InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Worms, malware, zero-day attacks -- it was a worrisome week on the security front, with stories in that genre taking our top three slots.
 
Some of you may have read (and, more than likely, commented on) a story I wrote a few days ago about my experiences with getting my MacBook Pro repaired. (The short version: MacBook Pro, less than three months old, hardware problems, multiple repair attempts, conflicting information, frustrated customer.)
 
A reorganization of the Active Directory architecture goes forward without the security manager even being informed.
 
A computer that monitored drilling operations on the Deepwater Horizon had been freezing with a "blue screen of death" prior to the explosion that sank the oil rig last April, the chief electrician aboard testified Friday at a federal hearing.
 
Courts have said companies that say they will remove content, but then don't, may be liable for damages.
 
It's true on the Web, and just as valid in many business communication scenarios.
 
Worldwide mobile memory revenue is expected to grow by close to 50% this year on increased smartphone shipments, research firm iSuppli said on Friday.
 
India's human resource ministry announced this week a 'breakthrough' solar-powered tablet computer that would cost only $35 in 'early 2011.' Wow! That's great! Too bad it will never exist.
 
Microsoft sold nearly 10 copies of Windows 7 every second over the last month, according to numbers the company released Thursday.
 
Cisco Systems may be planning to give its consumer TelePresence system the friendly sounding name 'UMI,' according to a trademark application made last year.
 
Facebook is going one step further in its fight against the man who says the company's founder and CEO Mark Zuckerberg signed away ownership of 84% of the social networking site seven years ago.
 
Microsoft has backed off earlier statements listing five manufacturers of Windows Phone 7 devices, disclosing yesterday that no official announcement has been made.
 
In addition to stuxnet which has been using the LNK vulnerability to exploit systems since approximately the 14th of this month (possibly longer) a few researchers have been mentioning that they have encountered additional malware utilising the LNK vulnerability. eset has a write up here on what they have found -http://blog.eset.com/2010/07/22/new-malicious-lnks-here-we-go
Until patched expect more.
MH (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Oracle is distancing itself from comments reportedly made by its co-president, Charles Phillips, about the amount of money it intends to spend on future acquisitions.
 
As promised last week, Apple has launched a free case program for iPhone 4 owners who are having reception problems with the popular new smartphone.
 
Apple hopes to end "antennagate" fights; Facebook members reach new heights
 
Recycling companies will be required to check whether a mobile phone has been reported stolen before reselling it, according to a new code of practice announced by the U.K. government on Friday.
 
Verizon Communications reported a net loss of $198 million in the second quarter of 2010, down from net income of $1.5 billion in the second quarter of 2009, with the drop due to one-time charges, including a voluntary employee buy-out program.
 
A budding programming language that offers a 'nicer way to write Java code' shares the spotlight at OSCON with the Go and D languages
 
When teaching Security Essentials (sec401) we often talk about one of the more useful hacking tools in everyone's arsenal, a browser. Wielding a browser in the right manner can expose all kinds of interesting information as is the case with vBulletin version 3.8.6.
vBulletin, used to power online discussion sites has a serious flaw in vB 3.8.6. Browsing to the FAQ page on a vulnerable site and searching for the correct term will disclose the database credentials which can then be used to further compromise the site (http://www.securityfocus.com/archive/1/512575). It shows that vulnerabilities do not need to be complex. It also shows that code review, testing and of course input validation is essential.
The vendor jumped on the issue quickly and provides a patch on their site. Later versions of the product that are not vulnerable are also available. There do still seem to be sites up running the vulnerable code. If yours is one of those, you may want to patch soon.
MH (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A feature in Apple's Safari browser designed to make it easier to fill out forms could by abused by hackers to harvest personal information, according to a security researcher.
 
These five free services let you store your files online, sync them automatically, access them from any device and share them with others.
 
These five free services let you store your files online, sync them automatically, access them from any device and share them with others.
 
Larry Wall's annual State of the Onion talk at OSCON foreshadows the long-awaited release of Perl 6
 
Microsoft signed a new agreement to license technology for the Arm microprocessor architecture, opening the potential for the software giant to follow in Apple's footsteps and design its own Arm-based chips.
 
InfoSec News: Security Pros Feel Underpaid, But In Some Cases Would Take A Pay Cut: http://www.darkreading.com/security/management/showArticle.jhtml?articleID=226100111
By Kelly Jackson Higgins DarkReading July 21, 2010
While most security professionals say their expertise entitles them to make more money than their counterparts in IT, nearly half would accept [...]
 
InfoSec News: Secunia Weekly Summary - Issue: 2010-29: ========================================================================
The Secunia Weekly Advisory Summary 2010-07-15 - 2010-07-22
This week: 32 advisories [...]
 
InfoSec News: Couple accused in GM tech theft: http://www.freep.com/article/20100723/BUSINESS01/7230375/Couple-accused-in-GM-tech-theft
By David Ashenfelter Free Press Staff Writer Detroit Free Press July 23, 2010
A Troy couple was arraigned in federal court Thursday on charges of conspiring to steal GM's hybrid vehicle secrets to sell to a Chinese car company.
Yu Qin, 49, and his wife, Shanshan Du, 51, stood mute in U.S. District Court to a six-count indictment charging them with unauthorized possession of trade secrets, wire fraud and obstruction of justice.
Magistrate Mark Randon entered not-guilty pleas on their behalf and released them on $10,000 bonds.
The U.S. Attorney's Office said Du, while working for GM, passed hybrid secrets to her husband for use in their company, Millennium Technology International, some by e-mail.
After GM offered Du a buyout in January 2005, she copied thousands of pages of GM documents to a Millennium Technology external computer hard drive, prosecutors said. Afterward, Qin moved forward with a venture to provide hybrid technology to Chery Automobile, a GM competitor in China, prosecutors said.
[...]
 
InfoSec News: Reminder: USENIX Security Symposium '10: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>
Don't forget, the USENIX Security Symposium and the co-located workshops are less than a month away. We hope that you'll join us in Washington, D.C., August 9-13, 2010, for a week covering the latest research in the [...]
 
InfoSec News: Baidu hacking lawsuit allowed to proceed: http://news.cnet.com/8301-1023_3-20011428-93.html
By Steven Musil Digital Media CNet News July 22, 2010
Baidu, China's leading Internet search company, has a "plausible" case against its U.S.-based domain registry for allegedly allowing a hacking [...]
 
InfoSec News: Firm scrambles to patch vBulletin software flaw: http://www.bbc.co.uk/news/technology-10714192
By Jonathan Fildes Technology reporter BBC News 22 July 2010
A serious flaw in software widely used to power online discussion sites could allow hackers to harvest reams of personal data, the BBC has learned. [...]
 
InfoSec News: Huawei accused of corporate theft: http://www.theregister.co.uk/2010/07/22/motorola_huawei/
By Bill Ray The Register 22nd July 2010
Motorola has accused its own engineers of sending confidential documents to the founder of Huawei, and claims that the receiving company was well aware that the information was stolen. [...]
 
InfoSec News: Virus writers are picking up new Microsoft attack: http://www.computerworld.com/s/article/9179564/Virus_writers_are_picking_up_new_Microsoft_attack
By Robert McMillan IDG News Service July 22, 2010
The Windows attack used by a recently discovered worm is being picked up by other virus writers and will soon become much more widespread, [...]
 

Posted by InfoSec News on Jul 23

Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>

Don't forget, the USENIX Security Symposium and the co-located workshops
are less than a month away. We hope that you'll join us in Washington,
D.C., August 9-13, 2010, for a week covering the latest research in the
security of computer systems, networks, healthcare, electronic voting,
and more.

The week includes:

- USENIX Security '10: 19th USENIX Security Symposium...
 

Posted by InfoSec News on Jul 23

http://news.cnet.com/8301-1023_3-20011428-93.html

By Steven Musil
Digital Media
CNet News
July 22, 2010

Baidu, China's leading Internet search company, has a "plausible" case
against its U.S.-based domain registry for allegedly allowing a hacking
attack that left the site disabled and defaced, a U.S. judge ruled
Thursday.

The order, signed by Judge Denny Chin of the U.S. District Court for
Southern New York, allows Baidu to...
 

Posted by InfoSec News on Jul 23

http://www.bbc.co.uk/news/technology-10714192

By Jonathan Fildes
Technology reporter
BBC News
22 July 2010

A serious flaw in software widely used to power online discussion sites
could allow hackers to harvest reams of personal data, the BBC has
learned.

The flaw in a specific version of the vBulletin software allows anyone
to easily access the main administrator username and password for a
site.

This would also allow hackers to...
 

Posted by InfoSec News on Jul 23

http://www.theregister.co.uk/2010/07/22/motorola_huawei/

By Bill Ray
The Register
22nd July 2010

Motorola has accused its own engineers of sending confidential documents
to the founder of Huawei, and claims that the receiving company was well
aware that the information was stolen.

The case, filed in Chicago, is against the Lemko Corp and originally
accused five former Motorola workers of taking their secrets with them
when they moved to...
 

Posted by InfoSec News on Jul 23

http://www.computerworld.com/s/article/9179564/Virus_writers_are_picking_up_new_Microsoft_attack

By Robert McMillan
IDG News Service
July 22, 2010

The Windows attack used by a recently discovered worm is being picked up
by other virus writers and will soon become much more widespread,
according to security vendor Eset.

Eset reported Thursday that two new families of malicious software have
popped up, both of which exploit a vulnerability in...
 

Posted by InfoSec News on Jul 23

http://www.darkreading.com/security/management/showArticle.jhtml?articleID=226100111

By Kelly Jackson Higgins
DarkReading
July 21, 2010

While most security professionals say their expertise entitles them to
make more money than their counterparts in IT, nearly half would accept
a lower salary if it was necessary to keep their job or if they were
offered additional training, according to a new survey that will be
released tomorrow.

The...
 

Posted by InfoSec News on Jul 23

========================================================================

The Secunia Weekly Advisory Summary
2010-07-15 - 2010-07-22

This week: 32 advisories

========================================================================
Table of Contents:

1.....................................................Word From...
 

Posted by InfoSec News on Jul 23

http://www.freep.com/article/20100723/BUSINESS01/7230375/Couple-accused-in-GM-tech-theft

By David Ashenfelter
Free Press Staff Writer
Detroit Free Press
July 23, 2010

A Troy couple was arraigned in federal court Thursday on charges of
conspiring to steal GM's hybrid vehicle secrets to sell to a Chinese car
company.

Yu Qin, 49, and his wife, Shanshan Du, 51, stood mute in U.S. District
Court to a six-count indictment charging them with...
 
The release of Office 2010, as well as continued strong sales of Windows 7, helped buoy Microsoft through another quarter of increased revenue and profit, the company announced on Thursday.
 
Users are piling on to AT&T's public Wi-Fi hotspots, racking up more than 68 million connections in the second quarter, AT&T said Thursday.
 
The Windows attack used by a recently discovered worm is being picked up by other virus writers and will soon become much more widespread, according to security vendor Eset.
 

Internet Storm Center Infocon Status