Share |

InfoSec News


Data security in demand, pays well
Richmond Times Dispatch
With increasingly frequent reports of big companies such as Google, DuPont, GE, and Johnson & Johnson being targeted by hackers, the "infosec" career field is growing "as fast as online computing is expanding," said Weaver, 33. ...

 
Identity theft has saddled thousands of children with debt, sometimes for years before they ever discover their personal information has been stolen, a study says.
 
JP Morgan Chase and the Kroger supermarket chain are warning customers that their names and e-mail addresses may have fallen into the wrong hands after someone broke into computer systems at e-mail marketing giant Epsilon.
 
A redhead instant messaged me. She was in a vacation home on the Massachusetts coast. "Fleishman," she typed breathily. "You're the only one with the answer." "Spill the Java applets, toots," I tapped out with one hand while knocking back ban-cha tea with the other. A pause. Then a stream of words. "My Android phone won't connect to my MacBook Pro's software base station. My husband doesn't understand. I need your help." I like a challenge. I rolled up my hemp-cotton sleeves. "Lady, I charge 128 bits a day, plus expenses." She agreed.
 
RealNetworks Helix Server 'x-wap-profile' Header Remote Code Execution Vulnerability
 
FFmpeg Version 0.5 Multiple Remote Vulnerabilities
 
Websense has been tracking a mass SQL-Injection attack for the past few days that started with only a few ten thousand websites and has exploded to potentially over 1 million websites. There doesn't seem to be anything particularly new about the infection mechanism (aside of the scope of its success) and the injection itself only inserts a random snippet of HTML to redirect victims to a rogue AV site that tells the user they are infected.
One of the domains implicated in this attack was registered in October and showed up on the radar in December, so it appears the preparation of this attack has taken some time and it's been perculating for awhile. The bulk of the infections, however, have only just occurred in the last few days. Infected sites tend to use the same URL structure including a file ur.php. It appears this is only affecting sites using Microsoft SQL Server 2003/2005.
Defense against your sites getting infected is the standard things we ought to be doing anyway in regards to SQL injection (i.e.use prepared statements, filter input for control characters, whitelist if possible, blacklist if not). Webserver administrators should also be checking for sudden appearance of files in their httpdocs directory. More on this as it develops.
--

John Bambenek

bambenek at gmail /dot/ com

Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft appears to be reconsidering a decision to bar an application from the Windows Phone 7 market, in one of the first tests of the software giant's mobile app approval process.
 
Microsoft's Internet Explorer again lost ground to Apple's Safari and Google's Chrome in March, even as the company launched its newest browser, Web metrics data showed today.
 
A congressional subcommittee has approved a bill requiring two government agencies to return any unused money from broadband deployment programs that were part of a huge 2009 economic stimulus package.
 
The ThunderBolt smartphone from HTC has outsold the iPhone 4 at some Verizon Wireless stores, according to a survey of 150 stores by BTIG analyst Walter Piecyk.
 
The earthquake, tsunami and resulting nuclear disaster have caused significant problems for the worldwide semiconductor industry, analysts said on Friday.
 
Business users often watch as IT deploys costly, complex BI programs that take months to arrive -- then fail to deliver the needed insights. QlikTech CEO Lars Bjork says you don't have to take it anymore. In this Q&A, he explains how his company's data discovery tools give the power to users -- and even help police crack murder cases.
 
A malicious Android app that shamed users for pirating software transmitted personal information to a URL controlled by the legitimate app's developer, a security company said today.
 
[security bulletin] HPSBUX02645 SSRT100387 rev.1 - HP-UX Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS)
 
[ MDVSA-2011:059 ] ffmpeg
 
[security bulletin] HPSBUX02639 SSRT100293 rev.1 - HP-UX Running XNTP, Remote Denial of Service (DoS)
 

Selling technology to cops: 3 ways to make them interested
Network World
When I was working with banks and businesses, I'd see infosec people firing up their keyboards to take on a range of threats that ranged from pedestrian annoyances to break-the-bank intellectual property thefts. The similarities in personality are ...

and more »
 
[security bulletin] HPSBUX02646 SSRT100396 rev.1 - HP-UX, Local Denial of Service (DoS)
 
6-year FreeBSD-SA-05:02.sendfile exploit
 
RE: [Full-disclosure] Microsoft VISTA TCP/IP heap buffer underflow
 
Microsoft VISTA TCP/IP heap buffer underflow
 
Hundreds of thousands -- and possibly millions -- of websites have been hit with a cyberattack that some are calling "one of the biggest mass-injection attacks we've ever seen."
 
Microsoft's complaint about Google's business practices in the European Union will eventually push Google to strike a deal with regulators, an antitrust expert said today.
 
On April Fools' Day, Google pranksters introduce Gmail accounts that can be controlled with body movements.
 
Bank of America has hired a new CISO as it continues its effort to bolster security in the wake of WikiLeaks' claim that it has obtained sensitive internal documents from an unnamed major U.S. bank.
 
HP-UX CVE-2011-0891 Unspecified Local Denial Of Service Vulnerability
 

Unsporting Espionage
Infosecurity Magazine
Knowing your enemy and understanding their tactics are always useful weapons in the infosec arsenal, but it becomes a little more complex when, in addition to protecting the network, you have to take into account that “covert surveillance can be used ...

 
China's largest search engine Baidu said it will start paying an agency representing songwriters for every music download on the site, after years of being criticized for providing links to pirated music downloads.
 
Editors’ Note: Each week the Macalope skewers the worst of the week’s coverage of Apple and other technology companies. In addition to being a mythical beast, the Macalope is not an employee of Macworld. As a result, the Macalope is always free to criticize any media organization. Even ours.
 
The European Commission has confirmed that it has entered talks with Microsoft with the aim of keeping its licensing agreement for Windows.
 
Gibbs has a few more Android apps that he thinks you need.
 
In the two weeks since my last column, the security industry has been rocked by several extremely serious attacks against some of our fundamental pillars of trust: two-factor authentication (RSA SecurID) and SSL certificates (Comodo).
 
We polled the staff and writers at Computerworld and came up with 31 of their favorite apps for the iPhone, Android phones and other smartphones.
 
The European Commission has confirmed that it has entered talks with Microsoft with the aim of keeping its licensing agreement for Windows.
 
[ MDVSA-2011:058 ] quagga
 
[security bulletin] HPSBMA02650 SSRT100429 rev.1 - HP Operations for UNIX, Remote Cross Site Scripting (XSS), Unauthorized Access
 
BSD derived RFC3173 IPComp encapsulation will expand arbitrarily nested payload
 
iDefense Security Advisory 03.31.10: RealNetworks Helix DNA Server RTSP Stack Buffer Overflow
 
RealPlayer '.avi' File Remote Buffer Overflow Vulnerability
 
Word List Builder '.dic' File Buffer Overflow Vulnerability
 
GOM Player '.avi' File Denial of Service Vulnerability
 
The creators of "Zodiac Island" say they lost an entire season of their syndicated children's television show after a former employee at their Internet service provider wiped out more than 300GB of video files.
 
Dell updated its enterprise Ethernet switch lineup with the PowerConnect 7000 series, adding high-availability features, low power consumption and POE (power over Ethernet) to its equipment offerings for use in several parts of a LAN.
 
The chairman of the U.S. House Judiciary Committee has proposed cutting the number of professions eligible for H-1B visas to make more available to tech firms.
 
We polled the staff and writers at Computerworld and came up with 31 of their favorite apps for the iPhone, Android phones and other smartphones.
 
Google says it is in talks with the Chinese government about its online map product, which could be penalized in China due to new state laws.
 
In the wake of Gianfranco Lanci's departure as president and CEO on Thursday, Acer must move aggressively in the smartphone and tablet markets and step up its focus on enterprise PCs in order to remain a major player on the world stage, industry analysts said.
 
InfoSec News: Porn Star HIV Test Database Leaked: http://gawker.com/#!5787392/porn-star-hiv-test-database-leaked
By Adrian Chen Gawker.com March 30, 2011
The patient database of the private health clinic that conducts STD tests for California's porn industry has been breached, exposing test results and personal details about thousands of current and former porn performers, some of which have been published on a Wikileaks-style website.
Earlier this year, a website called Porn Wikileaks posted a list of what it claimed were the real names of more than 15,000 porn performers past and present, alongside their stage names and dates of birth. This essentially "outed" them to any passing Googler, which caused an uproar in the industry since many porn performers try to keep their real name secret, for obvious reasons. That 15,000 names were on the list was significant, especially considering only about 1,200-1,500 performers are currently working in California's Porn Valley.
It turns out that many of the names came from a database belonging to the Adult Industry Medical Healthcare Foundation (AIM), which conducts the majority of STD tests for the porn industry. (Working straight performers get tested at least once every 28 days.) The porn gossip blogger Mike South first reported the breach after he was contacted by a number of porn performers who said the information posted about them on Porn Wikileaks must have come from AIM's database. Their proof: They had only used the stage names that were posted on Porn Wikileaks once, when registering for testing at AIM.
One former porn performer we spoke to registered for an HIV test with AIM using a stage name he made up "off the top of my head" when he started in the industry eight years ago—and he never used it again. (He picked a new stage name when he appeared in his first adult video.) But the stage name he gave AIM recently appeared on Porn Wikileaks, linked to his real name. That stage name "was never used, it was never spoken anywhere else. It was written down one time and one time only and that was on the HIV form for AIM," he said. "Without a question [the leak] came from AIM."
[...]
 
InfoSec News: Former Teen Stock Swindler Sentenced to Three Years on New Hack: http://www.wired.com/threatlevel/2011/03/dinh-2/
By Kevin Poulsen Threat Level Wired.com March 31, 2011
A former teenage hacker who once served time for an online stock-trading scheme was sentenced in New York this week to three years in prison on [...]
 
InfoSec News: EU parliament suspends webmail after cyber-attack: http://www.theregister.co.uk/2011/03/31/eu_parliament_hack/
By John Leyden The Register 31st March 2011
The European Parliament network has fallen under cyber-attack, leading to a suspension of webmail and other security restrictions.
The assault, which has led to the suspension of webmail access in Strasbourg, comes after attacks against the European Commission and the External Action Service networks.
The Parliament and the Commission run over separate networks. The attack on the parliamentary network was reportedly detected on 24 March, two days after problems with the Commission's Microsoft Exchange email server system first emerged.
An EU official said that the two attacks appeared to be co-ordinated, well-organised and geared towards extracting sensitive information. "This is not a couple of teenage boys hacking into the [EU] institutions," the official told European Voice.
[...]
 
InfoSec News: Secunia Weekly Summary - Issue: 2011-13: ========================================================================
The Secunia Weekly Advisory Summary 2011-03-24 - 2011-03-31
This week: 50 advisories [...]
 
InfoSec News: Searching For Security’s Yardstick: http://www.darkreading.com/security-monitoring/167901086/security/security-management/229400652/searching-for-security-8217-s-yardstick.html
By Tim Wilson Darkreading March 30, 2011
There’s an old saying in IT: You can’t manage what you can’t measure. [...]
 
InfoSec News: Moderators note: Hire Me!: Just a quick note, I am still in Chicago helping care for an elderly parent, and I'm looking for a new security opportunity in Chicagoland. I'm listed on LinkedIn at: http://www.linkedin.com/in/williamknowles but please drop me a note if you're aware of something that would be a good [...]
 
InfoSec News: Failure to encrypt portable devices inexcusable, say analysts: http://www.computerworld.com/s/article/9215369/Failure_to_encrypt_portable_devices_inexcusable_say_analysts
By Jaikumar Vijayan Computerworld March 31, 2011
The continuing failure by most enterprises to encrypt sensitive data stored on laptops and other mobile devices is inexcusable, analysts said following BP's disclosure this week of a data compromise involving a lost laptop.
The computer contained unencrypted personal data such as names, Social Security numbers and dates of birth belonging to about 13,000 individuals who had submitted claims with the company over last year's disastrous oil spill.
According to BP, an employee lost the laptop while on routine business travel.
The company is only the latest in a long list of organizations that have made similar announcements over the past several years. In fact, data compromises involving lost or stolen laptops, unencrypted storage disks, and other mobile devices account for a substantial portion of breaches these days.
[...]
 
InfoSec News: Former Intelligence CIO New BofA CISO: http://www.bankinfosecurity.com/articles.php?art_id=3486
By Eric Chabrow Executive Editor GovInfoSecurity.com March 31, 2011
Patrick Gorman, a former associate director of the Office of the Director of National Intelligence, is the new chief information security [...]
 

In-depth: InfoSec show preview
MicroScope (blog)
Astaro, the leading European UTM provider, told MicroScope that it has introduced three new IT security solutions which it will be discussing at InfoSec; Astaro Application Control, Astaro Log Management and Astaro Endpoint Security. ...

 

Posted by InfoSec News on Mar 31

http://www.darkreading.com/security-monitoring/167901086/security/security-management/229400652/searching-for-security-8217-s-yardstick.html

By Tim Wilson
Darkreading
March 30, 2011

There’s an old saying in IT: You can’t manage what you can’t measure. If
that’s true, however, security managers must be in a world of hurt.

Across this usually contentious security industry, there is violent
agreement about two points: Security...
 

Posted by InfoSec News on Mar 31

http://www.computerworld.com/s/article/9215369/Failure_to_encrypt_portable_devices_inexcusable_say_analysts

By Jaikumar Vijayan
Computerworld
March 31, 2011

The continuing failure by most enterprises to encrypt sensitive data
stored on laptops and other mobile devices is inexcusable, analysts said
following BP's disclosure this week of a data compromise involving a
lost laptop.

The computer contained unencrypted personal data such as names,...
 

Posted by InfoSec News on Mar 31

http://www.bankinfosecurity.com/articles.php?art_id=3486

By Eric Chabrow
Executive Editor
GovInfoSecurity.com
March 31, 2011

Patrick Gorman, a former associate director of the Office of the
Director of National Intelligence, is the new chief information security
officer and senior vice president at Bank of America, the nation's
largest bank company announced Thursday.

Gorman, who will be based in Washington, will report to Chief Technology...
 

Posted by InfoSec News on Mar 31

http://gawker.com/#!5787392/porn-star-hiv-test-database-leaked

By Adrian Chen
Gawker.com
March 30, 2011

The patient database of the private health clinic that conducts STD
tests for California's porn industry has been breached, exposing test
results and personal details about thousands of current and former porn
performers, some of which have been published on a Wikileaks-style
website.

Earlier this year, a website called Porn Wikileaks...
 

Posted by InfoSec News on Mar 31

http://www.wired.com/threatlevel/2011/03/dinh-2/

By Kevin Poulsen
Threat Level
Wired.com
March 31, 2011

A former teenage hacker who once served time for an online stock-trading
scheme was sentenced in New York this week to three years in prison on
new charges of cracking a New York-based currency exchange service and
gifting himself more than $100,000.

Van T. Dinh, now 27, was also ordered to pay $125,000 in restitution for
the scam, and...
 

Posted by InfoSec News on Mar 31

http://www.theregister.co.uk/2011/03/31/eu_parliament_hack/

By John Leyden
The Register
31st March 2011

The European Parliament network has fallen under cyber-attack, leading
to a suspension of webmail and other security restrictions.

The assault, which has led to the suspension of webmail access in
Strasbourg, comes after attacks against the European Commission and the
External Action Service networks.

The Parliament and the Commission...
 

Posted by InfoSec News on Mar 31

========================================================================

The Secunia Weekly Advisory Summary
2011-03-24 - 2011-03-31

This week: 50 advisories

========================================================================
Table of Contents:

1.....................................................Word From...
 

Posted by InfoSec News on Mar 31

Just a quick note, I am still in Chicago helping care for an elderly
parent, and I'm looking for a new security opportunity in Chicagoland.
I'm listed on LinkedIn at: http://www.linkedin.com/in/williamknowles but
please drop me a note if you're aware of something that would be a good
fit to my skill-set and you would like my complete resume / contact
information.

Thanks!

William Knowles
@ InfoSecNews.org...
 


Internet Storm Center Infocon Status