InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
While I started working on comparing various OS X hardening guides (see the prior diary from a couple of days ago), Apple announced one important new security feature in OS X 10.8 (Mountain Lion). The new operating system to be released this summer will include a white listing system based on iOS. iOS has received a lot of criticism for its closed nature, but so far, I have to admit it has worked pretty well. We have heard very little about iOS malware while Android malware appears to start steal the show from Windows malware (it got a while to go, but all the news lately appears to be about Android malware).
iOS uses a pretty simple and effective security model to fight malware: Whitelisting. All software installed on an iOS device has to be digitally signed. In order to be digitally signed, the software has to be reviewed by Apple. Only software that uses standard Apple vetted APIs is considered trustworthy to be signed, making it difficult to sneak in malicious code. If malicious software slips through, it can be recalled later.
Over the last few years, the opposite model, blacklisting (Anti Malware) has failed spectacularly. Even many desktop users now use third party whitelisting software which is usually more granular then what Apple proposes.
Apple's approach allows for essentially three different settings:
- Only allow Apple approved software (pretty much what iOS does)

- allow Apple approved software, but also allow software signed with specific additional certificates (you could use this to sign your own software. Kind of like accepting the certificate from an iOS developer for testing)

- allow all software (pretty much unlocked in iOS terms)
There are some specific limitations to Apple's approach:
- the signatures are only tested during install. If malicious software passes the install, it will not be inspected further.

- only executables are checked. A malicious PDF may still cause havoc, even if it may no longer be able to then download and install additional malware

The best part in my opinion is that the functionality was already pushed out to systems as part of the last OS X update (10.7.3). So you can already experiment with the feature and see how well it works (or doesn't work). I am running it now for a while off and on and so far, haven't experienced any ill effects, aside from it blocking me once or twice from installing software. Each time, I just disabled it temporarily (which could be considered a weakness).
The command line utility spctl can be used to enable or disable the feature. spctl --enable will enable it, spctl --disable disable it. You need to be root to run the utility.


Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The Wi-Fi Alliance will launch a program to simplify the use of Wi-Fi hotspots in July, making it easier for both users and mobile operators to get off strained cellular networks.
Got problems with insider threats? Need help securing your wireless LAN because of employees bringing their own devices on to your network? Know how to protect your Android device?
Dell's fourth-quarter earnings were weighed down by weak consumer PC sales and by pricing and supply issues caused by the floods in Thailand, Dell said on Tuesday.
Growing enterprise interest in Big Data analytics is beginning to drive partnerships between vendors of traditional relational database management technologies and purveyors of Apache Hadoop.
Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
BYOD policy issues are a big concern for enterprises grappling to secure employee smartphones and tablets, say analysts previewing RSA 2012.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Symantec's PCAnywhere Vulnerable to Source Code Attack
A researcher found that pcAnywhere's source code was relatively unchanged from 10 years ago, according to an anonymous submission to the InfoSec Institute Feb. 17. Most changes to the code over the past few years were made to ensure the software keeps ...

and more »
RETIRED: LightDM '.Xauthority' Arbitrary File Access Vulnerability
LightDM 'xsession_setup()' Symlink Attack Local Privilege Escalation Vulnerability
After watching customers continually download and install one of the vendor's free, limited products from the company website, Silver Peak CEO Rick Tinsley was interested to see how they would respond to the same access to its more advanced products.
Canonical has unveiled software that will give Android smartphones the ability to run full desktop computer sessions on computer monitors and television sets.
Just months after Twitter and Google failed to reach an agreement for Realtime Search, the microblogging site has inked a deal with Russian search engine firm Yandex.
Renewed rumors that Microsoft will publish iPad editions of some of its Office applications surfaced today, with one analyst calling the move a tough decision.
Oracle has given customers running version 12.0 of its E-Business Suite software a reprieve from extended support fees, which would have kicked in this month, increasing the maintenance payments they were already making.
Intel is exploring whether it can branch out as a foundry by opening its chip manufacturing facilities to more third-party customers, the company said on Tuesday.
Nova CMS Multiple Remote File Include Vulnerabilities
TYPO3 'BACK_PATH' Parameter Local File Include Vulnerability
BackupPC 'index.cgi' Cross Site Scripting Vulnerability
The National Institute of Standards and Technology (NIST) has published for public comment a draft update to a guide for organizations managing their responses to computer security incidents such as hacking attacks. The authors cast a ...
ACDSee BMP Image File Handling Remote Heap Buffer Overflow Vulnerability
Mercurycom MR804 Router - Multiple HTTP Header Fields Denial Of Service Vulnerability
IPv6 NIDS evasion and IPv6 fragmentation/reassembly improvements
Re: [oss-security] Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities
Re: [oss-security] OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities
Just as all politics is local, so are supply chains local. If one of your key manufacturers in Asia or a big IT service provider in South America goes down after a disaster, you might, too.
The customer is always right, but how would you know? Few CIOs truly understand what external customers want and why they act the way they do. Running IT can all too easily keep CIOs internally focused, making sure fellow employees have the technology they need to do their jobs. That's important work, but it's not strategic.
Google has countered Microsoft's contention that it's skirting Internet Explorer's privacy protection, saying it's 'impractical' to comply with IE's rules.
IaaS, SaaS and PaaS are the obvious as-a-service offerings, but there are plenty of others. In fact, just about every letter of the alphabet has an "as a service."
There's nothing coincidental about the way grocery stores display and price their merchandise. Focus groups used to be the go-to resource for such market research, but today manufacturers like beverage behemoth PepsiCo find virtual simulation technology to be the cheaper, faster option.
7T TERMIS DLL Loading Arbitrary Code Execution Vulnerability
Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.
F*EX 20111129-2 Cross Site Scripting Vulnerability
F*EX <= 20100208 Cross Site Scripting Vulnerabilities
Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.
Mauritania Hacker Team have released a video of a claimed attack on Israeli's in an attempt to contuine the fire going on in the middle east cyber war that we have watch grow over the past few months with a very fast pace, lots of attacks and leaks of data.

We have come across a dump of accounts claimed to be from the well known free adult video site youporn.com . The leak comes from an unknown hacker and contains over 6000 emails and passwords which are all in clear text.

Rocks'n'Diamonds Insecure Permissions Unauthorized Access Vulnerability
State of Maryland and Montgomery County Join PartnershipThe State of Maryland and Montgomery County, Md., partner with NIST in the New National Cybersecurity Center of Excellence. At the Memorandum of Understanding Signing Feb. 21, from ...
ForeScout Technologies has launched ForeScout Mobile, which comes in the shape of plug-in modules for Android and iOS and allows enterprises to keep control as a plethora of devices access corporate resources, the company said on Tuesday.
Microsoft will extend SkyDrive from being an online file storage service into what the company calls "a device cloud" that is closely integrated with Windows 8, the next version of the company's OS.
The Apache Software Foundation (ASF) has celebrated the 17th anniversary of the release of the Apache HTTP Server by launching a new version of the popular open source Web server software.
Agile development and the cloud are like hand in glove. But Agile can be dangerous if your organization isn't ready for it. Here are some questions you need to consider to determine if your IT organization is seriously ready to implement Agile.
Out of the blue, Apple just announced Mountain Lion, the next generation of its OS X operating system. By the time Mountain Lion ships sometime next summer, Apple says it will have lots of new features, some transported from its iOS environment of the iPhone, iPad and iPod Touch world. This column will examine just one of the new features, one that, while good, has not yet included all the functions of its iOS prototype.
It would seem that @CabinCr3w hackers have been busy for the past couple of weeks hacking away at the servers of the Los Angeles Police canine Association http://www.lacpca.com.

[SECURITY] [DSA 2413-1] libarchive security update

SANS Institute Makes its Largest Training Event of the Year, SANS 2012 ...
Sacramento Bee
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...

and more »
A team of researchers has devised a method to defeat NuCaptcha, one of the most popular video-based antispam tests on the Internet, and have proposed a solution to increase its resilience to attacks.
Chinese e-commerce giant Alibaba Group has proposed privatizing business-to-business platform Alibaba.com as the site faces slower revenue growth brought on by a shift to focus on long-term gains.

SANS Institute Makes its Largest Training Event of the Year, SANS 2012 ...
MarketWatch (press release)
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...

and more »
Samsung Electronics and LG Electronics have announced new mid- and low-end Android-based smartphones. Samsung hopes to attract users with a dual-core processor, while LG is putting Android 4.0 on some of its new phones from day one.
Delta Global Services has successfully deployed 2D barcode scanning wireless handhelds from Intermec to its wheelchair assistance agents at the Memphis International Airport.
Ericsson has entered into an agreement to buy privately held Canadian Wi-Fi company BelAir Networks, as operators get increasingly interested in using Wi-Fi to offload their networks.
The leak was posted on pastebin by Darkw4rrior and contains a dump from a data base table with personal information such as name, phone, address emails and other info with a total of 1534 emails being dumped.


... at Morgan Stanley Tech Conf 27 Feb 22:10 Parametric Tech Corp. at Morgan Stanley Tech Conf 27 Feb 22:10 Scripps Networks Interactive at Morgan Stanley Tech Conf 27 Feb 23:00 Akamai Tech at AGC West Coast Info Sec & Growth Conf 27 Feb 23:40 ANCESTRY ...

and more »
Well CWN has had a chance to one on one interview them about the recent hacks and to help the public get to know them better as well. To our surprise, s3rver is just a young kid raging havoc across the Internet at just the age of 13. Some of the sites they have hacked are usa.gov, 80 Brazilian Government Sites in the name of #OpBrazil and of coarse the well know very public attacks on the UFC websites.

cronie 'crontab' Symbolic Link Local Privilege Escalation Vulnerability
Early insights into Microsoft's upcoming Windows 8 Consumer Preview should give IT a lot to chew on when the bits arrive
If you want to keep your Android smartphone safe, these free security apps from the likes of Symantec, AVG, Avast and more will not only keep malware away but help find your phone when it's missing.
It was clear with the release of Lion in 2011 that Apple's OS X and iOS feature sets were joining forces; that trend will continue this year with the release of OS X Mountain Lion.
The European Commission plans to double its investment in the push for exascale computing, even as European governments impose austerity measures elsewhere.
Samba Symlink Directory Traversal Vulnerability
Blade API Monitor '.txt' File Stack Buffer Overflow Vulnerability
Antenna Software today unveiled cloud-based software called AMPchroma for designing, testing and managing mobile apps and mobile websites.
Internet Storm Center Infocon Status