InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
In an effort to challenge programmers worldwide, Facebook has brought back its Hacker Cup contest for a third round, the company announced Wednesday.
OpenSSL has addressed six vulnerabilities in OpenSSL 1.0.0f and 0.9.8s.

CVEs include:
DTLS Plaintext Recovery Attack (CVE-2011-4108)
Double-free in Policy Checks (CVE-2011-4109)
Uninitialized SSL 3.0 Padding (CVE-2011-4576)
Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577)
SGC Restart DoS Attack (CVE-2011-4619)
Invalid GOST parameters DoS Attack (CVE-2012-0027)

Details here: http://openssl.org/news/secadv_20120104.txt
Downloads here: http://openssl.org/source/

Note that the hyperlink for the Nadhem Alfardan and Kenny Paterson paper specific to the DTLS Plaintext Recovery Attack results in a 404 error.

Russ McRee
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The International Consumer Electronics Show takes place next week in Las Vegas, and as always there will be plenty to trigger our technolust.
Adobe Acrobat and Reader U3D Memory Corruption Vulnerability
Western Digital's planned acquisition of Hitachi's hard drive business may have hit a snag: China's anti-monopoly regulators want the company to address concerns about the buyout.
Oracle and Google have both won and lost in a number of their efforts to keep evidence out of the upcoming trial in Oracle's lawsuit against Google over the Android mobile OS. At issue is whether Google has infringed on Oracle's intellectual property rights by using Java without properly licensing it.
Apple today announced it would start selling the iPhone 4S in mainland China a week from this Friday -- Jan. 13.
[SECURITY] [DSA 2380-1] foomatic-filters security update
Researchers at Kaspersky Lab tie the Stuxnet worm and its sister Duqu Trojan to the Tilded platform, which helped the malware evade detection by traditional security software.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Quanta Computer has filed a lawsuit in a California court against Advanced Micro Devices over faulty chips used in some computers, an accusation disputed by AMD.
Microsoft today sued a U.K. electronics retail chain for selling Windows recovery discs to customers, claiming that the practice amounts to piracy.
Metro PCS Communications customers in 14 cities will be able to watch live, local broadcast TV on their mobile phones later this year.
[SECURITY] [DSA 2379-1] krb5 security update
Yahoo's board has chosen as the company's CEO Scott Thompson, president of eBay's PayPal, ending a four-month search after Carol Bartz was fired in early September.
Oracle's lawsuit against Google over alleged Java patent and copyright violations in the Android mobile OS will go to trial as soon as mid-March after well over a year of heated back-and-forth wrangling between the two sides.
Google penalized its own browser's search rankings Tuesday over a marketing campaign that went bad, the company confirmed.
The U.S. State Department should investigate Huawei Technologies' reported sale of mobile phone tracking equipment to an Iranian mobile operator and consider sanctions against the Chinese company, six U.S. lawmakers said.


Answers to 2011 Gov't IT Security Quiz
(See Infosec Personnel Shortage? It's All Relative) 4. C: 7 consecutive times. The controls Delaware state employees agree to have put on their personal mobile devices to access state networks include strong password, password history, password that ...

Check Point and Amazon Web Services are teaming up to enable Check Point Security Gateway functionality to boost cloud security for business assets.
Two recently-published books, "America the Vulnerable" by Joel Brenner, a former official at the National Security Agency (NSA) and "When Gadgets Betray Us," by writer and security analyst Robert Vamosi, have one theme in common: We've come to depend on modern networks and technology, but the compromise of them by attackers is a serious threat to both individuals and society as a whole.
JasPer 1.900.1 Multiple Vulnerabilities
Open Redirection Vulnerability in Orchard 1.3.9
Multiple vulnerabilities in ImpressCMS
Re: OpenKM 5.1.7 Privilege Escalation
Reduced natural barriers to entry, like development time and cost, should have entrepreneurs considering artificial barriers to entry, like patents and other intellectual property rights. Insider (registration required)
Yahoo's board has chosen as the company's CEO Scott Thompson, president of eBay's PayPal, ending a four-month search after Carol Bartz was fired in early September.
Cyber defense faces a growing disconnect between perception and reality.
www.youtube.com/watch?v=hcAAqxvpPXA Yet another Operation has surfaced that is being carried out by hackers flying the anonymous flag and has a clear target since the recent LulzXmas attacks, ”Our next targets are schools, universities, and government institutions throughout Europe.” says the release for the operation. The have so far attacked a few servers releasing logins and a screen [...]

Invensys Wonderware inBatch BatchField ActiveX Control Multiple Buffer Overflow Vulnerabilities
Google Chrome HTTPS Address Bar Spoofing
IBM is buying Green Hat, maker of automated testing tools for integration, SOA (service oriented architecture) implementations and cloud-based deployments, the company announced Wednesday. Terms of the deal were not provided.
Well this is surely going to come as no surprise to most of the world, Nigeria, one of the most common country’s for scams to be associated with has had one of its websites reportedly discovered by netcraft toolbar community and reported on the netcraft news website. The Phishing attack which is coming form, ironically, the Information Technology [...]

Re: [SE-2011-01] Security vulnerabilities in a digital satellite TV platform
TWSL2012-001: Cross-Site Scripting Vulnerability in Textpattern Content Management System
InfoSec Southwest 2012 CFP First-round Speaker Selections
Hewlett-Packard on Wednesday launched the company's first 27-inch all-in-one PC, its most powerful HP Pavilion PC to date, and a monitor that connects to and charges some of its laptops using USB.
Yahoo's board has chosen as the company's CEO Scott Thompson, president of eBay's PayPal, ending a four-month search after Carol Bartz was fired in early September.
Each week, usually on Tuesday, we are going to highlight an ISC/DShield site feature so all our users become more aware of all the great functionality that is available!
This week's ISC/DShield feature is How To Submit Your Firewall Logs To DShield and can be found at https://www.dshield.org/howto.html
Much of the reporting on the ISC/DShield websites is from data collected from users submitting firewall logs. There are many existing scripts and services available so chances are high that all you have to do to get started is a quick download and cron on your firewall.

Here's how it's done:
1. Signup is recommended for maximum benefits but not required. See the link below for all the added features an account will give you.
2. Find an existing script to load and cron on your firewall.
3. If, by chance, you don't find an existing client, you can write your own.

Using the data:
1. Access the data and feeds.
2. Browse the data results.

That's a quick link list to get you started. If you can't find the details you're looking for on the website or have a question or comment, please drop us a note in the contact form isc.sans.edu/contact.html

Adam Swanger, Web Developer (GWEB)

Internet Storm Center (http://isc.sans.edu) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
BigACE Multiple Cross Site Scripting Vulnerabilities
After nearly seven years of development and fine tuning, the Apache Hadoop data processing framework is finally ready for full production use, the developers of the software announced Wednesday.
Mozilla announced Tuesday the release of version 2.0 of the Mozilla Public License (MPL), which provides compatibility with the Apache and GPL licenses, opening up a wider body of code for reuse by the Mozilla project.
To avoid problems, get your networking staff involved early and often, and make sure to test apps the correct way.
LG Electronics and Samsung are expected to unveil Android smartphones next week at CES that use Intel's latest Atom chip, dubbed Medfield, analysts said.
  STRATFOR, the intelligence company that got shamed and loads of data leaked that has had a running effect on many different people, has made prime time TV news and got a lot of governments of the world worried and concerned about it has release yet again another statement on its facebook profile. The statement which goes [...]

A hacker going by the handle of “SIDEX AKA SIDDHARTH ” has dumped a huge amount of accounts onto pastebin in what appears to be this years first big random dump. The emails are all mixed and most likely come from a phishing scam/bot of some sort. All together there is over 6700 accounts. Be sure [...]

A few weeks ago we reported that OpHiroshima would be taking place on NYE, most seem to of forgot about it or thought it was fake but how ever it is far from fake, Last night was the last day for 2011 which meant a huge dump was due, it came and now  ALOT of police [...]

This week we seen thousands of Israeli’s attacked via cyberspace in the form of data breaches and credit card and personal detail leaking and now In what’s become so far one of the biggest hacks of information in some time, has made major headlines and really got a lot of blood boiling has now released another statement that warns [...]

The Yomiuri Shimbun has reported that Japan has been building a multi million dollar virus that battles of cyber attacks since 2008. The Defense Ministry’s Technical Research and Development Institute, which is in charge of weapons development, outsourced the project’s development to a private company. Fujitsu Ltd. won the contract to develop the virus, as well as [...]

A hacker throwing the handle #wallroad around had released a huge dump of Credit Rating Agencies information on the 1st as a new years present in the name of anonymous. How ever since then both parts had been deleted but have resurfaced again. The data that is contained within the leak is logins, emails and sadly a lot [...]

Saudi hackers have been busy attacking Israel based servers with 1 main goal in target, to cause trouble for Israel. The hack which came to light from Army Radio via haaretz.com has stated that a group of hackers going by the name of Group-XP have dumped a whole heap of vital and important information. Since this the dump has been removed so we [...]

Well it seems so far that 2012 is starting to be a phishing year, with it in the headlines, china working with banks to stop it and lots of other worry going on about phishing we are starting to see a constant flow of compromised accounts. The latest comes from a hacker going by the handle Zero Freak and [...]

Well its the holiday season and it would seem that everyone is out to dump email accounts in bulk loads. Well below is just some from the last few days, once again be sure to use CTRL+F for quick search in case your account has been compromised. also always be careful what you download, the websites you use [...]

Just a dump of phished accounts that we have been alerted to that consist of yahoo, gmail and other email accounts and comes from “ET” as a part of the on going account dumps we have been seeing. Use CTRL+F for quick search if you think you have been compromised. leak: http://pastebin.com/Ht1MZNe6

A SQL attack which is increasing at extremely fast rates has been uncovered by ISC ( Internet Storm Center ) has seen to raise from just a few thousand pages to over 1 million in just a few weeks. From the past few weeks of going over submitted results and information from interweb users they have put together some [...]


Posted by InfoSec News on Jan 04


By Gregory W. MacPherson
Computer Security Expert, CISSP, etc.
January 3, 2012

The stratfor.com hack is old news by now, so what lessons, if any, are
there to be learned from this high profile data spill?

To review, stratfor.com private data including credit cards, user
accounts, and passwords was dumped on pastebin.com on Christmas Day,
2011. The data spill exposed not...

Posted by InfoSec News on Jan 04


The Yomiuri Shimbun
Jan. 3, 2012

The Defense Ministry is in the process of developing a computer virus
capable of tracking, identifying and disabling sources of cyber-attacks,
The Yomiuri Shimbun has learned.

The development of the virtual cyberweapon was launched in 2008. Since
then, the weapon has been tested in a closed network environment.

Cyberweapons are said to already be in use...

Posted by InfoSec News on Jan 04


By Aliya Sternstein

China-based hackers for months have been targeting federal agencies and
contractors through infected emails apparently to spy on the Pentagon's
drone strategy and other intelligence matters, according to Internet
security researchers.

The reported espionage employed a tactic known as spear-phishing where
infiltrators, operating under the guise...

Posted by InfoSec News on Jan 04


By John E Dunn
03 January 2012

A convicted murderer has been granted a retrial after a stenographer’s
backup record of his trial was apparently destroyed by a malware

The possibly unique sequence of events came to a head when Randy
Chaviano, 26, appealed against his 2009 conviction in a Florida court
for shooting...

Posted by InfoSec News on Jan 04


By Phil Muncaster
03 Jan 2012

Saudi Arabian hackers are claiming to have stolen and posted online the
personal details of more than 400,000 Israeli citizens including credit
card numbers, names and addresses and phone numbers, in an attempt to
cause widespread disruption and discredit the country's banks.

In a posting on Pastebin on Monday, a hacker...
Internet Storm Center Infocon Status