(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
American Express is rolling out a new service on Twitter that lets card holders make purchases on the social network through specialized tweets.
VMware plans to acquire Virsto Software, maker of a "storage hypervisor" that will be added to VMware's popular virtualization lineup and licensed by EMC.
Freeing the way for independent Linux distributions to be installed on Windows 8 computers, the Linux Foundation has released software that will allow Linux to work with computers running the UEFI (Unified Extensible Firmware Interface) firmware.
Google's social network, Google+, is getting attention from the likes of astronauts and the U.S. president. Both will be hosting hangouts with the U.S. public.
With robots increasingly being used on manufacturing floors, researchers are looking for ways that humans can work better with their robot coworkers.
Flickr users are livid over a recent bug causing their private photos to be made public.
Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack
Multiple Vulnerabilities in Linksys WAG200G
It's hard to remember life without ATMs. In Hong Kong, we can transfer funds, pay our utility bills and even settle tax demand-notes using an ATM. And they even dispense cash.
D-Link DIR-615 Multiple Remote Security Vulnerabilities
[ MDVSA-2013:010 ] java-1.6.0-openjdk
Multiple Vulnerabilities in Linksys WRT160Nv2
[SECURITY] [DSA 2612-2] ircd-ratbox update
[SECURITY] [DSA 2619-1] xen-qemu-dm-4.0 security update
Massive ERP (enterprise resource planning) software projects under way at the U.S. Army are in danger of missing crucial deadlines due to inadequate planning and management on the part of officials, according to a new auditor's report.
Two U.S. lawmakers plan to reintroduce a controversial cybersecurity bill that allows private companies to share customers' personal information related to a wide range of cyberthreats with government agencies.
[ MDVSA-2013:009 ] libssh
In an effort to make it easier to connect vehicles, Ericsson and Gemalto have joined forces on embedded SIMs.
Criminals have defrauded a credit card company by manipulating the drawing limits on prepaid cards and withdrawing large sums of money in a very short amount of time

VMware has released updates for a privilege-escalation-enabling flaw in its virtualisation products on Windows hosts and guests. The flaw appears to be restricted to the local Windows system though and does not travel across the hypervisor

Cover story: The U.S. government says Chinese IT giants Huawei and ZTE pose too much risk. But do they? Joel Snyder offers his take.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

One of the emails that came through on our handlers list pointed out some interesting behavior. When querying a domain (a sample in this case is shineecs.com), the registrar at the end of the response would include an HTML script tag. See output below:

$ whois shineecs.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered

with many different competing registrars. Go to http://www.internic.net

for detailed information.



Whois Server: whois.paycenter.com.cn

Referral URL: http://www.xinnet.com

Name Server: NS17.XINCACHE.COM

Name Server: NS18.XINCACHE.COM

Status: ok

Updated Date: 30-jul-2012

Creation Date: 07-apr-2009

Expiration Date: 07-apr-2014

Last update of whois database: Mon, 11 Feb 2013 16:55:40 UTC


Domain Name : shineecs.com

PunnyCode : shineecs.com

Creation Date : 2009-04-07 14:26:58

Updated Date : 2011-06-27 16:33:59

Expiration Date : 2014-04-07 14:24:29


Billing Contact:

Name : shineecs

Organization : shineecs

Address : XXXXX

City : hangzhoushi

Province/State : zhejiangsheng

Country : china

Postal Code : XXXX

Phone Number :

Fax : XXX

Email : [email protected]

script src=http://img2.xinnet.com/d/js/acmsd/thea178.js/script

When manually fetching that script, all that was retrieved is: document.write(), so nothing is modified at this instant in time. The domain in question resolves to an IP that has been implicated in a small number of instances of malware connected to some worm activity, but nothing deeply out of the ordinary. The same is true for the IP connected to the registrar. So why is this happening? The registrar is doing this as a lazy way to do some analytics they find useful, so not malicious in this case.

What is fun, however, is that when I run a WHOIS via the various web tools, most all of them process this HTML tag as HTML instead of text, which means this would be a successful XSS vector if you could maliciously modify a WHOIS record.

In this case, the registrar adds that script tag, not the registrant. That said, if a registrar doesnt properly validate the information put in those fields, evil may ensue (the registrar I use does). Or worse, if the registrar themselves are a bad player, they can do whatever they want. In this case, an innocous issue, but another episode in the ongoing saga of web applications. If you get input from a third-party source, make sure to scrub it to ensure that bad things dont happen like XSS.


John Bambenek

bambenek \at\ gmail /dot/ com

Bambenek Consulting
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
BlackBerry's Z10 went on sale today at the unsubsidized price of $999 through wireless service provider Solavei and its retail partner GSM Nation
Professional golf teed off for another season in 2013 with the use of rugged handheld computers to help lower costs and improve efficiency in scoring and reading tickets at the gate.
Mobile commerce offers great deal potential, but like many technology trends, it may take time to really catch on. If your business is looking to implement mcommerce, there are some important factors to consider beyond the technology. First and foremost, think about your customer, and the customer experience.
Oracle will be adding fixes for a number of lesser security flaws in Java on 19 February. But Oracle's problems are just beginning as people start finding antique versions of Java bundled with current software

Oracle Java SE CVE-2013-0431 Remote Java Runtime Environment Vulnerability
Oracle Java SE CVE-2013-0444 Java Runtime Environment Remote Security Vulnerability


John Bambenek

bambenek \at\ gmail /dot/ com

Bambenek Consulting
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
One week after launching a security bug bounty program, the new file-storage and sharing service Mega claims to have fixed seven vulnerabilities, none of which met its highest severity classification.
In the early days of Wi-Fi, site surveys were fairly basic and involved running around with a laptop looking at simple signal levels. The next step was mapped-based tools that provided a good visual of Wi-Fi coverage, but still involved carrying a bulky laptop around.
The U.K. Financial Reporting Council has launched a probe into Autonomy's financial reporting over a period of more than two years prior to its acquisition by Hewlett-Packard.
IT leaders can't always measure a project's success by revenue or cost-saving metrics. Brookdale Senior Living's CIO achieved a greater objective by bringing social networking to its communities' residents: It improved their lives.
PostgreSQL 'enum_recv()' Function Denial of Service Vulnerability

WidePoint Corporation To Present At AGC Partners' 9th Annual InfoSec And ...
Daily Markets (press release)
MCLEAN, Va., Feb. 11, 2013 /PRNewswire/ – WidePoint Corporation (NYSE Mkt: WYY), a leading provider of cloud-based, telecommunications life-cycle and trusted cybersecurity management Enterprise-wide solutions, announced today that Jim McCubbin, ...

and more »
The supposed death of network interfaces caused by special packets of death turns out to be the fault of an incorrectly prepared EEPROM image, according to Intel

Textbooks aren't available for e-readers, and the children's literature that is available generally can't be searched by reading level.
Taking Dell private is a bold move, but won't ensure success. If you can't recognize opportunities and execute properly as a public company, buying yourself shelter from investors only takes you so far. The bigger challenge will be rejiggering the corporate culture and core processes to make more innovation possible.
Google, AT&T and Verizon Communications were among the top corporate lobbyers of the U.S. government in the fourth quarter of 2012, according to data released recently by the House of Representatives.
Building a solid business case for your IT projects means nailing the financial calculations and language. CIOs say making accurate ROI predictions can pay off. Insider (registration required)
Facing unprecedented budgetary uncertainty, the IT shops of many federal agencies are embracing the Agile development methodology to speed up software projects so they can demonstrate the value of new systems quickly. Insider (registration required)
The newly rechristened BlackBerry delivered on its promise to breathe new life into an aging, iconic product line, but it still faces an uphill battle in a market dominated by Apple's iPhone and devices based on Google's Android operating system.
Researchers have created a way to store data in the form of DNA and retrieve it without errors.
The Department of Veterans Affairs has begun installing millions of sensors to track any piece of equipment that costs more than $50.
An airport restaurant operator invests heavily in automation -- but doesn't use that as a rationale for cutting staff.
Microsoft started selling its Surface Pro tablet on Saturday, and quickly exhausted its supply of the 128GB configuration.
Apple is experimenting with watch-like wearable devices with some smartphone capabilities, as the company looks at new product categories for future growth, according to reports.
Have you ever regretted taking a new job right after you started?
libssh CVE-2013-0176 Denial of Service Vulnerability
An iPhone case that doubles as a cup holder? Looks positively ... well, ludicrous, doesn't it? Yet that detail didn't dissuade a fair number of journalists from covering the contraption's funding appeal on Indiegogo in an entirely too serious manner.

Posted by InfoSec News on Feb 11


The Korea Herald

South Korea's financial authority said Monday it has uncovered a large-scale
hacking scheme that resulted in the theft of personal financial transaction
information of hundreds of bank clients.

According to the Korea Financial Telecommunications and Clearings Institute
(KFTC), a group of hackers allegedly stole a total of 461 authenticated...

Posted by InfoSec News on Feb 11


By Dan Goodin
Ars Technica
Feb 10 2013

Early on Halloween morning, members of Facebook's Computer Emergency Response
Team received an urgent e-mail from an FBI special agent who regularly briefs
them on security matters. The e-mail contained a Facebook link to a PHP script
that appeared to give anyone who knew its location...

Posted by InfoSec News on Feb 11


By John Leyden
The Register
8th February 2013

Microsoft has lined up a bumper Patch Tuesday this month to snap shut a
backbreaking 57 security vulnerabilities in its products.

Five of the 12 software updates addressing the gaping holes will tackle
critical flaws that allow miscreants to execute code remotely on vulnerable

In all, the soon-to-be-patched...

Posted by InfoSec News on Feb 11


By Jeremy Kirk
IDG News Service
February 10, 2013

Security vendor Bit9 promised to release limited details of a hack caused by a
failure of the company to install the same security software on its own network
that it sells to a handful of Fortune 500 companies.

Bit9, which is based in Waltham, Massachusetts, provides a platform that...

Posted by InfoSec News on Feb 11


By John E Dunn
09 February 2013

An audacious hacker has posted a large cache of photographs and emails
stolen from the email accounts of friends and relatives of former
presidents George HW Bush and his son George W Bush, investigative
magazine The Smoking Gun has reported.

In a spiteful event reminiscent of the hacking of...
Schneider Electric Accutech Manager Heap Buffer Overflow Vulnerability
Internet Storm Center Infocon Status