Windows Phone 8.1, expected to launch in the spring, will be backwards compatible to Windows Phone 8.0, contrary to some earlier reports from industry sources, a Microsoft official told Computerworld today.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
69 percent of all DDoS attack traffic by bit volume in the first week of January was the result of NTP reflection.
Black Lotus

Miscreants who earlier this week took down servers for League of Legends, EA.com, and other online game services used a never-before-seen technique that vastly amplified the amount of junk traffic directed at denial-of-service targets.

Rather than directly flooding the targeted services with torrents of data, an attack group calling itself DERP Trolling sent much smaller-sized data requests to time-synchronization servers running the Network Time Protocol (NTP). By manipulating the requests to make them appear as if they originated from one of the gaming sites, the attackers were able to vastly amplify the firepower at their disposal. A spoofed request containing eight bytes will typically result in a 468-byte response to victim, an increase of more than 58 fold.

"Prior to December, an NTP attack was almost unheard of because if there was one it wasn't worth talking about," Shawn Marck, CEO of DoS-mitigation service Black Lotus, told Ars. "It was so tiny it never showed up in the major reports. What we're witnessing is a shift in methodology."

Read 4 remaining paragraphs | Comments

Prices of 4K monitors have fallen to under US$800, finally coming within the reach of users who didn't want to spend thousands on displays.
A group of researchers at the Massachusetts Institute of Technology have devised a potentially more effective way of helping computers solve some of the toughest optimization problems they face.

There are three months to go for Windows XP. The ancient operating system is leaving extended support on April 8, at which point Microsoft will no longer ship free security fixes. XP itself isn't the only thing that's losing support on that date. The Windows XP version of Microsoft Security Essentials, the company's anti-malware app, will stop receiving signature updates on that date and will also be removed for download.

The message is clear: after April 8, Windows XP will be insecure, and Redmond isn't going to provide even a partial remedy for the security issues that will arise. Antivirus software is just papering over the cracks if the operating system itself isn't getting fixed.

In contrast, both Google and Mozilla will provide updates for Chrome and Firefox beyond the cessation of Microsoft's support. Google has committed to supporting Chrome until April 2015.

Read 2 remaining paragraphs | Comments

Intel will add support for DDR4 memory to its high-end computers in the third quarter, sources familiar with the company's plans said.
With more than 2 million net square feet of exhibit space, this year's CES is bigger than ever. It's easy to feel overwhelmed, knowing there's always some exhibits you haven't seen. Unless, of course, you can get a drone's eye view with a flying camera.
Work on the International Space Station has been slated to continue for at least through 2024, giving NASA the experience and information they'll need to send astronauts into deep space.
Ford Motor CEO Alan Mulally, who on Tuesday ended months of speculation that he was a top candidate for Microsoft's CEO opening, was almost certainly in talks with the company.
Ruby Paratrooper-newrelic Gem Local Information Disclosure Vulnerability
RubyGems paratrooper-pingdom API Credentials Local Information Disclosure Vulnerability
Image courtesy of TheTruthAbout.

LinkedIn is suing a gang of hackers who used Amazon's cloud computing service to circumvent security measures and copy data from hundreds of thousands of member profiles each day.

"Since May 2013, unknown persons and/or entities employing various automated software programs (often referred to as 'bots') have registered thousands of fake LinkedIn member accounts and have extracted and copied data from many member profile pages," company attorneys alleged in a complaint filed this week in US District Court in Northern California. "This practice, known as 'scraping,' is explicitly barred by LinkedIn's User Agreement, which prohibits access to LinkedIn 'through scraping, spidering, crawling, or other technology or software used to access data without the express written consent of LinkedIn or its Members.'"

With more than 259 million members—many who are highly paid professionals in technology, finance, and medical industries—LinkedIn holds a wealth of personal data that can prove highly valuable to people conducting phishing attacks, identity theft, and similar scams. The allegations in the lawsuit highlight the unending tug-of-war between hackers who work to obtain that data and the defenders who use technical measures to prevent the data from falling into the wrong hands.

Read 7 remaining paragraphs | Comments

Burden 'burden_user_rememberme' Parameter Authentication Bypass Vulnerability
If it's not the NSA or Google it's someone else. These days it seems there's always somebody scanning your data, looking to make a profit or to learn something about you. What if you could set up your own social network or e-commerce site that didn't require putting your information in someone else's data center?
Recently installed BlackBerry CEO John Chen is on a mission to restore the ailing company to financial health, largely by restoring faith in BlackBerry among corporate CIOs and other traditional enterprise customers.
IBM Java CVE-2013-5457 Unspecified Arbitrary Code Execution Vulnerability
IBM Java CVE-2013-5456 Unspecified Arbitrary Code Execution Vulnerability
IBM Java CVE-2013-5458 Unspecified Arbitrary Code Execution Vulnerability

A reader sent in details of a incident that is currently being investigated in their environment.  (Thank you Peter for sharing! )   It appears to be a slick yet elaborate scam to divert a customer payment to the scammers.   It occurs when the scammer attempts to slip into an email conversation and go undetected in order to channel an ordinary payment for service or goods into his own coffers.  

Here is a simple breakdown of the flow:

  • Supplier sends business email to customer, email mentions a payment has been received and asks when will next payment arrive.
  • Scammer intercepts and slightly alters the email.
  • The Customer receives the email seemingly from the Supplier but altered by the Scammer with the following text slipped into it:

             "KIndly inform when payment shall be made so i can provide you with our offshore trading account as our account department has just informed us that our regular account is right now under audit and government taxation process as such we cant recieve funds through it our account dept shall be providing us with our offshore trading account for our transactions.  Please inform asap so our account department shall provide our offshore trading account for your remittance."
  • Scammer sets up a fake domain name with similar look and feel.  i.e. If the legitimate domain is  google.us, then the fake one could be  google-us.com.
  • An email is sent to the Customer from the fake domain indicating the new account info to channel the funds:

    "Kindly note  that our account department has just informed us that our regular account is right now under audit and government taxation process as such we can't receive funds through it. Our account department has provided us with our Turkey offshore trading account for our transactions. Kindly remit 30% down payment for invoice no. 936911 to our offshore trading account as below;

    Bank name: Xxxxx Xxxx
    Swift code:XXXXXXXX
    Router: 123456
    Account name: Xxx XXX Xx
    Account number:1234567-123
    Address: Xxxxxxxxx Xxx Xx xxx Xxxxxxxx xxxxx Xxxxxxxx, Xxxxxx"
  • The Customer is very security conscious and noticed the following red flags to avert the fraud: 

        - Email was sent at an odd time (off hour for the time zones in question)
        - The domain addresses in spoofed email were incorrect. (ie.  google-us.com vs. google.us)
        - The email contained repeated text which added to the "spammy" feel of it.

This scam was averted by the security consciousness business staff and properly analyzed by talented tech staff.  We appreciate them sharing it with us.  

The flags that indicate this is elaborate, is the email appeared to be fully intercepted and targeted because of the mentioning of a payment was requested.  Also, the fake domain that was created for this incident was created hours before the fraudulent email with the account information was sent.  The technical analysis showed the fake domain email was sent from an IP not owned by the supplier or the customer.

This incident is still under investigation and we will provide more obfuscated details as they become available.  Please comment and discuss with us if this has happened to your environment and what was done to mitigate and investigate things further.



ISC Handler on Duty

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Red Hat plans to take a greater role in the community developing CentOS, in the hope of attracting more paying customers to Red Hat Enterprise Linux, the distribution on which CentOS is based.
Microsoft came out on top in a brand survey conducted by Forrester Research, beating often-trumpeted Apple because of Microsoft's ubiquity in consumers' lives and its cross-generational appeal.
For the third time, the launch of a commercial cargo spacecraft set to carry nearly 3,000 pounds of supplies to the International Space Station has been scrubbed.
SPICE 'reds_handle_ticket()' Function Remote Denial of Service Vulnerability
[SECURITY] [DSA 2839-1] spice security update
Infor is buying PeopleAnswers, maker of software companies can use to analyze a job candidate's behavioral traits before deciding whether to make a hire. Terms of the deal, which was announced Wednesday, were not disclosed.
LinuxSecurity.com: libXfont could be made to crash or run programs as an administrator if itopened a specially crafted font file.
LinuxSecurity.com: Updated ruby193-ruby packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having critical [More...]
LinuxSecurity.com: It was discovered that a buffer overflow in the processing of Glyph Bitmap Distribution fonts (BDF) could result in the execution of arbitrary code. [More...]
LinuxSecurity.com: Anton Johannson discovered that an invalid TLS handshake package could crash OpenSSL with a NULL pointer dereference. The oldstable distribution (squeeze) is not affected. [More...]
LinuxSecurity.com: Multiple vulnerabilities have been found in spice, a SPICE protocol client and server library. The Common Vulnerabilities and Exposures project identifies the following issues: [More...]
Citrix Systems has acquired Framehawk for an undisclosed sum, and will use the company's technology to improve the performance of virtual desktops and applications over wireless networks.
Yahoo has started to automatically encrypt connections between users and its email service, adding an important security layer that rival Gmail has had for almost four years, but its implementation needs work, according to at least one security expert.
LightDM GTK+ Greeter Local Denial of Service Vulnerability

Washington Post

Infosec experts boycott RSA conflab over alleged 'secret' NSA contract
More security researchers are boycotting next month's US edition of the RSA Conference in protest against an alleged "secret deal" the company is said to have struck with the National Security Agency. Last month Reuters reported that the NSA "secretly ...
RSA Conference Suffers More Defections Over NSA AllegationsChannelnomics

all 80 news articles »
Looking for a laptop with serious processing power? CIO.com put three high-end laptops -- the Soni Vaio Flip 15, the HP ZBook 15 and the Acer Aspire V3 -- to the photo- and video-editing test to see which offers the best bang for the buck.
Multiple Vulnerabilities in Horizon QCMS
Improper Authentication in Burden
Google Android APK Signature Security Bypass Vulnerability
X.Org libXfont BDF Font File Handling Stack Buffer Overflow Vulnerability
Cisco Unified Communications Manager Unauthorized Access Vulnerability
Multiple Movable Type Products Multiple HTML Injection Vulnerabilities
Advantech/BroadWin SCADA WebAccess Multiple Remote Security Vulnerabilities
Graphviz 'yyerror()' Function Stack Buffer Overflow Vulnerability

RSA Conference Suffers More Defections Over NSA Allegations
The RSA Conference has become too big for even UK channel firms to ignore in recent years, even rivalling Infosec in some people's eyes despite the 26-hour round trip. Dave Ellis, director of new technology at distributor Computerlinks, who has ...

and more »
Facebook is acquiring Little Eye Labs, an Indian developer of a tool for performance analysis and monitoring of Android apps, the startup said.
Land-based terminals that send data to satellites may pose a soft target for hackers, an analysis from a computer security firm shows.
[SECURITY] [DSA 2838-1] libxfont security update


RSA Conference suffers more defections over NSA allegations
According to the Wall Street Journal, at least six security experts scheduled to speak at next month's security junket – the US' answer to Infosec – have already publicly withdrawn. As reported by CRN, Mikko Hyppönen, chief research officer at Finnish ...

and more »
Web browser or Office suite? Microsoft's and Google's office productivity and collaboration clouds pit rich and complex against simple and lean
Intel confirmed that it will provide processors to personal computer and tablet makers that support both Windows 8.1 and Android, the two operating systems from fierce rivals Microsoft and Google.
Wireless charging vendors made several announcements around their first sleeves for iPhone charging as well as upgrades allowing mobile devices to be charged through solid objects.
MongoDB BSON Object Length Parsing Information Disclosure Vulnerability

Chinese Trader Relied On Inside Info, SEC Tells Jury
Law360 (subscription)
Law360, Chicago (January 06, 2014, 7:15 PM ET) -- A Chinese investment adviser reaped more than $8 million in illicit gains for himself and investors by trading on inside knowledge about the management-led buyout of pork processor Zhongpin Inc., the ...

Internet Storm Center Infocon Status