InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Hoping to put a close on Monday's IE Zero-day vulnerability (https://isc.sans.edu/diary.html?storyid=14107) Microsoft has announced the release of a FixIt (http://support.microsoft.com/kb/2757760) to address the issue, with a patch to be made available via Windows Update this friday (http://blogs.technet.com/b/msrc/archive/2012/09/19/internet-explorer-fix-it-available-now-security-update-scheduled-for-friday.aspx)
Can we look forward to more timely security patch releases from Microsoft? That would be good news indeed. (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
We're barrelling down the runway at the Kennedy Space Center at about 300 kilometers per hour, and the Space Shuttle is well to the left of the center line.
Korenix Jetport 5600 Series Default Credentials Authentication Bypass Vulnerability
Security is failing to gain a priority in the rush to build and test mobile applications, according to a study by Capgemini.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Vulnerabilities in HTML 5 make it an emerging threat; however, SQL injection and XSS remain among the top attacks.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Google Chrome Prior to 19.0.1084.52 Multiple Security Vulnerabilities
The latest definition file for Sophos is having some unintended consequences. It is currently being discussed on their website: http://community.sophos.com/t5/Sophos-Endpoint-Protection/Is-any-one-else-seing-this-alert/td-p/29723
More to come.
Update 21:39 GMT Binary updates appear to be reaching customers now. (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
American Airlines Wednesday said it plans to deploy 17,000 first-generation Samsung Galaxy Note devices to flight attendants for use onboard its planes.
Sprint today denied that subscribers of its Virgin Mobile subsidiary are vulnerable to account hijacking attacks, as claimed by an independent software developer this week.
U.S. buyers of the iPhone 5 won't have international LTE roaming when the highly anticipated device hits the street on Friday, but information from Apple, the FCC and carriers offers glimmers of hope that foreign LTE networks will be in reach eventually.
Researchers from security vendor AlienVault have identified a variant of a recently discovered Internet Explorer exploit that is used to infect targeted computers with the PlugX remote access Trojan (RAT) program.
Salesforce.com CEO Marc Benioff on Wednesday doubled down on the company's embrace of social networking software, urging customers, partners and prospects to join him in a "social revolution," during a keynote address at the Dreamforce conference in San Francisco that was webcast.
A new attack ad by rival Samsung pokes fun at Apple customers who wait in line outside stores for the iPhone 5.
Arab-Israeli lawmakers and religious leaders Wednesday asked the Jerusalem District Court to force Google to take a controversial video off of YouTube.
Apple has officially released iOS 6, the latest update to the mobile OS that powers the iPhone, iPad and iPod touch. Michael deAgonia details what's new, what's changed and what still needs work.
Faced with the challenge of overseeing the health of large caching systems, a Facebook engineer developed heat-map software to quickly pinpoint problems in the social network's data centers.
Apache QPID NullAuthenticator Authentication Bypass Vulnerability
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A contentious debate has erupted on Wikipedia over questions about whether two high-profile contributors have been paid to promote articles on the site.
Apple's iPhone 5 goes on sale Friday, and many buyers are hoping to take advantage of its faster LTE network speeds.
Apple today shipped iOS 6, an upgrade that replaces Google Maps with Apple's own mapping technology and turn-by-turn GPS navigation.
Siemens SIMATIC S7-1200 SSL Private Key Reuse Spoofing Vulnerability
Volatility 2.2 RC1 is available and supports Linux images
The good folks in the Volatilty/Memory Analysis community have been pretty busy lately. Release candidate for version 2.2 has been recently published (http://code.google.com/p/volatility/downloads/list) which adds support for Linux and adds plugins addressing the Windows GUI. There is also a plugin that will pull the event logs from memory for XP and 2003. Take a moment to read through the release notes for 2.2 RC1: http://code.google.com/p/volatility/wiki/Release22
Month of Volatility Plugins
Last week, the Volatility Labs Blog started a Month of Volatility plugin series, to introduce the new features becoming available in 2.2 (http://volatility-labs.blogspot.com/2012/09/month-of-volatility-plugins-movp.html) Final release for 2.2 should be available in October.

Using Volatilty in the Workplace
I've employed volatility in a couple different ways in the workplace. Gathering a memory snapshot was added to our malware response process, so adding a few default volatility jobs to the analysis procedure made sense.
In other instances, it was used in an ad hoc fashion, depending on the particulars of the case. When used in this manner, I would install volatlity in with the case file itself, and scripts were used to create any volatility output that was later used in the write-up. While this was a waste of disk-space, it allowed for others to reproduce my work, and this was in the early days of Volatility where updates might break plugins that I'd used in a case. Now we're moving towards using a VM for each case so that the entire too-lset used in the investigation is

Dealing with Upgrades
In both methods, I'm still faced with how to deal with updates to the tool. In the former I run the risk of breaking the process. In the latter, it's not as big of a deal, since I would install the latest whenever a case was started. It may be a good idea to keep a couple of versions of volatility installed due to plugin dependencies.
When a particular finding is crucial in a case, it makes sense to verify that finding using different tools. Compare your volatilty results with those from say, Mandiant's redline or memoryze, or whatever commercial memory analysis tool you enjoy.
You should also follow a similar process with new versions of plugins. Test the new version on an old case's memory image (or compare using some of the example memory captures here: http://code.google.com/p/volatility/wiki/PublicMemoryImages)
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Microsoft CEO Steve Ballmer gave a ringing endorsement to two new HTC smartphones running Windows Phone 8 on Wednesday, raising questions about the status of the much-heralded Microsoft-Nokia partnership.
Apple followed through on past practice today and released iOS 6, the latest version of its mobile OS for the iPhone, iPad and iPod touch, today at 1 p.m. ET.
HTC, along with Microsoft, introduced Windows Phone 8X and 8S smartphones that will be the signature devices for the software maker's upcoming Windows Phone 8 OS.
HTC and Nokia are turning to brighter colors to help their Windows Phone 8-based devices stand out in the ultracompetitive smartphone sector.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
ampnbspOnline registration is now open for [email protected] 2012, a three-day symposium on cutting-edge forensic science research being performed at NIST. The symposium will run from Wednesday, November 28 - Friday, November 30, 2012, at ...
Dell announced servers based on designs the company is implementing in an upcoming 10-petaflop supercomputer called Stampede, which will be fully deployed at the University of Texas, Austin, starting next year.
Joomla! Language Switcher ModuleMultiple Cross Site Scripting Vulnerabilities
iOS 6 arrives today, and eager users everywhere are getting ready to upgrade their devices. If you're concerned about the upgrade process, or simply want to know all your setup options, let us help you upgrade your iPhone, iPod touch, or iPad to iOS 6 with this step-by-step guide.
Salesforce.com on Wednesday revealed more details of its upcoming Chatterbox file-sharing service, which is set to compete with the likes of Box and Dropbox, as well as a new identity management platform called Salesforce Identity.
Heroku's is aiming to expand its platform so businesses rely on it for core business needs, not just user-facing Web apps
The Samsung Galaxy S3 can be hacked via NFC, allowing attackers to download all data from the Android smartphone, security researchers demonstrated during the Mobile Pwn2Own contest in Amsterdam on Wednesday.
Samsung's Galaxy Note II will go on sale by mid-November at AT&T, Verizon Wireless, Sprint, T-Mobile USA and US cellular, Samsung said Wednesday.
iOS 6 brings some changes to its three on-board stores: the iOS App Store, the iTunes Store and iBookstore. These changes don't change functionality as much as they improve navigation and usability. The result is a more pleasant shopping experience in all three.
Your favorite virtual assistant now knows a lot more than it ever did before. Beyond merely knowing answers to more kinds of questions, Siri in iOS 6 gains new functionality, simplifies some common tasks, and provides more useful results, too. And, for the first time, Siri in iOS 6 works on the iPad -- as long as it's a third-generation model or newer.
When Apple first unveiled the iPhone in 2007, the company partnered with Google to deliver maps and directions for its users. Five years later, Apple is for the first time providing its own mapping solution.
Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities
After almost a year of preparation, The OpenStack Foundation has launched as a stand-alone nonprofit organization, freeing its namesake stack of open source cloud hosting software from the management of hosting provider Rackspace.
Apple, along with four major e-book publishers, have offered retailers such as Amazon the option to set their own prices for e-books for the next two years in a bid to end an antitrust investigation in the E.U.
[SECURITY] [DSA 2550-1] asterisk security update
Dutch security researchers hacked an iPhone 4S on Wednesday, showing how a malicious webpage can send all pictures, address book data and browsing history on the phone to a server of the attacker's choice.
The recent Dropbox data breach has many IT executives telling employees not to use it. These five products offer the administrative and security features that may restore their faith in cloud data storage.


Re-Building the Infosec Team
Re-Building the Infosec Team. Symantec's CISO on Redefining Security's Role. By Jeffrey Roman, September 19, 2012. Credit Eligible. Save to My Briefcase; Send Email. Tweet Like LinkedIn share. Re-Building the Infosec Team. Listen To This Interview ...

Samsung Electronics' semiconductor arm has begun volume production of 128GB embedded memory modules for next-generation smartphones, tablets and other mobile devices, the company said on Tuesday.
Apple's practice of releasing a new iPhone once every year is dulling the company's competitive edge, according to Chinese handset maker ZTE, as rival smartphone vendors are bringing their own cutting-edge devices at a quicker pace to meet consumer demand.
The Wi-Fi Alliance has launched a certification program for its Miracast video transmission specification, offering a seal of approval that should ensure many different phones, tablets, laptops, TVs and other products can send video to each other without cables.
Google has restricted access in Saudi Arabia to a controversial movie trailer on YouTube that mocks the Prophet Muhammad, the company said Wednesday, taking the total number of countries where it has blocked the video to six.
Microsoft this week raised prices of its Office suite by as much as 17% and eliminated multi-license packs, all part of a plan to push consumers and small businesses toward new subscription programs, analysts said.
One software company is requiring all its employees -- from the CEO on down -- to learn JavaScript. The goal: A better understanding of what customers and engineers need.
Millions of subscribers to Virgin Mobile's services in the United States are wide open to account hijacking because of the insecure manner in which the company authenticates users to their online accounts, an independent software developer warned this week.
The company says that it plans to release a Fix-it tool to close the critical vulnerability in Internet Explorer in the next few days; this will be a temporary solution until a suitable update is made available


Posted by InfoSec News on Sep 19


By Molly Oswaks
Sep 18, 2012

A group of hackers calling themselves Izz ad-din Al qassam have claimed
responsibility for taking down Bank of America's website today about
10am EST.

Their reason for action? Displeasure with an anti-Islam film—which,
though they never directly mention it by name, it seems safe to assume

Posted by InfoSec News on Sep 19


By John E Dunn
Computerworld UK
17 September 12

Another Scottish council faces an embarrassing investigation after an
unsecured laptop was stolen from the home of a consultant working on
child fostering cases for Edinburgh City Council.

The unencrypted laptop is believed to have contained details of “dozens”

Posted by InfoSec News on Sep 19


By A. Mitchell
September 18th, 2012

It would appear high stakes pro “MicahJ” has just become the latest
player to fall prey to an online poker scam after having his Lock Poker
account, whose username was “GimmeDAT,” cleared of over $100,000 of his

Apparently, the devastating hack scam seems to have been...

Posted by InfoSec News on Sep 19


By Ericka Chickowski
Contributing Writer
Dark Reading
Sep 18, 2012

The extreme pressure on developers from line-of-business leaders to push
out new web application feature sets as quickly as possible, combined
with a lack of security development objectives or actionable security
guidance, continues to...

Posted by InfoSec News on Sep 19


By Tim Greene
Network World
September 18, 2012

Researchers have cracked the password protecting a server that
controlled the Flame espionage botnet giving them access to the malware
control panel to learn more about how the network functioned and who
might be behind it.

Kaspersky analyst Dmitry Bestuzhev cracked the hash for the password
Sept. 17 just hours after...
Internet Storm Center Infocon Status