Share |

InfoSec News



Adobe Flash Player update addresses a critical security issue (CVE-2011-0609):
http://www.adobe.com/support/security/bulletins/apsb11-05.html





RSA have released a further list of recommendations to their customers of security best practices via email. No further information on the actual breach.





And finally, the www.play.com, a large on-line retailer, has had a security breach. Some customer names and email addresses may have been compromised from a 3rd part company that handles part of their marketing. Emails notification have been sent out to existing customers.


Thank you to those readers for writing in with these updates.


Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Apple has released some Security updates and various fixes today.

Here's some handy links with a summarized list of software.




Security Update 2001-001 - (Leopard - Client)

Full Details: http://support.apple.com/kb/HT1222

Download: http://support.apple.com/kb/DL1366


Security Update 2001-001 - (Leopard - Server)

Full Details:http://support.apple.com/kb/HT1222

Download: http://support.apple.com/kb/DL1367


Server Admin Tools 10.6.7

Full Details:http://support.apple.com/kb/HT3931

Download:http://support.apple.com/kb/DL1365


Mac OS X v10.6.7 Update

Full Details:http://support.apple.com/kb/HT4472

Download:http://support.apple.com/kb/DL1363


Mac OS X v10.6.7 Update Combo

Full Details:http://support.apple.com/kb/HT4472

Download: http://support.apple.com/kb/DL1361


Mac OSX v10.6.7 Update for early 2011 MacBookPro

Full Details:http://support.apple.com/kb/HT4472

Download:http://support.apple.com/kb/DL1368


Mac OSX Server v10.6.7 Update

Full Details:http://support.apple.com/kb/HT4473

Download: http://support.apple.com/kb/DL1362


Mac OSX Server v10.6.7 Update Combo

Full Details:http://support.apple.com/kb/HT4473

Download: http://support.apple.com/kb/DL1364
TheMac OS X v10.6.7 and Security Update 2011-001 may also be obtained from the Software Update pane in System Preferences.



Summary of update:



AirPort

CVE-2011-0172
Apache - http://httpd.apache.org/

CVE-2010-1452, CVE-2010-2068


AppleScript

CVE-2011-0173
ATS

CVE-2011-0174,CVE-2011-0175,CVE-2011-0176,CVE-2011-0177
bzip2

CVE-2010-0405
CarbonCore

CVE-2011-0178
ClamAV - http://www.clamav.net/

CVE-2010-0405,CVE-2010-3434,CVE-2010-4260,CVE-2010-4261,CVE-2010-4479
CoreText

CVE-2011-0179
File Quarantine
HFS

CVE-2011-0180
ImageIO

CVE-2011-0170,CVE-2011-0181,CVE-2011-0191,CVE-2011-0192,CVE-2011-0194
Image RAW

CVE-2011-0193
Installer

CVE-2011-0190
Kerberos - http://web.mit.edu/Kerberos/

CVE-2010-1324,CVE-2010-4020,CVE-2010-4021
Kernel

CVE-2011-0182
Libinfo

CVE-2011-0183
libxml

CVE-2010-4008,CVE-2010-4494
Mailman

CVE-2010-3089
PHP - http://www.php.net/

CVE-2006-7243,CVE-2010-2950,CVE-2010-3709,CVE-2010-3710,CVE-2010-3870,

CVE-2010-4150,CVE-2010-4409,CVE-2010-3436
QuickLook

CVE-2011-0184,CVE-2011-1417
QuickTime

CVE-2011-0186,CVE-2010-4009,CVE-2010-3801, CVE-2011-0187,CVE-2010-3802
Ruby

CVE-2011-0188
Samba

CVE-2010-3069
Subversion

CVE-2010-3315
Terminal

CVE-2011-0189
X11 - http://www.freetype.org/

CVE-2010-3814,CVE-2010-3855





--

Kevin Shortt

ISCHandler on Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
As Twitter hits its 5th birthday, industry analysts wonder where the company will go from here.
 

GovInfoSecurity.com

Why DHS, Not White House, Took Lead on RSA Breach Response
GovInfoSecurity.com
A poll released last month by GovInfoSecurity.com shows that two-thirds of federal, state and local government IT security practitioners don't believe the federal government is showing sufficient leadership on cybersecurity matters (see Gov't Infosec ...

and more »
 
Technologies that enable credit card payments via mobile phones have prompted the PCI Council to start a mobile task force.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
A new survey finds that 73% of developers plan to extend enterprise applications to mobile devices in the next year
 
Twitter has wrapped up a major overhaul of its IT infrastructure designed to dramatically enhance the microblogging service's uptime, performance and availability.
 
A former Goldman Sachs computer programmer has received a stiff prison sentence for stealing source code used in the company's high-frequency trading system.
 
The disaster in Japan is putting a pinch on 25% of the worldwide production of silicon wafers used to make computer chips, according to IHS iSuppli.
 
Adobe Monday made good on its promise to patch a zero-day bug in Adobe Reader, and promised to ship a fix for Flash later today.
 
A study involving the treatment of 200 HIV patients via remote control systems over the Internet has showed that over a five-year period the medical results were as satisfactory as those obtained in a visit to the hospital.
 
A Texas man was charged Monday by the U.S. Department of Justice with helping to inflate the prices of penny stock companies by promoting them with a spam-spewing botnet of hacked computers.
 
Microsoft files a patent lawsuit against Barnes & Noble, alleging its Android-based e-reader infringes Microsoft patents.
 
There are clear winners -- and losers -- if AT&T's proposal to but T-Mobile USA goes through, but is the plan good for you or your business?
 
AT&T's proposed acquisition of T-Mobile USA was driven in large part by the quest for radio spectrum, a commodity that rarely crosses the minds of mobile consumers but plays a big role in carriers' decision-making.
 
Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
 
Novell Netware 'NWFTPD.NLM' DELE Command Remote Buffer Overflow Vulnerability
 
Pennyauctionsoft Cross Site Scripting and SQL Injection Vulnerabilities
 
[ MDVSA-2011:050 ] pidgin
 
policycoreutils 'seunshare' Insecure Temporary Directory Creation Vulnerability
 
Microsoft's decision to limit Internet explorer 9 support to Windows Vista and Windows 7 prompted criticism from Mozilla, whose rival Firefox browser continues to support the still widely-used Windows XP.
 
AT&T and its investors would clearly be winners if the $39 billion proposed takeover of T-Mobile USA is approved by federal regulators.
 
AT&T's planned acquisition of T-Mobile USA will advance U.S. leadership in mobile data and improve consumers' wireless experience, executives say.
 
Tape library vendor Spectra Logic announced a new software upgrade that verifies that data has been stored, and more importantly, can be retrieved.
 
Vulnerabilities in some SCADA server softwares
 
Heap overflow in RealPlayer 14.0.1.633
 
[ MDVSA-2011:051 ] kernel
 
Buffer overflow in libtiff in Imagemagick
 
Linux Kernel Netfilter and Econet Local Information Disclosure Vulnerabilities
 
We asked Force10 to supply a top-of-rack data center switch with at least 24 10G Ethernet ports to allow direct comparison of results with Network World's January 2010 test of similarly equipped switches. Force10 understood "at least" to be a minimal starting point, and supplied the S4810 with 48 ports equipped with 10GBase-SR transceivers.
 
High port density, high throughput, and very low latency are bedrock requirements in the data center, and Force10's new S4810 top-of-rack switch delivers on all counts.
 
The day is nearing, many say, when your smartphone will be your wallet, letting you make purchases as stored cash or credit that will be wirelessly accepted by stores or soda machines.
 
Facebook plans to buy Snaptu, a four-year-old startup that develops versions of Web-based applications for cheaper mobile phones.
 
Cisco introduced four devices aimed at improving the performance and security of home offices used by corporate workers.
 

We're interested to know what's happening out there. It has been observed through DShield data that Slammer traffic has had a sudden decline. I played with the data for a while. I could make it look like many things, such as slow and steadydecline over time. However, the most compelling story is the one where the data drops on March 9 and 10.
Below is the DShield data and graph on port 1434 for March 2011. It's speculative at this point as to the cause of the sudden drop. Japan's earthquake or Patch Tuesday have been kicked around. I would be remiss if I did not mention Kevin Liston's series on Slammer Cleanup during October. We are loving the thought his great effort was a catalyst for the eradication of it.
So go back and take a look at your data for us and share what you're seeing. Send us your thoughts on this.










# portascii.html
# Start Date: 2011-03-01
# End Date: 2011-03-21
# Port: 1434
# created: Mon, 21 Mar 2011 10:15:34 +0000
# Date in GMT. YYYY-MM-DD format.

date records targets sources tcpratio
2011-03-01 42862 37215 129 0
2011-03-02 62157 50028 158 0
2011-03-03 46789 37745 140 0
2011-03-04 37634 32068 109 0
2011-03-05 62649 50868 121 0
2011-03-06 62221 49475 149 0
2011-03-07 44110 39895 144 0
2011-03-08 60921 46609 140 0
2011-03-09 38503 32512 151 0
2011-03-10 23459 19438 106 0
2011-03-11 1411 1282 49 1
2011-03-12 1740 1702 30 0
2011-03-13 1414 1384 30 1
2011-03-14 1151 944 33 0
2011-03-15 1256 883 50 2
2011-03-16 1021 667 52 4
2011-03-17 1542 599 48 2
2011-03-18 978 515 37 8
2011-03-19 794 639 33 3
2011-03-20 766 635 34 3
2011-03-21 533 435 16 1
# (c) SANS Inst. / DShield. some rights reserved.
# Creative Commons ShareAlike License 2.5
# http://creativecommons.org/licenses/by-nc-sa/2.5/









--

Kevin Shortt

ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Some 400 of your peers gathered at Network World's IT Roadmap show in Chicago last week to discuss everything from cloud plans to iPad support, flat network options and Windows 7 migration.
 
Quarterly reports to the CIO will keep him aware of risks in the environment, and hopefully will reduce those risks.
 
An executive recruiter sees signs that corporations are becoming more welcoming toward older workers.
 
IT executives expect their support requirements to increase significantly once workers begin using the iPad 2 on the job.
 
Avnet's M&A playbook allows it to bring acquired companies -- and their IT systems -- into the fold with 'deliberate speed' -- usually within 90 days.
 
The rising popularity of tablets and smartphones has boosted sales of Wi-Fi equipment as companies upgrade their wireless networks to accommodate Wi-Fi devices in the workplace.
 
Companies seeking to glean insights from terabytes or even petabytes of data are turning to open-source Hadoop software to do the job.
 
Companies need tech-savvy boards of directors that can oversee IT strategy and risk, says the Deloitte Center for Corporate Governance.
 
Business groups need IT more than ever, but the levels of mutual trust remain low and frustration remains high.
 
Eight ways to help speed progress on critical IT projects and make your department look good
 
Nuclear Regulatory Commission scientists are using state-of-the-art technology to understand what would happen if a major earthquake or other incident damaged a U.S. nuclear power plant.
 
Cisco's AnyConnect Secure Mobility Solution is a two-box enterprise play that poses some problems for small and midsized businesses.
 
Tall tales do the online rounds all the time and the DoE's letter isn't what a lot of people believe.
 
Cisco has been a leader in remote access VPNs since 1999, and its latest release, the AnyConnect Secure Mobility Solution, will make both end users and network managers very happy, despite a few rough parts.
 
As we tested the IronPort S-Series, we quickly ran into an old and unsolved problem with enterprise Web proxies: how to get end user browsers to actually use the proxy.
 
In 1999, Network World tested a dozen VPNs, with a product from Altiga Networks coming in tied for second place. Our main complaint was the lack of split-tunneling capability, a feature that was quickly added.
 


Internet Storm Center Infocon Status