InfoSec News


July 2011 issue of ClubHack Magazine is released
Online PR News (press release)
Firstly ClubHack Mag is now partners with the famous infosec magazines - Hakin9 and PenTestMag. Second, I hope you remember our feb2011 issue covering "Mantra" & hope that you all are having good time with it. Well, the good news is Mantra - a browser ...

 
Last week I read an interesting article stating the PC is no longer the office primary device for accessing the Internet. With the influx of mobile devices into the enterprise, it is becoming more difficult to enforce corporate policies that are centrally managed. A recent survey by McAfee across [...] 14 nations show 21% of companies have no restrictions on use of personal mobile devices, while 58% have lightweight policies, and only 20% have stringent guidelines.[2] Each of these devices have different OS, software installed and ways of securing them (or none at all). If these devices aren't centrally controlled and have access to everything in the enterprise, it will become a gold mine for those looking for an easy to pick low hanging fruit.
A recent study indicates that Mobile internet traffic is set to grow 400% by 2015 for example, Australia's DSD just released a guide to harden the iOS 4 devices [5]. Incident Response will also become more complex if a mobile device has been compromised and is not owned by the enterprise. I can see Network Forensics becoming a crucial tool to aid reconstructing the events that lead to an incident.
Last year ISC posted a survey on What is your biggest fear with Mobile Devices in your enterprise?[6] and almost 50% of the respondent answered Monitoring for information leak followed with about 20% having issues with Wireless access.If you dont mind sharing, we would like to hear from you our readers, how your organization is currently dealing with Mobile Devices.
[1] http://www.networkworld.com/newsletters/sec/2011/070411sec1.html

[2] http://www.usatoday.com/money/workplace/2011-05-30-mobile-devices-in-the-workplace_n.htm

[3] http://econsultancy.com/us/blog/5683-study-mobile-internet-traffic-is-set-to-grow-400-by-2015

[4] http://isc.sans.edu/diary.html?storyid=11185

[5] http://www.dsd.gov.au/publications/iOS_Hardening_Guide.pdf

[6] http://isc.sans.org/poll.html?pollid=301results=Y

[7] http://next-generation-communications.tmcnet.com/topics/nextgen-voice/articles/195439-rogers-brings-canadas-first-lte-network-ottawa.htm

[8] http://gigaom.com/mobile/verizons-lte-network-getting-10-devices-by-june/
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Community SANS SEC 503 coming to Ottawa Sep 2011 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
I have tested a new Sguil agent released by Paul Halliday [1] last month to collect and store http traffic session into the Sguil database for web traffic analysis. If you are looking for a method to collect and mine web traffic session, this new agent is your tool. Here is an example how the httpry agent collects its log:


2011-07-13 00:36:47 192.168.48.138 50108 72.14.204.121 80 GET www.pintumbler.org /Code/dnsbl http://www.pintumbler.org/Code/hafs Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

2011-07-13 00:36:48 192.168.48.138 50108 72.14.204.121 80 GET www.pintumbler.org /_/rsrc/1303426214049/Code/dnsbl/dnsbh1.png http://www.pintumbler.org/Code/dnsbl Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

2011-07-13 00:36:48 192.168.48.138 50227 72.14.204.121 80 GET www.pintumbler.org /_/rsrc/1303426235351/Code/dnsbl/dnsbh2.png http://www.pintumbler.org/Code/dnsbl Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)

2011-07-13 00:36:48 192.168.48.138 50228 72.14.204.121 80 GET www.pintumbler.org /_/rsrc/1303426262027/Code/dnsbl/dnsbh3.png http://www.pintumbler.org/Code/dnsbl Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
This Sguil client snapshot shows the traffic collected by the agent on a client and displayed in the order the web sites were accessed. Like other traffic collected by the Sguil framework, this traffic can request the packets to be analyzed with Wireshark.

Follow Paul's instructions [2] on how to install and configured the agent to have the traffic report to the Sguil database. I would also suggest to run a cronjob to rotate the httpry service once per day to empty the logfile, otherwise it will grow exponentially and the agent will stop processing. Consider adding sites you consider of no value to the /etc/ httpry_agent.exclude file to carefully select what you insert in your database.
[1] http://www.pintumbler.org/Code/hafs

[2] https://github.com/int13h/httpry_agent/blob/master/README.md

[3] http://isc.sans.org/diary.html?storyid=9295
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
Community SANS SEC 503 coming to Ottawa Sep 2011 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Some residents of Quincy, Washington, home of massive data centers operated by Microsoft, Yahoo and others, are growing concerned about pollution from backup diesel generators at the data centers, and on Wednesday they'll have the chance to discuss the issue.
 
Cisco this week expanded its Unified Computing System networking portfolio in an effort to improve the scalability and performance of the data center consolidation system.
 
Box.net plans to develop "semi-local" apps for various mobile operating systems using a common HTML5 codebase, in a bid to keep up with the proliferation of smartphone and tablet platforms.
 
Lenovo nudged out Acer to become the world's third-largest PC maker, and is inching closer to taking the second spot from Dell, according to IDC research released on Wednesday.
 
Linux Kernel 'x25_parse_facilities()' CVE-2010-4164 Remote Denial of Service Vulnerability
 
Lawyers for Oracle and SAP are due in court Wednesday to argue post-trial motions in their TomorrowNow lawsuit, with SAP seeking a new trial and a reduction of the $1.3 billion jury award it was ordered to pay.
 
Public Knowledge criticizes a Republican proposal for spectrum auctions.
 
For his annual keynote at the Microsoft Wordwide Partner Conference, taking place this week in Los Angeles, Microsoft Chief Operating Officer Kevin Turner flouted the supposed weaknesses of Cisco, IBM, Google, Oracle and others, letting attendees know that Microsoft is gunning for these companies' business.
 
After three deadly blasts in the city late Wednesday, the people of Mumbai are using the Internet and social networks to help coordinate blood donations, hospitals, and even shelter for people.
 
After promising earlier this week that changes to Google+ were coming, Google is making good on that vow with a privacy update and a new contacts tool.
 
Microsoft Windows Kernel 'Win32k.sys' (CVE-2011-1875) Local Privilege Escalation Vulnerability
 
RIM has plans to release a flock of new BlackBerry smartphones in the coming months, with more powerful chips, better displays, and its latest firmware. Can they turn around the company's fortunes?
 
Padmasree Warrior, Cisco's CTO and senior vice president of engineering, discussed the network gear company's reorganization of Cisco's engineering groups, Catalyst vs. Nexus, the so-called Cisco "tax" (its prices vs. the competition), network virtualization, Cisco's toe dipping into the brave new world of open source and the future careers of the Cisco CCIE faithful.
 
Google thinks you should do all of your computing on the Web. To prove its point, the company has been working to replace traditional desktop software with Web-based alternatives, such as Gmail and Google Docs. When Internet Explorer and Firefox struggled to handle those complex applications, Google launched its own browser called Chrome, igniting a features war that has improved JavaScript performance and Web standards support in every major browser.
 
Silver Peak Systems released a software-only edition of its WAN optimization product that will allow users and vendors to deploy it on a variety of hardware and hypervisors, from virtualized blade servers to storage area networks.
 
Microsoft Windows CSRSS 'SrvSetConsoleNumberOfCommands()' Local Privilege Escalation Vulnerability
 
Microsoft Windows CSRSS 'SrvSetConsoleLocalEUDC()' Local Privilege Escalation Vulnerability
 
Microsoft Windows CSRSS 'SrvWriteConsoleOutput()' Local Privilege Escalation Vulnerability
 
RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
 
Office OCX OA.OCX Office Viewer ActiveX Denial of Service Vulnerabilities
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Managing consumer or citizen identities comes with two key problems--scale and cost--prompting organizations that require onboarding, authentication, and password management to look for ways to outsource this effort. Entertainment websites, online retailers, and even US federal government-to-citizen websites are experimenting with a federated model for more of their identity management life cycle. By using single sign-on (SSO) and attribute-sharing between "social" identity providers (IdPs) (i.e. Google and Facebook) and relying parties (RPs), this model effectively reduces cost and improves the customer experience.
 
France's High Authority for the Distribution of Works and the Protection of Rights on the Internet has prosecuted no one for illegal file sharing in the nine months since it began operating under a so-called "three strikes" copyright enforcement law.
 
Just over a year ago I wrote a post on fixing the "General failure" error that appears in Outlook when you click a link in an e-mail message. (The full error reads something like this: General failure. The URL was: "http://www.webaddress.com" The system cannot find the file specified.)
 
Content management vendor OpenText is moving further into BPM business process management software, scooping up Global 360 for $260 million.
 
Intel appointed new leaders to run the McAfee subsidiary as David DeWalt resigned as the unit's president.
 
The controversy over India's demand that it be allowed to monitor online and mobile communications resurfaced again on Wednesday, with an Indian minister telling reporters that the government had asked Skype, Google, and several other companies to give it access.
 
torque 'job name' Argument Remote Buffer Overflow Vulnerability
 
SilverSHielD 'opendir()' Remote Denial of Service Vulnerability
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Lawyers for WikiLeaks founder Julian Assange finished their arguments on Wednesday in London's High Court as to why the WikiLeaks founder should not be extradited to Sweden to face questioning on potential charges of molestation and rape.
 
The controversy over India's demand that it be allowed to monitor online and mobile communications resurfaced again on Wednesday, with an Indian minister telling reporters that the government had asked Skype, Google, and several other companies to give it access.
 
If you've got a big, complicated project to manage, and multiple people involved in it, you've got a headache in the making. Not only is it difficult to understand all the moving pieces, but it can be even harder to keep everyone on track--and for everyone involved to see the big picture, and communicate with one another. The LiquidPlanner website ($29 per user, 30-day free trial) can help solve the problem.
 
Google is everywhere right now. The company has made a strong push with its Google Books project, but until now it hasn't had a tie-in to a stand-alone e-reader. That changes with the iRiver Story HD, which goes on sale this weekend at Target for $140. The Story HD makes getting Google ebooks onto an E Ink-based reader reasonably easy; in my trials with the device, however, I found myself frustrated by the Story HD's cheap design, poky performance, and Google Books interface.
 
Reader Thomas owns a fairly small, compact laptop, yet "the little bugger has gotten incredibly noisy in the last few weeks. It's the cooling fan, which seems to run all the time and at maximum speed." He wants to know what he can do to get his laptop back to its previously quiet self.
 
Microsoft Windows CSRSS 'AllocConsole()' Local Privilege Escalation Vulnerability
 
The Missile Defense Agency CIO explains how cloud computing is helping to drive cost efficiencies, boost service levels and ease management.
 
Tasked with adopting cloud computing as a first option in all IT projects, federal agencies are grappling with the hard realities of making that policy work.
 
Like oil and water or peanut butter and jelly? Google+, the search giant's new social network, has everyone in the tech industry speculating about whether it's "the Facebook Killer."
 

OCTAVE risk assessment method examined up close
SearchSecurity.in
With the OCTAVE risk assessment method, integration of the organization's infosec policies and unique business needs becomes possible. OCTAVE helps organizations tap into operational experience and intelligence to define risks in a business context. ...

 
libpng PNG File Denial Of Service Vulnerability
 

Posted by InfoSec News on Jul 13

http://www.fastcompany.com/1765855/dhs-someones-spiking-our-imported-tech-with-attack-tools

By Neal Ungerleider
Fast Company
July 8, 2011

A top Department of Homeland Security (DHS) official has admitted on the
record that electronics sold in the U.S. are being preloaded with
spyware, malware, and security-compromising components by unknown
foreign parties. In testimony before the House Oversight and Government
Reform Committee, acting...
 

Posted by InfoSec News on Jul 13

http://www.bloomberg.com/news/2011-07-13/sen-jay-rockefeller-seeks-u-s-agency-probes-of-news-corp-phone-hacking.html

By Anthony Palazzo
Bloomberg
July 12, 2011

Senator Jay Rockefeller called for U.S. agencies to investigate whether
alleged phone hacking at News Corp. (NWSA)’s U.K. newspapers targeted
American victims of the Sept. 11, 2001, terrorist attacks.

“I am concerned that the admitted phone hacking in London by the News
Corp. may...
 

Posted by InfoSec News on Jul 13

http://gcn.com/articles/2011/07/12/energy-lab-attack-zero-day-exploit.aspx

By William Jackson
GCN.com
July 12, 2011

The cyberattack that took the Energy Department’s Pacific Northwest
National Laboratory offline on July 1 exploited a zero-day vulnerability
to infect the systems with an Advanced Persistent Threat, lab CIO Jerry
Johnson said July 12.

Although external e-mail and some internal communications have been
restored, the lab’s...
 

Posted by InfoSec News on Jul 13

http://www.informationweek.com/news/government/security/231001440

By Elizabeth Montalbano
InformationWeek
July 12, 2011

The United States plans to start regularly sharing cybersecurity
information with Russia as part of the Obama administration's efforts to
re-establish closer ties to that country and clear up misconceptions
surrounding the two nations' cyber policies.

Cybersecurity officials from both countries met last month to...
 
Linux Kernel Tunnels Initialization Remote Denial of Service Vulnerability
 
Linux Kernel 'madvise()' System Call Local Denial of Service Vulnerability
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Internet Storm Center Infocon Status