InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Facebook is close to reaching a deal with the Federal Trade Commission over charges that the social network engaged in "deceptive behavior" when changing its privacy settings, according to a report.
Legislation in the U.S. Congress that would allow federal law enforcement officials to block websites accused of copyright piracy is necessary because of the vast number of foreign sites trading in infringing music and movies and counterfeit products, two supporters of the bills said.
Growing enterprise interest in Hadoop and related technologies is driving demand for professionals with big data skills.
More than three times as many shoppers for tablet computers are considering the $199 Amazon Kindle Fire over the bestselling iPad, according to a new survey.
DataDirect Network's new SFA12K series storage array represents a new high-water mark for networked storage performance with the ability to scale to 6.7 petabytes in two racks and offer up to 40GB/sec performance.

eCrime Symposium wrap: Satisfaction tinged with frustration
CSO Magazine
But in the full spectrum of infosec concerns LulzSec and Anonymous are little more than amusing nuisances. And the rest of it adds up to saying, "Well, if I'm not Lockheed Martin or News of the World then I'll be right." Which of course isn't true. ...

and more »
The space agency announced Thursday that the Mars Science Laboratory, its most advanced mobile robot yet, is set to lift off Nov. 25.
Companies need to educate developers, leverage asset inventories and vet cloud providers, panelists advise.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
With operations disrupted at more than a dozen hard disk drive (HDD) factories due to flooding in Thailand, PC manufacturers should prepare for significant supply shortages, market research firm IDC said.
Apple today released iOS 5.0.1, the anticipated update designed to fix multiple unspecified bugs that drained the iPhone's battery much faster than expected.
An Infosys Technologies employee, who alleged that the Indian offshore outsourcing company wrongly used visitor visas in its work, won a federal court decision that will allow him to bring his case to a jury.

Rob VandenBrink
Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Keep up with the latest tablet news and reviews with Computerworld's complete coverage.

Rob VandenBrink
Metafore (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View and compare mobile phone models by size, weight, OS, carrier, screen and more.
iCloud can be a ray of sunshine for iOS device owners looking to keep their documents synced between multiple devices and computers. Apple's own iWork suite, unsurprisingly, already offers deep iCloud integration for keeping your Pages, Numbers, and Keynote documents in sync between devices. At this writing, however, only Apple's iOS iWork apps support iCloud; it's not yet possible to sync your documents directly with the Mac versions of the apps unless you use workarounds.
ARM on Thursday said that co-founder and President Tudor Brown will retire in May next year after helping turn the firm into a dominant mobile processor company.
The U.S. Senate has voted against a Republican measure that would have overturned net neutrality rules passed by the U.S. Federal Communications Commission last December.
The European Commission is preparing a major reform of the E.U. Data Protection Directive, which will focus on how foreign companies handle European consumer data.
A collection of articles to help you understand the mobile threat and plan your security program accordingly. Insider (registration required)
Research In Motion will continue to use Adobe Flash Player, at least for the BlackBerry PlayBook tablet, even after Adobe announced it will discontinue Flash for the mobile Web.
Softer-than-usual sales numbers last month by several of Apple's component suppliers has one analyst puzzled and worried at the same time.
[security bulletin] HPSBMA02659 SSRT100440 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
[security bulletin] HPSBMU02708 SSRT100633 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)
Amazon appears to have quietly acquired Yap Inc., a speech recognition start-up company, fueling speculation that the online giant is getting ready to produce a voice command service such as Apple's Siri or Google's Voice Actions for Android.
Re: foofus.net security advisory - Lexmark Multifunction Printer Information Leakage
Major technology companies, including Amazon, Apple, and Google, are lining up alongside smaller service providers to help consumers store and stream their music collections online. Whether you want to listen on your PC, your tablet, or your smartphone, you can find a number of online services that cater to your particular needs.
Re: Local file inclusion in VtigerCRM
[SECURITY] [DSA 2342-1] iceape security update
The lab credited with discovering the Duqu malware has built an open-source toolkit that administrators can use to see whether their networks are infected.
This is the second story in this Stuff I Learned Scripting series. As I write scripts, I tend to stumble over commands or methods that I didn't know even existed before, and I thought I'd share these with our readers as they come up. Since I'm finding some of these commands for the first time, I invite you to post any more elegant or correct methods in our comment form.
If you're like me, you have a generally good feeling when you see config files set up as XML, it's an open standard with loads of tools to parse it out.
However ... I was recently tasked with parsing variables out of an XML file, using *only* what is available in Windows. This turned out to be trickier than I thought - XML is a tad more complex than your tradional variable=value windows INI file (or registry key for that matter). This is one of the reasons I've been (subconsciously Ithink) avoiding writing automation scripts against XML.
On the face of it, it might look easy - for instance:

some variable value /some variable
is easy to get with the find command. But the same construct could just as easily be represented as:

some variable


/some variable
which is *not* so easy to pull out using the find command in Windows.
Also, XMLis heirachal, so:





is different altogether from:





At that point, I took a deep breath and decided it was time to dive into Powershell. Powershell has everything needed to parse and write XML out of the box, and it fills the requirement that it's actually on every box (well, every new Windows box anyway). There's a ton of sites out there that will explain how to do complex XML gymnastics, but in security audits generally all that is needed is a simple read of specific target variables. For instance, if you are auditing a VMware vCenter configuration against the VMware Hardening Guide, you should be looking at variables in the vpxd.cfg file, which is formatted in XML. One of the variables you'll want to look at is enableHttpDatastoreAccess, which if enabled allows you to browse your ESX/ESXi datastores with a web browser (and appropriate credentials of course). The Hardening Guide recommends that this is turned off in some circumstances (their term is SSLF - Specialized Security Limited Functionality), so during an audit this value should at least be noted. In the config file, this value is represented as:


... other config variables and constructs ...




You can do this in 2 lines in powershell (though they may wrap on your display, depending on your screen resolution), with something like:

[xml]$vpxdvars = Get-Content ./vpxd.cfg

reads in an entire xml-formatted file into a Powershell variable vpxdvars

write-Host $vpxdvars.config.enableHttpDatastoreAccess
you can see in this example that the heirarchal format of the xml file is done by dot-separation. In this example we simply print (using write-Host) the target variable - represented as config.enableHttpDatastoreAccess from the XML file

But how do you stuff this into a CMD file in windows? Simple - use the powershell -Command option, and string the Powershell commands together with semicolons. The line shown here will run from the command line or (more usefully) from within a CMD File:

powershell -Command [xml]$vpxd = Get-Content ./vpxd.cfg write-Host $vpxd.config.enableHttpDatastoreAccess

And yes, I know, I know, this probably has existed in Linux forever, but in most enterprises, Windows scripts tend to be preferred (he said as he looks hastily up for thunderclouds and lightning bolts). Having said that (and survived, so far anyway), I tend to use xpath in Linux if I need something simple in a bash script. It comes as part of the Perl Library XML::XPath, and is preinstalled on most major distributions (if you install perl). For instance, the query above might be represented as (command output is also shown):

# xpath -e '/config/enableHttpDatastoreAccess' ./vpxd.cfg

Found 1 nodes in ./test.xml:

-- NODE --



To get just the value, we'll use the q (for quiet) option, which filters out the Found and NODE lines, leaving only the path. Then we'll filter out the path by using grep to ignore anything with a in it:

# xpath -q -e '/config/enableHttpDatastoreAccess' ./vpxd.cfg | grep -v ''

And yes, you could do this simple example query in SED (though every time I think I have it right I find a case where it also breaks), GREP and AWK are also tools you can use XMLparsing, with a similar caveat. But xpath commands are but much easier and much more readable - and readable scripts are REALLY important if you are planning to give them to a client, especially if they're not a SED / AWK / GREP / scripting guru. If you expect someone else to read your script, complex is NOTbetter. So you'll tend to see understandable, simple scripts in this series.,

For more complex XML operations and results, a more complex tool is usually required - if you need true XML gymnastics, it might be time to write a more complex program in Perl, Powershell or Python (or your favourite language that supports XML, it doesn't necessarily need to start with a P).

As always, I'm sure that there are true XML and Powershell experts out there (I'm not an expert at either) - if there's a better / simpler way to get this done than the one method I've described, please share on our comment form !!

If this particular example (and the certificate example I used on Monday) are of particular interest to you, they are both from the Security Class SANS SEC579 - Virtualization and Private Cloud Security ( http://www.sans.org/security-training/virtualization-private-cloud-security-1651-mid ), which will be offered first in January. (shameless plug - I'm a co-author for that course)

Rob VandenBrink

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The Mali-T658 graphics processor announced by ARM on Wednesday can be equipped with up to eight cores to help it deliver ten times the graphics performance of the company's existing GPU.
The botnet takedown announced Wednesday by the U.S. Department of Justice was the biggest in history, according to a security company.
Microsoft, Siemens and AT&T are just a few of the corporations discovering the value of veterans' tech training, global perspective and surprising arsenal of soft skills.
User experience and UI nuances pose the biggest challenge to tap into gesture-savvy iOS, Android, and Windows 8

Posted by InfoSec News on Nov 10


By Paul Roberts
November 8, 2011

Computershare, the investor services firm, has filed suit against a
former employee it charges with making off with thousands of pages of
proprietary company documents, including information on shareholder
names, account numbers and financial holdings.

The company...

Posted by InfoSec News on Nov 10


The Japan Times Online
Nov. 9, 2011

TAIPEI -- Computer networks of the Diet and Japan's largest defense
contractor have been attacked by alleged Chinese hackers, but Japan is
not the only target in the region.

Taiwan has long been a key target of such attacks, especially from
China. The attacks began in 1999 after then President Lee Teng-hui upset
Beijing by saying negotiations...

Posted by InfoSec News on Nov 10


By Kevin Fogarty
November 08, 2011

In its unending effort to find more technologically innovative ways to
accomplish things most of the government agencies that are its clients
can't do at all, DARPA called a conference this week to ask for help
security military and government networks against hackers.

Who did it...

Posted by InfoSec News on Nov 10


By Tim Wilson
Dark Reading
Nov 09, 2011

The access codes and secret keys of thousands of public cloud services
users can be easily found with a simple Google code search, a team of
security researchers says.

Researchers at Stach & Liu, a security consulting firm that develops

Posted by InfoSec News on Nov 10


The Smoking Gun
November 8, 2011

A Minnesota woman today pleaded guilty to hacking into the e-mail
account of a former Playboy Playmate and swiping racy photos of baseball
star Grady Sizemore, images that later were widely distributed online.

Leah Ayers, 20, copped this morning to a misdemeanor count of
unauthorized computer access during a District Court hearing in...

Posted by InfoSec News on Nov 10


By David Heath
09 November 2011

In April this year, a vulnerability was discovered in a commonly used
critical infrastructure Web Access product. Exploitable code was also
made available. The manufacturer has announced that no patch will be

According to ISC-CERT, advisory ICSA-11-094-02A spells out...

Posted by InfoSec News on Nov 10


By Kevin McCaney
Nov 09, 2011

Federal authorities have confirmed an assertion by security researchers
earlier this year that Stuxnet-like malware poses a potential threat to
controls at prisons and penitentiaries across the country.

The researchers made their claim in a white paper published July 31, in
which they say that the programmable logic...

Posted by InfoSec News on Nov 10


By Patricia Hurtado and Michael Riley
November 09, 2011

The U.S. charged seven people with a “massive” computer intrusion scheme
that used malicious software to manipulate online advertising, diverted
users to rogue servers and infected more than 4 million computers in
more than 100 countries.

One Russian and six...
Internet Storm Center Infocon Status