Students at the University of Cambridge have discovered a new flaw that is compromised by using a MITM attack that deceives a terminal in to thinking that a card’s PIN is correct irregardless of what number is provided for the PIN.

The attack uses an electronic device as a “man-in-the-middle” in order to prevent the PIN verification message from getting to the card, and to always respond that the PIN is correct. Thus, the terminal thinks that the PIN was entered correctly, and the card assumes that a signature was used to authenticate the transaction.

“We think this is one of the biggest flaws that we’ve uncovered – that has ever been uncovered – against payment systems, and I’ve been in this business for 25 years,” said Professor Ross Anderson from the school’s Computer Laboratory.

More details are available at the University of Cambridgde Computer Laboratory Security Group website.

From ISPreview:

WeFi, a free wireless Wi-Fi broadband Hotspot locator website with a database of 47,000,000 access points around the world, has revealed that 40% of Hotspots in the USA are unlocked and do not require a security password. This compares with 25% in Europe.

According to WeFi’s data, a traveler would find a higher percentage of open hotspots in countries such as Thailand, Israel, Brazil, Argentina and the Bahamas as compared with both the US and Europe. Across the world, approximately 30% of recorded Wi-Fi access points are unlocked, while some 70% are locked

Full Article: ISPreview

Scientists are set to unveil a lightweight system they say makes an operating system significantly more resistant to rootkits without degrading its performance. The hypervisor-based system is dubbed HookSafe, and it works by relocating kernel hooks in a guest OS to a dedicated page-aligned memory space that’s tightly locked down. The team installed HookSafe on a machine running Ubuntu 8.04, and found the system successfully prevented nine real-world rootkits targeting that platform from installing or hiding themselves. The program was able to achieve that protection with only a 6 percent reduction in performance benchmarks.

Via: The Register

The release of OpenBSD 4.6 was released on Sunday. Highlights of the new release include:

• Simplified installation process.
• Improved documentation and man pages.
• New versions of packages in ports (package management system). Over 5800 packages in total.
• Hardware driver updates: sensors, chipsets, video devices etc. New drivers, functionality and reliability updates.
• Network stack updates: stricter default settings. Wired interfaces are now preferred over wireless ones.
• Firewall changes: enabled by default, stricter checking of package formats.
• Routing daemon updates: mainly BGP daemon updates, fixes few bugs.
• New more secure smtpd (mail server).New OpenSSH released (5.3).

Grab a CD set or download from a mirror, and please support the project

A joint study conducted by TELUS and the Rotman School of Management at the University of Toronto surveyed more than 600 Canadian IT security professionals on Canadian IT security practices this year.

The economic downturn has increased the risk organizations:

“The threat environment worsens because when the economy goes into a downturn, job losses mount, and as people leave the organization many often take data with them,” Mr. Hejazi said.

About 33 per cent of reported security breaches this year came from within companies, and unauthorized access by employees represented the fastest-growing threat area, according to TELUS Security Labs managing director and study co-author Alan LeFort.

Last year, about 17 per cent of Canadian organizations reported so-called “insider breaches.” This year, that number has more than doubled to 36 per cent.

The complete article can be read at The Globe and Mail

Most organizations are focusing their patching efforts and vulnerability scanning on the operating system — but 60 percent of the total number of attacks occur on Web applications, and many attacks are aimed at third-party applications such as Microsoft Office, and Adobe Flash and other tools, according to actual attack data gathered for the report. Meanwhile, enterprises are taking twice as long to patch their applications than to patch their operating systems, the report says.

More at darkREADING

Sun Microsystems’ product plans are up in the air pending its acquisition by Oracle, but the company’s chip engineers continue to present new designs in the hope they’ll see the light of day. At the Hot Chips conference at Stanford University on Tuesday, Sun presented plans for a security accelerator chip that it said would reduce encryption costs for applications such as VoIP calls and online banking Web sites. The chip, known as a coprocessor, will be included on the same silicon as Rainbow Falls, the code name for the follow-on to Sun’s multithreaded Ultrasparc T2 processor.

Via: OSNews

ISC is reporting that a new, remotely exploitable vulnerability has been found in all versions of BIND 9. A specially crafted dynamic update packet will make BIND die with an assertion error. There is an exploit in the wild and there are no access control workarounds. Red Hat claims that the exploit does not affect BIND servers that do not allow dynamic updates, but the ISC post refutes that. This is a high-priority vulnerability and DNS operators will want to upgrade BIND to the latest patch level.

Via: Slashdot

Nmap Security Scanner version 5 has been released. Significant performance improvements were made, and many scripts have been added. Nmap can now log into Windows a system and perform local checks such as Conficker detection.

Announcement
Changes
Download

Researchers have built a tool that automatically finds and exploits SQL injection and cross-site scripting vulnerabilities in Web applications.

The so-called Ardilla tool uses a technique developed by the researchers — MIT’s Adam Kiezun, the University of Washington’s Michael Ernst, Stanford’s Philip Guo, and Syracuse University’s Karthick Jayaraman — that creates inputs that pinpoint bugs in Web applications and then generates SQL injection and XSS attacks. Ardilla is for PHP-based Web apps.

There is also a table of results from analysis done against several PHP web applications

Via: darkREADING