Precise Pangolin rolls out: Ubuntu 12.04 released, introduces Unity HUD.

Step 1: Plug in the USB adapter. In this example, I have a Prolific Technology Inc. USB-Serial Controller plugged into the console port of a Cisco 2900 XL switch.
Step 2: Run dmesg to see if it was recognized, and to find out its device info:


Apr 12 13:42:34 nerdherd-sol usba: [ID 912658 kern.info] USB 1.10 device (usb67b,2303) operating at full speed (USB 1.x) on USB 1.10 root hub: device@6, usbsprl0 at bus address 2
Apr 12 13:42:34 nerdherd-sol usba: [ID 349649 kern.info] Prolific Technology Inc. USB-Serial Controller
Apr 12 13:42:34 nerdherd-sol genunix: [ID 936769 kern.info] usbsprl0 is /pci@0,0/pci108e,534a@2/device@6
Apr 12 13:42:34 nerdherd-sol genunix: [ID 408114 kern.info] /pci@0,0/pci108e,534a@2/device@6 (usbsprl0) online


Step 3: Look for the device number, and remember the path and number, you’ll need it in a second:

[mikes@nerdherd-sol:~] 197 % ls /dev/cua (or /dev/term)
0

Step 4: Edit /etc/remote, and add an entry pointing to the device number above. I copied the ‘hardwire’ line and called my USB adapter ‘softwire’:

-bash-3.00# vi /etc/remote
"/etc/remote" 60 lines, 1969 characters
# The next 17 lines are for the PCMCIA serial/modem cards.
#
## [17+ lines snipped]
hardwire:\
:dv=/dev/term/b:br#9600:el=^C^S^Q^U^D:ie=%$:oe=^D:
softwire:\
:dv=/dev/cua/0:br#9600:el=^C^S^Q^U^D:ie=%$:oe=^D:

Save and exit.
Step 6: Connect using tip (saving /etc/remote was Step 5):

[mikes@nerdherd-sol:~] 199 % tip softwire
connected

C2900XL Boot Loader (C2900-HBOOT-M) Version 11.2(8.2)SA6, MAINTENANCE INTERIM SOFTWARE
Compiled Wed 23-Jun-99 18:03 by boba
starting...

Step 7: Profit! Now I don’t need to keep a Windows machine around just to run putty or hyperterm.
(Note: the ‘connected’ message was from tip, indicating that it was connected to the USB adapter. After that, the console output from the switch is displayed.)

Black hat hackers and pen testers alike use these tools to dump data, perform privilege escalations, and effectively take over sensitive databases

via Slide Show: 10 SQL Injection Tools For Database Pwnage – Darkreading.

In a Salt Lake Tribune article, reporter Patty Henetz quoted Utah Department of Health spokesman Tom Hudachko, who said that in this particular incident, a configuration error occurred at the level where passwords are entered, allowing the hacker to invade the security system. Technology Services has processes in place to ensure the state’s data is secured, but this particular server was not configured according to normal procedure.

Michael Hales, the Health Department’s Medicaid Director, said, “It just looks like processes broke down,” according to the Tribune.

This sounds like a weaselly way of admitting that the default passwords were not changed.  Default passwords are the easiest way into any system!

via Utah Medicaid Breach Exemplifies Value Of Encryption And Access Control – Dark Reading.

Find locations, registration instructions, and more in this pdf: PCI_Community_Meetings.pdf application/pdf Object.

Attackers were able to compromise the server because an authorization component was not configured properly.

The state’s Department of Technology Services “has processes in place to ensure the state’s data is secured, but this particular server was not configured according to normal procedure.” The agency plans to bolster its controls with additional networking monitoring and intrusion detection functionality.

Hopefully they’ll add some auditors, too.  It’s a shame to have your system set up so you only find out about misconfigurations after outsiders do.

via Number of victims in state of Utah breach significantly rises – SC Magazine.

Grab the PDF from: solaris-11-cheat-sheet-1556378.pdf (application/pdf Object).

“What’s the takeaway on PCI?” Litan asked on Monday in a blog post. “The same one that’s been around for years. Passing a PCI compliance audit does not mean your systems are secure. Focus on security and not on passing the audit.”

And the second is from Adrian Sanabria, QSA at Sword and Shield, Global Payments Credit Card Data Breach:

The worst thing I’ve been able to determine from the details so far, is that it seems Global Payments was storing Track Data – information swiped from the magnetic stripe on the back of the card. The PCI DSS explicitly forbids storing track data (requirement 3.2.1), and PCI considers the storage of sensitive data to be one of the most serious PCI violations. CardSystems was effectively shut down for a lesser violation, though their breach was much larger.

It’s a doubly-bad violation of DSS to 1) Not be compliant in the first place, and 2) to suffer a loss of cardholder data.

I imagine the reinstatement audit, if there is one, will be quite extensive.

Here are 9 of the largest most recent financial services data breaches:

via The Top 9 Most Costly Financial Services Data Breaches – - 1 – Wall Street & Technology.

A Cayman Islands security firm got a bit of unsolicited web security advice on March 30 from MalSec, a group of “malicious security” hackers who recently broke into a server belonging to the Nigerian Senate. But unlike some of the nastier site defacements done recently by members of Anonymous’ #AntiSec collective—including takedowns of two Federal Trade Commission sites—the MalSec hackers left the site itself intact, posting only a replacement home page to advise the company, The Security Centre Ltd., of their vulnerability.

[...]

“Whilst no harm was done to the original site,” the hackers wrote on their replacement home page, “we urge you to secure your site before claiming to be ‘the best of the best’ in any kind of security. We were not first—traces of previous security breaches were found.” The page gave instructions on how to return the site to normal, and advised the company to “please oversee your security before somebody else with more harmful intent does. You can thank us later <3.”

In Security Centre’s defense, they are a physical security company, not information security.

via Hackers politely deface security firm website, suggest fixes.