InfoSec News

OpenTTD Use-After-Free Multiple Remote Denial of Service Vulnerabilities
 
Mozilla Firefox and SeaMonkey (CVE-2010-3772) Invalid Array Index Memory Corruption Vulnerability
 
For years, using voice recognition technology on phones or other devices has been a novelty -- usually because it works so poorly. But recent developments, including harnessing the computational power of the cloud, have made it more usable and will make it even better in the near future, according to Microsoft.
 
The activists behind Operation Payback have come up with a new way to annoy corporations that have severed their ties with WikiLeaks: bombard them with faxes.
 
Passwords used by people employed by U.S. federal, state and local governments were among those disclosed by the Gawker hack over the weekend, according to a report by PBS NewsHour.
 
On behalf of the Bavarian Academy of Science, IBM will build what may be the world's most powerful supercomputer.
 
This end-of-year article is a looking forward one -- looking forward to a year in which the Internet will be under a multi-pronged attack that threatens to change it irrevocably in ways that may destroy much of the Internet's potential.
 
Twitter has come up with a list of what people were tweeting about all year. The list includes vuvuzelas, Pulpo Paul and Apple's iPad.
 
FontForge Bitmap Distribution Format (.BDF) Font File Stack-Based Buffer Overflow Vulnerability
 
Passwords used by people employed by U.S. federal, state and local governments were among those disclosed by the Gawker hack over the weekend, according to a report by PBS NewsHour.
 
OpenSSL 'bn_wexpend()' Error Handling Unspecified Vulnerability
 
OpenSSL Ciphersuite Modification Allows Disabled Cipher Security Bypass Vulnerability
 
Despite a few recent slow days, holiday shoppers have been digging deep and spending a lot online this season.
 
Oracle refutes claims that it is no longer supporting the Lustre file system
 
A security researcher today provided a way for users to see whether their e-mail addresses and passwords were among the 1.3 million compromised in a hack of Gawker Media's sites.
 
Analysts flatly dismissed the possibility that Verizon Wireless will begin selling an LTE-capable iPhone after Christmas, as reported by MacDaily News.
 
Re: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily Escalate Privilegesand Login as Cached Domain Admin Accounts (2010-M$-002)
 
RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
 
RE: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
 

Information Security Bookshelf: Part 2 (2011 Edition)
informIT
It's a must-read for anyone working with InfoSec. Danseglio, Mike: Securing Windows Server 2003, O'Reilly, November 2004, ISBN-13: 978-0596006853. ...

 
Novell users have questions following the company's $2.2 billion sale to Attachmate, in addition to concerns about Microsoft's true role in the deal.
 
RE: [Full-disclosure] Flaw in Microsoft Domain Account CachingAllowsLocal Workstation Admins to Temporarily EscalatePrivilegesandLogin as Cached Domain Admin Accounts (2010-M$-002)
 
Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
 
RE: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002)
 
Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002)
 
People using a tool to conduct distributed denial-of-service (DDOS) attacks against other websites in support of WikiLeaks can easily be traced, according to computer security researchers.
 
For the first time, U.S. residents are devoting on average as much time to online activities as they are to watching TV, a new Forrester Research study has found.
 
Hackers have released e-mail addresses and passwords of 200,000 registered users of Gawker Media websites onto peer-to-peer networks.
 
Verizon Wireless's first LTE smartphone will be Apple's iPhone, according to a MacDaily News report.
 
Google today launched its location-sharing Latitude app for the iPhone, making good on a promise nearly two years old.
 
Verizon Wireless smartphone retail sales data show that Verizon needs the Apple iPhone badly, according to a research note by a financial analyst at Asymco.
 
The emergence of tablets as an alternative to PCs has caught the attention of chip makers, which are preparing next-generation processors to boost application and graphics performance on the devices.
 
SiSoftware Sandra 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
 
Multiple CyberLink Products DLL Loading Arbitrary Code Execution Vulnerability
 
Bentley Microstation Multiple DLL Loading Arbitrary Code Execution Vulnerability
 
Adobe LiveCycle ES DLL Loading Arbitrary Code Execution Vulnerability
 
Call for Papers -- BADGERS 2011
 
I recently experienced the week to top all weeks. I work for a small ISP in the US. A couple of weeks ago we started to have unusual problems with our border router. Our network guys began investigating what appeared to be a hardware issue. The router was checked and nothing obvious was found. Continuing investigation showed that the problem was perhaps a memory overflow problem so all of the settings on device were checked and OS versions were checked as well. Nothing obvious was found. A call was made to the hardware vendor and diagnostics were done and settings were checked. All looked fine. When the problem continued and it began to affect our entire network, (all of the servers, all of the routers) a deeper investigation was started. We setup Wireshark captures to attempt to determine what was causing our network issues. To our surprise and dismay we discovered that the problem was originating from one of our internal (linux) web servers. We were seeing a huge number of packets coming from the server which was basically causing an internal DOS. This server is a webhosting server for about 14 different companies. (Luckily the server is scheduled for decommissioning so only 14 companies our of 145 remained). We discovered that we had one customer who had a web page with a security hole in their PHP coding. We closed the hole and monitored the server closely all night and into the next day (no sleep for me that night). All looked good and we believed that we had stopped the culprits cold.
Unfortunately that was not the case. Mid afernoon the next day we started seeing a return of DOS type activity. We again started up the sniffer and some additional tools on the server. We sat and watched the traffic and captured the IP address that the activity was bound for. We immediately iptabled the IP address on the server and on the firewall. We blocked all traffic to and from the IP. Continuing to monitor the server we discovered that about 5 minutes later the activity started again. We again rebooted the server and blocked the new IP on both server and router. We continued to do this thinking that eventually they would give up. All the while we were scanning the files on the server, log files and config files to see if we could pin point the exact source. They obviously knew that we were on to them and they were attempting to win the battle of will and wits. Things got worse. The final straw was when the problem IP was now 127.0.0.1. Luckily at the same time as the IP address change took place we discovered that we had one particular directory that appeared to be running a script file of some type. We immediately changed the permission on that directory to 000 so that nothing from that directory could be executed, that stopped the attack.
Now to figure out what the culprit was. We continued digging through the files for this particular site and discovered that this customer had put up a shopping cart using Zen Cart. The version of Zen Cart that they had was vulnerable to Zen Cart Remote Code Execution Exploit and yes indeed they were compromised. We changed permission on the entire directory structure for the domain to 000 and notified the customer of the fact that their site was down and that their site had been exploited. I explained to the customer that the exploit was installed in the same directory as the PayPal transactions from his site. He explained that he uses Zen Cart because it is easy to use and he (with no knowledge of how it works) is able to update the cart by himself without having to pay a web designer. He said that he had received an email about the ZenCart vulnerability but he didn't understand what that meant so he just forgot about it. (I don't think that will happen again).
I spent the rest of the week researching the exploit, going through logs, the other web sites on the server and OS/config files checking to see if there was anything else impacted by this exploit. Luckily the exploit only affected the one site and all of the rest of the sites remain secure and intact. I am diligent about security of our network and servers. I review log files everyday for all of the servers under my umbrella. I believe it is because of this diligence that the damage was limited to just one web site.
I am now in the process of trying to determine what applications on the other hosted domains may cause us issues. (We have multiple servers and a few hundred domains) We simply host the domains, we do no design work. We have in the past made an incorrect assumption that our customers are using due diligence in designing their web sites (and you all know what happens when you ASSUME anything). The actual event took about 30 hours from discovery to resolution. The investigation and paper work took another 4 days. It was a crueling 5+ days but I have come through it with the confidence that we were successful in shutting the culprits down. The lesson learned for us is that we need to set some ground rules for the companies that host with us. We need to monitor network traffic realtime much closer than we have in the past. And we need to make sure that the things that our customers are doing doesn't have an adverse effect on us again.
The good news is things have returned to normal. The investigation is complete. The Incident report completed and now I am playing catchup with the things that didn't get done in the 5+ days. Once I get caught up on the other things I will be working on mitigation steps to prevent this type of incident from happening again.
Deb Hale Long Lines, LLC (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Seagate today announced the second generation of its Constellation drive, the industry's first 2.5-in enterprise-class drive with 1TB of capacity.
 
One of our Premier 100 IT Leaders on the future of IT, steering a co-worker away from talk about politics and more.
 
Re: Re: [Full-disclosure] Linux kernel exploit
 
[SECURITY] [DSA 2132-1] New xulrunner packages fix several vulnerabilities
 
[security bulletin] HPSBUX02608 SSRT100333 rev.1 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
 
Samsung this week will unveil a luxury version of its Galaxy Tab offering for about $1,000, according to reports.
 
Laptops can be stolen. Neoflyer asked the Answer Line forum for tips on protecting them.
 
The best thing to come out of Spike's cringeworthy video game awards this weekend, Bethesda announced its fifth mainline Elder Scrolls game and nailed it to a November 11, 2011 release date.
 
Google is rolling out a new Android Market client over the next two weeks, a move that leaves developers with mixed feelings.
 
Dell has agreed to buy virtualized storage vendor Compellent Technologies in an all-cash deal worth $27.75 per share, or $960 million.
 
Exim security issue in historical release
 
Re: Linux kernel exploit
 
Re: Flaw in Microsoft Domain Account CachingAllows Local Workstation Admins to Temporarily EscalatePrivileges and Login as Cached Domain Admin Accounts (2010-M$-002)
 
iDefense Security Advisory 12.10.10: RealNetworks RealPlayer Memory Corruption Vulnerability
 
This is a fairly difficult review to write, because talking about this short, free, browser-based game pretty much undermines the main pleasure of it, which is understanding it. Simply put, But That Was Yesterday is a metaphorical/symbolic walk through dealing with stress and lingering emotional issues, with platform jumping. Yeah, I know how that sounds. Really, it has to be played.
 
People using a tool to conduct distributed denial-of-service (DDOS) attacks against other websites in support of WikiLeaks can easily be traced, according to computer security researchers.
 
Brilliant Database is a relational database package that includes table design, reporting, scripting, and all the other features needed to make a usable business tool, at a very low price ($80). Although plenty of free database engines are out there, such as MySQL, very few offer free or low-cost tools for designing forms, building queries, laying out reports, and otherwise producing something to be used. Brilliant Database fills that niche.
 
We were notified by a reader today of a Breach of Security at Gawker Media. Gawker Media sites include Lifehacker, Gizmodo, Gawker, Jezebel, io9, Jalopnik, Kotaku, Deadspin, and Fleshbot.
If you are a Gawker Media user you will want to take a look at the information provided at http://lifehacker.com/5712785/.
Deb Hale Long Lines, LLC (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

GovInfoSecurity.com

Infosec's Role in Feds' 25-Pt. IT Plan
GovInfoSecurity.com
A new White House plan to reform how the feds manage IT should not only drive efficiencies but help secure digital assets, says Tim Young, former Office of ...

 
Humanitarian workers in the most remote parts of the world are being given a low-cost way to communicate with colleagues, friends and families as a result of a partnership between the United Nations High Commissioner for Refugees (UNHCR) and Skype.
 
Dell has agreed to buy virtualized storage vendor Compellent Technologies in an all-cash deal worth $27.75 per share, or $960 million.
 
Hackers have released e-mail addresses and passwords of 200,000 registered users of Gawker Media websites onto peer-to-peer networks.
 
trixbox 'langChoice' Arbitrary Script Injection Vulnerability
 
Sun Solaris Filesystem and Virtual Memory Subsystems Local Denial Of Service Vulnerability
 
In its first public version, the forthcoming cloud-based alternative to Windows and Mac OS X is too limited by -- ironically -- the cloud
 
Sometimes you have to get a little crazy to find the right solution to technology problems gone absurd
 
A federal judge has dismissed a patent infringement lawsuit filed by billionaire MIcrosoft co-founder Paul Allen against Apple, Facebook, Google, YouTube, and seven other companies three months ago.
 
If you're in the market for BI tools, here's the lowdown on who's offering what, from the major vendors to small startups.
 
Mozilla Firefox and SeaMonkey Firebug 'XMLHttpRequestSpy' Chrome Privilege Escalation Vulnerability
 
Exim ALT_CONFIG_ROOT_ONLY 'exim' User Local Privilege Escalation Vulnerability
 

Finextra

Can the Financial System Withstand Cyber Attack?
Finextra
Risk managers should consider the risk of widespread adoption of sentiments in line with this post to an infosec site. Who would have predicted this? ...

 


Internet Storm Center Infocon Status