InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
If you're a Verizon customer upset that your next smartphone contract won't include unlimited data, Sprint would like to remind you that you have an alternative.
Security experts say some issues haven?t been adequately addressed by the White House security chief.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
HP is reportedly considering laying off 25,000 workers. The company called that report speculation.
RETIRED: EMC Documentum Information Rights Management (IRM) Server Denial of Service Vulnerabilities
EMC Documentum Information Rights Management (IRM) Server Multiple Denial of Service Vulnerabilities
With Facebook's long-anticipated IPO expected to hit on Friday morning, the company set its initial share price at $38 today.
The hackers in charge of the Flashback botnet managed to generate $14,000 from their click fraud campaign, but have not been paid, Symantec said today.


One of the sections on the ISC Tools page is Information Gathering at https://isc.sans.edu/tools/#info-gathering. This collection will help you easily find out how your browser and plugins look to the outside and lists some other information lookup tools.


Browser Headers - https://isc.sans.edu/tools/browserinfo.html

How a server sees your browser.

https://isc.sans.edu/tools/browserinfo.html#your-info - You public IP and various pieces of Header iformation
https://isc.sans.edu/tools/browserinfo.html#additional - Additional lookups that require javascript be enabled
https://isc.sans.edu/tools/browserinfo.html#plain-text - Plain text information summary you can copy/paste for analysis

Browser Plugin Detector - https://isc.sans.edu/tools/adobinator.html

This page attempts to detect various browser plugins. The detection code used was created using PluginDetect.

Lists plugins detected and various version information for each.

Site Availability Check - https://isc.sans.edu/tools/sitecheck.html

Checks if hostname is reachable.

Single input box.
Displays failure if unreachable.
If reachable, outputs:

Page load time
Page size in bytes
Return status code (ie. 200 success)
Final URL

Site DNS Check - https://isc.sans.edu/tools/dnscheck.html

Hostname to IP DNS resolver.

Single input box.
Output IP if system is able to resolve.

Whereis[IP] - https://isc.sans.edu/tools/whereis.html

Multi-line input box. Enter one(1) IP per line.
Output table contains:

IP ADDRESS queried
NETWORK assignment
COUNTRY abbreviation
ISP name
RIR - Name of registry

Content Security Policy Test - https://isc.sans.edu/tools/csptest.html

Created for Firefox 4 but features may be found in other browsers.

Lots of details and information on the test outlined and explained on the page

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form


Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center https://isc.sans.edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Unless Microsoft allows other browser makers to call important APIs in Windows RT, it's "probably not worth it to even bother" building a version of Firefox for the new OS, a Mozilla product director said.
The specification for next-generation mobile DRAM was published, offering smartphone, tablet and ultra-thin notebook makers a 50% increase in memory performance.
The University of Kentucky says it has reshaped its business intelligence capability by adopting SAP's in-memory system, HANA.
AT&T Thursday launched its 4G LTE service in, New Orleans, Baton Rouge and Naples, Fla., today, which extends its high-speed network implementations to 38 markets.
Symantec Web Gateway 'l' Parameter Cross Site Scripting Vulnerability
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
With Facebook's initial public offering creating such a frenzy of interest, there's an important question to be considered: What happens if tomorrow or next week or five months from now, this investment goes south?
Kent WEB MART Handling Cookies Cross Site Scripting Vulnerability
[security bulletin] HPSBUX02782 SSRT100844 rev.1 - HP-UX Running OpenSSL, Remote Denial of
[security bulletin] HPSBUX02777 SSRT100854 rev.1 - HP-UX Running Java JRE and JDK, Remote Denial
[ MDVSA-2012:078 ] imagemagick
[ MDVSA-2012:077 ] imagemagick
T-Mobile USA will debut 4 'No Annual Contract' data service plans on Sunday, while Verizon plans to kill unlimited data plans as users shift to 4G
The malware business growing around Google Android -- now the leading smartphone operating system -- is still in its infancy. Today, many of the apps built to steal money from Android users originate from Russia and China, so criminal gangs there have become cyber-trailblazers.
Once in a while, someone comes up with the idea that firewalls are really not all that necessary. Most recently, Roger Grimes of Infoworld [1][2]. I am usually of the opinion that we definitely probably need firewalls. But I think the points made by the anti-firewall faction offer some insight into not only why we really need firewalls, but also what people don't understand about firewalls.
To clarify from the start: I am talking here about good old basic network firewalls. No deep packet inspection rules and no host based firewalls.
From a security point of view, firewalls offer two main functions: They regulate traffic, and they provide logs. The second part is often neglected. But look over some of the stories here, and quite frequently, you will find cases in which firewall logs tripped the scale. For example the duplicate DNS response issue earlier this week was initially found by an observant reader watching firewall logs.
When it comes to filtering, some consider firewalls not worth the trouble because they only filter on ports that are closed on the server anyway. I think this shows a lack of understanding of what a firewall can do protecting servers. My best firewall wins came usually from outbound filtering from traffic trying to leave the server.
The next argument against firewalls is that there are usually better devices to do the filtering: Proxies have real application insight, router and switch ACLs can usually pick up the low end port filtering part. As far as the proxy is concerned: I say get one too. But proxies are usually rather complex devices to configure correctly and I rather get the easy stuff out of the way first using a firewall. At the same time: How do I make sure my traffic actually uses the proxy? That typically involves a firewall.
A switch or a router may have many features that are found in a classic firewall (even state-full rules and some application logic). They may be perfectly fine for a home user or a small business. However, in particular in an enterprise context, you probably want to split the firewall functionality to a different device, and with that to a different group of people. The people dealing with routing and network performance (packet movers) are usually not the same people that are dealing with firewalls and filtering (packet droppers).
But how many modern attacks are really blocked by firewalls? Aren't they all sending a spear phishing email to the user, tricking the user to download malware some chinese kid wrote via the filtering proxy we installed? Next they exfiltrate the data via that same proxy (or DNS, or SMTP... or other services we have to allow)? In part, these modern attack are a testimony to the effectiveness of firewalls. An attacker would probably rather still use the same tool they used back in the 90s to brute force file sharing passwords and download data straight from the system. But sadly, because now even some universities block file sharing using a firewall, these attacks no longer work.
Against these modern attacks, we have other defenses. Some may work against the older versions of these attacks as well. In short, these defenses can be summarized as end point protection (whitelisting, anti-virus, host based firewall, hardening of the system...). Hardening a large number of end points is however a lot more difficult then configuring a few firewalls well placed at the right choke points.
By now, you are probably going to ask yourself: Why hasn't he talked about defense in depth yet? The argument doesn't really apply if you are trying to argue removing a device. Each additional security device can be justified with defense in depth. But some security devices don not add enough value to justify the expense. I don't think defense in depth itself can be used to justify a *particular* security device. It rather justifies the fact that some of our security devices are redundant and fulfill similar,-) .
Thoughts? Flames? Use the comment feature or sent us a non-public comment via the contact form.


Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Apple has apparently won control of the iphone5.com domain, according to changes in a Web record of the URL.
SSD maker RunCore's InVincible SSD can wipe your data using one of two methods: overwriting the entire disk with meaningless code or frying it with voltage.
[SECURITY] [DSA 2473-1] openoffice.org security update
PHP Address Book 'view.php' SQL Injection Vulnerability
OpenOffice Prior to 3.4 Multiple Memory Corruption Vulnerabilities

The White Hat Rally – One Olympic race not to miss
Infosecurity Magazine
The White Hat Rally takes the InfoSec community's petrol heads and adventure seekers on a scenic, action packed tour in aid of Barnardo's charity. There is still plenty of time for new teams to sign up to take part in the event, which runs from June ...

and more »

Chief information security officers (CISOs) have a lot on their plate. Between data protection, malware detection, compliance regulations, social media security, mobile device management (MDM) and many more areas that fall into the realm of the security team, the CISO is obliged to wear many hats each day.

A recent survey by IBM highlighted this multitude of CISO responsibilities. In the report, Finding a strategic voice: Insights from the 2012 IBM Chief Information Security Officer assessment (.pdf), IBM said the ideal CISO must “assume a business leadership position and dispel the idea that information security is a technology support function. Their purview must encompass education and cultural change, not just security technology and processes. Leaders will need to reorient their security organizations around proactive risk management rather than crisis response and compliance. And the management of information security must migrate from discrete and fragmented initiatives to an integrated, systemic approach.” 

That’s a tall order, and trying to accomplish it all could lead to CISO burnout. It’s not so much that there’s too much to do (although there is). The real problem causing CISOs to reach for the Pepto Bismol is there are too many conflicting demands coming at them from different angles.

But changes to the CISO role may be on the way, according to Jon Olstik, a security analyst at research firm Enterprise Strategy Group. Olstik believes the CISO function will naturally and of necessity divide into two roles: CSO and CISTO.

The chief security officer (CSO) will focus on the intersection of risk and business. The CSO will deal with compliance and legal issues, and be the person who goes before the board of directors to explain the expected return on a $1 million security investment.

The chief information security technology office (CISTO) will focus on IT security architecture and infrastructure. The CISTO will handle security controls, including monitoring and reporting the company’s defenses.

Olstik sums it up like this: CSOs create cybersecurity policies; CISTOs enforce them.

Allocating responsibilities in this way will probably be greatly appreciated by today’s overburdened CISOs. Training programs could focus on the two different career paths, and security professionals could aspire in the direction that best suits their personalities and skills. 


Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
T-Mobile USA clarified its latest restructuring plans and said the changes will result in a net 350 job losses, not 900 as reported earlier.
Israel is where the USB flash drive was invented and where innovative companies such as Anobit and XtremIO are drawing American companies to their shores in droves to get a piece of the intellectual property pie.
There's a dramatic transformation going on in business intelligence practices at many companies, prompted by growing interest in analyzing large, diverse data sets and better tools for completing such tasks.

Hacktivism and what we can learn from it
Now, according to Bevan Lane of Infosec Consulting, as socio-economic problems get worse, more and more people are finding ways to react against their circumstances. We are all constantly hearing of new attacks, but very few of us are actually reacting ...

and more »

Posted by InfoSec News on May 17


By Ericka Chickowski
Contributing Writer
Dark Reading
May 16, 2012

Earlier this month, a Missouri state senator led a filibuster to block
the vote on the creation of a new prescription-tracking database within
the state -- on the grounds that should a breach occur to expose this
database, it would expose embarrassing information...

Posted by InfoSec News on May 17


By Kim Zetter
Threat Level
May 16, 2012

The TSA may have its eagle sights set on your underwear and water
bottle, but it failed to miss the real security threat under its nose,
it was revealed Monday, after a supervisor holding a top security job in
a New Jersey airport was arrested for using the stolen identity of a
dead man.

Bimbo Olumuyiwa Oyewole, known to...

Posted by InfoSec News on May 17


By SCC (retired)
Second City Cop
May 17, 2012

We've been informed about "virus warning" type windows popping up on the
Department computers lately. We're told it occurs dozens of times during
the processing of a simple arrest.

Guess what happened? And guess who predicted it?

NATO protestors have infiltrated the CPD computers with a worm
that is wreaking...

Posted by InfoSec News on May 17


By Phil Muncaster
The Register
17th May 2012

Hong Kong’s Computer Emergency Response Team (HKCERT) has called for
more resources to help it step up attempts to proactively monitor and
deal with attacks on organisations in the special administrative region
(SAR) of China.

Speaking to The Register, centre manager Roy Ko argued that the nature
of the threats facing...

Posted by InfoSec News on May 17


The New York Times
May 16, 2012

LONDON -- The phone hacking scandal that shook Rupert Murdoch’s global
media empire and hit the heart of the British government began quietly
on a Monday in 2005, when aides to the British royal family gathered in
a palace office appointed with priceless antiques to air suspicions that...
Internet Storm Center Infocon Status