Share |

InfoSec News

The adult entertainment industry now has a home on the Internet: It's called .xxx.
 
Libpng 'png_decompress_chunk()' Function Denial of Service Vulnerability
 
WebKit Local Webpage Cross Domain Information Disclosure Vulnerability
 
Linux Kernel 'hci_uart_tty_open()' Local Denial of Service Vulnerability
 
At one time or another, most of us have experienced that moment of panic upon realizing that we don't remember where our iPhone or iPad is. Thankfully, included in the bag of tricks for these technological marvels is the ability to tell you where they are. All it takes on your part is a little forethought.
 
Oracle may reap a tidy profit from reselling the about-to-expire Sun.com domain name
 
Microsoft yesterday urged users of older Office suites to install and run a complicated tool to protect themselves against ongoing attacks exploiting an unpatched bug in Adobe's Flash Player.
 
In today's work world, building a team often has less to do with the actual people in your company and more to do with the ad-hoc pool of talent that contributes to any given project. So, while enterprise collaboration tools are great, they're often ineffective for bringing a loose-knit team together because freelancers, contractors, and consultants don't typically have access to the same network and tools. One good solution that works well for groups of independent workers is Microsoft Windows Live Groups.
 
The SEC charges IBM with giving hundreds of thousands of dollars worth of bribes to South Korean and Chinese officials.
 
Apple's iPhone has again taken first place in J.D. Power and Associates' smartphone customer satisfaction rankings.
 
NASA's Messenger spacecraft maneuvered into orbit around the planet Mercury, carrying seven science instruments that will be used for a survey of the planet's geochemistry, geophysics, geologic history and atmosphere.
 
Minnesota's Department of Human Services has agreed to pay ACS $7.25 million to settle a lawsuit the systems integrator brought against it in connection with the development of HealthMatch, a system for determining a person's eligibility for health care.
 
A judge in Delaware on Thursday ordered the unsealing of a letter containing allegations of sexual harassment by former Hewlett-Packard CEO Mark Hurd, which ultimately led to his departure from the company.
 
[SECURITY] [DSA 2186-2] vimperator regression fix
 

ZDNet UK

UK resellers 'kept in dark' over RSA breach
ZDNet UK (blog)
Infosec Technologies, which resells RSA SecurID among other two factor authentication products, told ZDNet UK on Friday that it was considering changing its business model when due to the breach, and a lack of communication from the company. ...
Hackers Target RSA's SecurID ProductsGovInfoSecurity.com

all 399 news articles »
 
The chip war will heat up as Advanced Micro Devices prepares PC processors to rival Intel's Sandy Bridge chips, which have already started appearing in laptops, analysts said this week.
 
A TV trade group is asking why its members should give up additional spectrum for mobile broadband.
 
Experts say the risk of an attack that exploits stolen proprietary data on RSA's SecurID products is low, but it can't be completely dismissed until attack details are revealed.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Once Firefox 4 is out the door next week, Mozilla will likely shift to a faster development cycle for its browser, one that resembles the way Google rolls out a constant line of updates for Chrome.
 
libvirt Multiple Remote Denial Of Service Vulnerabilities
 
libzip '_zip_name_locate()' NULL Pointer Dereference Denial Of Service Vulnerability
 
What better way to celebrate the arrival of spring than by showing up in Orlando for CTIA Wireless 2011, which runs March 22-24. The buzz is all about LTE, the mythical "4G" network, the continually promised mobile payments explosion, monetizing the heck out of online app stores, and now ... tablets, which manage to bring almost all of these trends, or hopes, together.
 
An exclusive interview with Zach Nelson, CEO of NetSuite, reveals the challenges and rewards of being the leading ERP-as-a-service provider
 
VMware has released the vSphere Client for iPad, with which IT staff will be able to monitor and manage their virtualized infrastructure, the company said on Thursday.
 
libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)
 
[ MDVSA-2011:048 ] krb5
 
XOOPS 2.5.0 <= Cross Site Scripting Vulnerability
 
OWASP AppSec USA 2011 Call for Papers
 
A quarter of new laptops and half of new desktop PCs will adopt an emerging data storage method by 2016, pairing flash memory with traditional hard disk drives (HDDs) for better overall performance, according to two storage experts.
 
VMware has released the vSphere Client for iPad, with which IT staff will be able to monitor and manage their virtualized infrastructure, the company said on Thursday.
 
Most of us have faced a time when a machine gets compromised with malware. In some cases it gets to the point where cleaning the infected computer is too time consuming or too difficult to clean, so the easy option is to wipe the machine and rebuild it.
Just before the forensic community (or some of my fellow handlers) lynch me for making this over generalised, evidence eliminating statement, allow me to elaborate.
Nuke it from orbit*
The format and rebuild statement normally comes from the following groups:

Management
Over worked IT staff
The owner whos just spent the last hour on search engines on how to fix their slow (utterly infected) PC
The security team

The first three can be grouped as those that are not interested in analysing, understanding or knowing what happened on the particular machine. They just want their machine(s) back to normal ASAP as they can go about their business.
The security team, in contrast, have made this call as part of a calculated decision, after collecting the evident they need to get the business running safely again.
The decision to rebuild is considerably easier for those with a standard operating environment (SOE) or managed operating environment (MOE). This allows for a rapid deployment of a fully functional operation system with all the previous applications. This is a thing of beauty, bringing tears of joy to the most harden PC tech, as its a fast, reliable and easy completely re-deployment with a simple press of a few buttons. The assumption is - and I want to be very clear on this - that any user data is safely saved elsewhere, not on the PC about to be formatted and rebuilt.
The problem child
So what happens when you are confronted with a machine that needs to be wiped and re-built but no-one has a clue whats on it and if its ever been backed up?
I like to call this the friend/family pc scenario or the forgotten machine, out back, that runs the company disaster-in-waiting issue.
Before even thinking about nuking this type of PC, there are normally two distinct areas to be worried about on these systems: data and applications
For the very wise or very paranoid amongst us, a full image of the troublesome system is the way to go. This provides a working image of the machine to refer back to quickly and avoids a great deal of painful conversations along the lines of but you never mention that. Tools such as Sysinternals' Disk2vhd [1] makes a complete on line virtual image of the problem system. For those that run other virtualisation software it the next step is to know what youre getting into.
An audit of all the known software on the machine, with first a verbal interrogation of the owner followed by a physical examination of the machine, provides a solid picture what needs to be on the clean system. This is where recording your findings, conversation with the owner and processes to rebuild the machine can help in the future, should this happen again.
Dude, wheres my data?
Losing data doesnt sound too bad until that data is someones child first steps or the company payroll. As a suggested list of files and folders to be sure you have:

Browser favourites and configuration files
Microsoft Office configuration
Email folders (.pst files and the like)
The entire My Documents folders
Game files
User profiles
File and folders saved in weird location only know to the owner or application

To alleviate some of the pain of manually hunting for these files, Microsoft offers a number of tools to export data off and these are well worth reviewing:

Office Save My Settings Wizard [2]
File and Settings Transfer Wizard [3]
User State Migration Tool [4]
Windows Easy Transfer [5]

Game over man, game over


Applications are just as important for any system, so ensuring you can get copies of the installation media the license keys for software, including the original operating system is a must.
For lost license keys, software such as The Magical Jelly Bean Keyfinder [6] can get back most standard products keys.
For those applications which the original installation media no longer exists and the vendor cant supply a replacement copy, this may be an opportunity to upgrade or migrate to a new application.
As a final note, be aware that there may be Wacky hardware installed and the drivers for ancient ISDN/video/sound/modem/and so on cards were last seen back in the 90s. The very of best luck with that.


As always, if you have any better suggestions, insights or tips please feel free to comment.


[1] http://technet.microsoft.com/en-us/sysinternals/ee656415.aspx

[2] http://support.microsoft.com/kb/312978

[3] http://support.microsoft.com/kb/293118

[4] http://technet.microsoft.com/en-us/library/dd560801(WS.10).aspx

[5] http://windows.microsoft.com/en-US/windows7/products/features/windows-easy-transfer

[6] http://www.magicaljellybean.com/keyfinder



*This frequently used phrase is taken from the movie Aliens and the actual quote from the character Ripley is: I say we take off and nuke the entire site from orbit. Its the only way to be sure.
Who knew James Cameron was really making a movie about the folly of poor incident response? Ripley is the lead incident handler dealing with this infection outbreak and she he later discovers he should have really taken Ripley expert advice to save him from, what is certainly, a very painful way to go.



[7] http://www.giac.org/resources/whitepaper/network/17.php


Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
China shut down more than 130,000 illegal Internet cafes in the country over a six-year period, as part of crackdown to control the market, according to a new Chinese government report.
 
Some Japanese chip makers are starting to pick themselves up and resume operations in the earthquake and tsunami-torn northeast.
 
Gibbs looks at the latest version of Gladinet Cloud Desktop and likes what he sees.
 
RealPlayer ActiveX Control CDDA URI Uninitialized Pointer Vulnerability
 
InfoSec News: HBGary's Hoglund identifies lessons in Anonymous hack: http://www.csoonline.com/article/677340/hbgary-s-hoglund-identifies-lessons-in-anonymous-hack
By Robert Lemos CSO March 17, 2011
On Superbowl Sunday, HBGary CTO Greg Hoglund found himself locked out of his own e-mail account. As has since beenwidely reported in the media, [...]
 
InfoSec News: RSA warns SecurID customers after company is hacked: http://www.computerworld.com/s/article/9214757/RSA_warns_SecurID_customers_after_company_is_hacked
By Robert McMillan IDG News Service March 17, 2011
EMC's RSA Security division says the security of the company's two-factor SecurID tokens could be at risk following a sophisticated [...]
 
InfoSec News: GAO Says IRS Data Security Problems Persist: http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=229301206
By Elizabeth Montalbano InformationWeek March 17, 2011
The IRS still isn't doing enough security-wise to protect the confidentially of financial and taxpayer information -- particularly [...]
 
InfoSec News: Vanessa Hudgens in talks with police over nude photo leak as FBI close in on celebrity hacker ring: http://www.dailymail.co.uk/tvshowbiz/article-1367160/Vanessa-Hudgens-talks-police-nude-photo-leak-FBI-close-celebrity-hacker-ring.html
By Daily Mail Reporter 17th March 2011
High School Musical star Vanessa Hudgens met with police yesterday to discuss her latest nude photo scandal. [...]
 
InfoSec News: Congress Asks to Review DoD and NSA Contracts With HBGary: http://www.wired.com/threatlevel/2011/03/congress-and-hbgary/
By Kim Zetter Threat Level Wired.com March 17, 2011
Anonymous’ recent exposure of a federal contractor’s plan to take down WikiLeaks has led to a congressional probe seeking data on contracts the [...]
 
InfoSec News: Secunia Weekly Summary - Issue: 2011-11: ========================================================================
The Secunia Weekly Advisory Summary 2011-03-10 - 2011-03-17
This week: 67 advisories [...]
 
InfoSec News: Microsoft, Feds Pull Plug on Spam Network: http://online.wsj.com/article/SB10001424052748703328404576207173861008758.html
By NICK WINGFIELD The Wall Street Journal MARCH 17, 2011
Microsoft Corp. and federal law enforcement agents seized computer equipment from Internet hosting facilities across the U.S. [...]
 
East Japan entered its fifth day of power rationing on Friday, with no end to the planned blackouts in sight. The power shortages began last week when a massive earthquake and tsunami knocked nuclear power stations offline.
 
The latest round of MacBook Pro laptops from Apple get speedy new chips from Intel, faster graphics processors and a new I/O technology that promises blazing speeds.
 
For more than 24 hours this week, it was a question that very few security experts could answer: Who had knocked the world's worst spam botnet offline?
 
With enterprise companies such as Dell, Cisco and Oracle all looking to move up the data center product stack to become systems companies, EMC may be the perfect acquisition to fill a big gap in each.
 
PHP '_zip_name_locate()' NULL Pointer Deeference Denial Of Service Vulnerability
 
PHP 'phar/phar_object.c' Format String Vulnerability
 
PHP 'shmop_read()' Remote Integer Overflow Vulnerability
 

Posted by InfoSec News on Mar 18

http://online.wsj.com/article/SB10001424052748703328404576207173861008758.html

By NICK WINGFIELD
The Wall Street Journal
MARCH 17, 2011

Microsoft Corp. and federal law enforcement agents seized computer
equipment from Internet hosting facilities across the U.S. in a sweeping
legal attack designed to cripple the leading source of junk email on the
Internet.

Microsoft launched the raids as part of a civil lawsuit filed in federal
court in...
 

Posted by InfoSec News on Mar 18

http://www.computerworld.com/s/article/9214757/RSA_warns_SecurID_customers_after_company_is_hacked

By Robert McMillan
IDG News Service
March 17, 2011

EMC's RSA Security division says the security of the company's
two-factor SecurID tokens could be at risk following a sophisticated
cyber-attack on the company.

In a note published on the company's website late Thursday, RSA
Executive Chairman Art Coviello said his company is "actively...
 

Posted by InfoSec News on Mar 18

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=229301206

By Elizabeth Montalbano
InformationWeek
March 17, 2011

The IRS still isn't doing enough security-wise to protect the
confidentially of financial and taxpayer information -- particularly
from insider threats – despite repeated tries at fixing previously
identified security problems, a federal watchdog agency has found.

Weaknesses continue to...
 

Posted by InfoSec News on Mar 18

http://www.dailymail.co.uk/tvshowbiz/article-1367160/Vanessa-Hudgens-talks-police-nude-photo-leak-FBI-close-celebrity-hacker-ring.html

By Daily Mail Reporter
17th March 2011

High School Musical star Vanessa Hudgens met with police yesterday to
discuss her latest nude photo scandal.

The actress, 22, is 'deeply upset and angered' after photos taken
several years ago were leaked onto an internet site.

The Federal Bureau of Investigation (FBI)...
 

Posted by InfoSec News on Mar 18

http://www.wired.com/threatlevel/2011/03/congress-and-hbgary/

By Kim Zetter
Threat Level
Wired.com
March 17, 2011

Anonymous’ recent exposure of a federal contractor’s plan to take down
WikiLeaks has led to a congressional probe seeking data on contracts the
company and its partners hold with the U.S. military and intelligence
agencies.

The House Armed Services Subcommittee on Emerging Threats and
Capabilities on Wednesday asked the...
 

Posted by InfoSec News on Mar 18

========================================================================

The Secunia Weekly Advisory Summary
2011-03-10 - 2011-03-17

This week: 67 advisories

========================================================================
Table of Contents:

1.....................................................Word From...
 

Posted by InfoSec News on Mar 18

http://www.csoonline.com/article/677340/hbgary-s-hoglund-identifies-lessons-in-anonymous-hack

By Robert Lemos
CSO
March 17, 2011

On Superbowl Sunday, HBGary CTO Greg Hoglund found himself locked out of
his own e-mail account. As has since beenwidely reported in the media,
the hacking group Anonymous leaked thousands of e-mail messages from the
accounts of Hoglund and HBGary Federal's CEO Aaron Barr, chastising the
company in a public...
 
Gnash Insecure Temporary File Creation Vulnerability
 


Internet Storm Center Infocon Status