Share |

InfoSec News

In announcing its cloud computing services on Thursday, IBM stressed repeatedly that private clouds -- or those that exist behind the corporate firewall -- are as important to its strategy as those in the public realm.
 
Microsoft got big plans for everybody for next Tuesday, and I hope you haven't made any dinner plans because you will be busy patching (or working with your old friends like WSUS to get the patches tested and released).
A total of 17 Bulletins are going to be released according to Microsoft's pre-release. 8 bulletins are rated critical and 9 are rated important. It pretty much affects the usual suspects (Windows, Internet Explorer and Office)as well as some less regular guest starts like Microsoft's developer tools.
The critical patches apply pretty much to all versions of Windows (XP, Vista, Windows 7 and 2008) with one or two exceptions.
[1] http://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The Series 9 is costlier than the competing 13-inch MacBook Air with a starting price of $1649 (compared with Apple's $1299), but it offers mostly superior hardware and is eminently usable.
 
Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The long-awaited updated to IBM's flagship application server includes support for Java Enterprise Edition 6
 
Facebook's announcement that it would share the secrets of its super-efficient data center shows that the social networking company has grown and developed enough influence to drive hardware innovation.
 
The Federal Communications Commission revamps the rules for attaching broadband lines to utility poles.
 
WiMax carrier Clearwire has added a low-cost prepaid mobile operator, Locus Telecommunications, to the set of partners that offer services over its high-speed broadband network.
 
Microsoft today said it will patch a record 64 vulnerabilities in Windows, Office, Internet Explorer, Windows graphics framework, and other software next week, and tie a December 2010 record for the number of security updates it issues.
 
Although Microsoft has denied pulling the trigger on IE9 upgrade offers, some users say the browser is showing up on their Windows Vista and Windows 7 machines' Windows Update lists.
 
Facebook is sharing some of the secrets that help make its Prineville, Ore., data center one of the world's most efficient.
 
The Federal Communications Commission requires mobile carriers to negotiate data roaming agreements.
 
VMware will ship a desktop virtualization client for Android Honeycomb-based tablets at the end of the second quarter or beginning of the third quarter, according to Vittorio Viarengo, vice president of End User Computing at VMware.
 
In an effort to boost the popularity of desktop virtualization, VMware is working on improvements related to scalability and WAN performance and is preparing documentation that outlines how best to use the technology, according to a company executive.
 
Several analysts have described early sales of Motorola's new Android-based devices, the Xoom tablet and the Atrix smartphone, as disappointing.
 
Microsoft today launched Bing for iPad, the company's first app for Apple's tablet. One analyst said it beats Google's app 'hands down.'
 
The U.S. government may start issuing terror alerts using Facebook and Twitter, according to a news service report.
 
IBM demonstrated its fastest graphene transistor, which can execute 155 billion cycles per second, about 50% faster than previous experimental transistors shown by the company's researchers.
 
Cisco Systems plans to cut spending dramatically and adopt a narrowed focus on five networking technologies, including video, as part of a massive turnaround effort, Cisco CEO John Chambers told financial analysts Thursday.
 
Several analysts have described early sales of Motorola's new Android-based devices, the Xoom tablet and the Atrix smartphone, as disappointing.
 
A targeted spear fishing campaign described in a security alert last November may have caused the massive data breach revealed this week by email service provider Epsilon.
 
NetBSD IPComp Implementation Stack Overflow Remote Memory Corruption Vulnerability
 
HTB22916: XSRF (CSRF) in phpCollab
 
HTB22917: XSS vulnerabilities in phpCollab
 
HTB22920: Path disclosure in Viscacha
 
HTB22918: Path disclosure in phpCollab
 
HTB22915: Path disclosure in Joomla
 
HTB22919: Multiple XSS in Viscacha
 
HTB22921: SQL Injection in Viscacha
 
Hold on. Don't just reboot your Windows 7 PC. I realize that rebooting is the go-to solution when a program won't shut down, or the system starts dragging or acting wonky, but there is another way. The Task Manager is a powerful tool for troubleshooting and resolving issues in Windows 7.
 
While IT managers are finding it nearly impossible to say no to employees who want to use smart phones and tablets in the workplace, they're also faced with securing the devices, which often means locking applications down and monitoring them through a company server.
 
All four of the major wireless carriers are now selling the 4G phones that they had promised at the Consumer Electronics Show in January. The new phones are designed to take advantage of the faster data speeds offered by the next-generation networks the carriers have been spending megabucks to build (and advertise) over the past year.
 

GovInfoSecurity.com

Feds Face Infosec Challenges in Shutdown
GovInfoSecurity.com
Defining essential federal information systems to keep operating during a partial government shutdown could prove more complex than defining essential federal workers not to furlough. As many as 800000 federal employees could be furloughed, ...

and more »
 
Microsoft and Nokia will be big smartphone winners over the next four years, Gartner predicts.
 
Microsoft and Nokia will be big smartphone winners over the next four years, Gartner predicts.
 
New appliances, partnership with SAS give a boost to EMC's data warehousing push, analysts say.
 
Google plans to add a Safe Browsing service to Chrome that will alert users to possible malware downloads.
 
Taiwanese PC makers said on Thursday that product prices would hold steady this year despite disruptions to raw material supplies after the massive Japan earthquake last month.
 
Dell plans to invest $1 billion over the fiscal year 2012 to bolster its data storage products.
 
LANDesk Software CEO Steve Daly says success in managing and securing your IT environment means managing from the 'end user in,' not from the data center out.
 
However Larry Page decides to lead Google, one thing is for sure: He's not going to be Eric Schmidt 2.0.
 
March 2011 was a busy month with a number of very public announcements on systems being breached. These had different effects on each of us.



The one that had an odd side effect for me was the Lizamoon.com SQL injection attack. My day job has me attempting to protect a large number of staff from themselves and the evils of the internet, which isn't that different to many that read the Diary.



After seeing the alarm about this SQL injection attack, I implemented the standard block list to the identified malware hosting sites [2] and reviewed my firewall logs. Solid security and operational practices meant our systems were safe, but I did find three external websites that had been successfully compromised just from reviewing the proxy web logs. Just to be clear, my company has no anti-disclosure constraints, I was given permission to talk with the attacked sites, this attack is pretty public, I haven't tweaked, fiddled or done stuff* to find this information and they are, unwittingly, attacking my systems and staff. I, as the security guy need to stop this one way or another.



This leads to my First Question**: Should I tell them they have a problem or just blocked 'em too?



The SQL injected web site is a legitimate web site, staff from my company are allowed to access it and being redirecting to Evil Web Site without either party knowing means action has to be taken.
This seems like a no brainer. If you see someone's house is on fire, you let them know.



Second Question: How do I let them know?

The easy way was to get contact details from the infected web site by visiting the site and clicking on contact info. This identified them as a large company and two small businesses, all in my time zone and relatively local to me. I was able to get the helpdesk for the large company, the owner and a shop assistant for the other two.



Third Question: What do I tell them?***

The fun part of talking to non-IT people (most of humanity or so I'm informed) is glibly pointing out their 'base has been 0wnzed by sqli might not convey a clear and detailed picture of the issue. Most people know being hacked is a bad thing, so the simple opener of Your web site has been hacked and as a customer Id like you to fix it please was a reasonable start and got their attention. I told them where to get more information on how their website was hacked (Google these terms or go to web site X) and that their IT people need to fix it. I offer them the best of luck with fixing their site and that was it. All of a pretty easy ten minutes on the phone.



The outcome of a few minutes of advice



Two quickly fixed the damage done and seemed please someone had taken the time to let them know they had a problem.
Only the small company with the startled shop assistant havent fixed their Lizamoon problem. Despite a couple of follow up emails to the company they are still compromised so Ive been forced to block that site at our borders. Thats sadly a loss of income for them, but a necessity for us.



Worthwhile being a good internet neighbour?



Thats up to you but the hope is that everyone can take a few minutes to help out a digital stranger in need every once in a while when you can. Many of you reading this help others in your physical lives, in one way or another, and Im guessing that takes up a lot more time than a phone call or couple of emails to a digital victim.

Kevin Listons lets clean up SQL slammer [3] diaries really shows if problems arent fixed and are left they never really go away but with effort, a difference can be made[4].



As always, if you have any better suggestions, insights or tips please feel free to comment.
its there to denote my deep pondering on the topic at hand

*** With so many well publicised social engineering phone scams in Oz [5], I was somewhat nervous about what response I might receive. Fortunately it was all good (as they say here Down Under)




[1] http://isc.sans.edu/diary.html?storyid=10642

[2] http://community.websense.com/blogs/securitylabs/archive/2011/03/31/update-on-lizamoon-mass-injection.aspx

[3] http://isc.sans.edu/diary.html?storyid=9637

[4] http://isc.sans.edu/diary.html?storyid=9871

[5] http://isc.sans.edu/diary.html?storyid=10135


Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
InfoSec News: HealthSec '11 Submission Deadline Extended to April 12: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>
The submission deadline for the 2nd USENIX Workshop on Health Security and Privacy (HealthSec '11) has been extended, but is almost here. Please submit all work by Tuesday, April 12, 2011, at 11:59 p.m. UTC (7:59 p.m. EDT). [...]
 
InfoSec News: Hacker Sitcom Breaking In Taps Espionage-Lite Trend: http://www.wired.com/underwire/2011/04/hacker-sitcom-breaking-in/
By Hugh Hart Underwire Wired.com April 6, 2011
The hackers in new comedy Breaking In look as though they spend more time at the gym than they do hunched over a computer. Hollywood-handsome, these sitcom tech wizards may not walk the awkward nerd walk, but they do get to work in an office anchored by Captain Kirk’s Star Trek chair.
Debuting Wednesday, Breaking In centers on geeky high-tech consultants hired by clients to detect breaches in their security systems. In an era rife with institutional larceny, leaky intelligence and high-level buffoonery, it’s one of several TV shows that are in no mood to present espionage in an entirely serious light.
NBC’s Chuck, for example, casts an everyday schlub as a key player in intelligence operations. CBS’ new dramedy Chaos, titled in homage to Maxwell Smart’s nemeses at KAOS, offers up operatives practiced in the craft of cynical asides. FX Network’s animated Archer showcases doofus spies, while USA Network’s Burn Notice equips its former CIA agents with expertise in pyrotechnics, surveillance and wisecracks.
They all operate in the somber shadow of 24’s relentless antiterrorist Jack Bauer, the grim character whose exploits defined for nearly a decade the deadly earnest anxieties faced by Americans in the early post-9/11 years. But the strain of eternal vigilance took its toll by the time Fox’s action series ended its run last May. Now espionage programs lean on goofy, Get Smart-style attitude more than earnest patriotism.
[...]
 
InfoSec News: Israel mulls creation of elite counter-cyberterrorist unit: http://www.theregister.co.uk/2011/04/06/isreal_mulls_elite_counter_hacker_unit/
By John Leyden The Register 6th April 2011
Israel is mulling the creation of a counter-cyberterrorism unit designed to safeguard both government agencies and core private sector firms against hacking attacks. [...]
 
InfoSec News: Windows servers hacked at The Hartford insurance company: http://www.computerworld.com/s/article/9215582/Windows_servers_hacked_at_The_Hartford_insurance_company
By Robert McMillan IDG News Service April 6, 2011
Hackers have broken into The Hartford insurance company and installed password-stealing programs on several of the company's Windows servers. [...]
 
InfoSec News: Attackers find old vulnerabilities are still the best: http://gcn.com/articles/2011/04/05/hp-cybersecurity-report-old-vulnerabilities.aspx
By William Jackson GCN.com April 05, 2011
The number of new vulnerabilities being discovered has leveled off for the past two years and is well down from its 2006 peak, according to a [...]
 
WordPress Multiple Security Vulnerabilities
 
The company responsible for one of the most publicized data breaches this year fears it may now lose some business but says that it continues to pump out marketing email as usual.
 
Sony has partially resumed production at all but two of its factories that were hit by the March 11 massive earthquake in Japan.
 

Posted by InfoSec News on Apr 07

http://gcn.com/articles/2011/04/05/hp-cybersecurity-report-old-vulnerabilities.aspx

By William Jackson
GCN.com
April 05, 2011

The number of new vulnerabilities being discovered has leveled off for
the past two years and is well down from its 2006 peak, according to a
report on 2010 security trends from Hewlett-Packard, an indication that
secure software development is beginning to mature.

But that is small comfort, as attackers continue to...
 

Posted by InfoSec News on Apr 07

Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>

The submission deadline for the 2nd USENIX Workshop on Health Security
and Privacy (HealthSec '11) has been extended, but is almost here.
Please submit all work by Tuesday, April 12, 2011, at 11:59 p.m. UTC
(7:59 p.m. EDT).

For submission guidelines and more information, please see the complete
Call for Papers at http://www.usenix.org/healthsec11/cfpc/

HealthSec '11...
 

Posted by InfoSec News on Apr 07

http://www.wired.com/underwire/2011/04/hacker-sitcom-breaking-in/

By Hugh Hart
Underwire
Wired.com
April 6, 2011

The hackers in new comedy Breaking In look as though they spend more
time at the gym than they do hunched over a computer.
Hollywood-handsome, these sitcom tech wizards may not walk the awkward
nerd walk, but they do get to work in an office anchored by Captain
Kirk’s Star Trek chair.

Debuting Wednesday, Breaking In centers...
 

Posted by InfoSec News on Apr 07

http://www.theregister.co.uk/2011/04/06/isreal_mulls_elite_counter_hacker_unit/

By John Leyden
The Register
6th April 2011

Israel is mulling the creation of a counter-cyberterrorism unit designed
to safeguard both government agencies and core private sector firms
against hacking attacks.

The proposed unit would supplement the efforts of Mossad and other
agencies in fighting cyberespionage and denial of service attacks.
Israel is, of...
 

Posted by InfoSec News on Apr 07

http://www.computerworld.com/s/article/9215582/Windows_servers_hacked_at_The_Hartford_insurance_company

By Robert McMillan
IDG News Service
April 6, 2011

Hackers have broken into The Hartford insurance company and installed
password-stealing programs on several of the company's Windows servers.

In a warning letter sent last month to about 300 employees, contractors,
and a handful of customers, the company said it discovered the...
 
Postfix Local Information Disclosure and Local Privilege Escalation Vulnerabilities
 


Internet Storm Center Infocon Status