InfoSec News

Google's decision to change CEOs, announced on the same day it reported yet another blockbuster quarter, begs the question of whether the company is trying to fix something that isn't broken.
 
The Silicon Valley companies that store our personal data have a growing responsibility to protect it from government snooping, according to Daniel Ellsberg, the man who leaked the Pentagon Papers.
 
Google's decision to change CEOs, announced on the same day it reported yet another blockbuster quarter, begs the question of whether the company is trying to fix something that isn't broken.
 
Gibbs loves the Belkin Bluetooth Music Receiver and the Eye-Fi Pro X2.
 
HP OpenView Storage Data Protector Cell Manager 'crs.exe' Remote Code Execution Vulnerability
 
Four Hewlett-Packard board members who reportedly played a central role in the company's decision to replace CEO Mark Hurd are themselves being replaced, HP announced Thursday.
 
Advanced Micro Devices (AMD) on Thursday reported net profit for the fourth quarter that beat forecasts, due mainly to income from a patent license and a legal settlement with Samsung.
 
Every now and then I run into a laptop bag or case that I just can't wrap my mind around. Slappa's HardBody Pro is just such a product.
 
Is the Verizon iPhone superior to AT&T? By detailing the methodologies of IT villains, is Computerworld helping breed a smarter generation of thieves?
 
Verizon has filed a legal challenge to FCC net neutrality rules.
 
The working group for HTML has done away with version numbers for the Web page rendering standard.
 
Members of the U.S. IT sector are more confident now in their business prospects than they have been in the last year and a half, according to a new survey released by the Computing Technology Industry Association.
 
WikiLeaks officials deny claims by a security firm that it has obtained some sensitive documents on P2P networks rather than from anonymous whistleblowers.
 
CCID Card Serial Number Integer Overflow Vulnerability
 
The popularity of Apple and Google Android mobile devices could put them at risk of falling in the crosshairs of cybercriminals.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Verizon has filed a legal challenge to FCC net neutrality rules.
 
All of Google's strategic initiatives this year are about mobile, the company's CEO, Eric Schmidt, wrote in an article for the Harvard Business Review titled "Preparing for the Big Mobile Revolution."
 
Google co-founder Larry Page will take over as Google CEO in April from Eric Schmidt, who will remain with the company as executive chairman.
 
Sahana Agasti Multiple Input Validation Vulnerabilities
 
Citrix Provisioning Services 'streamprocess.exe' Component Remote Code Execution Vulnerability
 
Apple's new "Pentalobular" screw for iPhone 4s, MacBook Pros and MacBook Airs stymies do-it-yourselfers from making repairs.
 
Millions of e-mail addresses and passwords may have been stolen from Trapster, an online service that warns iPhone, Android and BlackBerry owners of police speed traps, the company said.
 
Apple's efforts in China appear to be paying off, an analyst said today, breaking into the market by doing an end-around the high price of Macs and selling less expensive smartphones and tablets.
 
The Open Source Initiative fears that the CPTN consortium will use its Novell patents for nefarious purposes
 
T-Mobile CEO Philipp Humm told a gathering of analysts and journalists Thursday that the company will soon launch 4G versions of the Samsung Galaxy S and the T-Mobile Sidekick phones.
 
SQL Injection in Pixie
 
libuser 'luseradd' Default Password Security Bypass Vulnerability
 
[USN-1046-1] Sudo vulnerability
 
DotNetNuke Remote Code Execution vulnerability
 
[SECURITY] [DSA 2149-1] Security update for dbus
 
A one-year bonus depreciation tax credit could significantly boost IT spending this year, say financial industry experts.
 
Looks like there is a new twitter worm out there. There are an increased number of messages like the following ones:



Those short URL points to the servers providing the malware. The following are some of the malicious URL I could gather (CAREFUL: THEY ARE STILL ACTIVE):

http://cainnoventa.it/m28sx.html
http://servizialcittadino.it/m28sx.html
http://aimos.fr/m28sx.html
http://lowcostcoiffure.fr/m28sx.html
http://s15248477.onlinehome-server.info/m28sx.html
http://www.waseetstore.com/m28sx.html
http://www.gemini.ee/m28sx.html

After clicking to the URL, you are sent to a faveAV web page:


The malware downloaded is named pack.exe, md5 264ebccca76bdb89f4ae9519c4cd267e, sha1 d16573ce7ce7710865b34bc1abeef699c20549ed. 2 of 43 AV from virustotal detect it as SecurityShieldFraud as of january 20 2011 16:19:58 UTC.

When the malware infects the machine, it copies itself to C:\Documents and Settings\your username\Local Settings\Application Data\mbcjmhny.exe, ensures that cmd.exe exists, kill the malware, deletes the downloaded malware and starts it again from the location it copied itself with the following instruction:

C:\WINDOWS\system32\cmd.exe /c taskkill /f /pid 1576 ping -n 3 127.1 del /f /q C:\pack.exe start C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\mbcjmhny.exe -f

Wewill keep analyzing the malware and post an update with more information.
-- Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Oracle is planning to announce what it calls "a dramatic leap in storage technology" during a Jan. 31 webcast.
 
Cobol applications now can be deployed to the Java Virtual Machine as well as to Windows Azure for the first time
 
Researchers have developed a low-profile Trojan horse program for Google's Android mobile OS that steals data in a way that is unlikely to be detected by either a user or antivirus software.
 
The aerospace and medical community has come together to urge the Federal Communications Commission to quickly adopt a plan for a frequency band for medical body area networks, which would allow wireless health monitoring.
 
Rommel asked the Windows forum why the OEM version of Windows 7 is cheaper than the upgrade version. Both were from the same retailer.
 
NTP 'ntpq' Stack Buffer Overflow Vulnerability
 
The FBI said attackers are emailing malicious job applications to businesses that contain malware that steals banking credentials and wire transfers stolen money to the Ukraine.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
PHPCMS 'flash_upload.php' SQL Injection Vulnerability
 
[security bulletin] HPSBMA02625 SSRT100138 rev.1 - HP OpenView Storage Data Protector, Remote Execution of Arbitrary Code
 
InfoSec News: Oracle patching fewer database flaws as it adds more products: http://www.computerworld.com/s/article/9205560/Oracle_patching_fewer_database_flaws_as_it_adds_more_products
By Jaikumar Vijayan Computerworld January 19, 2011
Oracle Corp.'s ability to address vulnerabilities in its core database technologies may be hampered by the vast number of products the company now must manage, security experts say.
For example, the list of Oracle's quarterly security updates released Tuesday includes only six patches for security flaws in the company's flagship database products. The other 60 patches released fix bugs in Oracle's Fusion middleware technologies, its supply chain and CRM software and products gained from its acquisition of Sun Microsystems early last year.
The small number of database patches doesn't necessarily mean that the Oracle technology is becoming more secure, said Alex Rothacker, director of security at Application Security Inc.'s Team Shatter vulnerability assessment group.
Rather, it likely shows that the company doesn't have the capacity to fix the full list of Oracle database flaws reported to it in a timely fashion, said Rothacker, whose team of researchers discovered three of the six database flaws addressed in this week's update.
[...]
 
InfoSec News: Two Arrested For AT&T iPad Network Breach: http://www.informationweek.com/news/storage/security/showArticle.jhtml?articleID=229000863
By Thomas Claburn InformationWeek January 19, 2011
United States Attorney Paul J. Fishman on Tuesday announced the arrest of "two self-described Internet 'trolls'" for their alleged involvement [...]
 
InfoSec News: Smartphone Hack Highlights More GSM Woes: http://www.darkreading.com/insider-threat/167801100/security/vulnerabilities/229000934/smartphone-hack-highlights-more-gsm-woes.html
By Kelly Jackson Higgins Darkreading Jan 19, 2011
ARLINGTON, VA -- Black Hat DC -- A European researcher today showed how [...]
 
InfoSec News: N. Korea hackers attack defector website: report: http://www.terra.net.lb/wp/Articles/DesktopArticle.aspx?ArticleID=556440&ChannelId=16
TerraNet January 19, 2011
Suspected North Korean hackers have launched a cyber attack on the website of a radio station that has aired harsh criticism of the country's communist regime, defectors said Tuesday. [...]
 
InfoSec News: Casino Gambler Databases Becoming A Key Tool For Hackers: http://www.casinogamblingweb.com/gambling-news/casino-gambling/casino_gambler_databases_becoming_a_key_tool_for_hackers_56344.html
By Tom Jones Staff Editor CasinoGamblingWeb.com January 19, 2011
Players club points can be a valuable commodity when it comes to [...]
 
InfoSec News: EU Carbon Trading Declines as Regulator Halts Spot Market on Hacking Probe: http://www.bloomberg.com/news/2011-01-20/carbon-trading-declines-as-eu-regulator-halts-spot-market-on-hacking-probe.html
By Ewa Krukowska and Mathew Carr Bloomberg Jan 20, 2011
Futures trading in European Union carbon allowances fell and an investors group said it was “very concerned” after regulators disabled spot transactions in the world’s biggest emissions program because of alleged hacking.
Volumes shrank to about 305,000 metric tons in the first 90 minutes of trading, or a rate of 200,000 tons per hour, compared with yesterday’s 1.2 million. Prices for EU permits for December 2011, which fell yesterday the most in a week, were little changed today at 14.40 euros ($19.45) a metric ton as of 10:10 a.m. on the ICE Futures Europe exchange in London.
The European Commission suspended most operations yesterday at all 30 of the region’s greenhouse-gas emissions registries after a Czech firm reported about 6.8 million euros of carbon allowances stolen in a hacking attack. The Nasdaq OMX Commodities exchange said today it's suspending trading and clearing of prompt-delivery EU allowances, or EUAs, and United Nations-supervised Certified Emission Reductions “until further notice.”
“Trading in and clearing of EUA and CER forward, futures and options remains open,” Nasdaq said in an e-mailed statement. “However, the situation will be closely monitored to ensure that orderly trading and clearing can take place.”
[...]
 
InfoSec News: Lame Stuxnet worm 'full of errors', says security consultant: http://www.theregister.co.uk/2011/01/19/stuxnet_male_decry_security_researchers/
By John Leyden The Register 19th January 2011
Far from being cyber-spy geniuses with ninja-like black-hat coding skills, the developers of Stuxnet made a number of mistakes that exposed [...]
 
As we create the infrastructure for mobile electronic payments, we have to get the security right.
 
Sony Ericsson's sales dropped in the final quarter of 2010 due to tough competition in the smartphone segment and a lack of new products.
 
A new security report from Cisco Systems estimates that the amount of stolen online bank account data far exceeds the number of people fraudsters can get to transfer stolen funds, who are known as "money mules."
 
Just as nuclear energy can be a tremendous source of empowerment for good while having a "dark side," the Internet has empowered people, but there's also a potential for harm.
 
Adobe Systems, Google, Microsoft and others are deploying applications that use sandboxing technology to defend against potential attacks, but savvy hackers know how to bypass it.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
IBM AIX 'FC SCSI' Protocol Driver Denial of Service Vulnerability
 

Hacker Halted USA Returns to Miami - October 21-27, 2011
openPR (press release)
The conference will again be held at the Intercontinental Miami and will include advanced infosec training and presentations from some of the world's most ...

 
Tech workers pulled in an average of $79,384 last year, in the “second straight year of nearly flat salaries,” online job site Dice says.
 
Microsoft has found the cause of random, high data usage spikes reported by some Windows Phone 7 users.
 
One of Japan's largest glass manufacturers debuted a new glass designed for smartphones and tablet PCs that is considerably tougher than conventional glass.
 
The arrival in March of Playboy on the iPad -- in a browser window -- could present a problem for IT managers who don't want objectionable material on personal hardware used in the workplace.
 
Nervous about FireSheep and other public Wi-Fi safety issues? A personal VPN can make it safe to surf.
 
Hewlett-Packard plans to commission an external probe into the resignation of former CEO Mark Hurd, including his controversial multi-million dollar severance package.
 
President Barack Obama and Microsoft CEO Steve Ballmer pressed Chinese President Hu Jintao to step up enforcement of intellectual property rights in his country.
 

Posted by InfoSec News on Jan 20

http://www.darkreading.com/insider-threat/167801100/security/vulnerabilities/229000934/smartphone-hack-highlights-more-gsm-woes.html

By Kelly Jackson Higgins
Darkreading
Jan 19, 2011

ARLINGTON, VA -- Black Hat DC -- A European researcher today showed how
bugs he has discovered in the baseband chipset firmware of iPhone and
Android smartphones could be exploited to ultimately take control of
these devices.

Ralf-Philipp Weinmann, a...
 

Posted by InfoSec News on Jan 20

http://www.terra.net.lb/wp/Articles/DesktopArticle.aspx?ArticleID=556440&ChannelId=16

TerraNet
January 19, 2011

Suspected North Korean hackers have launched a cyber attack on the
website of a radio station that has aired harsh criticism of the
country's communist regime, defectors said Tuesday.

Free North Korea Radio said in an online report that a massive DDOS
(distributed denial of service) attack had paralysed its website for
four...
 

Posted by InfoSec News on Jan 20

http://www.theregister.co.uk/2011/01/19/stuxnet_male_decry_security_researchers/

By John Leyden
The Register
19th January 2011

Far from being cyber-spy geniuses with ninja-like black-hat coding
skills, the developers of Stuxnet made a number of mistakes that exposed
their malware to earlier detection and meant the worm spread more widely
than intended.

Stuxnet, the infamous worm that infected SCADA-based computer control
systems, is...
 

Posted by InfoSec News on Jan 20

http://www.bloomberg.com/news/2011-01-20/carbon-trading-declines-as-eu-regulator-halts-spot-market-on-hacking-probe.html

By Ewa Krukowska and Mathew Carr
Bloomberg
Jan 20, 2011

Futures trading in European Union carbon allowances fell and an
investors group said it was “very concerned” after regulators disabled
spot transactions in the world’s biggest emissions program because of
alleged hacking.

Volumes shrank to about 305,000 metric...
 

Posted by InfoSec News on Jan 20

http://www.casinogamblingweb.com/gambling-news/casino-gambling/casino_gambler_databases_becoming_a_key_tool_for_hackers_56344.html

By Tom Jones
Staff Editor
CasinoGamblingWeb.com
January 19, 2011

Players club points can be a valuable commodity when it comes to
casinos, and hackers are now taking aim at player accounts. Several
cases have been reported in Las Vegas of hackers getting into players
club accounts and stealing the accumulated...
 

Posted by InfoSec News on Jan 20

http://www.computerworld.com/s/article/9205560/Oracle_patching_fewer_database_flaws_as_it_adds_more_products

By Jaikumar Vijayan
Computerworld
January 19, 2011

Oracle Corp.'s ability to address vulnerabilities in its core database
technologies may be hampered by the vast number of products the company
now must manage, security experts say.

For example, the list of Oracle's quarterly security updates released
Tuesday includes only six...
 

Posted by InfoSec News on Jan 20

http://www.informationweek.com/news/storage/security/showArticle.jhtml?articleID=229000863

By Thomas Claburn
InformationWeek
January 19, 2011

United States Attorney Paul J. Fishman on Tuesday announced the arrest
of "two self-described Internet 'trolls'" for their alleged involvement
in the harvesting of e-mail addresses from some 120,000 Apple iPad users
in June, 2010.

Andrew Auernheimer, 25, of Fayetteville, Ark., and Daniel...
 


Internet Storm Center Infocon Status