InfoSec News

Motorola Mobility has joined LG and Samsung among the companies building VMware's hypervisor into their phones. The move is part of a larger push at Motorola to cater to business users.
phpLDAPadmin Multiple Cross Site Scripting Vulnerabilities
Cloud Sherpas and Global One, which advise clients in implementing cloud-based Software as a Service applications, have merged in what is a sign of the continually busy M&A activity in the SaaS market.

Grassroots Tech Community Brings Symantec CEO and $10000 Hacker Contest to ...
Virtual-Strategy Magazine
Kansas City, MO, March 05, 2012 --(PR.com)-- Kansas City IT Professionals (KCITP), a grassroots community of 7500+ members in the Midwest, has partnered with Symantec for "InfoSec Night." The information security-focused event, hosted by Johnson County ...

and more »
The U.S. Federal Trade Commission will require Western Digital to sell off assets used to manufacture desktop hard drives to a competitor as a condition of its US$4.5 billion acquisition of rival Hitachi Global Storage Technologies, the agency announced.
The spread of consumer technologies at work has put many IT departments on the back foot, but a conference in San Francisco this week is looking at ways IT managers can take back control and turn the chaos to their advantage.
Yahoo executives are planning a major reorganization of the company, along with possibly thousands of layoffs, according to a report today in AllThingsD.

Grassroots Tech Community Brings Symantec CEO and $10000 Hacker Contest to ...
PR.com (press release)
Kansas City, MO, March 05, 2012 --(PR.com)-- Kansas City IT Professionals (KCITP), a grassroots community of 7500+ members in the Midwest, has partnered with Symantec for "InfoSec Night." The information security-focused event, hosted by Johnson County ...

Vodafone and Deutsche Telekom in Germany have started selling smartphones and tablets with LTE, as European operators slowly start to expand their offerings beyond modems.
Adobe today patched a pair of critical vulnerabilities in Flash Player and told IT administrators to apply the update within 30 days.
Google Chairman Eric Schmidt painted a messianic picture of our technological future on Monday, involving holographic telepresence, self-driving cars, automatic translation and the widespread deployment of 1Gbps Internet access over optical fiber, bringing transnational peace and communication to all.
Reports are circulating that Google is developing a voice assistant technology that would rival Apple's Siri.
Google yesterday patched 14 vulnerabilities in Chrome and handed out a record $47,500 in rewards to researchers, including $30,000 for "sustained, extraordinary" contributions to its bug-reporting program.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Adobe today released bulletin with details regarding two new vulnerabilities in Adobe Flash Player [1]. The vulnerabilities can lead to arbitrary code execution and affects all platforms (don't forget Android and Google Chrome patches!).
There is no indication at this point that the vulnerability has been exploited yet. However, I believe this is an unannounced out-of cycle release.
Also note that twitter is littered with links to various adobe updates with suspect destinations. Only download adobe updates using Adobe's own update tools or use the Adobe site itself.
Thanks all the readers who alerted us about this issue. It took a little bit long to publish this diary in part as I first needed to verify that the update is valid. The security bulletin below isn't link yet from Adobes bulletin overview page.

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Implementation of cloud services will create 14 million jobs internationally by 2014, with the greatest increases occurring in emerging markets, which are not constrained in deploying cloud systems by legacy infrastructure, according to a new study from Microsoft and IDC.
A reader who wishes to remain anonymous would like help with his Apple ID. He writes:
Etano 1.x <= Multiple Cross Site Scripting Vulnerabilities
Open-Realty CMS 2.5.8 (2.x.x) <= "select_users_template" Local File Inclusion Vulnerability
The OS X malware family Flashback is making news again. This time around, antivirus vendor Intego uncovered a new version of Flashback that will use Twitter as a command and control channel [1]. The malware will check twitter for daily changing hashtags to look for commands.
Today's hashtag, #pepbyfadxeoa, has already been heavily abused on twitter. Given all the additional posts, it isn't really clear if the actual command will be parsed correctly by the bot.
Overall, the twitter channel isn't exactly implemented very strongly. For example, Intego points out that the bot will use specific, but alternating, user agents to hide. However, some of these user agents are pretty easy to spot. Hiding in plain sight only works if you are actually trying to blend in and not lighting yourself with a big flare.
So far, we haven't seen any first hand reports of the infection. If anybody runs across a sample, let us know. I would like to test if Apple's XProtect software adds a signature for it, or if existing signatures cover this one. Apple has been steadily updating the XProtect signatures, but it is not always if it covers version reported by other vendors as the naming is not always in sync. According to my monitoring of XProtect, it was last updated February 7th.
[1] http://blog.intego.com/flashback-mac-malware-uses-twitter-as-command-and-control-center/

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The number of large companies that block employees from accessing social media sites from the workplace is dropping, according to a report from industry analyst firm Gartner.
Advanced Micro Devices is shedding its remaining manufacturing assets, giving up its stake in foundry company GlobalFoundries and setting the stage to fully focus on chip design.
The U.S. Federal Trade Commission should investigate Apple and Google for allowing applications on their mobile OSes to access users' photographs without permission, a U.S. senator said.
Apple today announced that a Chinese woman had been awarded a $10,000 iTunes gift card for downloading the 25 billionth app from the company's iOS App Store.
Application streaming--delivering software on-demand from centralized servers or the cloud--holds great promise, but has proved elusive in practical application. Legacy applications can prove difficult to virtualize and performance has been problematic. But Numecent, a startup born of a DARPA project, aims to change that.
Windows 8 Consumer Preview offers a new look at Microsoft's upcoming interface for both computers and tablets. Is one device being shortchanged in favor of the other?
A user has hacked into the official GitHub-hosted Ruby on Rails code repository and bug tracker on Sunday in order to show the Rails development team how serious a vulnerability was.
The newest cavity-inducing Android operating system code name will be Key Lime Pie, according to The Verge. No details are available about Key Lime Pie aside from a possible 2013 release date, so it's unclear if the OS is intended for smartphones, tablets, or a sweet mash-up of both.
Symfony2 Local File Disclosure - Security Advisory - SOS-12-002
[SECURITY] [DSA 2425-1] plib security update
[SECURITY] [DSA 2424-1] libxml-atom-perl security update
Name: Anil Chanana
I keep telling readers to back up their hard drives. Starlla Dupert asked me how.
The eyes of the online world are on Joe Sullivan.
%windir%\temp\sso\ssoexec.dll (or: how trustworthy is Microsoft's build process)
Security Implications of Predictable IPv6 Fragment Identification values (rev'ed IETF I-D)
[SECURITY] [DSA 2423-1] movabletype-opensource security update
One lesson of RSA Conference 2012 is that we are neither winning or losing the security battle. So where do we go from here?
Premier 100 IT Leader Linda Zafonte also has advice on getting funding for training and more.
Security policies work best when they apply equally to everyone in the company. Of course, there are always some people who think they should be exceptions.
A Chinese electronics vendor is appealing a court ruling to stop its iPad sales, as Apple fights to prevent local authorities from banning the iconic tablet in the country over a trademark dispute.
Early today a Peru Police information website was hacked and defaced, the hack was announce via twitter from the @LulzSec_GT Account and the site that was hacked and defaced is policiainformatica.gob.pe/ Which at the time of publishing was displaying a mantiance page which suggests they have caught onto the attack and are in the process of fixing it.

Indian Cyber Hunters, who have claimed to "be back" have started out attacking some coupon websites, leaving them with a main page defacing which has been on there for some hours now.

@TheHackNews_Com has alerted us to a subdomain of the European Union which belongs to the European Environment Agency (EEA) and is a further subdomain of that which appears to be a live test site, which inturn has been pen-tested and now hacked and defaced, Al together 3 sub domains have been hacked and left defaced..

Hackers have duped supporters of the Anonymous group into installing the Zeus botnet, which steals confidential information from PCs, including banking usernames and passwords, security researchers said last week.
Bring-your-own-device policies are forcing companies to confront a myriad of IT challenges related to support architecture, security policies and mobile platforms. Dealing with those challenges is topic No. 1 at this week's CITE Conference.
If you've got a damaged USB thumb drive or memory card, one of these six recovery tools could help you save your important data.
U.S. prosecutors have filed papers seeking the extradition of Kim Dotcom, founder of Megaupload and three colleagues, who are charged in the U.S. with allegedly running a criminal enterprise responsible for online piracy of numerous types of copyrighted works.
Most businesses are accepting, even embracing, consumer technology. What do they know that you don't?
Notmuch Emacs Information Disclosure Vulnerability

The Tech Herald

Experts avoid AV because they can - the rest of you should still use it
The Tech Herald
This quote was followed by one from Dan Guido, another security expert and founder of the startup Trail of Bits, who noted that those in the InfoSec world using AV do so because of professional requirements, otherwise “almost nobody in the security ...

and more »
A well known Adult site Digital Play Ground has been hacked by @Th3Consortium and as a result the hack has leaked out a heap of data that was has been displayed on a subdomain of the site.

A hacker using the handle JM511 has dumped a heap of accounts that are claimed to be from an Saudi Arabia based website, the exact website these are from is unknown.

Apache Hadoop users will soon be able to analyze data as it is streamed from its source, thanks to a partnership between data-warehouse software provider Informatica and Hadoop distributor MapR.
Google Chrome Prior to 17.0.963.65 Multiple Security Vulnerabilities

Posted by InfoSec News on Mar 04


The Sun
05th March 2012

Sony music suffered its second major security breach in a year, with
thieves targeting songs and unreleased material by the superstar singer.

It's alleged they downloaded more than 50,000 music files, worth
£160million, in the biggest ever cyber attack on a music company.

The news comes just a year after...

Posted by InfoSec News on Mar 04


By Elinor Mills
March 3, 2012

SAN FRANCISCO -- Every year, security vendors gather at the RSA
conference here to reaffirm their commitment to fencing out hackers and
keeping data safe. And every year, corporate and government Web sites
continue to fall victim to basic attacks. Heck, ubersecurity firm RSA
itself was...

Posted by InfoSec News on Mar 04



The web site of Russia's Central Election Commission came under
large-scale and sustained attack by hackers from within Russia and
abroad during the presidential election, the Commission's deputy head
Leonid Ivlev said on Sunday.

"It was varied and of long duration, but does not present any problem to
the CEC server. They want to damage its defense," he...
PLIB 'ulSetError()' Function Remote Buffer Overflow Vulnerability
Sysax Multi Server 'username' Field Buffer Overflow Vulnerability
Diskeeper, a vendor best known for its hard drive defragmentation technology, announced it has changed its name to Condusiv and is taking a new product direction.
Internet Storm Center Infocon Status