InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Apple on Tuesday announced it had smashed sales records of the iPhone, iPad and Mac in the final quarter of 2011, the first reporting period after the death of former CEO Steve Jobs.
Advanced Micro Devices reported a fourth-quarter net loss Tuesday on weak sales of graphics chips and charges related to a restructuring.
Google will be able to combine data from several Google services when a Google Accounts user is signed in, as part of a rewritten set of privacy policies that the company announced on Tuesday.
GNU glibc 'svc_run()' EMFILE Error Handling Denial of Service Vulnerability


Symantec source code breach saga continues
(I guess that makes this an article in which Naked Security is saying that Infosec Island is saying that Reuters is saying that Symantec is asserting that this was, after all, a break-in on its own network.) So, with all this 'he-said-she-said' going ...
Symantec Admits It Was Hacked: Security Source Code Not Taken From Third-Party ...TheBlaze.com

all 174 news articles »
Can't fit in a trip to the grocery store this week? Completely boneheaded when it comes to assembling Ikea furniture? Falling behind on the real work you need to complete because you're busy answering email? TaskRabbit offers help with the minutiae of daily life, without your having to hire long-term employees or take a risk on a complete stranger. The website inAAvites you to post a task such as "deliver groceries" or "help me with heavy lifting," and TaskRabbits--task runners who've been screened for hire by the site--will bid on your task by specifying the lowest price they'll accept as payment.
Recently I've heard from a number of users who are looking for a way to cut that pricey cable-TV cord, but don't want to give up on watching and recording their favorite network shows. Turns out there's an easy and very affordable solution, one that eliminates cable (cable-TV, anyway) service entirely and frees you from monthly fees. It's called Windows 7.
Linux Kernel 'udp_sendmsg()' MSG_MORE Flag Local Privilege Escalation Vulnerability
PROMOTIC Multiple Security Vulnerabilities
NetBIOS, and its weaknesses that allow extremely easy spoofing have been well known all the way since 2005. I recently discussed NetBIOS with a colleague of mine, Arcel, and this discussion prompted me to see if anything changed with NetBIOS and recent Windows releases.
While I was almost certain that the old NetBIOS spoofing attacks do not work any more, I was stunned to see that even the latest and greatest Windows 7 still enable NetBIOS over TCP/IP by default.
In todays interconnected world, where we jump from one (wireless) network to another, this might have serious impacts on our security. The question is it time to get rid of NetBIOS sounds logical. Lets see whats happening here.

Starting with Windows 2000, all Windows operating systems (XP, 2003, Vista, 7, 2008) depend mainly on DNS to resolve network names. However, if DNS is not working, or the name cannot be resolved, Windows will try to use NetBIOS to resolve such network name.
Now, if a WINS server has been configured this should not be a problem, but in case when a WINS server is not present (or available), Windows will still try to use NetBIOS to resolve a network name. In such cases, Windows will send a NetBIOS Name Query packet, which is an UDP packet sent to a broadcast address. You can see one such packet in the screenshot below:

You can probably guess what an attacker can do since this is a broadcast packet, the attacker does not even need to perform other initial attacks such as ARP poisoning. He can simply send a NetBIOS Name Query Response with any contents he wants! As a matter of fact, even a Metasploit module exists that does this automatically (see auxiliary/spoof/nbns/nbns_response).
Now, the question that we have to think about is what attack scenarios are we dealing with here? Here come a few, judge for yourself how serious they are:

Whenever a user mistypes a network name, the attacker can spoof the response. Depending on what the user tries to access (i.e. a SMB share or a web page), the attacker can use another Metasploit module in order to catch exchanged credentials. Keep in mind, though, that only hashes are exchanged here so the attacker still needs to crack the original users password (or try to perform some relaying attacks).

One of the names that is particularly sensitive is WPAD. It is used by web browsers for automatic retrieval of proxy settings. In a scenario where we connect to an open wireless network, where the local DNS server does not have this name registered, an attacker can spoof the WPADs entrys IP address and further even serve a fake wpad.dat file. This would allow him to inspect the victims web traffic!

A lot of companies like to set their users home page in browsers (i.e. Internet Explorers home page). Now, when the user opens Internet Explorer on a malicious network, Internet Explorer will try to resolve that name. Since that name is usually something like intranet or intranetweb DNS will , of course, fail to resolve it. This gives the attacker an opportunity to fake this name. And whats even worse, Internet Explorer will automatically send users credentials to the resolved web page, since it will consider it to be in the Local Intranet zone. The picture below shows my fully patched Windows 7 machine falling prey for this attack and trying to retrieve wpad.dat as well as giving my test accounts credentials when I opened http://intranet:

As you can see from the scenarios mentioned above, this vulnerability can be extremely serious. To make things even worse, if you use an older operating system such as Windows XP, and you havent disabled LANMAN (LM) hashes, cracking them in such a case is trivial. Luckily, as you can see in the picture above, Windows Vista and above disable LANMAN hashes by default, so only much stronger NTLMv2 is used. Still, if your password policy is inadequate, an attacker can crack such passwords.
So what can we do to protect ourselves and our users against this? This is one of those times when auditors that bug you about settings and configuration are really right:

Unless you moved everything to Windows Vista or newer, make sure you disable LANMAN hashes. They are insecure and should not be used under any circumstances.

Disable NetBIOS over TCP/IP. I dont think that anything really uses this any more (if Im wrong let us know please!)

If you want to learn more about this attack, read the excellent post at http://www.packetstan.com/2011/03/nbns-spoofing-on-your-way-to-world.html and, once you get scared enough, take care of your network and users.



INFIGO IS (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Three new draft reports published by the National Institute of Standards and Technology (NIST) are designed to help both public and private organizations improve the security of their information management systems by developing ...
During his company's year-end earnings call, EMC CEO Joe Tucci warned that hard disk drive supplies will be an issue through 2012 and said all major products will see refreshes this year.
Yahoo struggled selling both display and search advertising in the fourth quarter, as its revenue and net income both dropped year-on-year.
Pinterest is a site your business should have on its radar. It's like a virtual bulletin board, allowing users to curate a collection of things they like from around the Internet into various layouts, or boards. And its popularity is booming, with 11 million reported page visits during one busy week last December--a 40-fold traffic increase over six months.
The folks here at IDG Enterprise (Computerworld, Network World, ITworld, CIO, etc.) decided to join this meme and offer our take on what different things end users say to IT staffers. Broad generalizations sprinkled with some truth, of course!
Clearwire exceeded 10 million subscribers in the fourth quarter but still needs to raise more money to build its planned LTE network, a task that could be funded in part by an upcoming US$300 million stock offering.
The creator of the Internet Archive will be honored for his work and foresight by the Software and Information Industry Association, the association.
Apple more than doubled its profits last quarter thanks to brisk sales of its iPad and iPhones over the holiday season. The company reported a profit of $13.06 billion for the quarter ending Dec. 31.
Linux Kernel CVE-2012-0056 Local Privilege Escalation Vulnerability
Wireshark Buffer Overflow and Denial of Service Vulnerabilities
The National Institute of Standards and Technology (NIST) has finalized its first set of guidelines for managing security and privacy issues in cloud computing.*Guidelines on Security and Privacy in Public Cloud Computing (NIST Special ...
The International Biometric Performance Conference 2012, to be held March 5-9 at the National Institute of Standards and Technology (NIST), will bring together evaluators, users and technology providers to discuss recent advances in the ...
The National Strategy for a Trusted Identities in Cyberspace (NSTIC) National Program Office will host the 2012 NISTNSTIC IDtrust Workshop amp"Technologies and Standards Enabling the Identity Ecosystemamp" on March 13 and 14, 2012, in ...
A new Facebook app might be perfect for the person who always wants to have the last word -- the very last word.
Linux vendors are rushing to patch a privilege escalation vulnerability in the Linux kernel that can be exploited by local attackers to gain root access on the system.
Inexpensive tablets with screen sizes up to 10 inches and Google's new Android 4.0 OS will soon become available at prices ranging from US$100 to $250.
PostgreSQL 'RESET ALL' Unauthorized Access Vulnerability
Linux Kernel KVM 'create_pit_timer()' Function Local Denial of Service Vulnerability
Google on Monday patched four vulnerabilities in Chrome, and disclosed that it had patched a fifth two weeks ago.
AT&T on Thursday will launch new cloud-based unified communications services that give businesses the ability to integrate chat, email, VoIP calls, audio and videoconferencing and more over desktops and many mobile devices
Verizon Communications on Tuesday reported a $2.02 billion fourth-quarter loss, mostly due to one-time charges of $3.4 billion for severance, pension and benefits, as well as increased subsidy costs for iPhone sales.
Web-based antimalware vendor Dasient is the second security firm acquired by Twitter in recent months. In November, Twitter acquired Android security vendor, Whisper Systems.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
The Black Hole crimeware kit has caused drive-by attacks to surge, according to the Sophos 2012 threat report.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Crossbeam performed a network security test that emulated one million simultaneous mobile users on its network security hardware.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
EMC reported record revenues totaling more than $20 billion in 2011, and said that Joe Tucci has changed his mind and will stay on as CEO through 2013.
Canonical will provide the next release of its Ubuntu Linux OS with a new type of interface that will allows desktop users to execute functions for any program through a command line interface, or by voice command.
Mozilla Firefox/Thunderbird/SeaMonkey Out of Bounds Memory Corruption Vulnerability
Image gallery: Ice Cream Sandwich on an Android tablet: A visual tour
Microsoft has announced a March 7 online event for the launch of SQL Server 2012, the next generation of its database product.
A Russian man who was accused Monday by Microsoft of creating the Kelihos botnet worked for a pair of security-related firms from 2005 to 2011, according to evidence on the Web.
The Droid Razr Maxx from Motorola goes on sale Thursday for $299.99 with a two-year agreement, Verizon Wireless announced Tuesday.
Only 7 Days Left: SANS AppSec 2012 CFP
NGS00193 Patch Notification: Trend Micro DataArmor and DriveArmor - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption
[ GLSA 201201-14 ] MIT Kerberos 5 Applications: Multiple vulnerabilities

Telos Corporation Tapped to Administer Air Force Information Network
MarketWatch (press release)
The vast team of network operations and information security (INFOSEC) professionals assembled to administer the network include cyberspace and network defenders available twenty four hours a day and security analysts, security engineers, ...

and more »

Telos Corporation Tapped To Administer Air Force Information Network
TheStreet.com (press release)
The vast team of network operations and information security (INFOSEC) professionals assembled to administer the network include cyberspace and network defenders available twenty four hours a day and security analysts, security engineers, ...

Verizon Communications on Tuesday reported a $2.02 billion fourth-quarter loss, mostly due to one-time charges of $3.4 billion for severance, pension and benefits, as well as increased subsidy costs for iPhone sales.
SITA has demonstrated a proof-of-concept that shows how smartphones equipped with NFC can be used by passengers to check in and board airplanes. It now hopes to test the technology this summer, a spokesman said on Tuesday.
Microsoft has named a Russian man as the alleged creator of Kelihos, a spammy botnet that abused the company's Hotmail service until the botnet was shutdown last September.
Hackers under the AntiSec banner appeared to have hacked late Monday the website of OnGuardOnline.gov, the U.S. federal government's online security website, in protest against controversial legislation.
Twitter has acquired Internet security firm Dasient, the Sunnyvale, California startup said on its blog on Monday.
A location-based phone application that alerts people trained in CPR when someone nearby is having a heart attack will be spreading from San Ramon, California, to San Jose by mid-February, according to San Ramon Valley Fire Protection District Chief Richard Price.
Apple became the biggest buyer of semiconductors last year, ahead of Samsung Electronics and Hewlett-Packard, Gartner said on Tuesday.
Adding game-like features to applications can keep users coming back for more, bemuse them or alienate them. But forget zombies and orcs.
QEMU KVM CVE-2012-0029 Local Privilege Escalation Vulnerability
Calling it a victory for privacy rights, civil rights advocates hailed a U.S. Supreme Court ruling that requires law enforcement officials to obtain a search warrant before they can attach a GPS tracking device to a vehicle.

Posted by InfoSec News on Jan 24


By Martin LaMonica
Cutting Edge
CNet News
January 23, 2012

A fastball of high-energy matter from the Sun is blasting toward the
Earth and is expected to cause the largest solar radiation storm since

Late last night, a solar flare caused a coronal mass ejection, or the
release of a burst of charged particles, from the sun's atmosphere,...

Posted by InfoSec News on Jan 24


By Aliya Sternstein

Hackers, possibly from abroad, executed an attack on a Northwest rail
company's computers that disrupted railway signals for two days in
December, according to a government memo recapping outreach with the
transportation sector during the emergency.

On Dec. 1, train service on the unnamed railroad "was slowed for a short
while" and...

Posted by InfoSec News on Jan 24


By John Ribeiro
IDG News
Jan 24, 2012

Hackers under the AntiSec banner appeared to have hacked late Monday the
website of OnGuardOnline.gov, the U.S. federal government's online
security website, in protest against controversial legislation.

In a message on the OnGuardOnline website and on Pastebin, the hackers
threatened "a...

Posted by InfoSec News on Jan 24


The New York Times
January 22, 2012

SAN FRANCISCO -- One afternoon this month, a hacker took a tour of a
dozen conference rooms around the globe via equipment that most every
company has in those rooms; videoconferencing equipment.

With the move of a mouse, he steered a camera around each room,
occasionally zooming...

Posted by InfoSec News on Jan 24


By Gregg Keizer
January 23, 2012

HP TippingPoint, the long-time sponsor of the annual Pwn2Own hacking
contest, has dramatically revamped the challenge and will be awarding a
first prize of $60,000 this year, four times 2011's top reward.

Google will also significantly increase the money it potentially will
pay to people able...

Posted by InfoSec News on Jan 24


By Ericka Chickowski
Contributing Editor
Dark Reading
Jan 24, 2012

With the release of the BEAST exploit and subsequent scrambling by
browser vendors to close up vulnerabilities against SSL authentication,
many Web authentication discussions have been focused on the SSL/TLS
protocol’s weaknesses in recent months. As...

Posted by InfoSec News on Jan 24


The Secunia Weekly Advisory Summary
2012-01-13 - 2012-01-20

This week: 96 advisories

Table of Contents:

1.....................................................Word From Secunia...

SANS Canberra 2012
Government Security News
Don't miss our new Cloud Security Fundamentals one-day course. For complete course descriptions see our Event-at-Glance page. Put the skills you'll learn to practical use and more than GIAC certified professionals who make the info sec industry safe!

SEPO aka @anon_4freedom has been on a run of leaks and has also attacked, hacked, leaked data from Ghana's Regional Maritime University. The leaked data is similar to the others with database and server information and a few accounts which have encrypted passwords.

Once again SEPO aka @anon_4freedom has attacked another Ghana based website, this time its a free to air TV station called TV3 (http://tv3.com.gh), This comes after an already rough week for Ghana with other sites being attacked as well.

SEPO aka anon_4freedom has struck again after making headlines last week. with a few stockmarket websites and now its hitting Ghana again hacking the countrys main bank and leaking data from the hack.

Internet Storm Center Infocon Status