Hackin9

InfoSec News

Polaroid finds the whole concept of a "camera-phone" a bit insulting. So it is launching a phone-camera, an Android-driven Smart Camera that is mainly for taking pictures, but can also make the occasional phone call.
 
Steve Ballmer gave Microsoft's last keynote at CES Monday night, a damp squib that confirmed for some that the software maker has outstayed its welcome. But whether its departure is the beginning of the end for the show depends on whom you ask.
 
Intel on Tuesday announced its first smartphone customers, signaling the arrival of Intel Inside smartphones after years of uphill struggle by the chip maker.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Google Executive Chairman Eric Schmidt told an audience at CES that the future of technology revolves around connecting all of the electronic devices in our lives.
 
Kopin engineers demonstrated at CES a headset computer called the Golden-i for use in public safety and other field workforce applications.
 
Sony plans later this year to launch a small device it is calling the SmartWatch, which links to Android phones via Bluetooth and runs a suite of custom mini-apps.
 
OpFreePalestine which was announced a few weeks ago has taken another step towards websites based in and about Israeli. The attacks have been announced on the @_AnonymouSTL_ twitter account and can be found on pastebin.


 
A hacker named ExPl0^It leaked a site which caused a exposure to the whole database itself, site was not secure enough


 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Dell on Tuesday announced its first ultrabook, the XPS 13, making some noise amid a smaller presence at the Consumer Electronics Show in Las Vegas compared to previous years.
 

Email leakage exposed

by ProtocoL

Today I came across with another hotmail/email leakage with over 700 accounts with hashed passwords http://pastebin.com/cC0uVQht     Tweet


 
Just another smaller website that has been exposed for having weak security that SQLi programs can easy take advantage of. The website www.futureexpert.co.uk which is a self claimed “Foreign educational, Immigration Advisor’s & English Language Institute” was hacked by “Flame/FlameCoding l33ts.org/leetcoding”. The dump contains personal information and once again clear text passwords. Leak: http://pastebin.com/RRwnSeEr Tweet


 
A leak targetting firsteschool.com has been leaked and the database exposed, by Adolus Team leaving them a message ” ADOLUS TEAM WE REPRESENT THE NEW WORLD “ http://pastebin.com/KWGYyt6z Tweet


 
D35M0ND142 has been quiet this year until the past few days with a couple of dumping, most of them are minor except one which attacks a well known Islamic website, islaam.net


 
hitAppoint 'username' Parameter SQL Injection Vulnerability
 
Pulse Pro Multiple Cross Site Scripting Vulnerabilities
 
A perfect storm of growth in enterprise mobility, video consumption and cloud infrastructure will come together just in time for a major refresh cycle in 2012, driving worldwide enterprise network revenues to $39.4 billion by the end of the year, IDC predicts.
 
Just another smaller website that has beenhacked and proven to have weak security as it was attacked with a sqli tool. The website bklighting.com was hacked by a hacker gong with the handle MoDzHD1 and once again dumped on pastebin abut 20hrs ago. The leak contains emails, passwords and other personal information. All passwords are in clear text. leak: http://pastebin.com/40VeTUu1 [...]


 
ExPl0^it defaces 4 site for #NDAA and a support of #Anonymous “ Freedom is all we want. Nothing Else. Security is an Illusion, right? Until the NDAA goes out, we won’t stop, we will never stop, our main goal is to keep civilians under peace and be free, we demand for FEMA camps to be shut [...]


 
Microsoft?s January 2012 Patch Tuesday included one critical security bulletin, addressing dangerous Windows Media errors that could be exploited remotely to gain access to a victim?s computer.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
The January 2012 update includes repairs to Adobe Reader X and a new feature giving administrators the ability to whitelist JavaScript execution.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

US China Commission Emails Hacked
Dark Reading
But the Lords of Dharmaraja also shared source code associated with the 2006 version of the antivirus product with Infosec Island. Sophos' Wisniewski says some of the Indian hacker group's claims seem questionable, but they do have source code. ...

and more »
 
Mozilla is advancing its plans to release a version of Firefox tailored for organizations whose IT departments manage it for their employees from a central console.
 
Multiple Digital Satellite TV Platforms Multiple Unspecified Vulnerabilities
 
The National Institute of Standards and Technology (NIST) needs American innovators and entrepreneurs to help solve technological problems and develop NIST technologies into marketable products. The NIST Small Business Innovation ...
 
Sales and traffic from mobile devices to online retailers during the holidays doubled over 2012 with Apple iPhone and iPad users leading the charge, according to research from IBM.
 
[SECURITY] [DSA 2385-1] pdns security update
 
The National Institute of Standards and Technology (NIST) is conducting the 21st annual Text Retrieval Conference (TREC), the premier experimental effort in the field, to encourage research in information retrieval and related ...
 
Microsoft today shipped seven security updates that patched eight vulnerabilities in Windows and a code library used to protect Web applications from cross-site scripting attacks.
 
Infor CEO Charles Phillips mostly kept out of the limelight after landing the job in October 2010, following a high-profile stint as co-president of Oracle.
 
Attendees at Consumer Electronics Show in Las Vegas this week are seeing the tablet market splitting in multiple directions as the price and performance battle intensifies.
 
With the newest update of its machine-data search engine, Splunk has expanded the user interface in a number of ways so it can be more easily used by business analysts as well as system administrators.
 
Qualcomm wants a piece of the PC market with its upcoming Snapdragon S4 chips as the company looks to jump out of its traditional stronghold market of smartphones and tablets, CEO Paul Jacobs said on Tuesday.
 
RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
 
RETIRED: Adobe Acrobat and Reader APSB12-01 Advance Multiple Remote Vulnerabilities
 
ZDI-12-011 : Novell Netware XNFS caller_name xdrDecodeString Remote Code Execution Vulnerability
 
ZDI-12-010 : Citrix Provisioning Services Stream Service 0x40020006 Remote Code Execution Vulnerability
 
ZDI-12-009 : Citrix Provisioning Services Stream Service 0x40020000 Remote Code Execution Vulnerability
 
ZDI-12-008 : Citrix Provisioning Services streamprocess.exe vDisk Name Parsing Remote Code Execution Vulnerability
 
30 Days With the Cloud: Day 22
 
Microsoft DirectX DirectShow Filters Remote Code Execution Vulnerability
 
Adobe Acrobat and Reader (CVE-2011-4369) Memory Corruption Vulnerability
 
Adobe has released 1 bulletin today.
This updates Adobe products to the following versions:

Adobe Reader and Acrobat

10.1.1 and previous






#
Affected
Known Exploits
Adobe rating




APSB12-01
Multiple vulnerabilities in the adobe reader and adobe acrobat software allow privilege escalation (windows only)or random code execution.


Reader Acrobat



CVE-2011-2462

CVE-2011-4369

CVE-2011-4370

CVE-2011-4371

CVE-2011-4372

CVE-2011-4373
Could allow for remote code execution. Update to 10.1.2 or 9.5.
Critical



APSB11-30 and APSA11-04 were also updated.
Next scheduled Adobe security update is 10 April 2012.
Cheers,

Adrien de Beaupr

intru-shun.ca (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A growing trend in the disaster recovery arena for cloud providers is the use of load-balanced data centers instead of hot-cold data centers. Companies are deploying private clouds that are load balanced between their datacenters to take care of disaster needs. If one datacenter suffered from a disaster, the other datacenter would be operating even though it is at reduced capacity.
 
Government officials worldwide should stop fighting against the use of social media and embrace conversations with their citizens, except in the case of terrorist groups, a U.S. Department of State official said Tuesday.
 
The annual Consumer Electronics Show event is always a fun place to learn about the latest new gadgets coming down the pike, but--aside from Google's ubiquitous Android platform--Linux has not typically played a starring role.
 
Apple will sell an estimated $19 billion in Macs and iPads to enterprises in 2012, a 58% jump over the year before, a research analyst said today.
 
Ever wish you had someone to help visitors find their way through your business? Well, iRobot may be developing the robotic guide for you.
 
Overview of the January 2012 Microsoft patches and their status.



#
Affected
Contra Indications - KB
Known Exploits
Microsoft rating(**)
ISC rating(*)


clients
servers





MS12-001
Vulnerability in Windows Kernel Could Allow Security Feature Bypass


Windows kernel

CVE-2012-0001
KB 2644615
This is a security bypass vulnerability. Exploit code likely. No known exploits.
Severity:Important

Exploitability: 1
Important
Important



MS12-002
Vulnerability in Windows Object Packager Could Allow Remote Code Execution


Windows Object Packager

CVE-2012-0009
KB 2603381
Exploit code likely. No known exploits.
Severity:Important

Exploitability: 1
Critical
Important



MS12-003
CSRSS Elevation of Privilege Vulnerability

(Replaces MS11-063)


Run-Time Subsystem

CVE-2012-0005
KB 2646524
Elevation of Privilege. No known exploits. Chinese, Japanese, or Korean system locale only.
Severity:Important

Exploitability: 3,1
Important
Important



MS12-004
Vulnerabilities in Windows Media Could Allow Remote Code Execution

(Replaces MS10-033)


Media player

CVE-2012-0003
KB 2636391
Exploit code likely. No known exploits.
Severity:Critical

Exploitability: 1,1
PATCH NOW!
Critical



MS12-005
Vulnerability in Microsoft Windows Could Allow Remote Code Execution


Windows packager

CVE-2012-0013
KB 2584146
No known exploits. Exploit code likely.
Severity:Important

Exploitability: 1,1
PATCH NOW!
Critical



MS12-006
Vulnerability in SSL/TLS Could Allow Information Disclosure

(Replaces MS10-049)

(Replaces MS10-085)

(Replaces MS10-095)


Internet Explorer

CVE-2011-3389
KB 2643584
Publically disclosed. Information disclosure.
Severity:Important

Exploitability: 3,3
Important
Important



MS12-007
Vulnerability in AntiXSS Library Could Allow Information Disclosure


Internet Explorer

CVE-2012-0007
KB 2607664
Information disclosure.
Severity:Important

Exploitability: 3,3
Important
Important





We will update issues on this page for about a week or so as they evolve.

We appreciate updates

US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:

PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
Critical: Anything that needs little to become interesting for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
Important: Things where more testing and other measures can help.
Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.


The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.
Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.
All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them.

(**): The exploitability rating we show is the worst of them all due to the too large number of ratings Microsoft assigns to some of the patches.

Cheers,

Adrien de Beaupr

intru-shun.ca (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
There are smartphones and smart TVs. Now there are smart eyeglasses.
 
France's antitrust regulator has declined Hewlett Packard's request for an injunction ordering Oracle to continue supporting its database on HP's Itanium server platform. HP's request that Oracle be ordered to align pricing for its database on Itanium servers with that of versions for other server architectures was similarly rejected by the Autorité de la Concurrence.
 
Exploit code for a recently patched denial-of-service (DoS) vulnerability that affects Microsoft's ASP.NET Web development platform has been published online, therefore increasing the risk of potential attacks.
 
The Samsung Galaxy Note, with the world's largest smartphone screen at 5.3-in, doesn't really feel all that big at all.
 
Apple CEO Tim Cook's total compensation package jumped six-fold last year after he was took the reins of the Cupertino, Calif. company, according to documents filed Monday with the SEC.
 
A busy year ends even busier as our manager works with the outside SOX auditors and tackles security reviews for several projects.
 
CommVault plans to announce an upgrade to its flagship Simpana software in the next several weeks that will allow backed-up data to be archived while still leaving end users will an easy way to retrieve that data.
 
Its Hacker Cup celebrates creative computer talent instead of rewarding the destroyers.
 
A new petition on Change.org, whose previous petitions have brought about policy reversals at Bank of America and Verizon regarding proposed new fees, is urging gaming powerhouse Electronic Arts to oppose the Stop Online Piracy Act.
 
[ MDVSA-2012:003 ] apache
 
Anonymous has struck the websites of two anti-piracy organizations, a day after Finnish ISP Elisa blocked access to The Pirate Bay search engine in response to an injunction requested by one of the organizations.
 
Google will start rolling out on Tuesday a tight integration between its search engine and two of its social media sites: Google+ and Picasa Web, in the company's latest move to deepen its social search capabilities.
 
Visa has added smartphones from Samsung Electronics, Research In Motion and LG Electronics to the list of devices it has certified to work with the 185,000 NFC-based payWave payment terminals in Europe.
 
p0f3 release candidate
 
Re: Simple Mail Server - SMTP Authentication Bypass Vulnerability
 
Oracle has partnered with Cloudera to bring Apache Hadoop to its Oracle Big Data Appliance, which the company officially released Tuesday.
 
The company is under fire for modularization, licensing, and security issues
 
Microsoft has filed lawsuits against two Chinese electronics retail chains for allegedly allowing computers installed with pirated Windows and Office products to be sold at their stores.
 
Corning is shipping samples of an updated version of its popular Gorilla Glass product, that will allow screens to be 20% thinner at the same strength.
 
Hewlett-Packard on Monday announced the Envy 14 Spectre ultrabook, which the PC maker is trying to distinguish from competition with fresh features such as NFC and wireless audio.
 

BCW

2012 Will Be Rife With Cybercrime Tricks
BCW
He has given talks at RSA, InfoSec Europe and SecTor, and has been thanked by Google for his contributions to responsible disclosure. Chris has been credited for finding the first instance of a rogue Web browser installing without permission, ...

and more »
 
AT&T dropped its $39 billion bid to buy T-Mobile USA in December, but the company demonstrated that it is still running on all cylinders with announcements at CES of new smartphones, a tablet and new tools for mobile app developers.
 
At the Consumer Electronics Show in Las Vegas this week Cisco unveiled extensions to its Internet TV platform and strategy that enable "video in the cloud" services.
 
Microsoft's motion-sensing Kinect technology will be available for Windows PCs in a few weeks and is destined for a lot more than just gaming, CEO Steve Ballmer said at the Consumer Electronic Show in Las Vegas Monday.
 

Posted by InfoSec News on Jan 09

http://www.bloomberg.com/news/2012-01-10/sec-push-may-yield-new-disclosures-of-cyber-attacks-on-companies.html

By Michael Riley
Bloomberg
Jan 9, 2012

China-based hackers rifled the computers of DuPont Co. (DD) at least
twice in 2009 and 2010, hunting the technological secrets that made the
company one of the world’s most successful chemical makers.

It’s not something investors would have learned from DuPont’s regulatory
filings, or...
 

Posted by InfoSec News on Jan 09

http://www.informationweek.com/news/healthcare/security-privacy/232301516

By Nicole Lewis
InformationWeek
January 09, 2012

According to experts in healthcare law and information privacy and
security, healthcare IT managers can expect to see more patient data
breaches in 2012, along with more lawsuits filed by patients as the
availability of patient information exchanged over social media sites
and mobile devices grows.

These conclusions,...
 

Posted by InfoSec News on Jan 09

http://www.eweek.com/c/a/Security/Israel-Likens-Credit-Card-Breach-to-Terrorist-Act-707325/

By Fahmida Y. Rashid
eWEEK.com
2012-01-09

Israeli officials are investigating the recent cyber-attack that
resulted in the theft of thousands of credit card numbers. At least one
Israeli government official has promised to retaliate against the
perpetrators of that attack that he described as "comparable to a
terrorist operation."

Israeli...
 

Posted by InfoSec News on Jan 09

http://www.theregister.co.uk/2012/01/09/smart_meter_privacy_oops/

By John Leyden
The Register
9th January 2012

White-hat hackers have exposed the privacy shortcomings of smart meter
technology.

The researchers said German firm Discovergy apparently allowed
information gathered by its smart meters to travel over an insecure link
to its servers. The information – which could be intercepted –
apparently could be interpreted to reveal not...
 

Posted by InfoSec News on Jan 09

http://gcn.com/articles/2012/01/09/nist-scap-automated-security-management.aspx

By William Jackson
GCN.com
Jan 09, 2012

The National Institute of Standards and Technology is updating
guidelines for using the Security Content Automation Protocol (SCAP) for
checking and validating security settings on IT systems.

SCAP is a NIST specification for expressing and manipulating security
data in standardized ways, including implementing security...
 
United beauty hacked and 5000+ accounts dumped by @p0keu


 

The new wave of teaching infosec
SC Magazine Australia
By Dan Kaplan on Jan 10, 2012 3:54 PM When Alex Levinson graduated near the top of his class in January 2009 from Heald College in San Francisco, carrying an associate's degree in computer networking with a concentration in information security, ...

 
Internet Storm Center Infocon Status