InfoSec News

SAP has admitted to the "massive and prolonged" infringement of Oracle's copyrights and should pay at least $1.7 billion in damages, an Oracle attorney said Monday as the companies' corporate theft lawsuit entered its final stages.
In these days of large file sizes, sending an e-mail with an attachment can become a gripping drama. Will the e-mail with the attached file get through, or will your e-mail service--or the receiving e-mail service--reject the file as too big? And will either of them deign to tell you? Can a program like WinZip Courier ($25, 30-day free trial) save the day?
The role of the PBX is changing in importance, but it's still too early to issue a death certificate, according to Infonetics.
With its Novell purchase, Attachmate will need to streamline its product portfolio.
HP's new CEO, Leo Apotheker, on Monday said that HP will focus more on software and said that he still has some learning to do about the company.

What it's like to avoid Improvised Explosive Devices
He believes his time in Afghanistan served as great training for his current infosec career. "There's lots of relation to risk management. ...

and more »
In a military career that spanned almost two decades, Michael Smith worked in defense communications as a Russian linguist and was assigned to war-torn countries. He was in intelligence for several years, and after his active duty he joined the Army National Guard and was an Infantry Squad Leader for more than six years. While serving in the National Guard in 2004, he was deployed to Afghanistan in support of Operation Enduring Freedom and spent countless hours on patrol in treacherous parts of the country where locals weren't always friendly, and hidden bombs were a constant threat.
Verizon is adding a new tier of service to its FiOS fiber broadband service, offering 150M bps (bits per second) downstream and 35Mbit/sec upstream for $194.99 per month.
In an era of technology consolidation, the questions raised by Novell's sale to Attachmate for $2.2 billion ought to be a familiar: Users can only wonder what may happen to Novell's deep and extensive enterprise product lines.
WebKit SVG Image Pattern Cross Domain Security Bypass Vulnerability
WebKit CSS-Styled HTML Handling Remote Code Execution Vulnerability
WebKit Keyboard Focus Cross Domain Information Disclosure Vulnerability
WebKit User Interface Cross Domain Spoofing Vulnerability
The Asus Eee PC 1215N is a netbook that doesn't look like a netbook.
Attachmate's purchase of Novell will allow the company to work with vendors such as IBM and Microsoft.
WebKit 'font-face' and 'use' Elements Use-After-Free Remote Code Execution Vulnerability
Apple iPhone/iPod touch 'ImageIO' Component Memory Corruption Vulnerability
Apple Mobile OfficeImport Framework Excel Record Memory Corruption Vulnerability
WebKit for Apple iPhone/iPod touch Prior to iOS 4.1 Remote Code Execution Vulnerability
Verizon quietly introduced the Motorola Droid 2 Global earlier this month. The Droid 2 Global is an updated version of the recently released Motorola Droid 2 smartphone.
Just like a competitive athlete, a PMP candidate sets out a training course with the actual test as the final event of that preparation. Preparing for the PMP Exam is less like a 100-meter sprint than a marathon because preparing and passing the exam is an accomplishment in itself. The certification can make a significant difference, exponentially, from the day "PMP" follows your name.
In an ideal Internet all packets would be treated as equal by the Internet Service Providers (ISP) and backbone operators who transport them across cyberspace. Unfortunately, this is not always the case since many ISPs restrict or completely block Internet access to some services by discriminating against certain network protocols.
Full disclosure: I was a card-carrying marketing guy for 20 years. So when I see the effects of reality distortion in my clients' purchase decisions, I know whereof I speak.
FreeType 'seac' Calls Multiple Remote Denial of Service Vulnerabilities
libpng Memory Corruption and Memory Leak Vulnerabilities
FreeType BDF Font File Parsing Remote Denial of Service Vulnerability
NGS00015 Patch Notification: ImageIO Memory Corruption
[SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Intel will integrate configurable silicon from Altera in a new series of embedded Atom chips, the E600C series.
A survey shows that companies are embracing open-source software because of its quality and reliability -- not just because it's cheap.
Desktop virtualization, Web apps, software as a service, and an increasingly mobile user base have created new challenges when it comes to endpoint management. Nonetheless, there are still some constants – endpoints need to be deployed, configured, patched, secured and supported.
When you think about it, it's amazing how much actual work you can get done with just an iPhone, iPad, or iPod touch. You can create, read, and edit everything from documents to email and spreadsheets from just about anywhere.
You might call iOS 4.2 the "grand unification" release of iOS, as it at long last brings the iPad, the iPhone, and iPod touch under the same OS roof.
Mono 'LD_LIBRARY_PATH' Local Privilege Escalation Vulnerability
Suricata TCP Detection Evasion Security Bypass Vulnerability
[] url XSS in Hot Links Lite
Google appears to be backing away from a pledge that its search engine delivers unbiased results following new research that indicates the company gives itself top billing in many kinds of searches.
Windows doesn't always work the way you want it to. For all its advances, even Windows 7 has its own quirky methods of getting things done. And sometimes, the operating system simply breaks.
As a part of Monday's release of iOS 4.2, Apple will make the "Find My iPhone" set of remote-control features previously found in its $99-per-year MobileMe service available for free to owners of all iOS devices capable of running iOS 4.2.
Figuring out what's wrong with a balky computer takes a bit of detective work--but with our advice, you can solve the mystery in no time at all.
Whether you have Windows 7, Vista, or XP, keeping the operating system in good working order doesn't necessarily mean wasting hours (or even days) digging into obscure settings. Our fast fixes will help you correct common problems and optimize your Windows PC in just a few minutes.
Gord MacDonald's PC died. He asked me if he can install his copies of Windows and Microsoft Office onto a new PC.
Reader Sam Sellars is trading up, but wants to do so cleanly. He writes:
Thanksgiving is a time of family, food, and shopping. It's also a time of getting lost on the way to visit relatives, cleaning up crazy kitchen messes, and dealing with people who would stab you in the back to get a great sale. Fear not: Your Android phone has you covered, with apps that can make this Thanksgiving holiday an enjoyable (or at least a bearable) one.
It's hard to be truly productive when your productivity suite isn't optimized to your work style. Here are several tweaks for Microsoft Office that you can do in just a few minutes.
[] report.cgi SQL inj in Hot Links SQL (CGI version)
H2HC Cancun - Free Entrance!
'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298)
Apple Safari for Windows (4.0.2-4.0.5, 5.0-5.0.2) Math.random() predictability
We received several reports of spam email messages that advertise a new version of Adobe Acrobat, attempting to entice the recipient into clicking a link to a suspicious website. (Thanks, Steve and Bill.)
Since Adobe announced a new version of Adobe Reader a few days ago, we expect to see an increase in spam proclaiming security advantages of the new version and encouraging people to upgrade. It's likely that the new messages will even highlight the improved security of the new version (Adobe Reader X) as an element of social engineering.
At the moment, Adobe Acrobat/Reader spam is not yet using the Reader X designation, but talks about Adobe Acrobat 2010:

Subject:Download Your New Adobe PDF Reader For Windows And Mac


Dear Customers,

Adobe is pleased to announce new version upgrades for Adobe Acrobat 2010.


Advanced features include:

Variations of these messages have been around for a few months, as Adobe confirmed on September 13. The spam that we've seen have used mostly the same text in the body of the email message, but changed email Subject lines and destination URLs:


Subject: Upgrade New Adobe Acrobat 2010 PDF Reader Alternative,hxxp://www.pdf


Subject: Adobe Upgrade Notification,hxxp://www.adobe

Subject:Action Required : Download Your New Adobe Acrobat Reader,hxxp://www.adobe

Subject: New Adobe Acrobat PDF Reader Alternative,hxxp://www.official


Subject: Action Required : Active Your New Adobe PDF Reader, hxxp://http://www.adobe

Subject: Action Required : Upgrade Your New Adobe PDF Reader, hxxp://www.adobe

Subject:Download Your New Adobe PDF Reader For Windows And Mac,hxxp://www.adobe
Note that suspicious domains used as part of this campaign tend to include adobe as part of its name, along with incorporating hyphens.
The domains that are still active were registered with Regional Network Information Center, JSC dba RU-CENTERand,, as their DNS servers. Contact details for the domain sometimes specified PDF Reader Solutions as the registrant, and were probably fake.
The sites advertised as part of the spam campaign attempt to convince the person to provide his or her credit number to obtain PDF reader/writer software using a form that's hosted on We haven't checked whether the software is actually malicious, but we're doubtful of its intentions.
Here's what the landing pages linked from spam messages looked like:

Here's what the subsequent pages, which requested user data, looked like:

Consider letting users in your organization know about these Adobe spam activities, so that they don't attempt to download and install software coming from an untrusted source.
-- Lenny Zeltser
Lenny Zeltser leads a security consulting team and teaches how toanalyzeandcombat malware. He is activeon Twitterand recently launched asecurity blog.
(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Founder of the web, sir Tim Berners-Lee, has slammed social networks claiming they are "a threat to the web".

Posted by InfoSec News on Nov 22

By John E Dunn
19 November 10

The claimed ‘hijack’ of Internet traffic by China Telecom has been
hugely exaggerated in scale and intent, a traffic analysis by Internet
security company Arbor Networks has concluded.

A blog by Arbor chief scientist Craig Labovitz picks apart the
speculative claim, attributed to McAfee’s VP of...

Posted by InfoSec News on Nov 22

By Robert Mullins
Microsoft Tech
Network World

When Dickie George of the National Security Agency says, "This is life
and death and about our freedom and our way of life," he’s not talking
about the Soviet Union firing nuclear missiles at the U.S. or
infiltrating our government with spies bent on subversion. He’s talking
about cyber criminals hacking...

Posted by InfoSec News on Nov 22

By Ericka Chickowski
Contributing Writer
Nov 19, 2010

The danger of SQL injection last week hit the limelight once again when
the British Royal Navy's website was shut down temporarily in response
to an attack that had Royal Navy brass wondering whether the hack
resulted in...

Posted by InfoSec News on Nov 22

(c) 2010 Richard Forno. Permission granted to reproduce freely with

There is a vocal segment of the American political fringe that throws
around words like "communism", "socialism", or "fascism" in describing
the economic or social policies of the current Administration. Right or
wrong, they're entitled to their opinion, and this is not the place for...

Posted by InfoSec News on Nov 22

By Robert McMillan
IDG News Service
November 19, 2010

A June 2010 hacking incident that compromised a network at the Federal
Reserve Bank of Cleveland happened on a test system and not the bank's
production servers.

On Thursday, Lin Mun Poo was charged with hacking the Fed and other U.S.
corporations, including payment processor FedComp and an...

Posted by InfoSec News on Nov 22

By Gautham Nagesh
Hillicon Valley

A new bill unveiled Wednesday by House Homeland Security chairman Bennie
Thompson (D-Miss.) would give the Department of Homeland Security the
authority to enforce federal cybersecurity standards on private sector
companies deemed critical to national security.

The Homeland...
Novell said it has agreed to sell itself to Attachmate for $2.2 billion.
Native Instruments Service Center Local Privilege Escalation Vulnerability
Companies invest heavily in their brands to build the desired association between the brand and the consumers. Most recently, organizations have embraced the practice of social media marketing campaigns to reach customers where they spend much of their time: on social networking sites such as Facebook, Twitter and LinkedIn.
Among the risks of social media activities is the opportunity for an impostor to impersonate the brand, using it to gain confidence of trusting consumers or to conduct other activities that tarnish the targeted brand. Lets look at some examples and what we can do about this.
Phishing: A Form of Brand Impersonation
Let's set the baseline by first looking at phishing, which is perhaps the most common form of on-line brand impersonation. Phishing typically involves setting up a website that resembles that of the company whose customers are targeted as part of the phishing attack. The idea is to convince the individuals that the website belongs to the trusted company, such as the persons bank, so that the victim reveals sensitive information (such as logon credentials).
Phishing scams are often conducted with the help of cybersquatting, which is the act of registering, trafficking in, or using a domain name with bad faith intent to profit from the goodwill of a trademark belonging to someone else. If the URL of the phishing site includes the impersonated companys name or its product name, the victims are more likely to consider the site legitimate. (Unfortunately, some companies conduct marketing campaigns in a way that makes legitimate activities resemble phishing.)
Most companies whose customers are often targeted through phishing attacks know how to deal with these incidents by now. The effort involves identifying the appearance of phishing sites using approaches such as:

Examining referrer logs of web servers for anomalies
Soliciting phishing reports from customers
Detecting fraudulent transactions
Performing web searches for brand references

Once the company identifies a phishing site, it contacts the server's owner, hosting provider or the registrar to request that the site be shut down. There are firms offer phishing site take-down services to assist with this process.
Brandjacking: A Broader Perspective on Brand Impersonation
The term brandjacking refers to the act of assuming the on-line identity of a company or a person. From this perspective, phishing is a form of brandjacking. So is the act if impersonating a brand on a social network.
Brands might be impersonated by attackers on social networking sites to target the brand's customers. A fraudulent marketing campaign on a social networking site might look like its conducted by the brand, but it might actually be led by someone else. In the style of phishing, impersonation incidents put the brands customers data at risk, and may tarnish the brand's reputation.
Here are a few examples of Twitter accounts that were set up to impersonate well-known brands:

BPGlobalPR: Set up during the gulf oil spill in 2010 to satirize and criticize the situation. It has amassed around 200,000 followers, while the official BP account BP_America has around 20,000 followers.
ChuckNorris_: Spreads the humorous meme about Chuck Norris super powers and has around 21,000 followers.
GapLogo: Set up in 2010 when Gap attempted to change its logo design. The account was used to satirize and critique the new logo and has around 5,000 followers.

Brand impersonation takes place on other social networks as well, of course. Here are a few examples:

Screenwriter Alex Grossman impersonated Sarah Palin on Facebook by setting up an account named Governor Palin.
TechCrunch co-founder Michael Arrington impersonated Google CEO Eric Schmidt on Facebook.
Researchers Shawn Moyer and Nathan Hamiel impersonated security expert Marcus Ranum on LinkedIn (with his permission)

Some brands (e.g., Chuck Norris) may benefit from the increased publicity brought about by the impersonator. In most cases, though, companies are rightly concerned that brandjacking will confuse consumers, dilute trademark defensibility and hurt the brands reputation. (For more on this, check out my social networking risks and rewards presentation.)
Dealing With Brand Impersonations on Social Networks
Identifying when the brand is being impersonated on social networks includes the activities outlined above in the context of phishing. Furthermore, a company can use search engines that can mine social networking sites to report upon all references to the companys name, products, executive names or other elements of the brand.
Free social media search tools in this category include: SocialMention, Google Alerts, Twitter Search, Twazzup, CrowdEye, etc. Commercial tools include the various marketing campaign tracking tools, such as PostRank, and specialized products such as Social Sentry.
Once the company identifies the occurrence of brand impersonation, it can contact the corresponding social networking company, requesting that the account be shut down and, perhaps, transferred to the legitimate brand. The brand needs to clearly state why it believes the user of the social network who is impersonating the brand is violating that sites terms of services or, perhaps, breaking the law. The request needs to include sufficient evidence to establish that the request comes from the legitimate brand and showing proof (e.g., screen shots) that the specified account impersonated the brand.
Read the terms of use and policies of the popular social networking sites in advance, so you dont need to figure out whom to contact and how during the impersonation incident. A few pointers:

How to report impersonation to Twitter
How to report terms of use violations to LinkedIn
How to report an impostor to MySpace
How to report abuse to Facebook

If the incident is serious, the company may need to involve law enforcement. In all such cases, its wise for the companys information security, legal and marketing professionals to collaborate on defining and executing the incident response process.
Social networking sites are thinking about ways of verifying the authenticity of high-profile accounts. Twitter calls this Verified Accounts, and places a check mark badge next to the names of Twitter accounts that it has verified. Unfortunately, there is no way for a brand to be requested that Twitter verify it: this is a closed, limited beta process at the moment. I am not aware of similar efforts by other social networking platforms to provide a mechanism of verifying authenticity of account holders. All that users can do at the moment is to look at the accounts recent activities and the number of followers to assess the likelihood that the account is legitimate--a process that can easily be gamed.
Have you recently had to deal with a social network account take-down incident? Please leave a comment or drop us a note.
-- Lenny Zeltser
Lenny Zeltser leads a security consulting team and teaches how to analyze and combat malware. He is active on Twitter and recently launched a security blog. (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Novell is being acquired by Attachmate for $2.2 billion
Compellent today announced the next generation of its storage area network, which adds support for non-disruptive movement of data volumes between arrays as well as a new controller that offers Fibre Channel over Ethernet and iSCSI transport protocols.
osCommerce 'categories.php' Arbitrary File Upload Vulnerability
Make your Android device run longer, run smarter, and run almost anywhere with this collection of essential apps
Native Instruments Multiple Products DLL Loading Arbitrary Code Execution Vulnerability
S-CMS Cross Site Scripting and SQL Injection Vulnerabilities
Business have yet to embrace the 'ribbon' interface in Microsoft's Office suite, four years after its debut, a research firm says.
Our manager wanted a new challenge. His new job at a company that is offering software as a service fills the bill.
All the incentives in business push for ever-bigger IT projects, but it's the small projects that succeed. Maybe those two facts don't have to be in opposition.
The meaning of the term '4G wireless' becomes unclear as the ITU rules that WiMax and LTE don't qualify, while T-Mobile claims its current network is already 4G.
The first step is toward improving your team's morale is to articulate the emotional state of your employees beyond saying, 'They have low morale.'
Two launches by Microsoft, 25 years apart, tell a tale of a company that has gotten slower.
A new spot market lets users shop for low-cost, no-frills computing power from various cloud service providers that have excess capacity.
Analysts have muted expectations for the parallel data warehouse (PDW) edition of SQL Server 2008 R2 that Microsoft is scheduled to ship next month.
Researchers at the University of Arizona have developed a new type of holographic telepresence technology that allows the projection of 3D moving images for more-lifelike videoconferences.
Joomla Component 'com_jimtawl' Local File Include Vulnerability
Native Instruments Multiple Products Multiple Memory Corruption Vulnerabilities
InfoSec News: Royal Navy Attack Stresses SQL Injection Dangers:
By Ericka Chickowski Contributing Writer Darkreading Nov 19, 2010
The danger of SQL injection last week hit the limelight once again when [...]
InfoSec News: TSA and the New "Americanism":
(c) 2010 Richard Forno. Permission granted to reproduce freely with credit.
There is a vocal segment of the American political fringe that throws around words like "communism", "socialism", or "fascism" in describing [...]
InfoSec News: The Cold War: Then and now:
By Robert Mullins Microsoft Tech Network World 11/20/10
When Dickie George of the National Security Agency says, "This is life and death and about our freedom and our way of life," he’s not talking [...]
InfoSec News: Hacked Federal Reserve network was test-only:
By Robert McMillan IDG News Service November 19, 2010
A June 2010 hacking incident that compromised a network at the Federal Reserve Bank of Cleveland happened on a test system and not the bank's [...]
InfoSec News: China Internet 'hijack' hugely exaggerated, says researcher:
By John E Dunn Techworld 19 November 10
The claimed ‘hijack’ of Internet traffic by China Telecom has been hugely exaggerated in scale and intent, a traffic analysis by Internet [...]
InfoSec News: House bill would give DHS authority over private sector networks:
By Gautham Nagesh Hillicon Valley 11/18/10
A new bill unveiled Wednesday by House Homeland Security chairman Bennie Thompson (D-Miss. [...]
Wikileaks has promised to release a load of information seven times bigger than the Iraq War Logs, which raised the Internet group's profile around the world and caused some nations to take notice of the issue of leaks of top-secret documents online.

InfoSec, Inc. Survey Shows The Mainframe Is Alive And Well
InfoSec, Inc. today released the results of its 2010 State Of The Mainframe Survey, which was conducted in July of 2010. The overwhelming result of the ...

and more »
Each of the products in this test were installed, configured and used on a Windows server based network, running Windows Server 2008r2 – four endpoints were configured, with the following OSs – Windows XP SP3, Windows Vista Business Edition, Windows 7 Ultimate Edition (32bit) and Windows 7 Ultimate Edition (64 bit).
Mark Gibbs challenges the BSA to make our lives easier
The gist of the story on the front page of Yahoo News last week was that Bill "The Science Guy" Nye passed out while speaking to several hundred University of Southern California students and those students callously ignored the stricken man's plight in favor of yammering about it on Twitter.
We've been staring a simple truth in the face for a few years but generally trying to ignore it because the implications are big. That truth: If we are to get the most out of highly virtualized, cloud-ready environments we are probably going to have to rethink the way parts of IT are organized.
Microsoft Windows Kernel Task Scheduler Service Local Privilege Escalation Vulnerability

Internet Storm Center Infocon Status