InfoSec News

Google officials say the company plans to make some changes to the Google+ social network this week.
 
Networking giant Cisco needs to cut 5,000 jobs, nearly 7% of its total workforce, in August to remain competitive, one Wall Street analyst recommended.
 
It became standard procedure in recent years for Internet companies to launch early test versions of their newest services with hooks for external developers, but Google is bucking that trend with its Google+ social network.
 
The World Wide Web Consortium is seeking to invalidate a pair of Apple patents so the underlying technologies can be used as part of a royalty-free HTML5 stack.
 
OProfile Multiple Security Vulnerabilities
 
Apple could launch an iPhone this year that works on faster 4G wireless networks, but it would have to make financial and design sacrifices to do so, a research firm said today.
 
Apache XML Security for C++ Signature Key Parsing Denial of Service Vulnerability
 

Information security analysts unemployment rate: zero
TechJournal South
Of the 12 computer related job classifications the Department of Labor's Bureau of Labor Statistics tracks, Infosec workers reported no unemployment in the second quarter 2011. Computer netwrok architects had a minute 0.5 percent jobless rate in the ...

 

Maricom Hires New Corporate Information Security and Privacy Officer
PR Newswire (press release)
A frequently published author and speaker, Mr. Taule is a recipient of The Health Information Trust Alliance (HITRUST) Infosec Award for Security and Privacy in recognition of his leadership and ongoing efforts to advance the healthcare industry, ...

and more »
 
The Google+ social networking site malfunctioned this weekend, spamming its users with repeated notifications via e-mail.
 
WikiLeaks' founder Julian Assange will head to London's High Court on Tuesday to try to reverse an extradition order that would send him to Sweden for questioning about sexual assault allegations.
 
Asterisk Multiple Remote Denial of Service Vulnerabilities
 
With Windows 7, you can easily share files and printers across a network via the HomeGroups feature. Here's how to set up your network to share files and printers with Macs.
 
You're starting school this fall. You've got your classes. You've got your books. You may even have a new laptop. But how can you keep your PC and gadgetry safe and secure while you're at school?
 
Two Highly Curious Objects arrived in my office recently and have provoked many hours of blank stares and idle speculation: a tube of sunblock and a Google Chromebook.
 
If you're the kind of person who can't wait to control the iPod on long road trips, you belong on Turntable.fm, a new Web app that lets you take turns selecting and listening to music for a whole chat room. It's a fun, new way to listen to music (and waste time during work), but if you're caught unprepared, you'll be laughed out--or worse. So bone up on your DJ etiquette before you find yourself in the spotlight.
 
With Firefox 5, Mozilla shifts to a faster release schedule, emulating the lightning pace at which Google's Chrome gains version numbers. Version 5 debuts mere months after Firefox 4, and Mozilla promises that future editions will arrive with similar speed.
 
Polycom today unveiled a $10,000 room-size videoconferencing system that integrates with Microsoft's Lync collaboration tools.
 
Colo, as it's known, is becoming a popular option for quickly adding capacity to an aging data center. But it's not as simple as throwing servers at a new site; be prepared to spend at least three months searching for a vendor and planning.
 
The Belkin N750 DB dual-band router can extend the reach of your Wi-Fi using an upgraded antenna system and improved signal-focusing technology.
 
The rise of cloud computing has led to a major push from many IT leaders for cloud standards around such things as security and data portability among different clouds.
 
Sales of 3G cellular-equipped tablets have largely been a bust because consumers dont want to pay wireless carriers for another data plan on top of their data plans for smartphones, an IDG analyst said on Friday.
 
eBay's Global Data Center Services manager explains how the online auction company installed a 100 KW solar array on its data center in Denver.
 

Posted by InfoSec News on Jul 11

http://www.darkreading.com/database-security/167901020/security/vulnerabilities/231001255/reports-dhs-irs-databases-at-risk.html

By Ericka Chickowski
Contributing Writer
Dark Reading
July 08, 2011

Some of the federal government's most critical agencies are falling down
on database security with misconfigurations, vulnerabilities, and a lack
of best practices, putting sensitive citizen and defense information at
risk as a result, new...
 

Posted by InfoSec News on Jul 11

http://www.h-online.com/security/news/item/German-Federal-Police-servers-compromised-1276115.html

The H-Security
8 July 2011

A group calling itself NN-Crew says it has broken into a server used by
Germany's Federal Police and stolen a large amount of data used to
GPS-track suspects under surveillance. The police apparently used the
hacked server as a data pool and server to download GPS tracking
software; it also contained instructions...
 

Posted by InfoSec News on Jul 11

========================================================================

The Secunia Weekly Advisory Summary
2011-06-30 - 2011-07-07

This week: 38 advisories

========================================================================
Table of Contents:

1.....................................................Word From Secunia...
 

Posted by InfoSec News on Jul 11

Forwarded from: security curmudgeon <jericho (at) attrition.org>
Cc: sengupta (at) nytimes.com, bilton (at) nytimes.com

: http://www.nytimes.com/2011/07/05/technology/05hack.html
:
: By SOMINI SENGUPTA and NICK BILTON
: The New York Times
: July 4, 2011
:
: The hackers, calling themselves the A-Team, assembled a trove of private
: information and put it online for all to see: names, aliases, addresses,
: phone numbers, even details about...
 

Posted by InfoSec News on Jul 11

http://gulfnews.com/business/technology/gitex-to-focus-on-computer-security-1.835913

By Staff Report
GulfNews.com
July 10, 2011

Dubai: This year's Gitex exhibition will focus on hacking and computer
security in the wake of cyber attacks on a host of global companies and
governments, organisers say.

They say that with the number of infected computers across the Middle
East on the rise -- a 44 per cent increase from 2009 to 2010 -- and...
 

Posted by InfoSec News on Jul 11

http://www.dailybruin.com/index.php/article/2011/07/ucla_health_systems

By SHOSHEE JAU
The Daily Bruin
July 11, 2011

On the heels of a hefty court settlement over a confidential records
breach, the UCLA Health System is administering further safeguards to
prevent unauthorized viewing of patients’ medical records.

Last week, the health system agreed to an $865,000 settlement with
federal health regulators over a series of incidents that...
 

Posted by InfoSec News on Jul 11

http://www.computerworlduk.com/news/it-business/3290018/futures-exchange-software-programmer-in-dramatic-fbi-arrest/

By Leo King
Computerworld UK
July 7, 2011

A programmer at the Chicago Mercantile Exchange has been arrested by the
FBI at his office and charged with stealing proprietary source code.

Chunlai Yang, 49, is accused of planning to steal proprietary software
from the CME -- one of the world’s largest futures exchanges -- to sell...
 

Posted by InfoSec News on Jul 11

http://www.bloomberg.com/news/2011-07-08/kiplinger-warns-customers-hackers-got-account-information-1-.html

By Michael Riley
Bloomberg
July 9, 2011

Kiplinger Washington Editors Inc., the publisher of Kiplinger’s Personal
Finance, warned customers that hackers breached its computer network at
least as early as June 25 and stole account data, including credit card
numbers.

Doug Harbrecht, the company’s director of new media, said the...
 
Tugux CMS 'delete_page_parse.php' Arbitrary File Deletion Vulnerability
 
Freefloat FTP Server 'LIST' Command Remote Buffer Overflow Vulnerability
 
Three days ago a new version (v3)of Jailbreakme (aka jbme3.0), the website used to jailbreak Applie iOSdevices (such as iPhone, iPod Touch and iPad), was released. The site takes advantage of userland-based exploits to take full control of these devices by simply visiting a web page. This v3 version makes use of a 0-day PDFvulnerability on a first stage, and a iOS kernel vulnerability to elevate privileges on a second stage.
These vulnerabilities affects multiple Apple devices and versions, up to iPad2 and iOS4.3.3.
As far as we know, Apple has not released an official update yet against these vulnerabilities (although it's working on it), so all devices are at risk. If you have a jailbroken device, it is recommended to install PDF Patcher 2 from Cydia to eliminate this risk (any firmware version). More details on the Dev Team blog:http://blog.iphone-dev.org.
The common but not very realistic recommendation applies:do not open malicious PDFfiles or visit untrusted websites (using Mobile Safari)!Ialways wonder how end users can determine if a PDF or web page is malicious before opening it... probably those that contain the word malicious on its name or domain name :)
----

Raul Siles

Founder and Senior Security Analyst with Taddong

www.taddong.com (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
During the last few months we have talked about improvements on your SSL/TLS(HTTPS)implementation, for example through the usage of newly supported HTTPheaders, such as Strict-Transport-Security (available since Firefox 4). Besides that, and due to the fact there have been several serious CA incidents, the general public has been more aware of the weaknesses of the current Internet PKIthe digital commerce is based on.
Leaving apart the current Internet PKIand weak trust CAmodel, Iwant to mention a tool we released a few weeks back called TLSSLed. Today, version 1.1 has been released. Its goal is helping organizations to test their SSL/TLS (HTTPS) implementation for common flaws and misconfigurations on web servers /applications.
The current (version 1.1)tests include verifications to check if the target website supports the SSLv2 protocol, the NULL cipher, weak ciphers based on their key length (40 or 56 bits), the availability of strong ciphers (like AES), if the digital certificate is MD5 signed, if secure SSL/TLS renegotiation capabilities are available, details about the certificate public key length, the certificate subject and issuer (CA), as well as the validity period, plus tests for the existence of HTTP secure headers, such as Strict-Transport-Security and cookies with and without the secure flag set.
The tool can be downloaded from Taddong's labs page.
The tool is just a Linux shell script, so Iencourage you to inspect it, and contribute improvements and new tests (you can simple send me an e-mail or add comments below). Future versions will incorporate them.
Time to improve your web sever / application SSL/TLS(HTTPS)implementation!
----

Raul Siles

Founder and Senior Security Analyst with Taddong

www.taddong.com (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
It has been announced by some of the major Internet Service Providers (ISP's) in America that they will be participating in the Copyright Alert System. There already exists plenty of media and discussions written about this topic, however I would like to open some discussion here at the Internet Storm Center. The crux of the Copyright Alert System is the illegal downloading or distribution of copyrighted media. The ISP's are now moving to a six strike system where a user or business will be provided six notifications, after which time the ISP will begin active intervention. This active intervention could be in the form of pop-up notifications, site redirection, bandwidth reduction, and possibly service interruption. I am not singling out any one provider, only the approach and practice as a whole.
It is my intention and hope that on this slow summer weekend to stir some discussions here at the Storm Center on the possible impacts in this change of Acceptable Use Policy (AUP). One of my first and foremost concerns is the impact to voice services. Voice over IP (VoIP) in many places has replaced traditional voice services (fixed, copper-based, Time Division Multiplexing) for home telephone services. Is it conceivable that a service provider would ever redirect traditional voice services in this manner? What is going to happen when I pick up my VoIP telephone to make a call, while I am in dispute with my ISP over the current usage of my internet service?
So it is today that I ask our readers regarding this policy What say you? I look forward to the discussions.

Tony Carothers
tony.carothers_at_isc.sans.edu
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
There's always a moment in any horror film where, inexplicably, one of the character, let's call him Chuck, wanders blindly into an obviously lethal encounter in a confined space. It's the I'm just going down to the cellar to find out where everyone else has gone moment that has most of us suddenly looking for a reason to run into another room to miss the grizzly outcome. Shortly after Chucks demise, one of the surviving cast clearly hears someone coming back up the cellar stairs and happily assumes it's just Chuck. Moments later they meet an equally horrifying end with some random household object.
Funny thing is a digital door to the cellar looms for an incident responder when investigating a report of a suspiciously acting system. Typically they're much better prepared and equipped than our fictional friend Chuck, but there is still a very real threat that crosses over from horror movies. What if the thing lurking on the system tries to stealing the digital identity of the brave incident responder? Suddenly we've got Good Ash and Bad Ash*, both with the same credentials access and privileges. The fight to contain an incident on just one system has now expanded to any system Ash's credentials has access to. This isn't a going to end well.
So how can we as incident responders on Windows systems protect ourselves against this?
Enter some fantastic research culminating in a presentation given at 2011 Digital Forensics and Incident Response Summit[1] by Mike Pilkington. Mike's talk, Protecting Privileged Domain Accounts during Live Response [2], covers the work he did to understand and protect the incident responder's domain credentials on remote Windows systems.
The presentation focuses on three areas where credentials are at risk from an attacker:

Password Hashes -Method for storing credentials on the local system
Access Tokens - Single sign-on functionality within Windows
Network Authentication -Protocols for authenticating to remote systems

This is worth printing out and spending some quality time going through. It discusses theses three areas of concern, takes you through the process so you can re-create each scenario and finally how to protect and detect against this type of attack.
After you've read it, take time to sit with your Windows Admins and explain to them the importance of protecting their credentials. This is well worth your time and energy educating any who has a privileged account. During an incident these folks need to be aware of the risk of remotely connecting to a possibly compromised system and how to do it safely. If you don't have a basic security training process for your system admin teams, this is a great starting point or ship 'em off and have some else educate them [3].
Once youve adopted Mikes findings in to your incident response processes and into the Windows admins understanding, having your credentials used against be that one thing less to fear when facing that next digital cellar door. In the immortal words of Good Ash, to sum up, Groovy.
[1] http://www.sans.org/forensics-incident-response-summit-2011/agenda.php

[2] http://securityscaper.com/Protecting%20Privileged%20Domain%20Accounts%20during%20Live%20Response%20-%20June%202011.pdf

[3] http://www.sans.org/security-training/hacker-detection-systems-administrators-continuing-education-program-1312-mid



* Army of Darkness - so many lessons can be learnt, or one-liners stolen, for the IR world - Thank you Bruce Campbell!


Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
F5 Networks announced two new storage virtualization appliances that are designed for entry-level and midrange businesses.
 
PMC-Sierra today released two new entry-level RAID controllers for SATA and SAS hardware that sport 6Gbit/sec throughput.
 
Mozilla plans to update Firefox for the Mac to deal with a bug affecting the browser in Apple's soon-to-be-released Lion operating system.
 

FPT to co-operate with Nigerian business
VietNamNet Bridge
CMC Information Security Corporation (CMC InfoSec) yesterday launched CMC Mobile Security, a free anti- virus software on mobile phones. The software will be applied for the Android operating system with simple, user-friendly interface. ...

 
Internet Storm Center Infocon Status