InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Research In Motion is highlighting the native and Android apps available on its struggling PlayBook at the Consumer Electronics Show as it prepares to launch the first major overhaul of the tablet's software next month.
Two lawmakers who are fighting the controversial SOPA and PIPA bills took their case to the world's largest consumer electronics gathering Wednesday.
Julius Genachowski, chairman of the U.S. Federal Communications Commission, used his time on stage at the Consumer Electronics Show Wednesday to warn that if Congress doesn't let the agency move forward with its plans to free up more wireless spectrum, it risks damaging the economy into the future.
Smartphones will soon know not only where you are but what floor of a building you're on, thanks to advances in MEMS technology, one of the quiet success stories of the consumer electronics industry.
Sales of personal computers slowed in the last three months of 2011, thanks to a sluggish economy, scarce hard drives and the proliferation of other form factors, according to a report released Wednesday by IDC.
SimpleSAMLphp Multiple Cross Site Scripting Vulnerabilities

China Not The U.S.s Only Cyber-Adversary
Dark Reading
In the latest development, Infosec Island today reports that the hactivists, who call themselves The Lords of Dharmaraja, showed the news site evidence that Indian government cyberspies gained access to US government agency networks, including a sample ...

and more »
Calls for the U.S. government to halt a plan by the Internet Corporation for Assigned Names and Numbers (ICANN) to offer new generic top-level domains are shortsighted because they could lead to other countries attempting to exert control over ICANN, a U.S. government official said Wednesday.
Strafor Global Intelligence CEO George Friedman on Wednesday blasted those responsible for a December attack on the global intelligence firm's website and decried what he called 'censorship' by the attackers.
The long-standing and persistent accusation that Google unfairly uses its search engine to promote its other online services is once again in the spotlight, triggered by new social search functionality the company is rolling out this week that more tightly links its search engine with its Google+ social networking site.
Oracle made a splash on Tuesday when it announced the general availability of its Big Data Appliance, but the company also quietly released pricing information for Exalytics, another new member in its family of specialized hardware-software appliances and a likely competitor to SAP's HANA product, suggesting that a general-availability announcement for that product is imminent.
Apple has confirmed to the Reuters news service that it has purchased Anobit Technologies, an Israeli company that makes solid state drives out of consumer-grade flash.
Google Chrome Prior to 16.0.912.75 Multiple Security Vulnerabilities
libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability
Data-recovery service providers are supposed to be saving important data for you when something goes wrong -- a drive crashes or storage device is dropped, and no backup is available. But do you trust them with the important data you let them recover or could they actually be a source for a data breach?
Apple on Wednesday issued invitations to the news media for a New York City event next week that will focus on education.
A Washington man on Tuesday sued Symantec in federal court, accusing it of using the same tactics as fake "scareware" software to sell its PC cleanup utilities.
LTE has exploded at this week's Consumer Electronics Show, where the three top U.S. wireless carriers and dozens of other vendors are showing off how they plan to use the high-speed technology with new smartphones, tablets and even ATM's.
Tor SOCKS Connection Heap Based Buffer Overflow Vulnerability
[SECURITY] [DSA 2387-1] simplesamlphp security update
Microsoft Windows ClickOnce Application Installer Remote Code Execution Vulnerability
Microsoft Windows Media Player 'winmm.dll' MIDI File Parsing Remote Code Execution Vulnerability
With Intel finally breaking into the burgeoning smartphone market, analysts say the company is moving to defend its turf -- and possibly even its future stability -- against an encroaching competitor.
Smartphones, tablets, and now touchscreen PCs all can lead to stress-related injuries of your hands, arms, back, and eyes -- unless you use them right.
Secunia Research: NTR ActiveX Control "StopModule()" Input Validation Vulnerability
Secunia Research: NTR ActiveX Control Four Buffer Overflow Vulnerabilities
[PT-2011-04] Cross-Site Scripting in Kayako Support Suite
[PT-2011-03] Information disclosure in Kayako Support Suite


Fake memo but real code? India-US hacking mystery deepens
Reuters India
Technology blog Infosec Island said on Wednesday it had seen more data obtained by the Lords of Dharmaraja, including dozens of usernames and passwords for compromised US government network accounts. Infosec Island blogger Anthony Freed said the hacker ...
US China Commission Emails HackedDark Reading

all 158 news articles »
Researchers at Symantec yesterday confirmed that working attack code published Jan. 6 can cripple Web servers running Microsoft's ASP .Net.
Banco Bilbao Vizcaya Argentaria (BBVA) is adopting Google Apps for email and collaboration and expects to have its about 110,000 employees worldwide using the suite by the end of this year.
Amazon Web Services has added four locations where enterprises can use its Direct Connect network service to communicate with its cloud.
Sun Java System Directory Server Authentication Bypass Vulnerability
Mozilla Network Security Services Library Remote Denial of Service Vulnerability
Sun Java System Directory Server Uninitialized Pointer Remote Memory Corruption Vulnerability
Multiple XSS in KnowledgeTree Community Edition
[PT-2011-02] PHP code Injection in Kayako Support Suite
[PT-2011-01] Cross-Site Scripting in Kayako Support Suite
VUPEN Security Research - Adobe Acrobat and Reader Image Processing Integer Overflow (APSB12-01)


Fake memo but real code? India-US hacking mystery deepens
Technology blog Infosec Island said on Wednesday it had seen more data obtained by the Lords of Dharmaraja, including dozens of usernames and passwords for compromised US government network accounts. Infosec Island blogger Anthony Freed said the hacker ...
US China Commission Emails HackedDark Reading

all 164 news articles »
This is a follow-on to last week's How to Submit Firewall Logs feature (https://isc.sans.edu/diary/ISC+Feature+of+the+Week+How+to+Submit+Firewall+Logs/12316). This week we detail how to access data with the DShield API and its components. Last week was the HOW, this week highlights the WHY you should setup a DShield log submission script.

Our API gives you a look at detail and summary data from the DShield system plus a few extras from ISC! In order to make accessing all this data easier, the API interface you can use manually or script. Be careful, repeated excessive access might get ya locked out so please use responsibly. :)


There are four(4) output formats (xml, json, text, php) available by adding ?[format] to the end of the API url. For example if you want plain text to parse in a script, you would add ?text like http://isc.sans.edu/api/handler?text

The main page lists all the functions, parameters and description https://isc.sans.edu/api/ Here's a quick list of what's currently available.


1. backscatter - only includes syn ack data and is summarized by source port

2. handler - current Handler of the Day

3. infocon - current infocon level

4. ip - summary info of a given IP

5. port - summary info of a given port

6. portdate - summary for a given port on a given date

7. topports - summary info for top ports on a given date

8. topips - summary info for top IPs on a given date

9. porthistory - summary info per port for a given date range

As a bonus, Dr. J will be highlighting the API as part of this months ISCThreat Update at https://www.sans.org/webcasts/isc-threat-update-20120111-94999 (If you miss the live broadcast, you can watch the recording at a later time)

You can leave comments in the section below or send any questions or comments in the contact form isc.sans.edu/contact.html

Adam Swanger, Web Developer (GWEB)

Internet Storm Center (http://isc.sans.edu) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The problem of using smartphone and tablet touchscreens has led to the creation specialized gloves that ease the task and can conduct a person's bioelectricity.
If you run a small or mid-sized business, server virtualization promises cost savngs and improved IT efficiency. To help ensure you understand the advantages, we drew up a list of the most tangible benefits that virtualization has to offer small and mid-sized businesses
Android malware writers are taking advantage of the controversy surrounding Carrier IQ's smartphone tracking software in order to distribute a premium SMS Trojan, security researchers from Symantec warn.
pcmag's Security Watch has published an article that has some very interesting details about a American SCADA System. during a workshop about the Security of SCADA Systems a lady from Network electric Company had apparently stood up and yelled that it would take 5years and 25million dollars to upgrade the security of the existing systems, which is really a worry if your the one that is reasonable for them.

In what is turning out to be a full on attack on Israeli systems has taken another turn now, with one of the more well known anonymous twitter account announced for everyone to go follow @FuryOfAnon for upcoming release's.

Dell today announced its first deduplication appliance, along with an upgrade to its Compellent Storage Center management software that includes tighter integration with VMware.
Well STRATFOR has just announced its back online and the CEO George Friedman has released a press release and video with small insight to the recent attack by anonymous. In the vdieo he claims that STRATFOR Knew of the main attacks earlier december and had alerted the FBI and had been working with the FBI when all the [...]

A phishing email campaign is targeting private and public sector organizations with phony US-CERT email addresses.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

US to friend and foe: Come visit our network flea market!
CSO (blog)
All this comes to mind as I read Anthony Freed's Infosec Island post about how Indian intelligence infiltrated US government networks. I'm not the only one shrugging my shoulders and letting out a small chuckle. On Twitter, there are reactions like ...

The banks Online statements system had failed and around about 60 people got sent the wrong details. Now while this is to major, it shows holes in major systems that most of the world relies on to do day to day things.

FlexNet License Server Manager Remote Code Execution Vulnerability
op5 Appliance Multiple Remote Command Execution Vulnerabilities

Research and Markets: The Future of Information Security - Markets ...
... authored by MiG's Lead IT Analyst, James Mathews, examines, analyses, and predicts the evolution of technologies, markets, and outlays (expenditures) for Information Security (InfoSec) infrastructure products over the next six years.

and more »
More than 400 credit card numbers claimed to belong to Saudi Arabian citizens were released on Tuesday in apparent retaliation for the release of 15,000 active credit card numbers of Israelis last week.
HP is hoping to grab the fashionable user with its new ultrabook, the Envy 14 Spectre.
Struggling Eastman Kodak is alleging that Apple's and HTC's smartphones and tablets infringe on its digital imaging technology, and has filed a complaint and lawsuits with the U.S. International Trade Commission (ITC) and the U.S. District Court for the Western District of New York, it said on Tuesday.
Workers at a Foxconn Technology Group campus in China staged a protest last week, threatening to jump off a building if the company did not meet their compensation demands, according to local Chinese news reports.
Adobe on Tuesday patched six vulnerabilities in the newest version of its popular Reader PDF viewer, making good on a late-2011 promise when it shipped an emergency update for an older edition.
Jane Silber believes there's plenty of room for a new player in tablets, TVs, and maybe even smartphones
Zend Developer Cloud woos PHP developers with enterprise-grade development features, snapshots for easy recovery and project sharing, and promises of single-click cloud deployment
The Tizen project, which is developing an open-source operating system for devices like smartphones and tablets, is offering a download of the alpha release of the source code of the operating system.

Research and Markets: The Future of Information Security - Markets ...
SYS-CON Media (press release)
... authored by MiG's Lead IT Analyst, James Mathews, examines, analyses, and predicts the evolution of technologies, markets, and outlays (expenditures) for Information Security (InfoSec) infrastructure products over the next six years.

and more »
Novell Netware 'XNFS.NLM' Component Remote Code Execution Vulnerability
Oracle's Big Data Appliance product, which shipped Tuesday, gives enterprises another option for deploying projects based on Apache Hadoop open source technology.
Multi-core processors for tablets and smartphones are being touted by chip maker Nvidia and others at the CES trade show, but some in the industry question their value.

Posted by InfoSec News on Jan 11


By Gregg Keizer
January 10, 2012

Microsoft today shipped seven security updates that patched eight
vulnerabilities in Windows and a code library used to protect Web
applications from cross-site scripting attacks.

As experts expected, today Microsoft issued the patch it pulled at the
last minute in December 2011.

Only one of the...

Posted by InfoSec News on Jan 11


January 11, 2012

BEIJING, Jan. 10 (Xinhua) -- Four people have been detained by police
and eight others punished after they were found guilty of fabricating a
massive leak of online personal data by hackers over the past month in
China, the country's Internet watchdog announced Tuesday.

China's leading anti-virus software provider, Beijing-based Qihoo 360,
claimed in...

Posted by InfoSec News on Jan 11


By Michael Cobb
Contributing Writer
Jan 11, 2012

[Excerpted from "How to Prevent an Illicit Data Dump," a new report
posted this week on Dark Reading's Insider Threat Tech Center.]

The headline occurs almost every day lately -- a large enterprise or
government agency loses a huge cache of data...

Posted by InfoSec News on Jan 11


By Lucian Constantin
IDG News Service
January 10, 2012

The course of events that led to the July 2011 compromise of a computer
server used by German authorities for GPS surveillance might have
started with a police official monitoring his daughter's online
activities, according to reports in German media.

The man, who is a senior official...
UrduGalaxy, which claims to be the biggest website for Urdu based news, videos, images has been hacked and had a fairly big load of accounts dumped on pastebin.


Posted by InfoSec News on Jan 11


[Its a BADTHING(tm) when a security professional has their personal site
popped and their information posted to Pastebin, but for author /
plagiarist Ankit Fadia, its happened (with this most recent attack), at
least FIVE times. Security Industry Errata has a page here:

It should also be...
Internet Storm Center Infocon Status