InfoSec News

New York Daily News

Anonymous To "Destroy" Facebook On 5th November
Some of these so-called whitehat infosec firms are working for authoritarian governments, such as those of Egypt and Syria," accused Anonymous in the release. It further derides Facebook's reluctance to part with user data despite account deletion. ...
Anonymous: Facebook's going down November 5CNET (blog)
Anonymous vows to 'destroy' Facebook on Nov5GMANews.TV
"Anonymous" vows to "kill" FacebookCBS News
PC Pro -PC Authority
all 479 news articles »

The Eastern Seaboard power blackout that occurred in 2003 (started at 4:10 on Aug 14, 2003, with the recovery varying by region) was a milestone in many of our lives. Not only was it full of personal consequences - I can remember my wife calling me in a panic as I was driving home, but it had some severe business and societal impacts, and changed how we view service interruptions in IT.
The blackout forced many businesses to seriously consider what an interruption in basic services could cost the organization, and also to consider how to do business without various services. In short, we now do Disaster Recovery Planning (DRP) and Business Continuity Planning (BCP) a lot more, and a lot more rigorously than we did pre-2003.

The blackout also forced us as a society to consider just how critical our Critical Infrastructure is, and how long it had been since it was last looked at closely (post WWII in a lot of cases). It also forced us to look at security in a whole new light - the electrical grid had been built on a we trust or neighbours model, which was one of the root problems that made the 2003 event so wide-spread. Most utilities are now a lot more self-contained, or at least aware of the good fences make good neighbours design approach these days.

We're a lot more aware now of just how complex our utility infrastructure is now, we've seen first hand what happens when the power goes off, and how complex it was to get the power back on after a widespread hit.

While NERC (North American Electric Reliability Council) has been around since 1968, the power outage was one of the catalysts in re-formulating it as The North American Electric Reliability Corporation, and re-writing the Critical Infrastructure Protection (NERC CIP) regulations in 2006.

Above all, to me the 2003 blackout illustrates just how short our memory is. We had a power hit that affected New York City in 1977 (which Iremember), and a much larger Northeast area event back in 1965 (I was 3 then, so before my time). I guess as a society we're a lot like my cat - bad things need to take place a few times at least before it sinks in. Hopefully, now that we've got critical infrastructure standards and particularly security written into regulations and law, it'll stick. Also, now that we've got some momentum in BCP and DR planning, the private sector will follow along.

We'd love to hear your comments, either from your experiences during any of the larger power problems, or how they've affected your organization.

Rob VandenBrink

Metafore (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Logging in from a Smyrna, Georgia, McDonald's restaurant, a former employee of a U.S. pharmaceutical company was able to wipe out most of the company's computer infrastructure earlier this year.
Apple QuickTime CVE-2011-0247 H.264 Movie Files Multiple Buffer Overflow Vulnerabilities
(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Dell had strong profit growth in the second fiscal quarter of 2012, although the company's revenue was hurt by a drop in sales of storage and desktop products, Dell said on Tuesday.
Apple today issued the first update for OS X Lion, the new operating system it launched four weeks ago.
A sizeable spike in malicious email attachments is just subsiding, but if history is any indicator, several smaller spikes are about to follow that use even more deceptive means than their predecessors.
Amazon is stepping up the security and access features of its cloud services in an effort to attract more government agencies as customers.
Apple QuickTime ActiveX QTL File 'src' Parameter Stack Buffer Overflow Vulnerability
Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-29 through -30 Multiple Vulnerabilities
Xen Instruction Emulation During VM Exits Denial of Service Vulnerabilities
Linux Kernel OOPS 'qdisc_dev()' Dereference Remote Denial of Service Vulnerability
(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Earlier this afternoon, the Mozilla Foundation released an update for their Firefox web browser to correct a number of security issues. Most of the issues corrected in this release are listed at a critical severity. As such, organizations should consider pushing the updated web browser in the near future.
More information concerning the issues is available at
Scott Fendley ISC Handler (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Facebook attorneys filed court documents Monday contending they have found 'smoking-gun evidence' in a lawsuit over whether a New York man is due part ownership of the social networking company.
Google's interest in Motorola may really be just for the patents after all.
In a strong message to those who incite violence on social networks, a British court sentenced two men to four years in prison for using Facebook to try to organize a riot. It is the sternest punishment yet for abuse of social networks during the U.K. riots.
Samsung announced it is shipping to laptop and tablet manufacturers a new 512GB SSD that uses the SATA 3.0 interconnect specification, which doubles throughput from Sata 2.0's 3Gbit/sec to 6Gbit/sec.
Google executives see a great future in mobility, both for computing and for the company, and they're willing to pay a lot for the power they think that will bring them in the mobile market.
Intel this week defended its fee-based processor upgrade program, saying it is a way to add incremental performance without having to tear the system apart for a CPU upgrade.
Mozilla today released Firefox 6, the second edition since it shifted to a rapid-ship cycle that delivers a new version of the browser every six weeks.
If you do have a web server, and browse your logs regularly, you will probably find regular probes for various web applications, even some that you don't even use. In many cases, these probes are looking for very common web applications with well known vulnerabilities. Most of the time, the vulnerabilities are old, and a patched version of the application is available. But web applications can be hard to patch and are usually not included in normal patch routines. These web applications are also often customized and the customization makes patching harder. To make things even more complex: It is not always the application itself, but a plugin that is causing the problem.
What I am trying to do here is to assemble a list of the most dangerous web applications. We will use a survey, the 404 project and any other data people may have to rank them. Once these applications are identified, we will try to collect hardening guides to help you run these applications securely.
Please see the survey here consider participating to get this project started. The survey will just be one source of data we will be using.

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Hoping to broaden input from users, the World Wide Web Consortium has established two new virtual working spaces for individuals and organizations to develop specifications.
The SpyEye source code could enable researchers better understand the malware, but it could also make SpyEye a much larger malware threat, according to Damballa Inc.

Add to digg Add to StumbleUpon Add to Add to Google
Oregon's model for compliance with IRS information security requirements could be used for cross-agency security at the federal level.

Add to digg Add to StumbleUpon Add to Add to Google
Apple Safari CFNetwork Cross-Site Scripting Vulnerability
With the start of a new school year right around the corner, there is usually an uptick in phishing scams directed toward Academia. As has been reported many times over the past several years, the number of new faculty and students in Higher Ed, coupled with the limited amount of access controls in place on many systems, makes this an optimal time for the scams to be directed at our campuses.

I am a huge advocate of educating these new members of our community concerning the protection of their user credentials. For my environment, I am actively making the case that a personalized message be sent to each and every individual in our organization to educate (or at least remind) about how we conduct our business involving password changes and the use of credentials in our environment. By in large, many of our phishing scam victims were blissfully unaware of the value to their account credentials to an attacker. Or they just assumed an email claiming to be from the university sent to their university email account must be legit.

A number of years ago Johannes presented 6 Simple Steps to Beat Phishing [ ]. These steps are still very valuable in the effort to limit the exposure. Many organizations have conducted spear phishing attacks against their own users as a way to raise security awareness. This type of penetration testing, or ethical hacking, likely does has some impact on the overall security posture of your users but I expect that your mileage may vary based on organizational culture.

Unfortunately, there will always be a small number of users who will fall victim to phishing scams, no matter the amount of training, education or other preventative measures you take.

So what things can you do to recover from a compromised user account. In most of the phishing scams targeting my institution, the intruders were mostly focused on using the account to send out junk mail or other scams.

Junk Email/Scam Attack

Lock out the user account or reauthorize their ability to authenticate.
Clean out mail queues to remove any messages which have not been delivered
Monitor SMTP logs to identify RBLs which may be blocking campus mail servers.
Reverse any changes to the compromised user account, such as Forwarding Address, Formal Name, signature, Reply-to: and similar.
Review logs to identify the source IP addresses of the intruders, and identify any other compromised accounts.
Communicate the abusive behavior to the Net Block in question, and block the IP range if appropriate.
Review logs to identify any tell-tale addresses which may be used by the intruders to test an account as functional. These addresses are an excellent early warning system to identify accounts which are about to be used in an attack.
If available, review the content of any phishing scams directed at your organization for phrases, URLs or other details which may be included in spam filters.
And, obviously, communicate with the user of the account to change their account credentials to prevent unauthorized use.

So what other things would your recommend as part of the recovery of the intrusion? Are there are other steps that need to be followed should the intruder access other resources other than email services?

Scott Fendley ISC Handler (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Tech companies are hitting the courts in droves. We track the patent madness.
HTC has filed a lawsuit against Apple for allegedly infringing on three patents, the latest in the legal battle raging between the companies.
Although we don't know yet just when AT&T will fire up its LTE network, we now know that AT&T will start selling LTE gear next week.
Open Handset Alliance Android Browser Sandbox Security Bypass Vulnerability
Google's Chrome blocked four times more malicious sites and malware than a year ago, but Firefox 4 was much less effective at warning users of danger than Mozilla's browser last year, according to a report from NSS Labs.
Twitter has added a native function to its API for attaching images to posts, designed to make it easier for third-party developers to include photos with their applications' messages, or "tweets."
Samsung is again free to sell its Android-based Galaxy Tab 10.1 in all European Union countries except for Germany, after a court in Düsseldorf changed its injunction enacted last week.
{Lostmon´s Group} Elgg 1.8 beta2 and prior to 1.7.11 'container_guid' and 'owner_guid' SQL Injection
Malformed DHCPv6 packets cause RPC to become unresponsive
CVE-2011-2664 Symlink Following and Second-Order Symlink Vulnerabilities in Multiple Check Point Security Management Products
phpList Improper Access Control and Information Leakage vulnerabilities
Apple today started selling Lion on a USB flash drive for $69, more than double the price of the downloaded version.
Google was praised on Tuesday by the U.K.'s data protection watchdog for strengthening its privacy policies but the agency said the company still needs to improve.
Apple touts its GarageBand for iPad application as a great way to play and record music without the need to learn scales or time signatures. Musical newbies aren’t the only ones interested in using the $5 app, however. GarageBand for iPad appeals to seasoned musicians, too. And those with significant investments in recording equipment may be wondering which, if any, of their existing gear will work with the portable version of GarageBand. I decided to grab my trusty iPad, my iPad camera connection kit, and powered USB hub and plug in whatever I had around to see what would work.
In February, the mobile industry will once again head to Barcelona for Mobile World Congress, which will feature a new section focusing on different aspects of mobile marketing, show organizer GSM Association said.
X.Org libXfont LZW Decompression 'BufCompressedFill()' Local Privilege Escalation Vulnerability
ISC DHCP Multiple Denial of Service Vulnerabilities
Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability
A private cloud architecture leverages the power of end-to-end virtualization so workloads can be fluidly distributed among a pool of servers, but this ideal cannot be achieved with traditional network infrastructure.
Software development practices such as collaboration and openness to change are now being applied to all parts of a business
A former employee of Flextronics, an electronics manufacturer, was found guilty of stealing at least $1.3 million in company funds and received a prison sentence, California's attorney general said on Monday.
When Greg Martin returned home last Wednesday morning after a night of intense rioting in London, his West End apartment had been ransacked.
Laid off IT workers explain their reasons for filing lawsuit against Molina Healthcare and its outsourcer, Cognizant, to Computerworld.

What's a fair punishment for data breaches?
iT News
Remember to sign up to our Security bulletin for the definitive summary and analysis of Infosec threats. “They don't train their staff properly. They don't supervise their staff properly. They don't have adequate firewalls,” he suggested. ...

and more »
Google's planned acquisition of Motorola Mobility will force the search giant into a whole new set of relationships with mobile operators, which could benefit the carriers but also create tension.
Start-up Nutanix released its flagship product, a VMware-based server combined with SSD and hard drive storage, today to deliver a clustered system that grows over time.
ktsuss Local Security Bypass and Arbitrary Code Execution Vulnerabilities
San Francisco's commuter railway left mobile phone services untouched during a closely watched protest Monday, but for many commuters that didn't matter because they were locked out of the railway system altogether.
Google's $12.5 billion purchase of Motorola Mobility will land it a vast portfolio of patents, but the legal obstacles facing its Android operating system are far from over, legal experts said.
Internet Storm Center Infocon Status