InfoSec News


eEye Digital Security CTO to Keynote at InfoSec 2011 Nashville Conference
PR Web (press release)
eEye Digital Security, a provider of IT security and unified vulnerability management solutions, will exhibit at the InfoSec 2011 Nashville Conference at the Nashville Convention Center on September 15. The Southeast's leading security conference now ...

and more »
 

Infosec's mega marketing misalignment mishap
CSO Magazine
Analysts, security engineers and other infosec geeks aim for Swiss-watch precision, because one little mistake means the bad guys win. We want people to take this seriously, right? So why do certain marketing and PR departments spread a load of what my ...

and more »
 

18 infosec fails that let crims win
ZDNet Australia
Today's complex, targeted attacks succeed because companies fail to cover information security basics, according to senior Kaspersky Lab analysts. "Everybody is aware of these things, but now is the time for starting to [pay] attention," said Evgeny ...

and more »
 

GovInfoSecurity.com

Shifting Course on Infosec Post-9/11
GovInfoSecurity.com
On the morning of Sept. 11, 2001, federal IT leader Mark Forman was briefing government chief human resources directors on the president's e-government initiative at a forum at the University of Maryland, a 10-mile drive from his White House office, ...

 

2011 European Digital Forensics and Incident Response Summit confirms largest ...
Prfire (press release)
... James Lyne, nicknamed the Mcguyver of Infosec by the BBC, and David Stubley, a Director with 7 Elements, a respected security consultancy, taking the roster to 12 influential and highly regarded experts who will be presenting during the event. ...

 

We didn't leak names of US agents, insists WikiLeaks
Register
WikiLeaks has admitted some sort of unspecified infosec problem while denying suggestions that its cache of US diplomatic cables has been exposed. The whistle-blowing website has published carefully edited extracts of the cables in conjunction with its ...

and more »
 
Taking a different tack than it did three years ago, Microsoft has made a preview of Windows 8 available to anyone who takes the time to download it.
 
The U.S. Department of Justice has opened an investigation into whether eBay executives broke the law and stole trade secrets while sitting on the board of Craigslist.org.
 
Microsoft and Intel may be ready to split up after a long marriage. That's thanks to the new hottie in town: tablets. Does 'Wintel' still have a future?
 
Apple may be up for bringing back some of MobileMe's soon-to-be-discontinued features, if consumers barrage the company with feedback. Elsewhere, a profile of Tim Cook's successor, an ultra luxury car with an Apple twist, and who made HTC the latest barometer of cool?
 
Microsoft has issued five “important” security bulletins that address 15 flaws in Windows and Office and adds six more DigiNotar root certificates to the Windows Untrusted Certificate Store.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Real Networks RealPlayer CVE-2011-2946 ActiveX Control Remote Code Execution Vulnerability
 
Infor and its CEO, former Oracle co-president Charles Phillips, are hoping to jump-start the ERP (enterprise-resource-planning) software vendor's profile and revenues with Infor10, a major new rebranding and technology effort that was launched Tuesday at an event in New York.
 
Microsoft SharePoint Contact Details Cross Site Scripting Vulnerability
 
Linux Kernel Acorn Econet Protocol Implementation Local Information Disclosure Vulnerability
 
CIOs carry the tremendous responsibility of organizing their enterprise IT strategy to be cost effective, efficient and high quality.
 
The TechCrunch Disrupt 2011 conference, held this week in San Francisco, is known as a gathering where high-tech start-ups can strut their stuff.
 
Microsoft Office 'MSO.dll' Uninitialized Pointer (CVE-2011-1982) Remote Code Execution Vulnerability
 
Today's long-awaited look at Windows 8 left analysts almost as perplexed as they were before Microsoft's top Windows executive walked onto a California stage.
 
Microsoft will post the first developer preview beta of Windows 8 late on Tuesday, the company announced as it showed off the new OS running on a Samsung tablet.
 
Target's website is still struggling after it crashed earlier Tuesday when online shoppers flooded the site to get in on a low-priced line of high-fashion clothes and accessories.
 
Google has started to roll out its new flight search engine, which is based on technology from ITA Software, a maker of air-travel flight-information software Google bought for US$700 million.
 
Intel on Tuesday for the first time showed working prototypes of tablets with Google's Android OS and the chip maker's upcoming Atom low-power chip, code-named Medfield.
 
New legislation pushed by U.S. President Barack Obama and intended to stimulate job growth includes proposals for mobile spectrum auctions and for a nationwide mobile broadband network for emergency responders.
 
Cisco Systems Chairman and CEO John Chambers plans to stay on the job for at least three more years, he said Tuesday.
 
The National Institute of Standards and Technology (NIST) has published two new documents on cloud computing: the first edition of a cloud computing standards roadmap and a cloud computing reference architecture and taxonomy. Together, ...
 
Bringing order and security to the patchwork quilt of computing environments in a large organization can be a daunting task. Software tools and technical specifications that allow security information to be shared between information ...
 
The Seventh Annual IT Security Automation Conference, co-hosted by the National Institute of Standards and Technology (NIST), will focus on the breadth and depth of principles and technologies designed to support computer security ...
 
The National Institute of Standards and Technology (NIST) will host a workshop on cryptography for new technologies from Nov. 7-8, 2011, at the agencyamp's Gaithersburg, Md., campus.As the Internet evolves, it is becoming possible for ...
 
Googles share of the U.S. search engine market has dropped below 65% for the first time in two years, new data shows.
 
Microsoft today patched 15 vulnerabilities in Windows, Office and other software with five security updates.
 
Microsoft SharePoint 'EditForm.aspx' CVE-2011-1890 Script Injection Vulnerability
 
Microsoft SharePoint Contact Details CVE-2011-1891 Cross Site Scripting Vulnerability
 
Microsoft SharePoint CVE-2011-1893 Cross Site Scripting Vulnerability
 
Microsoft issued yet another update to remove trust in the cross signed intermediate certificates of DigiNotar.

http://blogs.technet.com/b/msrc/archive/2011/09/13/more-on-diginotar-certificates-and-september-bulletins.aspx
http://technet.microsoft.com/en-us/security/advisory/2607712
http://support.microsoft.com/kb/2616676

--

Swa Frantzen -- Section 66 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Juniper this week enhanced its service provider edge routers to address growing bandwidth requirements of emerging mobile, cloud computing and enterprise network applications.
 
Facebook has developed new features designed to make it easier for its members to segment their list of friends into smaller groups and in that way be more granular in how they share and view content.
 
Intel and Google announced on Tuesday that they would partner to optimize future versions of the Android OS for smartphones and other mobile devices using Intel chips.
 
Cisco expects annual revenue growth between 5 percent and 7 percent over the next three years and expects its still-ongoing restructuring to help the company increase profit faster than revenue, executives said on Tuesday at a financial analyst conference.
 
Microsoft on Tuesday gave the 5,000 developers attending its BUILD conference preview units of a Samsung tablet running a version of the upcoming Windows 8 operating system.
 
SAP is in the middle of a sweeping "renewal" of its software portfolio, powered by the HANA (High Performance Analytic Appliance) in-memory computing engine, executive board member and technology chief Vishal Sikka said during a keynote address Tuesday at the Tech Ed conference in San Francisco.
 
Microsoft's upcoming Windows 8 OS running on ARM prototype tablets and other devices will be open for developer scrutiny at the software giant's Build conference this week.
 
Microsoft Windows WINS Server 'ECommEndDlg()' Local Privilege Escalation Vulnerability
 
Seeker Advisory Sep11: Reflected Cross Site Scripting in Microsoft SharePoint Portal
 
The Authors Guild has sued five universities and a library partnership organization alleging copyright infringement over their use of certain digitized copies of books made by Google in its Books Library Project.
 
You can find gigabytes upon gigabytes of free online storage from a variety of sites and services. Only one, though, is offering a massive 200GB of cloud storage completely free.
 
Nearly seven months after Intel shelled out $7.68 billion for antivirus vendor McAfee, the two companies are offering a glimpse of their future.
 
SAP customers looking to open iTunes-like enterprise app stores through Apple's Volume Purchase Program (VPP) will soon have the ability to manage and deploy the software securely thanks to new VPP support in the Sybase Afaria platform, SAP said Tuesday at the Tech Ed conference in Las Vegas.
 
The SpyEye hacking toolkit has added an Android component that collects the text messages some banks use as an extra security precaution, a researcher said today.
 
Sun Java SE November 2009 Multiple Security Vulnerabilities
 
RETIRED: Adobe Acrobat and Reader APSB11-24 Advance Multiple Remote Vulnerabilities
 
[security bulletin] HPSBMU02703 SSRT100242 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification
 
Cybercriminals are using the old technique to lure victims into giving up personal information and potentially infect their systems with malware.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Adobe has released 1 bulletin today.
This updates Adobe products to the following versions:

Adobe Reader and Acrobat

10.1.1
9.4.6
8.3.1 (version 8.x will soon see its support terminated)






#
Affected
Known Exploits
Adobe rating




APSB11-24
Multiple vulnerabilities in the adobe reader and adobe acrobat software allow privilege escalation (windows only)or random code execution.


Reader Acrobat



CVE-2011-1352

CVE-2011-2431

CVE-2011-2432

CVE-2011-2433

CVE-2011-2434

CVE-2011-2435

CVE-2011-2436

CVE-2011-2437

CVE-2011-2438

CVE-2011-2439

CVE-2011-2440

CVE-2011-2441

CVE-2011-2442
TBD
Critical




--

Swa Frantzen -- Section 66 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
phpMyAdmin Tracking Feature Multiple Cross Site Scripting Vulnerabilities
 
Since we usually have a larger visitor base on Black Tuesday than normal just this reminder for those that might have missed the fun this month.
Microsoft already leaked the bulletins on Friday for about an hour or so, and we already published the overview at that time. Anyway, we'll look into changes they might have done since last week and update them here if we find anything worthwhile.
--

Swa Frantzen -- Section 66 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
On the Windows computer of the future, live tiles will replace icons, touch-based gestures will replace mouse clicks and semantic zooming will replace the arduous traversal through nested menus and folders.
 
Cisco has taken a grittier approach to marketing by attacking a competitor, Juniper Networks, with a video that pokes fun at its networking rival.
 

SMS-stealing Trojan poses as banking protection but once installed it can intercept text messages, sending them to the attacker’s command and control server.

A new banking Trojan from cybercriminals brandishing the SpyEye toolkit targets users of Android smartphones, tricking victims into installing a malicious application that steals text messages.

The Trojan was first discovered targeting Android phones in July by security researchers at Boston-based Trusteer Inc. It begins as a man-in-the-middle attack on a machine infected with SpyEye malware. A user that browses to the targeted bank is met with a phony message urging them to install a new application on their mobile phone to protect against SMS stealing malware. Once installed, the victim will see no sign of the malicious application running on the device.

“After the compromised user installs the Android application on his/her device, the application named ‘System’ is not visible on the device dashboard,” wrote Ayelet Heyman, a senior malware researcher at Trusteer in the company’s research blog. “It’s not a service, and it’s not listed in any current running applications. In order for a user to determine the existence of this app a bit of searching is required.”

Up until now, similar attacks have targeted BlackBerry and Symbian smartphones, Trusteer said. Security researchers are calling the technique of sniffing SMS messages a Man-in-the-mobile (Mitmo) attack. Often, the attacker requests the victim’s cell phone number and the device’s international mobile equipment identity (IMEI) number when installing the malicious application. Similar attacks were documented in 2010 targeting non-U.S. banks for two factor authentication.

Once the Trojan is installed successfully on the victim’s device, all incoming SMS messages will be intercepted and send to the attacker’s command and control server, Trusteer said.

The good news is, according to Trusteer, that the attack has yet to gain momentum. Security software that protects against man-in-the-middle attacks will help protect against the attack.



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

Since going public in 2007, network security company Sourcefire Inc., the home of the open source Snort intrusion detection and prevention system, has been busy expanding the breadth of its offerings – and has done so primarily via acquisition. Strategically, it’s a smart move to branch out beyond IDS and into endpoint (Clam AV) and cloud-based protection (Immunet), but the company has admittedly struggled with its identity because of Snort’s tremendous brand.

mpany launched a new campaign promoting what it’s calling Agile Security designed to put the message front and center to the market and customers that Sourcefire is deeper than just Snort. The company, founded by Marty Roesch, wants to position its products as a counter to today’s dynamic attacks.

“Traditional security is static; set-it-and-forget-it security doesn’t help,” said Sourcefire senior VP of marketing Marc Solomon. “Our research shows that 75% of the malware we see on customer environments is seen once. These are polymorphic viruses taking on an average lifespan of less than a day. You can’t throw bodies at it, because you can’t keep up. Attackers are winning.”

Sourcefire says the solution is a mix of automation and intelligence on threats that is applied to enterprise networks to set and enforce policies, and ultimately block rather than alert on attacks if the company so chooses.

“Sourcefire has had trouble articulating its vision; ‘We’re the inventor of Snort.’ That was their tagline. That’s no way to build an enterprise security company,” said Richard Steinnon, founder of IT-Harvest, an analyst firm. Steinnon said Sourcefire’s edge is its context-aware offerings via its RNA product and the attack intelligence gained from its cloud-based Immunet initiative Collective Immunity and the Sourcefire Vulnerability Research Team.

Solomon diagrammed the Agile Security vision in four steps: See, Learn, Adapt and Act. Via RNA, which is being re-branded FireSIGHT, customers will be able to watch network traffic for anomalies as it moves over endpoints, different operating systems, and the network. Networks may then adapt to threats and create rules to either alert or block attacks; an upcoming next-generation firewall is at the heart of this phase of the vision, Solomon said. This automation will enable enterprises to act on intelligence in real time, Solomon said.



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Presented By:
Prepare for Tomorrow, Today, with Cisco
  The way the world consumes and shares data will dramatically change in the next five years. Is your network ready to handle the load? Prepare for the future of the network with Cisco.
socialmedia.cisco.com

Ads by Pheedo

 
Vulnerabilities in trading and SCADA softwares
 
App store vendors need to collaborate more closely to keep smartphone users safe, including putting together a system for grading application security, according to E.U. cybersecurity agency ENISA.
 
Advisory for MS11-035 / ZDI-11-167
 
XSS vulnerability in FortiMail Messaging Security Appliance
 
Bitcasa, an ambitious start-up, plans to offer unlimited cloud storage space, for $10 a month.
 
Bowing to pressure from European privacy regulators, Google will soon allow owners of Wi-Fi access points to opt out of a Google service that allows smartphone owners to identify their location without using GPS (Global Positioning System), it said Tuesday.
 

Posted by InfoSec News on Sep 13

http://www.bankinfosecurity.com/articles.php?art_id=4047

By Tracy Kitten
Managing Editor
Bank Info Security
September 13, 2011

Phishing attacks aimed at online PC users won't be the financial
industry's greatest worry in the near future, says Dr. Markus Jakobsson,
security expert in the field of phishing and crimeware. Malware
targeting mobile devices will be.

Jakobsson, who has spent the last several months analyzing the current...
 

Posted by InfoSec News on Sep 13

http://www.domain-b.com/defence/general/20110912_cyber_warfare.html

domain-b.com
12 September 2011

Brussels: European security bloc NATO has sought cooperation with India
in the arena of cyber warfare in a bid to counter threats, particularly
those originating from China. Increasingly, NATO officials are trying to
draw India into their ambit of operations listing large areas of mutual
concern, including counter-terrorism, missile defence...
 

Posted by InfoSec News on Sep 13

========================================================================

The Secunia Weekly Advisory Summary
2011-09-02 - 2011-09-09

This week: 57 advisories

========================================================================
Table of Contents:

1.....................................................Word From Secunia...
 

Posted by InfoSec News on Sep 13

http://www.computerworld.com/s/article/9219930/Certificate_hacker_probably_paid_by_Iran_say_victimized_firms

By Gregg Keizer
Computerworld
September 12, 2011

The CEO of a certificate-issuing company that was hacked in March is
even more certain now that a wave of attacks against similar firms is
backed by the Iranian government.

"I think even more so now than before," said Melih Abdulhayoglu, the CEO
and founder of Comodo, a...
 

Posted by InfoSec News on Sep 13

http://www.nextgov.com/nextgov/ng_20110912_7347.php

Nextgov
09/12/2011

Recent interviews with current and former personnel involved in a 2008
federal investigation into hacking and other network abuse at an
immigration application processing center in Texas portray an
out-of-control information technology office at a key Homeland Security
Department agency. The vulnerabilities exposed by the year-long probe
raise troubling questions about...
 

Posted by InfoSec News on Sep 13

http://www.jsonline.com/business/129673573.html

By Rick Romell
Journal Sentinel
Sept. 12, 2011

A security breach exposed as many as 40,000 credit or debit cards used
in arcades at the Wilderness Waterpark Resort near Wisconsin Dells and a
companion resort in Tennessee, and a handful appear to have been
affected, an arcade supplier said Monday.

The card processing system of Vacationland Vendors Inc., a Wisconsin
Dells firm that supplies...
 
Fellow handler Lenny wrote about GlobalSign being named by a hacker claiming the DigiNotar and Comodo breaches and GlobalSign's response to it by stopping the processes of issuing certificates.
Today GlobalSign should be back in operation and they have kept a public track of their incident response. I suggest to read it bottom up as that way you get the timeline.
I see a number of very good ideas and actions in there. First off they stopped issuing certificates right after the claim, that's the containment you see in action: make sure it does not get worse. In fact if you look back at what's known so far of the DigiNotar case, had DigiNotar done that on June 19th when they detected the breach the first time, and then would have done a complete technical audit of their systems, DigiNotar would today not have had their entire reputation thrown away. Next GlobalSign contracted Fox-IT, the same company that has been/is analyzing the systems of DigiNotar. The value of having somebody who's been dealing with similar incidents can more often than not proof to be invaluable.
I also see one worrying issue, and that's that their web server (the one serving www.globalsign.com) has signs it has been breached. GlobalSign claims it has always been isolated though.
Over the past few weeks we've had a number of request of GlobalSign customers that were wondering if they should migrate to other providers.
Let's analyze with what we know now:

There is the anonymous claim of a hacker that he's hacked Comodo, Diginotar, GlobalSign and 3 more unnamed CAs.
The hacker gives as proof a calc.exe signed by the by now well known rogue *.google.com certificate from the DigiNotar breach. It does proof somebody has the secret key that goes with the certificate, but it doesn't proof he's the one doing it all.
From what we publicly can see, GlobalSign is reacting properly to it all.
If you would change providers you risk changing to one of the 3 unnamed ones.

So what's smart to do ?

Be ready to switch to another provider if you need to. Being ready can be done to different levels, but one can start with selecting (or setting up criteria), etc. This would be needed in two cases:

your current provider looses trust from the world at large (what DigiNotar did), or
your current provider sees itself compromised badly enough that it revokes its own intermediate certificates (what DigiNotar should have done) while it stopped issuing new certificates.


If I were a GlobalSign customer, I would not migrate away from GlobalSign as it risks I'd end up with one of the 3 unnamed ones and be in a worse condition than I'm now.

--

Swa Frantzen --
Section 66 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
OpenSAML XML Signature Wrapping Security Vulnerability
 
dotProject 2.1.3 Multiple SQL Injection and HTML Injection Vulnerabilities
 
Scadatec Procyon Telnet Service Remote Buffer Overflow Vulnerability
 
A number of Linux websites, including LinuxFoundation.org and Linux.com, have been pulled offline after a security breach.
 
NTT DoCoMo will partner with several Japanese hardware makers and Korean manufacturer Samsung Electronics to develop core chips for use in future smartphones, Japan's biggest business newspaper reported Monday.
 
Dolby Laboratories said that Research In Motion has agreed to license audio technologies that were at the center of two lawsuits filed by Dolby against the Canadian smartphones and tablets company.
 
The economy is still in the doldrums but it's not such a bad time to be a startup. Cloud technologies like Amazon Web Services have made it less costly for new companies to get off the ground, and 70 of them will be at the Demo Fall conference in Silicon Valley this week to launch new products.
 
From flexible printed circuits to chips that can change abilities on the fly, these technologies could be the building blocks for a plethora of new and innovative products.
 
Internet Storm Center Infocon Status