InfoSec News

Mark Gibbs points out an issue with Time Machine and Sophos AV, looks at mobile emergency power and is in awe of what hackers are doing with Kinect.
 
Lync, the next generation of Microsoft's Office Communications Server software, was unveiled yesterday in New York City, complete with a surprise appearance from Bill Gates via Lync's video conference tool.
 
GPU-based machines are dominating the latest Green500 compilation of the world's most energy efficient supercomputers.
 
Even though the HP Zeen Android tablet is not available as a stand-alone tablet, the comparison seems inevitable. After all, one has to wonder what exactly this tablet is, being that ships with the HP Photosmart eStation C510 inkjet multifunction printer. If it's being billed as a detachable tablet, how does it compare with the cream of today's Android-slate crop, the Samsung Galaxy Tab?
 
Adobe today released Reader X, the next version of its popular software that includes a "sandbox" designed to protect users from PDF attacks.
 
Even if you're shy, you can use Twitter to maximize networking opportunities at your next conference. Check out our tips on how to build buzz, be remembered and be valued.
 
With the many choices and factors to consider, choosing a laptop of any kind can be a considerable challenge. Choosing one for use with Linux, however, brings its own special set of considerations, since it's not yet always a plug-and-play world for the open source operating system.
 
RETIRED: Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities
 
SystemTap 'modprob' Command Environment Variable Local Privilege Escalation Vulnerability
 
Dell on Thursday reported a growth in profits and revenue for the third quarter of fiscal 2011, driven by strong demand for the company's commercial products.
 
A Malaysian man has been charged with hacking into major U.S. corporations, including the U.S. Federal Reserve Bank of Cleveland and FedComp, a company that processes financial transactions for credit unions.
 
Android tied with iOS in October as the smartphone operating systems most often hitting Millennial Media's mobile advertising network.
 
Dell today said that Communications Services Group President Ron Garriques is leaving the firm as part of a realignment of the group.
 
The influx of smartphones, tablets and other wireless devices into businesses is making many employees more productive, but Aruba Networks is seeing firsthand how much strain all of this newfound mobility is putting on the enterprise IT and security staffs that are its customers. In this installment of the IDG Enterprise CEO Interview Series, IDGE Chief Content Officer John Gallant spoke with Aruba CEO Dominic Orr about the changing wired/wireless network architecture, competing with Cisco Systems, exploiting the cloud and the rise of 802.11n.
 
While the battle may have been won some time ago, MySpace seems to be calling "uncle" in its competition with Facebook.
 
Although Firefox's usage share has been stalled for the last year, Mozilla's revenues were up 34% in 2009, largely on the back of money paid the organization by Google and other search engines.
 
We received a report of a very aggressive web spider that apparently is not obeying robots.txt.



The report claims the spider is from http://www.80legs.com/webcrawler.html



Here are a few interesting tidbits from that site.



008 runs on a grid computing platform that consists of several thousand computers, which is why you may see our web crawler access your site from many different IP addresses.



If you block 008 using robots.txt, you will see crawl requests die down gradually, rather than immediately. This happens because of our distributed architecture. Our computers only periodically receive robots.txt information for domains they are crawling.



And my personal favorite ...



Blocking our web crawler by IP address will not work. Due to the distributed nature of our infrastructure, we have thousands of constantly changing IP addresses. We strongly recommend you don't try to block our web crawler by IP address, as you'll most likely spend several hours of futile effort and be in a very bad mood at the end of it.



Several thousand computers? Sounds like a recipe for a DDoS attack if I ever saw one and I don't even want to think about what could happen if that site got 0wn3d.



Has anyone else seen this? Let us know.
Christopher Carboni - Handler On Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

InfoSec Cracks Open ZeroAccess Rootkit to Find Unique Features
eWeek
Security researchers at InfoSec Institute took apart the ZeroAccess rootkit and found two weaknesses that would disable its ability to run in stealth mode. ...
White Hat Hacker Cracks ZeroAccess RootkitInformationWeek

all 6 news articles »
 
RETIRED: IBM OmniFind Multiple Vulnerabilities
 
IBM, Intel, others question the usefulness of the Top500 key metric, the Linpack test
 
The U.S. Senate Judiciary Committee Thursday unanimously backed legislation aimed at curbing online copyright infringement and theft of intellectual property.
 
PIM tools help get a handle on sprawling accounts and disjointed management of privileged access. If you do it right. Here are seven key strategies.
 
Just in time for the holiday shopping season, Google is making a grab for a bigger e-commerce presence.
 
Microsoft will slash the price of its Office for Mac 2011 suite by as much as 33% next week during a five-day sale.
 
In the next few months, Jeff Letasse, vice president of IT for Conceptus, will hand out more than 220 iPads to every salesperson in the company. He plans to wean them off their trusty laptops and PDAs, with the hope of never having to buy another laptop for a salesperson again.
 
Technology issues focused on boosting the U.S. economy and creating jobs can move through a divided Congress next year if lawmakers can set aside controversial issues such as network neutrality, congressional observers said.
 
ViewSonic is trying to cash in on the growing excitement around tablets by offering cash back for buyers who trade in their laptops for new ViewPad tablets.
 
The Galaxy Tab is an Android tablet that's smaller than an iPad and larger than a smartphone.
 
Google Apps administrators will now be able to give their users managed access to about 60 Google applications, tools and services that aren't part of the core components of the hosted communications and collaboration suite.
 
Ariba will acquire e-commerce vendor Quadrem for roughly $150 million in a deal Ariba says will create the world's largest business-to-business commerce network.
 
Apple today patched 27 vulnerabilities in Safari for Mac OS X and Windows, 85% of them critical bugs that could be exploited to hijack Macs or PCs.
 
Zynga today unveiled the Facebook-based CityVille game, which it said will soon be in beta testing mode.
 
WebKit for Apple iPhone/iPod touch Prior to iOS 4.1 Remote Code Execution Vulnerability
 
WebKit Images Cross Domain Information Disclosure Vulnerability
 
RETIRED: Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness
 
WebKit MIME Type Handling CVE-2010-3116 Memory Corruption Vulnerability
 
Dear Mr. Carboni,



We are a Network Service Company which is the domain name registration center in [some city and country]. On Nov. 16 2010, we received an application from [some company that doesn't exist] requested Sans as their internet keyword and [country and (TLD)] domain names. But after checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, it's necessary to send email to you and confirm whether this company is your distributor or business partner in [country name]?





[some person name]

[some company name]

[some company address] etc ...





Really? Oh no! I might lose my company.com/cn/af/sk/so/br domain in China/Afghanistan/S.Korea/Somalia/Brazil/ ...!
This is a scam that is several years old and I'm finding out is not as widely known as I originally thought.



Back in the day I used to receive this type of email at least a few times every month, usually from a different person/company/country.



If you call / email or in some way return communication, in my experience, the registrar tries to extort you for some amount of money telling you that if you don't pay (I remember one for $10000 USD and another was much more though I can't remember the exact amount - credit cards gratefully accepted) you will lose whatever domain they're telling you someone is trying to register.



There may be other angles that I haven't seen before but the bottom line is this is a scam that can be filed with the other scams, phishes, hoaxes and other stuff which (hopefully) is caught by your spam filter.

Update:
One of our other Handlers pointed me to an excellent article by Dr. Neal Krawetz on this very scam. Read about it in the Hacker Factor Blog.

Christopher Carboni - Handler On Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

White Hat Hacker Cracks ZeroAccess Rootkit
InformationWeek
At least, that's been the approach undertaken by malware expert Giuseppe Bonfa at InfoSec Institute, an information security services company. ...

and more »
 
Mp3-Nator Remote File Buffer Overflow Vulnerability
 

Fed Infosec Certification Role Raised
BankInfoSecurity.com (blog)
... working in government as either an employee or contractor - about the role of IT security certification in attracting infosec experts to government. ...

and more »
 
[HITB-Announce] HITB2011AMS -- Call For Papers now Open
 
XSS in CompactCMS
 
XSS in CompactCMS
 
Multiple vulnerabilities in chCounter <= 3.1.3
 
Jack at the Infosec Institute sent a note announcing research that had been done on the ZeroAccess Rootkit.



He states One of our InfoSec Resources Authors defeated all of the anti-debugging and anti-forensics features of ZeroAccess and traced the source of this crimeware rootkit



The full article can be found on their website.



How widespread are rootkits in your environment?



Are you having a problem with rootkits right now or have you had a problem with them in the past?



Write in and share your experiences including any practical tips on recovery in a corporate environment.


Christopher Carboni - Handler On Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The District Court in Stockholm has decided to detain WikiLeaks founder Julian Assange, and issuing an international arrest warrant is the next step, according to a statement from the Swedish Prosecution Authority.
 
Are you shopping for a laptop as a gift this holiday season--or looking to upgrade your own laptop as a gift to yourself, perhaps? Navigating the labyrinth of brands, product names, and specifications can be tough. From tiny netbooks to big and powerful desktop-replacement systems, the differences in pricing, features, and performance are staggering. Follow our comprehensive guide to make sure you get the ideal laptop.
 
By now, we hope, you've read our other two "Holiday Laptop Buying Guide" installments and gained an understanding of which category of laptop is right for your gift recipient and what laptop specs they want.
 
If someone on your gift list wants a laptop, the first thing you need to do is figure out which category of laptop best suits the recipient's needs. Once you've done that, it's time to examine the specifications. You'll have to choose from among a host of options for the processor, RAM, graphics, display, and other features. Deciding what is necessary and what the user can live without is difficult, but it's essential to selecting a laptop your gift recipient will love at a price you can afford. If you don't understand the specs, you could save money but miss out on desired features and performance, or you could spend too much for things that the recipient doesn't really need. (And before you commit to a laptop, see our list of handy shopping tips.)
 
Banks in Europe are seeing innovative skimming attacks against ATMs, where fraudsters rig special devices to the cash machines to record payment card details.
 
Although Apple will lack the firepower to adequately serve large enterprises, Ryan Faas suggests that the decision to kill off the Xserve continues the company's real focus on small business.
 
Camtron CMNC-200 Full HD IP Camera Multiple Security Vulnerabilities
 
ProFTPD 'mod_sql' Remote Heap Based Buffer Overflow Vulnerability
 
Multiple vulnerabilities in Cisco's video conferencing systems remain exploitable, enabling attackers to gain full control of the device to steal user passwords with little effort.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
A report submitted to Congress on Wednesday by the U.S.-China Economic and Security Review Commission expressed concerns over what the commission claims is China's growing ability to control and manipulate Internet traffic.
 
China's largest fixed-line phone carrier has denied it hijacked worldwide Internet traffic this past April following a U.S. government report that said the company had redirected network routes through Chinese servers.
 

Overtis teams up with Panasonic to secure shop tills
MicroScope (blog)
A chance meeting at InfoSec with Panasonic has helped Overtis significantly boost its presence in the retail market as it brings its security products to ...

 
Microsoft on Wednesday patched an enterprise security tool that had blocked some copies of Chrome from updating.
 
Want to make your iPad more stylish, more useful or both? We've got the gear for you.
 
OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability
 
A report submitted to Congress on Wednesday by the U.S.-China Economic and Security Review Commission expressed concerns over what the commission claims is China's growing ability to control and manipulate Internet traffic.
 
Drupal Relevant Content Module Information Disclosure Vulnerability
 
Trend Micro Internet Security Pro ActiveX Control Remote Code Execution Vulnerability
 
WebRCSdiff 'viewver.php' Remote File Include Vulnerability
 
Arm Holdings is in talks for its chip technology to be used with Google TV, the software aimed at putting the Internet on television sets everywhere.
 

Posted by InfoSec News on Nov 17

http://www.theglobeandmail.com/news/politics/classified-documents-stolen-from-bank-of-canada-governor-mark-carneys-car/article1801978/

By DANIEL LEBLANC, JEREMY TOROBIN
Globe and Mail
Nov. 17, 2010

The Bank of Canada is dealing with a serious security breach after a
thief smashed the window of Governor Mark Carney’s unattended car in
Montreal and made off with a travel bag containing classified documents.

Confirming the theft on Tuesday, a...
 

Posted by InfoSec News on Nov 17

http://news.cnet.com/8301-1009_3-20023090-83.html

By Lance Whitney
Security
CNet News
November 17, 2010

A report delivered today to Congress by a commission on U.S.-Chinese
relations is pointing the finger at the Chinese government for continued
hacking attempts and computer exploits.

"Recent high-profile, China-based computer exploitations continue to
suggest some level of state support. Indicators include the massive
scale of...
 

Posted by InfoSec News on Nov 17

http://gcn.com/articles/2010/11/17/cybersecurity-workforce-education-congress.aspx

By William Jackson
GCN.com
Nov 17, 2010

Cybersecurity certification programs, universities and technical schools
have failed to produce a professional workforce with the skills needed
to protect our critical infrastructure, industry observers say, but they
also are warning Congress against imposing federal regulations on the
profession as industry and...
 

Posted by InfoSec News on Nov 17

http://abclocal.go.com/kabc/story?section=news/local/los_angeles&id=7791007

ABC7.com
November 15, 2010

LOS ANGELES (KABC) -- Los Angeles Police Chief Charlie Beck spoke out
publicly for the first time since the resignation of a rookie officer
accused of accessing a law-enforcement database on behalf of a murder
convict and reputed gang member.

The L.A. Times reported the officer was dating the gang member's sister.

Gabriel Morales, 25,...
 

Posted by InfoSec News on Nov 17

http://www.networkworld.com/news/2010/111710-rim-denies-deal-with-indian.html

By Nancy Gohring
IDG News Service
November 17, 2010

Research In Motion has not agreed to turn over corporate data sent to
and from BlackBerry devices to the Indian government, contrary to
reports that surfaced on Wednesday, RIM said.

"RIM has once again found it necessary to address certain media reports
in India containing inaccurate and misleading...
 

Conroy, 'poo or get off the pot': Oakeshott
ZDNet Australia
Korea builds #DDoS bunkers after last year's epic attacks. http://bit.ly/djnnMt #infosec #ozsec #CERT #Korea builds #DDoS bunkers after last year's epic ...

and more »
 
InfoSec News: Classified documents stolen from Bank of Canada Governor Mark Carney's car: http://www.theglobeandmail.com/news/politics/classified-documents-stolen-from-bank-of-canada-governor-mark-carneys-car/article1801978/
By DANIEL LEBLANC, JEREMY TOROBIN Globe and Mail Nov. 17, 2010
The Bank of Canada is dealing with a serious security breach after a [...]
 
InfoSec News: U.S.: Beijing backs hacking on 'massive scale': http://news.cnet.com/8301-1009_3-20023090-83.html
By Lance Whitney Security CNet News November 17, 2010
A report delivered today to Congress by a commission on U.S.-Chinese relations is pointing the finger at the Chinese government for continued hacking attempts and computer exploits. [...]
 
InfoSec News: Cyber educators to Congress: Let us handle it: http://gcn.com/articles/2010/11/17/cybersecurity-workforce-education-congress.aspx
By William Jackson GCN.com Nov 17, 2010
Cybersecurity certification programs, universities and technical schools have failed to produce a professional workforce with the skills needed [...]
 
InfoSec News: LAPD cop caught hacking info for gang member: http://abclocal.go.com/kabc/story?section=news/local/los_angeles&id=7791007
ABC7.com November 15, 2010
LOS ANGELES (KABC) -- Los Angeles Police Chief Charlie Beck spoke out publicly for the first time since the resignation of a rookie officer accused of accessing a law-enforcement database on behalf of a murder convict and reputed gang member.
The L.A. Times reported the officer was dating the gang member's sister.
Gabriel Morales, 25, resigned in September when internal affairs investigators searched his home. They reportedly found information on two witnesses in the murder trial of 18-year-old Matthew Turner.
[...]
 
InfoSec News: RIM denies deal with Indian government: http://www.networkworld.com/news/2010/111710-rim-denies-deal-with-indian.html
By Nancy Gohring IDG News Service November 17, 2010
Research In Motion has not agreed to turn over corporate data sent to and from BlackBerry devices to the Indian government, contrary to [...]
 

Chinese govt involved in US hack jobs
ZDNet Australia
... attacks. http://bit.ly/djnnMt #infosec #ozsec #CERT #Korea builds #DDoS bunkers after last year's epic attacks. http://bit.ly/djnnMt #infosec #ozsec ...

and more »
 


Internet Storm Center Infocon Status