InfoSec News

We're under a targeted malware attack!, a friend of mine yelled into the phone. We are getting lots of oddly named PDFs, attached to personalized emails, sent only to certain employees in our firm!. From some past experience with chewing through our nasty malware repository here at SANS ISC, I had learned a thing or two about malicious PDFs, so I agreed to take a look.
One hour later, it was clear that the PDFs in this case were free of any exploit, completely harmless, and contained only the average I AM A COUSIN OF THE LATE ZESKEKE NGAGWENE type of Nigerian 419 (advance-fee) fraud spam.
But the whole episode gave me pause. It really looks like the past two years of never ending new waves of PDF exploits have degraded PDF in the mind of every security analyst to a level somewhere at par with ANI and SCR files: No matter what it claims to be, it ain't nothing good.
I very much agree with Stephen Northcutt's comment in SANS Newsbites two months ago. He asked: Is there an alternative to a .pdf? It was supposed to be a printable image of what you saw on the screen. At least that was the idea 15 years ago. It should not need launch functions to do that. Do you remember five or six years ago, you weren't supposed to send an excel spreadsheet or a word document because they might contain malware, you were supposed to send a .pdf. Guess that has changed!
Time for SDF - the Safe Document Format. You know, one that just supports pixels in various shades of gray, and does not need to include the ability to play a movie in 3D accompanied by surround sound. Just a nice plain document that can be opened, read and printed, without any of the nagging feeling of dread that nowadays accompanies clicking on a PDF.
Anyone?
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Many moons ago I wrote about TouchFreeze, a free laptop utility that solves one of life's most maddening problems: accidental swipes of your touchpad while typing. (Why isn't Windows smart enough to do this on its own? Just saying.)
 
The new ActiveState Python distribution includes modules for GUI design and interacting with databases
 
Ten highlights from VMworld, the massive virtualization conference.
 
A Miami man has pleaded guilty to two identity-theft related charges after federal agents found more than 26,000 credit card numbers stored on his computer, the U.S. Department of Justice said.
 
Oracle co-President Charles Phillips may soon be leaving the company after some public missteps and a recent change in Oracle's upper management, a financial analyst company said Wednesday in a research note to its clients.
 
Heartland Payment Systems has agreed to pay $5 million to Discover to settle claims arising from the massive data breach disclosed by the payment processor last year.
 
Windows Phone 7 has been finalized and released to manufacturers, Microsoft announced today.
 
The Defense Advanced Projects Agency (DARPA) has launched an effort aimed at finding and detecting to insider threats on Department of Defense networks.
 
VCC, a nationwide retail construction company, finds that giving project managers smartphone access to customer data is a big boost in attracting new business.
 
West Virginia's IT workers are concerned that the state plans to outsource their jobs and have responded with a protest and a lawsuit.
 
As a heads up, the Exploit Database (exploit-db.com) is publish a month of undisclosed 0day bugs from Abyssec Research. Today there are two bugs published one for cPanel (though it seems more of a bug of fantastico) and one on Adobe Reader and Flash. Expect that the good ones will be weaponized quickly as the disclosures are quite technically detailed and don't take too much thought to put into place. You may wish to keep up with what they publish as awareness for your own networks.
--

John Bambenek

bambenek at gmail /dot/ com (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Oracle is hoping to entice a younger generation of Java programmers into its fold by offering students complimentary admission to the upcoming JavaOne and Oracle Develop conferences.
 
The U.S. Federal Communications Commission has closed the door on a controversial proposal for a way to use a chunk of wireless spectrum, but continues to consider how best to deploy the valuable spectrum.
 
Spring Framework founder Rod Johnson says fragmentation probably won't happen, though Oracle's behavior isn't helping
 
Apple CEO Steve Jobs today introduced a smaller and less expensive Apple TV, laid out a completely revamped iPod music player lineup, talked up a pair of upgrades to its iOS mobile operating system and touted changes to the company's iTunes music software and store.
 
The U.S. Federal Communications Commission, in the midst of a long and often contentious debate over whether it should enact formal rules prohibiting broadband providers from selectively blocking or slowing Web content, is asking the public for more comments about network neutrality.
 
Amazon.com has been glad-handling executives at major entertainment companies, trying to sell them on a service for streaming TV shows and movies over the Internet, according to the Wall Street Journal. The move would be a direct challenge to the 800-pound gorilla in the market, Netflix, and to Google, which recently announced plans to bake its Android operating system into a variety of TV-related devices. Apple is also rumored to be planning to get into the streaming business with 99-cent rentals of TV shows from the Fox networks and Disney-owned ABC.
 
The browser battle returned to what passes for normalcy in August as Microsoft's Internet Explorer, which had a two-month run of usage share gains, lost ground to the usual suspect: Google's Chrome.
 
Cisco and utility metering company Itron have agreed to jointly develop a standards-based IP-based communications platform for smart energy grids.
 
The Federal Communications Commission (FCC) is asking for help in developing a "Cybersecurity Roadmap," an ambitious plan to identify dangerous vulnerabilities in the Internet infrastructure, as well as threats to consumers, businesses and governments.
 
Sony will launch a streaming music service, "Music Unlimited powered by Qriocity," by the end of the year, the company said at the Internationale Funkaustellung (IFA) trade show in Berlin.
 
Hewlett-Packard announced an agreement with chip fabricator Hynix to bring a new form of non-volatile memory out of research and into the commercial marketplace. The technology, which will be called ReRAM, is faster and denser than today's flash memory.
 
Best-selling authors Neal Stephenson and Greg Bear have launched The Mongoliad, the first digital novel on a so-called social book platform that will allow them to add new elements such as music, video and reader-generated content to the book.
 
-- John Bambenek bambenek at gmail /dot/ com (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
-- John Bambenek bambenek at gmail /dot/ com (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft today said it will revive last year's multi-license Windows 7 Family Pack in early October for U.S. customers.
 
Gartner on Wednesday raised its worldwide semiconductor revenue forecast for this year as sales of devices like smartphones and tablets gain steam.
 
Salesforce.com rolled out a new service on Wednesday that integrates business-contact information with its own CRM (customer relationship management) application and Chatter collaboration software.
 

GovInfoSecurity.com

Karen Evans: Why Cyber Challenge is Needed
GovInfoSecurity.com
Director of US Cyber Challenge explains how competitions, camps fit into the goal to identify 30000 infosec pros. Karen Evans understands the skepticism ...

 

Courion and ICO Tackle Infosec Crime and Punishment at InfoSecurity UK Virtual ...
SourceWire (press release)
Infosec crime and punishment is one of the most highly anticipated sessions. It will look at the ICO's new powers and the role of the PCeU. ...

 
New models of Sony's Reader Pocket Edition, Reader Touch Edition and Reader Daily Edition now offer touch screens and sleeker designs. Will that be enough to keep Sony in the e-reader market?
 
Several Microsoft applications are affected by the vulnerability as well as some third party applications. Microsoft issued a new tool to address the issue.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Microsoft - Dynamic-link library - Business - Monopolies and Oligopolies - Allegedly Unethical Firms
 
Gmail is a great webmail service, with features rivaling standalone clients. But since it runs in a browser, if you're not on the site, you won't be notified of new mail. Spiffy (free) fills this gap. It runs in the system tray and periodically checks up to five Gmail accounts, displaying alert boxes for new messages.
 
Google, Skype and other companies providing communications services in India will have to make provisions for interception of these communications by India's security agencies, Indian home secretary, G.K. Pillai, said in Delhi on Wednesday, according to reports.
 
Swedish Director of Public Prosecution Marianne Ny has decided to reopen an investigation into rape charges directed at WikiLeaks founder Julian Assange.
 
Alcatel-Lucent has acquired OpenPlug, the creator of ELIPS Studio, a tool that allows developers to write an application once and then translate it into native code that can run on iPhones and Android-based smartphones.
 
Windows' built-in Wi-Fi capabilities are rudimentary at best. Try these free or cheap tools to find hot spots, troubleshoot your wireless network, turn your laptop into a hot spot and more.
 
The number of people with Internet access in Brazil, Russia, China, India and Indonesia will double by 2015, management consulting firm Boston Consulting Group said.
 
Hewlett-Packard plans to announce new laptops, including its fastest netbook and first 3D laptop, which combines cutting-edge technologies to raise the bar in performance.
 
Dell has been relatively quiet about its modular data-center products, but on Tuesday it showed off a new design it has started selling to large "hyperscale" customers, which include big Internet firms like Microsoft and Facebook.
 
The combination of free open source and virtual machines is hard to beat; here are some of the handiest virtual appliances you'll find
 
Intel wants to be a force in the mobile computing world -- a fact that it made clear when it announced plans to acquire chip maker Infineon's wireless division and security software provider McAfee.
 
InfoSec News: Iran's Cyber Army Hacks 1, 000 US, British, French Gov't Websites: http://english.farsnews.com/newstext.php?nn=8906081424
FARS News Agency 2010-08-30
TEHRAN (FNA)- An Iranian cyber group announced that it has hacked more than 1,000 important governmental websites of the US, Britain and France in protest at their support and financial aids to anti-Iran terrorist groups.
"To commemorate the Day of Campaign against Terrorism and the martyrdom anniversary of (former Iranian President Mohammad Ali) Rajayee and (his Prime Minister Mohammad Javad) Bahonar (by the terrorist Mojahedin-e Khalq Organization), the group rose to protest at the inhumane measures of the supporters of terrorism, with the US and Britain standing on top of them, through a new method and hacked and changed the pages of more than 1,000 of their websites," Behrouz Kamalian, Head of the Iranian Ashiyaneh (nest) cyber group, told FNA on Monday.
If you open the hacked sites now, you can see a logo of Iran and some pictures of martyrs Rajaee and Bahonar and a bi-lingual text in Persian and English expressing our group's protest at the US, Britain and France's attitude towards terrorism, Kamalian added.
Noting that the project started on Saturday and continued until Monday morning, he reminded that the group managed to hack more than 1,000 governmental sites of the aforementioned countries, including the official website of Louisiana state in the US, Britain's Pevensey city council and other websites.
"All of the hacked websites have been registered at this address: www.zone-h.org," Kamalian added.
His remarks came after the Islamic Revolution Guards Corps (IRGC) announced in March that its cyber teams have hacked 29 websites affiliated with the US espionage network.
The IRGC has recently set up a new center to detect and combat organized crimes on the internet.
The newly-established center is tasked with monitoring the internet to detect and campaign against organized crimes, espionage, economic and social corruption, money laundering and cultural inroad.
Iran has said many times in the past that the western government's support for the MKO proves that their claims about advocating human rights are nothing but lies.
The MKO members last month celebrated the anniversary of their group's bomb attack on the central office of Jomhuri Eslami party in Tehran in 1981 in which 72 party members, including senior Iranian political and religious officials, were martyred.
The MKO, whose main stronghold is in Iraq, is blacklisted by much of the international community, including the United States.
Before an overture by the EU, the MKO was on the European Union's list of terrorist organizations subject to an EU-wide assets freeze. Yet, the MKO puppet leader, Maryam Rajavi, who has residency in France, regularly visited Brussels and despite the ban enjoyed full freedom in Europe.
Some other members of the MKO who have had a role in the assassination of a large number of Iranian citizens and officials are currently living in France.
The group started assassination of Iranian citizens and officials after the Islamic Revolution in a bid to take control of the newly established Islamic Republic. It killed several of Iran's new leaders in the early years after the revolution, including Rajayee, Bahonar and the then Judiciary Chief, Mohammad Hossein Beheshti who were killed in bomb attacks by MKO members in 1981.
The group fled to Iraq in 1986, where it was protected by Saddam Hussein and where it helped the Iraqi dictator suppress Shiite and Kurd uprisings in the country.
Many of the MKO members have abandoned the terrorist organization while most of those still remaining in the camp are said to be willing to quit but are under pressure and torture not to do so.
A May 2005 Human Rights Watch report accused the MKO of running prison camps in Iraq and committing human rights violations.
According to the Human Rights Watch report, the outlawed group puts defectors under torture and jail terms.
Numerous articles and letters posted on the Internet by family members of MKO recruits confirm reports of the horrific abuse that the group inflicts on its own members and the alluring recruitment methods it uses.
The most shocking of such stories includes accounts given by former British MKO member Ann Singleton and Mustafa Mohammadi -- the father of an Iranian-Canadian girl who was drawn into the group during an MKO recruitment campaign in Canada.
Mohammadi recounts his desperate efforts to contact his daughter, who disappeared several years ago - a result of what the MKO called a 'two-month tour' of Camp Ashraf for teenagers.
He also explains how the group forces the families of its recruits to take part in pro-MKO demonstrations in Western countries by threatening to kill their loved ones.
Lacking a foothold in Iran, the terrorist group recruits ill-informed teens from Iranian immigrant communities in Western states and blocks their departure afterwards.
 
InfoSec News: Darpa’s Star Hacker Looks to WikiLeak-Proof Pentagon: http://www.wired.com/dangerroom/2010/08/darpas-star-hacker-looks-to-wikileak-proof-the-pentagon/
By Spencer Ackerman Danger Room Wired.com August 31, 2010
Tomorrow's WikiLeakers may have to be sneakier than just dumping military docs onto a Lady Gaga disc. [...]
 
InfoSec News: State retiree data breached: http://www.delawareonline.com/article/20100831/NEWS02/8310324/State+retiree+data+breached
By J.L. MILLER The News Journal August 31, 2010
DOVER -- In a data breach that one security expert said could be worth millions of dollars to scam artists, Aon Consulting, the state's [...]
 

Posted by InfoSec News on Aug 31

http://english.farsnews.com/newstext.php?nn=8906081424

FARS News Agency
2010-08-30

TEHRAN (FNA)- An Iranian cyber group announced that it has hacked more
than 1,000 important governmental websites of the US, Britain and France
in protest at their support and financial aids to anti-Iran terrorist
groups.

"To commemorate the Day of Campaign against Terrorism and the martyrdom
anniversary of (former Iranian President Mohammad Ali)...
 

Posted by InfoSec News on Aug 31

http://www.wired.com/dangerroom/2010/08/darpas-star-hacker-looks-to-wikileak-proof-the-pentagon/

By Spencer Ackerman
Danger Room
Wired.com
August 31, 2010

Tomorrow's WikiLeakers may have to be sneakier than just dumping
military docs onto a Lady Gaga disc. The futurists at Darpa are working
on a project that would make it harder for troops to funnel classified
material to WikiLeaks -- or to foreign governments. And that means if
you work...
 

Posted by InfoSec News on Aug 31

http://www.delawareonline.com/article/20100831/NEWS02/8310324/State+retiree+data+breached

By J.L. MILLER
The News Journal
August 31, 2010

DOVER -- In a data breach that one security expert said could be worth
millions of dollars to scam artists, Aon Consulting, the state's
benefits consultant, inadvertently posted personal information of about
22,000 state retirees on the Web, potentially exposing them to identity
theft for the rest of...
 
IBM next week will add water-cooling to a mainframe offering for the first time in 15 years; the company has started offering the technology fror blade servers and supercomputers in recent years.
 
Microsoft on Tuesday again abstained from naming which of its Windows programs, if any, contain bugs that could lead to widespread "DLL load hijacking" attacks.
 

Internet Storm Center Infocon Status