InfoSec News

The FBI said this afternoon that it had arrested a total of fourteen individuals thought to belong to the Anonymous hacking group for their alleged participation in a series of distributed denial-of-service attacks (DDoS) against PayPal last year.
Lenovo's Essential series is its budget-friendly notebook line. Unfortunately, while the Essential G570 performs like a budget laptop, it can often costs as much as speedier and more full-featured business laptops. Our review system, as configured, will cost you $750.
Intel's acquisition of Ethernet chip vendor Fulcrum Microsystems is just the latest step in integrating the components within data centers to help them work smoothly as a single virtual system.
Oracle PeopleSoft Enterprise FIN CVE-2011-2250 Remote PeopleSoft Enterprise FIN Vulnerability
Oracle Enterprise Manager Grid Control CVE-2011-0845 Remote Database Control Vulnerability
With Tuesday's release of version 1.7, Joomla has been redesigned to support jobs beyond its typical duties of Web content management. Administrators and developers can now use Joomla's underlying platform as the basis for other types of Web applications as well.
Yahoo's total revenue took a steep dive in the second quarter as it struggled in display advertising, a core market where it has historically been a leader. The company managed to increase its profit by 11 percent, however.
Apple reported solid earnings for its fiscal third quarter, with strong iPad and iPhone shipments boosting profit and revenue, the company said.
Oracle Oracle Enterprise Manager Grid Control CVE-2011-0875 Remote EMCTL Vulnerability
Oracle Enterprise Manager Grid Control CVE-2011-0848 Remote Security Framework Vulnerability
(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Apple will launch its Lion operating system tomorrow, the company's chief financial officer said Tuesday.
A growing number of ERP software customers are considering a jump to third-party software support providers, according to new data from analyst firm Constellation Research.
Internet activist Aaron Swartz faces computer hacking charges.
Some Apple board members have discussed a CEO succession plan with executive recruiters following Steve Jobs' departure on medical leave earlier this year, the Wall Street Journal reported.
(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Brent wrote in in response to ChrisM's diary about preformance monitoring.

One of the things I stress to other admins is the importance of performance monitoring. Not only is it useful for

diagnosing performance bottlenecks, but it's useful from a security perspective too, provided someone is willing to

skim performance graphs on a regular basis to get a feel for what normal is.

For instance, we track the query stats on our DNS servers and back in March I saw an odd jump in query failures on

one of our external DNS servers.

A look at a 2nd graph

showed that these queries were for A records. When I see an anomaly like this (things that make me say hmmm) I go investigate. In this case, it was a flood of queries for hostnames/domains our DNS servers weren't authoritative for (and, of course, they're set up to refuse recursive queries).

What was interesting was these queries initially came from a wide variety of IPs (many of which were in RBLs as

compromised systems) and soon thereafter, they were coming from our IP space, but mostly from blocks not currently

in use.

Checking performance stats has exposed all sorts of things - misbehaving software doing dozens of queries per second

for the same hostname, a compromised system looking up millions of MX records to try to send spam, someone running a

portscanner (and causing a big spike in rejected packets from our egress filters), etc. Ya never know what you'll find, if you just go look regularly. :-)

I couldn't agree with Brent more. Health and preformance monitoring tools can and should be used to detect security related events. Peacetime learning or monitoring while not under attack or unusual load is used in DDOS detection. Netflow which is commonly used to detect DDOS attacks today was originally designed for BILLING on burstable pipes:)

SNMP monitoring is fequently used to detect attacks against a system. If the memory or other resources suddenly goes

WAY UP you can bet something is wrong and in many cases that will be a security related event. So if your preformance and health monitoring team isn't tied tightly to your security team you may want to introduce them.

Lastly the triad of security are fequently referred to by the TLA, CIA.

Confidentiality, Integrity, and Availability (2 new ones were added a while back Authenticity and Non-Repudiation).

Availability is either one third or one fifth of security practitioner's job, depending on which version of the triad your following.

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
With increasing dependency on information systems and advances in cloud computing, the smart grid and mobile computing, maintaining the confidentiality and integrity of citizens personally identifiable information is a growing challenge. ...
Researchers at the National Institute of Standards and Technology (NIST) have released for public comment updated specifications for the Security Content Automation Protocol (SCAP), which helps organizations find and manage ...
Google will offer a Google+ app for the iPad and iPod Touch 'soon,' a company product manager said today.
LinkedIn CEO Jeff Weiner raised a few eyebrows when he predicted the demise of Google+, which has been attracting attention and gaining momentum.
The FBI has reportedly arrested more than 12 people in what appears to be a nationwide crackdown against alleged members of the Anonymous hacking group.
After a great State of the Internet Panel at SANSFire 2011 with the Internet Storm Center Handlers we began to reflect on Phishing, Spear Phishing, FAKE-AV etc and how this threat is never going away.

In another episode of Handlers have lives too we get Phishing and run into strangeness as well. While sitting at our Handler Dinner a Handler Phone buzzed with a text message. Not unusual, but when examined a good gut chuckle rumbled out of the handler (By the way, that handler was me).

The message then got passed around to the rest of the handlers. It was then that Dr Johannes Ullrich, our boss, said Take a screenshot and post it.

On a serious note, after taking a look at this screen shot, ask yourself, who would fall victim to this? Notice the optout,reply,stop?

One of our sister sites has great information on Securing the Human OS and this plays right into that shameless plug [1]. Technology is so pervasive and only going to get more complex.

Richard Porter
--- ISC Handler @ SANSFire 2011 (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
His Miami Heat team lost the NBA finals to the Dallas Mavericks last month and now Dwyane Wade is headed back to a Texas court, but not to play basketball.
Apple today approved the Google+ app for the iPhone, and posted it to the App Store.
The FBI today raided several homes in New York and California as part of an ongoing investigation into recent DDoS attacks allegedly launched by members of the Anonymous hacking group.
libvirt 'VirDomainGetVcpus()' Function Remote Integer Overflow Heap Corruption Vulnerability
Oracle has updated its open source VirtualBox virtualization software to make it more suitable for widescale enterprise deployments, the company said Tuesday.
CEO Jeff Weiner sees the social network as a place for professionals to show off their experiences and skills.
Intel is acquiring networking chip company Fulcrum Microsystems for an undisclosed amount in an effort to boost its networking offerings.
Industry analysts say Mac sales in the U.S. increased by as much as 15% in the second quarter, making Apple one of only two of the top five computer makers to post positive gains.
JBoss Seam Expression Language (EL) CVE-2011-2196 Remote Code Execution Vulnerability
[SECURITY] [DSA 2280-1] libvirt security update
[SECURITY] [DSA 2279-1] libapache2-mod-authnz-external security update

Posted by InfoSec News on Jul 19

Forwarded from: DeepSec Conference <deepsec (at)>

For the fifth time the DeepSec In-Depth Security Conference invites
security researchers and professionals to submit suggestions for talks
and workshops for our conference which will take place in November 2011
in Vienna. Please visit our updated website for more details about the
venue, the schedule and information about our past conferences:


Posted by InfoSec News on Jul 19

By Kevin Poulsen
Threat Level
July 18, 2011

They're back. The hacker gang LulzSec, after declaring retirement last
month, cracked the Rupert Murdoch -- owned New Times on Monday and used
it to host a fake news story declaring that the embattled media mogul
had been found dead at his home.

The web defacement took the form of a mock article from Murdock's The
Sun, with the...

Posted by InfoSec News on Jul 19

By Kelly Jackson Higgins
Dark Reading
July 18, 2011

The effort to unmask and apprehend the criminals behind the massive
Rustock botnet heated up today as Microsoft put up a $250,000 reward for
new information on the botnet's operators.

Rustock -- which in March was knocked offline by...
Readers and Handlers, Handlers and Readers, its a fantastic symbiotic relationship that keeps both parties informed, on their toes, looking at another side of the story which, in my humble option, makes us all better security professionals.
Without the support, information, questions, comments, heads-up, jokes, packet captures*, time and energy supplied by you, the readers, the Internet Storm Center (ISC) cant be the resource it is today. If you attended the Handlers talk at SANSfire this year, this was the final comment from the assembled handlers. We need you to help us to help the collective you. Keep writing in with what youre seeing, what you have to deal with and, heck, if you disagree with what weve said.
Being the new kid on the handlers team, seeing the information coming makes me want to be better at my day job. Ive been reading the ISC for a good number of years, but never thought of writing in with what I was seeing on my systems and networks. My mistake. The more we share, discuss and debate, the more we learn. To steal a film quote The only way to get smarter is by playing a smarter opponent.** Well, there are plenty of smarter, well-funded and co-ordinated opponents out there, so give yourself a helping hand and share what you it may help someone else make sense of what they are seeing and from a collaborative effort provide an answer for you.
So drop us links to stories and events that you think are important, add comments to the diaries, share with us what you are encountering and struggling with. We wont always have the answer, but at least youll have someone else to offer their suggestions.

*We NEVER get bored of looking through packet captures, especially when trying to solve a puzzle posed or determine if something is happening
** Quote from the Guy Ritchie film Revolver which appears to have been made up for the film, not the mythical Fundamentals of Chess -- 1883 unless they were Geezers back in the day. Unlikely, but Johannes Zukertort was a bit of a card [1].
Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
The U.S. International Trade Commission has terminated an investigation into a complaint by Apple that Eastman Kodak infringed on some of its patents in its cameras.
China's leading search engine Baidu will now pay three major record companies for music downloads on its site, after years of facing criticism for hosting links to pirated songs.
User satisfaction with Facebook is low enough that the social networking site risks losing significant market share to Google+, according to a new study.
Moving your applications to a cloud is only the beginning. Now you need to monitor and manage the cloud to make sure your apps are performing as promised and that you're getting your money's worth.
Freefloat FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
Wireshark Prior to 1.6.0 Multiple Denial of Service Vulnerabilities
Microsoft upped the ante on Monday in its months-long battle against the Rustock botnet by posting a $250,000 reward for information that leads to the arrest and conviction of the hackers who controlled the malware.
libpng Buffer Overflow and Denial of Service Vulnerabilities
Internet Storm Center Infocon Status