InfoSec News

Insomnia : ISVA-110822.1 - Pidgin IM Insecure URL Handling Remote Code Execution
 
Texas Memory Systems broke out of its uber-high end mold and introduced a flash-based array that it says will compete with Tier 1 hard drive systems on a price-per-gigabyte basis.
 
[SECURITY] [DSA 2297-1] icedove security update
 
ValtNet (photogallery.html?id_categoria) Remote SQL injection Vulnerability
 
In my previous diary, Istarted sharing some of my experiences with trying to update my automated malware analysis and honeynet environments to handle IPv6 (the conversation I started with my talk by the same name at SANSFIRE last month). In this diary, I'd like to wrap that up and provide a couple of updates.
So, here are the rest of the tools/categories that I've been looking at/thinking about in my upgrade process.

Network Management

SNMP - Back when Iwas doing a lot more network troubleshooting, one of the primary tools we used to monitor just about everything was HPOpenView which relied on SNMP. While Iam not using SNMPin my automated malware analysis environment or (currently)my honeynets, I did start thinking about it. It appears that net-snmp has run fine in IPv6 since 2002 or 2003 and OpenView for at least a couple of years (at least 2009, maybe since 2005). WIN
FTP/TFTP/SFTP - Again, not something Iactually use in these environments, but tools that were used in some previous environments for installing or backing up configurations. There are FTP, TFTP, and SFTP clients and servers for all the OSes that I've looked at that can do IPv6. Whether or not your devices have the appropriate versions installed or not though, who knows. WIN?
NTP - For log correlation, you want synchronized clocks. If the system can do NTPand IPv6, it can probably do NTPover IPv6. BTW, ff0x::101 are the multicast addresses set aside for the local NTP servers. I'm going to assume WIN


Logging

syslog (classic) - okay syslog dates to the 1980s, long before IPv6. You wouldn't really expect the stock syslogd on older OSes to handle IPv6. FAIL
rsyslog - The current standard on Ubuntu, handles IPv6 just fine. WIN
syslog-ng - My favorite syslog daemon, also handles IPv6 just fine. WIN
Kiwi/SNARE- I'm not using any tools to send Windows event logs to a syslog server, so Ihaven't checked to see how they do with IPv6, but Iimagine some of our readers have. ????
web server/applications - these are pretty much left as an exercise to the reader. ????


Databases

Postgresql - One of the things Ireally like about postgresql is the built-in cidr and inet datatypes for storing IP addresses in databases. As of, at least, v8.2 either type can handle anIPv6 address as well as IPv4. WIN
MySQL -While it lacks the built-in types that Postgreql has, for IPv4 they provide built-in functions inet_aton() and inet_ntoa() to convert addresses to integers for storage in the database. As of version 5.6.3, MySQL will (does?) have inet6_aton() and inet6_ntoa(). WIN?
Oracle - It has been over a decade since Iwas an Oracle DBA, but from what Ican tell...not so much. FAIL


IDS/IPS

snort/snort-inline - As with the firewalls discussion in the previous diary, Ihaven't looked at the commercial products lately. if any of our readers can fill me in on how they do, it would be greatly appreciated. The previous setup was based on the Honeynet Project's roo honeywall (the issues with updating roo are worthy of a diary all their own) which was running snort 2.8.something. I am using 2.9.0.5 in the updated setup and it seems to work just fine. I've heard reports of some issues with snort and IPv6, but have not encountered any problems myself. WIN


Scanning

nmap - Okay, with the tremendous increase in the size of the target space, linear scanning isn't particularly practical anymore. We will need to figure out more efficient ways to scan.That said, there is still no ability to specify an IPv6 CIDRblock as of 5.52.IPv6.beta (from June 2011). FAIL
fping/fping6 - while fping6 exists and can do many of the things that fping can do on IPv6 addresses. Unfortunately, you cannot specify an IPv6 CIDR block or a range of IPv6 addresses with the -g option. FAIL
nessus - Ihonestly haven't looked at vulnerability scanners lately. Can any of our readers help me out here? ????


Pentest tools

metasploit - I don't do much pen testing these days either, but when I've needed to use metasploit it has mostly worked for me. WIN?


Miscellaneous other tools

netcat - there are a number of netcat versions out there that work with IPv6 just fine. WIN
p0f - this one wasn't on my list for the SANSFIREtalk because, frankly, it just occurred to me about 1.5 weeks ago. Unfortunately, it doesn't support IPv6 now and seems to no longer be supported. Ihaven't sent off a request to the author though. FAIL
prads - As a result of p0f not handling IPv6, Istarted looking around for tools that could do passive (or active)OSfingerprinting of IPv6 traffic and happened across prads. It look promisiing. Is there anything else out there? WIN



There you have the tools that I've looked at and some that I've just thought about. I'm sure I've missed some tools/categories that are important to some of the rest of you. Please feel free to use the comment section or contact form to let me know what Imissed.
Update: Since the previous diary, one of our readers pointed out that a new version of httpry (v0.1.6) has just been released that does handle IPv6. Also, due to some personal issues, Ihaven't been able to get back to any of my scripts until this week. I've updated the tools in http://handlers.sans.edu/jclausing/ipv6/ to handle type 0, 43, and 60 extension headers (hop-by-hop, routing header, and destination options).
---------------

Jim Clausing, GIAC GSE #26

jclausing --at-- isc [dot] sans (dot) edu
SANS FOR558-Network Forensics coming to central OH in Sep, see http://www.sans.org/mentor/details.php?nid=25749 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The lucky people who managed to buy a $99 TouchPad before they sold out just got luckier: A group of developers is working on a way to load Android onto the tablets.
 
When powerful ERP applications are needed by growing businesses today, SaaS ERP is being looked at more and more as a viable option to traditional complex, expensive and labor-intensive packaged ERP suites. And while SaaS ERP is still young, in the right setting and with the right users, it's offering some eye-opening real world gains for a variety of organizations.
 
Apple's next iPad will be faster and more power-efficient thanks to its new, quad-core A6 processor, but the new tablet may not be ready to ship until next June, an industry analyst said Monday.
 
[PRE-SA-2011-06] Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS
 
If you're old enough to remember the Cold War, you know what an arms race is. One side comes up with a new weapon, the other side matches it, and then the first comes back with something even bigger and so on and so on. That also describes the ongoing battle between computer users who value their privacy and the Web sites and their advertisers that don't.
 
Hong Kong police have arrested a local man in connection with an Aug. 10 computer attack on the Hong Kong Stock Exchange.
 
Fruit, nut and vegetable grower Woolf Enterprises is suing Ross Systems over allegedly broken promises and misrepresentations made by the ERP (enterprise resource planning) software vendor, in just the latest instance of such a dispute to hit the courts this year.
 
PHP 5.3.6 multiple null pointer dereference
 
U.S. and Russian antivirus vendors took shots at each other as they quarreled over a recent report of a cyber campaign that allegedly infiltrated scores of Western governments, organizations and corporations.
 
Reader Al wants to know “how to delete several thousand messages in the Gmail inbox, all at the same time.”
 
Verizon Wireless named 25 more cities, mainly in Illinois and other Midwestern states, that will get its 4G LTE service on Sept. 15.
 
Yale University has notified about 43,000 faculty, staff, students and alumni that their names and Social Security numbers were publicly available via Google search for about 10 months.
 
Oracle said that no court has ever found that APIs for software like Java are ineligible for copyright protection, in its objection to Google's request that the court make a summary judgment on Oracle's copyright allegations.
 
Ask five different people a question about, say, cloud security, and you'll likely get five different points of view.
 
PHP 5.3.6 ZipArchive invalid use glob(3)
 
RFID tags attached to residential recycling carts have helped one South Carolina county more than double the pounds of plastics, paper and glass being recycled there.
 
Ask five different people a question about, say, cloud security, and you'll likely get five different points of view.
 
To those who know their IT outsourcing history, GE and offshoring are practically synonymous.
 
Why Portland General Electric deployed Security Information and Event Management (SIEM) technology and what they've been able to accomplish as a result.
 
U.S. electronics retailer Best Buy is giving away two-year-old iPhone 3GS smartphones to customers who sign up for a long-term contract with AT&T, the chain's website announced today.
 
Business continues as usual for Hewlett-Packard's PC unit, which will continue to support and sell products as the company explores options to spin off or sell the Personal Systems Group, HP said on Monday.
 
WordPress UnGallery 'pic' Parameter Local File Disclosure Vulnerability
 
In 2006, Epec Engineered Technologies found itself in a situation familiar to many in corporate IT. With a series of business acquisitions behind it, the New Bedford, Mass.-based manufacturer of printed circuit boards, battery packs and other electronic components needed to replace multiple ERP systems with a single platform capable of supporting the entire organization.
 
AT&T has expanded its mobile application services for businesses, offering up a fully-managed service for building apps on various mobile platforms and storage of the apps in AT&T's cloud.
 
Alcatel-Lucent has introduced a set of services to proactively analyze performance in fixed networks, identify potential problems and take action to minimize their impact, the company said on Monday.
 
What a different global economy this would be if it were only a little bit more like the cloud. As the financial markets go through their bipolar mood swings with every wrenching headline, the market for cloud services has marched steadily upward and onward, seemingly unfazed by the concerns of the non-virtual world.
 
Taking advantage of HP's departure from the tablet and smartphone market, Microsoft has offered webOS developers free phones, tools and training to create apps for its Windows Phone 7 platform.
 
Melissa has her doubts about backing up online. "With hackers now able to hack into government and large holding companies' computers, wouldn't I also be at risk?"
 
Ukraine's security service SBU said it had arrested four people for allegedly creating fake payment cards with stolen information in an operation estimated to have caused $20 million in damages.
 
Security advisory: SQL Injection in LedgerSMB 1.2.24 and lower
 
---------------

Jim Clausing, GIAC GSE #26

SANS FOR558 coming to central OH in Sep, see http://www.sans.org/mentor/details.php?nid=25749

jclausing --at-- isc [dot] sans (dot) edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Mozilla Firefox and Thunderbird 'appendChild()' Remote Memory Corruption Vulnerability
 
Internet connectivity was restored in Tripoli late Sunday local time, as rebel forces took control of many parts of the capital city of Libya.
 

Securing Facebook
iT News
Remember to sign up to our Security bulletin for the definitive summary and analysis of Infosec threats. Facebook was unforgiving to those that exploited its service or attacked 750 million users. The Spam King's reign may be over, but there was always ...

and more »
 
Does the majority of your communications with suppliers revolve around problem resolution and sales presentations? If so, how do you get them to step up and improve service levels? How do you get them to work with you on innovation? How do you build a relationship that focuses their energies on your needs and benefits them in the process?
 
Cisco Systems has agreed to acquire service fulfillment software assets from the UK subsidiary of Comptel, in an effort to help operators speed up the launch of new services, the networking company said on Monday.
 
JetBrains executive says developers looking to use the new statically typed language will find it similar to learning Java
 
Dell today announced new versions of its midrange EqualLogic SAN arras, the PS4100 and PS6100, which are now qualified with VMware's vSphere v5.0 and offer the use of 2.5-in drives and solid state drives.
 
In an interview with Computerworld after announcing his plan to leave ICANN, Rod Beckstrom talked about the group's accomplishments since he was named president and CEO two years ago.
 
Oracle Secure Backup CVE-2010-0904 Remote Authentication Bypass Vulnerability
 
VIT Software Spider Player '.m3u' File Remote Buffer Overflow Vulnerability
 
Laid-off IT professionals charge former employer Molina Healthcare with discrimination and tell Computerworld their reasons for filing suit against the healthcare provider, its former CIO and its outsourcer, Cognizant.
 
Security threats have changed in recent years, with one fundamental difference being that the motives for breaches have multiplied.
 
Video games used for training purposes are still relatively new, so it's important to avoid the pitfalls.
 
IT has always been hitched to the wagon of efficiency, but today efficiency is just one part of the total value equation.
 
Inexpensive wireless sensors can monitor the integrity of highway bridges and alert officials to structural problems.
 
BlueCross BlueShield of Tennessee, responding to the theft of 57 hard drives in 2009, has completed a $6 million project to encrypt all of its stored data.
 
The European Union's computer security agency warns that the draft HTML5 standard may neglect important security issues.
 
Advice on a CIO who talks up teamwork but doesn't walk that talk.
 
The March earthquake and disaster in Japan are still affecting the global semiconductor market and may continue to do so for months to come.
 
Google's plan to pay $12.5 billion for Motorola Mobility has mobile carriers and smartphone and OS makers scrambling to figure out how the proposed deal will affect them, analysts say.
 
Gibbs discusses privacy and pseudonyms and how Google is being particularly evil by demanding "real" names
 

Posted by InfoSec News on Aug 22

http://www.sacbee.com/2011/08/21/3851214/hacked-cybersecurity-firm-hbgary.html

By Dale Kasler
The Sacramento Bee
Aug. 21, 2011

For years, few people knew about HBGary Inc., a Sacramento tech firm
working on the esoteric frontiers of cybersecurity.

Then a bizarre episode turned the 30-employee firm into a combination
global laughingstock and villain.

A maker of software designed to thwart hackers, HBGary was itself
victimized by hackers in...
 

Posted by InfoSec News on Aug 22

http://www.presstv.ir/detail/195022.html

Press TV
Aug 21, 2011

Head of Iran's Passive Defense Organization says the Islamic Republic
plans to hold a massive cyber maneuver to increase readiness against
possible cyber attacks on the country.

Brigadier General Gholam-Reza Jalali told IRNA on Sunday that the drill
is meant to assess the readiness of Iranian organizations and
departments to prevent future cyber intrusions.

The remarks...
 

Posted by InfoSec News on Aug 22

http://www.cnbc.com/id/44206510/Yale_Security_Breach_Reveals_Data_About_Students_and_Staff

By John Carney
Senior Editor, CNBC.com
19 Aug 2011

Yale University recently sent letters to alumni, faculty and staff
informing them that the names and Social Security numbers of 43,000
people affiliated with Yale have been available to Google search engine
users for the past 10 months.

"A Yale computer file that contained your name and Social...
 

Posted by InfoSec News on Aug 22

http://gawker.com/5832665/do-not-name-your-wifi-network-fbi-surveillance-van

By Adrian Chen
Gawker
Aug 19, 2011

It is important for everyone to express their creativity and sense of
humor. But does asserting your individuality really need to involve
giving your wifi network a wacky name? And do you really need to call it
"FBI SURVEILLANCE VAN?" You're freaking me out.

17-year-old Florida resident Jared Cano was arrested...
 

Posted by InfoSec News on Aug 22

http://www.computerworld.com/s/article/9219319/Anonymous_breaches_another_US_defense_contractor

By Jeremy Kirk
IDG News Service
August 19, 2011

The politically oriented hacking group, Anonymous, has released 1GB of
what is says are private e-mails and documents from an executive of a
U.S. defense company that sells unmanned aerial vehicles to police and
the U.S. military.

The documents were publicized in a post on Pastebin, with links...
 
Multiple Symantec Products Intel Common Base Agent Remote Command Execution Vulnerability
 
Internet Storm Center Infocon Status