Share |

InfoSec News

To coincide with today's webcast about DNSSEC [1], I changed how the dshield.org zone is DNSSEC signed. The zone itself has been signed for a while now, but I used look aside validation via isc.org . For a few months now, it has been possible to have .org zones directly signed by .org, and I decided to give it a try. Please let me know if you see any issues. If you plan to deploy DNSSEC yourself, see Verisign's [3] nice testing tool as well as the visualization tool by DNSVIZ [4].
[1] https://www.sans.org/webcasts/isc-threat-update-20110413-94083

[2] http://dlv.isc.org

[3] http://dnssec-debugger.verisignlabs.com

[4] http://dnsviz.net/d/dshield.org/dnssec/
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Adobe updated its advisory, stating that we should have a patch at least for the non sandboxversions of Adobe Acrobat and Reader by April 25th [1]. Flash player will get a fix even earlier (April 15th = this week Friday). Adobe Reader X for Windows, which uses the new Protected Mode feature to limited the exploitability of this vulnerability, will have to wait until June 25th.
Little Table to clarify:




Flash
Reader 9
Reader 10.x
Reader 10.0.1
Reader 10.0.2 aka X


Windows
4/15
4/25
4/25
4/25
6/25


Macintosh
4/15
4/25
4/25
4/25
4/25




for more details, see the URL below.
[1] http://www.adobe.com/support/security/advisories/apsa11-02.html
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The U.S. Department of Justice and the FBI have gotten court permission to attack a long-running botnet.
 
Layer Four Traceroute (LFT) Privilege Escalation Vulnerability
 

The security vendor’s corporate website was compromised via a SQL injection attack.

Web security giant Barracuda Networks, acknowledged Monday that a hacker used a SQL injection attack to gain access to its corporate website.

The hacker made off with Barracuda encrypted passwords and email addresses of channel partners, sales leads and some Barracuda employees, according to Michael Perone, Barracuda’s executive vice president and chief marketing officer. Most of the data consisted of names and email addresses, Perone wrote in the Barracuda Labs blog.

“Further, we have confirmed that some of the affected databases contained one-way cryptographic hashes of salted passwords. However, all active passwords for applications in use remain secure.”

Perone acknowledged that the attacker bypassed the Barracuda Web application firewall that was in place to protect the website. The firewall was placed into monitoring mode for maintenance on April 8. A day later, an automated script began crawling the website looking for vulnerabilities.

“After approximately two hours of nonstop attempts, the script discovered a SQL injection vulnerability in a simple PHP script that serves up customer reference case studies by vertical market,” Perone said.

The customer case study database shared the SQL database used for marketing programs which contained the names and email addresses. “The attack utilized one IP address initially to do reconnaissance and was joined by another IP address about three hours later,” Perone wrote.

Most of the exposed data were email addresses associated with sales leads for Barracuda channel partners. Some of the contents included email addresses and hashed passwords of Barracuda employees authorized to manage the website. Perone said the passwords were also “salted” preventing an attacker from using a tool to crack the hashing algorithm.

The website breach was reported Monday by the Register. The hacker, who called himself Fdf, claimed responsibility for the Barracuda attack, posting the stolen information on his website Monday.

Hackers have taken a keen interest in targeting security firms in 2011.  A similar website breach occurred to security giant McAfee. Cross-site scripting errors were to blame.  More serious breaches occurred to other security vendors. Last month, RSA, the security division of EMC Corp. announced a breach of its systems resulting in the compromise of its SecurID two-factor authentication products. In February hackers infiltrated HBGary Federal, bilking the firm of thousands of email messages.

Security experts from across the spectrum say that the breaches are an indication that no one is immune to an attack and that no single security technology is a silver bullet.



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Adobe Flash Player CVE-2011-0611 'SWF' File Remote Memory Corruption Vulnerability
 
We recently reviewed the standard configurations of the new MacBook Pros. And while we don't review custom configurations, Macworld Lab bought a couple of build-to-order (BTO) MacBook Pros, and our first benchmark results for a 15-inch system with the faster 2.3GHz Intel Core i7 quad-core processor are in.
 
Watch out Twitter. You might have some competition coming soon.
 
A New York man this week amended a lawsuit against Mark Zuckerberg to add email documents that were allegedly written by the Facebook co-founder during the development phase of the social network.
 
Intel this week talked about some features in its upcoming Core chips based on Ivy Bridge chip architecture, which will bring improved graphics and application performance to PCs.
 
Jive Software is buying data mining startup Proximal Labs in a move that will help it derive deeper insights into social-networking data.
 
A new week, a new rash of attacks against security vendors, email marketers and banks. It would be easy to point fingers and laugh at the irony, especially in the case of security vendors, but that would be both petty and shortsighted.
 
Microsoft's new browser, Internet Explorer 10 (IE10), will not run on Windows Vista, either now in its developer preview form or when the software ships, the company confirmed today.
 
Microsoft on Wednesday announced 1,500 new developer tools coming in May for the next version of the Windows Phone operating system, code-named Mango, that's due in the fall.
 
Mentors and sponsors can play a key role in helping women advance their careers in IT, said members of a panel discussion at the Collaborate 11 Oracle user conference.
 
Isilon is shipping two new NAS arrays targeted as big data architectures with high I/O rates and the ability to scale to petabytes in capacity under a single file name.
 
MIT Kerberos kadmind Change Password Feature Remote Code Execution Vulnerability
 
Microsoft Windows Messenger ActiveX Control Remote Code Execution Vulnerability
 
Microsoft Internet Explorer 8 Developer Tools Remote Code Execution Vulnerability
 
Microsoft WordPad Text Converter (CVE-2011-0028) Remote Code Execution Vulnerability
 

SOURCE Boston: Two Views on Infosec Interviewing,Hiring
CIO
It's one thing to be a capable infosec professional. It is something else to be capable at managing your own career -- knowing how to land the right job yourself or, as a manager, to spot and hire the kind of talent that will improve both your ...

and more »
 
In an effort to keep sensitive data from prying eye, Toshiba today announced a new family of hard disk drives for a number of devices, including PCs and printers, that automatically wipe themselves of data when connected to unauthorized hosts.
 
Upcoming chipsets from Advanced Micro Devices will support USB 3.0, which could make it easier for PC makers to add ports based on the interconnect to laptops.
 
Microsoft did not realize how different smartphones are from PCs until recent software updates broke new Windows Phone 7 devices.
 
MITKRB5-SA-2011-004 kadmind invalid pointer free() [CVE-2011-0285]
 
Microsoft Patches Binary Planting Issues In Various Vendors' Products
 

Windows IPv4 Networks Vulnerable To IPv6 Attack
InformationWeek
... someone with malicious intent could "impose a parasitic IPv6 overlay network on top of an IPv4-only network, so that an attacker can carry out man-in-the-middle attacks on IPv4 traffic," said Alec Waters, a security researcher for InfoSec Institute ...

and more »
 

SOURCE Boston: Two views on infosec interviewing, hiring
Network World
It's one thing to be a capable infosec professional. It is something else to be capable at managing your own career -- knowing how to land the right job yourself or, as a manager, to spot and hire the kind of talent that will ...

and more »
 
Microsoft on Tuesday beefed up security in Office 2003 and Office 2007 on Windows by adding a feature that first appeared in the newer Office 2010 last year.
 
U.S. companies and organizations spent 15% more in online advertising in 2010 than in 2009, driving revenue for advertising providers like Google, Yahoo and Facebook to a total of $26 billion, setting a record, according to a study.
 
Microsoft Windows CVE-2011-0657 DNS Resolution Remote Code Execution Vulnerability
 
Microsoft Windows SMB Transaction Parsing Remote Code Execution Vulnerability
 
Microsoft .NET Framework x86 JIT compiler Stack Corruption Remote Code Execution Vulnerability
 

SOURCE Boston: Two views on infosec interviewing, hiring
IDG News Service
It's one thing to be a capable infosec professional. It is something else to be capable at managing your own career -- knowing how to land the right job yourself or, as a manager, to spot and hire the kind of talent that will improve both your ...

and more »
 
Red Hat's server virtualization solution mixes ease and scalability with a few odd limitations
 
Motorola Solutions and Huawei agree to settle trade secrets lawsuits against each other.
 
Microsoft will certify mobile applications using ActiveSync's enterprise management features.
 
T-Mobile is using the fine print in its new data plan to experiment with the English language. In the plans, unveiled today, T-Mobile uses the word "unlimited" but then adds that it will throttle user connections after 2GB. Technically the data is still unlimited; it's just the functionality that's crippled.
 
Keith Shaw reviews the Visioneer Mobility scanner, by Visioneer, and ScanSnap S1100, by Fujitsu
 
BlackBerry Enterprise Server Web Desktop Manager Component Cross Site Scripting Vulnerability
 
Joomla! JCE Component 'index.php' SQL Injection Vulnerability
 
Microsoft's server virtualization platform pairs good performance with extensive management, at the cost of significant added complexity
 
American Express is investing in a startup called Payfone that makes a mobile payment that uses a person's mobile phone number to authorize payments to merchants based on funds from a user's credit card or debit account.
 
The world's leading server virtualization platform is still tops in performance, scalability, and advanced features
 
IBM Tivoli Directory Server Multiple Security Vulnerabilities
 
[PRE-SA-2011-03] Denial-of-service vulnerability in EFI partition handling code of the Linux kernel
 
[security bulletin] HPSBUX02642 SSRT100415 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS)
 
[USN-1109-1] GIMP vulnerabilities
 

RichmondBizSense

General Electric to open IT center in Henrico, employing 200
Richmond Times Dispatch
She said some job openings already have been posted for the center on a Web site, www.ge.com/infosec, which also lists the location of the center as 5640 Cox Road. The site lists 34 job openings for GE at that address. "The intent is to continue to ...
GE bringing 200 high-tech jobs to HenricoVirginia Business Magazine

all 6 news articles »
 
A press feeding frenzy followed the somewhat vague April Fools Day announcement by Epsilon Data Management that someone had hacked into its systems and stolen a bunch of email addresses. The addresses were of people who had "opted in" for email marketing by a bunch of major vendors such as Target and Red Roof Inns, and many of the vendors sent announcements of the breach to their customers (I got such an announcement from a vendor I had purchased a present from for my wife. The announcement did not say all that much, essentially it told me to "be careful".).
 
American Express is investing in mobile payment technology with start-up Payfone that relies on a person's mobile phone number to authorize payments to a merchant based on funds from a user's credit card or debit account.
 
[security bulletin] HPSBMA02643 SSRT100416 rev.2 - HP Network Node Manager i (NNMi), Local Unauthorized Read Access to Files, Remote Cross Site Scripting (XSS)
 
VUPEN Security Research - Microsoft Office MSO Size Handling Integer Overflow Vulnerability
 
nSense-2011-001: VeryPDF pdf2tif
 
[security bulletin] HPSBUX02653 SSRT100310 rev.1 - HP-UX Running NFS/ONCplus, Remote Denial of Service (DoS)
 

SOURCE Boston 2011: Two views on infosec interviewing, hiring
CSO
It's one thing to be a capable infosec professional. It is something else to be capable at managing your own career -- knowing how to land the right job yourself or, as a manager, to spot and hire the kind of talent that will ...

 

Infosec 2011: Charity sector shows the way to balance budget and security
ComputerWeekly.com
Tackling security project by project is an effective way of securing data on a limited budget, says Matt Holland, head of information security at children's charity NSPCC. "Cutting the budget while bolstering security is a challenge nowhere more common ...

 
Citrix tackles server virtualization with a fast hypervisor and enterprise features, but leaves a few rough edges
 
Rebels in Libya set up their own mobile network after being disconnected from Tripoli
 
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The leading server virtualization contenders tackle InfoWorld's ultimate virtualization challenge
 
Oracle is continuing to take a cautious approach in pushing its new Fusion Applications to enterprises.
 
The U.S. Census Bureau is in the midst of a tech makeover following criticism of its technology deployments leading up to the 2010 Census.
 
NASA officials expect that 'game-changing technologies' will be developed by engineers working on creating a new generation spacecraft.
 
VMware unveiled an open platform-as-a-service offering on Tuesday that supports multiple programming frameworks including Spring for Java, Ruby on Rails and Sinatra for Ruby.
 
A year after it debuted the first preview for the just-shipped Internet Explorer 9 (IE9), Microsoft on Tuesday kicked off its next browser, IE10.
 

DeviceLock could have prevented Wikileaks
MicroScope (blog)
Police investigating the recent Wikileaks scandal phenomenon will NOT be calling on Stand D42 at Infosec. Because the exhibitor occupying this space, DeviceLock, is generally well respected in the ...

 
Microsoft Excel CVE-2011-0103 Memory Corruption Vulnerability
 

Kaspersky Lab to talk about cloud computing safety issues at Infosec
MicroScope (blog)
Kaspersky Lab hasn't had a great year. Its UK MD, sales director and marcoms manager have all jumped ship fairly recently. As companies start using the cloud for certain services, they will need to ...

 


Internet Storm Center Infocon Status