.name Registrar Web Site Hacked

The web site for Global Name Registry, which operates the .name registry database, was back online this morning after it was hacked Saturday. “We did an update to Apache and PHP last week and someone managed to exploit a hole in one of these and replace the index file on the webserver,” Global Name president Hakon Haugnes wrote in a post at the ICANN Watch web site, which was the first to report the intrusion. “No other data than the index.php were replaced, and no other data could be accessed as the webserver is physically and geographically separated from our Registry Systems. We have taken our webservers down during the weekend to further reinforce our website against similar incidents in the future.”

Continue reading

Nachi Worm turned Cash Machines into scanning engines

The Nachi worm compromised cash machines at two financial institutions last August, according to Diebold, which manufactured the Windows-based automatic teller machines. The event is being called the first confirmed case of malicious code penetrating cash machines, according to Security Focus. The two financial institutions were not identified, and the infected machines were quickly isolated when they began scanning the ATM networks, triggering intrustion detection systems, according to Diebold.

The Nachi worm exploited a RPC DCOM hole, for which Microsoft issued a patch a month prior to the worm’s release, which Diebold neglected to install on the infected machines. Last week Diebold announced that it will include Sygate Security Agent software with all its new ATMs and offer to install Sygate agents on its existing Windows-based ATMs.

Continue reading

ISA's Hancock: Core Internet Protocols Need An Overhaul

Best practices can go a long way toward improving Internet security. But truly meaningful advances in security will require the complete overhaul of core network protocols, according to Dr. Bill Hancock, chairman of the Internet Security Alliance.

“The biggest problem I see is that a lot of protocols we use were developed in the 1970s,” said Hancock, the Chief Security Officer at Cable and Wireless. “The bottom line is that all those protocols need to be redone. Until we start improving those protocols, we’ll continue to see problems.”

Continue reading

Bogus Yellow Pages renewals widely received

Many businesses in the UK are receiving mails asking them to re-register their details with yellovvpages.com. Yellow Pages, operated by Yell, is one of the UK's main telephone and business directories. www.yellovvpages.com with two 'v's is not connected with Yell, or a US business called Yellow Pages.

Continue reading

Vulnerable versions of OpenSSL apparently still widely deployed on commerce sites

The UK National Infrastructure Security Co-ordination Centre (NISCC) developed a test suite for SSL/TLS implementations, designed to detect vulnerabilities caused by the implementation responding badly to deliberately malformed certificate syntax. These tests have been run against a number of Vendors’ implementations, several of which are either vulnerable to some extent, or are still awaiting the manufacturer’s feedback, and the results are sumarised on the NISCC web site.

The tests were made available to the OpenSSL team, and three specific vulnerabilities were found. These could result in denial of service, or theoretically allow execution of arbitrary code, when OpenSSL is presented with a malformed client certificate. The fixes for these problems are available in the latest versions (0.9.6k and 0.9.7c).

No. of
0.9.6d and
25539 30-Jul-2002 Practical to run arbitrary code remotely
0.9.6e-h and
14116 19-Feb-2003 Practical (LAN) attack to recover frequently repeated plaintext such as passwords
0.9.6i and
5877 17-Mar-2003
Practical (LAN) attacks to obtain or use secret key
0.9.6j and
4003 30-Sep-2003 Denial of Service, and theoretically possible run arbitrary code remotely
0.9.6k and
1356   Clean at present
Total all

Continue reading

Customers of UK banks and brokerages attacked with new wave of fraud and theft

In the last week criminals have made attacks on customers of many of the UK’s largest banks and brokerages, attempting to persuade them to reveal their account’s username, password, and other authenticating information, by sending a verification mail with a forged source address, and a url that appears to be associated with the recipients bank or brokerage.

Users of collaborative spam detection systems such as Vipul’s Razor, are quite well protected against these fradulent mail attacks, as early recipients of the message will report the message, and subsequent recipients will not even see the message in their normal mail routine.

However, the steadily increasing numbers of well heeled, but technically unsophisticated people making use of internet banking are greatly at risk to this type of attack. Although the mail below is aimed at Barclays customers, similar mails targeting the customers of National Westminster, the Halifax Bank and the brokerage T D Waterhouse have been reported during the past week, and every bank and brokerage can reasonably expect that their own customers will be targeted, as the potential of emptying out large numbers of people’s bank accounts is so attractive to criminals, and the fact that some banks have taken their sites offline may indicate that they are seeing a volume of suspicious withdrawls.

Continue reading