InfoSec News

At the end of a long court hearing in California on Thursday that saw Apple and Samsung argue over a $1 billion damages award granted to Apple this summer, Judge Lucy Koh had a simple yet optimistic request: global peace.
California's attorney general has sued Delta Air Lines for failing to include a privacy policy within the company's mobile application, an alleged violation of the state's Online Privacy Protection Act.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
In addition to Exchange Server, updates fix flaws in Internet Explorer, Microsoft Office and Microsoft Word.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Inadequate security controls, a heavy use of cloud-based services, and employee negligence are resulting in multiple breaches at the same firms.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Guatemala has denied fugitive anti-virus pioneer John McAfee's appeal for asylum there, though an apparent hospitalization may delay his deportation, reports say.
A 22-year-old U.K. man was convicted for his involvement in a series of distributed denial-of-service attacks launched by the hacktivist group Anonymous against PayPal, MasterCard, Visa and other companies in 2010.
Xerox is being sued by systems integrator CedarCrestone over payments related to an Oracle PeopleSoft upgrade at insurer CIGNA.
Apple will manufacture one of its Mac lines exclusively in the U.S. by the end of 2013. Why is Apple making this move?
Microsoft today announced it will deliver seven security updates next week to patch 11 vulnerabilities, including the first that apply to Internet Explorer 10, the company's newest browser.
SwiftKey Flow combines outstanding word prediction with a top-notch interface and new slide-to-type functionality. Quite simply, typing on Android doesn't get much better than this.
Calling Google+ the "fastest growing network thingy ever," a company executive said the number of Google+ active users has jumped to 135 million, a 35% increase in its user base in three months.
Web and mobile device users have little understanding about how much of their personal data is collected online, making it difficult to rely on free-market competition for solutions to privacy concerns, privacy experts told the U.S. Federal Trade Commission.
Microsoft opened up the doors to Socl, a new social network started in its Research FUSE Labs
Red Hat Enterprise Virtualization Manager Multiple Security Vulnerabilities
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Xen Bitmap Local Denial of Service Vulnerability

Based on reader reports (thanks Fred!) it looks like some carefully crafted spam is making its way past filters at the moment. The spams have content like

To all of my friends who didnt have the a moment to watch me on the channel-20 news last Tuesday talking about my blog, and financial accomplishments. Im forwarding you the News Article, so you can read the whole story on how I became financially independent and wealthy. hxxp://r,turn,com/r/formclick/id/Ln5c6GsFyTbGgAsAbQABAA/url/%68%74%74%70%3a%2f\%6a%2e%6d%70/TSQHMO?djyna

Im using hxxp and , instead of . to keep the domains from becoming clickable .. and to hopefully keep your spam/virus filter from panicking belatedly over this ISC diary instead of over the real spam earlier :)

We first expected some sort of Fake AV malware campaign, but it looks like the site only pushes the latest work-at-home-get-rich-quick scam. At least for the moment.Looking at the URL closely, heres whats going down: r,turn,comhas an open redirect. The bad guys use this as a trampoline to bounce whoever clicks on the link to the next stage.

%68%74%74%70%3a%2f\%6a%2e%6d%70 is really only hexadecimally encoded ASCII, and translates to hxxp:/\j,mp, so the next stage is hxxp://j,mp/TSQHMO?djyna.

There, we get a redirect to hxxp://wallyplanet,info/fizo.htm?33722, where we get a file that contains window.location = hxxp://bit,ly/Vn3lWj. Which redirects to hxxp://picklecook,us/fizo2.htm, where we get a file that contains window.location = hxxp://CNBC-20NEWS,NET/momstory294b.htm, where we finally get the sob story and the get-rich-quick scam.

I doubt the spam filters follow this mess all the way, hence the URL reputation score in the spam filters apparently got tricked, and let the email through.

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
It looks like the iPhone will finally be coming to T-Mobile USA.
Tablets are hot-- so hot that IDC just bumped up its global market forecast for the tablet market for 2012 and beyond.
The International Telecommunication Union (ITU), the UN body that has played a standards-setting role for global telecommunication networks over the decades, Wednesday night suffered a website attack that severely disrupted a conference to discuss its Internet influence.
Apple will manufacture one of its Mac lines exclusively in the U.S. by the end of 2013, CEO Tim Cook told NBC and BusinessWeek in interviews made public today.
A study has given some insight into a Europe-wide attack with a smartphone Trojan that may have helped criminals steal as much as 36 million euros. This figure has not been independently verified, however


We received a report from a reader (thanks Marco!) that earlier today, usertrust.com, a domain used by Comodo CA, apparently was pointing elsewhere for a while. From information captured by passive DNS sensors, it indeed looks like the NS records were changed to ns1.pendingrenewaldeletion.com and the A records were changed to point to, both indicative of a domain that has been parked by Network Solutions. Two hours later, the DNS records were updated again, and pointed back to Comodo. Given that the registration record on Network Solutions WHOIS shows a renewal date of December 5 for the usertrust.com domain, it is probably fair to assume that something went wrong in the renewal.

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Citrix plans to buy mobile device management company Zenprise and integrate its software with its Citrix CloudGateway and [email protected] software for managing mobile apps and data.
CA20121205-01: Security Notice for CA XCOM Data Transport on Unix and Linux
[ MDVSA-2012:177 ] bind
A breach at a US insurance company saw 1.1 million identity records stolen from the company's systems. The company suspects attackers from outside the USA

A disgruntled IT worker at the Swiss Federal Intelligence Service (FIS) has been arrested for copying several terabytes of confidential data off the agency's servers with the intention of selling it to the highest bidder

Computer Associates XCOM Data Transport Remote Arbitrary Command Execution Vulnerability
Research in Motion introduced the BlackBerry 10 Ready Program to help prepare business customers for the launch of the next-generation mobile operating system on Jan. 30.
Amazon Web Services has added PowerShell to the management options for its cloud, in a move that reaches out to the Windows community.

Back when this scam started to become popular, the caller usually claimed to be from Microsoft or any other large well known techie company, and tried to talk the person answering into running some commands or programs on the PC in order to fix a critical problem. But the latest twist of this scam seems to get more targeted: We have had two reports of fake tech support calls where the caller claimed to be representing the firm to which the called company had in fact outsourced its IT Support.

This isnt really rocket science on the attackers part - some basic internet searches will give them lots of press releases and marketing blah where service providers tout their success in winning over a big support contract for company XYZ. I tried a search on my own based on one of the samples, and even found job postings where the service provider was explicitly looking for techies to work on the XYZ account. Next, I went on a LinkedIn search to find techies working for the service provider, and filtered to discover if any were connected to anyone at company XYZ. Not surprisingly, there were quite a few. Stuff like this is a gold mine for phishers, social engineering, and fake tech support scammers.

There is little point though in trying to keep the Internet free from such information. Company XYZ might have been able to control what the marketing people of the service provider write about their reference customer, but they cant really control who is connected to whom on social networks.

In terms of countermeasures, as a service provider, make sure you have an established way how your staff identifies itself to your customer. As a company with outsourced services, make sure there is a well defined conduit how the service provider interacts with your employees, that your employees are aware of this, and that there is a defined mechanism (known call back number, etc) in place to verify a call if your employees have any doubt.

Please report fake tech support calls on https://isc.sans.edu/reportfakecall.html

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Microsoft's recent price increases for its client-access licenses (CALs) is a 'lose-lose' deal for enterprise customers but likely a major revenue boost for Microsoft, analysts said today.
The U.S. House unanimously passed a resolution urging the U.S. government not to give the United Nations' International Telecommunication Union control over the Internet.
A patent agreement between Apple and HTC forbids the Taiwanese company from making and selling mobile devices that copy what is described as the 'Distinctive Apple User Experience.'
Fugitive anti-irus technology pioneer John McAfee, who is wanted for questioning by police in Belize in connection with a murder in that country several weeks ago, has been detained in Guatemala on charges that he entered the country illegally.
Intervening in a patent dispute between Apple and Motorola Mobility, the U.S. Federal Trade Commission has opposed bans on the sale of products that include standardized, patented technology when the patent holder has previously committed to license the patent on fair and reasonable terms.
IBM says that by the time a massive radio telescope array taking up a square kilometer of land is completed in 2026, its tape drive technology will be able to support the generation of 1 petabyte of data per day in search of new galaxies and the origins of the universe.
Need some help choosing holiday presents for the technology fans on your gift list? We've rounded up this year's best tech gifts, from tablets and HDTVs to smartphones, laptops and an array of other gadgets and accessories.
The Hashcat GPU cluster introduced at the Password^12 conference uses 14 GPUs to crack password hashes

The recently released update for the free DNS server closes a security hole that could be exploited for Denial-of-Service attacks. The only servers that are affected use DNS64, an option intended to help with migrating to IPv6


Posted by InfoSec News on Dec 06


By Beth Walsh
Dec 04, 2012

The loss of an unencrypted handheld Palm device in the Continuum Home
Infusion unit of the University of Virginia Medical Center has resulted
in a data breach of protected health information. More than 1,800
patients or potential patients were affected.

The device had...

Posted by InfoSec News on Dec 06


By Victoria Murphy
6 Dec 2012

Prince William was last night fuming after two Australian radio stars
duped the hospital treating his sick wife into releasing information
about her condition to millions of listeners.

Mel Greig and Michael ­Christian left the stunned nurse looking after
the pregnant Duchess of Cambridge believing they were the Queen and...

Posted by InfoSec News on Dec 06


The Wall Street Journal
December 5, 2012

The Federal Bureau of Investigation is pursuing foreign hackers who
targeted the computers of retired Adm. Mike Mullen, the former chairman
of the Joint Chiefs of Staff, in the latest example of what current and
former officials call a pattern of attacks on computers of...

Posted by InfoSec News on Dec 06


By Duncan Gardham
Investigations Correspondent
The Telegraph
04 Dec 2012

The senior technician became so disgruntled earlier this year that he
stopped showing up for work at the NDB, the Swiss intelligence service.

But the agency only realised that something was amiss when UBS, the
largest Swiss bank, expressed concern about an attempt...

Posted by InfoSec News on Dec 06


By Dan Goodin
Ars Technica
Dec 5, 2012

A researcher has devised a method that reduces the time and resources
required to crack passwords that are protected by the SHA1 cryptographic

The optimization, presented on Tuesday at the Passwords^12 conference in
Oslo, Norway, can speed up password cracking by 21 percent. The...
Adobe InDesign Server 'RunScript' SOAP Message Remote Command Execution Vulnerability
Internet Storm Center Infocon Status