InfoSec News

It's hard to fathom why Cisco hasn't added IPv6 to its Linksys consumer routers yet, but the company has promised support will come this spring.
 
The patching fun for the week continues with WordPress releasing an update.
This release is shown as a security release and contains a number of fixes for security issues. WordPress is one of the favourite targets, so all are encouraged to upgrade and get the benefits of the security fixes included (make sure you test before throwing it into production).
More information is here:http://wordpress.org/news/2011/02/wordpress-3-0-5/
M (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Adobe Acrobat and Reader RLE Decompressed Bitmap Color Data Remote Code Execution Vulnerability
 
MIT Kerberos 'kpropd' Remote Denial Of Service Vulnerability
 
Problems with an Oracle PeopleSoft ERP system that have resulted in faulty paychecks going out to police officers in Fort Worth, Texas, have persisted for months with no clear end in sight.
 
A recently completed NetForecast/Network World survey of application performance management (APM) practices has uncovered serious gaps between the performance attributes IT managers cite as important to measure, and those they actually do measure.
 
Dell will launch a 10-inch Windows-based tablet for business users later this year and plans to sell 10-inch Android-based tablets too, the company said Tuesday.
 
At its 2011 Strategic Forum in Boston today, EMC laid out its vision for virtualizing its customers' underlying infrastructure to give them a flexible and automated way to serve up applications and data.
 
Facebook, which has enjoyed explosive user growth, is moving to a 79-acre office campus to accommodate its growing business. It also plans to do more hiring.
 
The inside of Verizon's iPhone hints that Apple will be able to largely recycle the design for this summer's expected iPhone 5, an analyst said on Tuesday.
 
Adobe Acrobat and Reader CVE-2011-0595 U3D File Decompression Remote Code Execution Vulnerability
 
Adobe Acrobat and Reader CVE-2011-0606 Remote Memory Corruption Vulnerability
 
Adobe Acrobat and Reader CVE-2011-0600 3D File Parsing Remote Code Execution Vulnerability
 
Adobe Acrobat and Reader CVE-2011-0593 3D File Parsing Remote Code Execution Vulnerability
 
Adobe Acrobat and Reader CVE-2011-0592 3D File Parsing Remote Code Execution Vulnerability
 
Adobe Acrobat and Reader CVE-2011-0591 3D File Parsing Remote Code Execution Vulnerability
 
MITKRB5-SA-2011-002 KDC denial of service attacks [CVE-2011-0281 CVE-2011-0282 CVE-2011-0283]
 
Microsoft Windows Kernel Integer Truncation Local Privilege Escalation Vulnerability
 
Microsoft Visio Object Memory Corruption (CVE-2011-0092) Remote Code Execution Vulnerability
 
MITKRB5-SA-2011-001 kpropd denial of service [CVE-2010-4022]
 
iDefense Security Advisory 02.08.11: Microsoft Windows Picture and Fax Viewer Library
 
Critical updates fix several serious vulnerabilities that are being targeted by attackers in the wild.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Yahoo has established a fee structure for the upcoming version of BOSS, a platform that developers use to create custom search engines on top of Yahoo's infrastructure.
 
Dell will launch a 10-inch Windows-based tablet for business users later this year and plans to sell 10-inch Android-based tablets too, the company said Tuesday.
 
Microsoft today issued 12 security updates that patched 22 bugs in Windows, Internet Explorer (IE), Office and its Internet server software.
 
The Android 2.2-based Kyocera Echo is a decidedly different take on smartphones, with dual 3.5-in. touchscreens that can be used independently, side-by-side or combined. Computerworld interviews Sprint and Kyocera executives on their plans for the 3G smartphone.
 
Facebook CEO Mark Zuckerberg has obtained a restraining order against a man who allegedly stalked him on the social network he helped create.
 
Two U.S. Senators today proposed a law that would prohibit the distribution or photographing of body images created by TSA scanners in airports.
 
Microsoft Windows OpenType Compact Font Format Remote Code Execution Vulnerability
 
ZDI-11-064: Microsoft Windows WmiTraceMessageVa Local Kernel Vulnerability
 
ZDI-11-063: Microsoft Visio 2007 LZW Stream Decompression Exception Vulnerability
 

ISF shares seven deadly sins of cloud computing
Infosecurity Magazine
“You need to explain in business terms to your CEO that seeming business savings will cost you further down the line – in compliance and infosec costs. ...

 
Nokia Siemens' Smart WLAN Connectivity Solution will free users from having to manually switch a device's data connection between Wi-Fi and cellular broadband, the company said.
 
A new generation of smartphones with bigger screens, faster processors and speedier Internet access is set to be announced at the Mobile World Congress, with vendors also pitching products for operators that continue to be challenged by increasing traffic volumes.
 
Facebook is in the news again over a privacy breach involving a duo that created a mock "dating" site by scraping 1 million Facebook profiles. Facebook is threatening legal action against the creators of the site, which was set up to show how easy it is to misuse data publicly posted on social sites. Is Facebook doing enough to protect your privacy?
 
As it had promised last year, the world's biggest bug bounty program today released information about nearly two dozen unpatched vulnerabilities, including five in Microsoft Office.
 
[ MDVSA-2011:023 ] proftpd
 
Data Encryption Systems - DESLock+ - Local Kernel Code Execution/Denial of Service
 
ESA-2011-004: EMC Replication Manager remote code execution vulnerability
 
Tippingpoint, which operated the Zero Day Initiative bug bounty program released 22 vulnerabilities for which no patch is available [1]. Last year, Tippingpoint announced that they will release details 180 days after they are aware of a bug, even if the vendor has not yet released a patch.
The details released include a one paragraph description of the vulnerability, which in itself is usually not enough to come up with an exploit, but it may provide a pointer to re-discover the vulnerability.
[1]http://www.zerodayinitiative.com/advisories/published/
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
While this post may be a bit self-serving, as Snort is made by the company that I work for (Sourcefire. In the interest of full disclosure). Since Snort is rather large piece of security software, I thought I'd point to a blog post that I put up on the Snort.org blog about the release of Snort 2.9.0.4 that is being release this Thursday.
Check out the Snort 2.9.0.4 blog post here.
ClamAV was also updated this week to version 0.97, and since this a rather large piece of security software as well, I thought I'd point to the blog post that I wrote about ClamAV 0.97 update the other day.
Thanks all.
-- Joel Esler | http://blog.snort.org | http://blog.joelesler.net (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Feel like you're e-mailing less than you used to? If so, you certainly aren't alone.
 
AOL is trying to reclaim some of its lost glory by purchasing The Huffington Post, but questions remain over how well such a plan might work.
 
Dokeos and Chamilo Multiple Remote File Disclosure Vulnerabilities
 
HTB22817: XSS vulnerability in WebAsyst Shop-Script
 
Adobe released updates for Reader for 9.4.2 and 10.0.1. While this page on Adobe's site doesn't actually list them correctly, if you drill down into the actual product and OS, you'll see the updates listed for 2/8/2011.
Happy Patching.
-- Joel Esler | http://blog.snort.org | http://blog.joelesler.net (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Here are the February 2011 Black Tuesday patches. Enjoy!


Overview of the February 2011 MicrosoftPatchesand their status.





#
Affected
Contra Indications
Known Exploits
Microsoft rating
ISC rating(*)


clients
servers





MS11-003
Cumulative Security Update for Internet Explorer (Replaces MS10-090 )


Internet Explorer

CVE-2010-3971

CVE-2011-0035

CVE-2011-0036

CVE-2011-0038
KB 2482017
ACTIVELY EXPLOITED.
Severity:Critical

Exploitability: 1,1,1
PATCH NOW!
Critical



MS11-004
Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution


IIS

CVE-2010-3972
KB 2489256
POC Available.
Severity:Important

Exploitability: 1
PATCH NOW!
Critical



MS11-005
DoS Vulnerability in Active Directory (Replaces MS10-068 MS10-101 )


Active Directory

CVE-2011-0040
KB 2478953
None Known.
Severity:Important

Exploitability: 3
Important
Important



MS11-006
Remote Code Execution Vulnerability in Windows Shell Graphics Processing (Replaces MS10-046 )


Windows Shell

CVE-2010-3970
KB 2483185
Exploit Available!
Severity:Critical

Exploitability: 1
PATCH NOW!
Critical



MS11-007
Remote Code Execution Vulnerability in the OpenType Compact Font Format (CFF) Driver (Replaces MS10-091 )


Open Type Compact Font Format Driver

CVE-2011-0033
KB 2485376
None Known.
Severity:Critical

Exploitability: 1
Critical
Critical



MS11-008
Remote Code Execution Vulnerabilities in Microsoft Visio (Replaces MS10-028 MS10-036 )


Visio

CVE-2011-0092

CVE-2011-0093
KB 2451879
None Known.
Severity:Important

Exploitability: 1,1
Critical
Important



MS11-009
Information Disclosure Vulnerability in JScript and VBScript Scripting Engines (Replaces MS10-022 )


VBScript/JScript

CVE-2011-0031
KB 2475792
None Known.
Severity:Important

Exploitability: 3
Important
Important



MS11-010
Privilege Elevation Vulnerability in Windows Client/Server Run-time Subsystem (Replaces MS10-011 )


Client/Server Runtime

CVE-2011-0030
KB 2476687
None Known.
Severity:Important

Exploitability: 1
Important
Important



MS11-011
Privilege Elevation Vulnerabilities in Windows Kernel (Replaces MS10-021 MS10-047 )


Windows Kernel

CVE-2010-4398

CVE-2011-0045
KB 2393802
None Known.
Severity:Important

Exploitability: 1
Important
Important



MS11-012
Privilege Elevation Vulnerabilities in Windows Kernel-Mode Drivers (Replaces MS10-098 )


Windows Kernel-Mode Drivers

CVE-2011-0086

CVE2011-0087

CVE2011-0088

CVE2011-0089

CVE-2011-0090
KB 2479628
None Known.
Severity:Important

Exploitability: 1,1,1,1,1
Important
Important



MS11-013
Privilege Elevation Vulnerabilities in Kerberos (Replaces MS10-014 )


Kerberos

CVE-2011-0043

CVE-2011-0091
KB 2496930
Publically Disclosed.
Severity:Important

Exploitability: 1,1
Important
Important



MS11-014
Privilege Elevation Vulnerability in Local Security Authority Subsystem Service (Replaces MS08-002 )


LSASS

2011-0039
KB 2478960
None Known.
Severity:Important

Exploitability: 1
Important
Important





We will update issues on this page for about a week or so as they evolve.

We appreciate updates

US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:

PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
Critical: Anything that needs little to become interesting for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
Important: Things where more testing and other measures can help.
Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.


The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.
Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.
All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them



-- Joel Esler | http://blog.snort.org | http://blog.joelesler.net

UPDATE:
We have been getting reports of people having issues applying MS11-003 (see comments). No doubt you are testing this in a test environment first anyway, but for this patch you may wish to double check. Errors of invalid hash and error code0x80246002.
If you do have issues with your patches make sure you let Microsoft know via your support channel.
- Mark - (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The CIOs at Boeing and JCPenney moved up the corporate ladder last month, opening spots for new CIOs. Meanwhile, financially troubled Borders lost its CIO after just 21 months.
 
HTB22816: XSS vulnerability in ViArt Shop
 
HTB22811: XSS vulnerability in UMI.CMS
 
HTB22815: XSS vulnerability in ViArt Shop
 
Re: Microsoft Terminal Services vulnerable to MITM-attacks.
 
Security vendor, HBGary Federal, has been hacked by the group known as "Anonymous" because the firm is helping federal investigators infiltrate the group.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Text messages sent by the two women who accuse WikiLeaks founder Julian Assange of rape and assault mention "revenge" and "economic gain," according to testimony during the second day of his extradition hearing.
 
SAP is gearing up to launch Business Objects 4.0, its biggest BI (business intelligence) release in roughly three years, later this month at an event in New York.
 
Facebook status updates don't have to be an all-or-nothing proposition. You can decide who gets to see a particular update--or, if you prefer, who doesn't.
 
A survey of more than 600 IT security professionals finds nearly three quarters have been hacked at least once in the last 24 months through insecure Web applications.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
VMware's free cloud connector plug-in will set the stage for private-public cloud hybrids, the company asserts
 
Networking rivals HP and Cisco have abandoned their common ground in data center switching, with HP accusing Cisco of diverting an IEEE standard and Cisco insisting that customers drove the change.
 
Kenneth Olsen, the computer industry pioneer who co-founded minicomputer maker Digital Equipment Corp., died at the age of 84 on Sunday.
 
Hewlett-Packard said it has delayed the launch new Intel Core-based laptops days after it stopped making PCs that had used processors that were paired the chips with Intel's faulty chipset.
 
The Gluster open-source file system is following the well-worn path into virtualization and cloud computing with the introduction on Tuesday of Gluster Virtual Storage Appliances for VMware and for the Amazon Web Services platform.
 
IBM has been awarded a contract to build a 10 petaflop machine for the U.S. Energy Department's Argonne National Laboratory.
 
It's not enough to keep your PC malware free -- there are also a number of maintenance tasks that will help it run efficiently. We recommend some utilities that will help.
 
Drobo today announced its first storage array for small- and medium-size businesses, moving upstream from its traditional consumer and small office/home office roots.
 
Cisco Nexus 1000V VEM updates address denial of service in VMware ESX/ESXi
VMWare released a Security Advisory at this URL:
http://www.vmware.com/security/advisories/VMSA-2011-0002.html
Here's theissue summary right offtheir website:

1. Summary

Updated versions of the Cisco Nexus 1000V virtual switch address a denial
of service in VMware ESX/ESXi.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-0355 to this issue.
Thanks to VMWare for this one.
Chris Mohan (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Posted by InfoSec News on Feb 08

http://www.informationweek.com/news/windows/security/showArticle.jhtml?articleID=229201249

By Mathew J. Schwartz
InformationWeek
February 7, 2011

Microsoft's February Patch Tuesday will see the release this week of 12
security bulletins, patching a total of 22 vulnerabilities, including
three that could be exploited via zero-day attacks.

According to Wolfgang Kandek, CTO of Qualys, "these vulnerabilities have
seen limited exploits in...
 

Posted by InfoSec News on Feb 08

http://fcw.com/articles/2011/02/07/alleged-white-house-email-cyberincident-now-called-spoof-attack-from-china.aspx

By Alice Lipowicz
FCW.com
Feb 07, 2011

Officials in the United Kingdom now suggest that a cyberattack from
purported White House e-mail accounts actually originated from China,
and the perpetrator used a hoax e-mail address that resembled a White
House account. Nevertheless, the U.K. officials are also calling for
more...
 

Posted by InfoSec News on Feb 08

Forwarded from: William Knowles <wk (at) c4i.org>

http://www.wired.com/dangerroom/2011/02/secret-tools-force-net/

By Spencer Ackerman
Danger Room
Wired.com
February 7, 2011

When Hosni Mubarak shut down Egypt’s internet and cellphone
communications, it seemed that all U.S. officials could do was ask him
politely to change his mind. But the American military does have a
second set of options, if it ever wants to force connectivity on...
 

Posted by InfoSec News on Feb 08

http://www.bbc.co.uk/news/uk-northern-ireland-12389440

BBC News
8 February 2011

A network of phones at the Department of Finance and Personnel has been
targeted by phone hackers.

Officials became suspicious about 18 months ago after being charged for
calls they had not made. The bill came to £34,000.

Kevin Curran, a computer expert at the University of Ulster, said there
were several ways people could protect themselves from phone...
 

Posted by InfoSec News on Feb 08

Forwarded from: security curmudgeon <jericho (at) attrition.org>

: http://timesofindia.indiatimes.com/city/patna/Cybersecurity-a-sham-in-India-Ethical-hacker/articleshow/7432529.cms
:
: [Seems Ankit Fadia is confused what the term 'Ethical Hacker' really
: means,
http://timesofindia.indiatimes.com/city/patna/Ankit-Fadia-wows-students-with-hack-demo-at-IIT-Patna-fest/articleshow/7432187.cms

: If you do a demo hacking two companies...
 

Posted by InfoSec News on Feb 08

Forwarded from: ACM CCS 2011 <acmccs2011 (at) gmail.com>

Dear colleagues,

Please find below the Call for Workshop Proposals and Call for Papers
for ACM CCS'11 (http://sigsac.org/ccs/CCS2011).

Apologies for multiple copies of this announcement.

Best regards,
Carlos Westphall & Guofei Gu
ACM CCS'11 Publicity Co-Chairs

-------------------------------------------------------------------------
ACM CCS 2011 --- CALL for WORKSHOP...
 

Posted by InfoSec News on Feb 08

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, January 30, 2011

5 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported
data loss incidents world-wide. The Open Security Foundation asks for
contributions of new incidents and new data for...
 


Internet Storm Center Infocon Status