Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Sprint Nextel is in negotiations to acquire the remainder of Clearwire, its 4G WiMax network partner, say news reports.
 
Nicira, the software-defined networking (SDN) startup that VMware purchased for $1.2 billion earlier this year, plans to release an SDN product that runs independent of the underlying hypervisor and hardware that will work in VMware environments and beyond.
 
Yahoo Mail has gotten a makeover intended to make it faster, streamline its interface and simplify its use.
 
Perl CGI.pm 'Set-Cookie' and 'P3P' Headers HTTP Header Injection Vulnerability
 
Perl CVE-2012-5195 Heap-Based Memory Corruption Vulnerability
 
bogofilter CVE-2012-5468 Heap Memory Corruption Vulnerability
 
Microsoft released seven security bulletins, addressing flaws in Internet Explorer, Word and Windows kernel-mode drivers.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
The website flaw was exposed by hackers who registered as employers and posted a fake job advertisement.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Microsoft on Tuesday said the Surface RT tablet will be available at more retailers later this month and at additional Microsoft stores that will grow beyond temporary holiday stores into permanent outlets.
 
[SECURITY] [DSA 2587-1] libcgi-pm-perl security update
 
Microsoft today patched a dozen vulnerabilities in Internet Explorer, Windows, Word and Exchange, fixing flaws in the new IE10 for the first time and crushing bugs in Windows 8 and Windows RT for the second month running.
 
The year 2012, according to Twitter, was about politics, lost celebrities, great sports moments and the people around the world tweeting all about it.
 
Cloud storage provider Carbonite released a mobile app for Android with a new Capture feature that lets a user remotely activate the phones camera to take a picture of the person using the device or its location.
 
WiLan, a Canadian patent licensing firm, has filed a round of new patent infringement lawsuits against Research in Motion, Apple, HTC and Sierra Wireless.
 
Broadcom Tuesday unveiled a single chip that combines Near Field Communication technology with Wi-Fi, Bluetooth and FM radio.
 
Microsoft's December Patch Tuesday has something critical for everyone from Windows XP SP3 up to WIndows RT and from Word to Exchange server. The company has published seven security bulletins in total


 
Critical flaws can be exploited by attackers to take complete control of a victim's machine, the software giant said in an advisory.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Preventing data loss incidents involves sound policy, knowledge of the threat landscape and constant vigilance over your DLP system, experts say.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

Computerworld India

Stupid Users, or Stupid Infosec?
Computerworld India
19 column, "Can Infosec Cure Stupid?", had me scratching my head. Unusually for him, May's underlying assumptions are flawed. He argues that end users are generally stupid, his evidence being that they don't understand how the devices they use work ...

and more »
 
Adobe Flash Player and AIR CVE-2012-5677 Remote Integer Overflow Vulnerability
 
HP Data Protector Express Local Privilege Escalation Vulnerability
 
[SECURITY] [DSA 2586-1] perl security update
 
During Hurricane Sandy this fall, The Weather Channel experienced its highest traffic ever. Normally the media company -- which spans television, desktop and mobile platforms -- supports about 90 million Web and mobile users a month. During Sandy, that jumped to 450 million -- nearly double the company's previous high for Web traffic.
 
Some of SAP's software products are now certified for use with Oracle's Database Appliance, which is essentially a streamlined version of its Exadata machine aimed at small and medium-size businesses.
 
[SECURITY] [DSA 2585-1] bogofilter security update
 
Information disclosure (mouse tracking) vulnerability in Microsoft Internet Explorer versions 6-10
 

Overview of the December 2012 Microsoft patches and their status.






#

Affected

Contra Indications - KB

Known Exploits

Microsoft rating(**)

ISC rating(*)



clients

servers






MS12-077

Internet Explorer Cumulative Patch

(Replaces MS12-063 MS12-071 )



Internet Explorer 9/10



CVE-2012-2545
CVE-2012-4781

CVE-2012-4782

CVE-2012-4787

KB 2761465

No.

Severity:Critical

Exploitability: 1

Critical

Critical




MS12-078

Windows Kernel Mode Drivers Remote Execution

(Replaces MS12-032 MS12-075 )



Kernel mode drivers

CVE-2012-2556

CVE-2012-4786

KB 2783534

No.

Severity:Critical

Exploitability: 1

Critical

Important




MS12-079

Microsoft Word RTF Data Remote Code Execution

(Replaces MS12-064 )



Word

CVE-2012-2539

KB 2780642

No.

Severity:Critical

Exploitability: 1

Critical

N/A




MS12-080

Windows Exchange Server Remote Code Execution

(Replaces MS12-058 )



Exchange Server



CVE-2012-3214


CVE-2012-3217


CVE-2012-4791


KB 2784126

Yes.

Severity:Critical

Exploitability: 1

N/A

Critical




MS12-081

Windows File Handling Remote Code Execution

(Replaces MS07-035 MS11-063 )



Windows

CVE-2012-4774

KB 2758857

No.

Severity:Critical

Exploitability: 1

Critical

Critical




MS12-082

DirectPlay Remote Code Execution



DirectPlay

CVE-2012-1537

KB 2770660

No.

Severity:Important

Exploitability: 1

Critical

Important




MS12-083

IP-HTTPS Security Feature Bypass



Direct Access



CVE-2012-2549





KB 2765809

No.

Severity:Important

Exploitability: 1

Important

Important





We will update issues on this page for about a week or so as they evolve.

We appreciate updates

US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY


(*): ISC rating


We use 4 levels:


PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.

Critical: Anything that needs little to become interesting for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.

Important: Things where more testing and other measures can help.

Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.



The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.

The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.

Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.

All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them.


(**): The exploitability rating we show is the worst of them all due to the too large number of ratings Microsoft assigns to some of the patches.


------

Post suggestions or comments in the section below or send us any questions or comments in the contact form

--

John Bambenek

bambenek /at/ gmail.com

Bambenek Consulting
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

--

John Bambenek

bambenek \at\ gmail /dot/ com

Bambenek Consulting
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Adobe Flash Player and AIR CVE-2012-5676 Remote Buffer Overflow Vulnerability
 
Oracle Outside In Technology CVE-2012-3217 Local Security Vulnerability
 
Oracle Outside In Technology CVE-2012-3214 Local Security Vulnerability
 
The SkyDrive UI on the Xbox offers cross-platform access to apps, photos and videos. Microsoft also plans to deliver more than 40 new apps by next spring.
 
Researchers from Israel-based IT security firm Seculert have uncovered a custom-made piece of malware that infected hundreds of point-of-sale (PoS) systems from businesses in 40 countries in the past few months and stole the data of tens of thousands of payment cards.
 
The battle between Twitter and Instagram took another turn late Monday when the social network unveiled its own photo tool.
 
Path Traversal Vulnerability on Secure Transport versions 5.1 SP2 and earlier
 
Amid speculation that Microsoft will soon expand distribution of its Surface RT, giant e-tailer Amazon continues to offer the tablet through partners, who jack up the price or post inflated list prices to claim large savings.
 
Microsoft Tuesday began delivering an update to Windows Phone 8 smartphones that provides unspecified "performance enhancements" that some customers say include an OS fix for random reboots and Wi-Fi enhancements.
 
[security bulletin] HPSBOV02834 SSRT101055 rev.1 - HP OpenVMS LOGIN or ACMELOGIN, Remote or Local Denial of Service (DoS)
 
Chinese handset maker ZTE, known for its budget smartphones, will unveil a new high-end device at the Consumer Electronics Show in Las Vegas next month, marking a change of direction for the company.
 
Russia, China and other countries withdrew a proposal at the World Conference on International Telecommunications that according to some accounts aimed to bring the Internet under the control of the International Telecommunication Union.
 
A woman ordered to pay $222,000 for pirating 24 copyrighted songs has taken her fight against the Recording Industry Association of America to the U.S. Supreme Court.
 
Three of Japan's tech giants will work together to increase data transmission speeds over optical fiber, aiming for 400Gbps per channel by 2014.
 
Techniques for using SharePoint 2010 to its maximum benefit.
 
SharePoint 2010 can be a great collaboration tool. Here's what you need to know to find your way around.
 
Red Hat Certificate System Multiple Cross-Site Scripting and Denial of Service Vulnerabilities
 
Qt 'XmlHttpRequest' Object Insecure Redirection Information Disclosure Vulnerability
 
During the next eight years, the amount of digital data produced will exceed 40 zettabytes -- the equivalent of 5,200 GB of data for every man, woman and child on Earth, according to an updated Digital Universe study released today.
 

Posted by InfoSec News on Dec 10

http://gcn.com/blogs/cybereye/2012/12/blackberry-blacklist-106-passwords-you-cant-use.aspx

By William Jackson
Cybereye
GCN.com
Dec 07, 2012

Research In Motion’s long-awaited new mobile OS, the BlackBerry 10,
contains a blacklist of 106 verboten passwords that users will not be
able to use to secure access to their devices, researchers have found.

The new OS is expected to be released Jan. 30 and is part of a major
effort by RIM to regain...
 

Posted by InfoSec News on Dec 10

http://www.abc.net.au/news/2012-12-11/adfa-hack/4421690

ABC.net.au
December 11, 2012

The private details of thousands of staff and students at the Australian
Defence Force Academy (ADFA) have been hacked and released online.

The details include the name, rank, birth dates and passwords of up to
20,000 people.

A member of the infamous Anonymous group, known as Darwinaire, is
claiming responsibility for the theft.

An online blog for hackers...
 

Posted by InfoSec News on Dec 10

http://news.techworld.com/security/3415592/tor-network-used-command-skynet-botnet/

By Lucian Constantin
Techworld.com
10 December 2012

Security researchers have identified a botnet controlled by its creators
over the Tor anonymity network. It's likely that other botnet operators
will adopt this approach, according to the team from vulnerability
assessment and penetration testing firm Rapid7.

The botnet is called Skynet and can be used...
 
Internet Storm Center Infocon Status