August 6th, 2010 by Manolis Stamatogiannakis
13-17 September 2010, Heraklion, Crete, Greece
Call for Participation
The European Network and Information Security Agency (ENISA) and the Institute of Computer Science (ICS) of the Foundation for Research and Technology – Hellas (FORTH) invite you to the jointly organised 3rd ENISA-FORTH Summer School on Network and Information Security (NIS’10).
The “Future Internet” promises an exciting new world of services and capabilities: Devices that will automatically exchange information to facilitate users, services that transparently and seamlessly combine information from different and multiple sources, protocols and systems that are able to handle complex interactions. At the same time, however, concerns about privacy and security increase for individuals, organizations, and the society in general. This gives rise to a number of question such as where should responsibility be placed and how should solutions be enforced and verified in a world of complex infrastructures and services?
Following the success of NIS’08 and NIS’09, the 3rd edition of the Summer School on Network and Information Security (NIS’10) will cover topics that address legal, technical, and policy issues in this emerging world. The Summer School aims to provide a forum for experts in Information Security, policy makers from EU Member States and EU Institutions, decision makers from the industry, as well as members of the research and academic community, for interacting on cuttingedge and interesting topics in NIS.
Keynote Speakers
- Dr. Jorgo Chatzimarkakis, Member of the European Parliament, EU
- Dr. Silvia Adriana Ticau, Member of the European Parliament, EU
- Mr. Mario Campolargo, Director of the Emerging Technologies and Infrastructures, DG INFSO, European Commission, EU
- Mr. Bruce Schneier, Chief Security Technology Officer of BT, UK
- Mr. Mikko Hypponen, Chief Research Officer, F-Secure, FI
- Mr. Peter Hustinx, Supervisor, European Data Protection Supervisor, EU
Steering Committee
- Dr. Udo Helmbrecht, Executive Director of ENISA, EU
- Prof. Constantine Stephanidis, Director of FORTH-ICS, GR, Member of ENISA Management Board
Venue
NIS’10 will take place in Hersonissos, Crete, Greece. Hersonissos is a small town approximately 30km from Heraklion and its airport. For instructions of how to get to the conference venue, please visit the travel information section on the NIS web page. The venue of the Summer School is Aldemar Knossos Royal Village. Aldemar Knossos Royal Village hotel is a magnificent resort located on the north coast of the island of Crete in Hersonissos.
Online resources
Posted in Uncategorized | No Comments »
July 21st, 2010 by Hua Lu
News link:Click me
Adobe’s popular PDF viewer, Adobe Reader, always attracts large amount of hackers who try to exploit its vulnerabilities. Some reports found that Adobe Reader is at the top list for having the most exploits for web-based attacks. Now, the company wants to “turning to sandboxing technology designed to isolate code from other parts of the computer.” A “protected mode” will be added to the Adobe Reader for Windows which will be enabled by default and release later this year. Because of minor attack against Macintosh system, there is no plan to implement this feature to Mac OS yet.
Several changes will be made due to sandbox mechanism. The PDF processing will be confined, such as executing JavaScript, parsing JPEG image etc. Application running in the Adobe Reader will not be able to communicate with the operating system any more. “This is an additional layer of defense that will help protect users in case they encounter a malicious or corrupted PDF.” said Brad Arkin, the director of product security and privacy of Adobe. The new feature could limit the number of exploits, but not all of them. Some attacks like phishing and weak cryptography still exist.
Some experts believe that Sandbox can not prevent code execution vulnerability, but it makes attacks much hard to success. With Sandbox, the attackers need to find vulnerability in both programs, Reader and Sandbox.
Posted in Uncategorized | No Comments »
July 21st, 2010 by Susan Yu
On July 16, Microsoft released Security Advisory 2286198 confirmed the Windows shortcut flaw that exposes all windows user of all current versions of Windows system to very serious attacks, including fully patched Windows 7 system.
Just by opening a directory containing the infected shortcut will get user infected. Once the infected shortcut icon is displayed in Windows Explorer, malicious code is launched without any further user interaction. Hackers have already developed malware that spreads via USB sticks, using this vulnerabilities. Independent security researcher Frank Boldewin had found the attack is currently targeted toward the WinCC SCADA system by Siemens. “Looks like this malware was made for espionage,” Boldewin writes.
On Sunday, a researcher known as “Ivanlef0u” published aproof-of-concept code to several locations on the Internet. There is already a Metasploit module that implements the exploit with the WebDAV method.
To protect yourself from the attack, Microsoft suggests disabling the displaying of icon for shortcut and turning off WebClient service as workarounds against possible attacks. Please reference Microsoft advisory for details of how to “Disable the displaying of icons for shortcuts“. Another way to protect yourself is to use Didier Stevens’ tool Ariad .
Additional information on the flaw can be found in a blog post by the SANS Institute’s Internet Storm Centre here.
source:
Experts Warn of New Windows Shortcut Flaw
MS confirms Windows shortcut zero-day flaw
Preempting a Major Issue Due to the LNK Vulnerability – Raising Infocon to Yellow
Tags: attack, malware, security, zero-day
Posted in security news | No Comments »
July 20th, 2010 by Edvin Vito
A new OS called REMnux has been released from Lenny Zeltser, a security expert specializing on malware reverse engineering. REMnux is a lightweight version of Ubuntu originally distributed as a VMware virtual appliance, which can be booted via several VMware products or through X-Windows. The OS was also recently released as an ISO image of a Live CD.
The classical approach to analyze malware is to set up a virtual machine on a computer specifically designed for that purpose and then release the malware and monitor how it affects the system. The drawback of this protocol is that much of the malware’s behavior can remain hidden, while deeper analysis is not a convenient option.
REMnux comes as a solution to these disadvantages and offers an alternative approach for taking apart a malicious code. Typically, infection of another laboratory system with the malware sample is followed by direction of the potentially-malicious connections to the REMnux “monitoring” ports.
This approach combines a generous number of popular malware-analysis, reverse-engineering, network monitoring, and memory forensic tools. Amongst them, REMnux contains three tools for analyzing Flash-specific malware, namely SWF tools, Flasm, and Flare. Furthermore, it contains several applications for analyzing malicious PDFs, such as the Didier Steven’s analysis tools. The OS also provides a lot of tools for de-obfucating JavaScript, including Rhino debugger, a NoScript-version of Firefox, JavaScript Deobfuscator and Firebug, and Windows Script Decoder. In addition to the above analysis tools, a small Web server, an IRC server, and a pseudo-DNS server are also included. Further, several tools for network monitoring and interactions, such as the virtual honeypot server, HoneyD, as well as Wireshark, INetSim, fakedns and fakesmtp scripts, and NetCat are also part of REMnux.
Behind the development of REMnux stands the idea of providing a useful set of tools for people interested in the field, rather than a be-all reverse-engineering environment. As Zeltser himself puts it: “This doesn’t have every tool in it, because I think people can get distracted with too many tools in there”. On the contrary, Zeltser states that this OS targets beginners or people that are not Linux experts. He also hopes that users’ input and comments will aid in further development of REMnux to reach an improved version of the OS.
Any interested and adventurous potential developers, who would like to contribute to the improvement of REMnux, are welcomed to contact Lenny Zelter directly.
Tags: flash, honeyd, honeypot, javascript, malware-analysis, network monitoring, OS, security, wireshark
Posted in security news | No Comments »
May 22nd, 2010 by angelpap
Typhoid Adware is a software which resembles the healthy carrier of typhoid called Typhoid Mary. This kind of threat works to the full potential on computer networks and specifically on wireless networks. Actually, the internet cafes and other similar public places where the customers can access internet wirelessly without any data encrpytion, are the most convenient places for being infected Adware software. Typhoid Adware comes from another’s person computer and convinces other laptops to communicate with it and not the legitimate access point. Then the Typhoid adware automatically inserts advertisements in videos and web pages on the other computers.
John Aycock who co-authored a paper with assistant professor Mea Wang and students Daniel Medeiros Nunes de Castro and Eric Lin have come up with solutions which support computers with security defences against threats of various Adwares like the Typhoid Adware.
Click here for more information.
Posted in security news | No Comments »
May 21st, 2010 by boulouk
In a paper presented at the Usenix Workshop on Large-Scale Exploits and Emergent Threats researchers devised a way to monitor BitTorrent users. By monitoring the users they accomplished to create a list of ip-addresses of individuals and track the content they are sending and receiving.
In that paper the researchers demonstrated the technique to continuously spy on BitTorrent users for 103 days. They collected 148 million IP addresses and identified 2 billion copies of downloads, many of them copyrighted.
From this research most important is that identified the IP addresses where much of the content originated. This means that the individuals that creating the torrent files are few. Therefore, the question is why the anti-piracy groups try to stop millions of downloaders instead of a few content providers.
Posted in Uncategorized | No Comments »
May 21st, 2010 by tsikudis
Across the web, its common for advertisers like Google Inc.’s DoubleClick and Yahoo Inc.’s Right Media, to receive the address of the page from which a user clicked on an advertisement. They receive nothing more than an incomprehensible string of letters and numbers that can’t be used to retrieve users’ information.
However, with social networking sites, those addresses include data which advertisers can use to look up individual profiles and discover users’ personal information and interests, contrary to their privacy policy and their promises they don’t share such information without consent.
After Wall Street Journal’s questions, Facebook and MySpace moved to make changes to stop the handover.
“If you are looking at your profile page and you click on an advertisement, you are telling that advertiser who you are”, an assistant professor at Harvard Business School said.
See the graphic about Internet sites that share information that could be tied to individual profiles.
Source: The Wall Street Journal
Tags: advertising, privacy, social networks
Posted in Uncategorized | No Comments »
May 20th, 2010 by galea
A vulnerability has been discovered in 64-bit Windows 7 , in graphics display component that could be exploited to crash the system or potentially take control of the computer by running code remotely.The vulnerability is in the Canonical Display Driver (cdd.dll) which could allow code execution(Microsoft isn’t aware of this ,cause vulnerable code execution is unlikely due to memory randomization) caused due to an error while drawing in kernel space by using the cdd.dll . This can be exploited to dereference invalid memory in a write operation and corrupt kernel memory.When the Windows Aero theme is installed, does not perform the expected data parsing after user-mode data is copied to kernel mode, which allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a crafted image file.
http://news.cnet.com/8301-27080_3-20005420-245.html?tag=mncol;title
http://www.microsoft.com/technet/security/advisory/2028859.mspx
http://secunia.com/advisories/39577
Posted in security news | No Comments »
May 18th, 2010 by zahariad
The Mozilla Firefox development team has recently came with the idea of warning Firefox users about outdated, insecure or buggy plug-in. It was first implemented for Adobe flash plug in. It was created as a What’s New page and integrated in recent Firefox updates.
The scripts on the page check for installed plugins and compare the version of the installed plugin with the latest version that is offered officially by the developer of the plugin. Some supported plug-ins (among others) are Apple Quicktime, Shockwave Flash, Adobe Acrobat, Java, RealPlayer and Windows Media Player plugins. Furthermore the Mozila Firefox development team now extends the page to support all the popular browsers.
Read the rest of this entry »
Posted in forward, security news | No Comments »
May 18th, 2010 by zahariad
The XSS filter that was the developed from Microsoft and added to the last IE version to prevent XSS attacks can be used for the very exact opposite reason! The cross-site scripting (XSS) filter can be abused by attackers to launch cross-site scripting attacks (XSS) on websites and web pages that would otherwise be immune to this threat.
The IE8 filter works by scanning outbound requests for strings that may be malicious. When such a string is detected, IE8 will dynamically generate a regular expression matching the outbound string. The browser then looks for the same pattern in responses from the server. If a match is made anywhere in the server’s response, the browser assumes that a reflected XSS attack is being conducted and the browser will automatically alter the response so that the XSS attack will be unsuccessful.
Read the rest of this entry »
Posted in security news | No Comments »
