Microsoft Security Toolkit delivers new defensive technology | Microsoft

Microsoft's Trustworthy Computing Group today released the Enhanced Mitigation Experience Toolkit (EMET) 3.5 Technology Preview, which includes new Return Oriented Programming (ROP) defenses inspired by BlueHat Prize contest finalist Ivan Fratric.

The EMET 3.5 Technology Preview is a freely available security tool that makes it more difficult for attackers to exploit vulnerabilities and gain system access.

The BlueHat Prize competition, a program aimed at nurturing innovation in exploit mitigations through awarding more than $250,000 in cash and prizes, was launched by Microsoft one year ago at the Black Hat security conference in Las Vegas.

"In less than three months, we successfully integrated one of the BlueHat Prize finalists' technologies with EMET 3.5 Technology Preview to help make software significantly more resistant to exploitation," said Mike Reavey, senior director of the Microsoft Security Response Center at Microsoft.

FAQ: Flame, the "super spy" | H-Online

The spyware worm Flame is being billed as a "deadly cyber weapon", but a calmer analysis reveals it to be a tool by professionals for professionals that doesn't actually have that many new features compared to, say, the widespread online-banking trojan Zeus.

What is Flame?
Flame is the code name for a spyware program that is built to be very modular and which is also known as Flamer and sKyWIper. Flame was just recently discovered, and it will be some time before all of its components are analysed. Anti-virus software companies estimate that Flame has infected about 1,000 computers, mostly in the Middle East.

Wireshark updates fix DoS vulnerabilities | H-Online

The developers at the Wireshark project have releasedversions 1.6.9 and 1.8.1 to close important security holes in their open source network protocol analyser. The updates to the cross-platform tool address two vulnerabilities that could be exploited by remote attackers to cause a denial of service (DoS).

The vulnerabilities are a problem in the Point-to-Point Protocol (PPP) dissector that leads to a crash and a bug in the Network File System (NFS) dissector that could result in excessive consumption of CPU resources; to take advantage of the holes, an attacker must inject a malformed packet onto the wire or convince a victim to read a malformed packet trace file. Versions 1.4.0 to 1.4.13, 1.6.0 to 1.6.8 and 1.8.0 are affected; upgrading to the new 1.6.9 and 1.8.1 releases fixes the problems. According to the project's security advisories, version 1.4.14 should correct these issues on the 1.4.x branch of Wireshark. However, at the time of writing, Wireshark 1.4.14 is not available on the site and release notes for that version have yet to be published.

More details about these updates, including a full list of known issues and changes, can be found in the 1.6.9 and 1.8.1 release notes. Wireshark 1.6.9 and 1.8.1 are available todownload from the project's site and are licensed under the GPLv2.

Article source : http://www.h-online.com/security/news/item/Wireshark-updates-fix-DoS-vulnerabilities-1652207.html

VirusTotal online scanner adds behaviour analysis | H-Online

The developers of the VirusTotal online virus scanner service are currently testing a new sandbox feature to provide users with more meaningful scan results. In a post on the company's blog, software architect and developer Emiliano Martinez says that, for this purpose, samples uploaded to the service are executed in a controlled sandbox environment where their actions can be "recorded in order to give the analyst a high level overview of what the sample is doing".

An analysis of the uploaded file's behaviour is then displayed in a new "Behavioural information" tab as part of the scan results. VirusTotal logs file and registry activities as well as new processes and code injections. The scanner also issues a notification when a file directly sends commands to certain device drivers.

Mozilla Releases Multiple Updates | US-CERT

The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities:

• Firefox 14
• Firefox ESR 10.0.6
• Thunderbird 14
• Thunderbird ESR 10.0.6
• Seamonkey 2.11

These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, disclose sensitive information, operate with elevated privileges, bypass security restrictions, or perform a cross-site scripting attack.

US-CERT encourages users and administrators to review the Mozilla Foundation Advisory for Firefox 14, Firefox ESR 10.0.6, Thunderbird 14, Thunderbird ESR 10.0.6, and SeaMonkey 2.11 and apply any necessary updates to help mitigate the risk.

Article source : https://www.us-cert.gov/current/#mozilla_releases_multiple_updates2

How to Prevent Social Engineering Attacks | ehacking.net

This post is about social engineering. It will cover some of the dangers of social engineering and focus more on what a corporation or a company can do to help better prepare their employees for those kinds of situations.


Security Awareness Training

The most important and something we don’t do enough is the basic security awareness training. Employees need to be aware of certain situations that look odd, keep them ingrained with understanding that even if they don’t want to admit it or don’t like the fact, they are part of the security team. Every employee no matter what their function is – they also have the duties of protecting the company and protecting the company’s assets. That’s part of their job. If the company goes out of business because of compromised info, they no longer have employment. It is in their best interest to make sure that the company is secured so that they can continue making money and keep paying people their salaries.

Howto | Flush DNS | mYne-net

Flush DNS
Most operating systems and DNS clients will automatically cache IP Addresses and other DNS results, this is done in order to speed up subsequent requests to the same hostname. Sometimes bad results will be cached and therefore need to be cleared from the cache in order for you to communicate with the host correctly. All major operating systems allow you to force this process, outlined below are the common steps you will need to follow in order to flush your DNS cache.

APWG reports on the highest number of phishing sites ever detected | SC Magazine

The highest ever number of unique phishing sites was detected in February.

According to the Anti-Phishing Working Group (APWG) report for the first quarter of 2012, 56,859 unique phishing sites were detected in February, while between 25,000 and 30,000 unique phishing email campaigns are detected each month.

The APWG said that the previous record high of 56,362 was recorded in August 2009. Over half (55.37 per cent) of these were registered in the USA.

Ihab Shraim, CISO and vice president of anti-fraud operations and engineering at MarkMonitor, said: “Phishing measurements are up across the board, with one of the biggest increases we have ever seen in a single quarter.

Your brain can remember passwords without you even realizing it | IT World

A game developed by a Stanford group showed that players can remember complex sequences without ever knowing the sequence was there.

No matter how advanced our technology gets, passwords remain a weak link when serious security is required. As reported by New Scientist, a group at Stanford University has come up with a possible way around this problem, by developing a way to store complex passwords in the human brain without said human actually remembering the password.

How does this work? The method uses an idea called implicit learning, in which our brains unconsciously learn a pattern we can't actually recognize consciously. Have you ever suddenly forgotten a code you've used hundreds of times, just because you tried to remember it consciously? This is a great example, but it gets much more complex than that.

Review | OWASP iGoat Project | mYne-net

Just to review this tools...found for iOS user..heheeh..

iGoat is a learning tool for iOS developers (iPhone, iPad, etc.). It was inspired by the WebGoat project, and has a similar conceptual flow to it.

As such, iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.

The lessons are laid out in the following steps:
1. Brief introduction to the problem.
2. Verify the problem by exploiting it.
3. Brief description of available remediations to the problem.
4. Fix the problem by correcting and rebuilding the iGoat program.

Step 4 is optional, but highly recommended for all iOS developers. Assistance is available within iGoat if you don't know how to fix a specific problem.

iGoat is free software, released under the GPLv3 license.

18 months later, and Facebook Profile Viewer rogue apps still successfully tricking users | Naked Security by SOPHOS

Found this article to be share among us.

Back in January 2011, I wrote an article bemoaning the state of Facebook security, and specifically its apparent inability to stamp out fake messages which claim to let you find out who has viewed your Facebook profile.
18 months on, and has anything changed?

Seemingly not, judging by the messages many Facebook users are seeing in their newsfeed.

COOL!! i cant believe its real and official we can now see who's viewing our profile, Check Who's Viewing Your Profile here: [LINK]

Review | spt v0.6.0 – Simple Phishing Toolkit Available For Download | mYne-net

Found this tool. What it is the thing?

As simple tool as you can use for evaluate weakest inside the link in any security minded organization.




spt is a simple concept with powerful possibilities. It is what it’s name implies: a simple phishing toolkit.

Is it Time to License Cyber Security Professionals? | InfoSecurity

At the 2012 Colloquium for Information Systems Security Education (CISSE) last month, a speaker from the US Department of Homeland Security (DHS), National Cyber Security Division, provided a glimpse of a study that was being pursued with the National Academy of Science. The speaker described a number of licensing programs used in such fields as medicine and aviation, where data reportedly concluded that to be recognized as a professional, one must be licensed.

What was surprising about the presentation was the lack of objectivity in comparing the medical field to information technology (IT). It must be understood that IT and information security are rapidly changing and evolving disciplines in a relatively new field and cannot be compared to one of the oldest and most established professions in history. Both the medical and engineering fields have well-defined areas of expertise that have been taught in colleges and universities for decades. Information security is only now being discussed as a separate discipline, and there are almost no universities that have a separate school of information security. Most colleges and universities combine information security in with their math, finance or IT departments. If the information security profession were to evolve into a licensing regime, it would at the very least need to be considered a discrete discipline on its own.

Review | Bugtraq-1 Final - Pentesting Distro Linux | mYne-net

Bugtraq is a distribution based on the 2.6.38 kernel has a wide range of penetration and forensic tools. Bugtraq can installfrom a Live DVD or USB drive, the distribution is customized to the last package, configured and updated the kernel and the kernelhas been patched for better performance and to recognize a variety of hardware, including wireless injection patches pentestingother distributions do not recognize.

Bugtraq-1 Final - 31 May 2012 from bugtraq on Vimeo.

Oracle plugs 88 security holes, the same number as the last update | InfoSecurity

Oracle is patching 88 security holes in its range of products, the exact same number the company fixed in its April update.

Oracle said in its advisory that a number of vulnerabilities affect multiple products and advised customers to apply the patches “as soon as possible.”

For its Oracle Database Service, the company is patching four vulnerabilities, three of which are remotely exploitable without authentication. None of these fixes are applicable to client-only installations; that is, installations that do not have the Oracle Database Server installed.

DNS Changer Deadline Aftermath: No Mass Internet Outage | eSecurity Planet

Many ISPs cushioned the fall by re-routing infected users after the July 9th deadline.

The highly anticipated DNS Changer D-Day came and went earlier this week. On Monday July 9th, the DNS servers that had been acting as temporary hosts for users infected by the DNS Changer malware were taken offline. But did the affected users lose their Internet access as a result? According to an investigation by eSecurity Planet, that didn't quite happen.

The Internet Systems Consortium (ISC) had been tasked by the FBI to operate replacement DNS servers -- and those DNS server were in fact taken down on July 9th. However, U.S.-based ISPs have stepped in to cushion the fall by re-routing users to ensure they don't lose their Internet access.

Among those ISPs continuing to operate re-direct users even after the July 9th takedown is U.S telecom giant Verizon, as well as CenturyLink and Cox Communications.

Reaver-wps WPA/WPA2 Cracking Tutorial | Ethical Hacking-Your Way To The World Of IT Security

Reaver-wps WPA/WPA2 Cracking Tutorial | Ethical Hacking-Your Way To The World Of IT Security

Reaver performs a brute force attack against an access point's WiFi Protected Setup pin number. Once the WPS pin is found, the WPA PSK can be recovered and alternately the AP's wireless settings can be reconfigured. While Reaver does not support reconfiguring the AP, this can be accomplished with wpa_supplicant once the WPS pin is known.

NVIDIA and Android forums hacked, user credentials stolen | Help Net Security

Following the high-profile breach of one of Yahoo's subdomain servers and the resulting leak of over 450,000 passwords stored in clear text in one of the exfiltrated databases, today was marked with the revelation of three more breaches: the official forum site of technology company NVIDIA, Androidforums.com, and Billabong.com.

Paasword Strength Comic

Credit to : http://xkcd.com/936/

Yahoo password breach shows we're all really lazy | CNet Technology News

commentary It's time for companies to use basic security practices, and for individuals to use common sense with passwords.

A group of hackers say they used a common attack, known as SQL injection, to grab 450,000 passwords from a Yahoo database, and they released them to the Web last night. The passwords were stored in plain text and not obscured using a hashing technique, which is standard practice for companies that handle sensitive user data.

I've asked Yahoo to comment on why the company didn't hash the passwords, but so far it's only released a statement confirming that an older file from the Yahoo Contributor Network was broken into and that less than 5 percent of the Yahoo accounts on there had valid passwords. "At Yahoo we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products," the statement says, without irony.

DontPhishMe | MyCERT | CyberSecurity Malaysia

DontPhishMe is an initiative of CyberSecurity Malaysia, with the objective to provide a security mechanism in preventing online banking phishing threat specifically for local Malaysian banks. It is an add-on to Mozilla Firefox and Google Chrome that alerts you if an online banking web page that you visit appears to be asking for your personal or financial information under false pretences. This type of attack, known as phishing or spoofing, is becoming more sophisticated, widespread and dangerous. That's why it's important to browse safely with DontPhishMe.

DontPhishMe will automatically warn you when you encounter a page that's trying to trick you into disclosing personal information.

To download DontPhishMe, follow the links below:

How to manage your @facebook.com email address | Julian Evan Blog

For those that remember, Facebook quietly announced back in April that Facebook users would be receiving an @facebook.com email address, so that it matched their public username, which is the same as used by your URL for your profile page. The problem with this is that Facebook didn’t explain that the @facebook.com email address would be the default address displayed to your Facebook friends. So how do you manage your @facebook.com email address privacy?

How to edit/hide your @facebook.com email address which is displayed on your profile:
Click on the “About” TAB on your profile
Go to the section marked “Contact info” and choose “Edit”
Adjusting settings here allows you to decide the default email address not Facebook
Press “Save” and now you have some control back of your email address

NOTE: It is actually easy to work out your @facebook.com email address from your profile URL

Android Malware Membuat Pembelian secara terselindung Di China Mobile Market | mYne-net

Seolah-olah terdapat satu trend dimana malware pada platform Android yang mencuri wang dari pengguna entah bagaimana, sama ada melalui SMS atau perkhidmatan premium dimana secara berselindung membeli aplikasi dari pasaran mudah alih.

Security researchers are warning of yet another Android malware outbreak which has spread to nine app stores and infected 100,000 with code designed to covertly purchase apps and content from China Mobile’s Mobile Market.

Mobile security firm TrustGo explained that the MMarketPay.A Trojan could be hidden in a number of legitimate-looking applications, including those from Sina and media streaming company Funinhand, as well as travel and weather apps.

F-Secure Warns of New Multi-Platform Web Exploit | eSecurity Planet

A Java applet determines whether the victim's machine is running Windows, Mac or Linux, then downloads the appropriate malware for the platform.By Jeff Goldman

Researchers at F-Secure have uncovered a new Web-based attack that installs backdoors on Windows, Linux and Mac OS X computers.

"The attack was detected on a compromised website in Colombia, F-Secure senior analyst Karmina Aquino, said in a blog post on Monday," writes Computerworld's Lucian Constantin. "When users visit the site, they are prompted to run a Java applet that hasn't been signed by a trusted certificate authority. If allowed to run, the applet checks which operating system is running on the user's computer -- Windows, Mac OS X or Linux -- and drops a malicious binary file for the corresponding platform. The files are detected by F-Secure as 'Backdoor:OSX/GetShell.A,' 'Backdoor:Linux/GetShell.A' and 'Backdoor:W32/GetShell.A.'"

Hack and Spend: Who's Using Your Credit Card? | FoxBusiness.com

by Jeanine Skowronski

Data breaches have become the new normal with big-name companies like Global Payments -- which services Visa and MasterCard -- and online retailer Zappos disclosing hackers stole consumer credit card information in 2012. The breaches build on an equally active 2011, a year in which security software company Symantec estimates 232 million identities were exposed.

Fortunately, this doesn't mean every affected consumer discovered fraudulent charges on his or her monthly credit card statement. What happens to account numbers following a data breach largely depends on who stole the information.

According to Stu Sjouwerman, CEO of network security firm KnowBe4 LLC in Clearwater, Fla., there are three major types of hackers. Digital delinquents will try to infiltrate big-name data sources such as national retailers or financial institutions for fun and recognition, while "hactivist" groups, such as LulzSec, target similar sources to prove the companies' security systems are severely lacking.

"They're trying to make a point," Sjouwerman says.

Microsoft beefs up certificate security following Flame attacks | InfoSecurity

In the aftermath of the recent Flame malware attacks, Microsoft is moving to improve certificate security for its products, including the addition this week of 28 intermediate certificates to its Untrusted Certificate Store.
 In addition, Microsoft is implementing a “defense-in-depth” strategy that changes how the company manages certificates that have RSA keys of fewer than 1024 bits in length.

Beginning next month, certificates using RSA algorithm with key length of fewer than 1024 bits will be treated as invalid even if they are valid and signed by a trusted certificate authority, Microsoft explained in a blog.

Microsoft has also launched an automatic updater for untrusted certificates on Windows Vista and 7, as well as Windows Server 2008 and 2008 R2. The feature provides Windows users with daily automatic updates about untrusted certificates.

Bagaimana untuk mengesan DNSChanger pada komputer peribadi ? | mYne-net | CyberSecurity Malaysia

Apa itu DNSChanger?
DNSChanger ialah perisian merbahaya (malware) yang menukar tetapan Domain Name System (DNS) pengguna, untuk mengalihkan trafik ke laman yang berpotensi tidak sah atau tidak dikehendaki.

Pada November 2011, FBI telah menumpaskan rangkaian penjenayah siber yang dipercayai bertanggungjawab ke atas penyebaran DNSChanger ke seluruh dunia.

Kira-kira empat juta pengguna telah terjejas di seluruh dunia. Untuk mengelakkan mangsa malware ini dari kehilangan perkhidmatan internet mereka, FBI telah bekerjasama dengan Internet Systems Consortium (ISC) untuk menubuhkan dan mengendalikan satu penyelesaian DNS sementara, sementara memberi peluang kepada ISPuntuk membantu pelanggan/pengguna mereka untuk membuang jangkitan DNSChanger ke atas mesin mereka.

Penyelesaian sementara ini dijangka akan dimatikan seawal 9 Julai 2012. Ia memungkinkan pengguna yang dijangkiti DNSChanger akan tidak dapat untuk berhubung ke internet setelah penyelesaian DNS sementara ini dimatikan.

Cara untuk mengesan dan membuang DNSChanger

DNSChanger Trojan: is your computer infected and what to do if it is? | guardian.co.uk

An estimated 45,600 Americans could lose internet access on Monday if the DNSChanger malware is not removed

Computers infected with the DNSChanger trojan will lose internet access if the malware isn't removed by Monday. Photograph: Sean Gallup/Getty Images

An estimated 45,600 computers infected with the DNSChanger Trojan could lose internet access on Monday when the FBI removes a temporary fix for computers infected with the malware.

“Anonymous” Hacks Anti-Piracy Takedown Tool | torrentfreak.com

This spring nearly all popular BitTorrent sites were blocked by Indian ISPs following a court order. The blockades were eventually lifted, but the many “Anonymous” groups who revolted are not done yet. The latest target is the anti-piracy group Copyright Labs, whose servers were painfully compromised this week. The hackers didn’t take the site down, but altered the message that is sent to website owners by their automated takedown tool.

Two months ago millions of Indians were shaken up by a mass anti-piracy action.

Internet providers all across the country blocked access to major BitTorrent sites such as The Pirate Bay and Torrentz.eu after a local court issued a so-called John Doe order.

The order wasn’t targeted at a specific site or ISP but gave the copyright holder carte blanche to demand broad blockades, which they did. In response, Internet providers, government websites and media companies were targeted in DDoS attack reprisals by “Anonymous” groups.