InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Linux Kernel 'net/' Subsystem 'af_packet.c' Local Information Disclosure Vulnerability
After months of anticipation, Facebook finally released its first app for the iPad.
Verizon Wireless will announce dual-persona software with partner VMware later this week, closely following AT&T in unveiling a way to separate mobile handsets into business and personal segments.
Facebook has acquired friend.ly, a start-up that created a Facebook app designed to help users pose questions to online friends.
Mozilla today said that income from its search partners, including rival browser maker Google, increased by 19% last year.
U.S. wireless carriers are making more products and services available to businesses to integrate and support their workers using wireless smartphones and tablets.
The 4GB worth of email stolen by the LulzSec hacking group from The Sun earlier this year are sitting on a server in China, according to "Sabu," the outfit's alleged leader.
Bcfg2 Remote Command Injection Vulnerability
The next of our critical controls for Cyber Security Awareness Month is log management/monitoring/analysis. This has been a interest/passion of mine for a long time. As Eric Cole (among others)is fond of saying in SEC401, prevention is ideal, but detection is a must. If you aren't logging as much as possible, how will you ever know when something bad happens?
As mentioned in a couple previous diaries this month, one of the keys for this control is that all of the log generating devices (routers, switches, firewalls, servers, workstations, ...) be synchronized, so NTP is your friend.
The third key is to collect the logs somewhere other than the device that generates them, our central log server. This server should be one of your most locked down, best protected servers in the enterprise. This way, even if the bad guys breach one of the servers and are able to modify the logs on the server to hide their tracks, there will still be the unmodified copy of the logs on the log server.
All of this does you no good if you aren't actually looking at the logs and this is where you need both some software to automate things and an experienced analyst. The software is going to be necessary because sheer volume can quickly overwhelm an analyst. This doesn't necessarily mean you need to spend a lot of money though. While the commercial SEIMpackages are good, you can accomplish a lot with a free software like awk and grep. In 1997, Marcus Ranum introduced the notion of artificial ignorance,the idea of using software to remove the known goodentries to let the analyst concentrate on the new/unusual stuff. For a number of years, Iused his nbs (never before seen)software on my home system (though Irecently tried to recompile it and ran into an issue that I haven't taken the time to track down yet). Just last week Isaw announcement of some new software, called LogTemplater, that implements a similar idea. I've just started looking at it, but it looks like it has some promise.
Once you've cut the logs down to a manageable volume, the analyst is also still crucial. Analysis is an area where Ipersonally think you are doing your enterprise a disservice by making this the job of the newbie. An analyst who knows the environment and has developed a feel for what is normal can much more quickly hone in on where the real problems are. On the other hand, if the newbie can work with an experienced analyst, this is a good way to quickly learn the environment.
There is no point in me repeating everything that is already at the SANScritical controls page linked below, so please check out the page linked below.
So, what do you use for your log analysis?}


Jim Clausing, GIAC GSE #26

jclausing --at-- isc [dot] sans (dot) edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Steve Jobs' was praised worldwide as a business visionary following his death last week. Analysts say Jobs' death also had immediate business impacts for both Apple products and those Android-based machines sold by rivals.
AT&T announced plans to offer a new service, called Toggle, that will securely run enterprise apps like email on any Android phone a worker chooses to buy.
Critics who last week lambasted Apple's new iPhone 4S as a lukewarm upgrade have been proved wrong by record first-day sales, analysts said today.
X.Org X11 Local Privilege Escalation Vulnerability and Memory Leak Vulnerability
PHP 'is_a()' Function Remote File Include Vulnerability
Linux Kernel kexec-tools Multiple Information Disclosure Vulnerabilities
While many free software advocates warn that the cloud could kill open source, because users won't have access to the source code, Sam Ramji disagrees. He says that work is going on now to eliminate the legal liabilities of contributing to open source.
First-day orders for the iPhone 4S hit 1 million on Friday, easily breaking the single-day record of 600,000 first-day sales for the iPhone 4 set last year, Apple announced today.
Google has launched a preview version of a new Web programming language, called Dart, which the company's engineers hope will address some of the shortcomings of the widely used JavaScript language.
Bassbug3 asked the Answer Line forum about removing icons, specifically those for no-longer-used programs, from the lower-right corner of his screen.
Virtualization is continuing to make inroads into the data center. Despite concerns around management and security, the savings from consolidating many servers or clients into a single piece of hardware are too compelling to resist.
Acer on Monday shipped its Aspire S3 ultrabook starting at $899, becoming the first to crack the $1,000 price barrier in Intel's new category of thin and light laptops.
An eavesdropping tool allegedly used by the German government to intercept Skype calls is full of security problems and may violate a ruling by the country's constitutional court, according to a European hacker club.
The Galaxy S Stratosphere smartphone goes on sale Thursday as the first device with a physical Qwerty keyboard to run on Verizon's Wireless 4G LTE network.
MyBB Compromised Source Packages Backdoor Vulnerability
3LM, the company founded by former Android developers and since acquired by Motorola, is making its enterprise security platform for Android phones available this week.
Research In Motion (RIM) has announced Tag, a feature that will allow users of some BlackBerry phones to share contact information, documents and multimedia content by tapping their BlackBerry smartphones together, the company said on Sunday.
USB is the all-time champion external I/O interconnect technology with 10 billion products carrying the port, but Intel's new Thunderbolt technology offers better performance and more power. Could it overtake the market someday?
India's top investigative agency, the Central Bureau of Investigation, said Monday that it has registered a case against former federal minister Dayanidhi Maran, in connection with ongoing investigations into alleged scams in the Ministry of Communications.
An electrical fire on Sunday at a data center of the New York Stock Exchange in Mahwah, New Jersey, affected communications connectivity to 58 trading firms, but the exchange expects "completely normal operations" for Monday's market open.
The OpenStack collaborative industry effort to build an open source cloud platform is to be applauded for the remarkable gains it has achieved in a short amount of time. Founded by Rackspace Hosting and NASA in July last year, the organization is now backed by 120 companies, including the likes of HP, Dell, Intel and Cisco, and has already issued four major code releases, the last of which, Diablo, just came out last month and has already been downloaded 50,000 times.
OpenStack developers have updated the project's open-source cloud software with a new graphical interface and a unified authentication-management system.
In a speech at the U.S. Chamber of Commerce offices, New York Mayor Michael Bloomberg said restrictive U.S. visa policies, like the cap on H-1B visas, are a form of 'national suicide.'
An Italian security researcher has disclosed details about several zero-day vulnerabilities in supervisory control and data acquisition products from several vendors.
The Pittsburgh Pirates baseball team has turned to predictive analytics to identify customer patterns and trends to help retain season ticket holders and attract new ones.
For technical types, details reveal truth, but for nontechnical folks, details cloud truth.
Enterprises are going to be hard-pressed to see improvements in Windows 8, namely the new Metro interface. In fact, they might skip the upgrade entirely. Insider (registration required)
If Windows 8 was just another step forward in the Windows family, it would be fine. But if you really look at Metro, you might see a scene from Microsoft's past -- a Vista-style train wreck. Insider (registration required)
The CIO isn't convinced about the value to be derived from investing in a security incident and event management tool. Time to think outside of the box.
Upon learning of the death of former Apple CEO Steve Jobs, longtime technologists of all stripes paused to reflect on his lasting impact on an industry that grew out of a garage. Insider (registration required)
Hewlett-Packard customers who are disconcerted by management shake-ups and product strategy shifts are hoping for a stable future with new CEO Meg Whitman, who last month replaced short-timer Leo Apotheker. Insider (registration required)
Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities

Posted by InfoSec News on Oct 10


By Bob Sullivan
Red Tape
October 9, 2011

A well-regarded Germany-based hacker group claims a German
government-created Trojan horse program is capable of secretly spying on
Web users without their consent.

The group says on its website that it obtained and analyzed a piece of
software that is supposed to be a...

Posted by InfoSec News on Oct 10


By Robert McMillan
IDG News Service
October 7, 2011

Prosecutors call it the biggest identity theft bust in U.S. history. On
Friday, 111 bank tellers, retail workers, waiters and alleged criminals
were charged with running a credit-card-stealing organization that stole
more than $13 million in less than a year-and-a-half.

"This is by far the largest --...

Posted by InfoSec News on Oct 10


By Dennis Fisher
October 7, 2011

BARCELONA -- As in life, reputations on the Internet take time to build
up. Attackers interested in making a quick buck aren't necessarily the
most patient lot, so as the various repuation systems on the Web have
gotten more sophisticated and accurate, the bad guys have had to adjust
their tactics...

Posted by InfoSec News on Oct 10


By Noah Shachtman
Danger Room
October 7, 2011

A computer virus has infected the cockpits of America’s Predator and
Reaper drones, logging pilots’ every keystroke as they remotely fly
missions over Afghanistan and other warzones.

The virus, first detected nearly two weeks ago by the military’s
Host-Based Security System, has not prevented pilots at Creech Air...

Posted by InfoSec News on Oct 10


By Julia Angwin
The Wall Street Journal
October 10, 2011

The U.S. government has obtained a controversial type of secret court
order to force Google Inc. and small Internet provider Sonic.net Inc. to
turn over information from the email accounts of WikiLeaks volunteer
Jacob Appelbaum, according to documents reviewed by The Wall Street

Seemingly endless coverage of his passing last week offered the public an opportunity to learn everything it could ever want to know about Steve Jobs, Including what would appear to be his favorite photograph ... of himself.
Internet Storm Center Infocon Status