Share |

InfoSec News

A Nevada student who gave the opening address at his high school graduation last year has been charged with breaking into his school district's computer system and bumping up his classmates' grades for a fee.
 
In an office building near Portland, Oregon, in a room next to a massive bank of cubicles, hums one of a group of small Intel data centers known collectively as the Cloud Builders Factory.
 
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
SonicWall once focused on small and midsize businesses, but its introduction earlier this year of a next-generation firewall line dubbed SuperMassive leaves no doubt that the company is now taking aim at larger enterprises. In fact, the privately-held San Jose company's CEO, Matt Medeiros, says the enterprise market accounted for nearly half of SonicWall's sales over the past six months.
 
While provisioning all the capacity of an external disk to a given application, known as full provisioning, ensures the app has plenty of growth potential, it results in poor utilization rates, a costly problem that can be addressed with thin provisioning technology.
 
A new technology from Intel called ray tracing could bring lifelike images and improved 3D effects to games on tablets and other mobile devices.
 
Developers and publishers who have adopted Twitter's Tweet Button say the tool is beneficial in letting their site readers and application users conveniently share links on Twitter, but that some features can be improved, including its analytics data and mobile functionality.
 
Facebook recently announced a messaging product that promises seamless messaging, conversation history and a social in-box, nothing short of a new way to communicate, regardless of the channel —SMS, e-mail, IM or chat. The Social Inbox will only contain messages from Friends and Friends of Friends, with other messages being routed to the 'Other' Folder.
 
Subversion 'mod_dav_svn' Apache Server NULL Pointer Dereference Denial Of Service Vulnerability
 
A report released earlier this year by Panda Security reveals just how sophisticated the business of cyber crime has become. Among its findings: botnets are now available as a service for criminals to rent and launch spam attacks --- with prices that start as low as $15 for the rental of a SMTP server.
 
After resuming the update to Samsung Windows phones on Wednesday, Microsoft is running into problems again.
 
IBM is returning fire to Oracle in an increasingly heated battle over who has the faster stack of middleware.
 
WebKit CVE-2011-0152 Unspecified Memory Corruption Vulnerability
 
WebKit CVE-2011-0135 Unspecified Memory Corruption Vulnerability
 
WebKit CVE-2011-0155 Unspecified Memory Corruption Vulnerability
 
WebKit CVE-2011-0150 Unspecified Memory Corruption Vulnerability
 
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
As it wages an escalating civil war, Libya has once again cut Internet service in and out of the country.
 
A rocket carrying a satellite designed to help scientists study the Earth's climate suffered a technical failure and may have crashed into the southern Pacific Ocean.
 
Power users work their Macs faster than regular folk do for a variety of reasons. More important than a speedier processor is a speedier computist. Since your fingers are nearly always on the keyboard, controlling your computer that way--instead of taking your hands off the keys to control your mouse--can put you into the upper echelon of efficient Mac users.
 
The London Stock Exchange has made a U-turn on the system requirements placed on data vendors such as Thomson Reuters, Interactive Data and Bloomberg, after three weeks of problems since the launch of its new trading platform.
 
With consumers increasingly turning to cloud service providers for data storage needs, analysts say buyers might opt for 16GB or 32GB models instead of the top-end 64GB iPad 2.
 
A news report says the U.S. Department of Justice has launched an antitrust investigation of MPEG LA.
 
Microsoft today launched a deathwatch for its 10-year-old Internet Explorer 6 browser, saying it wanted to "see IE6 gone for good."
 
EMC Chairman Joe Tucci saw his own compensation climb 37% during what he called the best year in the company's history.
 
IDC released its external disk storage systems factory revenues for the fourth quarter and fiscal year 2010, showing more than 5,000 petabytes shipped for year-over-year growth of 55%.
 
Industry experts are expecting Samsung to unveil a new Galaxy Pro tablet with an 8.9-inch screen during an event at the CTIA conference late next month.
 
Google's for-tablets-only Android Honeycomb OS has a lot of interesting features but isn't ready yet to deliver the full tablet experience.
 
Once viewed as tools for posting trivial content on the Web, social networking and social media sites have evolved as bona fide sources of information publishing and sharing, forcing search engine providers like Google to factor them into their services.
 
JBoss Enterprise Application Platform Multiple Vulnerabilities
 
Once viewed as tools for posting trivial content on the Web, social networking and social media sites have evolved as bona fide sources of information publishing and sharing, forcing search engine providers to increasingly factor them into their services. Google isn't an exception: it launched a formal Social Search component to its search engine in 2009 and has updated it regularly since then. With Social Search, people can link their Google accounts to their social media accounts and have Google incorporate relevant content from their social circle into search results.
 

Risk Management Elevated as an Infosec Challenge
GovInfoSecurity.com (blog)
Managing IT security, fundamentally, comes down to weighing risks. And, in the past week, the National Institute of Standards and Technology has focused on risk management with two significant announcements. First, the issuance of Special Publication ...

and more »
 
As more tablets come to market, be prepared to be wowed by the power that some of these slates are capable of. But also be prepared to be disappointed: The tablets already on the market, or coming soon, have a slew of gotchas--especially the lower-cost models you may see advertised at rock-bottom prices.
 
Three men and a woman who ran what U.K. police say was the largest English-language criminal forum for selling stolen credit card numbers and the tools to steal data were imprisoned for a combined total of more than 15 years, according to the Metropolitan Police.
 
Android smartphones beat iPhone and BlackBerry devices for the first time in the U.S. in the latest Nielsen survey conducted just prior to Verizon Wireless sales of the iPhone.
 
[DCA-2011-0002]: TOTVS ERP Microsiga Protheus - Users Enumeration
 
[DCA-2011-0001] TP-LINK TL-WR740N Multiple Vulnerabilities - Stored XSS - Web Console and Upnp server DoS
 
[SECURITY] [DSA 2181-1] subversion security update
 
[DCA-2011-0003]: LMS Web Ensino - Multiple XSS, Session Fixation, CSRF and SQL Injection
 
InfoSec News: Sailor charged with attempted espionage is held in Norfolk: http://hamptonroads.com/2011/03/sailor-charged-attempted-espionage-held-norfolk
HamptonRoads.com March 4, 2011
NORFOLK - A U.S. Navy sailor serving at Fort Bragg was charged Thursday with attempting to sell classified documents.
Petty Officer 2nd Class Bryan Minkyu Martin, 22, of New York, was [...]
 
InfoSec News: Libicki: Stuxnet isn't all it's cracked up to be -- but then neither is cyberwar, really: http://ricks.foreignpolicy.com/posts/2011/03/03/libicki_stuxnet_isnt_all_its_cracked_up_to_be_but_then_neither_is_cyberwar_really
By Thomas E. Ricks The Best Defense Foreign Policy Magazine March 3, 2011
"Cyber security has become Washington's new growth industry," two of my [...]
 
InfoSec News: S. Korea's major web sites hit by DDoS attacks: http://news.xinhuanet.com/english2010/world/2011-03/04/c_13760843.htm
English.news.cn 2011-03-04
SEOUL, March 4 (Xinhua) -- A fresh wave of cyber attacks hit major South Korean Web sites, including that of the presidential office Cheong Wa Dae, on Friday, local media reported, citing industrial sources.
Starting 10 a.m. Friday, 40 web sites, including the ones of presidential office Cheong Wa Dae, the Ministry of Foreign Affairs and Trade and top lender Kookmin Bank, came under distributed denial-of-service (DDoS) attacks, Yonhap News Agency reported, citing AhnLab, South Korea's top information security company.
Additional attacks are expected to come at 6:30 p.m., Yonhap said.
DDoS attacks are unsophisticated but pose great difficulties for websites to defend against. The attacker directs a giant traffic surge to its target, overwhelming the site's servers and making it hard for legitimate users to access the site.
 
InfoSec News: March Patch Tuesday leaves IE unpatched for Pwn2Own hackers: http://www.theregister.co.uk/2011/03/04/ms_march_patch_tuesday_pre_alert/
By John Leyden The Register 4th March 2011
Microsoft -- unlike its browser rivals -- will not be patching Internet Explorer before the upcoming Pwn2Own hacking contest next week. [...]
 
InfoSec News: Facebook Chief Security Officer to Keynote 2nd Annual HITB Security Conference in Europe: http://conference.hackinthebox.nl/hitbsecconf2011ams/
Facebook Chief Security Officer to Keynote 2nd Annual HITB Security Conference in Europe
Utrecht, The Netherlands 02 March 2011
After the success of last year’s inaugural event, Hack In The Box [...]
 
Limelight Software 'id' Parameter SQL Injection Vulnerability
 
In the last few weeks, maybe even months we've been seeing an increase in the number of Distributed Denial of Service (DDOS) attacks on different sites. Today, according to Ahnlabs in Korea, a number of government sites are under attack. Yesterday it was word press, and recently we also had sourceforge and no doubt a number of others that I've forgotten to mention.
So is DDOS the new black? We know that the majority of the malicious files and traffic we see are somehow related to making money, but realistically I can't quite see how this is doing the trick.How is money being made?Are the current attacks going to serve as examples? Give some money or else? I don't know how effective that would be as most of the organisations seem to be dealing with the DDOS attacks relatively well.
So why are we seeing these increases? Are they being reported more? Are they easier to do? Are they test runs for something better later on, or maybe even nation states testing their processes. Let us know if you've been under attack, recently. I'd be interested to know how you dealt with it and if you have some packets you can share, even better. If you know why you were targeted I'd be interested to know.
Now for dealing with a DDOS attack.
The best will be to stop the packets from reaching you in the first place. To stop them as far away from your environment as possible, especially if link saturation is the problem. This will likely need the cooperation of your ISP. You will find some are more willing to help you deal with an attack than others.
If you manage to identify a particular characteristic of the packets being sent, then you might be able to get a firewall, router, IDS, or IPS to deal with the traffic. These types of devices will be better at coping with this than your web or mail server. Check you firewalls, many have the capability to drop traffic based on certain thresholds or characteristics and they may be enough to
But lets put this in the context of an incident handling process. Hopefully you remember the six steps:

Preparation
Identification
Containment
Eradication
Recovery
Lessons Learned

Preparation
This will be the most important step. Firstly you will need to decide what you are going to do in the event of a DDOS attack on your infrastructure. Will you pull the plug yourself and just ride it out? or will you take steps ab and c to deal with the attack. Best to sort this out before it happens rather than whilst it is happening.
Make sure you understand what your ISP will and won't do for you in the event of a DDOS attack on your sites.
If you have an approach to deal with the DDOS, make sure it is documented. Nothing worse than having to figure things out whilst the attack is underway.
Have the capability to grab packets in place. They will be invaluable.
Identification
How do you identify an attack? Often it is because someone receives a phone call saying xyz is very slow/unavailable. You may have an IDS/IPS/Firewall throwing up alert. So that is how you notice.
What to do next. Well hopefully you have managed to capture some packets, or at a minimum log records. You will need to look at these and see if you can identify a common factor.
Containment
Using the information discovered, you may be able to configure an upstream device to drop the malicious packets. Your ISP or a vendor may be able to help mitigate the attack and contain the damage done.
You will likely also need to examine the targets to ensure they have not been compromised. l
Eradication
If the targets have been compromised you will need to deal with those. Your incident handling plan, developed in the preparation stage, should have enough information to allow you to deal with this new issue.
Often when the attack is not successful it will drop off, so I guess it is self eradicating.
Recovery
Once the attack is over, determine what else may need to cleaned, replaced, hardened.
Lessons Learned
Standard practice after any incident is the lessons learned. Go through the attack, see where you went wrong and where you went right. Develop an approach to deal with

I've made a start, if you can add to it let us know via the contact form or comments.
Cheers
Mark H. (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Acquisitions such as Teradata's planned purchase of Aster Data Systems are driven by the growing demand for technologies that can help enterprises mine massive volumes of unstructured data, analysts said.
 
Moodle Prior to 1.9.11/2.0.2 Multiple Vulnerabilities
 
Linux Kernel 'dns_key.c' NULL Pointer Dereference Denial of Service Vulnerability
 
Google's for-tablets-only Android Honeycomb OS has a lot of interesting features but isn't ready yet to deliver the full tablet experience.
 
China plans on tracking the movements of people in Beijing using their mobile phones, a measure that while aimed at relieving traffic congestion, could set off concerns over misuse.
 
Microsoft is responding to the online coupon frenzy by adding results about special deals to its Bing search engine, both on its desktop and mobile versions.
 
IT executives expect support requirements to increase significantly once workers begin using the iPad 2 for business tasks.
 
After a GAO report found cost overruns in the hundreds of millions of dollars, as well as lengthy project delays, the National Archives plans to end the development portion of an electronic archive by the end of this year in order to contain costs.
 

Posted by InfoSec News on Mar 04

http://www.theregister.co.uk/2011/03/04/ms_march_patch_tuesday_pre_alert/

By John Leyden
The Register
4th March 2011

Microsoft -- unlike its browser rivals -- will not be patching Internet
Explorer before the upcoming Pwn2Own hacking contest next week.

A March Patch Tuesday pre-alert, published on Thursday, reveals that
Redmond will be issuing three security bulletins next week, one of which
affects a critical flaw in Windows and none of...
 

Posted by InfoSec News on Mar 04

http://hamptonroads.com/2011/03/sailor-charged-attempted-espionage-held-norfolk

HamptonRoads.com
March 4, 2011

NORFOLK - A U.S. Navy sailor serving at Fort Bragg was charged Thursday
with attempting to sell classified documents.

Petty Officer 2nd Class Bryan Minkyu Martin, 22, of New York, was
charged with attempting to forward classified information to a person
not authorized to receive such information, a news release from the Navy...
 

Posted by InfoSec News on Mar 04

http://conference.hackinthebox.nl/hitbsecconf2011ams/

Facebook Chief Security Officer to Keynote 2nd Annual HITB Security
Conference in Europe

Utrecht, The Netherlands
02 March 2011

After the success of last year’s inaugural event, Hack In The Box
Security Conference is taking over the Krasnapolsky once again from the
17th till the 20th of May. This deep knowledge security conference
brings a unique mix of security professionals,...
 

Posted by InfoSec News on Mar 04

http://ricks.foreignpolicy.com/posts/2011/03/03/libicki_stuxnet_isnt_all_its_cracked_up_to_be_but_then_neither_is_cyberwar_really

By Thomas E. Ricks
The Best Defense
Foreign Policy Magazine
March 3, 2011

"Cyber security has become Washington's new growth industry," two of my
CNAS colleagues, Kristin Lord and Travis Sharp, commented the other day.
They warn especially against billion dollar solutions to million dollar
problems....
 

Posted by InfoSec News on Mar 04

http://news.xinhuanet.com/english2010/world/2011-03/04/c_13760843.htm

English.news.cn
2011-03-04

SEOUL, March 4 (Xinhua) -- A fresh wave of cyber attacks hit major South
Korean Web sites, including that of the presidential office Cheong Wa
Dae, on Friday, local media reported, citing industrial sources.

Starting 10 a.m. Friday, 40 web sites, including the ones of
presidential office Cheong Wa Dae, the Ministry of Foreign Affairs and...
 
RhinOS 'gradient.php' Multiple Directory Traversal Vulnerabilities
 
libcgroup 'cgrulesengd' Daemon Netlink Messages Event Spoofing Vulnerability
 


Internet Storm Center Infocon Status