Suggestions to [email protected]

News:

* ISD Podcast shuts down

* Noticeable uptick in phishing attacks recently, leading to various exploit kit web sites

* Yet another Java update.  Oracle seems to have gotten the message.

* Combofix, a free tool for removing certain kinds of malware, was infected with Sality

* Do not download repackaged software from other file hosting sites.  Bad!

* Cisco released it’s 2013 security report.

* Legitimate sites much more likely to be malicious than traditional pornography

* Ad networks and content delivery networks worst offenders

* Anonymous stole information on 4600 bank executives from a Federal Reserve emergency communication application.

* Fed seems to be downplaying the significance.

US Sentencing Commission:

* The US Sentencing Commission web site has been repeatedly hacked by Anonymous in protest of the suicide of Aaron Swartz. The site was defaced with a video and offered some encrypted files for download, with a threat to release the decryption keys if reforms to the CFAA are not made.

* The site was restored Saturday, but was defaced again on Sunday – with Asteroids.

* The site was unavailable for quite some time after the second breach.

* Apparently the site was restored, but whatever weakness it had was restored too.

* Is it better to get the site back up fast or spend some time to figure out what happened?

NY Times announces it has hacked

* The NY Times reports that its IT systems had been compromised by “Chinese attackers”.

* When the Times became aware of the intrusion, they chose to monitor the activity, rather than try to immediately close the holes

This has some benefits, since it allows the victim to understand the extent to which their systems have been compromised, rather than tipping off the intruder by starting to remediate systems piecemeal.

* NYT contracted Mandiant to investigate

* The attackers were routing traffic through compromised hosts in US universities

* The apparent method of entry is spear phishing

* 45 pieces of malware

* Symantec lashed out at the Times article

* The attackers appeared to be interested in determining who provided an NYT reporter with some salacious information about Wen Jiabao, China’s prime minister.

* Lots of criticism about the report

* Reference to rainbow tables shows the author isn’t a security pro

* China APT seems to be involved in every investigation Mandiant investigates

* Lack of details

* Makes the attack seem highly sophisticated

* I do agree that there is nothing spectacular about this attack – just about anyone with good knowledge of metasploit and SET could pull this style of attack

The timing of the attack certainly is interesting, given the proximity to the story about the FBI searching for...