Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A couple of readers have noticed that ocsp.comodoca.com has been labeled as suspicious and distributing malware for the last couple of days. In particular Comodo's own site inspector service has been identifying the URL as suspect [1]
OCSP is a newer web service that allows clients to verify if an SSL certificate has been revoked. The older standard, CRL (Certificate Revocation List) required that browsers download the entire list. With OCSP, it is possible to query the status of an individual certificate. The certificate has to have the URL for the respective CRL or OCSP service embedded.
Many browsers will accept a certificate, even if the OCSP service does not respond. They will only mark it as invalid, if the OCSP service responds with a result marking the certificate as revoked. However, for Extended Validation (EV) certificates, browsers tend to be more specific and require a positive OCSP response.
ocsp.comodoca.com appears to be the valid OCSP URL for Comodo. For example, the certificate used forhttps://www.comodo.com uses this particular OCSP URL. https://isc.sans.edu uses a Comodo based certificate (Usertrust) as well, and the OCSP URL used for our certificate, ocsp.usertrust.com appears to be affected.

[1] http://siteinspector.comodo.com/public/reports/4753361

[2]http://www.mcafee.com/threat-intelligence/ip/default.aspx?ip=178.225.83.1
Also a good article about this in Dutch can be found here:http://www.security.nl/artikel/42063/1/McAfee_blocks_ocsp.usertrust.com_%28178.255.83.1%29.html

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Twitter released a report on Monday about the user information requests it has received from governments this year and how it responded to them.
 
Soul by Ludacris headphones are endorsed by American rapper/actor Ludacris (aka Christopher Brian Bridge) and Signeo USA. We reviewed the SL150 headphones, one of five models said to be suitable for use in live-sound situations, such as performances and studio work. It's a bold claim by the manufacturer, putting Soul by Ludacris directly up against some tough competition from high-end players such as Sennheiser, Ultrasone and [
 
Microsoft will take a $6.2 billion goodwill charge this quarter to recognize that its online services business won't grow as quickly as it had forecast, the company announced Monday.
 
Microsoft on Monday announced a promotion that later this year will let users of Windows XP, Vista and Windows 7 PCs upgrade to the new Windows 8 Pro for $39.99.
 
Asus has finally dropped the 'Eee Pad' from its tablet line-up, and its latest Android tablet is the Asus Transformer Pad 300. We took a close look at the Transformer Pad 300.
 
Photo Grid is a free Android tablet and smartphone app that lets you create beautiful collages from your favourite photos. It's simple to use, and can even output in a size suitable for Instagram.
 
Value is an interesting concept in technology: you can buy Android ICS tablets for half the price of Apple's iPad, but we've yet to see one that we would consider a bargain. And here comes the Archos 7od eReader, an ebook reading device half the price of the Amazon Kindle Touch, and a significant APS30 cheaper than the basic Amazon Kindle.
 
ModSecurity Quote Parsing Security Bypass Vulnerability
 

Big Data can cause big headaches for infosec professionals
Infosecurity Magazine
Along with the benefits that can be gained from Big Data come attendant security risks, notes Savvis' Ed Moyle.

 
Scientists may be preparing to announce Wednesday that they've found proof that the God particle, considered a key to understanding the great mysteries of the universe, exists.
 
A year ago, we saw the first Samsung Chromebook and we were left feeling pretty underwhelmed with it. Not only was the hardware clunky and slow, but Google's much-anticipated Chrome OS was far more basic and limited in what it could do that we were expecting.
 
Expanding beyond the delivery of software for its own cloud platform, VMware is acquiring DynamicOps for its heterogenous cloud management offerings.
 
Cisco Systems said a privacy policy for the Cisco Connect Cloud service that alarmed some customers was a mistake and has been removed.
 
A number of high-profile outages that took place last weekend can be traced back to how the Linux OS kernel mishandled a leap second added to the official time, charges the CTO of DataStax, a company that manages the open source Cassandra database.
 
Microsoft will take a US$6.2 billion goodwill charge this quarter to recognize that its online services business won't grow as quickly as it had forecast, the company announced Monday.
 
The rapid expansion of business data poses challenges for companies across Europe, especially in the UK, per Aberdeen Group's research report Business Analytics in the UK: Transforming Data into Business Insight.
 
Micron bought Elpida Memory for a song, according to one industry analyst, and in doing so it not only becomes a tier-one DRAM player, but a leader in the mobile memory space as a supplier to Apple.
 

What is ISO 27001?
ITworld.com
ISO/IEC 27010:2012 (ISO 27010) Infosec Communications. ISO/IEC 27011:2008 (ISO 27011) Guidelines for ISM Implementation in Telecommunications. All of the standards place some focus on what ISO is calling an ISMS. What exactly is that? No, I'm not ...

 
Two weeks after online orders of the Samsung Galaxy S III smartphone reached some AT&T customers, the carrier said the new smartphone will finally be available in its stores on Friday for $199.99 and a two-year contract.
 
The $60 million Apple paid to a little-known firm for the iPad trademark will let the Cupertino, Calif. company not only start selling its newest tablet there, but also lays the groundwork for an expected smaller iPad this fall, a financial analyst said today.
 
This is the third in a series of interviews with C-level executives responsible for cyber security and privacy in business and government, who also happen to be thought leaders. (Remember, as I mentioned previously, "C-level executive" and "thought leader" are not synonyms.)
 
A colleague who shall go unnamed is in the process or moving and has unearthed what he believes to be tainted treasure. He writes:
 
An exploit for an unpatched vulnerability in the Microsoft XML Core Services has been incorporated into Blackhole, one of the most widely used Web attack toolkits, according to security researchers from antivirus firm Sophos.
 
Users running Windows XP, Windows Vista or Windows 7 will be able to download an upgrade to their OS to Windows 8 Pro for $39.99 in 131 markets once the new Windows OS version becomes available, Microsoft announced on Monday.
 
With DDoS attacks increasing in frequency, size and complexity, it?s time for online businesses to start protecting themselves.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
ISC reader Joel B wrote in with these two links illustrating a couple of the hiccups that people may be experiencing with the recent leap second (on the 30th of June) that happened. Please take a look at these two articles if you think you may be affected:
https://lkml.org/lkml/2012/6/30/122
access.redhat.com/knowledge/articles/15145
-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Acer's Iconia Tab A700 tablet offers a bright 10.1-in. display and fast performance; it is definitely one to consider.
 
Verizon Wireless said the HTC Droid Incredible 4G LTE smartphone will be on its store shelves exclusively on Thursday for $149.99 after rebate and with a new two-year agreement.
 
NGS00162 Patch Notification: Symantec Message Filter Session Hijacking via session fixation
 
Google's new $199 Nexus 7 tablet takes advantage of Nvidia's Kai reference design, a proprietary technology that allows for a cheaper display and memory components that work in concert with a high-performance quad-core Tegra 3 processor.
 
Google's Executive Chairman Eric Schmidt has written to Europe's top antitrust authorities with proposals aimed at avoiding a fine for anti-competitive behavior and abuse of its dominant market position.
 
NGS00195 Patch Notification: Nagios XI Network Monitor Stored and Reflected XSS
 
NGS00194 Patch Notification: Nagios XI Network Monitor Blind SQL Injection
 
NGS00196 Patch Notification: Nagios XI Network Monitor OS Command Injection
 
Nearly three years after its launch, Windows 7 is poised to replace Windows XP as Microsoft's most popular operating system, a Web analytics company said Sunday.
 
[security bulletin] HPSBMU02783 SSRT100806 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)
 
[security bulletin] HPSBMU02781 SSRT100617 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running PostgreSQL, Remote Execution of Arbitrary Code, Denial of Service (DoS)
 
On June 29th 2012 a severe windstorm reffered to as a derecho tore through the Midwest and MidAtlantic regions of the US. Over 1,750,000 homes and businesses were left without electricity. Datacenters supporting Amazon's AWS, Netflix and other large organizations were taken offline, and there were several deaths reported.
The story that follows offers some lessons relearned and possibly a few new ones.

I work for a company with a NOC and primary data-center in the path of the storm. A number of events took place. With day time temperatures near 108F and the windstorm coming through the battery on the backup generator powering the data-center cracked and was not able to start the generator. Notifications went out but due to hazardous road conditions no one was able to get onsite to address a clean shutdown of services. Remote access was offline as UPS batteries provided insufficient time. This is a known factor as we rely on the backup generator to operate. The generator is tested weekly, the test the day prior was ok, and the battery maintenance was performed on the same day as the test. But a generator that does not start when needed is no generator at all.

Power was restored only a few hours later which compounded the problem. The power came back before the first admin could safely get on site. When he did he found all systems powered on but none of the systems were reachable. The environment is highly virtualized, with a well-designed and thought out set of VM hosts and systems. The VM hosts are connected to redundant switches with redundant connections. However when power was restored the servers came online before the switches did. The VM hosts deactivated the NICs and prevented local communications. It looked at first glance like a NIC or Vswitch failure. A simple shut/noshut on the switch ports resolved this ultimately. Additionally services such as DHCP servers, AD servers, and RADIUS servers are all VMs. None of which were available. IP subnets were not documented in an emergency manual, nor were some key passwords for access to switches when RADIUS is down. They were all documented but not in an easy to locate emergency manual. A few phone calls resolved each of these situations with each taking additional time and delaying recovery.

The failure boiled down to the VM server not bringing up the NICs properly since they were up before the switches, this was then compounded by a sysadmin assuming the problem was a VM problem and beginning to reconfigure Vswitches (at the direction of a VMWare tech support technician). Once all parties were onsite resolution was fast and a complete recovery was obtained.

So on to old lessons learned geographic redundancy is desirable, document everything in simple accessible procedures, some physical servers may be desirable, such as DHCP, and AD. Keys services such as RADIUS must be available from multiple locations. Securely documenting addresses and passwords in an offline reachable manner is essential as well as documenting system startup procedures.

Some new to me lessons learned are a little more esoteric. Complacency is a huge risk to an organization. Our company is undergoing a reorganization that is creating a lot of complacent and lackadaisical attitudes. It is hard to fight that. We are losing good people fast and hiring replacements very slowly. There is no technical solution to this problem. It puts a lot of pressure on individuals. I had not experienced a battery exploding in the past. Though I am finding that at least on this day it was a common event. I have learned of three or 4 similar events that same evening. Inter-team communication is a constant struggle. We all work well together but do not have a well-orchestrated effort to create and document our procedures across team boundaries. Lastly having a clearly identified roster of who to call for what problem when is a must and it must not be electronic. Much of our roster was not available and calls were made to people who may not have been the correct on call person for a group, and then personal relationships took over as the way to get things done. It worked, but is not an ideal scenario.

While I am not proud to be in the company of such giants as Amazon and Netflix I am glad that we restored service 100% in only a few hours and had no loss of data and business was not hurt by the event. I am sure I will identify more specific and achievable lessons from this event.

Please share your stories about this event, or lessons you learned in a recent event.

--
Dan
[email protected] (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Micron announced that it's purchasing one of the world's top producers of mobile DRAM chips, Elpida Memory, which filed for bankruptcy earlier this year.
 
Dell announced Monday that it is buying Quest Software for $2.4 billion, following weeks of speculation over its interest in the infrastructure software vendor. The deal is expected to close later this year.
 
Name: Michael Lin
 
Despite precautions by system providers, an extra second added to the official timekeeping record Saturday triggered several popular Internet services to crash over the weekend, including LinkedIn, Reddit and Quantas airline's reservation system.
 
With more than 70 percent of Africa's population living in rural areas, access to broadband service in remote regions was a key issue at the recently concluded Commonwealth Telecommunications Organization (CTO) meeting in Sierra Leone. In an interview in Freetown, CTO and CEO Tim Unwin shared his views on the state of rural broadband connectivity in Africa, the main factors hindering its reach to rural areas and what his organization plans to do to achieve wider connectivity.
 
The U.S. Patent and Trademark Office will open satellite offices in Silicon Valley, Texas and Colorado in an effort to bolster its recruitment of patent examiners and other employees and better serve local businesses, the office announced Monday.
 
[ MDVSA-2012:096-1 ] python
 
Bookmark4U lostpasswd.php env[include_prefix] Parameter RFI
 
IBM developerWorks ncp (Nigel's Capacity Planning) 2.1 Remote Information Disclosure
 
Having skilled IT pros closely monitoring intrusion prevention systems to investigate network traffic anomalies can reduce infections, experts say.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
A survey of 1,000 U.S. workers found that people spend an average of seven extra hours a week -- almost another full day of work -- answering calls and email on a mobile device outside of regular working hours.
 
GD Graphics Library '_gdGetColors' Remote Buffer Overflow Vulnerability
 
Sun iPlanet Error Page Link Injection
 
IBM Edge Components Caching Proxy XSS Followup
 
Basilic RCE bug
 
[SECURITY] [DSA 2505-1] zendframework security update
 

RSA Encryption 'Crack' Rattles Infosec Industry
TechNewsWorld
Claims by a team of international cyrptographic researchers that they've "cracked" the RSA encryption used on a number of smartcards and secure tokens has set off a tempest in security circles. The scientists from France, Italy, Norway and the United ...

 
Dell announced Monday that it is buying Quest Software for $2.4 billion, following weeks of speculation over its interest in the infrastructure software vendor. The deal is expected to close later this year.
 
As part of the company's Smarter Commerce marketing effort, IBM is investigating the possibility of using augmented reality (AR) to help retailers provide more product information to their customers, as well as to gather more information about customers.
 
It's easy to switch to iOS or even Android, no matter what type of company you are
 
Once a status symbol and a perk, the subsidized corporate phone is being phased out as users demand their own devices -- and are willing to pay for the privilege.
 
The U.S. International Trade Commission has decided to review an April decision by its administrative law judge in a patent dispute between Microsoft and Motorola Mobility that has attracted a lot of attention including from the U.S. Federal Trade Commission on the issue of licensing of standards-essential patents.
 
Apple has agreed to pay $60 million for ownership of the iPad trademark in China, as part of a settlement with a little-known Chinese firm called Proview that had tried to ban sales of the tablet in the country, according to a local court.
 
Samsung Electronics asked a U.S. federal court over the weekend for a temporary stay on its preliminary injunction on the sale of the Galaxy Nexus smartphone in the U.S., pending the company's appeal.
 
Twitter messages will go down a one-way street on LinkedIn after Twitter shuts off its flow of data to the professional networking site on Friday.
 
Premier 100 IT Leader Bill Brown also has advice on job boredom and careers networking.
 
The two most-cited browser tracking firms reported significantly different results for June on Sunday; one claimed Microsoft IE easily maintained its No. 1 spot as the other said Google Chrome extended its lead over IE.
 
Oracle Java SE CVE-2012-1716 Remote Java Runtime Environment Vulnerability
 
Oracle Java SE CVE-2012-1726 Remote Java Runtime Environment Vulnerability
 
Oracle Java SE CVE-2012-1713 Remote Java Runtime Environment Vulnerability
 

Posted by InfoSec News on Jul 02

http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240003029/u-s-critical-infrastructure-cyberattack-reports-jump-dramatically.html

By Brian Prince
Contributing Writer
Dark Reading
June 29, 2012

U.S. critical infrastructure companies saw a dramatic increase in the
number of reported cyber-security incidents between 2009 and 2011,
according to a new report from the U.S. Industrial Control System Cyber
Emergency...
 

Posted by InfoSec News on Jul 02

http://www.globaltimes.cn/content/718328.shtml

By Wang Wenwen
Global Times-Agencies
2012-7-2

India's naval computer systems in and around Visakhapatnam, the
headquarters of the Eastern Naval Command, have been reportedly broken
into by hackers who are alleged to be from China, The India Express
reported Sunday.

The Eastern Naval Command plans operations and deployments in the South
China Sea and beyond. The extent of the intrusion is...
 

Posted by InfoSec News on Jul 02

http://arstechnica.com/security/2012/06/science-dmz/

By Dan Goodin
Ars Technica
June 26 2012

Thanks to super-charged networks like the US Department of Energy's
ESnet and the consortium known as Internet2, scientists crunching huge
bodies of data finally have 10Gbps pipes at the ready to zap that
information to their peers anywhere in the world. But what happens when
firewalls and other security devices torpedo those blazing speeds?...
 

Posted by InfoSec News on Jul 02

http://www.theregister.co.uk/2012/06/29/dnschanger_rife_as_deadline_looms/

By John Leyden
The Register
29th June 2012

Even though the DNSChanger safety net deadline expires in just two
weeks, 12 per cent of Fortune 500 firms still have at least one infected
machine on their network, according to a new survey.

DNSChanger screwed up the domain name system (DNS) settings of
compromised machines to point surfers to rogue servers, redirecting...
 

Posted by InfoSec News on Jul 02

http://www.haaretz.com/news/diplomacy-defense/islamic-hackers-post-hundreds-of-israeli-email-addresses-and-passwords-1.448142

By Oded Yaron
Haaretz Daily
July 02, 2012

Islamic hackers on Sunday revealed hundreds of Israeli email addresses
and their passwords on the website of Anonymous Arab. According to Avnet
Security Systems, most of the addresses and passwords listed are active
accounts.

Roni Bachar, the manager of the cyber-attack...
 
389 Directory Server Multiple Information Disclosure Vulnerabilities
 
Ruby on Rails Active Record CVE-2012-2695 SQL Injection Vulnerability
 
Apple has agreed to pay US$60 million for ownership of the iPad trademark in China, as part of a settlement with a little-known Chinese firm called Proview that had tried to ban sales of the tablet in the country, according to a local court.
 
Internet Storm Center Infocon Status