Basefarm SIRT Newsletter #1

Basefarm SIRT NEWSLETTER #1
Year – Week: 2013 – 05

Welcome to the first weekly security newsletter from your Basefarm SIRT team! In this newsletter we try to collect the latest weekly security news that we find worthwhile. As always, we continue sending out flash messages for critical issues that we find, but that does not mean the information is any less important for those who want to have safe and secure systems. We’d love to get feedback, so please send thoughts, suggestions, things we should add etc. to sirt@basefarm.com .

For those who aren’t familiar with what a SIRT team is, you can find information here:
http://www.cert.org/csirts/csirt_faq.html

Preface
It’s been quite a busy week with WordPress and UPnP vulnerabilities affecting millions of servers and networks. The biggest world wide news story of the week was of course the fact that the New York Times found out that their network had been compromised by Chinese hackers who got access to email accounts of senior staff, stole passwords for the corporate network for every New York Times employee and gained direct access to 53 personal computers of The New York Time employees. This went on for four months before it got noticed. The latest report from Arbor also shows that the DDoS attacks rose quite a bit during 2012 (+20% in bandwidth, +11% higher packet rates and a +41% rise in complex (multi-vector) DDoS attacks).

Important Software Security updates
iOS 6.1 for those with an iPhone.
http://support.apple.com/kb/HT5642

VLC Player 2.0.6 is available for those using VLC as their media player.
http://www.videolan.org/security/sa1302.html

Opera 12.13 is available for those using the Opera Browser.
http://my.opera.com/desktopteam/blog/2013/01/30/12-13-final-released

Security tips
Secure your passwords in Firefox
Setting a master password
Firefox: “Tools -> Options -> Security / Passwords -> Use a master password”
Thunderbird: “Tools -> Options -> Privacy -> Passwords -> Set Master Password”
Changing your master password
Firefox: “Tools -> Options -> Security / Passwords -> Change Master Password”
Thunderbird: “Tools -> Options -> Privacy -> Passwords -> Change Master Password” (not shown unless a master password is set)
http://support.mozilla.org/en-US/kb/use-master-password-protect-stored-logins

Security news
Chinese hackers sit inside the network of New York Times for months without being spotted.
http://www.wired.com/threatlevel/2013/01/new-york-times-hacked/

US Cyber Command Seeks to Quintuple Cybersecurity Force.
http://www.washingtonpost.com/world/national-security/pentagon-to-boost-cybersecurity-force/2013/01/19/d87d9dc2-5fec-11e2-b05a-605528f6b712_story.html

Israel Strengthening its Cyber Stance.
http://www.businessweek.com/news/2013-01-27/israeli-troops-swap-guns-for-computers-as-cyber-attacks-increase

FBI Investigating Leak of US Stuxnet Involvement.
http://www.washingtonpost.com/world/national-security/fbi-is-increasing-pressure-on-suspects-in-stuxnet-inquiry/2013/01/26/f475095e-6733-11e2-93e1-475791032daf_story.html