police department
involves information theft at an Ohio court web site, which is actively used
for identity theft. At least one known identity theft case resulted in
$40,000 loss to the victim.
WHID 2007-70: Tucson, Arizona police web site defaced using SQL injection
=========================================================================
Reported: 20 December 2007, Occurred: 20 December 2007
Classifications:
involves information theft at an Ohio court web site, which is actively used
for identity theft. At least one known identity theft case resulted in
$40,000 loss to the victim.
WHID 2007-70: Tucson, Arizona police web site defaced using SQL injection
=========================================================================
Reported: 20 December 2007, Occurred: 20 December 2007
Classifications:
involves information theft at an Ohio court web site, which is actively used
for identity theft. At least one known identity theft case resulted in
$40,000 loss to the victim.
WHID 2007-70: Tucson, Arizona police web site defaced using SQL injection
=========================================================================
Reported: 20 December 2007, Occurred: 20 December 2007
Classifications:
> involves information theft at an Ohio court web site, which is actively used
> for identity theft. At least one known identity theft case resulted in
> $40,000 loss to the victim.
>
>
> WHID 2007-70: Tucson, Arizona police web site defaced using SQL injection
> =========================================================================
> Reported: 20 December 2007, Occurred: 20 December 2007
>
> Classifications:
>
access-list 150 permit udp any any eq 123
!--- Permit (Police or Drop)/Deny (Allow) all other Layer3 and
!--- Layer4 traffic in accordance with existing security policies
!--- and configurations for traffic that is authorized to be sent
!--- to infrastructure devices
!--- Create a Class-Map for traffic to be policed by
!--- the CoPP feature
Note: CoPP is not supported on uBR10012 series devices.
!-- Permit all UDP/1975 traffic so that it
!-- will be policed and dropped by the CoPP feature
!
access-list 111 permit udp any any eq 1975
access-list 111 permit ip any 127.0.0.0 0.255.255.255
access-list 111 permit ip 127.0.0.0 0.255.255.255 any
!--- Deny all trusted source L2TP UDP traffic sent to all IP addresses
!--- configured on all interfaces of the affected device so that it
!--- will not be policed by the CoPP feature.
!--- NOTE: This does not prevent spoofed attacks.
!--- To be a full mitigation, no trusted source
!--- addresses should be listed.
!--- Omit this line if using an L2TPv3 over IP implementation only.
access-list 111 deny udp host 192.168.100.1 any eq 161
!--- Permit all other SNMP UDP traffic sent to all IP addresses
!--- configured on all interfaces of the affected device so that it
!--- will be policed and dropped by the CoPP feature
access-list 111 permit udp any any eq 161
access-list 111 deny udp host 192.168.100.1 any eq 2067
access-list 111 deny 91 host 192.168.100.1 any
!--- Permit all other DLSw traffic sent to all IP addresses
!--- configured on all interfaces of the affected device so that it
!--- will be policed and dropped by the CoPP feature
access-list 111 permit udp any any eq 2067
access-list 111 permit 91 any any
!--- Permit (Police or Drop)/Deny (Allow) all other Layer 3 and Layer 4
access-list 150 deny tcp TRUSTED_HOSTS WILDCARD any eq 10000
!---
!--- Permit ALPS traffic sent to all IP addresses
!--- configured on all interfaces of the affected device so
!--- that it will be policed and dropped by the CoPP feature
!---
access-list 150 permit tcp any any eq 350
access-list 150 permit tcp any any eq 10000
access-list 100 deny tcp host 172.16.1.1 any eq 5061
access-list 100 permit udp any any eq 5060
access-list 100 permit tcp any any eq 5060
access-list 100 permit tcp any any eq 5061
!-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4
!-- traffic in accordance with existing security policies and
!-- configurations for traffic that is authorized to be sent
!-- to infrastructure devices.
!-- Create a Class-Map for traffic to be policed by
!-- the CoPP feature.
on its botnet buster - the company said that even revealing its name could give cyber
criminals a clue on how to thwart it", what? This is perhaps the biggest gaffe I've read
thus far on potential government collusion with Microsoft.
We then have the following wording: "Microsoft had not previously talked about its
botnet tool, but it turns out that it was used by police in Canada to make a high-profile
bust earlier this year." So again, thinking logically at what has been said so far by
Microsoft; "We have a tool called Malicious Software Removal tool...", "we can't tell
you the name of this tool since it would undermine our snooping...", "it's been used by
law enforcement already to make a high-profile bust earlier this year."
> biggest gaffe I've read
> thus far on potential government collusion with Microsoft.
>
> We then have the following wording: "Microsoft had not previously
> talked about its
> botnet tool, but it turns out that it was used by police in Canada to
> make a high-profile
> bust earlier this year." So again, thinking logically at what has been
> said so far by
> Microsoft; "We have a tool called Malicious Software Removal tool...",
> "we can't tell
>
> /QUOTED:
> In February, the Sret du Qubec used Microsoft's botnet-buster to
> break up a network that had infected nearly 500,000 computers in 110
> countries, according to Captain Frederick Gaudreau, who heads up the
> provincial police force's cybercrime unit.
> / END QUOTE
>
> Missing the part? Its black and white. If MS wasn't using information
> (flawed
> since it's relying on IP) then how did they correlate IP information
Cyber Crime: Follow the Money - Pedro Bueno (McAfee)
The Powerful Evil on Mobile Phone - Nanik (COSEINC)
Securing Your Web Application Codes - Kurt Grutzmacher (Pacific Gas)
Hacking RFiD Devices: Octopus Card?? - Adam Laurie (RFIDI0T.org)
Attacking Anti-Virus - Sowhat (Nevis Lab)
Anti-Forensic: Leaving the Police No Trails (the Grugq)
Media Security in VOiP Systems - Shao Weidong (Secure Minded Consulting)
Rambling on the Private Data Security: No more Eason Chan - Sun Bing
Look out for SyScan'08 Singapore and SyScan'08 Taiwan.
###########################################################
Ubuntu Privacy Remix (UPR), based on Ubuntu 9.04, is a live,
read-only CD that seals off your private data from the outside world to
offer protection against spying measures such as the german
„Bundestrojaner“, with which the German government and federal police
tries to spy on its citizens.
UPR does this using encryption and isolation methods. This method of
booting off a read-only CD provides a isolated and unmodifiable system
that is exceedingly difficult to compromise by spyware.
The following security issues affect the "Ubuntu Privacy Remix" releases
You can not be made to lie. Legally, there are no Government privileges that obligates perjury.
You can be asked to keep quiet and in fact, discussing an ongoing case is risky in any event (NSA or local police).
Regards,
Dr Craig Wright (GSE-Compliance)
Craig Wright
The Crue is aware that location is everything, so once again we will be
invading the Pipitea Campus which is surrounded by prestigious Wellington
buildings such as Parliament house, the (partly renovated and badly secured)
High Court, Ministry of Defence and various telecommunication hubs. All
services are handy to the venue as well (train station, taxi rank, burger
caravan, police cells / court etc).
Caffeination will be provided by the lovely folks at Sweet Fanny-Anne's.
_
_-(")-
access-list 100 permit udp any any eq 5060
access-list 100 permit tcp any any eq 5060
access-list 100 permit tcp any any eq 5061
!-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4
!-- traffic in accordance with existing security policies and
!-- configurations for traffic that is authorized to be sent
!-- to infrastructure devices.
###########################################################
Ubuntu Privacy Remix (UPR), based on Ubuntu 8.04 (LTS), is a live,
read-only CD that seals off your private data from the outside world to
offer protection against spying measures such as the german
„Bundestrojaner“, with which the German government and federal police
tries to spy on its citizens.
UPR does this using encryption and isolation methods. This method of
booting off a read-only CD provides a isolated and unmodifiable system
that is exceedingly difficult to compromise by spyware.
The following security issues affect the "Ubuntu Privacy Remix" releases
!-- Include deny statements up front for any protocols/ports/IP addresses that
!-- should not be impacted by CoPP
!-- Include permit statements for the protocols/ports that will be
!-- governed by CoPPaccess-list 100 permit tcp any any eq 443
!-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4
!-- traffic in accordance with existing security policies and
!-- configurations for traffic that is authorized to be sent
!-- to infrastructure devices.
!
!-- Create a Class-Map for traffic to be policed by
So you argue... "Reporting is optional..." It sure is, but what do
you think the response would be from MS users if MS stated "We will
send your information to Law Enforcement agents anywhere..."
/QUOTED:
In February, the Sret du Qubec used Microsoft's botnet-buster to break up a network that had infected nearly 500,000 computers in 110 countries, according to Captain Frederick Gaudreau, who heads up the provincial police force's cybercrime unit.
/ END QUOTE
Missing the part? Its black and white. If MS wasn't using information (flawed
since it's relying on IP) then how did they correlate IP information
back to law enforcement... OUTSIDE the United States...
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513596
and to ubuntu (tested on hardy):
https://bugs.launchpad.net/cryptsetup/+bug/324871
It's not a major security problem, but people who were planning to run
'cryptsetup luksDelKey /dev/sda1 0' on their installation when the police
comes to wake them up should be adviced that it won't work out of the box.
Cheers,
access-list 100 permit udp any any eq 5060
access-list 100 permit tcp any any eq 5060
access-list 100 permit tcp any any eq 5061
!-- Permit (Police or Drop)/Deny (Allow) all other Layer3 and Layer4
!-- traffic in accordance with existing security policies and
!-- configurations for traffic that is authorized to be sent
!-- to infrastructure devices.
!-- Create a Class-Map for traffic to be policed by
!-- the CoPP feature.
|
