Worm spreading via RDP port 3389

It’s retro day in the world of Internet security, with an Internet worm dubbed “Morto” spreading via the Windows Remote Desktop Protocol (RDP).

F-Secure is reporting that the worm is behind a spike in traffic on Port 3389/TCP. Once it’s entered a network, the worm starts scanning for machines that have RDP enabled. Vulnerable machines get Morto copied to their local drives as a DLL, a.dll, which creates other files detailed in the F-Secure post.

 SANS, which noticed heavy growth in RDP scan traffic over the weekend, says the spike in traffic is a “key indicator” of a growing number of infected hosts. Both Windows servers and workstations are vulnerable.

Source:theregister

Scariest IPv6 attack scenarios

Experts are reporting a rise in the number of attacks that take advantage of known vulnerabilities of IPv6, a next-generation addressing scheme that is being adopted across the Internet. IPv6 replaces the Internet’s main communications protocol, which is known as IPv4.

Salient Federal Solutions, a Fairfax, Va., IT engineering firm, is reporting real-world incidents of IPv6 attacks based on the emerging protocol’s tunneling capabilities, routing headers, DNS broadcasting and rogue routing announcements. The company asserts that all of these threats can be eliminated with the use of IPv6-enabled deep packet inspection tools, which it and other network vendors sell.

Source: Computer World

10 Secure Linux Distributions You Need Know About

With security constantly in the news lately, you can’t help but feel ill at ease and vulnerable — vulnerable to teams of hackers whose only motivations are to expose and attack their victims. Perhaps you think you’ve done due diligence by keeping your patches updated, installing security fixes, and maintaining a corporate firewall.

Those methods are effective about 50 percent of the time. For the other 50 percent, you need to do more. You need penetration testing, security audits, intrusion prevention and intrusion detection, and you need to plug security holes that only hackers know about by using the tools they use to compromise your systems.

Security is expensive no matter how you slice it but it doesn’t have to be a death knell for your business. This list of 10, in no particular order, security-enhanced Linux distributions can give you peace of mind by beating hackers on their turf.

1. Astaro Security Appliance – Formerly known as Astaro Security Linux, the Astaro Security Appliances come in three flavors: Hardware, software and virtual. In the virtual appliance category, Astaro offers appliances built specifically for network security, mail security, Web security and Web application security. The network security virtual appliance, for example, includes a configurable firewall, intrusion protection, DoS attack protection, NAT tools, VPN, IPSec Remote Access, LDAP authentication integration, and bandwidth control.
2. BackTrack Linux -Is the highest rated and most acclaimed Linux security distribution.
3. IPFire – IPFire is a firewall distribution that is small, highly secure and easy to use.
4. Lightweight Portable Security – The Lightweight Portable Security (LPS) distribution boots a thin Linux system from a CD or USB flash drive.
5. Live Hacking DVD – This live DVD distribution is exactly what it sounds like: An ethical hacker’s playground (workbench).
6. EnGarde Secure Linux – EnGarde Linux is a Linux server distribution that is secure and perfect for use as an Internet server.
7. NetSecL – NetSecL is an OpenSUSE-based distribution that features GrSecurity, chroot hardening, auditing, and includes penetration testing software.
8. SmoothWall Express - The SmoothWall Open Source project began in 2000 and continues to be an excellent business firewall solution.
9. Openwall GNU/Linux – Openwall GNU/Linux (OWL) is a small, security-enhanced distribution suitable for virtual appliances, hardware appliances, and physical servers.
10. Vyatta – Vyatta is a commercial security appliance vendor delivering appliances for every network class including cloud architectures.

Source:Serverwatch

Hackers Shift From Vandalism to Massive Data Theft

Cyber-attacks have dominated headlines this summer as government agencies, large organizations and small businesses have been hit by malware, distributed-denial-of-service attacks and network intrusions. On the personal front, individuals’ email and social networking accounts have been hijacked.

Most cyber-attackers are motivated by money, whether it’s by looting bank accounts or selling stolen information to other criminals, said Josh Shaul, CTO of Application Security. However, there’s been a surge in politically motivated attacks in the past few months as a number of groups—including the notorious hacker collective Anonymous—turned to cyber-attacks as a form of protest.

PandaLabs researchers predicted this past December that the cyber-protests that have added the word “hacktivism” to the English language will continue to grow in frequency because it’s been so effective in getting attention.

In the past few months, even hacktivism has been transformed as tactics and motivations have evolved. In the past, cyber-protesters generally defaced Websites or launched DDoS attacks to express their discontent.

In these DDoS attacks, Websites were overwhelmed with large volumes of server and database requests and became inaccessible to legitimate site visitors. For the most part, the majority of hacktivists relied on low-tech techniques for its activities, Shaul said.

Source: Eweek

Data thieves target hotels and resorts

If you’re a business traveler who books hotel rooms via the Internet, you may be at higher risk of being victimized by computer hackers and identity thieves.

Insurance claims for data theft worldwide jumped 56% last year, with a bigger number of those attacks targeting the hospitality industry, according to a new report by “Willis Group Holdings”, a British insurance firm.

The report said the largest share of cyber attacks — 38% — were aimed at hotels, resorts and tour companies.

That could spell trouble for business travelers who submit credit card numbers and other personal information to hotel websites, said Laurie Fraser, global markets leisure practice leader for Willis.

Fraser said large hotel chains are most vulnerable because hotel management companies may not be able to monitor how data is collected and stored at dozens or even hundreds of properties throughout the world. Independent contractors who work for individual hotels can also open the door to hackers and computer viruses, he said.

“There are various ways hackers can get into a hotel system,” Fraser said.

Sherry Telford, a spokeswoman for “InterContinental Hotels Group”, one of the world’s largest hotel companies, said InterContinental continually reviews its security measures.

Source: LATimes

The science of password selection

A little while back I took a look at some recently breached accounts and wrote A brief Sony password analysis. The results were alarming; passwords were relatively short (usually 6 to 10 characters), simple (less than 1% had a non-alphanumeric character) and predictable (more than a third were in a common password dictionary). What was even worse though was uniqueness; 92% of common accounts in the Sony systems reused passwords and even when I looked at a totally unrelated system – Gawker – reuse was still very high with over two thirds of common email addresses sharing the same password.

But there was one important question I left unanswered and that was how people choose their passwords. We now know that structurally, passwords almost always adhere to what we would consider “bad practices” but how are these passwords derived in the first place? What’s the personal significance which causes someone to choose a particular password?

Read more…

The padlock icon must die

What do you think of when you see this little guy on a webpage:

You’re probably thinking something along the lines of “it means the page is secure”. The more tech savvy among you may suggest that it means HTTPS has been used to encrypt the content in transit.

The problem is that it doesn’t mean anything of the kind. In fact it had absolutely nothing to do with website security. And therein lies the problem – the padlock lies to us, it implies things that it is not and it’s downright misleading.

Excellent post, read more at troyhunt.com

Researcher finds dangerous vulnerability in Skype

A security consultant has notified Skype of a cross-site scripting flaw that could be used to change the password on someone’s account, according to details posted online.

The consultant, Levent Kayan, based in Berlin, posted details of the flaw on his blog on Wednesday and notified Skype a day later. He said on Friday he hasn’t heard a response yet.

The problem lies in a field where a person can input their mobile phone number. Kayan wrote that a malicious user can insert JavaScript into the mobile phone field of their profile.

There are some mitigating factors, such as that the attacker and victim must be friends on Skype. Also, the attack may not immediately execute when the victim logs in. Kayan said he noticed the behavior happened only after the victim logged in several times. But he said in an e-mail that once it happens the first time, “it happens with each re-login.”

Skype should be checking the input into the mobile phone field and validating that it is indeed a phone number and not executable code. The problem affects the latest version of Skype, 5.3.0.120, on Windows XP, Vista and 7 as well as Mac OS X operating system.

Source: networkworld

JailbreakMe for the Lulz

What’s JailbreakMe? It’s an easy way to jailbreak an Apple iOS device using a PDF (related) vulnerability.

It’s done with a “drive-by” style exploit.

All somebody needs to jailbreak their (newer) iPad/iPhone/iPod is to visit jailbreakme.com and to touch the free/install button. The German Federal Office for Information Security has issued a warning about this. They’re concerned about the potential for targeted malicious attacks using trojanized versions of the JailbreakMe exploit.

Source: F-Secure

 

Hacker Exposes Florida’s Voting Database — Again

Election fraud and accusations of rigged voting might be as old as US election systems themselves, but some may wonder, if a hacker can gain access to the election voting system, how secure are elections anyway?

The AntiSec movement is definitely rolling along, but Anonymous is pointing to a recent hack that could raise some serious questions over the integrity of voting in Florida. It seems that a hacker who uses Twitter obtained parts of the Florida voting database which has been subsequently posted to Paste2. It appears that the hacker in question wanted to show that voting fraud can easily happen today and dumped parts of the Florida database to prove it.

Source: Zeropaid