhak said the largest financial institutions were not surprised, but smaller banks were. Cooperation was good from law enforcement agencies, with which the company maintains close relationships, he said.
[1] http://www.finjan.com/mpom

Photos and Presentation Materials from HITBSecConf2008 - Dubai Released

InfoSec News: Photos and Presentation Materials from HITBSecConf2008 - Dubai Released: Forwarded from: Praburaajan <prabu (at) hackinthebox.org>
The codes, tools, exploits, slides and other presentation goodies from HITBSecConf2008 - Dubai are available for download! You will also find a 'bonus download' of the live recording of DJ Negative's set from the [...]

Group formed to enhance patient data security

InfoSec News: Group formed to enhance patient data security: http://www.news.gov.hk/en/category/healthandcommunity/080505/html/080505en05005.htm
news.gov.hk May 5, 2008
The Hospital Authority has appointed a task force to enhance security following cases of lost electronic devices containing patient data. [...]

China mounts cyber attacks on Indian sites

InfoSec News: China mounts cyber attacks on Indian sites: http://timesofindia.indiatimes.com/China_mounts_cyber_attacks_on_Indian_sites/articleshow/3010288.cms
By Indrani Bagchi TNN 5 May 2008
NEW DELHI: China’s cyber warfare army is marching on, and India is suffering silently. Over the past one and a half years, officials said, [...]

Infosec: Security community must work together

InfoSec News: Infosec: Security community must work together: Forwarded from: security curmudgeon <jericho (at) attrition.org>
On Wed, 23 Apr 2008, InfoSec News wrote:
I think the '23' is a typo for '1' here.
: http://www.vnunet.com/vnunet/news/2214852/security-community-cyber-crime : : Microsoft has called on companies to work together to improve overall [...]

Pentagon Wants Cyberwar Range to 'Replicate Human Behavior and Frailties'

InfoSec News: Pentagon Wants Cyberwar Range to 'Replicate Human Behavior and Frailties': http://blog.wired.com/defense/2008/05/the-pentagons-w.html
By Noah Shachtman Danger Room Wired.com May 05, 2008
The Pentagon's way-out researchers don't just want to build an Internet simulator, to test out cyberwar tactics. They want the range's [...]

Hundreds of Laptops Missing at State Department, Audit Finds

InfoSec News: Hundreds of Laptops Missing at State Department, Audit Finds: http://www.cqpolitics.com/wmspage.cfm?docID=hsnews-000002716318
By Jeff Stein CQ National Security Editor May 2, 2008
Hundreds of employee laptops are unaccounted for at the U.S. Department of State, which conducts delicate, often secret, diplomatic relations [...]

Protecting Yourself From Suspicionless Searches While Traveling

InfoSec News: Protecting Yourself From Suspicionless Searches While Traveling: http://www.eff.org/deeplinks/2008/05/protecting-yourself-suspicionless-searches-while-t
Posted by Jennifer Granick May 1st, 2008
The Ninth Circuit's recent ruling [1] (pdf) in United States v. Arnold [2] allows border patrol agents to search your laptop or other digital [...]