InfoSec News

Apple delivered a performance breakthrough Wednesday with its new A5X processor for the iPad, but it's possible that this chip wontt make its way into the next iPhone, analysts said.
Yesterday, Panda Security was hacked, defaced and had a bunch of data leaked by Anonymous hackers flying the LulzSec flag. Tghe attack which is said to of happened due to claims that panda worked with fbi to help bring down certian people that have been invovled in recent attacks.

Weak and default passwords are at the root of many data security breaches investigated by Verizon in 2011.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Presented By:
Join the Cisco UCS Webcast on March 8
  Hear from leading experts how third-generation fabric computing, new innovations delivered through Cisco UCS, meets changing business demands and provides companies with a competitive advantage.
Register Now

Ads by Pheedo

Oracle MySQL Server CVE-2012-0485 Remote Security Vulnerability
A vulnerability has be found in Splunk 4.0 - 4.3 that allows partial confidentiality and integrity violation, when a user click on a specifically crafted link that can disclose sensitive information to the attacker. Splunk recommend consumers upgrade to version 4.3.1 and to follow its hardening standard [3] to mitigate the risk of exploitation.
[1] http://www.splunk.com/view/SP-CAAAGTK

[2] http://www.splunk.com/download

[3] http://docs.splunk.com/Documentation/Splunk/latest/Admin/Hardeningstandards
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
CIOs plan increased hiring in the second quarter, though not at the pace of the first quarter, according to the results of a new survey.
It's been a hard few years for we-control-everything corporate IT departments as well as for the "Microsoft is the answer, what was your question?" approach to corporate computing. It has also been a while since corporate IT departments have had to deal with a new reality that completely changed how they interact with their users.
HP recently unveiled products ranging from servers to thin clients to workstations. However, the real power in these announcements isn't in each one. It is in the collective power they represent. The question, according to CIO.com columnist Rob Enderle, is does HP have a strategy to harness it.
AOL hopes to roll out a fix soon to a spam surge in its AIM service targeting Google IM users, a situation that prompted Google to temporarily shut down the interoperability between the two instant messaging networks.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Recently, I noticed a remarkable decrease in remote file inclusion attacks against my web servers. Usually, I easily detected 100+ attacks per day using a simple regular expression match. These days, I see maybe a dozen (and they are usually only 2-3 distinct attacks meaning different exploits or different attackers.
The number of vulnerabilities exploited also decreased a lot, with many of the older vulnerabilities being no longer probed.
Have all vulnerable systems been exploited or cleaned up? These attacks where never very effective, and a lot of exploits used would not have been successful even against vulnerable systems. In addition, the attacks where usually launched blindly without recognizance, leading to a lot of hits to non existent pages.
For the few attacks still out there, the pattern doesn't have changed much. I checked out a couple of the payloads and they are either simple indicators or PHP IRC bots.

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
This week we feature Twitter accounts! ISCand the Handlers post on Twitter regularly. This is a great way to keep up with dairy posts, current security information, Handler activities and more.
ISCrelated tweets are tagged with the hash tag #sansisc.
ISC's twitter feed http://twitter.com/sans_isc is checked regularly and posts when a new diary is released, security news is published or special announcements are made. Note: Diary tweets begin with [Diary].
Our ISCaccount and Handlers that opt to list their twitter handles are available on https://isc.sans.edu/twitter.html.
An ISCHandlers list is at https://twitter.com/#!/tuxlien/ischandlers and mirrors the handlers list on our twitter page.
We also include Twitter feed boxes in the last row on the Dashboard at https://isc.sans.edu/dashboard.html.

Let us know in the section below if you have a suggestion or feedback or send us any questions or comments in the contact form at https://isc.sans.edu/contact.html

Adam Swanger, Web Developer (GWEB)

Internet Storm Center (http://isc.sans.edu) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The buzz in security circles about "big data" goes something like this: If the enterprise could only unite its security-related event data with a warehouse of business information, it could analyze this Big Data to catch intruders trying to steal sensitive information.
Apple's online store remained unavailable or unresponsive more than two hours after the company introduced its new iPad tablet.
Google yesterday cut the cost of Google Cloud Storage--a service geared to enabling developers to store and access massive amounts of data on Google's infrastructure--between 8 percent and 15 percent depending on the service tier. Google also noted that third-party technology providers have begun integrating Google Cloud Storage directly into their offerings.
AllTuition, which launched a college financial-aid application service, won an informal vote among a high-powered panel of judges at the Launch conference on Wednesday.
A bill designed to discourage U.S. companies from setting up offshore call centers is gaining bipartisan support in the U.S. House.

2012 Security Conferences Focus on Malware and the Cloud
Vendors and industry representatives at this year's biggest security conferences, the RSA conference, the CSU's CISOA/SecureIT Joint 2012 Conference, and the InfoSec World Conference & Expo 2012, are focused on security, as usual.

Congress should resist any temptations to pass new cybersecurity rules affecting broadband and mobile service providers, a group of Internet service providers told lawmakers Wednesday.
Apple today unveiled the next-generation iPad, which features a higher-resolution display, a new processor with improved graphics performance, and support for faster LTE mobile data networks.
The main website of the Vatican was inaccessible Wednesday after what appears to have been an attack by malicious hackers claiming to be affiliated with the Anonymous hacking collective.
Users of the Google Docs office productivity suite will be able to do full-text searches within more documents in PDF format, expanding on a recent improvement to the suite's PDF search capabilities.
Apache Tomcat SSL Anonymous Cipher Configuration Information Disclosure Vulnerability

Lies, Damn Lies, Security Metrics, And Baseball
CSO (blog)
I fear that this may happen in the InfoSec world if we become more focused on metrics than strategy and on providing glowing reports to our superiors than truth telling. Too much focus on them will force your teams to manage to those metrics instead of ...

Apple on Wednesday announced the next version of its popular iPad tablet, which will be faster than its predecessor and have a higher resolution screen.
Enterprises that are thinking about big data need to realize that it isn't just about analytics of vast amounts of data but also how that information is stored, Amazon CTO Werner Vogels said during a keynote at the Cebit trade show.
Multiple SQL injections in rivettracker <=1.03
Multiple XSS in Fork CMS
[security bulletin] HPSBMU02744 SSRT100776 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information
OSClass directory traversal (leads to arbitrary file upload)
XCon 2012 XFocus Information Security Conference Call for Paper
[security bulletin] HPSBUX02741 SSRT100728 rev.2 - HP-UX Apache Running Tomcat Servlet Engine, Remote Denial of Service (DoS), Access Restriction Bypass
[SECURITY] [DSA 2427-1] imagemagick security update
[SECURITY] [DSA 2426-1] gimp security update
Samsung Electronics this week filed a lawsuit against Apple, alleging infringement of three patents used in the iPhone 4S and iPad 2.
The latest version of a distributed denial-of-service (DDoS) bot called Armageddon integrates a relatively new exploit known as Apache Killer, DDoS mitigation vendor Arbor Networks said on Tuesday.
Virtualization represents a sea change in IT practices. Bound for years by the "one application, one server" rule, IT infrastructure was over capacity, underused and not cost-effective.
Authentication specialist Vasco Data Security International has launched two new e-signature devices that can either scan an image or listen to a sound snippet to take some of the hassle out of signing online transactions, the company said on Wednesday.
Adobe Flash Player CVE-2012-0768 Remote Code Execution Vulnerability

When it comes to customer case studies, CloudFlare has one of the most unusual and dramatic I’ve ever heard.

Last summer, the LulzSec hacking group signed up its website for CloudFlare, drawing the website security service and accelerator company into one of the biggest cyber battles ever, as LulzSec created mayhem on the Internet while rivals and others tried to knock it offline. CloudFlare’s CEO and Co-founder Matthew Prince detailed the attacks in a presentation at RSA Conference 2012; I wasn’t able to attend, but he filled me in during a briefing at the show last week.

LulzSec registered for CloudFlare on June 2, 2011 after it a substantial DoS attack knocked its newly launched site – LulzSecurity.com — offline for 45 minutes, Prince said. “We had no idea who LulzSec was,” he said. As it turns out, the group had just published information it had allegedly stolen from Sony.

For the next 22 days, LulzSec waged battle on the Web as rivals and white hat hackers launched a volley of attacks against the group’s site. “It was like a gunfight and we were sitting in the middle of it,” Prince said.

The battle proved a mighty test for Palo Alto, Calif.-based CloudFlare, which protects websites against threats like DDoS, XSS and SQL injection attacks while also boosting site performance. “It was the most massive pen test ever,” Prince said. “We learned a ton from the fact that LulzSec was with us.”

He explained that CloudFlare’s system automatically looks for anomalies to detect attacks and once it does, adds protection for all the websites it protects. More than 250,000 websites, from Fortune 500 companies to individual blogs, use CloudFlare. Using the service doesn’t require any hardware installation, only a change to network settings to allow site traffic to pass through CloudFlare, which operates 14 data centers around the world.

“We’re like a smart, skilled router on your network,” Prince said.

The fact that LulzSec stayed online for the 22 days it was with CloudFlare illustrates the company’s core value proposition, Prince said. “Because we saw these threats our network got smarter,” he added.

After those 22 days, the LulzSecurity.com website disappeared. Prince began receiving requests to tell the story of what happened, but the company has a privacy policy with its customers not to reveal them without permission. He used the contact information LulzSec provided to sign up for the service and eventually got a single line reply giving him permission.

Prince said CloudFlare never got a request from law enforcement to take LulzSec offline, but quickly added that it has no mechanism to do that anyway. He noted that CloudFlare wasn’t LulzSec’s hosting provider.

As to whether CloudFlare considered shutting off service for LulzSec – a group linked to a number of attacks on corporate government sites – Prince said his company’s role isn’t that of an Internet censor.

“There are tens of thousands of websites currently using CloudFlare’s network,” he said in a blog post last summer. “Some of them contain information I find troubling. Such is the nature of a free and open network and, as an organization that aims to make the whole Internet faster and safer, such inherently will be our ongoing struggle. While we will respect the laws of the jurisdictions in which we operate, we do not believe it is our decision to determine what content may and may not be published. That is a slippery slope down which we will not tread.”

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Two hacking contests -- HP TippingPoint's Pwn2Own and Google's Pwnium offshoot -- kicked off in Canada today, with hundreds of thousands of dollars in prize money up for grabs.
Expanding its software-aided medical transcription services, Nuance Communications will purchase medical transcription service provider Transcend Services for $300 million, the two companies announced Wednesday.
Gorilla Logic is trying to help app developers make sure that no one throws a monkey wrench into their projects.
FinancialForce.com announced a string of enhancements to its cloud-based applications for accounting and professional services automation on Wednesday, heating up its rivalry with the likes of NetSuite and its OpenAir division.
Styluses have never really caught on. But the Samsung Note shows that having a pen as one optional interface might be a good idea.
Facebook was down temporarily in parts of Europe on Wednesday, with users in some countries outside the region also reporting problems.
A new survey from IBM finds that while only 13% of businesses have substantially implemented cloud-based offerings, they are expected to grow to 41% in three years.
Jive Software later this month will release a version of its enterprise social software tailored for customer service tasks, the first of what it expects will be multiple products designed for specific workplace teams and purposes.
Michael Dell, the chairman of the company that bears his name, does not see manufacturing as a big job creator for the U.S. To him, job growth will be in services and adoption of new technologies
A U.S lawmaker has posted the controversial Anti-Counterfeiting Trade Agreement (ACTA) online and is asking the public to comment and make changes to the copyright enforcement treaty.
Hackers claiming to belong to the Anonymous hacking collective early Wednesday defaced Panda Security's PandaLabs website in apparent response to the arrests of five hackers in the U.K. and the U.S.
EMC delivers an all-purpose, unified storage array tailor made for the IT generalist and the small-business budget
Corporations are learning social media can be a valuable tool in not only monitoring their public persona, but in collaborating within a company.

Grassroots Tech Community Brings Symantec CEO And $10000 Hacker Contest To ...
Daily Markets
Kansas City IT Professionals (KCITP), a grassroots community of 7500+ members in the Midwest, has partnered with Symantec for “InfoSec night”. The security-focused event, hosted by Johnson County Community College, will occur on March 21st from 4:30pm ...

and more »

Posted by InfoSec News on Mar 06


By Lucian Constantin
CSO Online
March 06, 2012

A new targeted email attack is exploiting interest in the Iranian
nuclear program to trick people into opening booby-trapped Word
documents that exploit a known Flash Player vulnerability to install

"There seems to be a new campaign underway using this new CVE-2012-0754...

Posted by InfoSec News on Mar 06


By Nate Anderson
Ars Technica
March 6, 2012

"Script kiddie" -- no hacker worth his salt wants to hear the term used
to describe him. Anyone with modest computer skills can cause modest
havoc using other people's code fragments, scanners, and infiltration
tools, but this is little more than knowing how to point a gun in...

Posted by InfoSec News on Mar 06


By Tracy Kitten
Bank Info Security
March 6, 2012

Detectives with the Toronto Police Department have arrested seven
individuals for the roles they allegedly played in an ATM skimming
scheme that compromised at least 1,500 credit and debit cards and cost
Canadian banking institutions more than CAN $360,000 [U.S. $361,161].

"Those are known losses," Toronto police Det. Ian...

Posted by InfoSec News on Mar 06


By Roger A. Grimes
March 6, 2012

I've been immersed in IT security for more than two decades, and I've
learned a lot along the way. Yet for all the knowledge I've soaked up,
several questions still baffle me. Some of them pertain to end-users who
seem to fall for the same sorts of scams year after year. Others,
though, relate to...

Posted by InfoSec News on Mar 06


By Kim Zetter
Threat Level
March 6, 2012

A top LulzSec leader turned informant last year after he was secretly
arrested, providing information to law enforcement that led to the
arrests Tuesday of other top members of the hacking group, including one
alleged to be deeply involved in December’s Stratfor hack, federal
authorities said Tuesday.

Hector Xavier Monsegur, a...
Anonymous hackers had pasted a new leak of information that comes from Panda security and within this leak is a bit of a message about the recent confirmation that one of the lulzSec members turned out to be a information or snitch for the authorities.

We have discovered a pastebin paste that claims to be data from a Turkish based police station http://egm.gov.tr. The leak comes from pastebin account named EROFOLIO and contains a dump of a couple hundred accounts with emails, usernames, ids and encrypted passwords.

Internet Storm Center Infocon Status