Hackin9

InfoSec News

RightScale is adding OpenStack and SoftLayer to the list of cloud services that can be managed from its RightScale Cloud Management Platform.
 
The hacker group behind Duqu may have been working on its attack code for more than four years, new analysis of the Trojan revealed Friday.
 
U.S. companies have been hiring workers from India for years, especially graduates of U.S. universities. But Indian companies, as well as American firms operating in India, are now trying to convince some of them to return to India.
 
30 Days With the Cloud: Day 4
 
The U.S. House of Representatives Judiciary Committee will conduct a hearing on the controversial copyright enforcement bill, the Stop Online Piracy Act, on Wednesday, the committee has announced.
 
Walmart could start letting shoppers buy products in the aisles and skip the checkout line, but the world's largest retailer needs to find out how that would improve the customer experience, the company's e-commerce chief said Thursday.
 
-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The good news is that Collective Intelligence (CI), the engine for Internet security created in 2006 by Panda Security's malware research laboratory, recently processed its 200 millionth malware file via the cloud. That's also the bad news.
 
With Nvidia and Cisco reporting results, there was some good news on the chip and networking front this week that, with the help of a successful debt offering by Italy that eased economic concerns, helped fuel a rise in IT vendors' shares Friday morning.
 
Apple's iOS 5 update this week did not solve the quick-draining battery issues for many users, according to reports posted on the company's own support forum.
 
In many ways the concept of federated cloud is ironic. Cloud computing rapidly gained traction because of its ability to manage the complexity of multiple legacy environments while consolidating infrastructure. But as organizations move forward with various cloud initiatives, many CIOs are now wrestling a sprawl of clouds that seems to be spinning out of control.
 
Salesforce.com has hired former Oracle and SAP executive John Wookey, adding a seasoned software-development executive to its ranks at a time of rapid growth in both revenue and its breadth of offerings.
 
Oracle is set to pay US$35 million to roughly 1,725 workers in order to settle a class-action suit brought against it over overtime pay and meal-break issues dating back to 2003.
 
The Senate disapproval resolution of the FCC's net neutrality rules failed; could the FCC have made a serious mistake?
 
-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
We got a number of comments regarding the FBI.gov DNSSEC issue, which I think warrant explaining some of the DNSSEC details in a bit more detail.
First of all: the fbi.gov domain is fine, the issue does not appear to be attack related and is a very common configuration problem with DNSSEC (yes... our dshield.org domain had similar issues in the past which is why I am somewhat familiar with how this can happen)
First a very brief DNSSEC primer:
DNSSEC means that for each DNS record, your zone will include a signature. The signature is generated using a zone signing key. Like any good signature, the signature has a limited lifetime. Commonly, the lifetime is in the range of a couple of weeks.
The result is, that the signatures need to be re-created before the lifetime expires. In the case of fbi.gov:


$ dig A www.fbi.gov +dnssec +short @156.154.105.27
www.fbi.gov.c.footprint.net.
CNAME 7 3 300 20111110173726 20110812173726 58969 fbi.gov.

The signature was created Aug. 12 2011 and expired earlier today (Nov 11 2011).
Other DNS servers, resolving the domain, do not HAVE to check DNSSEC. If they don't the domain will continue to resolve just fine. However, if your DNS server happens to verify DNSSEC signatures, the verification will fail and as a result, DNS resolution will fail.
Comcast and OpenDNS for example will verify DNSSEC and if you are using either for your dns resolution, you will no longer be able to reach fbi.gov .
If you are using DNSSEC yourself, or if you are interested in checking for another site if DNSSEC is configured correctly, I recommend you check dnsviz.net or Verisign's DNSSEc debugger athttp://dnssec-debugger.verisignlabs.com . They are an excellent resource to debug DNSSEC issues.
DNSSEC isn't exactly a simple configuration change. We discussed it in the past in diaries and webcasts. Please make sure you understand its implications before enabling it. I do recommend you enable it as it does provide a meaningful protection against DNS spoofing which is a precursor to various man-in-the-middle attack. DNSSEC does not encrypt anything. It only authenticates the DNS response. Enabllng DSNSEC on your resolver on the other hand is pretty straight forward and protects users of your resolver from spoofed DNS responses (the path from your resolver to the client may of course still be subject to spoofing, unless the client does its own validation)
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The Hamburg Data Protection Authority (DPA) is starting preliminary procedures to bring legal action against Facebook over the facial recognition feature used for photo tagging on the social network. The authority decided that further negotiation is futile after the social networking giant didn't agree to obtain consent from users retroactively.
 
A new, smaller SIM card, dubbed nano-SIM, will free up room for additional memory and larger batteries, helping phone vendors create thinner devices, German company Giesecke & Devrient said on Friday.
 
If you operate a wireless network for your home or business, it's important to ward it against opportunistic hackers seeking to steal your data or hijack your Wi-Fi for their own nefarious purposes. We spoke to Steven Andrés, CTO of security consulting firm Special Ops Security, to learn about the best ways to lock down your Wi-Fi. To get started, you'll need to log in to your router's administrative console by typing the router's IP address into your Web browser's address bar. Most routers use a common address like 192.168.1.1, though alternatives like 192.168.0.1 and 192.168.2.1 are also common. Check the manual that came with your router to determine the correct IP address; if you've lost your manual, you can usually find the appropriate IP address on the manufacturer's website.
 
A major challenge to the principles of free software was thrown out of a German district court on Tuesday.
 
We received a report from a reader that fbi.gov, is not resolving. Sure enough, when I do a nslookup or dig, I do not receive an answer from the authoritative server.
$ nslookup fbi.gov



Non-authoritative answer:

Name: fbi.gov

Address: 209.251.178.99
Digging a little deeper it appears it may be a problem with a DNSSECkey. If you follow the DNSserver chain, it appears to be ok.
Update: We have some indication this is wider than fbi.gov. It appears there was a major Internet outage in the New York area. Most likely fbi.gov switched over to an alternate DNS that didn't have its DNSSec configured correctly. There is no indication that this is due to any kind of attack.
-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
One of the biggest trends in IT is how consumer products have crept into the enterprise, and the trend extends to Internet services. The ingenious thing about social networks such as Facebook and LinkedIn is that these consumer-oriented sites have become key tools for professionals. Take journalists, for example. While reporters may still pound the pavement or work the phones to find stories, now sometimes a story can present itself in LinkedIn forums or through Facebook postings. Sometimes the social networks become an extension of the reporting team, in a practice called "crowdsourcing." And the reporter who used to appear as nothing more than a byline can now enter the conversation with instant feedback on a comment about a story. But other professions have not embraced social networks so much, and indeed have viewed them as threats to security or productivity. Would users spend their days catching up with high school friends and playing Farmville on Facebook? Remember when many IT departments were leery about users checking their personal email accounts from work, afraid they would click on a link and take down the entire network? While that danger still exists, it has been reduced a bit through the use of spam filters and user education. The same can be said for social networks, as IT staff can still provide general tips on what can be dangerous. In this PDF, Network World has compiled stories that take a look at the pros and cons of blocking social networks while at work. Many of these stories cite surveys that indicate whether productivity is lost in allowing social networks within the company network. Become an Insider today (free registration required) to download the PDF.
 
Austin Radiological Association has virtualized a quarter of its server and desktop infrastructure and hopes to hit 100% within a year. But the move has caused storage I/O bandwidth problems.
 
Adobe has promised to support the soon-to-be-orphaned Flash Player plug-in for mobile browsers, but has not said how long it will continue to patch security bugs in the software.
 
China Telecom plans to launch a mobile service in the U.S. geared for Chinese-Americans, students and tourists who frequently travel between both countries, according to a company spokeswoman.
 
While Google+ could find a lucrative niche in the social networking world among enterprise users, Facebook has a head start.
 
Hoping to spark closer integration with third-party applications, Citrix has exposed a number of APIs (application programming interfaces) for three of its collaborative services, GoToMeeting, GoToWebinar and GoToTraining.
 
China has released new rules limiting the nation's media outlets from sourcing unverified information from the Internet, in its continuing bid to crack down on online rumors.
 
A District Judge in the U.S. upheld Thursday an earlier order that Twitter must provide certain types of information of account holders to government investigators working on the WikiLeaks case, and declined to unseal records that could provide information on whether the prosecutors had tried to get similar information from other Internet companies.
 

Posted by InfoSec News on Nov 10

http://www.computerworld.com/s/article/9221702/Open_source_toolkit_finds_Duqu_infections

By Jeremy Kirk
IDG News Service
November 10, 2011

The lab credited with discovering the Duqu malware has built an
open-source toolkit that administrators can use to see whether their
networks are infected.

The Duqu Detector Toolkit v1.01 looks for suspicious files left by Duqu,
which has created a buzz in the security community given its stealthy...
 

Posted by InfoSec News on Nov 10

http://news.cnet.com/8301-27080_3-57322788-245/steam-web-sites-hacked-gamer-data-exposed/

By Elinor Mills
InSecurity Complex
CNet News
November 10, 2011

Hackers broke into a database with customer information at the Steam
online gaming site, accessed user forum accounts and defaced a forum
site, the company said.

"Our Steam forums were defaced on the evening of Sunday, November 6. We
began investigating and found that the intrusion...
 

Posted by InfoSec News on Nov 10

http://green.blogs.nytimes.com/2011/11/10/hacker-cyclist-executive-spy/

By DAVID JOLLY
Green
The New York Times
November 10, 2011

Électricité de France, the giant power utility and the world’s biggest
operator of nuclear power plants, was found guilty on Thursday of spying
on Greenpeace in a bizarre and convoluted computer hacking case that
also ensnared the disgraced American cyclist Floyd Landis.

A court in Nanterre, near Paris, fined...
 

Posted by InfoSec News on Nov 10

http://www.telegraph.co.uk/news/uknews/phone-hacking/8882790/Tabloids-future-in-doubt-over-phone-hacking-scandal.html

By Gordon Rayner and Mark Hughes
The Telegraph
10 Nov 2011

Giving evidence to MPs, Mr Murdoch, who closed the News of the World in
July, said he could not “rule out” closing The Sun or any other
publication if it was found to have broken the law.

Shares in News Corp, News International’s parent company, fell in value...
 

Posted by InfoSec News on Nov 10

========================================================================

The Secunia Weekly Advisory Summary
2011-11-03 - 2011-11-10

This week: 74 advisories

========================================================================
Table of Contents:

1.....................................................Word From Secunia...
 

Posted by InfoSec News on Nov 10

http://www.washingtontimes.com/news/2011/nov/9/pentagon-battle-concept-signals-cold-war-posture-o/

By Bill Gertz
The Washington Times
November 9, 2011

The Pentagon lifted the veil of secrecy Wednesday on a new battle
concept aimed at countering Chinese military efforts to deny access to
areas near its territory and in cyberspace.

The Air Sea Battle concept is the start of what defense officials say is
the early stage of a new Cold War-style...
 

Posted by InfoSec News on Nov 10

Forwarded from: Christian Wright <christian (at) baythreat.org>

Hey,

Just wanted to send a reminder that BayThreat 2011 is coming up quick
(the weekend of December 9th-11th) at the Hacker Dojo in Mountain View,
California!

We've got our speakers (http://www.baythreat.org/speakers.html) and our
schedule ( http://www.baythreat.org/schedule.html) up on the website so
check it out!

Tickets can be purchased off the website (...
 
Internet Storm Center Infocon Status