InfoSec News


Corporate Networks At Risk From Holiday Makers
SYS-CON Media (press release) (blog)
... Utah, with offices located in the Americas, Europe and Asia Pacific, and can be found at www.landesk.com. The research was conducted amongst 367 consumers through an online survey and questionnaires at the InfoSec show in April 2011.

 
Researchers from the California Institute of Technology have built what they claim is the world's largest computational circuit based on DNA, using a technology that they said could easily scale to even greater complexity.
 
IBM announced a cloud-computing service on Thursday that will let universities and colleges build custom private clouds that can be integrated into public cloud services. IBM also has a similar initiative underway for K-12 schools.
 
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
This is the second release candidate of the upcoming 1.6 (stable) branch. This new branch contains several new enhancements and bug fixes. For example, support for files greater than 2 GB, it can export SSL session keys, it can export SMB objects, graphs now save as PNG images by default to name a few. It also supports a large number of new protocols. This update can be downloaded here.


[1] http://www.wireshark.org/lists/wireshark-announce/201106/msg00000.html
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
LulzSec, a hacking group that recently made news for hacking into PBS, claimed today that it has broken into several Sony Pictures websites and accessed unencrypted personal information on over 1 million people.
 
Google is giving Android Market users a new way to evaluate Android Market applications even as it struggles to keep malicious apps off the store.
 
Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulnerability
 
Gibbs wants to run "Star Wars Episode I: Racer" on a W98 VM but runs into compatibility problems.
 
Now with Apple pushing out its first daily update to combat the latest MacDefender variant, its a good time to take a closer look at XProtect, the Snow Leopard Anti Malware engine (or to use the Apple euphemism: safe download list).
OS X heavily relies on XML files for configuration. These plist files are easy to read. The same is true for the XProtect configuration, which includes the currently valid signatures. Two files are used:
/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.meta.plist
This file appears to track XProtect versions, and when they got applied.
/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist
This is the actual signature file. For example, one of the MacDefender entries looks like:


dict
keyDescription/key
stringOSX.MacDefender.B/string
keyLaunchServices/key
dict
keyLSItemContentType/key
stringcom.apple.installer-package/string

/dict
keyMatches/key
array
dict
keyMatchFile/key
dict
keyNSURLNameKey/key
stringInfo.plist/string
/dict
keyMatchType/key
stringMatch/string
keyPattern/key
string3C6B65793E43464276B6....F737472696E673E/string

/dict
[ ... 3 more 'dict' sections deleted ... Also, the string is appreviated to fit ]

/array
/dict
It is essentially pretty obvious how these signatures work. For each malware sample, we find a set of string matches like the one above.

Using the xpath utility, we can get a list of all malware names currently covered:


xpath /System/Library/CoreServices/CoreTypes.bundle/Contents/Resources/XProtect.plist
/plist/array/dict/string

Checking the file date will also give you and idea as to when the file was last updated.


------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Motorola's CEO blamed the open Android app store for performance issues on some phones.
 
Following the lead of social networking firm LinkedIn, Groupon Thursday filed its plan for an initial public offering it hopes can raise $750 million.
 
Apple on Wednesday updated the malware engine included with Snow Leopard to detect the newest version of MacDefender, the fake antivirus program that's plagued users for the last month.
 
Excess inventory bolstered the chip market in the wake of the devastating earthquake and tsunami in Japan.
 
In a rare display of collaboration, Google has joined forces with its search rivals Microsoft and Yahoo in a project intended to improve the Web crawling and indexing of structured data, which often originates in databases and loses its format when converted into HTML.
 
Can Microsoft's next-generation, touch-oriented Windows 8 OS give Microsoft a leg-up in the tablet computer market now dominated by Apple's iPad?
 
Oracle suddenly announced Wednesday it was submitting the codebase for OpenOffice.org to the Apache Software Foundation, ending speculation about the open-source productivity suite's fate following Oracle's recent announcement it would be transitioned to a "solely community-based project."
 
Security consultant offers up list of missteps companies should avoid in cloud security.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
The bill would supersede state laws and experts say they could help enterprises by setting one standard set of rules for breach notification.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

Tips for selling security

by Marcia Savage

Selling security to business executives is never easy, especially in a slow economy. One infosec manager discussed the difficulties and offered some tips for success in a presentation at the Cornerstones of Trust 2011 conference in Foster City, Calif., Wednesday.

“Sometimes just getting heard can be difficult,” said Justin Drain, data security manager at Fremont Bank. The standard approaches — fear and compliance — have distinct limitations. “Compliance is not security,” he said. “It doesn’t go far enough.”

Security managers need to take an integrated approach that starts with building a solid case for security, including metrics, he said. They should frame security in a positive light, understand their audience and speak their language. “Be prepared to defend the obvious,” Drain said.

It’s critical security managers be in the room when decisions are being made and options discussed, he said. “However, not all of us are far up enough in the food chain. If you can’t be there, you need an advocate or to build an advocate.”

Educating both executives and the rank and file about security is important, Drain said. “Make sure executives are so educated that they ask for security before you do.”

Cornerstones of Trust is an annual event co-hosted by the Information Systems Security Association’s Silicon Valley and San Francisco chapters and San Francisco Bay Area InfraGard.



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
A Chinese official today denied accusations that the government was responsible for attacks that accessed hundreds of Google Gmail accounts.
 
The number of U.S. Twitter users jumped in the past year, increasing more than 50%, according to a study from the Pew Research Center.
 
Limited quantities of Samsung's Galaxy Tab 10.1 Wi-Fi edition will be sold in a single New York store on June 8, the same day that Verizon Wireless begins taking online orders for a more expensive model that runs on its LTE cellular network.
 
Microsoft has unveiled the next generation of its flagship operating system, calling it a "reimagining" of Windows that will run on all types of devices from small, touch-sensitive screens to traditional large-screen PCs. Follow all the Windows 8 news, analysis, opinion, and blogs with our continuing coverage page.
 
Plone Multiple Security Vulnerabilities
 

Accuvant Researcher Charlie Miller, Ph.D. to Keynote International NATO ...
Business Wire (press release)
Dr. Miller will talk about “Why the Bad Guys are Winning the InfoSec War”, focusing on the role unknown vulnerabilities and 0-day exploits play in information security. He'll explain why they exist, why they are dangerous, the harm they can cause, ...

and more »
 
Two more sub-$80 Android smartphones will hit the market this month on T-Mobile USA, giving the carrier a way to attract new, young users to two-year service contracts that will help bolster revenues.
 
Lumension Security Lumension Device Control Unspecified Memory Corruption Vulnerability
 
GIMP PCX Image Parsing Heap Buffer Overflow Vulnerability
 
RE: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept
 
RE: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept
 
Now that we're out of IPv4 allocations, it's time to get serious about adopting the next generation of Internet Protocol, IPv6.
 
RE: [Full-disclosure] COM Server-Based Binary Planting Proof OfConcept
 
Re: [Full-disclosure] COM Server-Based Binary Planting Proof Of Concept
 
COM Server-Based Binary Planting Proof Of Concept
 
[SECURITY] [DSA 2251-1] subversion security update
 
Kasperky Lab Security news service posted this recently.

https://threatpost.com/en_us/blogs/droiddream-returns-dozens-infected-apps-pulled-android-market-060111

Researchers have identified a second large batch of apps in the Android Market that have been infected with the DroidDream malware, estimating that upwards of 30,000 users have downloaded at least one of the more than 30 infected apps. Google has removed the apps from the market.


The user does NOT have to run the application to trigger the data theft. A phone call can trigger that event by invoking android.intent.action.PHONE_STATE intent (an incoming phone call). When that occurs data is extracted from the phone and sent to a remote site including IMEI, IMSI, installed package list, other data and possibly install other applications.


Additionally mylookout.com a company that makes smart phone security software posted a analysis of droiddreamlight and a set of infected applications here:

http://blog.mylookout.com/ (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Corporate Networks At Risk From Holiday Makers
IT News Online
... Utah, with offices located in the Americas, Europe and Asia Pacific, and can be found at www.landesk.com. The research was conducted amongst 367 consumers through an online survey and questionnaires at the InfoSec show in April 2011.

and more »
 
Security pros advocate a reassessment of security processes and technologies in the wake of breaches that may be tied to RSA SecurID weaknesses.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Later today, we are going to roll out a redesign of the ISC website to bring it in line with the current design of www.sans.edu and to overall refresh the look of the site. If you see a problem, please let us know at handlers @ sans. edu, or if you can use the contact form, use it. Include a screen shot and your browser / OS version.
Update: the new design is live now (obviously...) if you have issues with the site, you can still use the old site at http://iscold.sans.edu for the next couple of weeks.

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The registry operator for the .CO top-level domain, .CO Internet SAS, has exceeded 1 million domain name registrations, a significant milestone for the company in its efforts to position the domain as a safe, attractive Internet presence option for businesses.
 
Texas Instruments on Thursday announced a quad-core chip for tablets with features to boost application and graphics performance in Microsoft's upcoming Windows OS.
 

Cyber Security Challenge part deux launches
IT PRO
As IT PRO learned at the 2011 InfoSec conference, this year's challenge will see a number of new competitions added to the line-up. The central difference between this iteration and the last will be the increased frequency of competitions. ...

and more »
 
Having learned its lesson the hard way with Windows Vista, Microsoft offered assurances Thursday that its upcoming Windows 8 operating system won't require users to buy a new PC.
 
Tablets may be the hottest gadgets on display at this year's Computex. But netbooks still have a presence at the trade show, and vendors are coming out with several new models that will hit the market this year. Their low cost will continue to drive sales, analysts said.
 
As it works to bring its touch-enabled Windows 8 operating system to market, Microsoft is trying to extend its influence over PC makers to ensure they build systems that are best able to run its new software.
 
Tablets with low power dual-core chips have started reaching the market, but some chip makers expect the devices to be further supercharged later this year with quad-core chips which were in the spotlight at the Computex trade show in Taipei.
 
Sony will fully restore PlayStation Network services on Thursday in all regions other than in Japan, Hong Kong and South Korea, the company said.
 
Health care providers in the U.S. are encountering a lack of qualified candidates as they race to meet federal government deadlines for EHR (electronic health record) and health IT use.
 
Micron today unveiled its first PCIe-based SSD for enterprise-class applications, with up to 700GB capacity and 3GB/sec throughput.
 
uplusware UplusFtp Multiple Remote Buffer Overflow Vulnerabilities
 
Microsoft today showed the next version of its Windows OS at a press event in Taipei, unveiling a completely new tile-based interface that it hopes will be better suited for the emerging world of tablet PCs.
 
Internet Storm Center Infocon Status