InfoSec News

We've had a few reports on AVG updates breaking things on Windows 7 64 bit (thanks Bill, et all).
The problem lies with the mandatory update.
The AVG site has some info on how to deal with the issue herehttp://forums.avg.com/ww-en/avg-free-forum?sec=threadact=showid=94159

Basically get the machine started somehow (use AVG rescue Disk or any Linux Live CD). In the windows/system32/drivers directory rename everything starting with avg. Reboot and your system will be back (minus the AV). I guess it will then be a matter of waiting for it to be fixed, reinstall or change to something else.

M (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
As we count down towards the end of the year and the festive season for a considerable part of the planet, we've started seeing some small increases in SPAM on the system I look after. The increases are smallish at the moment, but if the trend follows previous years General Mambuto has some extra cash to spend in your country, Sargent Jones has found some valuables which he is willing to share, Adobe has a new version out called 2011, likewise Skype apparently has a new version of their application also called 2011 (Thanks Dorothy for those last two). In other words SPAMmers are getting ready for the festive season and have updated their SPAM to suit the season.
In the last week or so we've also started seeing some types of spam sneaking through what typically are very robust and accurate anti SPAM products. One of the reasons for this seems to be part of the various reputation filters used by a number of the products. Reputation filters are used to determine what should be done with the message. If the sender IP has a good reputation, then maybe there is no need to spend CPU cycles on anti SPAM or AV checks. The problem with a few of the runs over the last week (and maybe this is just regional) is that all of them have been sent from systems that have very good reputations. The products using reputation filters are delivering these messages because the score is high enough for the message to bypass the anti SPAM checks. The messages I'm seeing are these pesky ones:

I just earned $765 in three days doing simple tasks! I used -http://x.co/randslkdjsYou will thank me for this!
Sometimes it has a subject line. Sometimes not. The link takes you to a tracker and then to a website for home work (read mule, I'm guessing).
The product update messages are typically along the lines of:

This is to notify/remind that a new version of 'insert product here' 2011

has new features. blah blah blah...

click here
The domain is typically something that has 2011 in the domain. e.g. official-skype-2011.com, or adobe-2011-download.com, etc.
Over the next few weeks keep an eye on your SPAM filters and check what is getting through. You may want to send your users a little reminder on what is going around this year.
If you have examples of things that are sneaking through your SPAM filters I'd appreciate the headers.
Cheers
Mark H

(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
If you are videoconferencing a lot (or you want to start making more video calls), the N1 offers an upgrade from the standard built-in Webcam.
 
Amazon Web Services (AWS) kicked WikiLeaks off its servers for breaking rules designed to ensure websites use their own content and that it won't injure others, and not due to pressure from the U.S. government, Amazon said Thursday.
 
Iowa's Amber Alert website was hacked and used to send out a bogus alert over the weekend.
 
After a legal battle that lasted two-and-a-half years, Google has been found guilty of trespassing on a Pennsylvania family's property to take photos of their property for its Maps Web site.
 
After a legal battle that lasted two-and-a-half years, Google has been found guilty of trespassing on a Pennsylvania family's property to take photos of their property for its Maps website.
 
Hewlett-Packard on Thursday said it will bring strong multimedia and entertainment applications to WebOS by moving the MediaServer team into its Palm business unit.
 
Samsung on Thursday said it has developed a fast version of low-power memory that could help speed up applications in tablets and smartphones.
 
Oracle on Thursday stepped up its efforts to rebuild Sun's hardware business, announcing a high-performance clustered database system that could turn up the competitive pressure on rivals IBM and Hewlett-Packard.
 
MediaCoder '.m3u' File Remote Stack Buffer Overflow Vulnerability
 
Fedora 'Dracut' Package Insecure File Permissions Vulnerability
 
NASA scientists have found a new form of bacteria that they say has changed their notion of life as we've known it.
 
Amazon's decision to pull its hosting of Wikileaks underscores the risks companies face when moving to the cloud.
 
Google App Engine and its SDK get boosts for real-time communications and high availability.
 
Clearwire plans to raise more than $1.1 billion through a debt offering in the coming days, but steps the WiMax network operator took recently to conserve cash will remain in place.
 
Adobe and Google have collaborated to put the Flash Player plug-in inside a sandbox within Chrome, an effort by the two companies to better protect users from attacks.
 
Quadroid is a term that refers to the Qualcomm chips that run inside Android smartphones. Like Wintel has been for PCs, Quadroid could push down profit margins for smartphone makers.
 
Intel's new six-core chip delivers even more processing power to midrange workstations
 
New paper by Amit Klein (Trusteer): "Detecting virtualization over the web with IE9 (platform preview) and Semi-permanent computer fingerprinting and user tracking in IE9 (platform preview)"
 
Flaw in Microsoft Windows SAM Processing Allows Continued Administrative Access Using Hidden Regular User Masquerading After Compromise (2010-M$-001)
 
After a legal battle that lasted two-and-a-half years, Google has been found guilty of trespassing on a Pennsylvania family's property to take photos of their property for its Maps Web site.
 
Some lawmakers and tech companies question the Federal Trade Commissions's do-not-track proposal.
 
Here are 12 steps to tap into the hidden job market during this holiday season and build a life-long career network.
 
Password sync service LastPass has acquired Xmarks, the popular browser sync tool, for an undisclosed amount of cash and a share of revenues, the CEO of LastPass said today.
 
In an uncharacteristically public way, Google has acknowledged modifying its search engine so it can identify businesses that provide bad service and lower their search results rankings accordingly.
 
One CIO explains why her company struck its first-ever offshore outsourcing deal in China -- and what she's learned in the two years since.
 
Jack Douglas wants a way to add comments or descriptions his files.
 
Research In Motion agreed to acquire user interface developer The Astonishing Tribe, according to an analyst.
 
The cybercriminals behind the Siberia Exploits Kit have given it an update, brining it in line with competitor toolkits by adding features to bypass antivirus.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
NGS00014 Patch Notification: Cisco IPSec VPN Implementation Group Name Enumeration
 
The Green Grid consortium, which developed the widelyused PUE metric for measuring energy efficiency in data centers, is developing two more metrics to address carbon emissions and water usage.
 
It was announced that the source for ProFTPD was compromised and a back door was inserted. The attacker compromised the main ftp.proftpd.org site on November 28, 2010. This site is also the main rsync server, which means that anybody who has downloaded ProFTPD between then and December 1, 2010 is potentially running a version with the backdoor code. According to reports, this compromise was performed against an unpatched vulnerability within ProFTPD itself, so even if you did not install the backdoored version, you may be running vulnerable software.



More information is available at here

Kevin Johnson

Secure Ideas
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Wordpress has released a new version, 3.0.2, to fix a SQL injection flaw. This flaw is in all previous versions of the codebase according to reports, which means that if you are running Wordpress, you must update. This exploit is possible with author-level permissions but personally I would not depend on this to protect myself. More information is available here. (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Sweden's Supreme Court on Thursday declined to hear an appeal from Wikileaks' Julian Assange to quash an arrest warrant related to sexual assault accusations from two women.
 
Chip developer Rambus has filed patent infringement lawsuits against six chip makers including Broadcom and Freescale Semiconductor in the U.S., and said it is also seeking to ban the import of products that infringe its patents.
 
Linux Kernel 'sctp_outq_flush()' Denial of Service Vulnerability
 
Linux Kernel ALSA 'sound/core/control.c' Local Integer Overflow Vulnerability
 
Micron will produce drives next year that combine error management techniques in the same NAND flash package, removing the overhead from host processors that typically contain error correction code.
 
OpenSSL Cryptographic Message Syntax Memory Corruption Vulnerability
 
InfoSec News: Cyberespionage At A Crossroads: http://www.darkreading.com/insider-threat/167801100/security/attacks-breaches/228500103/cyberespionage-at-a-crossroads.html
By Kelly Jackson Higgins Darkreading Dec 01, 2010
It has been a milestone week in cyberespionage developments that smacked [...]
 
InfoSec News: Increased hacking poses major threat: http://english.people.com.cn/90001/90776/90882/7218149.html
By Zhang Yan China Daily December 02, 2010
There has been an 80 percent increase in the number of computer hacking cases handled by the police in China each year since 2006. The new cases [...]
 
InfoSec News: Canadian cyber-security lax, experts warn: http://www.canada.com/technology/Canadian+cyber+security+experts+warn/3911521/story.html
By JASON MAGDER The Gazette December 1, 2010
Experts warn the Canadian government and Canadian companies are vulnerable to data loss, on the same scale as the WikiLeaks scandal that [...]
 
InfoSec News: Feds pursue Russian, 23, behind one third of ALL WORLD SPAM: http://www.theregister.co.uk/2010/12/01/mega_d_botnet_suspect_named/
By John Leyden The Register 1st December 2010
FBI investigators have named a 23-year-old Russian as a prime suspect behind the operation of the infamous 500,000 Mega-D botnet, blamed for [...]
 
InfoSec News: Federal Cybersecurity Spending To Hit $13.3B By 2015: http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=228500061
By Elizabeth Montalbano InformationWeek December 1, 2010
Federal investment in cybersecurity will reach $13.3 billion by 2015, driven by a 445% increase in security incidents over the last four years [...]
 
Annuaire Component for Joomla! 'id' Parameter SQL Injection Vulnerability
 
Ananda Real Estate 'list.asp' Multiple SQL Injection Vulnerabilities
 

Tenacity Solutions and the University of Fairfax Announce Risk Management ...
PR Web (press release)
Students successfully completing the UoF-ISRM program can graduate with their InfoSec MS or Doctorate and two NSA certifications. ...

and more »
 

Posted by InfoSec News on Dec 01

http://www.darkreading.com/insider-threat/167801100/security/attacks-breaches/228500103/cyberespionage-at-a-crossroads.html

By Kelly Jackson Higgins
Darkreading
Dec 01, 2010

It has been a milestone week in cyberespionage developments that smacked
of a spy movie, with a confession, a killing, and a leaked intelligence
cable: Iranian President Mahmoud Ahmadinejad issued a statement that
"enemies" of Iran had successfully used...
 

Posted by InfoSec News on Dec 01

http://english.people.com.cn/90001/90776/90882/7218149.html

By Zhang Yan
China Daily
December 02, 2010

There has been an 80 percent increase in the number of computer hacking
cases handled by the police in China each year since 2006. The new cases
posed a threat to both public and national Internet security, a senior
police official told China Daily on Wednesday.

"Hacking attacks and the destruction they cause are rapidly increasing....
 

Posted by InfoSec News on Dec 01

http://www.canada.com/technology/Canadian+cyber+security+experts+warn/3911521/story.html

By JASON MAGDER
The Gazette
December 1, 2010

Experts warn the Canadian government and Canadian companies are
vulnerable to data loss, on the same scale as the WikiLeaks scandal that
has rocked the United States government.

This week, the WikiLeaks website released thousands of documents of
secret data gleaned from the computers of U.S. embassies around...
 

Posted by InfoSec News on Dec 01

http://www.theregister.co.uk/2010/12/01/mega_d_botnet_suspect_named/

By John Leyden
The Register
1st December 2010

FBI investigators have named a 23-year-old Russian as a prime suspect
behind the operation of the infamous 500,000 Mega-D botnet, blamed for
an estimated one in three spam emails prior to a take-down operation
early last year.

Oleg Nikolaenko, a 23-year-old Moscow resident, was accused of violating
US anti-spam and fraud laws...
 

Posted by InfoSec News on Dec 01

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=228500061

By Elizabeth Montalbano
InformationWeek
December 1, 2010

Federal investment in cybersecurity will reach $13.3 billion by 2015,
driven by a 445% increase in security incidents over the last four years
and the shortage of qualified security professionals, according to a
report released this week.

The size of the investment represents an annual...
 


Internet Storm Center Infocon Status