InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A design decision made by Oracle architects long ago may have painted some of Oracle's largest customers into a corner. Patches have arrived, but how much will they correct?
What is it about politicians that makes them believe that they, with a few minutes' cursory review, know better than people who have studied in an area for decades? Whatever the case, it far from a rare condition. The most recent example of this attitude is the copyright protection proposals currently in front of Congress.
Apparently fed up with delays, Oracle said it is willing to drop its claims of patent infringement against Google if the court will hear its copyright complaints soon.
A hearing to amend and debate the controversial Stop Online Piracy Act should resume in February, its chief sponsor said, even in the face of new opposition to the copyright enforcement bill.

In my DNS server query logs, I am starting to see more queries usingmixed case, like for example:


These queries appear to be the result of DNS servers supporting a relativelynew DNS security mechanism, 0x20 Bit encoding. The approach got its namefrom encoding a bit value using the case of letters. if bit 0x20 is set in abyte, the letter is lower case. If it is cleared, the letter is upper case.
For example, the first value show above ( www.HOMEPC.ORg ) represents a valueof 11100000001 . How does this help DNS security? Host names are not casesensitive. However, the case is maintained. The answer will use the samemixed case as the query. For example:

WwW.HoMePc.OrG. 100 IN A
.. [rest of answer omited] ...
As it turns out, almost all DNS servers follow this behaviour. The new part is thatnow some DNS servers start to deliveratly encode a random value into each query theysend, and then verify if the value is maintained in the response. This in effect addsadditional bits to the query id.
While this is clearly a hack, it is a pretty attractive one. If your DNS serversupports this feature, it will automatically gain a few more bits of spoofingresistance. The DNS servers it connects to do not need to change anything. Unlikefor DNSSEC, which is of course the real fix, but requires extensive work to configure,and has to be configured for each zone.
Right now, none of the major DNS servers appear to support this feature. A Google searchonly found two pieces of software that do:
Unbound: https://calomel.org/unbound_dns.html: see use-caps-for-id

pydig: http://www.huque.com/software/pydig/
I would be interested to learn if there are other DNS servers (or DNS related software)that supports this method.




Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Deccan Herald

Fake Lords of Dharmaraja
Deccan Herald
Security publication 'Infosec' published an interview with YamaTough, a spokesman of the Lords, who rambles through mutilated words. He says Lords attacked Indian government to force a pro-US tilt in the government! Yama has a low opinion of Indian ...

Oracle MySQL CVE-2012-0075 Remote MySQL Server Vulnerability
The upcoming release of Windows Server 8 will feature an entirely new file system, called ReFS, that addresses many of the shortcomings of the aging NTFS now used across all current Windows editions, the company announced Tuesday in a blog.
Reader Steve Paulson finds that old and new iOS devices don't always mix in pleasing ways. He writes:
Several websites, including Google, Reddit, Wikipedia, BoingBoing, Imgur and Tucows, plan an unprecedented Internet "strike" Wednesday to protest anti-piracy legislation being considered by Congress.
A dozen of the world's largest Internet companies -- including Facebook, Google and Comcast -- have committed to June 6, 2012, as the start date for their production deployments of IPv6, an upgrade to the Internet's main communications protocol.
Both Oracle and Google would be well-advised to center their cases around people along with a painstaking discussion of patents once their lawsuit over the Android mobile OS goes to trial, according to experts.
Yahoo co-founder Jerry Yang has left the company, the latest dramatic change at the top executive level of the embattled Internet company.

GFI SandBox 4.0

by Lee J

CLEARWATER, Fla., Jan 17, 2012 (BUSINESS WIRE) -- GFI Software's Advanced Technology Group (ATG) today announced the latest in a series of enhancements to GFI SandBox(TM) (formerly CWSandBox) that are making dynamic malware analysis more accessible to cyber-security professionals defending enterprises of all sizes. GFI SandBox is one of the industry's leading malware analysis solutions. It enables users to test files and URLs for potential threats within a controlled environment so they can deploy and implement appropriate defenses when advanced malware and sophisticated cyber-attacks are discovered.

The Recent childish antics by a hacker calling themselves 0xOmar, has lead to a full blown cyber war between Israel and a heap of other countries.

Oracle Sun Solaris CVE-2012-0099 Remote Security Vulnerability
Well i do not know where to start with this one, Hannibal is starting to show his/her childish side now, making up storys and threats and leaking out pointless data and making false statements about the data.

Oracle JDEdwards CVE-2011-3509 Remote Security Vulnerability
Symantec today backed away from earlier statements regarding the theft of source code of some of its flagship security products, now admitting that its own network was compromised.
Atlantis Computing is offering a software product that uses only server memory to run non-persistent virtual desktop infrastructures.
Speculation is swirling that Facebook is getting ready to announce a way to combine information on what users do on, and off, the social network.
A hacktivist group is claiming responsibility for exploiting website vulnerabilities and stealing the personal information of approximately 80 T-Mobile employees.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
A security researcher today criticized Oracle for neglecting to patch its core database products, noting that the massive update slated for later Tuesday will set a record for the fewest fixes.
Reports were circulating Tuesday that Facebook will launch its initial public offering in May.
The National Security Agency (NSA) has released SE Android, a security-enhanced version of Android, which provides and enforces stricter access-control policies than those found in the popular mobile operating system by default.
ESA-2012-003: EMC SourceOne Web Search Sensitive Information Disclosure Vulnerability.
Microsoft on Tuesday said the release candidate of System Center 2011, software that companies use to manage their cloud services, is now available.
While every feature in smartphones seems to be going toward bigger and faster, Verizon Wireless announced a 16GB version of its Droid Razr for $199.99, in addition to its 32GB version for $299.99.
Security researchers are worried that the alleged Russia-based authors of Koobface, a piece of malicious software that plagued social networking sites such as Facebook, may slip away before law enforcement can catch them.
Linux Kernel 'net/ipv4/igmp.c' Remote Denial of Service Vulnerability
FFmpeg SVQ1 Stream File Remote Code Execution Vulnerability
Mozilla dramatically slowed the update pace of Firefox 9, the browser it shipped late last month.
Apple continues to hound Samsung Electronics at the district court in Düsseldorf, and has now filed another lawsuit aimed at 10 models in its Galaxy family of smartphones, according to Peter Schütz, spokesman at the court.
Tata Consultancy Services, India's largest outsourcer, posted strong revenue in the quarter ended Dec. 31, with growth across all its markets including Europe, which is being hit by a debt crisis.
Your contract with a cloud provider should have language clearly affirming your ownership of your data.
With the increase in the amount of music sold digitally, more people are buying songs, and fewer people are buying albums. While some have suggested that the days of the album are numbered, I don’t think this is the case. Buying individual songs is nothing new, and while many buyers are eschewing complete albums to get just the hits they want, this is only a minor shift in the way music is sold. So what is the future of albums?
Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
Apache HTTP Server 'ap_pregsub()' Function Local Privilege Escalation Vulnerability
The uptake of wireless networks based on 802.11ac is expected to be high when the first products arrive later this year, according to a report from IMS Research.
pwgen: non-uniform distribution of passwords
Re: p0f3 release candidate
[SECURITY] CVE-2012-0022 Apache Tomcat Denial of Service
[SECURITY] CVE-2011-3375 Apache Tomcat Information disclosure
@b4lc4nh4ck has hacked and dumped a huge load of accounts from videogamesplus.ca the leak which was announced via pastebin is uploaded to rapidshare and is a sql file that contains 21,000 user accounts.


Islington Council Puts Its Trust in Becrypt
SourceWire (press release)
“Trusted Client was the knockout product of Infosec 2009, and it ticked a lot of boxes for us: being the only fully accredited CESG solution of its type, it enables us to fulfil our security obligations, while ensuring that we can accommodate our ...

and more »
Pay no attention to those chattering consortia -- when it comes to charting a course for HTML adoption, the browser is the new standard.
Ditch the slackers, take on dirty work, do it with data -- here's how to get the inside track on a highly rewarding career in IT

Posted by InfoSec News on Jan 17


By Adrian Blomfield, Jerusalem
The Telegraph
16 Jan 2012

The distributed denial-of-service attacks, which also targeted three
Israeli banks, were the latest salvo in a month-long offensive between
Arab and Jewish hackers determined to give the Middle East conflict an
online dimension.

Monday's hacking incident...

Posted by InfoSec News on Jan 17


By John Leyden
The Register
16th January 2012

Online shoe and apparel outlet Zappos.com has apologised over a massive
data breach that exposed the personal details of millions.

Up to 24 million customers of the Amazon subsidiary may have been
affected by the breach, which exposed names, email addresses, addresses,
phone numbers, and password hashes. Zappos stressed that credit card

Posted by InfoSec News on Jan 17


By Darren Pauli
Jan 16, 2012

Tasmanian techie spreads security.

The war between anti-whaling outfit Sea Shepherd and Japanese whalers
isn’t just occuring on the high seas, it’s also in cyberspace, with
hackers believed to have attacked the environmental vigilante's websites
as whalers try to block radio communications between its ships.

Yesterday we came across a data dumped that claimed to be from game.co.uk, however since then game has announced that no breach has happened and all accounts are safe.


Posted by InfoSec News on Jan 17


By Chris Kanaracus
IDG News Service
January 13, 2012

Oracle is set on Tuesday to release 78 security fixes for
vulnerabilities in its database, middleware and applications, according
to a preview announcement posted to the company's website this week.

A full 27 of those are targeted for the MySQL database. One of the
vulnerabilities can be...
The other night, we got in contact with the hacker Hannibal and had the chance to ask a few basic questions which im sure are the main ones eeveryone wants to know.

In what we reported early today that a couple of systems had been taken down and possibly an ISP as well within Israel was not infact a result of Ddos attacks the ISP has claimed.

STRATFOR suffered massive attacks over Christmas of 2011 and as a result they had to down there network while they figure what had happened to there complete network as it was destroyed by anonymous hackers.

In the ever growing cyber war between Israel and many other country's a group of hackers going by the name ZionOps has claimed they have Owned 0xOmar, the hacker who released thousands of credit cards with intentions for mass disruption.


AiNET Extends Platinum Sponsorship of Leading Information Security ...
PR Web (press release)
Continued participation in and platinum sponsorship of the leading organization of independent, information security (INFOSEC) professionals highlights AiNET's expertise and commitment to INFOSEC in its Cloud and Trusted Storage service offerings and ...

Pak Cyber Combat Squad (PCCS) has joined the #OpFreePalestine Fight along side many other hackers who have recently come out and started to fight as one.

Just some random account dumps which are most likely the results of a phishing scam or bot.

This type of attack makes one wonder, what administrators and developers are paid to do when they are called in to fix exploits, it would seem they fail to fix the systems more often then not and this ends up in what we see here, the rehacking of a website database.

STK, who yesterday published a huge amount of websites that have been hacked and had data leaked has contuined to dump database's today with a further 20 sites being hacked.

Chriss1001 leaked a famous sport site for Oklahoma and has leaked there email, password, phones, cities, states Site: www.oksportsandfitness.com

Wikipedia has decided to black out the English version of the online encyclopedia for 24 hours on Wednesday to protest against controversial legislation in the U.S., following a cue given by some other Internet sites including social news site Reddit which will black out its site for 12 hours on the same day.
Internet Storm Center Infocon Status