Happy New Year To All

 2010 has been an interesting year.  Let’s take a little look back, shall we…

  • There were more than enough disasters around the globe, both natural and man-made.  There was a major earthquake in Haiti, floods in Pakistan, giant snow storms in the northeastern US, volcanoes in Iceland shutting down air travel across Europe, and the Deepwater Horizon explosion and resultant oil spill in the Gulf of Mexico.
  • Afghanistan saw more fallen soldiers, and the “Highway of Hereoes” was far too busy, far too often for my liking.
  • Canadians started off with a huge party as the Olympics rolled into Vancouver, and spread like wildfire throughout the country.  What a blast!  Even my young grandkids and I had something to look forward to and talk passionately about…
  • In the summer, the G20 road show literally set Toronto on fire.   I had a front row seat, working downtown, right where the action was.  This specatacle was brought to us courtesy of a bunch of anarchistic and out of control protestors making some kind of statement about some kind of cause or another, the message was lost on most of us it seems, for the sum of $1 billion.  It has left a smoking pile of political rubble and never-ending inquiries in its passing.
  • WikiLeaks snapped the world’s attention onto information security and the protection of information, for a very, very brief moment.  Too bad we seem to have the collective attention span of a household gnat and the obsessive compulsive behavior of early primates when it comes to learning something important.  Oh well, the next big network breach will give us yet another opportunity to fix the broken machines.
  • Canada found a low-life killer rising high within its military ranks.  Shame.  Ex-colonel Russell Willliams freaked us all out as he paraded across our TV screens in women’s underwear.
  • A little closer to home, my wife, like countless others, got her first iPad.  I reluctantly yielded that yeah, Apple may just be onto something there.  Apparently there’s an app for that…   8/
  • My daughter got married in THE most beautiful surroundings, and in the best of company in New Foundland over the summer.  Over 300 pictures on my camera alone!
  • My new son-in-law landed a new job, as did I.  Yay us!  We both have big, big plans, and tiny little budgets.
  • My granddaughters have grown, and my grandson has become a person.  They move too fast and grow like weeds.  A new one is about to make his earthly debut.  We wait impatiently to see if he will be a 2010 or 2011 model.  My daughter more impatiently than the rest of us.
  • My 2 boys did some MAJOR renovations on the ol’ homestead.  They got rid of our racoon squatters in the attic, re-roofed the entire house, took down 2 giant pine trees that were becoming a real problem for us and the neighbours, gutted and re-built three bathrooms, the livingroom, and put in all new hardwood floors throughout.  I remain very impressed!
  • Two weeks before the end of the year, I finally broke down and bought a car after almost 10 years of automobile-cellebacy, and sharing the daily commute with several hundred of my closest friends.  I bought a Jeep after desiring one from the age of 15.  This above all the other entries above stands to be a life changing event for my wife and I in 2011.  I now run a Gypsy-Cab out of my home for wayward and weery local travellers, looking for a quick run here or a bag of milk there.  We have many visits planned on our social calendar once again.

To everyone that reads this, may your year end fairly, may your new one begin well, and may everyone you meet wish you and yours;

                       -=[ HAPPY NEW YEAR!!! ]=-

‘Tis The Season To Be “0wned-&-Exposed”

This time of year, criminals rely on IT vacation plans and public holidays to provide the opportunity to attack targets and to extend their reach within compromised sites.  This holiday season has been no exception.  Over the weekend, a number of sites got “Owned and Exposed”.  

It should be noted that the site used to distribute the popular backtrack Linux distribution, as well as the Ettercap project were breached.  It is not completely clear how long ago these sites were originally compromised and if any of the tools were altered.

In the second issue of the online hacker magazine (e-zine) “Owned and Exposed,” the attackers listed carders.cc, ettercap, exploit-db, backtrack, inj3ct0r, and free-hack as victims.  Free-hack was taken down for being “lame script kiddies,” while the other sites had criminal ties or were considered security experts who “fail so hard at security that we wonder why people really take their training courses”.

Exploit-db’s administrator said that damage was limited to posting the e-zine in the “papers” section.  Backtrack-linux.org shares a subnet and administrator with exploit-db.  The same root account and password was used for all Web scripts, WordPress installations and MySQL databases, making it easy prey.   Carders.cc, a German online forum dedicated to helping criminals trade and sell stolen financial data was shut down.  As part of its inaugural issue in May, “O&E” wrote “Carders is a marketplace full of everything that is illegal and bad,” including drugs, weapons and stolen credit card numbers.  Carders is back up, three days later.

The SourceForge page hosting the Ettercap message boards and files for a “white hat” penetration testing tool was another interesting target.  The tool hasn’t been maintained for five years, and the group found evidence the site had already been compromised by someone else. The group warned against downloading anything from the compromised site.

These attackers claim to be “watchmen”, quietly observing the scene, according to the newsletter.  They deny being just another “underground rival kiddy group”.   The goal was to shut down sites that “spread garbage” across the Internet, the group wrote.

More information:

McAfee Labs 2011 Threat Predictions Report

According to E-Week, security firm McAfee Labs researchers predict that, not surprisingly, criminals will be targeting the latest and most talked about online platforms.  Smartphones, URL shorteners, geolocation services like Foursquare, and Apple products across the board, including Google TV, Apple’s iPhone, will be hot targets in 2011.

McAfee Labs’ 2011 Threat Predictions report said criminals will be exploiting geo-location services, social networking tools, mobile devices and other online platforms. The “marked” increase in malware sophistication is also expected to continue, according to the report which noted major shifts in the threat landscape.  Apple had flown under the malware radar for years, and is now considered a hot target due to its products’ popularity. Criminals will continue to pretty much ignore the smaller Mac market in favor of the larger Windows user base.

Criminals will increase the sophistication of malware taking aim at iPads and iPhones and other mobile platforms. The popularity of these products and the lack of user security awareness surrounding their use will make botnets and Trojans commonon on these plaforms.  Several mobile threats in 2010, such as rootkits for Android and the Zeus banking Trojan/botnet, hint at newer attack trends.

Users are moving away from “slower” e-mail communications to more “immediate” methods such as instant messaging and Twitter, reducing spam levels to record lows.  Spam in URL shorteners are particularly tricky to control, as Facebook found over Christmas.  The social networking site said it blocked all j.mp shortened URL links because more than 70 percent of j.mp links redirected customers to spam and malicious sites. While the j.mp ban has been lifted, Facebook still suggests users exercise caution.

“Personalized attacks are about to get a whole lot more personal,” the researchers wrote.  I believe it.


Mcafee Threat Report

NY Tour Company Hacked, 110,000 Records Stolen

The website of New York double decker bus tour company CitySights NY has been breached, and about 110,000 bank card numbers have been stolen using an SQL Injection attack, according to New Hampshire’s attorney general.  A web programmer discovered an unauthorized script uploaded to the company’s web server which is believed to have been used to compromise the security of the database and server.

In SQL injection attacks, hackers sneak database commands into the server for execution using the Web by adding specially crafted text into Web-based forms or search boxes that are used to query the back-end database.  In this incident, they were able to get names, addresses, e-mail addresses, credit card numbers and their expiration dates, and Card Verification Value 2 codes, used to validate online credit card purchases.

The company has taken steps to secure their environment, began notifying customers about the incident two weeks ago, and victims are being offered one year free credit monitoring and a 50% off coupon for another CitySights NY tour.  So, how security minded has this incident made the company?  The coupon’s security code is “012345”.  ACK!

Microsoft IIS7.5 DoS 0-day

I am including this entry because there is always the potential for memory corruption attacks to allow for code injection and complete compromise with the credentials or privileges of the attacked program.  SANS has reported that a 0-day exploit has been published at exploit-db (US-Cert advisory) against IIS 7.5’s FTP service, pre-authentication.  No patch is available, and Microsoft’s initial assessment is available here.

Microsoft Warns on IE 0-day, Provides Work-Around

Microsoft has issued a warning about a serious vulnerability in ALL versions of its Internet Explorer browser.  Surfing to a malicious or compromised webpage could allow attackers to take complete control of an unprotected computer.  Exploit code has already been published, though Microsoft has no evidence it is currently being used in the wild.  A workaround for the bug has been produced while Microsoft works on a permanent fix.  Although the company said it would patch the problem, it is not planning to rush out an emergency update.  It recommends the use of the Enhanced Mitigation Experience Toolkit.

The vulnerability in IE6, 7 & 8 surfaced several weeks ago when French security firm Vupen disclosed a flaw in IE’s HTML engine.  Tuesday, researchers posted a video demo of an attack, and added a reliable exploit to the Metasploit penetration testing toolkit that used a technique revealed earlier by McAfee researchers to defeat 2 important Windows defensive technologies.  ASLR (address space layout randomization) and DEP (data execution prevention).  The vulnerability involves the way that IE manages memory when processing Cascading Style Sheets, a widely used technology that defines the look and feel of webpages.

As vulnerabilities go, this is the most serious type.  It allows remote execution of code, meaning that the attacker can run programs such as malware, directly on the victim’s computer.  Take mitigating action.

EU May Slow Down Intel/McAfee Acquisition

Anti-Trust regulators in Europe have expressed concern over Intel’s purchase of McAfee.  I hope this doesn’t slow down Intel’s intentions to cook security features directly into their chipsets

Regulators are looking closely at Intel’s planned McAfee acquisition and may hold up the deal with an investigation, asking rival security-software companies about concerns over the possibility of Intel providing special access to some chip features, enabling McAfee products to run more effectively than competitors’ products.  The Wall Street Journal reports that these concerns could lengthen the study of the deal.

Intel announced the $7.68 billion buyout in August, expecting it to wrap-up in the first Q of 2011.  That timeframe may be extended out to Q2.  The EU has until January 12 to issue a judgment on the acquisition, or extend the review.