Microsoft Moving to Security Portal for Patch Tuesday (November 14, 2016)

SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly

summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

November 15, 2016


Hack the Army Bug Bounty Challenge
Microsoft Moving to Security Portal for Patch Tuesday
FriendFinder Networks Accounts Exposed
HNAP Protocol Flaw in D-Link Routers


BlackNurse Requires Just One Laptop to Launch DDoS
OMB FISMA Memo Clarifies What Constitutes a Major Cyber Security Incident
OMB Releases Federal Website Policy Update
Australian Retailer Acknowledges Inadvertent Data Exposure
UK Approves Lauri Love's Extradition
Linux LUKS Disk Encryption Vulnerability
OAuth Vulnerability May Put Access and Data to a Billion Mobile Apps At Risk



*********************** Sponsored By Sophos Inc. ************************ Don't be a data loss headline! With data hacks getting ever more sophisticated, the best way to avoid being a victim - and a headline - is to secure all of your data, all of the time. Introducing Next-Gen Encryption: stop breaches, collaborate securely and stay compliant. Learn more: ***************************************************************************


--Cyber Defense Initiative 2016 | December 10-17, 2016 | Washington, DC |

--SANS Amsterdam 2016 | December 12-17, 2016 | Amsterdam, Netherlands |

--SANS Security East 2017 | January 9-14, 2017 | New Orleans, LA |

--Cloud Security Summit & Training | San Francisco, CA | Jan 17-19, 2017 |

--SANS Las Vegas 2017 | January 23-30, 2017 | Las Vegas, NV |

--Cyber Threat Intelligence Summit & Training | Arlington, VA | Jan 25-Feb 1, 2017 |

--SANS Southern California - Anaheim 2017 | February 6-11, 2017 | Anaheim, CA |

--SANS Secure Japan 2017 | February 13-25, 2017 | Tokyo, Japan |

--SANS Secure Singapore 2017 | March 13-25, 2017 | Singapore, Singapore |



Hack the Army Bug Bounty Challenge (November 11 & 14, 2016)

The US Army has announced its first "Hack the Army" competition. Much like the "Hack the Pentagon" event that took place earlier this year, participants are invited to search for security issues in specified systems. But unlike the Pentagon's event, which limited the probing to static websites, the army's event will focus on the Army's digital recruiting infrastructure, which includes websites and databases that contain information about applicants and existing personnel. The event is by invitation only.

[Editor Comments ]

[Pescatore ]
Good to see this approach spreading across DoD. Time for the civilian side of the federal government to follow suit.

[Murray ]
Very clever, not to say cunning. Many hackers are more motivated by ego than dollars. The hackers will be exposed to the recruiting content. Some talent may be identified.

Read more in:

Dark Reading: US Army Challenges Security Researchers To 'Bring It On'

Wired: The US Military Launches "Hack the Army," its Most Ambitious Bug Bounty Yet

Microsoft Moving to Security Portal for Patch Tuesday (November 14, 2016)

Starting next year, Microsoft will change the format for its monthly security bulletins. The index of static documents will be replaced with a database-driven portal called the Security Updates Guide. The portal is currently in preview; bulletins for November 2016, December 2016, and January 20176 will be published in both formats; starting with February's updates, patch information will be available only through the Security Updates Guide.

[Editor Comments ]

[Ullrich ]
About time. Microsoft security bulletins have become very hard to parse given the large number of Windows versions and configuration options they cover. Maybe Microsoft will even offer a standard parsable format (XML...)

Read more in:

ZDNet: Patch Tuesday overhaul: Microsoft to replace security bulletin index with database-driven portal

FriendFinder Networks Accounts Exposed (November 13 & 14, 2016)

Hundreds of millions of users accounts for FriendFinder Networks have been compromised in an attack. The attack is believed to have occurred in October. It appears that the breach included information for deleted accounts as well as for active ones. The attack compromised nearly all account passwords.

[Editor Comments ]

[Williams ]
Perhaps the most concerning aspect here is that "deleted" accounts were also compromised. This announcement comes on the heels of discovering that Ashley Madison wasn't actually deleting accounts, either. If you store customer data, ensure you are telling the truth when you tell them their data is deleted.

Read more in:

Computerworld: Biggest hack of 2016: 412 million FriendFinder Networks accounts exposed

ZDNet: AdultFriendFinder network hack exposes e412 million accounts

HNAP Protocol Flaw in D-Link Routers (November 11, 2016)

The US CERT has issued an advisory warning of an HNAP-parsing vulnerability in D-Link routers. The flaw could be exploited to allow "a remote, unauthenticated attacker ... to execute arbitrary code with root privileges." The CERT advisory lists D-Link routers known to be affected (DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, and DIR-868L). D-Link has issued fixes for some of the affected products. The researcher who found the vulnerability says other devices could be affected as well.

[Editor Comments ]

[Ullrich ]
I do not believe there is any home/SMB router that is free of vulnerabilities in its admin interface. Do not provide access to the admin interface from outside your network, and if you have to, then lock it down as best you can with firewall rules. A strong password will not protect you against flaws like this one that do not require authentication.

[Williams ]
HNAP is, thankfully, falling out of favor. For perspective, while the security bulletin says this is "remotely exploitable," it means exploitable from the LAN only. D-Link routers ship with WAN administration disabled and HNAP should not be accessible from the WAN interface.

Read more in:

Computerworld: Another HNAP flaw in D-Link routers

CERT: D-Link routers HNAP service contains stack-based buffer overflow

D-Link: Support Announcement: HNAP stack overflow

*************************** SPONSORED LINKS *****************************

1) Watch Splunk experts discuss real-world examples of Splunk Enterprise Security frameworks, and also demo these frameworks. Join now!

2) Everything you wanted to know about Security Information and Event Management (SIEM) but were afraid to ask. Get your copy of the Beginner