Share |

InfoSec News


Signify focuses on the 'service' in managed service at Infosec
Cambridge Network
While Infosec will be full of companies launching new cloud based solutions, we believe that too many of them simply pay lip service to the 'service' in managed service.” Signify's service has 99.999% service availability, but in fact over the last two ...

 
TIBCO tibbr 'HTTP Request' Cross Site Scripting Vulnerability
 
Watch out, Groupon. Theres a new deal-maker in town.
 
In an interview, new HP CEO Leo Apotheker said he expects the company's experience in the consumer market will help it expand its IT business as users bring personal devices to work and expect corporate support.
 
Google on Tuesday updated Chrome, patching a flaw in the browser's copy of Flash Player.
 
Last weeks' earthquake and tsunami in Japan may put a crimp in Apple's supply of flash memory, but its problem will pale in comparison to smaller firms, an analyst said today.
 
BlackBerry-maker Research In Motion and software giant Microsoft are expected this week to announce a free version of Microsoft's hosted BlackBerry Enterprise Server (BES) for Exchange Online-hosted e-mail customers.
 
Microsoft's new Internet Explorer 9 browser has been redesigned with a clean interface and vastly increased performance.
 
HTC Arrive, the first Windows Phone 7 smartphone to run on Sprint's CDMA network, will feature copy-and-paste functionality that has been unavailable in updates to earlier-shipping WP7 phones on networks run by AT&T and T-Mobile USA.
 
Reader Lis is a Windows 7 user who likes to use custom icons for folders. This is done, of course, by right-clicking a folder, choosing Properties, clicking the Customize tab, and then clicking the Change Icon button.
 
The number of devices and modules that come equipped with LTE has grown to 98, according to a report from industry organization GSA (Global mobile Suppliers Association).
 
With the rising awareness and concern over the stealing of passwords and other sensitive data from unsecured Wi-Fi networks, Twitter is the latest online services company to boost its use of encrypted website connections.
 
Samsung on Wednesday unveiled details of its soon-to-be-released Galaxy Player, a handheld device that offers a choice of different screen sizes to let users view movies, play games or run Internet applications on the go.
 
The Obama Administration is backing a new data privacy bill of rights aimed at protecting consumers against indiscriminate online tracking and data collection by advertisers.
 
[ MDVSA-2011:045 ] postfix
 
Linux Kernel 'io_submit_one()' NULL Pointer Dereference Denial of Service Vulnerability
 
Symantec plans to release a major upgrade to its flagship storage management application, Storage Foundation 6.0, which will allow users to manage a cloud infrastructure from end to end.
 
Online retailer Wirefly said its first day of pre-sales of the HTC ThunderBolt smartphone were 400% higher than any other cell phone pre-orders in the company's eight-year history.
 
The specification for the next version of Java Enterprise Edition has been approved unanimously, according to a posting on the Java Community Process website.
 
Microsoft yesterday followed Mozilla's lead by adding support to IE9 for the same "Do Not Track" technology used by Firefox 4.
 
Linux Kernel IGB Panic VLAN Packet Remote Denial of Service Vulnerability
 
HP Client Automation Remote Code Execution Vulnerability
 
Motorola Mobility announced today that its Wi-Fi-only Xoom tablet will hit the U.S. market on March 27 for $599 from a variety of retailers.
 
Google is working to restore offline storage capabilities for its Apps productivity software and should have it done by the end of the year, according to a senior company official.
 
WellinTech KingView 'KVWebSvr.dll' ActiveX Control Heap Buffer Overflow Vulnerability
 
Oracle Java SE and Java for Business CVE-2010-4467 Remote Java Runtime Environment Vulnerability
 
Oracle Java SE and Java for Business CVE-2010-4422 Remote Vulnerability
 
There are plenty of tools to extract files that are transmitted via HTTP. For example Jim Clausing's brilliant perl script [1], or the Wireshark export features among many others (chaosreader, xplico, network miner ...).
However, I am sometimes faced with a different problem:You do have a network capture of a set of HTTPrequests, and you are trying to replay them in all of their beauty, which includes all headers and POST data if present.
There are two parts to this challenge:
- extracting the HTTPrequests from the packet capture.

- sending the packet capture to a web server
tcpreplaymay appear like the right tool, but it will just blindly replay the traffic, and the web server will not actually establish a connection.
wireshark can be used to extract the data using the tcp stream reassembly feature, but this can't easily be scripted. tshark does not have a simple feature to just extract the http requests. You can only extract individual headers easily or the URLs.
The probably easiest way to parse the packet capture, and extract the request, is the perl module Sniffer::HTTP
my $sniffer = Sniffer::HTTP-new(
callbacks = {
request = print $req-as_string,n if $req },


$sniffer-run_file(/tmp/tcp80


Will read packets from the file /tmp/tcp80, and print the HTTPrequests. The output could now be used to pipe it to netcat (or directly send it from perl).

[1] http://handlers.sans.org/jclausing/extract-http.pl
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
VMware is waiting for Apple to approve a software client for iPads that will allow IT staff to manage their virtualized environments.
 
The sale of switches and adapters for use in storage area networks "rebounded nicely" in 2010, after a drop in 2009, according to data from Infonetics Research.
 
[DSECRG-11-014] SAP GUI (sapgui) - DLL hijacking
 
[DSECRG-11-013] SAP NetWeaver Runtime - multiple XSS
 
[DSECRG-11-012] SAP NetWeaver Integration Directory - multiple XSS
 
[DSECRG-11-011] SAP Crystal Reports 2008 - Multiple XSS
 
World technology hardware supplies will take as long as six months to resume normal flows following disruptions from last week's massive earthquake in Japan, a lead Bank of America Merrill Lynch researcher said on Wednesday.
 
This is turning out to be a big week in browser-land, with both the official release of IE9 and the Firefox 4 release candidate (RC) now available for your downloading satisfaction. Both include big changes to the user interface, as well as the underlying technology. Come along as we compare these two new browsers in a few of key areas.
 
In an exclusive interview, HP's new CEO expands on his strategy and offers frank assessments of his competition
 
Google has upgraded the ability to post comments and respond to them in its Docs office productivity applications, making the feature more dynamic and more integrated with e-mail.
 
Infor is hoping to shed perceptions that it hasn't emphasized product innovation throughout the long string of acquisitions.
 

Westfield Insurance Launches eBook Guide to Information Security
Marketwire (press release)
The eBook is available as a free download through Westfield's online media room at http://www.westfieldinsurance.com/mediaroom/infosec/. It provides tips on protection from security exposures such as spamming, tailgating and password hacking. ...

and more »
 

Data security in demand, pays well
Philadelphia Inquirer
With increasingly frequent reports of big companies such as Google, DuPont, GE, and Johnson & Johnson being targeted by hackers, the "infosec" career field is growing "as fast as online computing is expanding," said Weaver, 33. ...

and more »
 
Technology companies across Asia have found ways to help people in Japan left devastated by the 9.0-magnitude earthquake last Friday, the 7-meter tsunami it spawned, and displacement caused by troubles at a nuclear power plant there.
 
The 8.9 magnitude earthquake last week has brought damages to six plants of the Fujitsu Group and several facilities of Canon.
 
A flash memory working group announced a new interface specification on Tuesday that could speed up data transfers from flash storage products such as solid-state drives inside computers and consumer electronics.
 
Speech recognition is a technology that never fulfilled its promise -- until the smartphone came along. We examine its history and look at what's to come.
 
Smartphones and tablets have a bright future in the U.S. military, according to two Pentagon contractors working on mobile apps that troops can use with their iPads, iPhones and Android devices.
 

Data security in demand, pays well | Philadelphia Inquirer | 2011-03-16
Philadelphia Inquirer
With increasingly frequent reports of big companies such as Google, DuPont, GE, and Johnson & Johnson being targeted by hackers, the "infosec" career field is growing "as fast as online computing is expanding," said Weaver, 33. ...

and more »
 
InfoSec News: Web attackers deface gov't sites, steal from financials: http://www.csoonline.com/article/677028/web-attackers-deface-gov-t-sites-steal-from-financials
By Robert Lemos CSO March 15, 2011
Driven by the hacktivism of the loose-knit Anonymous group, denial-of-service attacks surged to the top of the list of Web [...]
 
InfoSec News: Ottawa urged to fight power-grid hackers: http://www.canada.com/technology/Ottawa+urged+fight+power+grid+hackers/4442522/story.html
By Ian MacLeod Postmedia News March 15, 2011
Computer hackers are penetrating Canada's power grid, say industry insiders who want the federal government to act. [...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, March 6, 2011: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, March 6, 2011
6 Incidents Added.
======================================================================== [...]
 
InfoSec News: What Auditors Are Saying About Compliance And Encryption: http://www.darkreading.com/database-security/167901020/security/encryption/229301041/what-auditors-are-saying-about-compliance-and-encryption.html
By Kelly Jackson Higgins Darkreading March 15, 2011
In more than half of the audits they have conducted, both internal IT [...]
 
InfoSec News: Health Net discloses loss of data to 1.9 million customers: http://www.computerworld.com/s/article/9214600/Health_Net_discloses_loss_of_data_to_1.9_million_customers
By Jaikumar Vijayan Computerworld March 15, 2011
Health Net, a provider of managed health care services, yesterday said that it's alerting some 1. [...]
 

Posted by InfoSec News on Mar 15

http://www.csoonline.com/article/677028/web-attackers-deface-gov-t-sites-steal-from-financials

By Robert Lemos
CSO
March 15, 2011

Driven by the hacktivism of the loose-knit Anonymous group,
denial-of-service attacks surged to the top of the list of Web
incidents, outpacing SQL injection and cross-site scripting, according
to a survey of publicly disclosed attacks.

The ongoing survey, known as the Web Hacking Incident Database,
categorized...
 

Posted by InfoSec News on Mar 15

http://www.canada.com/technology/Ottawa+urged+fight+power+grid+hackers/4442522/story.html

By Ian MacLeod
Postmedia News
March 15, 2011

Computer hackers are penetrating Canada's power grid, say industry
insiders who want the federal government to act.

"We certainly know from our customers that their systems have been
infiltrated. It's been going on for some time," said Doug Westlund,
president of N-Dimension Solutions, a Richmond...
 

Posted by InfoSec News on Mar 15

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, March 6, 2011

6 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported
data loss incidents world-wide. The Open Security Foundation asks for
contributions of new incidents and new data for...
 

Posted by InfoSec News on Mar 15

http://www.darkreading.com/database-security/167901020/security/encryption/229301041/what-auditors-are-saying-about-compliance-and-encryption.html

By Kelly Jackson Higgins
Darkreading
March 15, 2011

In more than half of the audits they have conducted, both internal IT
security and external auditors say the companies either failed or had
serious deficiencies in their security compliance. And more than half
say organizations are employing...
 

Posted by InfoSec News on Mar 15

http://www.computerworld.com/s/article/9214600/Health_Net_discloses_loss_of_data_to_1.9_million_customers

By Jaikumar Vijayan
Computerworld
March 15, 2011

Health Net, a provider of managed health care services, yesterday said
that it's alerting some 1.9 million customers that nine server drives
containing personal and health data were recently discovered to be
missing from a data center in Rancho Cordova, Calif.

The data center is managed...
 


Internet Storm Center Infocon Status