InfoSec News

Lawyers for Oracle and SAP are due in court Wednesday to argue post-trial motions in their TomorrowNow lawsuit, with SAP seeking a new trial and a reduction of the $1.3 billion jury award it was ordered to pay.
Booz Allen Hamilton on Tuesday confirmed that its network was hacked but suggested the break-in was more limited than attackers have described.
IT and security managers are slowly embracing the growing number of consumer devices at work, but many enterprises are still overwhelmed by the need to mitigate risk and support the devices.
Google is launching a redesigned Android Market client for phones that is intended to better showcase top applications and features an improved UI and faster downloading of products.
Microsoft is expected on Tuesday to update its strategy for cloud-based ERP (enterprise resource planning) and CRM (customer relationship management) software during the annual Worldwide Partner Conference.
Microsoft repaired a critical Bluetooth vulnerability and fixed more than 20 other flaws as part of its July security updates.

Add to digg Add to StumbleUpon Add to Add to Google
SolarFTP 'PASV' Command Remote Buffer Overflow Vulnerability
Blender '.blend' file Remote Command Execution Vulnerability
Verizon Wireless Tuesday showed off dozens of early-stage LTE wireless products at its new Verizon Innovation Center in Waltham, Mass.
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1885) Local Privilege Escalation Vulnerability
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1880) Local Privilege Escalation Vulnerability
ZDI-11-235: TrendMicro Control Manager CASProcessor.exe BLOB Remote Code Execution Vulnerability
[Announcement] ClubHack Magazine Issue 18-July2011 Released
Tugux CMS 1.2 Multiple vulnerability (BLIND sql & xss)
[SECURITY] [DSA 2276-2] asterisk regression update
The latest discovery includes a variant of the Zeus Trojan and embedded DroidDream malware in several mobile apps.

Add to digg Add to StumbleUpon Add to Add to Google
WordPress Multiple SQL Injection Vulnerabilities
Overview of the July 2011 Microsoft patches and their status.

Contra Indications - KB
Known Exploits
Microsoft rating(**)
ISC rating(*)


Memory handling problems in the bluetooth driver allow remote attackers to control the affected systems.


KB 2566220
No known exploits


Multiple vulnerabilities in kernel mode drivers allow privilege escalations.

Replaces MS11-034 and MS11-041.

Kernel mode drivers















KB 2555917
No known exploits

Less Urgent

Search path for libraries allow random code execution (e.g. by opening a visio file on a network share).


KB 2560847
Exploit code publicly available since August 2010

Less Urgent

Multiple vulnerabilities in the Client/Server Run-time SubSystem allow privilege escalation and denial odf service on affected systems.

Replaces MS11-010 and MS10-069.






KB 2507938
No known exploits

Less Urgent

We will update issues on this page for about a week or so as they evolve.

We appreciate updates

US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:

PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
Critical: Anything that needs little to become interesting for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
Important: Things where more testing and other measures can help.
Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.

The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.
Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.
All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them.

(**): The exploitability rating we show is the worst of them all due to the too large number of ratings Microsoft assigns to some of the patches.


Swa Frantzen -- Section 66 (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
A torrent just popped up on the Pirate Bay a few hours ago that leaks 90,000 emails and unsalted MD5 hashes as well as other reportedly damanging information about Booz Allen Hamilton, a contractor to the US government. Several news sites already have the story, or at least what we know of it. The hashes themselves are relatively easy to crack using commodity cracking tools, but likely that isn't the real damage here. Anonymous has claimed credit for the hack.
At this point, the means by which BAH was breached is unknown and likely pure speculation. That said, it is no longer secure to hash your passwords with MD5, much less when it is unsalted. Take a look at using a SHA-2 variant, if possible. Also, require strong and long passwords while minimizing password re-use to avoid compromised credentials being used to dig deeper into an organization. As more facts are known, this port will be updated.

John Bambenek

bambenek at gmail /dot/ com

Bambenek Consulting (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Which is best: An infosec certification or an IT security degree?
Ever since I started my security career, questions have arisen regarding the best certifications, or whether certifications are necessary for building a successful infosec career. Only recently have there been increased opportunities to get graduate ...


Not your typical information security event
SC Magazine UK
Since then the international BSides movement has grown quickly and is now a regular feature of the Infosec calendar. In the UK, the first Security BSides ran on the second day of Infosecurity Europe, although the two events couldn't be more different. ...

There has been a bit of a splash in the press the last few days about a mention by former CIA Director Michael Hayden of the idea of creating new, extra secure internets for government or commerce.
It "appears possible" that Google knew that its Android mobile operating system would violate Java patents held by Oracle, but decided to go ahead with the effort anyway, the judge overseeing the companies' intellectual property lawsuit said in a letter filed Tuesday.
Apple yesterday urged developers to submit their Lion apps for review before the OS X upgrade launches, making some wonder whether the operating system will launch this week as many had expected.
Hewlett-Packard on Tuesday said it would release a 4G TouchPad tablet with upgraded hardware, which will be available with AT&T's wireless network.
Eighteen IT workers in California have filed a lawsuit against their former employer claiming they were replaced by H-1B workers from India and then laid off in violation of the state's anti-discrimination laws.
Just two weeks old, Google's social network is generating a tidal wave of curiosity and excitement. And that level of interest may be making social networking giants like Facebook and Twitter a little nervous.
Setting the stage for cloud deployments, VMware will update many of its core products and bundle them into an integrated release, called the Cloud Infrastructure Suite, the company announced Tuesday.
There is a venture investment bubble in the mobile industry as countless startups draw interest for what might be the next big application or tool, the chief operating officer of payments vendor Square said Tuesday.
Microsoft today patched 22 vulnerabilities in Windows and Office, including a bug in the Bluetooth technology within Vista and Windows 7 that could be used to hijack a nearby PC.
Since more and more malware is emerging for the Android platform every day, you must pay strict attention to what is happening on your phone or tablet. Smartphones are essentially computers--and all computers are vulnerable to viruses, phishing, and other attacks from malicious software.

Posted by InfoSec News on Jul 12

By Gregory Machler
July 11, 2011

I was talking to a friend about data security over lunch today and we
discussed 'dirty bombs' and a what-if scenario for small-and-medium
sized businesses.

If there was a catastrophe like a dirty bomb, many of the affected
small-and-medium-sized businesses would go out of business. Many large...

Posted by InfoSec News on Jul 12

By Nancy Gohring
IDG News Service
July 11, 2011

The Anonymous hacking group said Monday it had broken into military
contractor Booz Allen Hamilton's network and posted 90,000 military
e-mail addresses and passwords online.

Booz Allen isn't commenting. "As part of @BoozAllen security policy, we

Posted by InfoSec News on Jul 12

By Brett Pulley and Devin Banerjee
July 11, 2011

News Corp. (NWSA)’s loss of $7 billion in market value over four trading
days shows investor concerns that a probe into alleged phone hacking by
journalists at one London newspaper could have a broader impact on the

Rupert Murdoch’s New York-based media...

Posted by InfoSec News on Jul 12

By John Leyden
The Register
11th July 2011

Microsoft has disabled the search results on its Security Centre after
malware-spreaders abused the function to promote shady pornographic
websites serving Trojans as well as cheap thrills.

Only the Security Section of Microsoft's website was affected by the
search-engine poisoning attack. Such attacks are...

Posted by InfoSec News on Jul 12

By Kim Zetter
Threat Level
July 11, 2011

It was January 2010, and investigators with the International Atomic
Energy Agency had just completed an inspection at the uranium enrichment
plant outside Natanz in central Iran, when they realized that something
was off within the cascade rooms where thousands of centrifuges were
enriching uranium.

Internet Storm Center Infocon Status