Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
 
WordPress WP-FaceThumb 'pagination_wp_facethum' Parameter Cross Site Scripting Vulnerability
 
Serendipity SQL Injection and Cross Site Scripting Vulnerabilities
 
After more than a year of active testing and debate over LightSquared's plan for a nationwide, wholesale 4G network, the now bankrupt company may end up as no more than a cautionary tale for mobile investors.
 
A new variant of the Zeus trojan tricks users into exposing their debit card details by displaying rogue offers when they visit Facebook, Gmail, Yahoo and Hotmail, according to researchers from security firm Trusteer.
 
The next major release of Red Hat Enterprise Linux , version 7, is targeted for release in the second half of 2013, Red Hat said on Tuesday, as it also celebrated the tenth anniversary of its enterprise OS.
 
Voyager Mobile, a startup promising cheap, unlimited mobile service around the U.S., has postponed the launch it planned for Tuesday, saying a malicious attack took down its website.
 
RETIRED: Serendipity SQL Injection and Cross Site Scripting Vulnerabilities
 
Regulators in Europe said Tuesday they will watch closely to make sure Microsoft complies with its commitments to ensure competition in the browser market, after Mozilla complained its Firefox browser is being excluded from Windows RT.
 
Apple Mac OS X CVE-2011-3458 Remote Code Execution Vulnerability
 
Apple Mac OS X QuickTime CVE-2012-0658 Movie File Handling Buffer Overflow Vulnerability
 

Cloud Storage Security Isn't as Solid as Vendors Want You to Believe
eWeek
Interestingly enough, when Sophos polled conference attendees about cloud storage riskiness at Infosec Europe in April, 64 percent of the respondents said they thought that cloud storage is risky, but 45 percent said they still went right ahead and ...

and more »
 
Facebook has raised the price range of its stock shares just days before the company's highly anticipated initial public offering. Is Facebook's IPO overhyped?
 
Nvidia announced technologies that could make its upcoming Tesla graphics processors more accessible to cloud deployments in enterprises, while also reversing a trend of relegating highly parallel chips to specialized math and scientific calculations.
 
As the hype over Facebook's upcoming IPO continues to grow, a new survey indicates that not everyone is confident in the social network's long-term success.
 
Rogue browser extensions might inject commercial ads into Wikipedia pages, Wikimedia Foundation said
 
German security firm Avira yesterday issued a service pack for its antivirus software that crippled an unknown number of Windows machines, with one customer calling the gaffe "catastrophic" to his company.
 
G-Project's The G-Go looks like a cross between a Dustbuster, an iron, and an oversized flashlight. But it's none of those things. Rather, it's a $69, IPx4-rated, water-resistant Bluetooth speaker. (That rating means that the G-Go can withstand water splashing from any direction.)
 
Hewlett-Packard bills its HP Folio 13 as an ultrabook built for businesses. CIO.com's Paul Mah takes a look at the HP Folio 13's specifications, usability and security.
 
In iTunes, there are two ways to categorize your videos: as either Movies or TV Shows. Movies are displayed individually, but TV shows are organized in groups, as they would be if they were episodes in the same show. One anonymous Mac OS X Hints reader takes advantage of this to organize all kinds of videos, regardless of their actual source. He uses his Movies library for very large files and puts everything else in TV Shows. So, for example, in his TV Shows library, he has groups called YouTube Videos, Home Videos, Work Stuff, and so on.
 
FFmpeg Multiple Remote Vulnerabilities
 

Reader Bob wrote in reportingseeing increasingly frequent incoming DNS replies on UDP 53, with valid DNS answers, but coming from source addresses in the 10.x.x.x/8 range. The responses appear to be from the Internet Roots to DNS servers that are querying the root.

Anyone else see this kind of behavior?




Over the past week another couple of readers have written in reporting issues accessing the ISC web page. The SANS NOC reports thatRFC-1323timestamps were getting scrubbed by our firewall to prevent information disclosure, but the checksum wasn't being updated. The packet wassubsequently dropped by the end device.

This appears to be impacting users using Bluecoat web proxies. We will have more to post on this topic throughout the day.




RFC1323 describes TCP extensions used to improve performance over high delay networks and high speed networks

These include Scaled Window Options, Round Trip Time Measurement (RTTM), and protection against Wrapped Sequence Numbers (PAWS)

Scaled window options are implemented by bit shifting the 16bit window field into a 32 bit field by adding an option indicating how many placeholders to shift (or multiply by) to get the real window size. Recall the window size is how many bytes a node can buffer before it needs the transmitter to slow down.

TCPDump displays this option as WS=6 for a factor of 6 in the TCP options

Wireshark displays this option as for example: Window Scale: 7 (Multiply by 128)

Round Trip Time Measurement (RTTM), or TCP option 8 contains a Timestamp value or TSval set by the sender with its sending time, a 32 bit value, and Timestamp Echo Reply (TSecr) which is only valid if the accompanying ACK TCP flag is set. This 32 bit value echos a time stamp value set by the other or remote host in a TCP session. These values are tracked over time to estimate and adapt to changing traffic conditions.
PAWS provide a simple mechanism to reject old duplicate segments that might corrupt an open TCP connection. It uses the same timestamps in RTTM, The basic idea is that a segment can be discarded as an old duplicate if it is received with a timestamp less than some timestamp recently received on this connection.
Here is what Bluecoat has to say on the topic:https://kb.bluecoat.com/index?page=contentid=FAQ1006

PAWS is looking for the timestamp to be advancing and is used to keep as much data in transit as possible between communicating hosts.



The risk to data transport in this case is if two hosts or their intermediaries cant negotiate a common method of communicating with or without these options. This can happen with firewalls, as in our case, or incompatible endpoints. It is interesting to note that Windows implemented these options in Windows 2000, but did not enable them by default until Windows 2008.
Dan

SANS Internet Storm Center Handler
Update:

----------------------------------------------------------

Some References I used to look into this today:

The RFC: http://www.ietf.org/rfc/rfc1323.txt

http://www.networksorcery.com/enp/protocol/tcp/option008.htm

http://packetlife.net/blog/2010/aug/4/tcp-windows-and-window-scaling/

http://www.ecr6.ohio-state.edu/window-scaling.html

technet.microsoft.com/en-us/library/bb726965.aspx

technet.microsoft.com/en-us/library/bb878127.aspx

This is by no means an exhaustive article on this topic, it is just a beginning, I will look to other handlers to fill in the gaps as well as look into it more as time goes on.

Another discussion that is pertinent is IP options versus TCP options. Staying in IPV4 land for this discussion

As the names state IP options and padding are in the Internet Protocol header of a packet, they are the last 32 bits in the Internet protocol (v4) header and TCP options are contained within the TCP header.
Using the following page as a reference:http://www.networksorcery.com/enp/protocol/ip.htm#Options.IP options deliver a handful of IP features that in general are not used. Most IPv4 headers begin with version (4 in this case) and the IHL the header length in 32 bit words or 5 as the minimum and default. If options are set then that number varies depending on the options set. For the most part these options are not used, IP options include features like source routing which could permit undesirable results. Each option is described in detail on the reference page above.
TCP options are more central to the operation of the protocol the IP options are. IP options add optional features, where as TCP options make the protocol work. A list of TCP options is available here:http://www.networksorcery.com/enp/protocol/tcp.htm#OptionsOption 8 contains the windows scaling discussed above. Other options include Selective Acknowledgement (opts 4 and 5) and Option 3 Window Scale Factor (discussed above and in RFC1323. These options extend and enhance the TCP protocol operation.
In conclusion, both TCP and IP offer different options which can enhance the protocols. Understanding them can impact operability and availability of a network.

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
NetSuite is going up against vendors such as Demandware and Venda in the market for cloud-based e-commerce platforms, announcing a new product, SuiteCommerce, during the SuiteWorld conference in San Francisco on Tuesday.
 
OpenSSL DTLS CVE-2012-2333 Remote Denial of Service Vulnerability
 
Quagga Multiple Remote Security Vulnerabilities
 
[ MDVSA-2012:075 ] ffmpeg
 
Verizon Wireless will add 28 more cities to its nationwide LTE network on Thursday, bringing the total number of markets with access to its faster 4G service to 258.
 
Trigerring Java code from a SVG image
 
APPLE-SA-2012-05-14-2 Leopard Security Update 2012-003
 
The four-year-old saga of Psystar, a Florida Mac clone maker that was crushed by Apple, ended Monday when the U.S. Supreme Court refused to hear its appeal of a lower court decision.
 
Microsoft plans to charge users who buy a new Windows 7 PC $14.99 for an upgrade to Windows 8. The upgrade program is expected to kick off alongside the delivery of Windows 8 Release Preview in June.
 
Re: rssh security announcement
 
[ MDVSA-2012:076 ] ffmpeg
 
LifeSize unveiled two portable, all-in-one videoconferencing units for various work spaces, including home offices, meeting rooms and executive offices.
 
Facebook has raised the price range of its stock shares just days before the company's highly anticipated initial public offering.
 
Baidu, which runs China's most popular search engine, unveiled a smartphone that features its own mobile platform.
 
[ MDVSA-2012:074 ] ffmpeg
 
[SECURITY] [DSA 2457-2] New icedove/iceweasel packages fix regression
 
[SECURITY] [DSA-2471-1] ffmpeg security update
 
SAP announced a broad set of plans to become a player in cloud computing, spanning from a "loosely coupled suite" of business applications to data integration and PaaS (platform as a service) Tuesday during the Sapphire conference in Orlando.
 
Advanced Micro Devices hopes to provide thin-and-light laptops that are less expensive but equally speedy to Intel's ultrabooks with its new A-series chips, which the company officially announced on Tuesday.
 
Net-SNMP SNMP GET Request Denial of Service Vulnerability
 
Lenovo is working with chip maker Intel on a future ThinkPad tablet based on Microsoft's Windows 8 operating system, a Lenovo executive said.
 
Lenovo announced a range of new ThinkPads with Intel's latest third-generation Core processors, including a ThinkPad ultrabook that the company claims is the "thinnest ultrabook in the world."
 
Satisfaction with Microsoft's software slipped last year, part of an industrywide downturn driven by U.S. consumer discontent with traditional PC programs, a national survey said today.
 
Although the standard for DDR4 memory won't be finalized until summer, several companies are already preparing to ship modules that will boost performance in data centers and on consumer devices
 
Internet Storm Center Infocon Status