Snort-2.9.4 has been released

Recent SSH vulnerabilities

Published: 2012-12-03
Last Updated: 2012-12-03 21:34:23 UTC
by Kevin Liston (Version: 1)
0 comment(s)

Exploit code for two different implementations of SSH were made public yesterday.  Tectia SSH (www.ssh.com) a commercial solution and freeSSH/freeFTP.  I currently do not see any public announcements from the vendor, nor any CVEs for tracking.

More to come on this.

Keywords: ssh vulnerabilities
0 comment(s)

John McAfee Exposes His Location in Photo About His Being on Run

Published: 2012-12-03
Last Updated: 2012-12-03 21:29:41 UTC
by John Bambenek (Version: 2)
2 comment(s)

Generally speaking, if you're on the run from the authorities over a homicide, you're probably best laying low and not making too much noise.  Sure, there is a case for trolling "the man", but it usually comes back to haunt you.

Take the case of John McAfee who is currently on the run.  A journalist for a shady website involving narcotics is apparently spending some time with him while he's on the run.  It put up a post with a picture with John and the Editor-in-chief of said publication.  (You can find it without too much effort, but it's NSFW).

Well, if you download the picture and use any of the standard tools to get metadata (I use exiftool), it happily reports not only the make and model of the camera, but the GPS coordinates of where the picture was taken (today).  We can say that, yes, John McAfee is apparently no longer in Belize. ;)

A humorous post to point out something many of us don't realize, our smartphones and devices are increasingly location-aware and that information makes it into the media that those devices create.

UPDATE: The website with the original image has replaced it with images that do not have GPS coordinates in them.

See earlier SANS ISC posts on EXIF/location information:

Twitpic, EXIF and GPS: I Know Where You Did it Last Summer

Snipping Leaks

--
John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting

2 comment(s)

Mobile Malware: Request for Field Reports

Published: 2012-12-03
Last Updated: 2012-12-03 16:15:04 UTC
by Kevin Liston (Version: 1)
8 comment(s)

At my last two speaking engagements, I asked a simple question: "'Have you, or anyone you know been infected with malware on you smartphone?"  So far, no one has raised their hand.

I'd like to ask the same question here, since there's a much wider audience of people who have the skills/instinct to notice such an infection.

If you, or someone you know (no friend of a friend reports, please) have witnessed a mobile malware infection in the wild please leave a comment below or send in a report via our contact page.

Keywords: malware mobile
8 comment(s)
ISC StormCast for Monday, December 3rd 2012 http://isc.sans.edu/podcastdetail.html?id=2977

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives