InfoSec News

Google has acquired Clever Sense, the developer of Alfred, a personalized restaurant and bars recommendations app, for an undisclosed price, the companies said Tuesday.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The contract that founded Apple was purchased Tuesday for nearly $1.6 million, far above the estimate of $100,000 to $150,000 put on the 35-year-old document by Sotheby's.
Microsoft?s 13 security bulletins included critical Windows and Windows Media Player updates.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
OpenIPMI 'ipmievd' Daemon PID Files Insecure File Permissions Vulnerability
RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
Microsoft PowerPoint OfficeArt Shape CVE-2011-3413 Remote Code Execution Vulnerability
Three executives at Hitachi-LG Data Storage have agreed to plead guilty and serve prison time in the U.S. for their participation in a series of conspiracies to rig bids and fix the prices of optical disk drives sold to large computer makers, the U.S. Department of Justice announced Tuesday.
Microsoft Internet Explorer 'getComputedStyle()' Information Disclosure Vulnerability
HP OpenView Network Node Manager Multiple Remote Code Execution Vulnerabilities
Contextream, a developer of network virtualization software for cloud computing, this week announced the availability of Contextream Grid for cloud and managed hosting providers.
The Consumer Electronics Association has switched its position on Internet sales taxes, with the huge trade group now supporting the collection of the tax.
The U.S. National Transportation Safety Board recommended on Tuesday that states outlaw the use of all electronic devices, while driving, including cellphones with hands-free kits.
ZDI-11-348 : HP OpenView NNM nnmRptConfig.exe nameParams Remote Code Execution Vulnerability
ZDI-11-347 : Microsoft Office Word Hidden Border Remote Code Execution Vulnerability
ZDI-11-346 : Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability
As another year draws to a close, we look back on the IT-related comments that stuck with us.
SAP executives provided new details about the company's plan to make the HANA in-memory database the focus of a sweeping reinvention of its software architecture during an event in Boston on Tuesday.
Microsoft today issued 13 security updates, one less than expected, that patched 19 vulnerabilities in Windows, Internet Explorerr, Office, and Windows Media Player.
A proposed amendment to the controversial copyright enforcement bill, the Stop Online Piracy Act, has not swayed many opponents to the legislation.
Microsoft Windows Time Component Remote Code Execution Vulnerability
SSD shipments rose 66% between Q3 2010 and this year, and revenue from PC SSD sales and enterprise systems more than doubled.
Traq 'authenticate()' Function Remote Code Execution Vulnerability
WordPress SCORM Cloud Plugin 'ajax.php' Multiple SQL Injection Vulnerabilities
As expected, Microsoft wasn't alone with issuing patches today. In addition, Adobe released two bulletins affecting Flex and Cold Fusion. Both bulletins affect developer and server components, not commonly used client software.
APSB11-25: Cross Site Scripting issue in Flex SDK
The Adobe Flex SDK is used to create flash applets for web applications. The vulnerability fixed in this bulletin could lead to cross site scripting problems with these applications.
APSB11-29: Cross Site Scripting in ColdFusion
ColdFusion is a web application platform that may be hosted on Windows, Unix or OS X. This hot fix fixes a cross site scripting vulnerability in applications created with ColdFusion.
Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Thanks for the help with this! Turns out this had a not so malicious resolution for now: The IP address is used for numerous spelling error domains aka typo squatting. The company/person behind this ip addressis redirecting a large number of domains to the IP address which then displays a yellow pages look alike called yellow book. Nothing malicious as far as I can tell for now, but some may not like this practice.
Alex wrote in a short time ago seeing www.citrix.com resolving to208.73.210.29. This IP address has been associated with malware in the past. Further investigation showed that literally hundreds of brand name sites point to this IP address (if you are using the wrong DNS server). For example, see the report from the BFK passive DNS caching tools:
Please let us know if you are seeing outbound traffic to this IP address or if you see DNS resolution requests that return this IP address. We are still investigating details.


Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A memo sent by Microsoft CEO Steve Ballmer to employees Monday and published publicly by Microsoft indicates Windows Phone 7 probably isn't living up to the company's expectations.
Hitachi today announced its fastest 10,000rpm 2.5-in enterprise-class hard drive, which it said has 18% faster sequential and 17% random performance than its predecessor and it comes with up to 900GB capacity.
Carrier IQ last night released a 19-page document describing its technology in what appears to be a belated attempt to quell continuing concerns over its controversial tracking software.
Scientists working to find the elusive 'God particle' say they've discovered signs that it exists and they hope to know for sure within a year.
Everybody knows that complex technology needs documents and training materials so that developers can effectively use it. In the cloud, this need is magnified by the fact that developers have to work with several languages at once (HTML, JavaScript, XML, CSS, jquery, Ruby, PHP, SQL...the possibilities are endless). So developers need more docs, right?
A developer uploaded more than a dozen cloned games, wrapping them in code that caused device owners to accrue expensive text messaging charges to premium numbers.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Microsoft Publisher '.pub' File 'pubconv.dll' Memory Corruption Remote Code Execution Vulnerability
Linux Kernel 'hfs_find_init()' Function NULL Pointer Deference Local Denial of Service Vulnerability
The U.S. Department of Justice has charged that six ex-Siemens executives bribed Argentine government officials in order to win a US$1 billion contract to provide national identity cards to the country's citizens.
Overview of the December 2011 Microsoft patches and their status.

Contra Indications - KB
Known Exploits
Microsoft rating(**)
ISC rating(*)


True Type Font Remote Execution Vulnerability (Replaces MS11-077)

True Type Font Kernel Drivers

KB 2639417
actively exploited.

Exploitability: 1

Elevation of Privileges in Chinese version of Microsoft Office

Microsoft Office IME (Chinese)

KB 2652016
no known exploits.

Exploitability: 1

Remote Code Execution Vulnerability in Office (for OS X, replaces MS11-072 )

Microsoft Office (Windows and OS X)

KB 2590602
no known exploits.

Exploitability: 1

Active X Kill Bits (Replaces MS11-027)


KB 2618451
no known exploits.

Exploitability: 1

Remote Execution in Microsoft Publisher (Replaces MS10-103)

Microsoft Publisher




KB 2607702
vuln. is disclosed.

Exploitability: 1,1,2

Remote Execution in Windows Media

Windows Media

KB 2648048
no known exploits.

Exploitability: 1

OLE RemoteCode Execution Vulnerability


KB 2624667
no known exploits.

Exploitability: 1

PowerPoint Remote Execution Vulnerability (Replaces MS11-036 MS11-022 MS11-072)


KB 2639142
no known exploits.

Exploitability: 2

Vulnerability in Active Directory Could Allow Remote Code Execution (Replaces MS11-086)

Active Directory, Active Directory Application Mode, and Lightweight Directory Service

CVE- 2011-3406
KB 2640045
no known exploits.

Exploitability: 1

Vulnerability in Microsoft Excel Could Allow Remote Code Execution (Replaces MS11-072)

Excel 2003

KB 2286198
Exploit code likely.

Exploitability: 1

Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege

(Replaces MS11-010)

Run-Time Subsystem

KB 2620712
no known exploit.

Exploitability: 1

Vulnerability in Windows Kernel Could Allow Elevation of Privilege

(Replaces MS10-047MS10-021MS11-068)

Windows Kernel

KB 2633171
no known exploit.

Exploitability: 1

Cumulative Security Update for Internet Explorer

Internet Explorer



KB 2618444
no known exploit.

Exploitability: 3,1

We will update issues on this page for about a week or so as they evolve.

We appreciate updates

US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY

(*): ISC rating

We use 4 levels:

PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
Critical: Anything that needs little to become interesting for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
Important: Things where more testing and other measures can help.
Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.

The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.
Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.
All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them.

(**): The exploitability rating we show is the worst of them all due to the too large number of ratings Microsoft assigns to some of the patches.


Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
ESA-2011-036: RSA, The Security Division of EMC, announces the release of a Security Fix for RSA(r) Adaptive Authentication (On-Premise)
Secunia Research: Sterling Trader Data Processing Buffer Overflow Vulnerability
Wordpress the-welcomizer plugin Cross-Site Scripting Vulnerabilities
Microsoft is using the latest malware campaign aimed at rival Android to give away new Windows 7 Phones to the five Android users who tell the best tales of woe.
Hitachi today announced its fastest 10,000rpm laptop hard drive, which it said has 18% faster sequential and 17% random performance than its predecessor and it comes with up to 900GB capacity.
In 2011, the increasingly mobile and socially networked world of technology became more intertwined than ever with politics and the law. Patent wars shaped competition in tablets and smartphones, hacktivists attacked a widening array of political and corporate targets, repressive regimes unplugged citizens from the Internet, and the U.S. government moved to block the giant merger of AT&T and T-Mobile USA. With the passing of Steve Jobs, the world lost a technology icon who redefined the computer, entertainment and consumer electronics industries. These are the IDG News Service's picks for the top 10 technology stories of the year:
[ MDVSA-2011:186 ] nfs-utils
A Riverbed software upgrade means more efficient distribution of video over WANs and optimizing traffic that runs over satellite links.
Hitachi today announced its fastest 10,000rpm laptop hard drive, which it said has 18% faster sequential and 17% random performance than its predecessor and it comes with up to 900GB capacity.
Enterprises can now use TwinStrata's CloudArray to access storage capacity hosted in OpenStack-based clouds, the company said on Tuesday.
Be sure your contract specifies where your data can be located and obligates the cloud provider to tell you when the data has been disclosed to a third party.
[ MDVSA-2011:185 ] libcap
A newly revised publication from the National Institute of Standards and Technology (NIST) expands the options for government agencies that need to verify the identity of users of their Web-based services. Electronic Authentication ...
Do you yearn for a paperless office, dream of being able to search your paper files as easily as your digital files, or simply want to reduce paper clutter? In all these cases, your goal is to turn all those piles of paper on your desk, and the contents of your bulging filing cabinets, into PDF documents that look exactly like the originals--and have searchable, selectable text. The best tool for this job is a document scanner.
One of the delights of YouTube is coming across music videos where musical artists bring alive a song in a way that surpasses the composer's performance of the song. Twice in the past month I've come across such videos.
A reported vulnerability in Windows Phone causes its messaging features to be disabled after the device is sent a specific SMS or chat message.
The European Commission has asked Google for more information about its planned $12.5 billion deal to buy Android smartphone maker Motorola Mobility, and has suspended its approval process until it has all the documentation it needs.
Microsoft has quietly launched a support website where experts charge $99 for one- or two-hour sessions designed to rid PCs of malware, speed up a machine or solve problems with Windows or Office.
With the immense popularity of digital cameras, smartphones, and tablets for taking pictures and capturing video, and the wide availability of affordable digital music and movies, many people have amassed enormous collections of digital media. Much of that media typically finds its way onto a PC or mass-storage device of some sort--and, unfortunately, it can sometimes go unused for ages. Flipping through pictures or videos and relaxing with some good tunes is always appealing, but sitting in front of a PC isn't the ideal way to enjoy such content.
Adobe Shockwave Player CVE-2011-2126 'FLST' Record Buffer Overflow Vulnerability
The world of hypervisors is complicated by the fact that there are proprietary and open source tools and the latter are often pressed into service in different ways, say nothing of the fact that the whole market is evolving quickly. To get a handle on recent developments, Network World Editor in Chief John Dix corralled a panel of experts to assess where we are today and where we're going. The experts included Al Gillen, an analyst IDC who tracks virtualization developments, Kerry Kim, director of solutions marketing at SUSE, and Adam Jollans, program director of IBM's Linux and Open Virtualization Strategy.
China has approved Seagate Technology's proposed acquisition of Samsung Electronics' hard disk drive business, but with conditions, including measures to minimize potential price increases after the deal, the country's Ministry of Commerce said on Monday.
The FBI has denied a request for the release of information regarding its use of Carrier IQ's software, saying that releasing suchinformation could interfere with ongoing law enforcement operations.
Start-up Flow Corp. recently launched real-time data exchange technology for mobile developers, consumers and enterprises.
Systems monitoring and management may be headed to the cloud as management-as-a-service. Nimsoft CEO Chris O'Malley explains what that means and how it will affect IT in this Q&A -- part of the ongoing IDG Enterprise CEO Interview Series. Insider (registration required)

Posted by InfoSec News on Dec 13


By Stewart Mitchell
Dec 13, 2011

IT Manager warns of potential for "huge damage" amid mounting attacks.

An oil industry expert has warned colleagues they risk life-threatening
damage from hackers interested in disrupting their systems.

According to Ludolf Luehmann, an IT manager for Shell, oil industry
players face increased attacks...

Posted by InfoSec News on Dec 13


By Tim Wilson
Dark Reading
Dec 12, 2011

Unencrypted data on some 60,000 customers of Telstra -- one of
Australia's largest telecommunications carriers -- has been found easily
accessible on the Web.

According to news reports, a user found the database after doing a Web
search for a Telstra...

Posted by InfoSec News on Dec 13


By Taylor Armerding
December 12, 2011

Most people know that their computers and smart phones are under the
constant threat of attack from hackers. But your car? Your house? Your
TV and other consumer electronics?

It seems like a take on Stephen King's short story "Trucks" -- where
machines come to life and go on a murderous rampage...

Posted by InfoSec News on Dec 13


By Ms. Smith
Privacy and Security Fanatic
Network World

In support of OWS, an AntiSec hacker chose to lock and load on
C.L.E.A.R. (Coalition of Law Enforcement and Retail), hack the website,
and dump the entire member database. Passwords, phone numbers, email and
home addresses, and other digital dirt was posted for over 2,400 law
enforcement, feds, military, loss prevention...

Posted by InfoSec News on Dec 13


(People's Daily Online)
14:41, December 13, 2011

Beijing, Dec. 13 (People's Daily Online) -- China yesterday responded to
America's worries that China-based hackers pose a threat to U.S.
government agencies and companies.

At a daily press briefing on Monday in Beijing, Chinese Foreign Ministry
spokesman Liu Weimin was asked to make a remark on America's escalating...
Novell ZENworks Handheld Management Multiple Remote Code Execution Vulnerabilities
Internet Storm Center Infocon Status