InfoSec News


Whitehat cracks notorious rootkit wide open
Register
The analysis was written by Giuseppe Bonfa, a malware researcher specializing in reverse engineering at InfoSec Institute, an information security services ...

 
Twitter Co-Founder Evan Williams was unapologetic on Wednesday about his company's recent decisions to build features for the site that duplicate and often render irrelevant applications created by third-party developers.
 
Microsoft is now offering free Symantec security software to small businesses for a limited time, through retailer PC Mall, following some grumbling in response to the free distribution of its own security software.
 
Just as it gets back into the mobile-phone business, Dell is losing its top mobile executive.
 
For Salesforce.com founder and CEO Marc Benioff, cloud computing isn't just an important technology model upon which he founded his company, but rather something that merits religious devotion.
 
On-demand cloud computing is a wonderful tool for companies that need some computing capacity for a short time, but don't want to invest in fixed capital for long term. For the same reasons, cloud computing can be very useful to hackers -- a lot of hacking activities involve cracking passwords, keys or other forms of brute force that are computationally expensive but highly parallelizable.
 
You can save big bucks by choosing Nuance PDF Converter Enterprise 7 ($149 as of November 18, 2010) over the standard for Portable Document Format software, the $449 Adobe Acrobat X Pro--and you can accomplish with PDF Converter much of what you can with Acrobat.
 
Apple QuickTime 'quicktime.qtx' Module Remote Code Execution Vulnerability
 
Apple QuickTime 'QuickTimeMPEG.qtx' Module MPEG Encoded Movie Buffer Overflow Vulnerability
 
Broadband adoption and availability in the U.S. and the slow pace in addressing broadband-related issues that affect the capacity to innovate and compete keep U.S. Federal Communications Commission Julius Genachowski up at night.
 
Apple QuickTime FlashPix Image File Uninitialized Memory Remote Code Execution Vulnerability
 
Apple QuickTime GIF File LZW Compression Remote Code Execution Vulnerability
 
Apple QuickTime AVI File Memory Corruption Vulnerability
 
Multiple vulnerabilities have been reported in Cisco Unified Videoconferencing (Cisco UVC) 5100 series which also impact Cisco Unified Videoconferencing 5200 and 3500 Series.[1]


There is currently no fixes for these vulnerabilities and Cisco recommends limiting access to Cisco UVC web server to trusted hosts by disabling FTP, SSH, and Telnet services and by setting the Security mode field in the Security section of the Cisco UVC web GUI to Maximum.
The complete list of affected products/versions, including detailed information about the vulnerabilities can be found here.
[1] http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml


-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The appearance of the Stuxnet worm in June should serve as a wake-up call to governments and businesses, especially those relying on Internet-based industrial control systems, a group of cybersecurity experts told U.S. lawmakers Wednesday.
 
Nvidia chief scientist predicts when GPUs, not CPUs, will do most computer work
 
Microsoft's top executive for Internet Explorer (IE) today dismissed browser speed trials as 'at best, not very useful, and at worst, misleading.'
 
The early leader in intrusion detection honeypots is still around, flexible as ever, but a bit dated
 
Search results by city, H-1B visa Labor Condition Applications for computer-related jobs filed and approved last year.
 
The upcoming releases aim to reduce boilerplate code, add multi-core capabilities, and boost dynamic scripting languages
 
Longtime best-of-breed intrusion detection solution remains feature-rich, easy to use, and actively maintained
 
There is so much competition for what computer companies perceive as a tremendous growth opportunity in desktop virtualization that the leading virtual desktop vendors have taken to re-announcing packages and products to highlight small improvements and garner some attention.
 
HP today announced videoconferencing for desktops, laptops and conference rooms to complement its high-end, studio-based Halo videoconferencing line.
 
Microsoft's CEO Steve Ballmer yesterday dismissed a call that he should do what the federal government failed to do more than 10 years ago: break up the company.
 
RETIRED: AT-TFTP Server Directory Traversal Vulnerability
 
Allied Telesyn TFTP Daemon Multiple Remote Vulnerabilities
 
Reader Jason Brunk is concerned about permissions that just don't seem repairable. He writes:
 
Users of Google's Docs hosted office productivity suite will now be able to edit word processing documents from their Android and Apple iOS devices, Google announced.
 
Savvy users know that the mouse wheel can do more than just scroll up and down in a document or Web page. For example, in your Web browser, if you hold down the Ctrl key and nudge the wheel, you can quickly change the font size.
 
Dell Wednesday announced its first endpoint encryption product, along with the possibility of factory installation on certain Dell PCs.
 
Online advertising spending in the U.S. continued to accelerate in the third quarter, as the market rebounds from a slowdown last year.
 
An Oracle lawsuit filed last week could serve as a cautionary message to hardware partners that wish to do business with the vendor: Secure your buildings.
 
HoneyPoint Security Server combines multiplatform support, unique features, and limitations
 
The Droid Pro, Verizon's new Android smartphone, is not a multimedia machine, but in all other ways it gets the job done.
 
Todd Miller Sudo 'sudoedit' Path Resolution Local Privilege Escalation Vulnerability
 
DiskPulse Server 'GetServerInfo' Buffer Overflow Remote Code Execution Vulnerability
 
When Congress created the H-1B visa program 20 years ago this month, it sent the American IT industry into uncharted territory from which it has yet to emerge. What has been the net effect of the "tech worker visa"?
 
Apple's year-long evaluation of Google Voice for the iPhone ended Tuesday when the free application appeared in the iTunes App Store.
 
AWCM v2.2 Auth Bypass Vulnerabilities
 
Over half a billion people use Facebook around the world. It is the single largest phenomenon of human connection in history, not to mention the biggest thing ever to hit the Web, and a source of enjoyment for millions. But it's becoming more and more of a love-hate relationship. We love using Facebook and other online social networks, but we hate the ever-increasing privacy and security concerns.
 
Hitachi Multiple Collaboration Products Unspecified Denial Of Service Vulnerability
 
Hitachi Multiple Groupmax Products Unspecified Buffer Overflow Vulnerability
 
Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products
 
Cisco Unified Videoconferencing multiple vulnerabilities - CVE-2010-3037 CVE-2010-3038
 
Information disclosure in IceBB
 
We have received reports indicating that Conficker B++(also known as Downup, Downadup and Kido) activated on the 15 Nov around 10 PM EST time. If you have samples or packets to share, please submit them via our contact page.


[1] http://en.wikipedia.org/wiki/Conficker

*** Update 2
We have determined the reports we have received appear to be isolated and unrelated incidents.
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org

***UPDATE
We are still looking into the reported events. On the surface it would appear that the reported events are standard Conficker infections and behavior. At this time we do not have any binary samples, and are working from third party reports. From what little is known, this does not appear to be a new version of Conficker, or any new behavior patterns that havent' been discussed publicly. ( http://mtc.sri.com/Conficker/ for more details) If any of that changes we will update this diary entry with those results. - Andre Ludwig - Shadowserver (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
You can't just throw anyone who's delivered on smaller technology projects into the fire of a large-scale, enterprise-wide challenge. Here's how one CIO us grooming a future IT leader.
 
Security professionals should embrace the inevitable shift to cloud computing, Symantec Chairman John Thompson says.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
InfoSec News: Hacker uses cloud computing to crack passwords: http://www.zdnet.co.uk/blogs/mapping-babel-10017967/hacker-uses-cloud-computing-to-crack-passwords-10021067/
By Jack Clark Mapping Babel ZDNet UK 16 November, 2010
A German hacker claims to have used cloud computing to crack passwords stored in an algorithm that was developed by the NSA. [...]
 
InfoSec News: DNS provider decked by DDoS dastards: http://www.theregister.co.uk/2010/11/16/ddos_on_dns_firm/
By John Leyden The Register 16th November 2010
DNS provider sitelutions was floored by a particularly severe denial of service on Tuesday.
The Virginia-based internet services firm confirmed its site was offline [...]
 
InfoSec News: Detroit Hospital Security Breach: http://www.clickondetroit.com/news/25801194/detail.html
WDIV Detroit November 15, 2010
DETROIT, Mich. -- Henry Ford Health Systems has notified patients of a possible security breach after a laptop was stolen out of an unlocked medical urology office September 24th. [...]
 
InfoSec News: Downtime Rated Top Risk Of Data Breaches: http://www.informationweek.com/news/security/management/showArticle.jhtml?articleID=228201056
By Mathew J. Schwartz InformationWeek November 16, 2010
What happens after a data breach, criminals attack the enterprise network, or PCs get infected with a virus via Facebook, leading to [...]
 
InfoSec News: TSA and America's Culture of Zero-Risk: http://infowarrior.org/pubs/oped/tsa-zero-risk.html
TSA and America's Culture of Zero-Risk (c) 2010 Richard Forno. Permission granted to reproduce freely with credit.
The lede on the DRUDGEREPORT most of Monday showed a Catholic nun being patted down at an airport security checkpoint, with the caption starkly declaring that "THE TERRORISTS HAVE WON."
He's right.
Ten years after 9/11, Americans who fly are facing a Faustian choice between subjecting themselves to a virtual (and potentially medically damaging) strip search conducted in questionable machines run by federal employees or a psychologically damaging pat-down of their bodies. Osama bin Ladin must be giggling himself silly this week.
But what should we expect in a society that requires adults to wear bicycle helmets while pedaling in the park, provides disclaimers of liability on TV advertisements, or prints warnings on fast-food coffee cups? The name of the game is zero risk. Not risk mitigation, or accepting responsibility for one's actions, but risk aversion. It's a failure to acknowledge that we can't protect against everything bad that can happen to us, so we must protect against everything we think might It's living in fear.
TSA has established itself as the lead federal agency charged with perpetuating this risk-averse culture at airports around the country. The proof is evident over the past ten years: Because of the Shoebomber, we have to remove our shoes. Thanks to the Christmas Crotchbomber, we are subjected to invasive scanning or government-mandated molestation. Because there's a potential for explosives in liquid or gel form, we've got the "Three Ounces in A Baggie" rule. Wearing a sweater or bulky fleece hoodie? Take it off (along with your shoes and belt) so it can be examined. Or frisking Granny, or asking toddlers to drink from their Sippy-cups to make sure it's really Mommy's milk inside. And let's not forget the thankfully defunct prohibitions on knitting needles, insulin syringes, matches, lighters, or standing during the last 30 minutes of flights to Washington, DC.
All in the name of protecting the homeland.
Given this latest round of homeland hysteria, I must ask again -- what happens after the next 'new' attempt to smuggle something onto a plane? Actually, we know the answer: another item will go on the Prohibited Items List and additional screenings of passengers will be conducted, followed by more patronising security-speak from our Department of Homeland Insecurity asking law abiding folks to give up more of their privacy and personal "space" in the interest of Homeland (er, "State") Security. Big Brother, meet Big Sister. With all her homeland security lobbyists along for the ride.
Where does it end?
Due to this nationalised risk aversion and a docile public, we're now living in a country that subordinates law abiding travelers to quasi-law-enforcement employees of a government agency empowered to make up the rules as it goes along and arrest/fine those who question, challenge, or refuse to comply with their demands while impeding their travel within this great country. What does all of this do to our nation? Our way of life? Our way of thinking as citizens?
Perhaps this is intentional, and we're being conditioned to accept the actions of TSA and embrace a zero-risk mentality on our society. What else can explain the statement made earlier today by TSA Director John Pistole that citizens who protest what they see as government transgressions into their privacy are being "irresponsible"? Calling us irresponsible when protesting this latest round of TSA actions is no different than our being labelled unpatriotic when protesting or questioning some of the provisions in the controversial USA PATRIOT Act. Same stuff, different Administration.
The American public needs to recognise the nature of the terror threat and accept a certain level of risk in their lives and travels instead of kowtowing to every reactive security 'enhancement' proclaimed by TSA as necessary to protect the country.
The tragedy of 9/11 wasn't necessarily the attacks of that fateful day, but what has happened to America in the years since.
Which should make us wonder: who should we be afraid of, really -- "them" or "us?"
 
SAP NetWeaver SQL Monitor Multiple Cross Site Scripting Vulnerabilities
 
SAP NetWeaver Security Bypass Denial Of Service Vulnerability
 
The Bug Genie Multiple Cross Site Scripting Vulnerabilities
 
Vtiger CRM Multiple Remote Security Vulnerabilities
 
Novell NetWare NFS Portmapper and RPC Module Stack Buffer Overflow Vulnerability
 
Stratus Technologies has earned high marks for delivering fault-tolerant computing, but with the rollout of Stratus Avance CEO David Laurello is pouncing on an opportunity to expand beyond the company's existing market niche.
 
The revolution will not stop at e-mail -- in the future, nearly every company will be more social, Facebook's CEO tells the Web 2.0 Summit.
 
Yahoo's new location-based services mark the company's latest move in its effort to reshape its business and reclaim its position as a top Internet company.
 
The H-1B visa program is taking some surprising turns as it marks a milestone. What does it mean for IT in America?
 
Far from the policy debates in Washington, the H-1B visa has altered individual lives forever. Five people who've been directly affected by H-1B tell their stories in their own words.
 
See maps and a searchable database of H-1B Labor Condition Applications (LCA) filed in 2009 for computer-related jobs (LCAs are used by employers as supporting evidence for the petition for an H-1B visa). Plus view, sort and search the complete list of all Optical Practical Training extension applications filed since the program began, allowing foreign students to work for employers for up to 29 months without a work visa.
 

Posted by InfoSec News on Nov 17

http://www.clickondetroit.com/news/25801194/detail.html

WDIV Detroit
November 15, 2010

DETROIT, Mich. -- Henry Ford Health Systems has notified patients of a
possible security breach after a laptop was stolen out of an unlocked
medical urology office September 24th. Representatives with the hospital
said although the password was protected there is a possibility some
personal patient information could be at risk.

The hospital began...
 

Posted by InfoSec News on Nov 17

http://www.informationweek.com/news/security/management/showArticle.jhtml?articleID=228201056

By Mathew J. Schwartz
InformationWeek
November 16, 2010

What happens after a data breach, criminals attack the enterprise
network, or PCs get infected with a virus via Facebook, leading to
network downtime? According to a new survey: confusion. That's because
two-thirds of organizations lack the right data or tools to fully
understand the scope of...
 

Posted by InfoSec News on Nov 17

http://infowarrior.org/pubs/oped/tsa-zero-risk.html

TSA and America's Culture of Zero-Risk
(c) 2010 Richard Forno. Permission granted to reproduce freely with credit.

The lede on the DRUDGEREPORT most of Monday showed a Catholic nun being
patted down at an airport security checkpoint, with the caption starkly
declaring that "THE TERRORISTS HAVE WON."

He's right.

Ten years after 9/11, Americans who fly are facing a Faustian choice...
 
Low-cost, low-fuss honeypots are highly effective early-warning systems against external attacks and insider threats; KFSensor, HoneyPoint, and Honeyd offer safety, ease, and flexibility
 

Posted by InfoSec News on Nov 17

http://www.zdnet.co.uk/blogs/mapping-babel-10017967/hacker-uses-cloud-computing-to-crack-passwords-10021067/

By Jack Clark
Mapping Babel
ZDNet UK
16 November, 2010

A German hacker claims to have used cloud computing to crack passwords
stored in an algorithm that was developed by the NSA.

Hacker Thomas Roth announced on Tuesday that he has used one of Amazon
Web Service's Cluster GPU Instances to crack the passwords encrypted in
a Secure...
 

Posted by InfoSec News on Nov 17

http://www.theregister.co.uk/2010/11/16/ddos_on_dns_firm/

By John Leyden
The Register
16th November 2010

DNS provider sitelutions was floored by a particularly severe denial of
service on Tuesday.

The Virginia-based internet services firm confirmed its site was offline
as the result of a "multi-gigabit" denial of service attack via an
update to its Twitter feed.

"Websites and data still safe, though there are still...
 


Internet Storm Center Infocon Status