If you’re an Australian and you’ve gone against Apple and jailbroken your iPhone, well, karma is coming to get you. There is a worm on the loose that at this point is only affecting Australian iPhone users. This one replaces the phone’s wallpaper with a picture of Rick Astley.
The vector of attack is via the SSH application where the user has not changed the default password (more karma).
Experts say this likely is the first of many.
“National Cyber Security Awareness Month (NCSAM), conducted every October since 2001, is a national public awareness campaign to encourage everyone to protect their computers and our nation’s critical cyber infrastructure.
The success of National Cyber Security Awareness Month rests on all of us doing what we can to engage in awareness activities. There are opportunities for everyone from home users to major corporations and government entities to get involved.”
While this likely isn’t as bad as it sounds, it is still unbelievable to me that this is still happening. It very clearly shows that there is a lack of interest in keeping this information secure. American voters should be making this a priority for any new elections because eventually no one is going to have any personally identifiable information. The government is going to have carelessly let it all out into the public.
SANS has released their Top Cyber Security Risks report. Top two priorities: Unpatched internal systems and vulnerable websites.
“Featuring attack data from TippingPoint intrusion prevention systems protecting 6,000 organizations, vulnerability data from 9,000,000 systems compiled by Qualys, and additional analysis and tutorial by the Internet Storm Center and key SANS faculty members.”
Word today that there is a 0-Day exploit targeting a flaw in SMB2 that can allow a single packet to crash a Windows Vista/7/2008 machine. Not too many details yet but the code is out and there is a Metasploit module available.
So it seems OS X 10.6 has an old version of Flash bundled with it and it won’t keep your updated version if you’re upgrading. Somehow in the rush to get 10.6 out the door, Apple didn’t update to the newest version and doesn’t during the install.
We all know that Flash is a significant vector for attack so you need to make sure you update it as soon as you have installed your new breed of Leopard.
There is evidence that there is a Skype trojan in the wild:
“Symantec describes how the Trojan intercepts API calls to Skype, capturing and storing audio conversations as MP3 files with caller, date, day and time stamps to identify them, and SkypeOut and SkypeIn call designations. The Trojans then attempts to upload the recordings to pre-defined locations after detecting and attempting to bypass named firewall filters.”
This could be extremely dangerous for companies using Skype for cheap international calls. It should be noted, however, that it isn’t clear whether the trojan actually does all of the things it is designed to do.
Risk is listed as low, but it is interesting to see that someone has done this. There is also talk that it is code that was originally written for commercial purposes that has now found its way to the open source market.
A SQL injection attack discovered last week has now infected more than 130,000 web pages. The sites download a mix of trojans, keystroke loggers and other malware to unsuspecting users from legitimate websites.
I had never heard of fully remote off-shore drilling rigs. However they’re a target as they have wireless communication from the rig back to on-shore facilities for all manner of controls.
Read the article here.
Catching up on a few things from last week.
“Two new rules were created this week requiring health care organizations, and other entities that interact with personal health records (PHRs), to issue notifications in the event of a data breach.
Both rules were created as part of the American Recovery and Reinvestment Act of 2009 (ARRA), signed into law by President Obama in February.”
One rule requires organizations subject to HIPAA regulations to individuals when breaches of information for 500 people or more occur.
The other rule covers web-based business that collect health information from consumers. They must also issue notifications if a breach occurs.
I was away when this was released but it is a very valuable read. From the introduction:
“This consensus document of 20 crucial controls is designed to begin the process of establishing that prioritized baseline of information security measures and controls. The consensus effort that has produced this document has identified 20 specific technical security controls that are viewed as effective in blocking currently known high-priority attacks, as well as those attack types expected in the near future. Fifteen of these controls can be monitored, at least in part, automatically and continuously. The consensus effort has also identified a second set of five controls that are essential but that do not appear to be able to be monitored continuously or automatically with current technology and practices. Each of the 20 control areas includes multiple individual subcontrols, each specifying actions an organization can take to help improve its defenses.”
20 things that will go a long way to helping ensure that your organizations critical information stays secure.
Lots of patches again today affecting most versions of Windows and Windows Server as well as Office.
You can read all the details here - http://www.microsoft.com/technet/security/bulletin/ms09-aug.mspx
A vulnerability is currently being exploited in Windows 2003 Server and Windows XP via a Video Active-X control. The vulnerability can be exploited by duping a user into downloading the control via a malicious web site using Internet Explorer.
Microsoft has released a web-based script that will turn off the affected control and also allow you to turn it on again when needed – click here. Also, for more technical information, click here.
The new version of Opera, version 10, will include a web server as part of a platform called Unite. Opera is touting it for home users who want to be able to publish content but don’t know how to configure their firewalls or are getting blocked by ISP’s. This also means that anyone on your corporate network could setup a web server to serve up files from your network (sound scary? It should.)
Security researchers say this could be a perfect opportunity for botmasters to use the browser as a command and control channel. Not only that but Opera users could unknowingly give access to critical system files as well. The platform uses a group of extensions to the widget system Opera uses to provide enhanced functionality to the browser. While Opera warns developers of the risks, it is up to the developer in the end to decide how careful they are going to be. It also places a significant responsibility on the end user to determine what parts of Unite and the other Opera widgets could give up control to the less honest people on the web.
Other researchers are also warning that it could spur malware authors to write specifically for the Opera browser. As it passes through the Beta phase I’m sure we’ll see more about this and likely some POC code.
Sunbelt Software
Network World – “Could Opera be a Botmaster’s Best Friend”
Geeks are Sexy - “Opera Unite – should be “Untie”?”
Opera Software – Opera Unite
Google is a great source of information both good and not so good. Be careful what you post on forums, discussion groups, etc. This is a very interesting blog post:
http://synjunkie.blogspot.com/2009/06/accidental-google-hack.html
“Oh dear...within seconds Bob found a password. Surely it was old and probably not active anymore?”
If you aren’t sure if your home wireless network is secure (or you don’t think it should be) you should read this document. It takes very little time and will make sure your personal information is secure.
Adobe is releasing a round of patches Tuesday June 9 that will cover Acrobat 7.x – 9.x for Windows and OS X.
Also on Tuesday Microsoft is releasing 10 patches to cover vulnerabilities in Windows, Excel, and IE.
Get ready to do some heavy testing on Tuesday.
I haven’t had a chance to read it but here is the Cyber Policy Review doc released today by the White House.
http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf
Near Term Action Plan
1.
Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities; establish a strong NSC directorate, under the direction of the cybersecurity policy official dual-hatted to the NSC and the NEC, to coordinate interagency development of cybersecurity-related strategy and policy.
2.
Prepare for the President’s approval an updated national strategy to secure the information and communications infrastructure. This strategy should include continued evaluation of CNCI activities and, where appropriate, build on its successes.
3.
Designate cybersecurity as one of the President’s key management priorities and establish performance metrics.
4.
Designate a privacy and civil liberties official to the NSC cybersecurity directorate.
5.
Convene appropriate interagency mechanisms to conduct interagency-cleared legal analyses of priority cybersecurity-related issues identified during the policy-development process and formulate coherent unified policy guidance that clarifies roles, responsibilities, and the application of agency authorities for cybersecurity-related activities across the Federal government.
6.
Initiate a national public awareness and education campaign to promote cybersecurity.
7.
Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity.
8.
Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement
9.
In collaboration with other EOP entities, develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions.
10.
Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.
Update #4 – Not a lot new that isn’t already widely public. However the CDC has launched a new site focusing on social media tools for health emergencies in general. It’s at the bottom of this post
Update #4 – WHO raises alert level to 5, didn’t take long for the spammers to arrive, list of “spamvertised” domains
Update #3 – Canadian airlines stop flights to Mexico, First Death Reported in US
Update #2 - Follow the CDC on twitter - @CDCemergency
Update #1 – The WHO has raised their alert level to 4, additional links at the bottom of the post.
__________________________________________________________
While it is still too early to tell if the Swine Flu outbreak will turn into a pandemic, it is never too early to start your planning. There are a number of sites available with some preliminary information as well as ways to track the outbreak and suggestions for planning. I'll continue to update this page as I get more information.
From the CDC:
The CDC currently recommends that you cover your nose and mouth with a tissue when you cough or sneeze, wash your hands often with soap and water, avoid touching your eyes, nose or mouth, and try to avoid close contact with sick people.
The CDC also suggests that if one does contract an illness, they should stay home from work or school and limit contact with others to avoid spreading the infection.
If you develop an illness with fever and respiratory symptoms and you live in or near a region in which the virus has been identified, the CDC recommends that you immediately seek attention from your health care provider to determine whether further influenza testing is needed.
Skeleton plan from the SANS Institute:
Don’t Panic!
Initial monitoring stage (where we are right now)
Some links with valuable and/or interesting information:
2009 Swine Flu Outbreak Map - Google Maps
SANS Institute: Pandemic Watch 2009
Mashable: How to Track Swine Flu Online
TED Interview with “Virus Hunter” Nathan Wolfe
Canada Foreign Affairs Department Travel Warnings
List of domains being used by spammers
CDC Social Media Tools for Partners and Consumers
This Thursday April 16 I’ll be speaking at the ISACA - Western Canada Information Security Conference in Winnipeg - http://www.wcisc.ca/program2009.htm
I’ll be doing the end-of-day keynote and will be teaching an excerpt from the SANS SEC401 Security Essentials course. If you’re going to the conference and are curious about SANS courses this is a perfect opportunity to evaluate one for free (well aside from the conference fees…).
Aside from SANS you can also hear talks from Microsoft, Compugen, RSA, Checkpoint, and many others.
