InfoSec News

Microsoft began shipping this week IIS Express 7.5, a free version of its IIS Web server optimized for developers.
 
As I've noted in the past, one of the tools that I really like here and that is available to the public is our port detail. So, as the result of a conversation at the day job the other day, I decided to take a look at the last 11 months of traffic on port 8881. Below is the graph. Does anyone know what happened in September that led to huge increase in traffic?If you look at the ASCII table, you can see the number of destinations stayed in the range of roughly 5-15, but the number of sources has gone up tremendously. Also, the mix of TCP to UDP dropped to roughly 75-85% (which may actually point to an answer, but I'll save my conjecture for an update). So, if anyone has a packet capture they'd like to share, please upload through the contact page.


---------------

Jim Clausing, GIAC GSE #26

jclausing --at-- isc [dot] sans (dot) org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Anonymous to protest Saturday in San Diego
Examiner.com
The technology news source Infosec Island claims the attacks were more of an annoyance than a threat. Infosec said the volume of the attack was small, ...

and more »
 
The Government Accountability Office released a major report Friday on the H-1B program that assesses the visa program's use and recommends reforms.
 
The Government Accountability Office released a major report Friday on the H-1B program that assesses the visa program's use and recommends reforms.
 
We've been hearing about AMD's new Fusion line of processors for what seems like ages, so it's with great interest that I dove into the testing of the first Fusion-powered laptop to cross my doorstep, the HP Pavilion dm1z (frequently called the "dm1"). It's based on the highest-performing member of the new Brazos platform from AMD, the E-350 CPU. At a very reasonable starting price of $450, this 11.6-inch laptop straddles the line between a budget ultraportable laptop and a netbook, and offers a lot of value.
 

IT Workforce in the US: 4 Million or 24 Million?
GovInfoSecurity.com (blog)
For now, BLS classifies most infosec pros in one of the eight computer occupations.) Our latest analysis based on the household survey, IT Employment Ends ...

 
MySpace was once a social networking pioneer and shining star, but analysts now wonder who would want to buy the struggling site.
 
Mozilla today shipped Firefox 4 Beta 9, perhaps the last it will release before it pushes toward a final version now planned to ship by the end of February.
 
[ MDVSA-2011:008 ] perl-CGI
 
[ MDVSA-2011:009 ] gif2png
 
It's been a week since the Mac App Store flung open its virtual doors, giving Mac users another avenue to shop for and download software for their computer. Apple hopes to emulate the success it's enjoyed with the iOS version of the App Store, but there are a few things that could be fixed.
 
Apple will reward the customer who downloads the 10 billionth app from the iOS App Store with a $10,000 iTunes gift card, the company said today.
 

SMS ransomware surfaces in Russia, charges $12 ransom

By Ryan Cloutier, Contributor

The black hat community is always on the lookout for a way to profit from its illicit activities. On the Web, Trojans and worms disguised as freeware present an easy way for even a moderately skilled hacker to capitalize on the naiveté and lack of experience of many internet users.

According to Nart Villeneuve at Trend Labs’ Malware Blog, recent techniques in the field of cybercrime often involve taking a user’s computer hostage. The malware does this by denying users access to their desktop and files until they dial an SMS number and enter a code.

In the latest ransomware campaign detected by Trend Labs, the SMS agency charges the user the equivalent of $12 before giving them the code to free their systems.

Villeneuve said an ongoing campaign has netted the responsible cybercriminal $29,435 over the last five weeks. He goes on to note mathematically this indicates that 2,500 people have paid the hacker’s ransom.

Cybercrime is a serious matter for cybercriminals who run these campaigns much like ordinary businesses and keep financial records for their own reference. In our research, we were able to access a panel that was used to keep track of the specific income generated by at least 60 phone numbers used in ransomware campaigns.

Villeneuve also notes users downloaded the specific file, identified by Trend Micro as WORM_RIXOBOT.A., more than 100,000 times in December. This means there is most likely a great deal of money going to that criminal.

Back in November, UK researchers detected a drive-by attack that encrypted media files and Microsoft Office documents and then demanded a $120 payment to have the files decrypted.



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
With an onslaught of new tablet computers about to hit the market, vendors' brands will take on more significance than ever.
 
Gibbs ponders the National Strategy for Trusted Identities in Cyberspace program and thinks its crazy
 
IBM Friday is set to pit its Watson supercomputer against past champions in the game of Jeopardy to be help at the company's research center in Yorktown Heights, N.Y.
 
ICQ Automatic Updates Remote Code Execution Vulnerability
 
[ MDVSA-2011:006 ] subversion
 
[ MDVSA-2011:006 ] subversion
 
Remote Code Execution in ICQ 7
 
Nearly a month after it yanked an Outlook 2007 update over connection and performance problems, Microsoft has re-released the patch to correct its mistakes.
 
Google is modifying its Apps service level agreement in ways that increase the company's accountability whenever the hosted collaboration and communication software experiences downtime.
 
Wireshark Dissectors Multiple Vulnerabilities
 
[ MDVSA-2011:007 ] wireshark
 
[SECURITY] [DSA-2143-1] New mysql-dfsg-5.0 packages fix several vulnerabilities
 
[security bulletin] HPSBUX02608 SSRT100333 rev.2 - HP-UX Running Java, Remote Execution of Arbitrary Code, Disclosure of Information, and Other Vulnerabilities
 
Drupal 5.x, 6.x <= Stored Cross Site Scripting Vulnerability
 
How do you choose the right smartphone? What if you get a great smartphone, but the network it is on is flaky, unreliable, and constantly drops calls? What if you choose an awesome wireless provider, but can't get the smartphone you really want? The following process will help you find the right combination of wireless provider and smartphone that works best for you.
 
NASA named a veteran government IT official to serve as its deputy CIO for Information Technology Security.
 
Oracle is planning on Tuesday to release 66 security patches affecting hundreds of products, according to a notice posted on its Web site.
 
Apache's just-released Cassandra 0.7 comes with big data support
 
The former college student who was found guilty of hacking Sarah Palin's personal e-mail account began his one-year sentence in a Kentucky prison this week, despite the judge's recommendation that he serve the time in a halfway house.
 
Engineers at Adobe Systems Inc. are working on a redesign of the Flash Player Settings Manager to incorporate features requested by users and privacy advocates.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

Several government and educational websites redirect visitors to fake stores.

By Ryan Cloutier, Contributor

Security researchers at ZScaler Inc. have provided a list of government websites that have been hijacked, redirecting visitors to Google searches.

Government web properties are not the only targets of these internet villains, some university websites, including those linked to Harvard, MIT and Stanford have fallen as well. According to Julien Sobrier, a researcher at zScaler, the list of hijacked sites includes:

  • Harvard (Alexa rank in US: 875, cxc.harvard.xdu)
  • MIT (Alexa rank in US: 963, petar.blog.lcs.mit.xdu, fig.scripts.mit.xdu, hlt.media.mit.xdu)
  • Stanford (rank 782, mentalhealth.stanford.xdu, yuba.stanford.xdu, assu.stanford.xdu)
  • Fandango (rank 236, www.summermovies.fandango.xom)

There are also governmental sites in the list, from the U.S., China and other countries:

  • openworld.gov
  • paceflorida.gov
  • fpa.tas.gov.au
  • ezhouinvest.gov.cn
  • perak.gov.my
  • misiones.gov.ar
  • etc.

In zScaler’s research blog, Sobrier wrote that visitors are redirected to no ordinary Google search results; the results seem to consist entirely of fake online stores. The stores “sell” software at a discounted price. However, they all seem to have odd URLs and some of the sites are running SEO spam topics such as Viagra and U.S. student Visa.

Contemporary wisdom suggests these types of locations will not be kind to your bank accounts, Sobrier said.

Once again spammers have managed to poison search results for popular searches. This specific spam was reported a month ago, but it still shows up in the first page of results for multiple searches.

There also seem to be various domain names for the fake stores. The domain names run the gamut from the seemingly malicious software-supreme.com to the seemingly less threatening sacon.org. All in all the fake stores encompass at least 75 domains and each site looks slightly different.

What makes this attempt unique from your typical black hat attempt to turn Google’s algorithms against the common person is that the search engine optimization is in multiple languages. Usually spam SEO comes in English but this time we are seeing French, German and other varieties.



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Whether you're a professional tech support specialist or simply the go-to tech guru for your family and friends, you know how frustrating it can be to try to fix people's PCs. The task is even more difficult when you're not physically sitting at the system you're attempting to troubleshoot, and you have to rely on verbal explanations from a nontechie to figure out what is going on. The Problem Steps Recorder tool in Windows 7 resolves such issues and simplifies remote troubleshooting.
 

7 cyber crime facts executives need to know
IDG News Service
Some companies are "budgeting" for ERM and/or InfoSec, but never actually committing the money. Or alternately, the companies claim they are continuing to ...

and more »
 
The U.S. Department of Justice indicted the president of Taiwanese display maker HannStar, making him the 22nd executive to be charged in an ongoing investigation into price fixing in the LCD industry.
 
Analysts say Verizon's iPhone may include a dual antenna to eliminate the signal problems that plagued AT&T customers last summer.
 
The past 10 years saw some big technology threats -- some real, some just a wee bit overblown. Here's a look back at 10 of the most terrifying tech scares from the past decade.
 
Joomla! People Component 'id' Parameter SQL Injection Vulnerability
 
Avira AntiVir Personal Multiple Code Execution Vulnerabilities
 
InfoSec News: Computer Stolen In Oklahoma City Contains Research To Cure Prostate Cancer: http://www.news9.com/Global/story.asp?S=13833909
By Emily Wood News 9 Jan 13, 2011
OKLAHOMA CITY -- An Oklahoma couple is urging thieves to return a stolen computer they say has the power to save millions of lives.
Last Sunday, Sook Shin was carrying a possible cure for cancer on a [...]
 
InfoSec News: Secunia Weekly Summary - Issue: 2011-02: ========================================================================
The Secunia Weekly Advisory Summary 2011-01-06 - 2011-01-13
This week: 64 advisories [...]
 
InfoSec News: Watchdogs sniff out 6 critical cybersecurity challenges facing the electrical grid: http://www.networkworld.com/news/2011/011311-cybersecurity-challenges-electrical-grid.html
By Michael Cooney Network World January 13, 2011
As the country's electricity grid undergoes a transformation and moves toward a more intelligently networked, automated system, it faces an [...]
 
InfoSec News: Call for Papers: RAID'11: Forwarded from: Guofei Gu <guofei (at) cse.tamu.edu>
Dear colleagues,
Please find below the Call for Papers for RAID'11 (http://raid2011.org/).
Apologies for multiple copies of this announcement.
Best regards, Guofei Gu Assistant Professor Department of Computer Science & Engineering [...]
 
InfoSec News: Scandinavian gamers hack NH medical center to play Call of Duty; compromise records of 230,000: http://www.unionleader.com/article.aspx?articleId=6add3fd7-0f3f-4680-aa61-232503e7eaca&headline=Scandinavian+gamers+hack+NH+medical+center+to+play+Call+of+Duty%3b+compromise+records+of+230%2c000
By CLYNTON NAMUO New Hampshire Union Leader Correspondent Jan. [...]
 
InfoSec News: Kadlec computer servers hacked: http://www.tri-cityherald.com/2011/01/13/1324988/kadlec-computer-servers-hacked.html
By Michelle Dupler Herald staff writer Jan. 13, 2011
RICHLAND -- Kadlec Regional Medical Center officials announced Wednesday that patients are being notified that one of the hospital's computer [...]
 
Real Networks RealPlayer SP 'RecordClip' Method Remote Code Execution Vulnerability
 

Posted by InfoSec News on Jan 14

Forwarded from: Guofei Gu <guofei (at) cse.tamu.edu>

Dear colleagues,

Please find below the Call for Papers for RAID'11 (http://raid2011.org/).

Apologies for multiple copies of this announcement.

Best regards,
Guofei Gu
Assistant Professor
Department of Computer Science & Engineering
Texas A&M University

--------------------------------------------------------------------------

CALL FOR PAPERS...
 

Posted by InfoSec News on Jan 14

http://www.unionleader.com/article.aspx?articleId=6add3fd7-0f3f-4680-aa61-232503e7eaca&headline=Scandinavian+gamers+hack+NH+medical+center+to+play+Call+of+Duty%3b+compromise+records+of+230%2c000

By CLYNTON NAMUO
New Hampshire Union Leader Correspondent
Jan. 13 2011

ROCHESTER -- Some Scandinavian nerds went above and beyond to play their
favorite video game last year when they hacked a server for Seacoast
Radiology to get more bandwidth,...
 

Posted by InfoSec News on Jan 14

http://www.tri-cityherald.com/2011/01/13/1324988/kadlec-computer-servers-hacked.html

By Michelle Dupler
Herald staff writer
Jan. 13, 2011

RICHLAND -- Kadlec Regional Medical Center officials announced Wednesday
that patients are being notified that one of the hospital's computer
servers containing brain scan and other patient studies was hacked in
September.

Files housed on the server included information with a patient's name,
birth date,...
 

Posted by InfoSec News on Jan 14

http://www.news9.com/Global/story.asp?S=13833909

By Emily Wood
News 9
Jan 13, 2011

OKLAHOMA CITY -- An Oklahoma couple is urging thieves to return a stolen
computer they say has the power to save millions of lives.

Last Sunday, Sook Shin was carrying a possible cure for cancer on a
small Apple computer with years worth of data.

"I cannot eat and sleep since last Sunday," said Shin. "I'm devastated
and I feel so guilty."...
 

Posted by InfoSec News on Jan 14

========================================================================

The Secunia Weekly Advisory Summary
2011-01-06 - 2011-01-13

This week: 64 advisories

========================================================================
Table of Contents:

1.....................................................Word From...
 

Posted by InfoSec News on Jan 14

http://www.networkworld.com/news/2011/011311-cybersecurity-challenges-electrical-grid.html

By Michael Cooney
Network World
January 13, 2011

As the country's electricity grid undergoes a transformation and moves
toward a more intelligently networked, automated system, it faces an
increasing amount cybersecurity issues.

Watchdogs at the Government Accountability Office today said while the
increased use of smart grid systems may have a number...
 


Internet Storm Center Infocon Status