# SANS ISC

# threatpost.com

  • British Airways Suspends Some Accounts Following Unauthorized Activity Mon, 30 Mar 2015 19:22:11 +0000
    British Airways, one of the U.K's biggest airlines, suspended users' frequent flier accounts this weekend after an apparent breach recently hit the company.
  • eBay Fixes File Upload and Patch Disclosure Bugs Mon, 30 Mar 2015 17:41:18 +0000
    eBay has fixed a pair of security vulnerabilities in its site that could enable attackers to upload executable files disguised as benign file types, construct full path URLs and then point victims to them through drive-by download attacks. The first bug resulted from the failure of an eBay page to check the headers of image files uploaded by […]
  • Hackers Selling Uber Credentials on Underground Market Mon, 30 Mar 2015 16:57:33 +0000
    Uber user credentials are on sale on underground hacking forums, but the alternative taxi company says it has found no evidence of a breach of its systems.
  • DDoS Attack Against GitHub Continues After More Than Four Days Mon, 30 Mar 2015 14:55:21 +0000
    More than four days after it began, the massive DDoS attack on GitHub is still ongoing. The attack has evolved significantly since it started and GitHub officials said they believe that the goal of the operation is to force the site to remove some specific content. In the evening hours of March 25, DDoS attack […]
  • Ad Networks Ripe for Abuse Via Malvertising Mon, 30 Mar 2015 14:05:15 +0000
    Criminals have found a safe haven abusing legitimate processes, such as real-time bidding, implemented by online advertising networks to move exploits and malware, and build botnets and fraud campaigns.
  • iOS, OS X Library AFNetwork Patches MiTM Vulnerability Fri, 27 Mar 2015 18:56:18 +0000
    Until yesterday, a popular networking library for iOS and OS X, used by several apps like Pinterest and Simple was susceptible to SSL man-in-the-middle (MiTM) attacks.
  • Slack Discloses Breach of Its User Profile Database, Implements 2FA Fri, 27 Mar 2015 18:49:36 +0000
    Collaboration providers Slack disclosed that a database storing its user profile information has been breached. The break-in has been stopped, and Slack announced that it has implemented two-factor authentication going forward.
  • FBI Pleads For Crypto Subversion in Congressional Budget Hearing Fri, 27 Mar 2015 17:49:45 +0000
    FBI Director James Comey pleads with Congress to create a law that would allow law enforcement access to encrypted mobile communications on Android and Apple devices.
  • GitHub Hit With DDoS Attack Fri, 27 Mar 2015 15:54:02 +0000
    A large-scale DDoS attack, apparently emanating from China, has been hammering the servers at GitHub over the course of the last 12 hours, periodically causing service outages at the code-sharing and collaboration site.
  • Threatpost News Wrap, March 27, 2015 Fri, 27 Mar 2015 15:50:10 +0000
    Dennis Fisher and Mike Mimoso discuss the news of the week, including the Android app-replacement vulnerability, the Windows privilege escalation bug and the Yahoo transparency report and the company's crypto efforts.

# Reddit netsec

# Krebs On Security

  • Sign Up at irs.gov Before Crooks Do It For You Mon, 30 Mar 2015 04:23:55 +0000
    If you’re an American and haven’t yet created an account at irs.gov, you may want to take care of that before tax fraudsters create an account in your name and steal your personal and tax data in the process. Recently, KrebsOnSecurity heard from Michael Kasper, a 35-year-old reader who tried to obtain a copy of his […]
  • Who Is the Antidetect Author? Thu, 26 Mar 2015 14:48:26 +0000
    Earlier this month I wrote about Antidetect, a commercial tool designed to help thieves evade fraud detection schemes employed by many e-commerce companies. That piece walked readers through a sales video produced by the author of Antidetect showing the software being used to buy products online with stolen credit cards. Today, we'll take a closer look at clues to a possible real-life identity of this tool's creator.
  • Tax Fraud Advice, Straight from the Scammers Wed, 25 Mar 2015 16:10:22 +0000
    Some of the most frank and useful information about how to fight fraud comes directly from the mouths of the crooks themselves. Online cybercrime forums play a critical role here, allowing thieves to compare notes about how to evade new security roadblocks and steer clear of fraud tripwires. Few topics so reliably generate discussion on crime forums around this time of year as tax return fraud, as we'll see in the conversations highlighted in this post.

# Bruce Schneier's blog

  • Brute-Forcing iPhone PINs Mon, 30 Mar 2015 06:47:43 -0500
    This is a clever attack, using a black box that attaches to the iPhone via USB: As you know, an iPhone keeps a count of how many wrong PINs have been entered, in case you have turned on the Erase Data option on the Settings | Touch ID & Passcode screen. That's a highly-recommended option, because it wipes your device...
  • Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products Fri, 27 Mar 2015 16:03:10 -0500
    More research. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • Yet Another Computer Side Channel Fri, 27 Mar 2015 07:01:04 -0500
    Researchers have managed to get two computers to communicate using heat and thermal sensors. It's not really viable communication -- the bit rate is eight per hour over fifteen inches -- but it's neat....
  • New Zealand's XKEYSCORE Use Thu, 26 Mar 2015 09:46:15 -0500
    The Intercept and the New Zealand Herald have reported that New Zealand spied on communications about the World Trade Organization director-general candidates. I'm not sure why this is news; it seems like a perfectly reasonable national intelligence target. More interesting to me is that the Intercept published the XKEYSCORE rules. It's interesting to see how primitive the keyword targeting is,...
  • Capabilities of Canada's Communications Security Establishment Wed, 25 Mar 2015 06:55:48 -0500
    There's a new story about the hacking capabilities of Canada's Communications Security Establishment (CSE), based on the Snowden documents....
  • Reforming the FISA Court Tue, 24 Mar 2015 09:04:42 -0500
    The Brennan Center has a long report on what's wrong with the FISA Court and how to fix it. At the time of its creation, many lawmakers saw constitutional problems in a court that operated in total secrecy and outside the normal "adversarial" process.... But the majority of Congress was reassured by similarities between FISA Court proceedings and the hearings...
  • BIOS Hacking Mon, 23 Mar 2015 07:07:54 -0500
    We've learned a lot about the NSA's abilities to hack a computer's BIOS so that the hack survives reinstalling the OS. Now we have a research presentation about it. From Wired: The BIOS boots a computer and helps load the operating system. By infecting this core software, which operates below antivirus and other security products and therefore is not usually...
  • Friday Squid Blogging: Squid Pen Fri, 20 Mar 2015 16:29:44 -0500
    Neat. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • New Paper on Digital Intelligence Fri, 20 Mar 2015 13:51:04 -0500
    David Omand -- GCHQ director from 1996-1997, and the UK's security and intelligence coordinator from 2000-2005 -- has just published a new paper: "Understanding Digital Intelligence and the Norms That Might Govern It." Executive Summary: This paper describes the nature of digital intelligence and provides context for the material published as a result of the actions of National Security Agency...
  • Cisco Shipping Equipment to Fake Addresses to Foil NSA Interception Fri, 20 Mar 2015 06:56:11 -0500
    Last May, we learned that the NSA intercepts equipment being shipped around the world and installs eavesdropping implants. There were photos of NSA employees opening up a Cisco box. Cisco's CEO John Chambers personally complained to President Obama about this practice, which is not exactly a selling point for Cisco equipment abroad. Der Spiegel published the more complete document, along...

# WIRED Threat Level

# exploit-db.com

# Securiteam