InfoSec News

One Laptop Per Child (OLPC) showed off the next version of its famous laptops on Thursday at the International Consumer Electronics Show in Las Vegas, saying the new price-per laptop has been reduced to $165 each and power consumption has been slashed by half compared to the previous version.
 
Sprint Nextel will sell a WiMax version of the Research In Motion PlayBook tablet beginning this summer, the companies announced on Thursday at the International Consumer Electronics Show in Las Vegas.
 
Sprint announced its third 4G WiMax smartphone on Thursday at CES 2011, the HTC Evo Shift 4G, which will sell for $149.99, the lowest price for a 4G device.
 
Multiple Mobile Phones SMS Message Handling Denial of Service Vulnerability
 

Conference Series Targeting Technical Information Security Professionals ...
BigNews.biz (press release)
... one of the world's premier infosec event where the latest security threats are presented and debated, and vulnerabilities are disclosed and scrutinized. ...

 
Intel on Thursday defended its Intel Insider feature in the latest Sandy Bridge PC chips, which secures streaming of high-definition movies from online movie services to PCs.
 
When Microsoft announced plans to release a version of Windows for ARM processors, it created a lot of work not only for itself, but for all the independent software vendors who sell Windows software as well.
 
RETIRED: Mozilla Multiple Products March 30, 2010 Remote Vulnerabilities
 
We had one reader write in today stating that they are seeing dhcp requests to 1.1.1.1 and 3.3.3.3.
DHCP packets should be sent to the broadcast address 255.255.255.255.
So if anyone has packets or an explanation for this traffic please write in to let us know your thoughts.

(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Salesforce.com announced Thursday it has purchased Web conferencing software vendor Dimdim for $31 million.
 
Several manufacturers announced plans to offer smartphones, tablets and laptops that support Verizon's LTE network by mid-2011.
 
Facebook is reportedly preparing to disclose financial information or prepping for an initial public offering in 2012.
 
Here's a preview of Thursday's news from the Consumer Electronics Show in Las Vegas.
 
T-Mobile officials Thursday demonstrated the new Dell Streak 7 touchscreen tablet it plans to start selling within weeks.
 
Lee informed us today that dota2trailer.tk claims to have a video trailer for the new Dota 2 game but instead installs a keylogger to steal credentials from gamers.



The website warns that you need java script enabled so it may have some java exploits.



VirusTotal's url check didn't show any known maliciousness associated with that url.

http://www.virustotal.com/url-scan/report.html?id=c6b23afaa80fb96f096cb9b9e6a25012-1294334566

Firefox Clean site

G-Data Clean site

Google Safebrowsing Clean site

Opera Clean site

ParetoLogic Clean site

Phishtank Clean site


Looking at the code on the site it does try to use java to download hxxp://NoS.fileave.com/CamPlug.exe

CamPlug.exe isn't recognized as malicious by any antivirus vendor at VirusTotal however it is detected as packed/encrypted by two of the vendors as Gen.Variant.MSILKrypt!IK which by itself doesn't make this malware however that has been used in other keyloggers and trojans so Ibelieve it is malicious.


http://www.virustotal.com/file-scan/report.html?id=ecb6e9b3a5c4aa9165a7725d6b28d22dae38c8a72fe10d25eec53de5189c54bf-1294338169 (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
As usual, this year's hyperaggressive holiday and New Year advertising started before I even managed to put down my Thanksgiving dinner fork. New cars, new clothes, new exercise fads--many sold with a variation on the slogan "A new you for the new year!"
 
Microsoft's announcement at CES that its next version of Windows will run on the ARM chip architecture was the wrong message at the wrong place, said an industry analyst.
 
A former EMC testing engineer has pleaded guilty to charges that he stole about $930,000 worth of equipment from the company's Apex, North Carolina, plant.
 
LinkedIn may become the first social network to register for an initial public offering, according to news reports.
 
Evince Multiple Remote Code Execution Vulnerabilities
 
Microsoft will issue two security bulletins, one critical addressing flaws in Internet Explorer and the Windows Graphics Rendering Engine. Attackers are targeting both flaws.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Mac OS X v10.6.6 is now available and addresses the following:



PackageKit

CVE-ID: CVE-2010-4013

Available for: Mac OS X v10.6 through v10.6.5,

Mac OS X Server v10.6 through v10.6.5

Impact: A man-in-the-middle attacker may be able to cause an

unexpected application termination or arbitrary code execution

Description: A format string issue exists in PackageKit's handling

of distribution scripts. A man-in-the-middle attacker may be able to

cause an unexpected application termination or arbitrary code

execution when Software Update checks for new updates. This issue is

addressed through improved validation of distribution scripts. This

issue does not affect systems prior to Mac OS X v10.6. Credit to

Aaron Sigel of vtty.com for reporting this issue.



Mac OS X Server v10.6.6 may be obtained from the Software Update

pane in System Preferences, or Apple's Software Downloads web site:

http://www.apple.com/support/downloads/



Information will also be posted to the Apple Security Updates

web site: http://support.apple.com/kb/HT1222



Thanks go out Dave who noticed the apple security update information to OS X v10.6 through v10.6.5 which was blank earlier today. (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The Apache Software Foundation has accepted Object-Oriented Data Technology as a top-level project.
 
BP's monitoring IT systems on the failed Deepwater Horizon oil rig relied too heavily on engineers following complex data for long periods of time, instead of providing automatic warning alerts.
 
Worried, or just curious about the year ahead? Find out what's on the near-term horizon with Computerworld's Forecast 2011 PDF version -- and share what you learn with friends and colleagues.
 
The White House has called on all government to review processes in place to identify workers who may be inclined to disclose classified data to whistleblowers like the WikiLeaks Web site.
 
A federal judge has set aside the $139 million judgment against SAP that a jury awarded Versata Software in August 2009, according to a ruling filed Thursday in U.S. District Court for the Eastern District of Texas.
 
Verizon Wireless will introduce Cisco's Cius tablet for its fast LTE mobile broadband network in the spring of 2011, and the companies will also offer LTE interfaces for Cisco's second-generation Integrated Services Router for small and medium-size businesses.
 
Microsoft today announced it would release just two security updates next week to patch three vulnerabilities in Windows.
 
XSS vulnerability in PHP MicroCMS
 
SQL Injection in phpMySport
 
SQL Injection in phpMySport
 
[SECURITY] [DSA-2142-1] New dpkg packages fix directory traversal
 
Eclipse IDE Help Component Multiple Cross Site Scripting Vulnerabilities
 
Google showed off the first preview of features in Honeycomb, its upcoming version of Android designed for tablets, during a keynote speech at the Consumer Electronics Show in Las Vegas.
 
Intel expects the next version of Google's popular mobile software, Android 3.0, or Honeycomb, to be ready for use with its Atom microprocessors.
 
Verizon Wireless will introduce Cisco's Cius tablet for its fast LTE mobile broadband network in the spring of 2011, and the companies will also offer LTE interfaces for Cisco's second-generation Integrated Services Router for small and medium-size businesses.
 
SQL Injection in phpMySport
 
Path disclousure in phpMySport
 
Authentication bypass in phpMySport
 
RETIRED: Nucleus CMS Multiple Remote File Include Vulnerabilities
 
SQL Injection in Phenotype CMS
 
As promised, Apple opened its Mac App Store today, stocking it with more than 1,000 games, utilities and productivity programs.
 
Not that AT&T is looking over its shoulder at Verizon, or that Apple is doing likewise with Google Android, but AT&T said it is roughly halving the price of Apple iPhone 3GS smartphones to $49 from $99 come Friday.
 
[SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option
 
[SECURITY] [DSA-2141-1] New openssl packages fix protocol design flaw
 
Socialtext is trying to grab customers away from enterprise social networking vendor Yammer with a new migration offer that was announced Thursday.
 
Amazon Web Services today added two premium support tiers and announced that the price of existing premium plans have been cut by 50%.
 
[SECURITY] [DSA-2140-1] New libapache2-mod-fcgid packages fixes stack overflow
 
Re: [ATHCON2011] CFP/ Call for Papers - AthCon IT Security Conference
 
[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw
 
Adobe is responding to a new method that breaks a security feature and prevents Flash files from passing data to remote systems; it is classified as "moderate" security threat.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Intel has made certain commitments to the European Union in an effort to push ahead with its proposed acquisition of McAfee.
 
In wrapping up our look at what the next decade's converged computing and communications capabilities will look like, there are some fundamental issues that were important (in a different form) 10 years ago that will continue to need to be addressed.
 
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
InfoSec News: Body of murdered cyberwar expert found in landfill: http://www.theregister.co.uk/2011/01/05/cyberwar_expert_homicide/
By Dan Goodin in San Francisco The Register 5th January 2011
The body of a decorated US Army officer was found dumped in a Delaware landfill on New Years Eve day, a few days after he expressed concern [...]
 
InfoSec News: Dubai Assassination Followed Failed Attempt by Same Team: http://www.wired.com/threatlevel/2011/01/dubai-assassination/
By Kim Zetter Threat Level Wired.com January 4, 2011
The successful assassination of a high-ranking member of Hamas early last year in Dubai followed an unsuccessful attempt by the same hit team [...]
 
InfoSec News: What it's like to make the wrong job switch: http://www.csoonline.com/article/651482/what-it-s-like-to-make-the-wrong-job-switch
By Bill Brenner Senior Editor CSO January 05, 2011
Some of you know the drill: You've been in the same job a long time and you start to feel bored, frustrated, complacent, or maybe a mix of those things. [...]
 
InfoSec News: Alleged Miley Cyrus hacker arrested: http://www.networkworld.com/news/2011/010511-alleged-miley-cyrus-hacker.html
By Robert McMillan IDG News Service January 05, 2011
The 21-year-old hacker who boasted about breaking into Miley Cyrus' Gmail account and posting racy photographs of the teenage star has been [...]
 
InfoSec News: Sourcefire Buys Cloud Security Firm: http://www.darkreading.com/security-services/167801101/security/antivirus/229000168/sourcefire-buys-cloud-security-firm.html
By Kelly Jackson Higgins Darkreading Jan 05, 2011
IPS maker Sourcefire today made its first official move to the cloud with the $21 million acquisition of cloud-based anti-malware startup Immunet.
The publicly held Sourcefire says the deal not only expands its real-time detection to the cloud, but also adds to its portfolio endpoint protection from advanced persistent threats and other forms of client-side attacks. "IPS captures [these attacks] once they are there, so combining the two technologies felt like a natural fit," says Greg Fitzgerald, senior vice president of marketing at Sourcefire.
It has been a big week for acquisitions in security. Sourcefire's purchase of Immunet follows Dell's Tuesday purchase of managed security services provider SecureWorks. "One reason this acquisition is interesting is that it is another strong sign of the acceleration in security market consolidation. There have been two acquisitions this week alone, and I'm sure we can expect more acquisition and merger announcements as [the] RSA [Conference] approaches," says Andrew Storms, director of security operations at nCircle.
Immunet, which has 750,000 users worldwide, launched two years ago with a new model of inoculating an entire community of users when one member is infected with a new piece of malware. The cloud-based approach since has been catching on even among some traditional AV firms given the heavy footprint of desktop AV and the infections missed by some of these products.
[...]
 
Gibbs' iPod is bricked but transferring files to everything else works perfectly
 
Avaya Aura Application Enablement Services Security Bypass Vulnerability
 
Apache 'mod_fcgid' Module Unspecified Stack Buffer Overflow Vulnerability
 
An expansion of the Trade Adjustment Assistance program in 2009 that gave laid-off tech workers employment-related benefits could expire next month.
 
Intel CEO Paul Otellini said he expects the Sandy Bridge chips to account for one-third of Intel's corporate revenue this year.
 
Nine months after losing communication with the Mars rover Spirit, NASA is beefing up its efforts to regain communication with the robot.
 
South Korea has concluded that Google illegally collected personal data while collecting information for its Street View map service, an official at the country's National Police Agency (NPA) said.
 
Early computer keyboards emulated the venerable IBM Selectric typewriter. Now they're going virtual. What next?
 
Lexmark Printer Ready Message Value HTML Injection Vulnerability
 
Ignition 'comment.php' Local File Include Vulnerability
 
A handful of emerging technologies are about to make touch-screen virtual keyboards a whole lot better. Is the traditional electromechanical keyboard headed for the scrap heap?
 
Among the avalanche of Android tablets being unveiled at this week's International Consumer Electronics Show, Japan's NEC is adding something extra: an additional screen.
 

Posted by InfoSec News on Jan 06

http://www.csoonline.com/article/651482/what-it-s-like-to-make-the-wrong-job-switch

By Bill Brenner
Senior Editor
CSO
January 05, 2011

Some of you know the drill: You've been in the same job a long time and
you start to feel bored, frustrated, complacent, or maybe a mix of those
things. You get an offer from another company that promises you more
money, more travel and more opportunity to make a mark on the security
world.

Then you get...
 

Posted by InfoSec News on Jan 06

http://www.networkworld.com/news/2011/010511-alleged-miley-cyrus-hacker.html

By Robert McMillan
IDG News Service
January 05, 2011

The 21-year-old hacker who boasted about breaking into Miley Cyrus'
Gmail account and posting racy photographs of the teenage star has been
arrested in Tennessee on fraud charges.

The arrest comes more than two years after U.S. Federal Bureau of
Investigation agents raided Joshua Holly's home looking for evidence...
 

Posted by InfoSec News on Jan 06

http://www.darkreading.com/security-services/167801101/security/antivirus/229000168/sourcefire-buys-cloud-security-firm.html

By Kelly Jackson Higgins
Darkreading
Jan 05, 2011

IPS maker Sourcefire today made its first official move to the cloud
with the $21 million acquisition of cloud-based anti-malware startup
Immunet.

The publicly held Sourcefire says the deal not only expands its
real-time detection to the cloud, but also adds to its...
 

Posted by InfoSec News on Jan 06

http://www.theregister.co.uk/2011/01/05/cyberwar_expert_homicide/

By Dan Goodin in San Francisco
The Register
5th January 2011

The body of a decorated US Army officer was found dumped in a Delaware
landfill on New Years Eve day, a few days after he expressed concern
that the nation wasn't adequately prepared for cyber warfare, according
to news reports following the bizarre whodunit.

Events surrounding the murder of John P. Wheeler III,...
 

Posted by InfoSec News on Jan 06

http://www.wired.com/threatlevel/2011/01/dubai-assassination/

By Kim Zetter
Threat Level
Wired.com
January 4, 2011

The successful assassination of a high-ranking member of Hamas early
last year in Dubai followed an unsuccessful attempt by the same hit team
two months earlier, according to a magazine story out this month.

The elite team suspected of orchestrating the kill tried to poison
Mahmoud al-Mabhouh in November 2009 in Dubai,...
 
Microsoft CEO Steve Ballmer positioned Windows 7 as an operating system that can drive new and innovative products, as the company tries to fend off competition from tablet computers based on software from Google and Apple.
 


Internet Storm Center Infocon Status