InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Ok this is most likely the last of this type of post, soon we will have a new system up for email dump alerts. Over the past 24hrs we have come across thousands and thousands of accounts and hacked websites, many resulting from the on going cyber war and many just random.

From technologies born out of gaming companies to hardware waterproofing products, we find some gems at the Consumer Electronics Show that CIOs will be glad to welcome to their IT shops.
The hacker group Anonymous is claiming responsibility for attacks that have taken down websites run by Universal Music, the U.S. Department of Justice and the Recording Industry Association of America in retaliation for the government's removal of the Megaupload websites.
Yet Another hacker has join the on going cyber war, this time on the side of 0xOmar, the self claimed saudi hacker who is said to of leaked thousands of account details.

@anon_4freedom has attacked and hacked the Ghana Stock Exchange website and obtained 500+ client accounts from it. The client list which contains user emails and ID's but still shows weak security in there systems.

Hackers using the handle Anonymous 972 have attacked an iran based website in the on going cyber war against Arabic.People.

In an exclusive interview, NetApp CEO Tom Georgens talks about virtualization, the private cloud, and how his company defines big data
A day after thousands of websites went on strike protesting controversial anti-piracy legislation in the U.S., federal authorities today announced they have busted a pirate ring that allegedly hauled in $175 million.
Oracle is asking a judge to throw out some of the claims made in a lawsuit filed against the vendor by Montclair State University over an allegedly failed ERP (enterprise-resource-planning) software project, according to a filing made this week in U.S. District Court for the District of New Jersey.
Tech spending by banks will grow this year at a slower pace than in 2011, a trend expected to continue until global economic conditions improve and banks begin to see the benefits of new IT, according to Celent.
Legacy VGA (Video Graphics Array) and DVI (digital-visual interface) display ports will likely no longer be used in PCs over the next five years as newer interfaces gain in popularity, NPD In-Stat said in a study released on Thursday.
Back when I was young printing was complicated. Printer drivers were a nightmare of options and standards were rare. Now there are all sorts of standards for printing but the nightmare still continues. Even printers that sell for $50 have multiple drivers, often support various printing protocols, have multiple driver updates, and then there is the printer installation software.
IBM brought its fiscal 2011 year to a close with modest gains in both revenue and net income, the company reported Thursday.
Intel reported strong revenue and profit growth in the fourth fiscal quarter of 2011, overcoming a sharp drop in revenue from its low-power Atom microprocessors and chipsets used in tablets and netbooks.
Microsoft revenue rose in the second fiscal quarter, while its profits dipped a bit.
Google's fourth-quarter revenue climbed 25% from a year earlier but was less than analysts had expected, pulling its stock price down 9% in after-hours trading Thursday.
Attackers seize on the trust victim?s have in the social network by setting up a tricky man-in-the-browser attack and demanding $25 in cash.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Google moved up three spots to claim the top position in Fortune's list of the 100 Best Companies to Work For in the U.S.
Review of the Galaxy Nexus smartphone, by Samsung.
Twitter has acquired Summify, a startup that summarizes content in people's Google, Facebook and Twitter social media feeds and delivers a daily digest via email, on a website or to a user's iPhone.
EasyPage 'docId' Parameter SQL Injection Vulnerability
Wikipedia and other sites that participated in an unprecedented Internet blackout Wednesday are back online and promising to keep the battle going against two controversial anti-piracy bills in Congress.
Apple today announced iBooks Author and iBooks 2, free applications that let educational publishers and teachers create and market K-12 textbooks and course materials for the iPad.
AT&T today unveiled data plans for new smartphone and tablet customers that will take effect on Sunday.
AlienZ has taken a visit to a Lebanon based website LebanonI.com whichis a free* service providing the world with a unique resource that allows to find any Lebanese, Arab, Arab-American business.

Windows Phone could represent nearly 17% of the smartphones shipped in 2015, edging out Apple's iPhone for the second-place ranking behind Android smartphones.
Advisory 01/2012: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow
Beyond addressing details about its big breach of 2011, RSA Security executives this week outlined its 2012 product strategy that is centered on three areas, mobility, anti-threat and cloud security.
To gain insight on the months ahead as they relate to IT attacks, malware, cloud security, and the impact of virtualization on security, we recently chatted with Simon Crosby, former CTO of Citrix Systems' data center and cloud business. Crosby recently founded a cloud security startup, Bromium, with Guarav Banga, former CTO and senior vice president at Phoenix Technologies, and Ian Pratt, chairman of Xen.org and co-founder of XenSource.
Yet again some schools have become victim to cyber attacks frm anonymous hackers. this time its for #opeurope.

Investigators confirmed that a 2006 breach at Symantec Corp. is the root cause of a source code leak of its Norton Antivirus software.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Microsoft Anti-XSS Library Bypass (MS12-007)
Just come across 2 more lots of Israeli personal details which contain, usernames, emails, passwords, phone numbers and business names. This is starting to become one of the major topics of the world with hundreds of hackers joining forces and dumping informations.

libexif 'exif-entry.c' Tag Format Conversion Heap Buffer Overflow Vulnerability
EXIF Library EXIF File Processing Integer Overflow Vulnerability
[security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information
Yet Another website has become victim to defacing against Israel. This one has been up for over 14days now which is a bit of a worry if the admin has not done anything about it yet, the defacing which takes place on the http://www.moshiach.com/tribes/ tribes home page contains graphic images and a video as well as a message.

@D35M0ND142 has attacked and dumped a load of accounts and data base information from a Korean website, Dubuweb.com.

Youve rocked up to work ready to start the day and get on with the list of jobs the boss has graciously gifted you with, when your daily routing of reviewing the logs brings the normal sigh as x.x.x.x is externally scanning and probing for open ports on the perimeter.
Depending on the security stance or care factor the offending IP address may go in a block list, be ignored, be investigated further or none of the above. Lets say that you want to report this so you do a quick WHOIS lookup on the offending IP address. There are plenty of web sites that offer WHOIS lookups but if you want to perform searches from the command line Swa Frantzens guide [1] is a great refresher.
This is where you can run in to a very frustrating road block of the Useless Contact Email Details. The two worst offenders are the fake email addresses ([email protected] being a favourite) or the horribly out of date email address of that goes deep into cyber space never to be seen again. One of the fun parts about being on the defensive team is trying to work out if its worthwhile telling someone their computers arent playing nice any more. So make it easy for them to do that and if someone makes that effort, be a good internet citizen and have a valid, current email address on the WHOIS record.
NOTE Before the screaming and tearing of hair occurs because Im advocating putting a valid email address that can be use be the evil smurfs gain information on you or the company, feel free to use on of the numerous WHOIS protection services that shields your email behind one of their email addresses. As long as the email gets to you, thats all that matters.
Fixing WHOIS record details is easy and straightforward*, so get it done and tick off that New Years resolution to help out the internet.
Oh, and should you get a call from someone notifying that something might be wrong with your systems, fellow handler Tom Liston came up with a fairly comprehensive list on how not to response to someone giving you the heads up [2].

[1] http://isc.sans.edu/diary.html?storyid=9325

[2] http://isc.sans.edu/diary.html?storyid=1260
* Unless you work for a big, very big company, so get raised a work ticket and have some poor soul work out how to do it and treat yourself to something nice.

Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
President Barack Obama is trying to encourage U.S. companies not to send work overseas. This might not be as hard a job as it seems for some types of IT work.
Sony Ericsson reported a net loss and a fall in revenue for the fourth quarter, further highlighting the struggles of many vendors who rely on Google's Android to power its smartphones.
Several major internet companies and thousands of concerned users are lighting up social networks in efforts to spread opposition to controversial anti-piracy bills now under debate in Congress.
an unknown source has dumped over 3500 accounts on pastebin with just emails and passwords. be sure to check wth ctrl+f for your account in case it was compromised.

FCA, who recently leaked 13,000 accounts from another French websites has also hacked sciencespo.fr and leaked out 80 or so emails and account logins as well as some admin logins.

A group going by the name FCA has attacked and hacked and dumped 13,000 Accounts from CRIF, Council of Jewish Institutions of France. this continues the week of on going data dumps that have been targeted at Jewish people.

THA, The hackers army, has been defacing hundreds of websites in the name of OpFreePalestine and now has become a victim of there own cyber war.

Well, this shows what hackers do when they are bored, innocent websites end up having data leaked.

China plans to require users of the country's Twitter-like microblogs to register with their real identities, and has already begun trials of the system in five cities, according to a Chinese official.
Struggling Eastman Kodak said Thursday that it and its U.S. subsidiaries have filed for Chapter 11 of the U.S. Bankruptcy Code to reorganize its business.


Symantec Admits It Was Hacked: Security Source Code Not Taken From Third-Party ...
The hacker group with the name Yama Tough, according to Infosec Island, stole the source code, some of which was published last week with the threat of more to come. At the time when the group announced its hack, Infosec Island reported Symantec's Sr. ...
Symantec source code breach saga continuesNaked Security

all 177 news articles »
Today across the world the a lot of main stream websites blackout in response to the SOPA/PIPA bills that the American government is fighting for. Lots of websites like Reddit, Wikipedia, Mozilla, google, boing boing and wordpress.org joined the widespread blackout, sadly CWN failed to get ready in time due to personal doings, sorry for this.

Internet Storm Center Infocon Status