InfoSec News

A hacking activist group which claimed responsibility for attacks against the websites of PBS and Nintendo has breached Sony Pictures, exposing more than 100,000 account credentials.

Sony Pictures Digital Inc., the subsidiary of Sony that runs its movie and music business, confirmed that a hacking group has breached its website, exposing user account credentials.

In a statement issued June 3, Sony Pictures said it took action to protect against further intrusion of its systems. The company said it was targeted by a hacker group known as “LulzSec,” which claimed responsibility for attacks on PBS and Nintendo.

“A respected team of outside experts is conducting a forensic analysis of the attack,” Sony said in a statement. In addition, we have contacted the U.S. Federal Bureau of Investigation and are working with them to assist in the identification and apprehension of those responsible for this crime.”

The attackers are believed to have used a SQL injection attack to breach the website. The Lulz Security hacking group has been actively boasting about its high profile website attacks. The organization posted more than 100,000 account credentials of users of the Sony Pictures website. The hackers said they took the data from the Sony Pictures and Sony BMG websites. In addition to account credentials, the information made public includes addresses and phone numbers.

The group claimed responsibility for the latest attack against Nintendo’s U.S. servers, posting details of the attack on Twitter. The group said it had obtained an internal configuration file for one of Nintendo’s U.S. servers. It also hacked and defaced the website of InfraGard, an Atlanta-based organization that shares FBI cybercrime data with the private sector. The group posted more than 100 account credentials that it had stolen in that attack.

Sony and its subsidiaries have been investigating as many as a dozen breaches on its systems after a massive breach exposed information on more than 100 million users of its PlayStation and Entertainment Group networks. The company has apologized to victims, bolstered system security and is hiring a CISO to manage its security initiatives.

Add to digg Add to StumbleUpon Add to Add to Google

Adobe announced Thursday that it plans to release updates for its Reader and Acrobat products.

The fixes, which Adobe categorizes as critical, affect Adobe Reader X  (10.0.1) for Windows and Adobe Reader X (10.0.3) for Macintosh; Adobe Reader 9.4.3 and earlier versions for Windows and Macintosh; Adobe Acrobat X (10.0.3) for Windows and Macintosh; and Adobe Acrobat 9.4.2 and earlier versions for Windows and Macintosh.

Add to digg Add to StumbleUpon Add to Add to Google
I just had a change to skip through our IPv6 logs from yesterday. There was a significant, but not huge increase in hosts accessing the site via IPv6. Usually we get maybe 200 or so hosts via IPv6, yesterday we got around 270.
Interestingly about 25% of the traffic (per IPv6 day as well as during IPv6 day) is due to hits to our rss feed. I will try to follow up on this to see why we get so much IPv6 traffic to it.
After an initial look at the logs, I didn't see any attacks via IPv6 against our web application.


Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
IBM has made what it claims is the first graphene-based integrated circuit. The technique could one day be used to produce superior wireless communication devices and less-expensive displays.
Avaya is going public again, filing today with the Securities and Exchange Commission for an initial public offering worth $1 billion.
Eddie Schwartz, former chief security officer at Netwitness Corp., which was recently bought by EMC, has been named chief security officer of the storage vendor's RSA security division.
Tennessee is apparently in the pocket of the RIAA.
Microsoft is preparing to address 16 vulnerabilities in its Patch Tuesday bulletins next week.

Add to digg Add to StumbleUpon Add to Add to Google
One day after completing a successful 24-hour trial of IPv6, Facebook, Google and Yahoo said at a joint press conference that they would begin permanently supporting this upgrade to the Internet's main communications protocol on some of their key websites.
Sprint Nextel has given up its majority voting power at Clearwire to defuse investors' concerns about the danger to Sprint if Clearwire defaulted on its debt.
Apple will provide a free upgrade to Mac OS X 10.7 to all customers who purchase a new Mac notebook or desktop before Lion ships next month.
Microsoft today said it will issue 16 security updates next week to patch 34 vulnerabilities in Windows, Internet Explorer (IE), Office, SQL Server and other products.
AT&T defends its reasons for proposing to acquire rival T-Mobile.
Converged business communications environments are increasingly comprised of a complex mix of VoIP, unified communications and SIP trunking technologies from a variety of suppliers. And whatever that mix is today, it is likely to change going forward.
Server virtualization is dramatically increasing the number of applications supported in each rack which can result in traffic spikes that overwhelm traditional top-of-rack (ToR) switches, causing dropped packets and processing delays. But a new generation of ToR switches addresses the potential for spikes by incorporating much larger packet buffers.
Driven by the popularity of its mobile products, Apple is now the world's largest consumer of semiconductor technology, according to research firm IHS iSuppli.
Sprint's renewed partnership with Motorola will result in more than 10 smartphones and tablets for sale in 2011, including Motorola's first WiMax phone for Sprint, the Photon 4G.
Zeus says the art of defence acquisition will boost its effort to provide Web application security for cloud computing deployments.

Add to digg Add to StumbleUpon Add to Add to Google
iGate Patni CEO Phaneesh Murthy addresses his controversial acquisition of a much larger IT outsourcing company, the debt the combined company has incurred and the way Patni executives were treated during and after the deal.
The HP TouchPad tablet running WebOS will be available in the U.S. on July 1, starting at $499.99 for a 16 GB, Wi-Fi version, Hewlett-Packard said.
Samsung's new Galaxy Tab 10.1 tablet is slim and sexy, with a great display and the latest version of Android 3.1 (Honeycomb). But it isn't perfect.
Xen 'arch_set_info_guest()' Local Denial Of Service Vulnerability
Linux Kernel 'oops' on Reset NULL Pointer Dereference Remote Denial of Service Vulnerability
Nokia CEO Stephen Elop used his keynote at the Open Mobile Summit in London Thursday to explain, again, why the company chose the Windows Phone OS for its smartphones and insisted during a question-and-answer session that, despite persistent rumors to the contrary, the company is not for sale.
A new tablet is announced every day, it seems. To keep you up to date, our sortable table gathers key info about the latest devices, including screen size, OS, price, ship date, connectivity options and more.
HP OpenView Storage Data Protector CVE-2011-1864 Unspecified Remote Code Execution Vulnerability
A reader emailed in with the question, in short, which is currently the most secure browser and how to stay up to date on the different browsers. In the interest of Chrome having an update today it seems fitting to post the answer as a Diary.

Before the browser war ignites, let me be the first to say in my opinion It Depends. Chrome [1] is regarded as a very safe and secure browser but when you get to the number of lines of code in any browser architecture it is hard to say [3]. There has been some great research on lines of code in different systems [4] and when you get to that level of complexity errors are bound to occur. There are several different thoughts and many books on this subject but what I am getting at here is complexity and trust. At some point you have to trust the development team that wrote the code for the browser, what operating system you are running and how you have deployed your browser.

Second, the browser, or the technology is only part of the matter. You still have Phishing and the human factor. Even on the most secure platform the user can be tricked. [4]

Another commonly accepted deployment strategy is Firefox with add on components of No-Script and Adblock. Research into your specific deployment scenario and resources is the key to identifying what works in your environment. Infoworld had a great article on securing different browser types [5], it is a little old but still relevant.

The pwn2Own contests held at some of the CanSec conferences can lead to some good reading on this subject. [2]

In the end, a huge browser war will ignite over which is the most secure but as organic as feature and code has become it is arguable that the best way to secure your environment is layers of defense but finally check out the SANS reading room for papers on the subject. Specifically refer to a paper written by one of SANS GIAC Students [6].

And to our Reader who wrote in, stand by for the heavy opinions on the subject. To our readers, please comment on your experiences or how you stay current.






Richard Porter
--- ISC Handler on Duty
Email richard at isc dot sans dot edu (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

CompliancePoint Acquires InfoSec Integrators, Inc. Will Incorporate ...
PR Web (press release)
CompliancePoint, a PossibleNOW company, announces that it has completed the acquisition of Atlanta-based InfoSec Integrators, Inc. The company's principals, Charles Burke and Bill Schmidt, will help lead CompliancePoint's Information Security practice ...

and more »
Facebook said it's working with European Union regulators to resolve criticism about its new facial recognition feature, but trouble may also be brewing for the social network here in the U.S.
Next-generation applications will be location-specific, offering users information and features related to where they are at any given moment, Adobe Systems CTO Kevin Lynch, said at the Open Mobile Summit conference on Thursday.
RETIRED: Microsoft Internet Explorer Unspecified Remote Code Execution Vulnerabilities
Microsoft Internet Explorer 'CStyleSheet' Uninitialized Memory Remote Code Execution Vulnerability
Sprint, Samsung and Google are investigating customer complaints about problems with Nexus S smartphone connections and the deletion of photos taken with the devices.
The U.S. Supreme Court has let stand a $300 million patent infringement ruling against Microsoft, granting a victory Thursday to i4i, which filed the lawsuit back in 2007.
Nearly 1 billion smartphones will be shipped globally in 2015, almost double the amount for all of 2011, as millions of people seek out the more powerful mobile phones that are dropping in average price.
If you have not seen, Chrome has been updated to version 12.0.742.91 [1] and with this release brings some nice updates. You can check the official blog post by Google [2] for a long list of enhancements and security fixes. Of particular interest are the safe browsing enhancements [3]. Chrome has added some malicious file detection. Not sure if this is in response to the exploit claim that was made some months back but one could speculate [4]. If you are running Chrome it is advised that you update when it becomes available.


Richard Porter
--- ISC Handler on Duty (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
To help you get the most out of your laptop and stay secure while on the go, we've selected 31 applications and services that are particularly laptop-friendly.
Samsung this week announced the Spinpoint M8 internal hard drive with 1TB capacity, which could raise the bar in storage available on laptops.
PDFill Insecure Library Loading
[Announcement] ClubHACK Magazine Issue 17-June 2011 released
[security bulletin] HPSBMA02631 SSRT100324 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code
Bank said a hack of its systems exposed the data of about 200,000 bank card holders in North America.

Add to digg Add to StumbleUpon Add to Add to Google
Citigroup admitted on Wednesday that an attack on its website allowed hackers to view customers' names, account numbers and contact information such as e-mail addresses for about 210,000 of its cardholders.


Lockheed attack scares away RSA partners
Steven Malone, technical director at RSA Affiliate partner Infosec Technologies, said he had not received any communication on how the replacement process might work, other than being directed to the open letter. The whole episode had "irrevocably ...

and more »
How does Google's mobile operating system stack up against Apple's in the smartphone and tablet markets? We look at the data.
Texas Instruments has lowered its revenue forecast for the second fiscal quarter due to lower demand for its products from Nokia.
IBM hopes to help companies more efficiently use their high-performance computing resources with new software that links separate pools of resources into a single private cloud.
While debate rages on over the value of nonrelational, or NoSQL, databases, two case studies point to the benefits of using the MongoDB non-SQL data store instead of a standard relational database.
World IPv6 Day, a 24-hour trial of next-generation Internet services, is going as smoothly as participating websites had hoped, sparking comparisons to the dawn of the new millennium passing without any Y2K-related incidents.
Hewlett-Packard says that its customers run more databases and applications from Oracle on its hardware than any other vendor out there does. But if you are at HP's big user conference this week and interested in talking to Oracle, you won't find the company listed as an exhibitor on the expo floor.
With the rollout of iOS 5 sometime this fall, Apple will deliver much-needed -- and in some cases, long overdue -- updates to its mobile OS. Columnist Michael deAgonia looks at five of the best changes to iOS.
The marking of World IPv6 Day yesterday has drawn fresh attention to the next-generation Internet addressing protocol, as well as to the security considerations that enterprises will need to deal with as they migrate to it.

Lunarline Now Offers CNSSI 4012 Certification in their Training Program
Additionally, the coursework continues to meet the standards for the National Training Standard for Information Systems Security (INFOSEC) Professionals and System Certifiers (NSTISSI 4011 and 4015 certifications). Students receive a certificate for ...

and more »
ActFax Server Multiple Remote Buffer Overflow Vulnerabilities
Wireshark Versions Prior to 1.4.7/1.2.17 Multiple Denial of Service Vulnerabilities
Internet Storm Center Infocon Status