Share |

InfoSec News

Worldwide server revenue and unit shipments continued a yearlong recovery in the fourth quarter of 2010, but growth is likely to slow this year, research company Gartner said on Thursday.
 
Motorola's Xoom tablet is the first true challenger to Apple's iPad, and after months of hype, it's finally available at Verizon Wireless stores and ready to be picked over by the tech press.
 
NASA's space shuttle Discovery lifted off on its 39th and final mission into space from Kennedy Space Center late this afternoon.
 
Virtualization, video and massive amounts of data are all driving enterprises and service providers toward 100-Gigabit Ethernet, but the cost of the fledgling technology remains prohibitively high and few products have been installed, industry observers said at the Ethernet Technology Summit.
 
Novell Netware 'XNFS.NLM' Component Remote Code Execution Vulnerability
 

RSA Conference 2011 recap: What we learned
SearchSecurity.com
As most of our readers know, the RSA Conference is information security's biggest annual event, and it's a great bellwether for what's top of mind among enterprise infosec practitioners. Typically, each conference has one prevalent theme: NAC, ...

and more »
 

GovInfoSecurity.com

Diversity of Devices, Not the Number of Them, Presents Infosec Challenges
GovInfoSecurity.com
Compared with today, life was simple for network and systems administrators a few short years ago before everyone went mobile. Today, an estimated 10 billion devices are connected to the Internet, a figure expected to quintuple in the next few years, ...

 
Intel's Thunderbolt interconnect technology, formerly called Light Peak, has emerged from the company's lab and will soon find its way into product, including Apple's new line of MacBook Pro laptops, Intel said Thursday.
 
SAP wants a judge to toss out allegations by the government of Marin County, California, that it engaged, along with Deloitte Consulting, in a racketeering scheme meant to bilk the county out of more than $20 million in connection with a troubled ERP project.
 
Apple today released a preview of Mac OS X 10.7, aka Lion, to developers, who can download the new operating system from the Mac App Store.
 
Microsoft shed a little bit of light on the problems it had sending out the first update for its Windows Phone 7 software, but it has still suspended updates to Samsung phones while it works out the issue.
 
Robonaut 2, the robot accompanying six NASA astronauts to the International Space Station, could become a key to the next generation of human-robot joint projects.
 
Michael Friedenberg, President and CEO of IDG Enterprise, says all signs indicate it will be all about tablets this year and CIOs should do what they can to stay ahead of the game.
 
Books and blogs about IT, management and leadership
 
The "stay up all night, do anything for the user" hero culture of corporate IT may win friends in the business, say outsourcing consultants at TPI and Compass, but it won't yield real business-IT alignment. And it makes it almost impossible to succeed at outsourcing.
 
Apple today pulled the retail version of its MobileMe sync and storage service from its online store, and dropped the service from the list of optional factory-installed software for its Macs.
 
The Anonymous collective today claimed credit for hacking the Web site of the controversial Westboro Baptist Church in Kansas.
 
Open Handset Alliance Android Lock Screen Security Bypass Vulnerability
 
LTE, or long-term evolution service, is poised to be the new world standard for mobile data. Here are five things that set it apart from its predecessors.
 
Box.net, which sells a hosted content management application, announced on Thursday that it has closed a $48 million funding round.
 
Relevanssi WordPress Plugin 'Seach Query' Field HTML Injection Vulnerability
 
Cisco Thursday unveiled new equipment top help large companies create and distribute videos.
 
As expected, Apple today refreshed its MacBook Pro notebook line, turning to Intel's new Sandy Bridge chip architecture and adding a new connectivity technology dubbed Thunderbolt that transfers data at speeds up to 10Gbps.
 
IT will see a lot of change by 2020 and as CIO, you need to help your company get out in front. Here are four keys to success from Forrester Research.
 
The latest generation of graphics chips have 3 billion transistors and consume about 200 watts of energy. The numbers are impressive -- until you consider that the human brain has the equivalent of a trillion transistors and consumes just 20 watts of energy, or far less than it takes to run a light bulb.
 
SAP wants a judge to reduce the $1.3 billion award a jury granted Oracle last year in its intellectual property-theft lawsuit to no more than $408.7 million, and also asked for a new trial, according to filings made late Wednesday in U.S. District Court for the Northern District of California.
 
SOPHIA CMS 'pageid' Parameter SQL Injection Vulnerability
 
[ MDVSA-2011:037 ] avahi
 
HTB22851: SQL Injection in WP Forum Server wordpress plugin
 
HTB22850: SQL Injection in WP Forum Server wordpress plugin
 
HTB22847: XSS in IWantOneButton wordpress plugin
 
A survey of more than 300 IT professionals found that 25% of IT projects begin as part of compliance initiatives.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
A Microsoft security advisory alerts users that an automatic update will repair a flaw in the Malware Protection Engine used across all of its antimalware products.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
All eyes are on the Motorola Xoom tablet, and for good reason: It's the first device in an expected multitude to ship with Google's tablet-optimized Android 3.0 (Honeycomb). The Xoom has a lot of features to like, and a lot to set it apart from the ever-growing crowd of tablets; but it also has some drawbacks that temper my enthusiasm about it.
 
SAP wants a judge to reduce the $1.3 billion award a jury granted Oracle last year in its intellectual property-theft lawsuit.
 
Apple on Thursday released the latest update to its MacBook Pro portable computer line, more than 10 months after the laptops’ last revision. The new versions feature a new series of Intel processors, updated graphics cards, and a new connectivity standard dubbed Thunderbolt.
 
Sprint's first Windows Phone 7-based device, the HTC Arrive, will be available on March 20 for just under $200 with a service plan.
 
Intel's Thunderbolt interconnect technology, formerly called Light Peak, has emerged from the company's lab and will soon find its way into product, including Apple's new line of MacBook Pro laptops, Intel said Thursday.
 
IT executives at Chevron and TD Bank are testing whether tablets like Apple's iPad and the upcoming BlackBerry PlayBook can be used to improve decision-making processes in their companies.
 
Microsoft's affordable bundle of Exchange, SharePoint, easy remote access, and integrated management continues to be a great platform on which to build a small business
 
True to form, Apple’s invitation to its March 2 press event doesn’t explicitly state what’s going to be covered. But after a quick glance at the invitation graphic—which features the corner of an iPad behind a peeled-back calendar page labeled “2”—you don’t need an inside source in Cupertino to conclude that a new version of the iPad is likely on the agenda. After all, it’s been more than a year since Apple first took the wraps off its tablet—plenty of time for the company to come up with something that wows us all over again.
 
SAP wants a judge to reduce the $1.3 billion award a jury granted Oracle last year in its intellectual property-theft lawsuit to no more than $408.7 million, and also asked for a new trial, according to filings made late Wednesday in U.S. District Court for the Northern District of California.
 
SandForce today announced two new SSD processors that double performance over its previous models while also doubling the encryption of data.
 
Avahi 'avahi-core/socket.c' NULL UDP Packet Denial Of Service Vulnerability
 
Adobe Acrobat and Reader CVE-2011-0603 Image Parsing Remote Code Execution Vulnerability
 
[USN-1070-1] Bind vulnerability
 
[ MDVSA-2011:036 ] mailman
 
Cisco Security Advisory: Cisco Firewall Services Module Skinny Client Control Protocol Inspection Denial of Service Vulnerability
 
Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances
 
Website errors and poor authentication processes are among the technical lessons learned from the HBGary Federal hacking fiasco, security consultant says.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
In this exclusive video interview from RSA Conference 2011, Microsoft Corporate Vice President of Trustworthy Computing Scott Charney and SearchSecurity.com Senior Site Editor Eric B. Parizo discuss the state of Microsoft's Trustworthy Computing initiative in 2011.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

Website errors and poor authentication processes appear to be the biggest technical lessons learned from the HBGary Federal hacking fiasco, according to Bojan Zdrnja of Croatia-based security consultancy INfigo.

Writing in the SANS Institute’s Internet Storm Center Diary, Zdrnja highlights some common security mistakes made by HBGary Federal that his team frequently come across during penetration tests. These are mistakes that are frequently mentioned by security experts, repeatedly mentioned in reports in nearly every security media outlet and highlighted by security education firms.

SQL injection vulnerabilities:

“HBGary unfortunately had a vulnerable Web application which allowed attackers to retrieve information directly from the back-end database – this information included MD5 hashes of passwords of users, that had access to the administration web interface.”

SearchSecurity has a SQL injection protection Learning Guide on how to protect your website from SQL injection errors.

Manual inspection has given way to some pretty popular automated tools that can detect these common errors (Web application scanners). In addition automated toolkits have made it easy for cybercriminals to find and exploit SQL injection errors. There are security technologies that can defend against these automated attacks – a properly deployed and tuned Web application firewall (WAF) would do the trick. I say properly deployed, because I hear about many companies installing a WAF for PCI compliance, but failing to really use it for its intended purpose.

Poor authentication processes:

HBGary Federal used the same passwords to access different systems. This made it easier for members of the “Anonymous” group to access connected systems and ultimately steal email messages and other files. In addition, the passwords were used for other – outside – social networks, such as Twitter and LinkedIN.

There are a plethora of two-factor authentication options, one time password tokens and other methods that can be used by firms to keep systems locked down and make it more difficult for fraudsters to access systems.

While it’s understandable that some firms don’t need the added secure password measures and wouldn’t want to disrupt business processes with them, it’s painfully troubling that firms that work with government agencies or deal with other sensitive data clearly aren’t deploying these authentication measures. Safeguarding intellectual property – the lifeblood of every company – begins with the most basic security steps. Requiring some kind of hardened password protection to gain access to critical systems should be part of the foundation of any security program.

Zdrnja:

“The attackers used social engineering to attack a system administrator of another system (rootkit dot com) – an obvious weak spot since he/she holds “all the keys to the kingdom” … The attackers sent a carefully crafted e-mail, asking the administrator to open SSH on a weird port and set the root password to something he knows…”

That kind of change management, according to Zdrnja, is a big NO NO, but is probably all too common at enterprises.

When the administrator opened SSH and changed the password, it was game over.



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

Internet Software Consortium published today an advisory for the BIND software. For versions 9.7.1-9.7.2-P3, when a server that is authoritative for a domain (i.e. owns the SOA record) process a successful domain transfer operation (IXFR) or a dynamic update, there is a small window of time where this processing combined with a high amount of queries can cause a deadlock, which makes the DNS server stop processing further requests.

Bind is one of the preferred targets for attackers on the Internet. If you have bind installed in your company, please remember the following basic security measures:

Only allow IXFR transfers from known secondary servers of your domain. You don't want to let people know all the list of public ip address associated with your domain
Keep separated your internal DNS information from your external DNS information. Some DNS provides information about private addresses used inside the corporate network.
Allow recursive requests only from your internal DNS. If you allow recursive requests from the Internet, you are exposed to a distributed denial of service.


To solve the problem, upgrade to BIND 9.7.3. More information athttp://www.isc.org/software/bind/advisories/cve-2011-0414

-- Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft made the first service pack for Windows 7 and 2008 R2 available for public download. This service pack is essentially a roll up patchincluding most security patches and hot fixes released so far.
Aside from patches, service packs typically include some improvements and new features. From a security point of view, RemoteFX may be of interest. RemoteFX extends RDP to allow a more complete remote desktop access including access to USB drives from example, more in line with virtual machine desktop clients that can use a local drive to load data on a remote virtual machine.
DirectAccess has been improved as well. DirectAccess requires the use of IPv6, and with SP 1, 6to4 as well as ISATAPare supported.
The RemoteFX and DirectAccess enhancements only affect Windows 2008 R2, not Windows 7.
Some twitter reports suggest that the service pack install may fail if bitlocker is used. If you experience any issues: Please let us know.
http://technet.microsoft.com/en-us/library/ff817622%28WS.10%29.aspx
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Iwill use this post to collect some of the problems we are hearing about with Windows 7 SP1 and Windows 2008 R2 SP1. Right now, there is no urgent reason to install this service pack and it should be tested first.
A few areas to watch:
- Whitelisting / Blacklisting:Whitelisting software may not have checksums yet to verify all the files that are modified by the service pack. Same for anti-virus:Some anti virus products monitor system files for changes and may sound an alert or block the installation of SP 1
- Firewalls: Third party firewalls may find that some of the low level hooks they use have changed.
- Disk Encryption: In particular full disk encryption that modifies the boot process may find that some of the changes it did are undone by the SPinstall
- Custom hardware:If you are using drivers other then those that are included in Windows 7 (or 2008 R2), be careful.
Specific examples. Consider them anecdotal but if you run any software mentioned here, or similar software, this list should give you a guide to test.

Users with old versions of Microsoft Security Essentials may not be able to install SP1. Upgrade first.
Samsung Galaxy S phone drivers may have problems with SP1
some users reported very long install times ( 1hr. but not all that unusual for a service pack)
Chrome 10 and 11 have issues according to some tweets
Word 2003 VBA
slower boot times with SP1 then without
some reports of download issues due to overloaded servers
Lenovo's Thinkvantage System Update may not work (update it before applying the SP)
EVGA Precision Utility 2.0.2 (Graphics card stats program liked by gamers)
MSI Afterburner
some issues with Bitlocker are reported. But no confirmation at this point and it may also be due to entering the wrong password on reboot (you have to reboot a couple times in certain situations)

Link to a technet page with reports of install issues:
http://technet.microsoft.com/en-us/library/ff817622%28WS.10%29.aspx
If all fails, here a link with an uninstall procedure for SP1:
http://windows.microsoft.com/en-US/windows7/uninstall-sp1
To temporarily block installation of the service pack:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=d7c9a07a-5267-4bd6-87d0-e2a72099edb7displaylang=en


------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Hunters and Toolmakers: Seeking Infosec Wizards
BankInfoSecurity.com (blog)
This shouldn't be surprising; the GovInfoSecurity.com survey released last week shows that half of the government IT security practitioners polled see insider threats as their greatest vulnerabilities (see Gov't Infosec Pros Question Fed's Security ...

and more »
 

The Tech Herald

Ligatt Security fires back at CBS Atlanta after news segment
The Tech Herald
In his interview with CBS Atlanta, Riley made a comment that is at the heart of the InfoSec community's beef with Ligatt. “I'm worried that people are using [Ligatt's] service, believing they are secure,” Riley remarked. To say that the CBS Atlanta ...

and more »
 

FEITIAN Technologies Co Ltd., speaks at RSA China Conference concerning anti ...
Newsbycompany
FEITIAN Technologies International Technical Consultant Gregory Dunn presented the speech at the first annual RSA Chine INFOSEC international forum in Beijing China. The speech concentrated anti-fraud techniques applied to the Chinese online banking ...

 
InfoSec News: Under Growing Pressure, Security Pros May Be Ready To Crack, Study Says: http://www.darkreading.com/security-monitoring/167901086/security/security-management/229219084/under-growing-pressure-security-pros-may-be-ready-to-crack-study-says.html
By Tim Wilson Darkreading Feb 23, 2011
Faced with an attack surface that seems to be growing at an overwhelming [...]
 
InfoSec News: Exxon, Shell Said to Have Been Hacked Via Chinese Servers: http://www.bloomberg.com/news/2011-02-24/exxon-shell-bp-said-to-have-been-hacked-through-chinese-internet-servers.html
By Michael Riley Bloomberg Feb 23, 2011
Computer hackers working through Internet servers in China broke into and stole proprietary information from the networks of six U.S. [...]
 
InfoSec News: DDoS attack forces Dutch bank offline: http://news.idg.no/cw/art.cfm?id=3F6822FF-1A64-6A71-CE67724BB606D61C
By Jasper Bakker Webwereld Netherlands 23.02.2011
The outage of Dutch bank Rabobank last weekend was caused by a massive DDoS attack. The perpetrators are still unknown. The bank reports the attack to the police. [...]
 
InfoSec News: Man admits hacking into NASA, e-commerce servers: http://www.theregister.co.uk/2011/02/24/nasa_hacker_guilty/
By Dan Goodin in San Francisco The Register 24th February 2011
A Texas man has admitted hacking into servers owned by an e-commerce company and making off with about $275,000.
Jeremey Parker of Houston also copped to charges of breaking into servers maintained by NASA's Goddard Space Flight Center in Maryland and causing some $43,000 of damage. Click here to find out more!
The hacking spree spanned a 10-month stretch starting in December 2008 with the breach of systems owned by SWReg. A subsidiary of Digital River of Minnesota, the company manages royalties for independent software developers. “Parker hacked into SWReg's system, created the money by crediting the SWReg accounts, and then caused that money to be wire transferred to his bank account instead of the accounts of several developers,” a press release issued by the US Attorney's office in Minnesota said.
The NASA servers Parker hacked gave paying members of the scientific community access to oceanic data being sent to Earth from satellites. Eventually, the data was made available to everyone.
[...]
 
InfoSec News: CSET '11 Call for Papers Now Available: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>
On behalf of the 4th Workshop on Cyber Security Experimentation and Test (CSET '11) program committee, we would like to invite you to submit papers on the science, design, architecture, construction, operation, [...]
 
Intel's problems with its Sandy Bridge chips won't help Advanced Micro Devices to steal market share from its bigger rival.
 
Microsoft has patched a bug in its malware scanning engine that could be used as a stepping stone for an attacker looking to seize control of a Windows box.
 
A Twitter message from Monday suggests that a self-proclaimed "hacktivist" using the handle "The Jester" may have been responsible for knocking the controversial Westboro Baptist Church offline.
 
Mozilla today said that it will ship security updates to Firefox 3.5 and Firefox 3.6 next Tuesday, ending a debate about whether to wait for a patch that affects Adobe's software.
 
Microsoft's tightly integrated 'everything server' for small networks has goodies for users and admins alike
 
Irans government is claiming that it has developed two new supercomputers powerful enough to earn rankings on the Top500 list of the world's most powerful systems.
 
While 2010, as a whole, was a year of growth for the global computer chip market, the fourth quarter took a bit of a hit.
 
China's largest search engine, Baidu, is facing a potential antitrust investigation after the company was accused of blocking and degrading the search query results of a Chinese online encyclopedia website.
 
A British judge Thursday approved Sweden's request to extradite Julian Assange, although the embattled WikiLeaks founder is expected to appeal.
 
A British judge Thursday approved Sweden's request to extradite Julian Assange, although the embattled WikiLeaks founder is expected to appeal.
 

Posted by InfoSec News on Feb 24

http://www.bloomberg.com/news/2011-02-24/exxon-shell-bp-said-to-have-been-hacked-through-chinese-internet-servers.html

By Michael Riley
Bloomberg
Feb 23, 2011

Computer hackers working through Internet servers in China broke into
and stole proprietary information from the networks of six U.S. and
European energy companies, including Exxon Mobil Corp., Royal Dutch
Shell Plc and BP Plc, according to one of the companies and
investigators who...
 

Posted by InfoSec News on Feb 24

http://news.idg.no/cw/art.cfm?id=3F6822FF-1A64-6A71-CE67724BB606D61C

By Jasper Bakker
Webwereld Netherlands
23.02.2011

The outage of Dutch bank Rabobank last weekend was caused by a massive
DDoS attack. The perpetrators are still unknown. The bank reports the
attack to the police.

The outage of Dutch bank Rabobank last weekend was caused by a massive
DDoS attack. The perpetrators are still unknown. The bank reports the
attack to the...
 

Posted by InfoSec News on Feb 24

http://www.theregister.co.uk/2011/02/24/nasa_hacker_guilty/

By Dan Goodin in San Francisco
The Register
24th February 2011

A Texas man has admitted hacking into servers owned by an e-commerce
company and making off with about $275,000.

Jeremey Parker of Houston also copped to charges of breaking into
servers maintained by NASA's Goddard Space Flight Center in Maryland and
causing some $43,000 of damage.
Click here to find out more!

The...
 

Posted by InfoSec News on Feb 24

Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>

On behalf of the 4th Workshop on Cyber Security Experimentation and Test
(CSET '11) program committee, we would like to invite you to submit
papers on the science, design, architecture, construction, operation,
and use of cyber security data and experiments. Please submit all papers
by April 18, 2011, at 11:59 p.m. PDT.

Topics of interest include but are not limited to:

*...
 

Posted by InfoSec News on Feb 24

http://www.darkreading.com/security-monitoring/167901086/security/security-management/229219084/under-growing-pressure-security-pros-may-be-ready-to-crack-study-says.html

By Tim Wilson
Darkreading
Feb 23, 2011

Faced with an attack surface that seems to be growing at an overwhelming
rate, many security professionals are beginning to wonder whether their
jobs are too much for them, according to a study published last week.

Conducted by Frost...
 


Internet Storm Center Infocon Status