BCS Cybercrime Forensics SG Briefing: 20th September 2011

Not sure if I am allowed to blog these? but let try this an see

Opinion: Evolution of Incident Response Computer Weekly 19th September 2011
http://www.computerweekly.com/Articles/2011/09/19/247928/Opinion-Evolution-of-incident-response.htm
Security Firms’ Plan Targets Cyberthreats UPI 19th September 2011
http://www.upi.com/Business_News/Security-Industry/2011/09/19/Security-firms-plan-targets-cyberthreats/UPI-93641316451916/
The All-Seeing Eye of the Camera: New TV Series Person of Interest Set in a Not-Too-Distant Future of Crime ’Prediction’
Canada.com 19th September 2011
http://www.canada.com/entertainment/seeing+camera+series+Person+Interest+distant+future+crime+prediction/5425771/story.html
Chinese Hackers Pledge to Reject Cybercrime Computer World 19th September 2011
http://www.computerworlduk.com/news/security/3304319/chinese-hackers-pledge-to-reject-cybercrime/
Navy War-Room Leak: Case Falling Apart Zee News—India 19th September 2011
http://zeenews.india.com/news/nation/navy-war-room-leak-case-falling-apart_732456.html
Counter What? Family Security Matters—USA 19th September 2011
http://www.familysecuritymatters.org/publications/id.10398/pub_detail.asp
Clarke: Outdated Cyber Defence Leaves US Open to Attack GCN—USA 19th September 2011
http://gcn.com/articles/2011/09/19/richard-clarke-us-outdated-cyber-defense.aspx
Feds: Wi-Fi Hacking Burglars Targeted Dozens of Seattle-Area Businesses Seattle Pi—USA 19th September 2011
http://www.seattlepi.com/local/article/Feds-Wi-Fi-hacking-burglars-targeted-dozens-of-2178421.php
Hackers Breach Japan’s Missile, Nuclear Plants Mobileda 19th September 2011
http://www.mobiledia.com/news/108832.html
No Set-Back in Naval War Room Leak Accused Extradition: CBI The Hindustan Times—India 20th September 2011
http://www.hindustantimes.com/No-set-back-in-Naval-War-Room-leak-acccused-extradition-CBI/Article1-748042.aspx
US Matrix-Style Cyberwar Firing Range Moves Forward The Register 20th September 2011
http://www.theregister.co.uk/2011/09/20/cyber_range_pahse_iib/
ComodoHacker Declares Private Cyber-War eWeek 20th September 2011
http://www.eweekeurope.co.uk/news/comodohacker-declares-private-cyber-war-40152
Integralis Takes a Proportional Approach to Cybercrime Source Wire 20th September 2011
http://www.sourcewire.com/releases/rel_display.php?relid=67189
Cyber Attacks Coincide With 80th Anniversary of Manchurian Incident The Telegraph 20th September 2011
http://www.telegraph.co.uk/news/worldnews/asia/japan/8775634/Cyber-attacks-coincide-with-80th-anniversary-of-Manchurian-Incident.html
Cyber Attacks on South Korea Foreign Policy Journal 20th September 2011
http://www.foreignpolicyjournal.com/2011/09/20/cyber-attacks-on-south-korea/
Japan Defence Firm Mitsubishi Heavy in Cyber Attack BBC News 20th September 2011
http://www.bbc.co.uk/news/world-asia-pacific-14982906
Complaints relating to Spam Text Messages Increase BBC News 20th September 2011
http://www.bbc.co.uk/newsbeat/14971377
UK Firm Denies ’Cyber-Spy’ Deal With Egypt BBC News 20th September 2011
http://www.bbc.co.uk/news/technology-14981672
Cybercrime: Ugly Face of Social Media The National 20th September 2011
http://www.thenational.ae/business/technology/cybercrime-ugly-face-of-social-media
Last Line of Defence: Why is ANZUS Prepping for a Cyber War?
The Conversation—Australia 20th September 2011
http://theconversation.edu.au/last-online-of-defence-why-is-anzus-prepping-for-a-cyber-war-3418

Microsoft Security Advisory 2607712 Revised

Microsoft Security Advisory 2607712 – Fraudulent Digital Certificates Could Allow Spoofing: http://www.microsoft.com/technet/security/advisory/2607712.mspx

Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store. A fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.

MS Security Bulletin MS10-106: Vulnerability in #Exchange 2007 SP2 Could Allow Denial of Service

#Exchange2007

Just seen this: http://www.microsoft.com/technet/security/bulletin/MS10-106.mspx

This security update resolves a privately reported vulnerability in Microsoft Exchange Server. The vulnerability could allow denial of service if an authenticated attacker sent a specially crafted network message to a computer running the Exchange service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed.

This security update is rated Moderate for Microsoft Exchange Server 2007 Service Pack 2 for x64-based Systems.


Non-Affected Software
  • Microsoft Exchange Server 2000 Service Pack 3
  • Microsoft Exchange Server 2003 Service Pack 2
  • Microsoft Exchange Server 2007 Service Pack 3
  • Microsoft Exchange Server 2010
  • Microsoft Exchange Server 2010 Service Pack 1

Upgrade Your Hotmail Live Account.

If you get an email like this in your hotmail account DO NOT reply to it .. and I really mean DO NOT reply to it.  Microsoft NEVER sends email like this out!

Check these out:

http://news.bbc.co.uk/1/hi/technology/8291268.stm

http://www.guardian.co.uk/technology/2009/oct/06/hotmail-phishing

http://www.telegraph.co.uk/technology/microsoft/6264539/Microsoft-Hotmail-leak-blamed-on-phishing-attack.html#


From: Windows Live Hotmail Member Services [mailto:member–services@live.com]
Sent: 03 October 2009 10:12
Subject: Upgrade Your Hotmail Live Account.

Welcome to Hotmail.

Attention: Hotmail.com Account holder,

This message is from the Database Information Technology service messaging center, to all our e-mail account holders. All Mail hub systems will undergo regularly scheduled maintenance. Access to your mailbox via our mail portal will be unavailable for some period of time during this maintenance period. We shall be carrying out service maintenance on our database and e- mail account center for better online services. We are deleting all unused-mail accounts to create more space for new accounts.

Coming Soon!

Find out what else is new or coming soon to Hotmail.

In order to ensure you do not experience service interruptions/possible deactivation Please you must reply to this email immediately confirming your Hotmail.com email account details below for confirmation/identification.You may get this message in your inbox or junk.

1. First Name & Last Name:

2. Full Login Email Address:

3. Username & Password:

4. Confirm your Current Password:

NOTE: YOUR DETAILS WILL NOT BE SHARED.

Failure to complete the above process within the shortest possible time will result in both inbound and outbound failures on your email. This will prevent you from sending or receiving email messages. Make sure the details above are correct to enable us restore your account details; this will help prevent your account from suspending or closing. Users have often told us that the more they use Hotmail.com Service, the more they discover its benefits. We’ll keep working on making Hotmail.com the best email service around, and we appreciate your joining us for the ride.

We are sorry for any inconvenience we might have cause you, Expect our new mail features. Please do help spread this important information by forwarding it to other users. You will be sent a confirmation letter from our customer service after our upgrading.Plan your next event, write a blog, create a discussion group, even get updates from other websites you use. –

“Your Life, Your Stuff, All Together at Windows Live.”

Thanks for understanding our plight.

Engr. Festus English

Windows Live Hotmail ®

For more information or for general questions regarding your e-mail account, please visit Windows Live Hotmail Help. Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA © 2008 Microsoft Corporation. All rights reserved.

Forefront Unified Access Gateway (UAG) RC0

Sweet http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=a3f5729a-3989-4f60-980f-1b87dd198988

Microsoft Forefront Unified Access Gateway (UAG) is a secure application gateway, to manage, control, and optimize remote access for managed and non-managed endpoints, to corporate applications and resources. Forefront UAG RC0 provides a number of new features, including support for migration from Forefront UAG Beta 2.

Forefront UAG provides the following:

  • Remote access: Using Forefront UAG you can allow and control access to internal resources and applications from a range of managed and unmanaged client endpoints.
  • Application support: Forefront UAG provides broad application support for a wide range of Microsoft and third-party applications. Application optimizers, consisting of predefined settings and values, provide optimum settings for accessing a specific application via Forefront UAG.
  • Access control: Forefront UAG provides granular access control, to ensure that only client endpoints complying with corporate health guidelines can access internal applications and resources.
  • Authentication: Forefront UAG provides frontend and backend authentication mechanisms. Frontend authentication allows you to pre-authenticate users using a wide range of authentication mechanisms, ensuring that only authenticated traffic reaches published application servers. In addition, Forefront UAG provides a single sign-on experience for authentication to backend applications.

Find more information about Forefront UAG as follows:

Forefront UAG RC0 provides a number of new features, including support for migration from Forefront UAG Beta 2. If you want to migrate a Forefront UAG Beta 2 configuration to RC0, ensure that you run the UAG_RC0_4_0981_2.msp file after running Forefront UAG Setup.

Forefront Security 2010 for Exchange Server Release Candidate

Ohhh


Source: http://www.microsoft.com/downloads/details.aspx?FamilyID=b8a7d36f-cc8d-4335-ae60-8f27c48f3a37&displayLang=en

Microsoft Forefront Security 2010 for Exchange Server provides fast and effective protection against malware and spam by including multiple scanning engines from industry-leading security partners. It also integrates with Forefront Online Security for Exchange to provide the defense-in-depth benefits of hosted and on-premise filtering in a single solution.

Powershell Cmdlets for Forefront Security 2010 for Exchange Server Beta 2

Just install forefront and here are the new cmdlets

Name

Synopsis 

Add-FSSFilterListEntry

Adds items to an existing filter list.

Clear-FSEReport

Resets a report about FSE activities.

Clear-FSSFilterList

Clears a filter list. The filter list may still be associated with scan jobs.   

Export-FseQuarantine

Saves quarantined items to disk.    

Export-FSESettings

Exports the configuration settings.     

Get-FSEAdvancedOptions

Retrieves the advanced options.     

Get-FseIncident

Retrieve records from the incident database.   

Get-FseIncidentOptions

Gets the incident database options.

Get-FSELoggingOptions

Retrieves logging options.  

Get-FSENotification

Retrieve settings for e-mail notifications.  

Get-FSEOnDemandFilter

Retrieves the configuration of all filter lists of a particular type enabled for the on-demand scan.    

Get-FSEOnDemandScan

Retrieves the configuration for the on-demand scan.  

Get-FSEProductInfo

Retrieves server and product information.  

Get-FseQuarantine

Retrieve records from the quarantine database. 

Get-FseQuarantineOptions

Retrieves the quarantine options.    

Get-FSERealtimeFilter

Retrieves the configuration of all filter lists of a particular type enabled for the realtime scan.

 Get-FSERealtimeScan

Retrieves configuration settings for the Realtime scan.  

Get-FSEReport

Retrieves statistical reports about FSE activities.     

Get-FSEScheduledFilter

Retrieves the configuration of all filter lists of a particular type enabled for the scheduled scan.  

Get-FSEScheduledScan

Retrieves the configuration for the scheduled scan.     

Get-FSESpamConnectionFilter

Retrieve configuration options for the Forefront DNS Block List (DNSBL). 

Get-FSESpamContentFilter

Retrieves the settings for the spam content filter.    

Get-FSESpamFiltering

Retrieve the status of spam filtering.   

Get-FSESpamReport

Retrieves a spam blocking report.     

Get-FSETransportFilter

Retrieves the configuration of all filter lists of a particular type enabled for the transport scan.    

Get-FSETransportScan

Retrieves configuration options for the transport scan.     

Get-FSSExtendedOption

Get an extended option.

Get-FSSFilterList

Retrieves filter lists.   

Get-FSSSignatureOptions

Retrieves engine definition update settings.   

Get-FSSSignatureUpdate

Retrieves the schedules for updating engine definitions.   

Get-FSSTracing

Retrieves trace settings.  

Import-FSESettings

Imports the configuration settings.  

New-FSSExtendedOption

Create an extended option. 

New-FSSFilterList

Creates a new filter list.  

Remove-FseIncident

Removes an item from the incident database.     

Remove-FseQuarantine

Removes an item from quarantine.    

Remove-FSSExtendedOption

Remove an extended option.    

Remove-FSSFilterList

Deletes a filter list.    

Remove-FSSFilterListEntry

Removes one or more items from a filter list.  

Resume-FSEOnDemandScan

Resumes a suspended on-demand scan.

Send-FseQuarantine

Delivers an item that has been quarantined to the specified recipients.

Set-FSEAdvancedOptions

Sets advanced scan options.  

Set-FseIncidentOptions

Sets the incident database options.  

Set-FSELoggingOptions

Sets logging options.     

Set-FSENotification

Configure settings for e-mail notifications.   

Set-FSEOnDemandFilter

Configures a filter list for use with the on-demand scan.

Set-FSEOnDemandScan

Sets configuration options for the on-demand scan.  

Set-FseQuarantineOptions

Sets the quarantine options.    

Set-FSERealtimeFilter

Configures a Realtime filter list.   

Set-FSERealtimeScan

Configures the realtime scan    

Set-FSEScheduledFilter

Associates a filter to the scheduled scan and enables it    

Set-FSEScheduledScan

Configures the scheduled scan. 

Set-FSESpamConnectionFilter

Sets configuration options for the Forefront DNS Block List (DNSBL).    

Set-FSESpamContentFilter

Sets the configuration options for the spam content filter.  

Set-FSESpamFiltering

Enables or disables Forefront antispam filtering.  

Set-FSETransportFilter

Configures a filter list for use with the transport scan.  

Set-FSETransportScan

Configures the transport scan.   

Set-FSSExtendedOption

Set an extended option.     

Set-FSSFilterList

Replaces all the values in a filter list.

Set-FSSSignatureOptions

Sets engine and definition updating options.  

Set-FSSSignatureUpdate

Sets the schedule for updating engine definitions.   

Set-FSSTracing

Sets trace settings.   

Start-FSEOnDemandScan

Starts the on-demand scan.    

Start-FSEScheduledScan

Starts a background scan.     

Start-FSSSignatureUpdate

Starts engine updating.

Stop-FSEOnDemandScan

Stops the on-demand scan.

Stop-FSEScheduledScan

Stops a currently-running scheduled scan.     

Suspend-FSEOnDemandScan

Suspends the on-demand scan.