This document summarizes recent cybersecurity news and events in the information security field. It discusses several security conferences that recently occurred including Brucon, Derbycon, and HITB as well as the arrest of members of the hacker group Lulzsec. It also covers recent vulnerabilities including a chosen plaintext attack against AES in SSL/TLS, the compromise of the mysql.com website, and an Apache reverse proxy bypass issue. Lastly, it mentions new security tools releases, recent malware activity including new Android threats, and recommended security reading materials.

1. Null / OWASP / SecurityXploded / Garage4hackers Meetup About me: Ashwin Patil GCIH, RHCE, CCNA 2+ in Infosec

2. AnnouncementsMalcon 2011 : Call for Paper http://malcon.org/cfp/Venue: Mumbai , Nov -2011CFP for nullcon 2012 (Tritiya) is open!!!http://nullcon.net/cfp-nullcon/Venue : Goa, Feb -2012ClubHACK 2011 : CFP closes 2nd week of Octhttp://clubhack.com/2011/Venue: Pune, first weekend of December.

3. Security Conferences happenedBrucon 2011Slides (Some) posted : http://2011.brucon.org/index.php/ScheduleDerbycon 2011 Videos Posted : http://www.irongeek.com/i.php?page=videos/derbycon1/mainlistHITB SecConf 2011 Slides being Posted on Fly : http://conference.hitb.org/hitbsecconf2011kul/materials/

4. Arrest of Lulzsec MembersFBI arrested lulzsec member Recursion : Cody Kretsinger,23

5. Accused of using SQL injection attacks against Sony.

6. Earlier in UK : 2 more arrests happened claimed to be Kayla and Topiarry.

7. Ringleader Sabu tweeted only 2 left.

8. Group chatlog revealed use of HideMyAss`s Proxy service to disguise his IP in SONY attack.

9. The site followed court order asking for information for above case.UK based Company explained –VPN services are not designed to commit illegal activity.

10. We only log time you connect and disconnect.

11. We comply with UK Law. If request for information came from overseas ,it should come from UK channels only-- arstechnica, hidemyass blogs

12. SSL Broken … Again2 Researchers : Juliano Rizzo and Thai Duong at Ekoparty Security Conference.

13. Presented New Fast block-wise chosen plaintext attack against AES algorithm in SSL/TLS.

14. TLS version 1.0– vulnerable . TLS v1.1 and 1.2 : not vulnerable but major websites uses TLS v1.0 as later are unsupported in browsersOld vulnerability & ignored for years due to crypto people thought its unexploitable.

15. P.O.C. Application : BEAST : Browser Exploit Against SSL/TLS -- theregister, threatpost

16. How it works ? And Patches ? a.k.a Cryptographic Trojan Horse

17. Injects client side BEAST code in victims browser. (iframe/JavaScript)

18. Then works with network sniffer to look for active TLS connections. Grabs and decrypt HTTPS authentication cookie.Workarounds are possible but real solution is switch to newer protocol.Workarounds by browser vendors:Chrome developer version 15.0 making attack more complex.

19. Firefox considering to disable java but it will break many websites and functionalities

20. Microsoft working on Windows Update to fix the issue. Advisory: 2588513-- technet , chrome, mozilla blogs

21. Mysql.com compromised spreading malware to visitors Last Time (March-2011) it was SQL injection.

22. Simply visiting website serves malware through JavaScript and redirects to malicious domains hosting Blackhole exploit kit.Discovered by first armorize

23. TrendMicro found in Russian underground forum hacker sourcec0de selling rootaccess of mysql.com clustersPrice starts from 3000$-- armorize, SANS ISC, TrendMicro

24. The Good, the Bad and the Ugly of MicrosoftThe Good Microsoft:Microsoft does it again , Takes down Kelihos Botnet.

25. Estimated 41000 compromised hosts, capable of sending 3.8 billion spam messages

26. Previously Rustock botnet taken down.The Bad Microsoft:Microsoft Security Essential detected chrome.exe as piece of malware ( PWS: Win32)Microsoft released emergency update to the signature to fix the issue.

27. Chrome also released update to fix the issue

28. Microsoft is joining anti-flash crowd.

29. Metro version of IE 10 in windows 8 will not accommodate plugins.-- arstechnica, threatpost , chrome, cnet blogs

30. Continued …The Ugly MicrosoftUEFI : Unified Extensible Firmware Interface

31. New Type of boot environment : replaces standard BIOS process. UEFI is a part of windows 8 securedBoot architecture.To ensure that pre-OS environment is secure

32. System with UEFI enabled & Microsoft signing keys will only boot secure Windows OS. Major Concern: Dual booting non windows OS such as Linux

33. installing new hardware with unsigned keys drivers-- msdn blogs, cnet ,

34. Reverse Proxy bypass of ApacheApache webservers affected with this issue when running in reverse proxy mode.Could let attackers access DB, firewalls, routers and other internal network resources.

35. Misconfiguration in rewrite rule in Apache config file.RewriteRule ^(.*) http://internalserver:80$1 RewriteRule ^(.*) http://internalserver:80/$1 Apache issued patch to stop these type of attacks. CVE-2011-3368.patch

36. IIS could also be vulnerable if it is importing apache mod_rewrite rules.-- contextis.com blog, seclists.org full disclosure

37. German Federal Trojan: R2D2“Lawful interception” malware program to spy on citizens

38. Reverse engineered and analyzed by European Chaos Computer Club (CCC). Submitted to ccc anonymously

39. Used by German police forces.

40. Not only sends data but also offers remote control or backdoor functionalities to upload and execute arbitrary programsSony : Game is not overCISO informs breach of 93000 accounts (PSN and SOE)

41. Attackers used large amount of data obtained from compromised lists of other companies

42. Claims credit card information is not at risk-- ccc.de , PlayStation blogs

43. XSS in Skype for iOSXSS bug in iPhone and iPad version of Skype client

44. Incorrect webkit settings allows an attacker to directly access files on device including address books.More details:https://superevr.com/blog/2011/skype-xss-explained/Backdoor in HTC Android SmartphonesVulnerability in app called HtcLogger.apk found by androidpolice.com

45. App collects all kinds of data and provides to anyone who asks by opening a local port

46. Any app with INTERNET permission can access the information and can send data to remote server.

47. Patch Promised by HTC ..will be firmware OTA update.

48. Till then if you are rooted, remove HtcLogger.apk -- h-online, androidpolice, allthingsd.com

49. News OverviewNewer and more complicated android malware variants are expected to emerge.

50. ANDROIDOS_ANSERVER.A : arrives as a eBook reader app and Uses encrypted blog posts as C & C.

51. New Zeus Crimeware toolkit comes with peer-to-peer design.

52. Harder to takedown such botnets as No centralized C & C server which they can infiltrate or shut down.

53. AmEx Debug Mode left site wide open, providing access to vulnerable debug tools

54. Security Issue was noticed by developer Niklas Fermerstand.

55. Difficulties in finding security contact when contacted via twitter.

56. AmEx responded and shut down debug mode

57. Facebook is partnering with Websense to protect its members from malware and malicious web sites.

58. When Facebook user clicks on a link, it will be checked against Websense database.

59. if links is malicious, user will be presented a choice to continue or not on his risk.--theregister, qnrq.se, TrendMicro, bbc. networkworld,fnno.com

60. Security Tools Releases sshtrix-0.0.2.tar.gz:Very fast Multithreaded SSH Login cracker

61. Malware Analyzer 3.5:Malware Analyzer is freeware tool to perform static and dynamic analysis on malwares

62. ExeScan : PE File Anomaly Detector Tool by SecurityXploded

63. Another File Integrity Checker 2.18: another file integrity checker, designed to be fast and fully portable between Unix and Windows platforms

64. WebCookiesSniffer: Packet sniffer tool displays all cookies in a simple Table form.

65. fbpwn: A cross-platform Java based Facebook social engineering framework

66. Zscaler Like Jacking Prevention:Plugin for browser to keep users safe from Facebook scams.

67. PuttyHijackV1.0.rar: POC Tool to hijack putty sessions by injecting dll in process.

68. Websecurify :Powerful, cross-platform web security testing technology

69. owasp-wte: OWASP Web Testing Environment.

70. wpscan: Wordpress security scannerSecurity Reading Microsoft Security Intelligence Report (SIR) Volume 11

71. Best Practices for reporting Badware URLs

72. Post Exploitation Command Lists for Win, Unix, OS X: Excellent Reference for post exploitations

73. This Python has Venom: Symantec blog covering python Trojan

74. Cracking Passwords Version 1.1

75. Busting Windows in Backtrack 5 : Armitage demo in Backtrack 5

76. Evading Antimalware Engines via Assembly Ghostwriting

77. Bypassing Windows 7 Kernel ASLR

78. Clubhack Magazine : Oct 2011Thank YouR.I.P. Steve jobs and Dennis RitchieComments ,Feedbacks, SuggestionsTwitter : @ashwinpatilLinkedIn : http://in.linkedin.com/in/ashwinrpSlideshare : ashwin_patilhttp://www.slideshare.net/ashwin_patilPhoto Credits: Wikipedia