InfoSec News

A judge at the U.S. International Trade Commission has made an initial determination that HTC infringed two Apple patents, HTC said Friday.
 
Google's surprisingly strong earnings helped spark renewed confidence in the tech sector in advance of a raft of vendor earnings announcements next week, as shares of bellwether IT companies led markets upward Friday.
 
Intel is investigating a potential bug that may be causing SSD 320 solid-state drives to fail. The company is offering replacement drives to affected customers until the issue is resolved, a customer service representative said.
 
Marking a shift in the mobile computing space, Google's Android platform has begun losing developers to Apple's iOS, according to data released this week by mobile application analytics provider Flurry.
 
Samsung is on a roll with its new "Series X" line of laptops. The Series 9 is a high-price, high-style ultraportable that provides real competition for the Macbook Air. The Series 5 was the first Google Chromebook to go on sale, and while we're not fans of Chrome OS and don't recommend it, it's a nice piece of hardware and an aggressive release by Samsung. Now, the Series 3 rounds out the line with a nice everyday laptop for everyone. It's highly portable, performs well, and the price is right at just $750.
 
We continue to hear reports of companies, government agencies, and systems being hacked into by the Bad Boys of the Internet. Most recently it was confirmed that the US Pentagon systems were hacked into and thousands of files were copied from the systems that were hacked. When I heard this report I thought How in the world does an organization like the Pentagon with all of the resources they have get penetrated??? If organizations like the Pentagon have lowered defenses, how do we, the average system owner with a whole lot less resources protect ourselves?



As I thought about it I realized that there are just too many possible holes that can allow the Bad Boys in. Once an attacker penetrates the perimeter the internal systems are unprotected. Worms have penetrated many corporate networks through email systems, careless users, and the use of USB devices. Once they are in they spread quickly.



Today's worms and viruses initiate a large percentage of the attacks that take place. Today's hackers have become more and more sophisticated and continue to develop new methods to hack and avoid detection. You think you have the door closed and voila, you turn around and there they are. Once in, they start looking for other victims inside the network that they can infect. They can also use the infected computer to attack other computers both inside and outside your network. Besides wasting your resources (Bandwidth and other resources) they can get you or your company in a world of legal trouble. If your network is being used to perform a Denial of Service (DOS)attack or network reconnaissance scan against another companies network you have a responsibility to get the attack stopped immediately. Failure to do so can have devastating consequences.



Another concern for you would be the potential back doors that were opened up by the compromise. What information does the back door provide access too? Does the back door allow the bad boys of the Internet to use your systems for whatever purpose they choose?



So how do you protect yourself? How do you minimize the potential for your systems to be infiltrated?



If you are protecting you home computer you may need nothing more than a good firewall program installed on your computer. These programs can help you identify potential intrusions and if configured correctly can prevent the initial access from taking place. If you have a home network (wireless or hardwired) and have multiple computers the software firewall may not be enough. You may ant to give your home network just an extra bit of security by installing a hardware firewall. Most small businesses and home networks can benefit from a simple inexpensive hardware firewall. For $100 or less you can get a device from Linksys, Netgear or D-Link that will allow you to setup firewall rules to protect your network. These devices help protect you against attacks by screening out malicious traffic as well as prevent your computer from participating in the attacks without your knowledge.



A while back, I worked for a small ISP. We would get calls from our customers complaining about the speed of their connection. While investigating the speed issues I often found that the customer's computer or a computer on their network was infected with some malicious program that was either sending massive amounts of spam, was a partner in a botnet and was doing a lot of talking or they had an unsecured wireless access point (WAP) that was being used by their neighbors to steal bandwidth and Internet connection. With the use of secured access points and firewall's there were often substantial improvements in the perception of the customers.



Large businesses/organizations need to look at Enterprise and/or Host Based firewall solutions. There are many different ones out there and research needs to be done on what is the best fit for the organization. Things like VPN access, real time monitoring, integrated web security, IPS/IDS, Anti-spam/Anti-virus or other features will dictate which one is right for the organization.



All of these methods work and if setup correctly will protect your environment. You will want to monitor and review logs to insure that the network remains secure. It is an unfortunate fact of life that the firewall devices themselves may have holes that need to be plugged. This means that you have to stay up-to-date on your firmware/patches and make sure that you keep up on security related information for whichever device you choose.



I would be interested in what Firewall's are you using and why?
Deb Hale (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Citrix Systems this week bought Cloud.com, a 70 employee start-up that makes cloud infrastructure software. At the same time, it acquired what may be one of today's most desirable tech domain names.
 
Desktops and servers are being transformed by virtualization and multi-core CPUs, but that effect is a bit harder to see in security. Multi-core CPUs especially hold the possibility of completely transforming how and where we do security. One of the effects is to shift more of the security functions into the network. Another may be to radically change the software architecture within and across security appliances.
 
Twitter launched its microblogging service five years ago Friday and the company is marking the occasion by doling out some impressive usage stats.
 
Critics question a Republican spectrum proposal released this week.
 
Microsoft accidentally leaked an image of its own social networking platform, a site called 'Tulalip.'
 
It's complicated, and some customers are complaining. VMware says the new pooled pricing is fair and is a more usage-based model.
 
Android tablets could become more appealing to the enterprise with VMware's View Client for Android.
 
Dell OpenManage IT Assistant 'detectIESettingsForITA.OCX' Information Disclosure Vulnerability
 
[slackware-security] mozilla-firefox (SSA:2011-195-02)
 
[slackware-security] seamonkey (SSA:2011-195-01)
 
Apple has released iOS 4.3.4 Software Update. It looks like it adds some new features to your iPhone, iPod, and iPad, Besides the new features it contains Security Patches. One of the Security Patches fixes a potential security hole when viewing PDF files caused by a buffer overflow and application termination. CVE-2010-3855, CVE-2011-0226.
Another patch is included for an invalid type conversion in IOMobileFrameBuffer. CVE-2011-0227.
Products affected are iPad, iPod Touch (3rd and 4th generation), iPhone4 (GSM Model) and iPhone 3GS.
support.apple.com/kb/HT4802
Thank you to our readers Dave and Jim who brought this to our attention.

Deb Hale (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
After last week's report from the German government regarding PDF-related security vulnerabilities in MobileSafari, Apple on Friday released updates for all iOS devices to fix the problem.
 
Right out of the box, Windows 7 and Vista let you preview most mainstream and multimedia file types. To find and activate the preview function, go to Windows Explorer (click Start and type explorer.exe in the "Search programs and files" box) and click the Preview icon in the upper right corner.
 
Google has started to move e-mail security features from its Postini service directly into its Google Apps collaboration and communication suite.
 
iDefense Security Advisory 07.14.11: Citrix Access Gateway ActiveX Stack Buffer Overflow Vulnerability
 
[oCERT-2011-001] Chyrp input sanitization errors
 
Re: [Full-disclosure] DC4420 - London DEFCON - July meet - Tuesday 19th July 2011
 
DC4420 - London DEFCON - July meet - Tuesday 19th July 2011
 
JR Raphael compares the specs on three models of Motorola Droid smartphones.
 
U.S. and Romanian authorities have arrested more than 100 people allegedly involved in an Internet auction fraud scheme.
 
Microsoft may have accidentally leaked an image of its own social networking platform, a site called 'Tulalip.'
 
Re: Wireshark 1.4.0 Malformed IKE Packet Denial of Service
 
Torque Server Buffer Overflow Vulnerability
 
Dell IT Assistant detectIESettingsForITA.ocx ActiveX Control readRegVal() Remote Registry Dump Vulnerability
 
Paltalk Messenger ActiveX Control Multiple Insecure Methods
 

Mrs. Gattaca
CSO (blog)
--That said, the Lewis family is part of the infosec community, which makes them our family and compels me to put something here as well. Posting in two places means more eyes see it. In this case, more eyes = more prayers, and that is what this ...

 
Urumcek Oyun 'id' Parameter SQL Injection Vulnerability
 
CVE-2010-2404 | Persistent Cross Site Scripting Vulnerability in Oracle I-Recruitment - E-Business Suite
 
A security consultant has notified Skype of a cross-site scripting flaw that could be used to change the password on someone's account, according to details posted online.
 
Oracle wants to put Google CEO Larry Page on the hot seat in the companies' intellectual property lawsuit over the Android mobile operating system, according to a court filing made late Thursday by the companies.
 
You can deride iTunes for its cut-off, protected environment. And you can complain about the iPhone's closed nature. But what you can't deny is that Apple's two products work incredibly well together, delivering a seamless solution for transferring data back and forth between a phone and a computer. It's exactly what's missing from phones running the Android operating system. And it's just what Wondershare's MobileGo attempts to deliver. This $40 application (a free demo version is available) lets you connect your Windows PC to your supported Android smartphone to transfer music, movies, pictures, and more.
 
A security consultant has notified Skype of a cross-site scripting flaw that could be used to change the password on someone's account, according to details posted online.
 

Five things a Revere, MA upbringing taught me about #infosec
CSO (blog)
by CSO, Salted Hash – IT security news analysis, over easy! Note: When people hear the name Revere, they think of these things: Paul Revere's ride, guns, the IROC-Z automobile, lots of gold chains and language that doesn't include the letter r at the ...

 
Linux Kernel Bluetooth 'l2cap_sock.c' and 'rfcomm/sock.c' Information Disclosure Vulnerability
 

InfoSec in the supply chain
ComputerworldUK (blog)
The importance of data security throughout the supply chain is something we have all considered, but Greg Schaffer, acting deputy undersecretary of the (US) Homeland Security Department of the National Protection and Programs directorate at the ...

 
Oracle Java SE and Java for Business CVE-2011-0869 Remote Java Runtime Environment Vulnerability
 
The new Strategy for Operating in Cyberspace issued by the Department of Defense on Thursday covers a collection of topics that have been discussed for years and leaves a number of important unanswered questions, critics said.
 
It's official. Google+, which is just a bit more than two weeks old and still in the field trial stage, has attracted more than 10 million users.
 
The best way to truly "disconnect" from your hectic professional life while on vacation is to ditch as many of those electronic gadgets as possible. CIO.com's Al Sacco offers up five tips on how to have a "techless" vacation.
 
Mobile devices and applications are streaming into enterprises, changing the way IT departments buy technology and relate to other employees, three vendor executives said this week at the MobileBeat conference in San Francisco.
 
MIT Kerberos krb5-appl FTP Daemon EGID Remote Privilege Escalation Vulnerability
 

Posted by InfoSec News on Jul 15

http://gawker.com/5821227/hacker-who-turned-in-bradley-manning-is-a-bigger-scumbag-than-we-imagined

By Adrian Chen
Gawker.com
July 14, 2011

Around a year after Bradley Manning was arrested for allegedly leaking
to Wikileaks, Wired has finally published the full chat logs between the
Army private and hacker Adrian Lamo, who turned him into authorities.
Man, does Lamo come across as a scumbag.

If you remember: Manning reached out to Lamo on...
 

Posted by InfoSec News on Jul 15

http://www.fastcompany.com/1766812/inside-the-chinese-way-of-hacking

By Neal UngerleiderWed
Fast Company
July 13, 2011

Cyberwarfare in 2011 is an odd beast. Many Western governments
reportedly actively monitor rivals and engage in online sabotage, while
countries ranging from Israel to Iran to India also engage in
cyberwarfare programs of their own. But it's attacks against the
American government and commercial websites such as Google...
 

Posted by InfoSec News on Jul 15

http://www.v3.co.uk/v3-uk/news/2094076/vodafone-signal-femto-flaws-enable-widespread-phone-hacking

By Phil Muncaster
V3.co.uk
14 July 2011

Self-styled security research collective The Hacker's Choice has
revealed flaws in Vodafone's Sure Signal femtocell product which it
claims could allow hackers to listen to other Vodafone UK users' calls,
access their voicemails and even make calls via the victim's phone.

The...
 

Posted by InfoSec News on Jul 15

http://www.eweek.com/c/a/Security/Pentagon-Admits-Major-Data-Breach-as-It-Unveils-Defensive-CyberStrategy-869009/

By: Fahmida Y. Rashid
eWEEK.com
2011-07-14

The Pentagon admitted a defense contractor had suffered a major data
breach in March in a speech announcing a cyber-strategy plan emphasizing
defensive tactics.

A foreign government was behind a March cyber-attack against military
computers that led to 24,000 files being stolen from a...
 

Posted by InfoSec News on Jul 15

http://www.computerworld.com/s/article/9218427/Oracle_to_issue_78_bug_fixes_on_Tuesday

[Unbreakable - WK]

By Chris Kanaracus
IDG News Service
July 14, 2011

Oracle is planning to issue 78 patches covering a number of its software
products on Tuesday, including 13 fixes for its flagship database,
according to a statement posted to its website on Thursday.

The database patches cover a number of database editions, including 11g
R1 and R2, as...
 

Posted by InfoSec News on Jul 15

http://www.bloomberg.com/news/2011-07-12/bae-says-hack-on-sony-has-helped-spur-interest-in-cyber-security.html

By Sabine Pirone
Bloomberg
July 12, 2011

BAE Systems Plc (BA/) said its division supplying security against
computer hackers is attracting more potential clients after attacks on
companies such as Sony Corp.

“We’ve seen a significant shift in the understanding of cyber threats
within board rooms, particularly in the last six...
 

Posted by InfoSec News on Jul 15

========================================================================

The Secunia Weekly Advisory Summary
2011-07-07 - 2011-07-14

This week: 39 advisories

========================================================================
Table of Contents:

1.....................................................Word From Secunia...
 
Easy Estate Rental 's_location' Parameter SQL Injection Vulnerability
 
PCRE Regular Expression Heap Overflow Vulnerability
 
Internet Storm Center Infocon Status