InfoSec News

----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

CANCUN, Mexico — Kaspersky Labs senior security research Stefan Tanase knows all about the old adage “You never know until you ask.”

Tanase conducted an experiment recently where he emailed the webmasters of 100 websites infected with malware informing them of the problem asking in return only for some data on the infections in the form of log entries. What Tanase got in return was a big fat zero, as in no replies.

Undeterred, Tanase said Wednesday during the Kaspersky Lab Security Analyst Summit 2012, that he emailed another 200 and actually got a 3% reply rate time on his second attempt.

“The assumption I made is that webmasters don’t know their sites are infected,” he said. “The reality is that webmasters don’t care if their sites are infected.”

Tanase said he knows 52% of his emails reached their destination; 48% bounced back to him.

Of the three percent who did reply, one came from a monestary and a priest who asked for help in cleaning up the websites and under what conditions. Another respondent came from an advertising agency that wasn’t interested because the infected site in question was an old site no longer in use. Another, from an industrial equipment supplier, said they didn’t have a dedicated IT person on staff, but offered to send Tanase an administrative username and password and wondered if he could help–a major security fail.

The experiment, however, wasn’t a total bust; 3% may have replied, but upon a second scan, 5% had removed the malware from their sites.

“They may not have replied,” Tanase said, “but they did clean up their site.”

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Facebook may end up being the biggest name on the IPO calendar this year, but it's also part of a trend in which technology, and particularly Internet companies, are outpacing public offerings from businesses in other sectors.
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
PHP 'php_register_variable_ex()' Function Arbitrary Code Execution Vulnerability
What's your stance on SaaS? Is your perimeter as secure as you think? How can the insurance calculus on asymmetric risk illuminate your company's security exposure? CIO.com's Bernard Golden recaps the provocative discussions entertained at the Security Threat 2012 conference.
E-book sales are, surprisingly, flattening and Gibbs knows why: E-books don't really work very well.
Facebook's IPO filing spells out where CEO Mark Zuckerberg wants to take the company: He sees it as having significant historical value to the economy, governments and -- he hopes -- to every person on the Web.
Half of all Fortune 500 companies and major U.S. government agencies own computers infected with the "DNS Changer" malware that redirects users to fake websites and puts organizations at risk of data theft, a security company said today.
Advanced Micro Devices has put the brakes on adding more cores to its server chips, stopping at 16, the company said Thursday during a financial analyst day.
LightSquared founder Philip Falcone's response to ethics allegations by a U.S. senator sheds some light on a strange chapter in the carrier's ongoing bid to build a controversial cellular data network.
Apache Tomcat Request Object Security Bypass Vulnerability
Apache Tomcat Parameter Handling Denial of Service Vulnerability
Facilities departments often take charge of physical security, but they usually don't understand the systems behind it.
VeriSign, the company responsible for guiding most of the world's Internet users to the correct websites and once the largest encryption certificate issuing authority, was successfully hacked several times in 2010.
Advanced Micro Devices will take a fundamentally different approach to designing chips as it tries to move away from playing second fiddle to Intel.

Symantec Retracts Android Malware Claims to Align With Lookout
PC Magazine
It's called ad poisoning," said Alan Goode, a UK consultant in infosec and mobile security. "Where we sympathize is that poisoned ad networks are an increasing vector for distributing Trojans." Here's what worries me more. When Symantec asked Google to ...

and more »
JBoss Operations Network Multiple Cross Site Scripting Vulnerabilities
HP Data Protector 'DBServer.exe' Remote Code Execution Vulnerability
In an October 2011 regulatory filing, VeriSign said its corporate network was breached in 2010, exposing data on a ?small portion? of its systems.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
An online petition asking Apple to protect the Chinese workers who make its more popular products has gathered more than 162,000 signatures in just over a week.
Sprint is rolling out one of the lowest cost tablets on the market -- a ZTE tablet with midrange specs -- but you'll have to sign a two-year service contract to get the low US$100 price tag.
Wish you could have the latest hot smartphone even with a year left on your contract? TMNG Global has devised a leasing program that could let you upgrade your phone every year.
When Facebook filed its IPO papers with the SEC on Wednesday, some interesting facts about the company came to light.
The U.S. Immigration Customs Enforcement agency has shut down several websites that stream sports programming, a move that appears to be part of the agency's annual Super Bowl crackdown.
Apache HTTP Server Scoreboard Local Security Bypass Vulnerability
GLSA (Gentoo Linux Security Advisory) publication changes
[security bulletin] HPSBMU02739 SSRT100280 rev.1 - HP Data Protector Media Operations, Remote Execution of Arbitrary Code
[CAL-2012-0004] opera array integer overflow
Apple on Tuesday patched 51 vulnerabilities in Mac OS X, most of them critical, in 2012's first security update.
When Facebook filed its IPO papers with the SEC on Wednesday, some interesting facts about the company came to light.
Dell on Thursday said it is forming a Software Group, which will bring together disparate products under one roof as the company tries to sharpen its end-to-end enterprise offerings.
PHP 'crypt()' Function Security Bypass Vulnerability
[ MDVSA-2012:012 ] apache
APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001
Suhosin Extension Transparent Cookie Encryption Stack Buffer Overflow Vulnerability
New variants of the Ice IX online banking Trojan program are tricking victims into exposing their telephone numbers so that fraudsters can divert post-transaction verification phone calls made by banks to phone numbers under their control, security researchers said.
Apple is now the world's third-largest phone maker by shipments and market share, according to a study from the International Data Corporation (IDC). Only behind Nokia and Samsung, Apple took the third spot globally from LG, up from the fifth spot last quarter.
Samsung can continue to sell the Galaxy Tab 10.1N, after a regional court in Munich rejected an Apple motion to block sales due to a patent violation.
SAP's US$3.4 billion purchase of cloud software vendor SuccessFactors has been delayed indefinitely while a U.S. regulatory body investigates the deal, an SAP spokesman confirmed Wednesday.
You spend endless hours sitting at your desk -- isn't it time to give it a tune-up? These tips will help you make your workstation more efficient than ever.
India's Supreme Court on Thursday ruled that 122 mobile licenses awarded across 32 service areas in 2008 should be cancelled, giving a new dimension to investigations into alleged malpractices and corruption in the allotment of the 2G licenses.
China, one of the world's largest Internet markets, could be out of reach of Facebook because of the Chinese government's strict censorship policies, the company said in its filing on Wednesday for an initial public offering.
Google Docs users can now get offline access to documents on their Android-based smartphones and tablets, Googlesaid in a blog post on Wednesday.
Google is directing users to localized country domains on Blogger to provide it flexibility to comply with content removal rules in various countries.
Mozilla Firefox IPv6 Literal Syntax Cross Domain Information Disclosure Vulnerability
With the Facebook IPO now official, industry and financial analysts say that a huge influx of cash could allow it to topple Google from its dominant position in the online world.
PHP CVE-2012-0057 Security Bypass Vulnerability

Conseal Security, Experts in Mobile Data Protection, to Attend Infosecurity ...
iTWire (press release)
At InfoSec this year, Conseal will be announcing a significant new version of its flagship product, which allows administrators unprecedented levels of control over their company's data, even after it has left their hands. Via Stand K76, Conseal will ...

In anticipation of offering its open-source content management software as a service, Alfresco has upgraded its namesake product to work with multiple clients and to interact with a wider range of form factors, the company announced Thursday.
Sony said Thursday it now expects to lose nearly US$3 billion in the current fiscal year through March, over double its target from just three months ago, as it books expenses related to the sale of its share in its LCD joint venture with Samsung and the effect of flooding in Thailand.
WebKit 'Node.normalize' Method Remote Code Execution Vulnerability

Posted by InfoSec News on Feb 01


By John Leyden
The Register
1st February 2012

Romanian police have arrested a man suspected of breaking into the
websites of NASA and the Pentagon in a series of high-profile hack

Razvan Manole Cernaianu, 20, from Timisoara, is accused of publishing
details of the SQL injection vulnerabilities discovered on the targeted
websites under the hacker handle...

Posted by InfoSec News on Feb 01


1 February 2012

An espionage gang that used blackmail to extort intelligence on Turkey's
security projects installed secret cameras all over a facility of the
Scientific and Technological Research Council of Turkey (TÜBİTAK) and
illegally videotaped most of the agency's employees for blackmail


Posted by InfoSec News on Feb 01


The Smoking Gun
February 1, 2012

FEBRUARY 1 -- A U.S. government employee with a top-secret security
clearance is the subject of an FBI investigation into his unauthorized
removal of classified material from the Virginia offices of an
intelligence agency, The Smoking Gun has learned.

When the target was confronted last month by federal agents, he
described himself as...

Posted by InfoSec News on Feb 01


By Tony Bradley
Feb 1, 2012

Don’t nail the coffin shut on RIM just yet. Following a shakeup of
executive leadership, and the launch of BlackBerry Cloud Service and
Office 365 integration, RIM announced today that the BlackBerry 7 OS has
received FIPS 140-2 certification.

Both the BlackBerry 7 and BlackBerry 7.1...

Posted by InfoSec News on Feb 01


By J. Nicholas Hoover
February 01, 2012

Cyber attacks against government agencies and businesses in the United
States continue to rise, and cyber threats will one day surpass the
danger of terrorism to the United States, intelligence community
officials said in an open hearing of the Senate select intelligence
community Tuesday.

"Stopping terrorists is...
Internet Storm Center Infocon Status