InfoSec News

The U.S. Department of Justice is examining bidders, including Apple and Google, interested in Nortel's patent portfolio, according to a report in the Wall Street Journal that cites unnamed people familiar with the situation.
 
A Canadian judge has blocked the extradition of a former Cisco Systems executive and slammed that company and U.S. authorities for allegedly duping Canadian officials into arresting him.
 
A 26-year-old U.K. man was arrested Thursday on charges that he tried to hack into the Facebook social-networking site.
 
Find out the maximum radiation absorption levels from various mobile phone handsets, using this searchable database. Or view and sort the full table of 1300+ models.
 
iMatix Xitami If-Modified-Since Remote Buffer Overflow Vulnerability
 
Tom Sawyer Software GET Extension Factory Object Initialization Memory Corruption Vulnerability
 
Multiple VMware products 'Mount.vmhgfs' Mutiple Security Vulnerabilities
 
Though signs for IT remain positive this year, worries about the economy sapped investor confidence this week as a wide range of businesses, including big computer industry vendors, suffered a drop in share value.
 
A hacker group called the Pakistan Cyber Army on Friday claimed that it has accessed an Acer server in Europe and stolen personal data of some 40,000 people.
 
Google's announcement that hackers had gone after the Gmail accounts of senior U.S. officials raises a question: What are government officials doing using Gmail?
 
Sybase OneBridge Server and DMZ Proxy Format String Vulnerability
 
X.Org X Server Record Module and SECURITY Extension Multiple Heap Memory Corruption Vulnerabilities
 
X.Org X 'Server X:1 -sp' Command Information Disclosure Vulnerability
 
X.Org X Server 'MIT-SHM' Local Privilege Escalation Vulnerability
 
X.Org X Server MIT-SHM Extension Information Disclosure Vulnerability
 
Syria appears to be the latest Middle Eastern government to shut down access to the Internet due to civil unrest.
 
Dex One will reportedly cut about 30% of its IT staff after signing an outsourcing pact with HCL Technologies.
 
Analysts parsing what Microsoft revealed of Windows 8 this week are split on how big the company is gambling with its operating system cash cow.
 
Worldwide external disk storage systems posted double-digit growth for the fifth consecutive quarter in the first three months of 2011, according to IDC.
 
Adobe CEO Shantanu Narayen has said that his company's row with Apple over the lack of Flash on the iOS platform is 'over.'
 
Scareware makers on Friday again changed their fake security software scam, while Apple issued the third signature update in as many days to combat the scam.
 
ZDI-11-171: Sybase OneBridge Mobile Data Suite Format String Remore Code Execution Vulnerability
 
FLVPlayer4Free '.fp4f' File Remote Buffer Overflow Vulnerability
 
We have written diaries on Sonys security woes over the past few months, first one was a DDoS against its infrastructure [1] followed by the hacking of the Sony PlayStation network that took their network offline for several weeks, affecting all its PlayStation customers [2]. This week, SonyPictures was compromised by a group of individuals calling themselves LulzSec who took over 1,000,000 unencrypted plaintext customer password. Last week, another attack took place, this time against Sony Music Entertainment Greece website [3] who took usernames, passwords, email addresses and phone numbers.
One question comes to mind. With all of this data lost, if a PCI compliant corporation can be this easily targeted and compromised, is PCI a good standard to measure security posture?
[1] http://isc.sans.org/diary.html?storyid=10654

[2] http://isc.sans.org/diary.html?storyid=10768

[3] http://mashable.com/2011/05/24/sony-hacker-attack
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
[security bulletin] HPSBMA02652 SSRT100432 rev.4 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Information Disclosure
 
WebSVN 2.3.2 Unproper Metacharacters Escaping exec() Remote Commands Injection Vulnerability
 
CFP: IEEE SocialCom11 /PASSAT11
 
iDefense Security Advisory 06.01.11: Cisco AnyConnect VPN Client Arbitrary Program Execution Vulnerability
 
Next Tuesday, Oracle is planning to release a Java SE Critical Patch Update that will contain 17 new security fixes which may be remotely exploitable without authentication. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible. [1]


[1] http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html


-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Defeat hackers by running the Microsoft Web Application Configuration Analyzer with the same security checks that Microsoft uses on its own servers
 
Re: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept
 
[CVE-ID REQUEST] vBulletin - Multiple Open Redirects
 
Re: [Full-disclosure] COM Server-Based Binary Planting ProofOfConcept
 
AST-2011-007
 
Most IPv4 networks are managed using DHCP and as a result are subject to attacks via rogue DHCP servers. In response, many switches implement DHCP Snooping as a feature to protect from these attacks.
As networks switch to IPv6, DHCP will become less used. Some operating systems, like for example OS X, don't even implement DHCPv6. Instead, router advertisements will be used to help systems discover the network and to configure themselves. But just like DHCP, router advertisements (RA) may be spoofed. To protect your network from rogue RAs, a switch may implement RA-Guard [1], a feature similar to DHCP Snooping.
RA-Guard will only forward RAs, if they are received on a port known to be connected to an authorized router. Additional filtering may happen based on the MAC address of the router.
A recent IETF draft outlines some deficiencies of RA-Guard and how to possibly evade RA-Guard. The basic premise of RA-Guard is that the switch, a layer 2 device, is able to inspect the IPv6 and ICMP6 headers (layer 3) as well as the ICMP6 payload in order to identify and interpret RAs. In particular for IPv6, this is not an easy task and the evasion techniques outlined in the IETF draft are a nice lesson in the difficulties of correctly interpreting IPv6 traffic.
First of all, there is the potential for extension headers. Router advertisements *should not* have any extension headers, but there isn't really anything to prevent that from happening and per RFC, it is legal. However, as soon as we are dealing with extension headers, the Next Header field in the IPv6 header can no longer be used to identify the packet as an ICMP6 packet. Instead, the switch will have to find the last header and use it's Next-Header field.
Processing the entire header chain will take more resources and in the end, may limit the through put of the switch or even lead to denial of service conditions.
Next, the RA messages may be fragmented. This is again a condition that should not be seen in a *normal* network, but then again, attackers may very well craft legal RA packets that are fragmented. The fragmentation could be used to only show the IPv6 header and some extension headers in the first fragment, and move the header indicating the ICMP6 header, as well as the actual ICMP6 header, to the second fragment. Of course, this could be made even more interesting with multiple fragments.
Oh... and remember: Wednesday is IPv6 day :) We will have more about that later.
[1] http://tools.ietf.org/html/rfc6105

[2] http://tools.ietf.org/id/draft-gont-v6ops-ra-guard-evasion-00.txt


IPv6 Security Summit is coming July 15th, Washington DC, http://www.sans.org/ipv6-summit-2011
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Texas Instruments' CEO this week took a shot at Intel, saying the company's history of making power-hungry PC chips could hurt its aspirations to compete with ARM in the handheld device market.
 
EBay's PayPal will no longer be a payment option on a site run by Chinese e-commerce giant Alibaba Group, a sign that cooperation between the two companies may be cooling.
 
Google Chrome GPU Command Buffer Memory Corruption Vulnerability
 
Google Chrome Blob Handling Out Of Bounds Remote Code Execution Vulnerability
 
Google Chrome Popup Blocker Security Bypass Vulnerability
 
Google Chrome Floats Rendering Memory Corruption Vulnerability
 
D.R. Software Audio Converter '.pls' File Remote Buffer Overflow Vulnerability
 
Asustek is preinstalling Canonical's Ubuntu operating system for the first time in some netbooks to target the Linux market, Canonical said Thursday.
 
YouTube has set up a library of videos carrying the Creative Commons license, that creators can easily reuse and incorporate into their work, the Google video sharing service said Thursday in its blog.
 
Foxconn has reopened all its polishing workshops, other than the one at Chengdu in China, which was shut down after a blast there on May 20 killed three people.
 
Google will drop support for Microsoft's Internet Explorer 7 and Mozilla's Firefox 3.5 browsers for its online apps, including Gmail and Docs.
 
Apple has already said it'll be highlighting its new iCloud service, the Lion OS and iOS 5 at next week's Worldwide Developers Conference. Columnist Ryan Faas offers a sneak peek at some of the details.
 
Apple is the latest high-profile tech company to open a data center in western North Carolina to take advantage of relatively low land and power costs.
 
Crutchfield, an electronics and auto stereo retailer, has found that the easier a smartphone payment technology is for buyers to use, the greater the number of sales.
 
Linux e1000 Driver 'Jumbo Frame' Handling Remote Security Bypass Vulnerability
 
Linux Kernel 'tcp_rcv_state_process()' Remote Denial of Service Vulnerability
 

How employees' holiday technology risks impact corporate networks
Continuity Central (press release)
... if it's not based upon tiered functionality and role-based administration—then maybe it's time to re-evaluate.” The research was conducted amongst 367 consumers through an online survey and questionnaires at the InfoSec show in April 2011.
Corporate Networks At Risk From Holiday MakersSYS-CON Media (press release) (blog)

all 2 news articles »
 
Web mail users at Yahoo and Hotmail have been hit with the same kind of targeted attacks that were disclosed earlier this week by Google, according to security software vendor Trend Micro.
 
Internet Storm Center Infocon Status