InfoSec News

A reader reported receiving the following e-mail (modified to anonymize):

From; [email protected]

To: [email protected]

Subject: Fwd: Scan from a HP Officejet #123456

A document was scanned and sent

to you using a Hewlett-Packard HP Officejet 28628D


Images: 4

Attachment Type: Image (.jpg) Download

I do not have a printer like this, but it is possible that a multifunction device will send scanned documents as an e-mail in this form. In this case, the links, which I simulated above using a blue underlined font, both lead to a now defunct URL: http://freebooksdfl (dot) info/main.php . The domain is marked as suspended for spam or abuse in whois. One of our handlers reports seeing similar e-mail but not being able to capture any of the content on related links so far.

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Observing never ending port scans against my systems was one reason I started DShield.org back in 2000. Still today, DShield shows that these scans continue to happen today. It is the goal of a port scan to find vulnerable services. Later, the attacker will use this recognizance to exploit these services.
In order to protect yourself, two basic measures need to be taken:
1 - limit listening services.
As part of your standard configuration, you should turn off all unneeded services. A service that is not running can not be attacked. Of course, you will also need to monitor any changes to this standard configuration. The control of listening services should not stop at controlling services commonly installed on the particular host, but the control should include rogue services as well.
Here are a few ideas to review listening services on hosts:

review the output of netstat regularly. Netstat will show any listening services. Of course, in the case of rogue services, an attacker may use root kits to mask these services from tools like netstat.
review ephemeral port usage. If a port is used by a listening service, it can not be used as an ephemeral portal for outbound connections. You will see a gap if you plot all used ephemeral ports on a system.
regular port scans. Periodically scan your systems for listening ports. However, be aware that an attack may have masked the use of the port and will only respond to requests from a particular source
Network monitoring: Tools like pads are able to detect new services on a network passively. This may enable you to detect hidden services as soon as the attacker connects to them.

2 - applying firewall rules.
Back in 2000, firewalls were a lot less common then they are today. Today, systems arrive with host based firewalls. Many times, the firewall is already enabled to block all inbound traffic by default. In addition to host based firewalls, a well designed network should include network firewalls and take advantage of capabilities in devices like switches to further limit network traffic.


Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Amazon, IBM, Rackspace reps debate cloud security and availability, along with use of SQL and database connectivity in the cloud at ZendCon
Oracle Java SE CVE-2011-3545 Remote Java Runtime Environment Vulnerability
Oracle Java SE CVE-2011-3550 Remote Java Runtime Environment Vulnerability
Oracle Java SE CVE-2011-3557 Remote Java Runtime Environment Vulnerability
Sergey Brin initially considered the Circles content-sharing mechanism on Google+ to be too complicated, but after he started using the site he changed his mind and now thoroughly enjoys using the company's social networking site.
Oracle Java SE CVE-2011-3546 Remote Java Runtime Environment Vulnerability
Oracle Java SE CVE-2011-3561 Remote Java Runtime Environment Vulnerability
Oracle Java SE CVE-2011-3516 Remote Java Runtime Environment Vulnerability
Ultrabooks with Microsoft's upcoming Windows 8 OS are due to reach market next year, and the OS could help propel demand for the devices, an Intel executive said this week.
Google has a new competitor: '80s pop music superstar MC Hammer.
Amazon's new Silk browser, which has already raised concerns from security experts and legislators, got a mixed review from a major privacy advocacy group.
Symantec and McAfee appear to have come to slightly different conclusions about the specific dangers posed by a newly discovered Trojan program called Duqu.
With their budgets seeing little increase, IT managers are being urged by Gartner Inc. to reexamine many of their long-followed IT practices and then, quite simply, kill them.
Ford is testing technology that would create a wireless network between cars and with cloud-based services to enable drivers to avoid traffic jams, speed traps or even find out their last blood glucose level.
Small and midsized organizations will deploy cloud services more readily than their larger counterparts, predicted the IBM general manager for midmarket sales at a company event Tuesday. As a result, IBM is aggressively pursuing this market, namely by helping partners market the company's PaaS (Platform-as-a-Service) to these potential customers.
"You have to be a masochist to want to be an IT person,'' says Robert Carter. And he would know. Carter is the soft-spoken, hard-driving CIO who has been fighting for the past 11 years to transform IT operations at FedEx, where "the planes don't fly and trucks don't roll without IT services.''
Apple today launched a tribute page for its co-founder, Steve Jobs, posting some of one million messages it received after the death of the iconic entrepreneur.
Google has started rolling out to its Analytics accounts a new feature that displays graphically for Web publishers how people are moving across their sites.
Outsourcing IT functions such as payroll, website hosting, email, or enterprise resource planning (ERP) has long been normal for businesses of all sizes. But outsourcing critical IT functions including database servers, file servers, document storage, or application development, gives many organizations pause.
Symantec researchers said an early analysis of Duqu has found that it could be a precursor to a future Stuxnet-like attack.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
The QNAP NAS leads the pack with a smooth Web GUI and excellent performance Insider (registration required)
Users are continuing to sell older iPhones in record numbers to get cash for Apple's newest iPhone 4S, a pair of buy-back firms said today.
Google disclosed numerous innovations in Android 4.0, also called Ice Cream Sandwich, during a Webcast demonstration Wednesday using the coming Samsung Galaxy Nexus smartphone.
ARM Holdings has introduced the Cortex-A7, an upcoming microprocessor design that will be used in sub-US$100 smart phones, as well as in high-end smart phones as a companion chip to the more powerful Cortex-A15.
VMware is launching the Rapid Desktop Program, which allows OEMs to build pre-configured appliances for desktop virtualization, making it easier for enterprises to start using the technology, the company said at VMworld in Copenhagen.
Last week, we covered how to evaluate code that is developed to extend cloud applications. Now we're going to take a look at coding and system modification strategies that can make the system more fragile over time. Since CRM systems have requirements that seem to evolve endlessly, durability of your code is a key success factor to long-run success of these systems.
OpenOffice Microsoft Word File Format Importer Multiple Unspecified Security Vulnerabilities
ldns 'rr.c' Remote Heap Buffer Overflow Vulnerability
The Synology hardware is solid and fast, but the software and cloud services lag leading competitors Insider (registration required)
Neurotechnology is evolving to the point where humans will be able to communicate with computers through thought, allowing us to navigate the web just by thinking what we want.
Microsoft CEO Steve Ballmer Tuesday touted the success of the Bing search engine in the back yard of rival and search king Google.
The Thecus NAS is fast and flexible, but lacks the simplicity and ease that business users need Insider (registration required)
Enterprises should consider public cloud services first and turn to private clouds only if the public cloud fails to meet their needs.
Five- and six-bay NAS cabinets from Iomega, Netgear, QNAP, Synology, and Thecus compete on speed, ease, and business features
MIT Kerberos Multiple Denial of Service Vulnerabilities
At VMworld this week, VMware demonstrated vCenter Operations for View, an upcoming management tool that will allow enterprises that have rolled out virtual desktops to get more insight into how their environment is performing and possible problems.
NetSuite on Wednesday announced a series of enhancements and offerings meant to make its on-demand ERP (enterprise resource planning) software more desirable to larger companies, particularly those with international operations.
Criminals are embracing methods to trap debit and credit cards in ATMs for retrieval later, a move believed to be motivated by better security measures designed to ensure card details are not copied at the machines, according to an industry group.
IBM on Wednesday introduced mainframe and Power-based systems for analytics in an effort to compete with Oracle's Exadata.
As consumers use PCs, smartphones and tablets, to research, compare prices and buy products, the line between brick-and-mortar and online stores is getting harder to delineate.
Apple on Tuesday reported selling a record number of iPads and Macs in the third quarter but missed the aggressive targets set by Wall Street analysts for the iPhone.
VMware and Nvidia will work together to implement the graphics company Quadro's Virtual Graphics platform on VMware’s View virtual desktop platform in order to allow more users to ditch the traditional workstation.
CSC's Chairman and CEO, Michael W. Laphen, plans to retire from his position no later than a year from now, the company announced on Tuesday.
China has become Apple's second-largest market behind the U.S., with revenues increasing almost four times year-over-year for this past quarter, according to company CEO Tim Cook.
Google is rolling out over the next weeks default encryption using SSL on searches for users signing in with their accounts, the company said Tuesday.
Oracle has released a new Java security update to address multiple vulnerabilities, including one exploited during a recently disclosed attack that can allow eavesdropping on encrypted communications.
Running on Verizon's 4G LTE network, this super-svelte Gingerbread-based smartphone offers top-shelf hardware and some nice extras.

Posted by InfoSec News on Oct 19


By Murray Wardrop
The Telegraph
18 Oct 2011

The Foreign Secretary revealed that Britain has developed new weapons to
counter the threat from computer hackers and is prepared to strike first
to defend the nation’s infrastructure and businesses.

He warned that with an ever-changing battlefield, the Government was

Posted by InfoSec News on Oct 19


By Chris Kanaracus
IDG News Service
October 18, 2011

Oracle on Tuesday will release 76 patches affecting hundreds of its
products as well as Java SE.

Fifty-six of the patches are aimed at Oracle products, and due to the
danger of a successful attack, customers should apply them immediately,
Oracle said.

Affected products include Oracle's 11g and 10g...

Posted by InfoSec News on Oct 19


By Ryan Singel
Threat Level
October 18, 2011

Google radically expanded Tuesday its use of bank-level security that
prevents Wi-Fi hackers and rogue ISPs from spying on your searches.

Starting Tuesday, logged-in Google users searching from Google’s
homepage will be using https://google.com, not http://google.com — even
if they simply type google.com into their...

Posted by InfoSec News on Oct 19


By Jaikumar Vijayan
October 18, 2011

Security vendor Symantec is warning of a new malware threat that it says
could be a precursor to the next Stuxnet.

The new threat, dubbed W32.Duqu, is a remote access Trojan (RAT) that
appears to have been written by the authors of Stuxnet, or at least by
someone who has access to Stuxnet...

Posted by InfoSec News on Oct 19


By Kevin L. Jackson

Today at the GEOINT 2011 Symposium in San Antonio, TX, Director of
National Intelligence Jim Clapper told the almost 4000 attendees that
the United States Intelligence Community will use cloud computing as a
tool to meet aggressive budget reduction targets. As heard by my own
ears and...
Oracle Java SE CVE-2011-3552 Remote Java Runtime Environment Vulnerability
Oracle Java SE CVE-2011-3553 Remote Java Runtime Environment Vulnerability
Oracle Java SE CVE-2011-3547 Remote Java Runtime Environment Vulnerability
Oracle Java SE CVE-2011-3558 Remote Java Runtime Environment Vulnerability

ACM Group Honors Computer Privacy and Security Experts
A consultant to the Burroughs Corporation and IBM, he was a member of several US government INFOSEC Study Groups that set research agendas in information security. Iyer is director of the Center for Reliable and High-Performance Computing at the ...

and more »
Google and Samsung on Tuesday unveiled the Galaxy Nexus phone running Ice Cream Sandwich, the latest version of Android.
Internet Storm Center Infocon Status