InfoSec News

For a brief period this week, cybercriminals managed to infect Google's and Microsoft's online ad networks with malicious advertisements that attacked users' PCs, according to security consultancy Armorize.
 
The Kobo Wireless eReader aspires to compete with the big kids in the e-reader arena. This iteration represents a marked improvement over its predecessor, offering higher contrast, a sharper E Ink display, and better performance. Unfortunately, the Wireless eReader still lacks the polish and finesse of the leaders. And at $139 (as of December 13, 2010), it's the same price as an Amazon Kindle.
 
Oracle wants SAP to pay it US$212 million in interest on top of the $1.3 billion awarded to it last month by a jury in the companies' TomorrowNow lawsuit, court papers show.
 
Mozilla Firefox/Thunderbird/SeaMonkey OS Font Code Multiple Unspecified Vulnerabilities
 
Mozilla Firefox and SeaMonkey Java LiveConnect Script Security Bypass Vulnerability
 
Mozilla Firefox/Thunderbird/SeaMonkey Multiple HTML Injection Vulnerabilities
 
Mozilla Firefox/Thunderbird/SeaMonkey 'document.write()' Buffer Overflow Vulnerability
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2010-3776 Memory Corruption Vulnerability
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2010-3777 Memory Corruption Vulnerability
 
Mozilla Firefox CVE-2010-3778 Memory Corruption Vulnerability
 
Real Networks RealPlayer Multiple Remote Vulnerabilities
 
You've probably dragged a link from your browser to the desktop to get easy access to your favorite site or a useful resource for work. But Mac OS X Hints reader nathanator11 wanted to take that convenience one step further by making his Mac open those Websites automatically whenever he logs in. Here's how he did it.
 
Members of RevSpace, a hacker collective in The Hague want to teach "Jeroenz0r," currently in custody for cyberattacks against Mastercard and Visa, a lesson or two to make him a real hacker. That is, an ethical hacker.
 
Oracle is expected to launch the general-availability version of MySQL 5.5 during a webcast event on Wednesday.
 
Gibbs isn't impressed by the FTC's proposal
 
Exim Crafted Header Remote Code Execution Vulnerability
 
Many of you would have seen the advance notification from Microsoft regarding the patches to be released on Black Tuesday. There will be 17 bulletins 2 critical, 14 important and one moderate. Keep an eye on the diary for the day as we'll be doing our usual table with in this case likely some adjustments on the criticality from our perspective. In the list are some remote code executions, elevation of privileges an a couple of denial of service attacks for good measure. the advanced notification is herehttp://www.microsoft.com/technet/security/Bulletin/MS10-dec.mspx . The details of what will be released may still change of course. How these patches affect corporations will be interesting as many companies have change freezes in place this time of the year, including the application of patches. so it is likely that the window of opportunity to attack these vulnerabilities is longer than usual. So if you are not going to patch make sure that you have a look at them anyway, determine if you are vulnerable, and maybe what you can do to detect them.
Those of you running office 2008 on a Mac would have noticed that a patch is being pushed out with next weeks date on it. This was the patch that wasn't ready last month when 2011 was patched. AS for next week's date? Likely it was released a little bit earlier than planned, maybe to avoid black Tuesday.
Mark H (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A Microsoft executive, speaking at a tech conference in Paris, confirmed the company made a failed bid to buy Facebook three years ago.
 
Internet regulatory body ICANN postponed approval of a mechanism to let groups apply for and manage new Internet domain extensions called generic Top Level Domains (gTLDs), such as the existing .com and .net.
 
Google is shipping thousands of its new Chrome notebooks to beta testers. How much is the notebook really worth?
 
Google is shipping thousands of its new Chrome notebooks to beta testers. How much is the notebook really worth?
 
The loosely-knit Anonymous hacker group Friday called its attacks against perceived foes of WikiLeaks a symbolic protest.
 
Apache mod_proxy_ftp Remote Command Injection Vulnerability
 
Apache mod_proxy_ftp Module NULL Pointer Dereference Denial Of Service Vulnerability
 
Novell Vibe 3 BETA OnPrem Stored Cross-site Scripting Vulnerability
 
Re: Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
 
A prominent Wall Street analyst declared that Windows Phone 7 has seen a 'successful launch' and that Microsoft will heavily market the new platform further, leading to a possible pitched battle against Android smartphones that would leave the iPhone on top.
 
sing its research in analytics, IBM has created 18 assessment tools that it is incorporating into its IT services offerings.
 
Oracle has asked the Apache Software Foundation to reconsider its decision to quit the Java SE/EE Executive Committee, and is also acknowledging the ASF's importance to Java's future.
 
PHP 'open_basedir' Security-Bypass Vulnerability
 
PHP 'ext/imap/php_imap.c' Use After Free Denial of Service Vulnerability
 
PHP ZipArchive::getArchiveComment() NULL Pointer Dereference Denial Of Service Vulnerability
 
[SECURITY] [DSA-2131-1] New exim4 packages fix remote code execution
 
ManageEngine EventLog Analyzer Syslog Remote Denial of Service Vulnerability
 
ManageEngine EventLog Analyzer Multiple Cross-site Scripting (XSS) Vulnerabilities
 
PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow
 
To all of our readers, supporters, and volunteers I'd like to thank everybody for your help and support over the past seven years while I've been the Director of the SANS Internet Storm Center. I became the Director in September 2003, right after the infamous Blaster worm had train-wrecked many networks and made life difficult for thousands of system administrators and users. I had no idea how successful the SANSISCwas going to become, but it has matured way beyond what I thought we could do back then.
Like many of our volunteer handlers who have moved along due to career changes and life events, I've reached the point where I need to step down from the role of Director and turn the leadership over to a face many of you are familiar with - Johannes Ullrich. Johannes has been our CTO since the beginning and is the perfect person to lead the organization to new levels of success. I'll still be part of the community, but due to increasing work requirements and this pesky PhD I've been working on for the past few years I won't be able to keep devoting the proper amount of time needed to run this great group.
If you are at the SANSCyber Defense Initiative (CDI) event in Washington, DC please join us at 6:30 pm tonight for the official hand-over and to meet several of our volunteer handlers.
I look forward to continuing my support to SANSand the community, and I offer my best wishes for success to Johannes and the handler team.
Marcus H. Sachs

Director, SANSInternet Storm Center (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
www.eVuln.com : Non-persistent XSS in BizDir
 
Re: [Full-disclosure] Linux kernel exploit
 
[ MDVSA-2010:251 ] firefox
 
[USN-1031-1] ClamAV vulnerabilities
 
Wayne Chang is suing Cameron and Tyler Winklevoss, who are suing Mark Zuckerberg, for cutting him out of their Facebook/ConnectU settlement.
 
Amazon Web Services (AWS) has increased the maximum size of files that can be stored on its Simple Storage Service (S3) to 5TB from 5GB, Amazon said in a blog post on Thursday.
 
WikiLeaks founder Julian Assange could soon be indicted on spying charges under the U.S. Espionage Act.
 
Oracle has asked the Apache Software Foundation to reconsider its decision to quit the Java SE/EE Executive Committee, and is also acknowledging the ASF's importance to Java's future.
 
Adobe Flash Player and AIR (CVE-2010-2213) Multiple Unspecified Memory Corruption Vulnerabilities
 
Adobe Flash Player and AIR ActionScript AVM1 ActionPush Memory Corruption Vulnerability
 
Adobe Flash Player (CVE-2010-2170) Integer Overflow Vulnerability
 
WikiLeaks neither supports nor condemns the cyber attacks that have targeted its critics, it said Friday, just as it appears the attackers are mounting a fresh operation against Moneybookers.com.
 
Several top WikiLeaks backers are set to open a rival whistleblower site on Monday because they're growing increasingly frustrated with the state of affairs at WikiLeaks.
 
Anyone who has held an IP address since 1997 or earlier has a decision to make by Dec. 31, 2011: Should you sign the 'legacy agreement' that promises to protect your IP rights? Here's what you need to know.
 
Mozilla Thursday issued patches for 13 bugs, 11 of which were rated 'critical.'
 
A few nice capabilities don't overcome an ill-conceived 'tweener' tablet with an ill-fitting Android OS.
 
Prosecuting WikiLeaks founder Julian Assange for the disclosure of classified State Department cables will pose huge challenges for the U.S. government, according to a report by the Congressional Research Service.
 
Federal CIO Vivek Kundra yesterday released a 25-point plan for restructuring federal IT operations to boost productivity to private sector levels.
 
Toshiba could lose up to a fifth of the NAND flash memory chips it was making for delivery early next year, after a momentary power glitch caused its production line to halt.
 
InfoSec News: DNS Provider Mistakenly Caught in WikiLeaks Saga Now Supports the Group: http://www.wired.com/threatlevel/2010/12/easydns/
By Kim Zetter Threat Level Wired.com December 9, 2010
A DNS provider that suffered backlash last week after it was wrongly identified as supplying and then dropping DNS service to WikiLeaks has decided to support the secret-spilling site, offering DNS service to two domains distributing WikiLeaks content.
EasyDNS, a Canadian firm, was attacked last Friday after media outlets mistakenly reported it had terminated its service for WikiLeaks. The company sent an e-mail to customers Thursday morning letting them know that it had begun providing DNS service for WikiLeaks.ch and WikiLeaks.nl, two of the primary domain names WikiLeaks relocated to after WikiLeaks.org stopped resolving.
"We’ve already done the time, we might as well do the crime," Mark Jeftovic, president and CEO of EasyDNS, told Threat Level about his decision.
DNS service providers translate human-friendly domain names to IP addresses, so when someone types www.Amazon.com into their browser, for example, they’re properly connected to 72.21.211.176, the address of the host.
It was actually EveryDNS, a competitor of EasyDNS, that had been providing this service to WikiLeaks.org for free. EveryDNS terminated this service last week after WikiLeaks was hit by prolonged denial-of-service (DoS) attacks by people opposed to the group publishing classified U.S. State Department cables. The company said the denial-of-service attacks against WikiLeaks threatened the stability of service for other EveryDNS customers.
[...]
 
InfoSec News: Wire Fraud Victim Sues Bank: http://www.bankinfosecurity.com/articles.php?art_id=3159
By Linda McGlasson Managing Editor Bank Info Security December 9, 2010
A Missouri-based escrow company has sued its bank after losing $440,000 in a case of wire fraud.
The suit, filed on Nov. [...]
 
InfoSec News: 24th members guide JROTC team in AFA CyberPatriot competition: http://www.afspc.af.mil/news/story.asp?id=123233892
By Tech. Sgt. Scott McNabb 24th Air Force Public Affairs 12/9/2010
LACKLAND AIR FORCE BASE, Texas -- Just walking into the Junior Reserve Officer Training Corps building at John Jay High School, a stone's throw [...]
 
InfoSec News: Secunia Weekly Summary - Issue: 2010-49: ========================================================================
The Secunia Weekly Advisory Summary 2010-12-02 - 2010-12-09
This week: 69 advisories [...]
 
InfoSec News: Microsoft slates another monster Patch Tuesday: http://www.computerworld.com/s/article/9200642/Microsoft_slates_another_monster_Patch_Tuesday
By Gregg Keizer Computerworld December 9, 2010
Microsoft today said it will deliver a record 17 security updates next week to patch 40 vulnerabilities in Windows, Internet Explorer (IE), [...]
 

David Sherry of Brown University a Presenter at Meeting of Fairfield County ...
American Consumer News (press release)
The Fairfield County InfoSec Group met on November 11 in Westport, Connecticut, to hear David Sherry, Chief Information Security Officer for Brown ...

 

David Sherry of Brown University a Presenter at Meeting of Fairfield County ...
PR Web (press release)
The Fairfield County InfoSec Group met on November 11 in Westport, Connecticut, to hear David Sherry, Chief Information Security Officer for Brown ...

and more »
 
Mozilla Firefox/SeaMonkey 'JSSLOT_ARRAY_COUNT' Annotation Integer Overflow Vulnerability
 
Mozilla Firefox and SeaMonkey 'nsDOMAttribute' Use-After-Free Memory Corruption Vulnerability
 

Posted by InfoSec News on Dec 09

http://www.afspc.af.mil/news/story.asp?id=123233892

By Tech. Sgt. Scott McNabb
24th Air Force Public Affairs
12/9/2010

LACKLAND AIR FORCE BASE, Texas -- Just walking into the Junior Reserve
Officer Training Corps building at John Jay High School, a stone's throw
from Lackland, is a testament to the unit's dedication to being the
best.

The hall of trophies more closely resembles a sheer wall of trophies of
all sizes and shapes and reasons...
 

Posted by InfoSec News on Dec 09

========================================================================

The Secunia Weekly Advisory Summary
2010-12-02 - 2010-12-09

This week: 69 advisories

========================================================================
Table of Contents:

1.....................................................Word From...
 

Posted by InfoSec News on Dec 09

http://www.computerworld.com/s/article/9200642/Microsoft_slates_another_monster_Patch_Tuesday

By Gregg Keizer
Computerworld
December 9, 2010

Microsoft today said it will deliver a record 17 security updates next
week to patch 40 vulnerabilities in Windows, Internet Explorer (IE),
Office, SharePoint and Exchange.

Among the 40 patches will be two that address a pair of bugs that
hackers have already exploited.

"I really was not...
 

Posted by InfoSec News on Dec 09

http://www.wired.com/threatlevel/2010/12/easydns/

By Kim Zetter
Threat Level
Wired.com
December 9, 2010

A DNS provider that suffered backlash last week after it was wrongly
identified as supplying and then dropping DNS service to WikiLeaks has
decided to support the secret-spilling site, offering DNS service to two
domains distributing WikiLeaks content.

EasyDNS, a Canadian firm, was attacked last Friday after media outlets
mistakenly...
 

Posted by InfoSec News on Dec 09

http://www.bankinfosecurity.com/articles.php?art_id=3159

By Linda McGlasson
Managing Editor
Bank Info Security
December 9, 2010

A Missouri-based escrow company has sued its bank after losing $440,000
in a case of wire fraud.

The suit, filed on Nov. 23, alleges that Choice Escrow of Springfield,
Mo. was a crime victim because its bank, BankcorpSouth, didn't provide
"commercially reasonable security." Via malware, hackers stole...
 


Internet Storm Center Infocon Status