Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
EMC has acquired Syncplicity, an enterprise file-management service provider, for an undisclosed sum.
 
nmap 6 was released earlier today, which is a major upgrade to the old version of nmap. One feature that excites me in particular is full IPv6 support, including OS fingerprinting.
In order to efficiently scan IPv6 networks, nmap added multicast requests to enumerate live hosts on a network.
For more details, seehttp://nmap.org/6
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
As Avaya continues its transition from a hardware company into a communications and collaboration software provider, it is going through some growing pains, including a shakeup of executives and uncertainty around a potential initial public offering that's been rumored for months.
 
Google Chrome Prior to 19 Multiple Security Vulnerabilities
 
PHP Address Book Multiple SQL Injection and Multiple Cross Site Scripting Vulnerabilities
 
Application security expert Chris Wysopal of Veracode explains why some software security programs are lacking and how simple steps can produce big gains.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
 
Traditional mobile phone plans are now on the wane in the U.S., but the country's biggest carriers are still bringing in more money and leading the world in revenue, according to a report based on first-quarter results.
 
The Supreme Court on Monday declined to consider the petition of Joel Tenenbaum, a former doctoral student at Boston University who faces a fine of US$675,000 for illegally downloading 30 songs.
 
Microsoft is abandoning the 'Aero' user interface with Windows 8, calling the UI that debuted in Vista and continued in Windows 7, 'cheesy' and 'dated' -- but is that the only reason? Why do you think Microsoft is ditching its "Aero" UI in Windows 8?
 
The U.S. Federal Trade Commission has hired Paul Ohm, a privacy advocate and critic of current online privacy practices, as a senior privacy adviser for consumer protection and competition issues affecting the Internet and mobile services.
 
RubyGems mail Directory Traversal and Command Injection Vulnerabilities
 
WordPress Login With Ajax Plugin Cross Site Scripting Vulnerability
 
KVM CVE-2012-2121 Local Denial of Service Vulnerability
 
Apache POI CVE-2012-0213 Denial Of Service Vulnerability
 
Todd Miller Sudo Host_List Local Privilege Escalation Vulnerability
 
The number of options available for Mac users to buy Thunderbolt cables from outside Apple is growing, with companies announcing longer and competitively priced cables that will also work with upcoming Windows PCs with Thunderbolt ports.
 
It's time to flush out the latest collection of too-short-for-a-full-entry Mac 911 questions and answers. We start with reader SuSu:
 
Salesforce.com, which has placed ample emphasis on its Chatter social networking application, will actually begin providing real-time chat functionality as part of an imminent upgrade to its family of cloud-based software, according to a company document.
 
The Nasdaq computer system that delayed trade notices of the Facebook IPO on Friday was plagued by race conditions, the stock exchange announced Monday. As a result of this technical glitch in its Nasdaq OMX system, the market expects to pay out US$13 million or even more to traders.
 
Joomla JCE Component Security Bypass and Cross-Site Scripting Vulnerabilities
 
Advanced Micro Devices aims to improve the quality of high-definition video and 3D graphics on equipment in casinos and hospitals with its new R-series processors, which the company announced on Monday.
 
Mobile operators that want help keeping their subscribers happy can get it through a new managed service from Alcatel-Lucent, the company said on Monday.
 
Google's Chrome edged past Microsoft's Internet Explorer (IE) last week to become the world's most widely-used browser, according to data from an Irish metric firm.
 
Moodle SQL Injection and Cross Site Scripting Vulnerabilities
 
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Just over two months after its last major release, Linus Torvalds has posted the newest version of the open source Linux kernel, which supports new graphics processors from Nvidia and Intel, improves file system functionality and comes with a new security module.
 
Name: James Tholen
 
Microsoft will not reduce the price of Windows 8 upgrades, as it did three years ago before the roll-out of Windows 7, a retail sales analyst said today.
 
Even if your cloud provider is at fault should your company fall out of compliance, the law will come after you.
 
Amazon Web Services (AWS) has upgraded its management console, allowing IT staff to use it to administer security protocols on the Elastic Load Balancing service, the company said in a blog post.
 
We have a report from our reader Tuukka, who observed a flood of DNS ANY requests from likely spoofed IP addresses. What we know so far is that it seems to be a DNS Reflective Amplification Attack. These usually use generic recursive DNS queries trolling for poorly configured DNS services. This event is different in that the reflection is more targeted. DNS 'ANY' record queries are only sent for domains for which the server is authoritative for, which the server will of course reply to regardless of available recursion. These events have been validated by a real time observation by one of our handlers. Here is what we know so far.

Hit List:

Source IP is spoofed
Flood lasts up to 60 seconds with 500 queries (as witnessed, but likely could be more)
Flood comes from a designated IP and seem to target multiple domains on authoritative server
All observed requests are similar thus far
This appears to be similar to what others have seen [1]



Example DNS Log Entry:

x.x.x.x is the spoofed/target server
example.com/10.1.1.1 is the reflecting DNS server

21-May-2012 13:21:41.757 queries: info: client x.x.x.x#20475: view external: query: example.com IN ANY + (10.1.1.1)
21-May-2012 13:21:41.897 queries: info: client x.x.x.x#59247: view external: query: example.com IN ANY + (10.1.1.1)
21-May-2012 13:21:42.054 queries: info: client x.x.x.x#18676: view external: query: example.com IN ANY + (10.1.1.1)
21-May-2012 13:21:42.059 queries: info: client x.x.x.x#28530: view external: query: example.com IN ANY + (10.1.1.1)
21-May-2012 13:21:42.193 queries: info: client x.x.x.x#6489: view external: query: example.com IN ANY + (10.1.1.1)


We are interested in knowing if you have seen this and what you have done to mitigate any ill effects of such events. Please post a comment to let us know.

We also want your DNS logs and packet capture logs of the events described in this diary. There is still plenty to learn about this behavior.

If you see outbound ANY query floods from your own network: Try to identify the source machine. It would be interesting to see what tool causes these queries.



[1]http://dyn.com/active-incident-notification-recent-chinanetany-query-floods/




-Kevin
--
ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Mozilla is scrambling to craft a code-signed version of Firefox for the Mac in case Apple launches OS X 10.8, or Mountain Lion, early.
 
Europe's top court has ruled that the functionality of a computer program and the programming language it is written in cannot be protected by copyright.
 
IBM is offering employees who are nearing retirement a one-time opportunity to take advantage of a program that would guarantee their employment through Dec. 31, 2013.
 
Google has "a matter of weeks" to address four antitrust issues identified by European Union antitrust regulators. If Google addresses these issues the case can be solved by a so-called "commitment decision" instead of formal antitrust proceedings resulting in a fine, said JoaquAn Almunia, Vice President of the European Commission responsible for Competition Policy.
 
There are times when accessing another computer remotely can be convenient -- to check on the status of a download or code that is being compiled, to start or stop an application, or to load a document to view it. It can be really helpful to be able to do this from a smartphone or tablet. We tested three services that let you use your Android device to connect to your computer remotely.
 
As baby boomers retire, the business processes they used to create their Cobol programs may walk out the door with them. Here's what IT organizations are doing about it.
 
EMC today announced upgrades across all of its product lines, including a doubling of capacity and performance in both its high-end VMAX array and a 50% performance boost to its midrange VNXe line.
 
Microsoft is abandoning the 'Aero' user interface with Windows 8, calling the UI that debuted in Vista and continued in Windows 7, 'cheesy' and 'dated.'
 
Taiwanese smartphone vendor High Tech Computer said on Sunday certain models of its newest smartphones have passed U.S. Customs and are being released to its carrier customers, after the company previously warned of a delay in product shipments because of an International Trade Commission (ITC) order.
 
So.cl, an experimental research project from Microsoft, that combines social networking and search to promote learning, is now accepting all users interested in joining the site.
 
CIO Barbie Bigelow led the effort to build an IT organization and infrastructure from scratch when the TASC systems engineering operation was spun off from Northrop Grumman. Her team completed the cutover in just under 12 months.
 
In a recent ranking of the best jobs, several IT positions ended up in the top 10.
 
Yahoo joined a growing list of companies offering big data analytics as a service with its Genome offering this week.
 
Are we ready for robots that share our highways and homes? We'd better be, because they're coming.
 
Investors have taken note of the surge in enterprise demand for tools that can manipulate and analyze massive volumes of structured and unstructured data.
 
The NFL has big stadiums, big players and big games, but when it comes to computer systems, the league's vice president of IT doesn't use the word big.
 
Scalable Vector Graphics (SVG) Arbitrary Code Execution Vulnerability
 
Internet Storm Center Infocon Status