Share |

InfoSec News



Krebs's 3 Basic Rules for online safety: Brian Krebs over at krebsonsecurity.com manages to boil years of security awareness training for home users down into three simple rules that pretty much everyone can understand and follow. Kudos, Brian!
If reading the three Basic Rules is too basic for you (even though you haven't updated your Java yet - you know who you are :), here's a very decent 16-pagewrite-up by Symantec on Qakbot, a keystroke logging online banking trojan that contains its own SOCKS proxy, so that the bad guys can plunder your bank account via your own PC, to defeat any IP filtering your bank might have in place.
Have a safe weekend.
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The following tools have been updated: VMMap v3.1, RAMMap v1.11, Handle v3.46, Process Explorer v14.12. Additional information is available here.
Of equal interest, Marks Blog: Analyzing a Stuxnet Infection with the Sysinternals Tools, Part 3 available here.
[1] http://blogs.technet.com/b/sysinternals/archive/2011/05/18/updates-vmmap-v3-1-rammap-v1-11-handle-v3-46-process-explorer-v14-12-and-mark-s-blog-analyzing-a-stuxnet-infection-with-the-sysinternals-tools-part-3.aspx

[2] http://blogs.technet.com/b/markrussinovich/archive/2011/05/10/3422212.aspx


-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
For the past couple weeks I've been stuck using my Web browser to access my Gmail accounts, rather than my preferred method: Outlook. (It's all because of the computer meltdown I mentioned in a few earlier posts.) It gets the job done, but there's one thing about it that drives me nuts: no preview pane.
 
The Seagate GoFlex Satellite hard drive takes the shackles off your tablet, freeing it to connect to a greater amount of storage capacity--without having to go through any pesky wires. But although the hardware implementation is adequate, the software app struggles. A lot. At launch, Seagate is offering a messy, limited app for iPad and iPhone; an Android app equivalent is still in the works, so for now Android users must access the hard drive's contents using a comparatively crude Web-browser interface (admittedly, one not unlike the browser interface for standard network-attached drives).
 
Session hacking via authentication cookie on Oracle CRM on Demand
 
The HTC Flyer 7-inch Android tablet is already available overseas, but U.S. shoppers will be able to find it at Best Buy and Best Buy Mobile starting May 22. I just received a shipping unit, so here are some first impressions.
 
A software bug caused e-mail queues of some Exchange Online customers in the Americas to clog up on Thursday, leading to delivery delays that lasted in some cases almost seven hours.
 
SAP has done its best to keep HANA in the news, bringing products and partnerships to market quickly and announcing many future plans.
 
Verizon Wireless has warned for months that it will stop offering unlimited data plans sometime this summer. Now the carrier is considering shared data plans for families with more than one smartphone or tablet.
 
Microsoft's claims that Internet Explorer 9 (IE9) blocks attacks just don't add up, a security researcher charged Friday.
 
Hackers have apparently hit Sony again, adding to the embarrassment caused by earlier massive attacks on its PlayStation Network.
 
Apple has reportedly signed licensing deals with three of the four major music labels, which could indicate that the rollout of a music subscription service is imminent.
 
GeoIP 'GeoIPUpdate.c' Directory Traversal Vulnerability
 
Researchers at Virginia Tech have created a tool called Moving Target IPv6 Defense in order to address looming IPv6 security issues.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Google has upgraded the mobile site for Maps, which is one of the company's most popular online services, adding features found on the version for desktop browsers.
 
Facebook will use PhotoDNA, an image analysis technology co-invented by Microsoft, to find child pornography on its site, the company said.
 
AT&T recently demonstrated a fast 28.87Mbps download speed during an LTE test at a Plano, Texas, lab, but an AT&T spokesman warned not to extrapolate that real-world speeds will reach that level when AT&T launches its LTE wireless network this summer.
 
Excitement over LinkedIn's stunning market debut appears to have outweighed concerns this week about Hewlett-Packard and Dell earnings reports, which highlighted a desultory PC market.
 
Facebook will use PhotoDNA, an image analysis technology co-invented by Microsoft, to find child pornography on its site, the company said a YouTube video.
 
Microsoft has announced a back-to-school deal that offers a free Xbox 360 console with the purchase of a Windows PC, beating Apple to the promotional punch.
 
Sony is once again dealing with an apparent security breach -- this time a phishing attack on its Thai website. Security company F-Secure today posted a screen shot of a phishing site targeting an Italian bank that appeared to be housed under the hdworld.sony.co.th domain.
 
Today's growing challenge: Data. There is suddenly too much of it, and while firms rush to mine it, they do so without adequate regard for the risks in keeping and using it.
 
Linux Kernel SCTP INIT/INIT-ACK Chunk Length Remote Denial of Service Vulnerability
 
How did Microsoft win over the City of Winston-Salem, North Carolina for an Office 365 migration? Better license packaging on a bigger ecosystem of apps at an affordable price - an advantage Microsoft can often wield over cloud rival Google.
 
Without doubt, there is a core set of applications and tools you need on all PCs, whether it's your own machine or those of users.
 
Apache APR 'apr_fnmatch.c' Denial of Service Vulnerability
 
[ MDVSA-2011:095 ] apr
 
PHPCaptcha / Securimage 2.0.2 - Authentication Bypass - SOS-11-007
 
Google is undoubtedly the Web's best resource for getting stuff done, but let's face it, it's not perfect.
 

Scammers are spreading phishing attacks and other scams on Facebook and other social networks.

By Ryan Cloutier, Contributor

Facebook scammers began spreading a cross-site scripting attack last weekend, luring victims with a link leading to a phony Facebook “dislike” button. But experts are warning users of the social network not to click the link if they value their privacy and security no matter how many things they dislike.

The link is fraudulent, there is no official “dislike” button, and despite outcries and support from Facebook users the world over “there likely never will be,” writes Graham Cluley on Sophos Security’s Naked Security blog. Clicking the “enable dislike button” link that accompanies the scam message will not have the desired result. Instead, it will spread the link to other users in the victim’s friend list and run hidden JavaScript.

“The thing is, because it can download further code from the Web and run it, the nature of the threat can change at any time,” said Cluely in an interview with SearchSecurity.com. “Normally it would point people to a survey scam, ultimately.”

Attacks focusing on social networks have grown in frequency over the years as the networks grow larger. Microsoft’s Security Intelligence Report found that phishing impression on social networking sites increased from 8.3% in January 2010, to 84.5% of impressions by December.

“We get more reports from people concerned about scams on Facebook than any other kind of internet threat,” Cluely said.

Cluely suggested the reason for the increase in attacks is due to the immaturity of the Facebook platform and thus, Facebook is not doing enough to stamp out these spam campaigns. While financial institutions have sophisticated security teams and their online banking users are more protective of their accounts, Facebook is an easier mark for attackers because it has “600 million users, many of whom are fairly naïve regarding security matters and are only too keen to click on a link offering them a sexy video or a dislike button and deal with the consequences later,” Cluely said

Cluely puts the onus of preventing these kinds of attacks largely on Facebook, saying they should be scanning inks similar to the ways hotmail and Gmail do and taking action against survey companies who exploit their systems. He also thinks they should be educating users as to the dangers of what they are clicking.

“I think Facebook has grown so huge and been such a phenomenal success that it’s going to be around to stay, but I do think they would serve their community better if they took security more seriously and made it more of a priority,” Cluley said. “I’m not predicting the end of Facebook by any means … we’d like Facebook to look after users better.”

For its part, Facebook says it began rolling out new security features. The social network said it would warn users about suspicious links before they are  duped by clickjacking and cross-site scripting attacks. Facebook will ask users for a confirmation before they “like” a news item, posting it to their friends’ News Feeds and request confirmation prior to clicking a suspicious link. The social network also has a Facebook security page in which it is attempting to educate users about various social networking threats. 



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Securimage PHP CAPTCHA Security Bypass Vulnerability
 
Ultimate PHP Board Security Bypass Vulnerability
 
Sharp is preparing to launch a new Aquos smartphone in markets around the world.
 
Maingear this week announced a 3D gaming laptop with an overclocked 4.8GHz processor, in a bid to gain the extreme laptop performance crown from rivals.
 
Bookseller Barnes & Noble might have found a buyer. On Thursday the maker of the Nook e-reader said it has received an acquisition proposal from media conglomerate Liberty Media.
 
The founders of Microsoft’s Pioneer Studios, which created the concept behind the double-sided Courier tablet, have scattered and the group’s office, located in a Seattle neighborhood full of startups, has closed.
 
Exchange Online, the hosted version of Microsoft's e-mail system, ran into technical problems again Thursday, the latest in a series of downtime and performance hiccups.
 
With ET, technology has leapt off the desktop and joined the real world. Users and inanimate objects (like cameras, signs, monitors and sensors) are now mobile-enabled and compute-powered. That's paving the way for a host of new applications.
 
Intel made a big splash saying it's going to focus on the mobile market, but its rival in the space says the chip maker has an uphill climb ahead.
 
Lenovo's ThinkPad X1offers business-class performance and a durable display in a stylish ultrathin case.
 
InfoSec News: Secunia Weekly Summary - Issue: 2011-20: ========================================================================
The Secunia Weekly Advisory Summary 2011-05-12 - 2011-05-19
This week: 45 advisories [...]
 
InfoSec News: NK has 30,000 electronic warfare specialists: Fox News: http://english.donga.com/srv/service.php3?bicode=060000&biid=2011051977548
donga.com May 19, 2011
North Korea has as many as 30,000 electronic warfare specialists as part of the elite core of the North`s military, Fox News said Tuesday.
Quoting U.S. and South Korean intelligence, the U.S. [...]
 
InfoSec News: Military fends off major cyber attack: http://www.newsinenglish.no/2011/05/19/military-fends-off-major-cyber-attack/
Views and News from Norway May 19, 2011
Norwegian military personnel were the targets of what’s being described as a "massive" cyber attack this spring, one day after Norway started [...]
 
InfoSec News: [SecArt-11] IJCAI Workshop on Intelligent Security: Call For Participation: Forwarded from: Yacine Zemali <yacine.zemali (at) ensi-bourges.fr>
CALL FOR PARTICIPATION: SECART 2011 The Third International Intelligent Security Workshop
Barcelona, Spain, July 18, 2011
An IJCAI-11 Workshop [...]
 
InfoSec News: Data breach affects about 4,000 SEC workers: http://www.latimes.com/business/la-fi-sec-security-20110519,0,5665948.story
By Shan Li Los Angeles Times May 19, 2011
The Securities and Exchange Commission is having some security problems of its own.
About 4,000 agency employees, including several in Los Angeles, have [...]
 
InfoSec News: Google Silently Patches Android Authentication Flaw: http://www.eweek.com/c/a/Security/Google-Silently-Patches-Android-Authentication-Flaw-837349/
By Fahmida Y. Rashid eWEEK.com 2011-05-19
Google is implementing a server-side fix to address the authentication flaw that allows third-parties to access Android user data on Google [...]
 
InfoSec News: City tightens computer security: http://www.dispatch.com/live/content/local_news/stories/2011/05/19/city-tightens-computer-security.html?sid=101
By Doug Caruso THE COLUMBUS DISPATCH May 19, 2011
Columbus is taking steps to plug a gap in its computer security, the city's technology director said yesterday. [...]
 
InfoSec News: Russia expels Israeli military attache for 'industrial espionage': http://www.telegraph.co.uk/news/worldnews/europe/russia/8524198/Russia-expels-Israeli-military-attache-for-industrial-espionage.html
By Andrew Osborn, Moscow Adrian Blomfield in Jerusalem Telegraph.co.uk May 19, 2011
In a scandal that risks souring traditionally good relations between the [...]
 

Posted by InfoSec News on May 20

========================================================================

The Secunia Weekly Advisory Summary
2011-05-12 - 2011-05-19

This week: 45 advisories

========================================================================
Table of Contents:

1.....................................................Word From...
 

Posted by InfoSec News on May 20

http://english.donga.com/srv/service.php3?bicode=060000&biid=2011051977548

donga.com
May 19, 2011

North Korea has as many as 30,000 electronic warfare specialists as part
of the elite core of the North`s military, Fox News said Tuesday.

Quoting U.S. and South Korean intelligence, the U.S. network said
Washington and Seoul believe that the U.S. CIA can match Pyongyang`s
capability in cyber warfare.

Fox quoted North Korean leader Kim...
 

Posted by InfoSec News on May 20

http://www.newsinenglish.no/2011/05/19/military-fends-off-major-cyber-attack/

Views and News from Norway
May 19, 2011

Norwegian military personnel were the targets of what’s being described
as a "massive" cyber attack this spring, one day after Norway started
bombing Libya with other UN- and NATO-backed forces. Newspaper VG
reported Thursday that they fended off the attack, which was considered
the most serious ever...
 

Posted by InfoSec News on May 20

Forwarded from: Yacine Zemali <yacine.zemali (at) ensi-bourges.fr>

CALL FOR PARTICIPATION: SECART 2011
The Third International Intelligent Security Workshop

Barcelona, Spain, July 18, 2011

An IJCAI-11 Workshop

http://www.tzi.de/~edelkamp/intelligentsecurity/

Note that workshop participants do not have to register for the main
conference and can...
 

Posted by InfoSec News on May 20

http://www.latimes.com/business/la-fi-sec-security-20110519,0,5665948.story

By Shan Li
Los Angeles Times
May 19, 2011

The Securities and Exchange Commission is having some security problems
of its own.

About 4,000 agency employees, including several in Los Angeles, have
been notified that their Social Security numbers and other payroll
information were included in an unencrypted email, according to Drew
Malcomb, a Department of Interior...
 

Posted by InfoSec News on May 20

http://www.eweek.com/c/a/Security/Google-Silently-Patches-Android-Authentication-Flaw-837349/

By Fahmida Y. Rashid
eWEEK.com
2011-05-19

Google is implementing a server-side fix to address the authentication
flaw that allows third-parties to access Android user data on Google
Calendar, Contacts and Picasa.

Google is planning to fix a security issue that could potentially allow
hackers and cyber-crooks to access the personal information of...
 

Posted by InfoSec News on May 20

http://www.dispatch.com/live/content/local_news/stories/2011/05/19/city-tightens-computer-security.html?sid=101

By Doug Caruso
THE COLUMBUS DISPATCH
May 19, 2011

Columbus is taking steps to plug a gap in its computer security, the
city's technology director said yesterday.

On May 2, The Dispatch reported that Columbus does not track computer
parts that could hold sensitive data after they are taken out of
service. An expert said that...
 

Posted by InfoSec News on May 20

http://www.telegraph.co.uk/news/worldnews/europe/russia/8524198/Russia-expels-Israeli-military-attache-for-industrial-espionage.html

By Andrew Osborn, Moscow
Adrian Blomfield in Jerusalem
Telegraph.co.uk
May 19, 2011

In a scandal that risks souring traditionally good relations between the
two countries, Russian security sources claimed that Air Force Colonel
Vadim Leiderman, Israel's military attaché in Russia, had been caught...
 


Internet Storm Center Infocon Status