InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Sprint Nextel is in negotiations to acquire the remainder of Clearwire, its 4G WiMax network partner, say news reports.
Nicira, the software-defined networking (SDN) startup that VMware purchased for $1.2 billion earlier this year, plans to release an SDN product that runs independent of the underlying hypervisor and hardware that will work in VMware environments and beyond.
Yahoo Mail has gotten a makeover intended to make it faster, streamline its interface and simplify its use.
Perl CGI.pm 'Set-Cookie' and 'P3P' Headers HTTP Header Injection Vulnerability
Perl CVE-2012-5195 Heap-Based Memory Corruption Vulnerability
bogofilter CVE-2012-5468 Heap Memory Corruption Vulnerability
Microsoft released seven security bulletins, addressing flaws in Internet Explorer, Word and Windows kernel-mode drivers.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
The website flaw was exposed by hackers who registered as employers and posted a fake job advertisement.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Microsoft on Tuesday said the Surface RT tablet will be available at more retailers later this month and at additional Microsoft stores that will grow beyond temporary holiday stores into permanent outlets.
[SECURITY] [DSA 2587-1] libcgi-pm-perl security update
Microsoft today patched a dozen vulnerabilities in Internet Explorer, Windows, Word and Exchange, fixing flaws in the new IE10 for the first time and crushing bugs in Windows 8 and Windows RT for the second month running.
The year 2012, according to Twitter, was about politics, lost celebrities, great sports moments and the people around the world tweeting all about it.
Cloud storage provider Carbonite released a mobile app for Android with a new Capture feature that lets a user remotely activate the phones camera to take a picture of the person using the device or its location.
WiLan, a Canadian patent licensing firm, has filed a round of new patent infringement lawsuits against Research in Motion, Apple, HTC and Sierra Wireless.
Broadcom Tuesday unveiled a single chip that combines Near Field Communication technology with Wi-Fi, Bluetooth and FM radio.
Microsoft's December Patch Tuesday has something critical for everyone from Windows XP SP3 up to WIndows RT and from Word to Exchange server. The company has published seven security bulletins in total

Critical flaws can be exploited by attackers to take complete control of a victim's machine, the software giant said in an advisory.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Preventing data loss incidents involves sound policy, knowledge of the threat landscape and constant vigilance over your DLP system, experts say.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Computerworld India

Stupid Users, or Stupid Infosec?
Computerworld India
19 column, "Can Infosec Cure Stupid?", had me scratching my head. Unusually for him, May's underlying assumptions are flawed. He argues that end users are generally stupid, his evidence being that they don't understand how the devices they use work ...

and more »
Adobe Flash Player and AIR CVE-2012-5677 Remote Integer Overflow Vulnerability
HP Data Protector Express Local Privilege Escalation Vulnerability
[SECURITY] [DSA 2586-1] perl security update
During Hurricane Sandy this fall, The Weather Channel experienced its highest traffic ever. Normally the media company -- which spans television, desktop and mobile platforms -- supports about 90 million Web and mobile users a month. During Sandy, that jumped to 450 million -- nearly double the company's previous high for Web traffic.
Some of SAP's software products are now certified for use with Oracle's Database Appliance, which is essentially a streamlined version of its Exadata machine aimed at small and medium-size businesses.
[SECURITY] [DSA 2585-1] bogofilter security update
Information disclosure (mouse tracking) vulnerability in Microsoft Internet Explorer versions 6-10

Overview of the December 2012 Microsoft patches and their status.



Contra Indications - KB

Known Exploits

Microsoft rating(**)

ISC rating(*)




Internet Explorer Cumulative Patch

(Replaces MS12-063 MS12-071 )

Internet Explorer 9/10




KB 2761465



Exploitability: 1




Windows Kernel Mode Drivers Remote Execution

(Replaces MS12-032 MS12-075 )

Kernel mode drivers



KB 2783534



Exploitability: 1




Microsoft Word RTF Data Remote Code Execution

(Replaces MS12-064 )



KB 2780642



Exploitability: 1




Windows Exchange Server Remote Code Execution

(Replaces MS12-058 )

Exchange Server




KB 2784126



Exploitability: 1




Windows File Handling Remote Code Execution

(Replaces MS07-035 MS11-063 )



KB 2758857



Exploitability: 1




DirectPlay Remote Code Execution



KB 2770660



Exploitability: 1




IP-HTTPS Security Feature Bypass

Direct Access


KB 2765809



Exploitability: 1



We will update issues on this page for about a week or so as they evolve.

We appreciate updates

US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:

PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.

Critical: Anything that needs little to become interesting for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.

Important: Things where more testing and other measures can help.

Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.

The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.

The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.

Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.

All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them.

(**): The exploitability rating we show is the worst of them all due to the too large number of ratings Microsoft assigns to some of the patches.


Post suggestions or comments in the section below or send us any questions or comments in the contact form


John Bambenek

bambenek /at/ gmail.com

Bambenek Consulting
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.


John Bambenek

bambenek \at\ gmail /dot/ com

Bambenek Consulting
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Adobe Flash Player and AIR CVE-2012-5676 Remote Buffer Overflow Vulnerability
Oracle Outside In Technology CVE-2012-3217 Local Security Vulnerability
Oracle Outside In Technology CVE-2012-3214 Local Security Vulnerability
The SkyDrive UI on the Xbox offers cross-platform access to apps, photos and videos. Microsoft also plans to deliver more than 40 new apps by next spring.
Researchers from Israel-based IT security firm Seculert have uncovered a custom-made piece of malware that infected hundreds of point-of-sale (PoS) systems from businesses in 40 countries in the past few months and stole the data of tens of thousands of payment cards.
The battle between Twitter and Instagram took another turn late Monday when the social network unveiled its own photo tool.
Path Traversal Vulnerability on Secure Transport versions 5.1 SP2 and earlier
Amid speculation that Microsoft will soon expand distribution of its Surface RT, giant e-tailer Amazon continues to offer the tablet through partners, who jack up the price or post inflated list prices to claim large savings.
Microsoft Tuesday began delivering an update to Windows Phone 8 smartphones that provides unspecified "performance enhancements" that some customers say include an OS fix for random reboots and Wi-Fi enhancements.
[security bulletin] HPSBOV02834 SSRT101055 rev.1 - HP OpenVMS LOGIN or ACMELOGIN, Remote or Local Denial of Service (DoS)
Chinese handset maker ZTE, known for its budget smartphones, will unveil a new high-end device at the Consumer Electronics Show in Las Vegas next month, marking a change of direction for the company.
Russia, China and other countries withdrew a proposal at the World Conference on International Telecommunications that according to some accounts aimed to bring the Internet under the control of the International Telecommunication Union.
A woman ordered to pay $222,000 for pirating 24 copyrighted songs has taken her fight against the Recording Industry Association of America to the U.S. Supreme Court.
Three of Japan's tech giants will work together to increase data transmission speeds over optical fiber, aiming for 400Gbps per channel by 2014.
Techniques for using SharePoint 2010 to its maximum benefit.
SharePoint 2010 can be a great collaboration tool. Here's what you need to know to find your way around.
Red Hat Certificate System Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
Qt 'XmlHttpRequest' Object Insecure Redirection Information Disclosure Vulnerability
During the next eight years, the amount of digital data produced will exceed 40 zettabytes -- the equivalent of 5,200 GB of data for every man, woman and child on Earth, according to an updated Digital Universe study released today.

Posted by InfoSec News on Dec 10


By William Jackson
Dec 07, 2012

Research In Motion’s long-awaited new mobile OS, the BlackBerry 10,
contains a blacklist of 106 verboten passwords that users will not be
able to use to secure access to their devices, researchers have found.

The new OS is expected to be released Jan. 30 and is part of a major
effort by RIM to regain...

Posted by InfoSec News on Dec 10


December 11, 2012

The private details of thousands of staff and students at the Australian
Defence Force Academy (ADFA) have been hacked and released online.

The details include the name, rank, birth dates and passwords of up to
20,000 people.

A member of the infamous Anonymous group, known as Darwinaire, is
claiming responsibility for the theft.

An online blog for hackers...

Posted by InfoSec News on Dec 10


By Lucian Constantin
10 December 2012

Security researchers have identified a botnet controlled by its creators
over the Tor anonymity network. It's likely that other botnet operators
will adopt this approach, according to the team from vulnerability
assessment and penetration testing firm Rapid7.

The botnet is called Skynet and can be used...
Internet Storm Center Infocon Status