Information Security News

[SECURITY] [DSA 2166-1] chromium-browser security update

While security pros should be concerned with the decreasing efficacy of signature-based antivirus, employee threats should warrant increasing attention.

At RSA Conference 2011, a Town Hall-style meeting of government cybersecurity officials, including cybersecurity coordinator Howard Schmidt, pressed for continued public-private sector cooperation, increased information security awareness training and online trust initiatives.

A new vulnerability has been discovered exploiting SMBcomponent of Windows. The attack involves sending of malformed Browser Election requests leading the heap overflow within the mrxsmb.dll driver.The vulnerability is known to be able to cause DoSand fully control of vulnerable machines. Proof of concept code for DoShad been released. There are reports that this exploit only work on local network segment (this hasn't been verified).
The general practice of block port 138, 139 and 445 should be observed especially with this 0-day.
More information on this exploit
http://www.vupen.com/english/advisories/2011/0394

(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.

Signature-based antivirus not quite dead
SearchSecurity.com
SAN FRANCISCO -- It's unmistakable: Infosec pros have long heard the death rattle of signature-based antivirus (AV). With the amount of malware currently in circulation -- and rising exponentially by the day ...

InfoSec News: Security Costs SMBs 16 Days Per Month: http://www.informationweek.com/news/smb/security/showArticle.jhtml?articleID=229216088
By Kevin Casey InformationWeek February 10, 2011
IT pros at small and midsize businesses (SMBs) spend 127 hours every month managing their on-premises security infrastructure, according to a [...]

InfoSec News: Hackers Build Android Encryption Apps For Egypt: http://blogs.forbes.com/andygreenberg/2011/02/10/hackers-build-android-encryption-apps-for-egypt/
By Andy Greenberg The Firewall Forbes.com Feb. 10 2011
Cellphones may be helping to connect and organize the pro-democracy protesters massing in the streets of Cairo and Alexandria. [...]

InfoSec News: Secunia Weekly Summary - Issue: 2011-06: ========================================================================
The Secunia Weekly Advisory Summary 2011-02-03 - 2011-02-10
This week: 81 advisories [...]

InfoSec News: Cyber warfare threat to America cannot be 'overstated', top U.S. intelligence chief warns Congress: http://www.dailymail.co.uk/news/article-1355596/Al-Qaeda-Cyber-warfare-threat-overstated-warns-US-intelligence-chief.html
By Daily Mail Reporter 10th February 2011
America's top intelligence chief warned Congress today that the cyber warfare facing the U.S. is increasing in scope and scale. [...]

InfoSec News: EVT/WOTE '11 Call for Papers Now Available: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>
On behalf of the 2011 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE '11) program committee, we are inviting you to submit your original research on important problems in all aspects of electronic voting. [...]

InfoSec News: Cyber warfare threat to America cannot be 'overstated', top U.S. intelligence chief warns Congress: Forwarded from: Richard Forno <rforno (at) infowarrior.org>
As Marc Maiffret correctly noted in his EEye blog post last night, funny how these cyberwarfare threats always tend to show up around the RSA conference......
Scary Night Dragons Fall from Sky http://blog.eeye. [...]

InfoSec News: NASDAQ Breach: Lesson for Banks: http://www.bankinfosecurity.com/articles.php?art_id=3342
By Tracy Kitten Managing Editor Bank Info Security February 11, 2011
Could real-time forensics have helped uncover the NASDAQ breach sooner?
It's unclear how long cyberhackers breached and prowled NASDAQ's network and systems. [...]

InfoSec News: Low security awareness found across IT: http://www.computerworld.com/s/article/9208890/Low_security_awareness_found_across_IT_
By Jaikumar Vijayan Computerworld February 10, 2011
A broad spectrum of IT people, including those close to security functions, appear to have little awareness of key security issues [...]

InfoSec News: Anonymous hack showed password re-use becoming endemic: http://www.theregister.co.uk/2011/02/10/password_re_use_study/
By John Leyden The Register 10th February 2011
Computer scientists have discovered that password re-use is far more prevalent than previously thought after comparing a sample of matched [...]

InfoSec News: CFP: 7th International Workshop on Security and Trust Management (STM'11): Forwarded from: "M. Carmen Fernandez Gago" <mcgago (at) lcc.uma.es>
Call for Papers
7th International Workshop on SECURITY and TRUST MANAGEMENT (STM'11) Copenhagen, Denamrk 27-28 June 2011 http://www.isac.uma.es/stm11
in conjunction with IFIPTM 2011 [...]

InfoSec News: [Dataloss Weekly Summary] Week of Sunday, February 6, 2011: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, February 6, 2011
21 Incidents Added.
======================================================================== [...]

InfoSec News: NSW Ambulance Service recovers from computer virus: http://www.smh.com.au/technology/security/nsw-ambulance-service-recovers-from-computer-virus-20110214-1ate0.html
By Ben Grubb The Sydney Morning Herald February 14, 2011
Computers which coordinate NSW's ambulances all finally returned to normal Monday afternoon after a virus forced staff to shut them down for more than 24 hours.
One source who used to work closely with the Computer Aided Dispatch System (CAD) system told this website that the ambulance service was "very protective of it when I worked there" and that the virus likely infiltrated the network via an infected USB as the network was a "physically isolated network" with "no internet connection of any kind".
"The only way a virus could get onto it would be via physical access – someone with the virus on a USB key," the source said. "It's probably just someone [who] has plugged in an infected USB and it's infected a few Windows PCs in the office."
Those claims were put to the NSW Ambulance Service but it declined to comment on them.
[...]

InfoSec News: CIA Director Leon Panetta Warns of Possible Cyber-Pearl Harbor: http://abcnews.go.com/News/cia-director-leon-panetta-warns-cyber-pearl-harbor/story?id=12888905
[CIA Director John Deutch warned yesterday that hackers could launch "electronic Pearl Harbor" cyber attacks on vital U.S. information systems. June 26th 1996 - http://nydn.us/hzEXtm - WK] [...]

InfoSec News: Experts: China must raise level of cyber security: http://www.chinadaily.com.cn/china/2011-02/12/content_11989991.htm
By Zhou Wa China Daily 2011-02-12
BEIJING - Chinese experts called for more attention to be given to China's cyber security studies on Friday to prevent the nation from falling victim to international hacking attacks. [...]

InfoSec News: Report: Stuxnet Hit 5 Gateway Targets on Its Way to Iranian Plant: http://www.wired.com/threatlevel/2011/02/stuxnet-five-main-target/
By Kim Zetter Threat Level Wired.com February 11, 2011
Attackers behind the Stuxnet computer worm focused on targeting five organizations in Iran that they believed would get them to their final [...]

InfoSec News: SyScan'11 Singapore Call For Paper and [email protected]: Forwarded from: Thomas Lim <thomas (at) syscan.org>
http://www.syscan.org/index.php/sg
The CFP for SyScan'11 will close on 28th February 2011. please send in our submission quickly.
All selected speakers for SyScan'11 Singapore will enjoy the following benefits:
1. [...]

InfoSec News: Cyber Security 'Expert' Is Felon, Accused Plagiarist, Uncertified Hacker: Forwarded from: security curmudgeon <jericho (at) attrition.org>
: http://www.cbsatlanta.com/news/26862410/detail.html : : By Jeff Chirico : CBS Atlanta Investigative Reporter : February 14, 2011 : : ATLANTA -- CBS Atlanta is asking Tough Questions about the credentials [...]

InfoSec News: Israeli security chief celebrates Stuxnet cyber attack: http://www.telegraph.co.uk/technology/news/8326274/Israeli-security-chief-celebrates-Stuxnet-cyber-attack.html
By Christopher Williams Technology Correspondent Telegraph.co.uk 16 Feb 2011
The video of Lieutenant General Gabi Ashkenazi's operational successes [...]

InfoSec News: HBGary Execs Run For Cover As Hacking Scandal Escalates: http://blogs.forbes.com/andygreenberg/2011/02/15/hbgary-execs-run-for-cover-as-hacking-scandal-escalates/
By Andy Greenberg The Firewall Forbes.com Feb. 15, 2011
Rarely in the history of the cybersecurity industry has a company become so toxic so quickly as HBGary Federal. [...]

InfoSec News: Pentagon Deputy: What if al-Qaeda Got Stuxnet?: http://www.wired.com/dangerroom/2011/02/pentagon-deputy-what-if-al-qaeda-got-stuxnet/
By Spencer Ackerman Danger Room Wired.com February 15, 2011
Points for imagination here: at the RSA information-security conference in San Francisco, Deputy Defense Secretary William Lynn worried aloud [...]

InfoSec News: Obama seeks big boost in cybersecurity spending: http://www.computerworld.com/s/article/9209461/Obama_seeks_big_boost_in_cybersecurity_spending
By Patrick Thibodeau Computerworld February 15, 2011
WASHINGTON -- The White House is proposing a big increase in cybersecurity research and development in next year's budget to improve, [...]

InfoSec News: Man pockets $8m running computer fraud ring: http://www.theregister.co.uk/2011/02/16/computer_fraud_plea/
By Dan Goodin in San Francisco The Register 16th February 2011
A New Hampshire man has admitted pocketing almost $8 million in a scheme that infected people's computers with software that forced their modems [...]

InfoSec News: CFP: 3rd Workshop on Intelligent Security - Security and Artificial Intelligence (SecArt-11): Forwarded from: Yacine Zemali <yacine.zemali (at) ensi-bourges.fr>
[Apologies if you receive multiple copies. Please distribute this call to interested parties.] 3rd Workshop on Intelligent Security Security and Artificial Intelligence (SecArt-11) [...]

InfoSec News: Cyber Security 'Expert' Is Felon, Accused Plagiarist, Uncertified Hacker: http://www.cbsatlanta.com/news/26862410/detail.html
By Jeff Chirico CBS Atlanta Investigative Reporter February 14, 2011
ATLANTA -- CBS Atlanta is asking Tough Questions about the credentials of the self-proclaimed "world's No. 1 hacker." Gregory D. [...]

InfoSec News: CIA Director Leon Panetta Warns of Possible Cyber-Pearl Harbor: Forwarded from: Richard Forno <rforno (at) infowarrior.org>
First off: this is the same Leon Panetta who told a Congressional committee last week that his official estimate that Mubarak would step down on DayX was based on "media reports." (http://www.washingtonpost. [...]

Stanford University researchers have found a way to double the capacity of wireless networks, while at the same time making them more reliable and efficient.

[SECURITY] CVE-2011-0533: Apache Archiva cross-site scripting vulnerability

[USN-1065-1] shadow vulnerability

[SECURITY] [DSA 2165-1] ffmpeg-debian security update

Gain Windows Domain Admin Privileges - Online Challenge

Gemalto's Protivia Mobile One Time Password application provides two-factor authentication for users on iPhones, BlackBerrys and some Windows smartphones.

nuBridges announced its Tokenization as a Service (TaaS) cloud-based data tokenization service, and promised customers ownership of their data even if they cancel the service.

Dan Kaminsky and other experts involved in DNSSEC deployments, during an RSA Conference 2011 session, urged enterprises to consider rolling out support for the new Internet protocol.

Do you own a smartphone, a netbook, a tablet PC, a digital camera, an MP3 player? Or an iPod Touch, a laptop, a handheld gaming console, and/or a Kindle or other type of e-reader?

Cisco has launched an architectural framework designed to enhance users' experiences across mobile and wireless networks.

SRA has launched One Vault Messenger, which is a short message service (SMS) encryption product for BlackBerry mobile devices.

At Mobile World Congress Monday Microsoft CEO Steve Ballmer announced that the company will be pushing new features to Windows Phone 7 users including access to SkyDrive, multitasking and a new HTML5 browser.

When Intel CEO Paul Otellini received a call from Nokia chief Stephen Elop about Nokia's move to Microsoft, he used a word that Yahoo CEO Carol Bartz "has often used."

Google's growing influence in the mobile industry is clearly proving worrisome to some device makers and operators, a few of whom put up a united front against the search giant during a round table at Mobile World Congress in Barcelona on Wednesday.

Some people may yet debate the value of femtocells, but the tide has turned: in 2010, the number of femtocells around the world exceeded the number of macrocells, according to the Femto Forum.

Chinese handset manufacturer ZTE plans to launch its first smartphone in the U.S. this year, a move that follows the company's latest success in securing a bigger hold of the mobile phone market.

In a move that underscores the importance of both mobile devices and video in staying connected within enterprises, Logitech is extending its LifeSize video streaming system to iPads, iPhones and iPods.

CA Technologies said its cloud-authentication service now features advanced controls to let customers more effectively control who gets into corporate applications.

Acknowledging that security technologies can't possibly prevent every cyberattack, several vendors at the RSA Conference advised companies to just assume that their systems will be breached at some point.

Don't have the budget for a large software or hardware buildout? Take a page from these five IT start-ups that focus on cloud and mobile delivery to speed deployment, reduce infrastructure costs and ease management headaches.

Dueling open source alternatives to Microsoft Office match word processors, spreadsheets, and much more; which one should you choose?