InfoSec News

Long ago Google internally tested a file storage service code-named Platypus, but the world referred to it as Google Drive or Gdrive. In 2008 they killed off the project, instead allowing users to upload files to Google Docs in the familiar interface we use today.
 
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Thursday's massive power outage across parts of Arizona and southern California serves as another reminder of the vulnerabilities in the nation's power infrastructure.
 
Former SAP subsidiary TomorrowNow will plead guilty to criminal charges of copyright infringement for downloading software from Oracle's servers.
 
The U.S. Department of Justice would "severely set back growth and competition" in the U.S. mobile telecom market if its efforts to block the acquisition of T-Mobile USA by AT&T are successful, AT&T said in court documents filed Friday.
 
On Thursday, HP announced 13 new printers and scanners, many of which target the small and midsize business market. This new range of printers and scanners emphasizes Web-connected printing and advanced scanning.
 
Microsoft will unveil next month a major revamping of its Hotmail webmail service, with upgrades across the board, including in areas like spam, security and performance.
 
LightSquared's and Dish Network's proposals to use satellite spectrum for 4G networks aren't necessarily competing for FCC approval, but either one could make the U.S. mobile broadband business more competitive if it clears significant hurdles.
 
PHP Prior to 5.3.7 Multiple NULL Pointer Dereference Denial Of Service Vulnerabilities
 
APPLE-SA-2011-09-09-1 Security Update 2011-005
 
[slackware-security] httpd (SSA:2011-252-01)
 
With Zagat's restaurant reviewing operation now in its arsenal, Google is in a position to radically change the daily deals market.
 
Server virtualization gets most of the glory, but it's application virtualization that may ultimately have a more significant impact on enterprise IT architectures, supporting new modes of business and smoothing the path to the new services-oriented online structure known as the cloud.
 
Google designers are under a mandate to make the products' interfaces more appealing, simple and functional, a high-stakes challenge for all of them but in particular for the search team, because they're tinkering with the company's main revenue source.
 
Hardware and components insiders are giving off mixed signals about how business will fare for the rest of the year.
 
A grand jury in Alexandria, Va., has indicted five people allegedly involved with video download site NinjaVideo.net on conspiracy and copyright infringement charges, the U.S. Department of Justice said Friday.
 
BisonFTP Server Remote Buffer Overflow Vulnerability
 
Apple today released an update to Mac OS X that blocks Safari users from reaching sites secured with certificates stolen from a Dutch company last summer.
 
When auto parts supplier Inteva Products LLC spun out from its parent company Delphi in 2008, CIO Dennis Hodges was left standing in a heap of legacy ERP equipment.
 
Former SAP subsidiary TomorrowNow will plead guilty to criminal charges of copyright infringement for downloading software from Oracle's servers.
 
Linux Kernel '/proc/PID/io' Local Information Disclosure Vulnerability
 
Apple released a patch to update their certificate trust policy affecting Mac OS X Server 10.6, Mac OS X 10.6, Lion Server, OS X Lion. Using fraudulent certificates operated by DigiNotar, an attacker with enough network privileges could intercept user credentials or sensitive information. Apple recommends applying security update 2011-005, additional information available here and downloaded here.
Update 1: Apple has indicated that iOS users cannot remove the root cert and Apple is aware of the issue.
[1] http://support.apple.com/kb/HT4920
[2] http://www.apple.com/support/downloads/
[3] http://support.apple.com/kb/HT4415
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Community SANS SEC 503 coming to Ottawa Sep 2011 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
RSyslog 'parseLegacySyslogMsg()' Function Buffer Overflow Vulnerability
 
When it comes to global outsourcing, particularly from India, the risks -- and the stakes -- are higher than ever. Global sourcing vendors are being given more responsibility from a technical and business perspective, and they are being given greater access to internal systems and customers. At the same time, the increasingly volatile, inconsistent, and expensive labor pool in India makes this increased trust much riskier.
 
Whether viewed in person or online, it's not easy to look at the National Museum of American History's 9/11 display that includes multiple tech items.
 
With Carol Bartz out as CEO at Yahoo, speculation is rampant that the board of directors is looking to sell the struggling company.
 
A software upgrade that went wrong caused parts of the Google Docs cloud-hosted office productivity suite to go offline for an hour on Wednesday, a situation the company is taking steps to prevent.
 
Microsoft jumped the gun today by prematurely releasing information on all five of the security updates it plans to ship next Tuesday.
 
Nvidia concluded that it would exit the chipset business as Intel made it impossible for the company to operate in the market, the company's CEO Jen-Hsun Huang said this week.
 
Linux Kernel TCP Sequence Number Generation Security Weakness
 
Linux Kernel 'mremap()' Local Denial of Service Vulnerability
 
[ MDVSA-2011:134 ] rsyslog
 
CVE-2011-2731: Spring Security privilege escalation when using RunAsManager
 
An international consumer group has called on the U.S. Federal Trade Commission and the European Union’s main body for data protection, the Article 29 Working Group, to reject self-regulation of online behavioral advertising.
 
Freefloat FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
 
CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities
 
CVE-2011-2732: Spring Security header injection vulnerability
 
CVE-2011-2730: Spring Framework Information Disclosure
 
Disassembling .NET Client Challenge
 
Three French publishers have dropped lawsuits against Google alleging that the company infringed their copyright.
 
Samsung reportedly will unveil a new tablet computer that runs on the Windows 8 OS next week. It would become a convenient alternative to the legally imperiled Android OS used in Samsung's Galaxy Tab computers.
 
Gibbs helps a friend get a tiny video clip that he should be able to get for free.
 
28C3: CFP for 28th Chaos Communication Congress
 
[security bulletin] HPSBUX02702 SSRT100606 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
 
[SECURITY] [DSA 2303-1] linux-2.6 security update
 
Looks like Microsoft made the bulletins live that were supposed to be released this coming Tuesday. The bulletins are dated September 13th 2011. While the links below work as I type this diary, they may not work later today. Some of the related links may not have any information yet (like CVE). All bulletins appear to be live right now, and we will add them to the list below as we get to it.
This information may of course change as the final bulletins will be released on Tuesday. Some readers report that the bulletins are no longer available.
Overview of the September 2011 Microsoft patches and their status.
-->



#
Affected
Contra Indications - KB
Known Exploits
Microsoft rating(**)
ISC rating(*)


clients
servers





MS11-070
Vulnerability in WINS could allow elevation of privilege. Replaces MS11-035.


WINS



CVE-2011-1984
KB 2571621
- none -
Severity:Important

Exploitability:?
Important
Important



MS11-071
Vulnerability in Windows could allow remote code execution (DLL Linking Vuln.).


Windows



CVE-2011-1991
KB 2570947
yes
Severity:Important

Exploitability:?
Critical
Important



MS11-072
Arbitrary code execution vulnerability in Excel. Replaces MS11-045.


Excel



CVE-2011-1986 CVE-2011-1986 CVE-2011-1987 CVE-2011-1988 CVE-2011-1989 CVE-2011-1990
KB 2587505
- none -
Severity:Important

Exploitability:?
Critical
Important



MS11-073
Code execution vulnerability in Microsoft Office. Replaces MS11-023, MS10-087 .


Office



CVE-2011-1980

CVE-2011-1982
KB 2587634
- none -
Severity:Important

Exploitability:?
Critical
Important



MS11-074
Microsoft Sharepoint Elevation of Privilege Vulnerability. Replaces MS11-016.


Sharepoint



CVE-2011-0653

CVE-2011-1252

CVE-2011-1890

CVE-2011-1891

CVE-2011-1892

CVE-2011-1893
KB 2581858
CVE-2011-1252 publicly disclosed. some of the others are not disclosed but likely simple to exploit XSS flaws.
Severity:Important

Exploitability:?
-N/A-
Important





We will update issues on this page for about a week or so as they evolve.

We appreciate updates

US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:

PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
Critical: Anything that needs little to become interesting for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
Important: Things where more testing and other measures can help.
Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.


The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.
Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.
All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them.

(**): The exploitability rating we show is the worst of them all due to the too large number of ratings Microsoft assigns to some of the patches.

--

Johannes B. Ullrich (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
WordPress A to Z Category Listing Plugin 'R' Parameter SQL Injection Vulnerability
 
The ViewSonic ViewPad 10pro tablet offers a dual Windows 7/Android environment for travelers who need both operating systems.
 
Cyrus IMAP Server 'split_wildmats()' Remote Buffer Overflow Vulnerability
 
Lenovo's chairman believes the company will overtake Dell to become the world's second-largest PC vendor by the end of this year.
 
PhotoSmash Galleries WordPress Plugin 'action' Parameter Cross Site Scripting Vulnerability
 
The hacker who calls himself "Comodohacker" said this week that he could have used digital certificates stolen from a Dutch firm to issue fake updates to Windows PCs.
 
The Sept. 11, 2001 terrorist attacks in the U.S. -- and natural disasters since -- have yielded valuable lessons about how IT teams should prepare for and respond to disasters.
 
Google is directly contacting users in Iran, who may have been compromised by a rogue SSL certificate, to recommend measures to secure their accounts.
 
Samsung must not sell the Galaxy Tab 10.1 in Germany because it looks too much like Apple's iPad 2, the district court in Düsseldorf ruled on Friday.
 
LightNEasy Multiple HTML Injection Vulnerabilities
 

Posted by InfoSec News on Sep 09

http://www.wired.com/threatlevel/2011/09/doppelganger-domains/

By Kim Zetter
Threat Level
Wired.com
September 8, 2011

Two researchers who set up doppelganger domains to mimic legitimate
domains belonging to Fortune 500 companies say they managed to vacuum up
20 gigabytes of misaddressed e-mail over six months.

The intercepted correspondence included employee usernames and
passwords, sensitive security information about the configuration of...
 

Posted by InfoSec News on Sep 09

http://www.theregister.co.uk/2011/09/08/mozilla_certificate_authority_audit/

By Dan Goodin in San Francisco
The Register
8th September 2011

Mozilla has directed all web authentication authorities trusted by its
software to conduct security audits to ensure they aren't being abused
to issue counterfeit secure sockets layer certificates.

Thursday's note from Kathleen Wilson, who oversees the certificate
authorities included in the...
 

Posted by InfoSec News on Sep 09

http://www.eweek.com/c/a/Security/Stanford-Hospital-Contractor-Leaks-20000-Patient-Records-to-Public-Website-642765/

By Fahmida Y. Rashid
eWEEK.com
2011-09-08

A data privacy breach at Stanford University's hospital has resulted in
medical records for 20,000 emergency room patients being posted on a
public Website for nearly a year, according to The New York Times.

A patient notified the hospital of the breach Aug. 22, and the hospital...
 

Posted by InfoSec News on Sep 09

http://www.networkworld.com/news/2011/090911-google-contacts-iranian-users-to-250653.html

By John Ribeiro
IDG News Service
September 09, 2011

Google is directly contacting users in Iran, who may have been
compromised by a rogue SSL certificate, to recommend measures to secure
their accounts.

While Google's internal systems were not compromised, it is directly
contacting possibly affected users and providing information on securing...
 

Posted by InfoSec News on Sep 09

http://www.computerworld.com/s/article/9219873/RSA_spearphish_attack_may_have_hit_U.S._defense_organizations

By Robert McMillan
IDG News Service
September 8, 2011

The hackers who broke into EMC's RSA Security division last March used
the same attack code to try to break into several other companies,
including two U.S. national security organizations, according to data
provided by the VirusTotal website.

"According to our data, RSA...
 

Posted by InfoSec News on Sep 09

http://www.koreaherald.com/national/Detail.jsp?newsMLId=20110908001012

The Korea Herald
2011-09-08

Samsung Card Co., South Korea's leading card firm, is suspected of
having come under an online security breach that could have leaked about
800,000 customers' personal data, sources said Thursday.

Samsung Card has asked the police to investigate an employee regarding
the suspected leakage of customer data, including their names and...
 

Posted by InfoSec News on Sep 09

http://www.forbes.com/sites/daviddisalvo/2011/09/08/new-jamming-tech-could-protect-pacemakers-from-hack-attack/

By David DiSalvo
Pharma & Healthcare
Forbes.com
9/08/2011

If you have a pacemaker or an insulin pump, you may not be aware that
you’re potentially a walking target for hackers.

Many medical implants contain tiny wireless radios that allow doctors to
download data to track their patients’ conditions and adjust the...
 

ABC15.com (KNXV-TV)

Arizona: Good place to look for security-related jobs since 9/11
ABC15.com (KNXV-TV)
Just one month before the 9/11 attacks, Goodman, an attorney by trade moved back to his hometown to work in a field most people had never even heard of: info sec . "Information security is the role within Information Technology that helps safeguard ...

and more »
 
Internet Storm Center Infocon Status