Hackin9
A French court has ordered Twitter to hand over any data that could help authorities there identify people who posted racist and anti-Semitic tweets on its website.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Cisco Systems plans to sell its Linksys home networking business to Belkin International for an undisclosed sum under an agreement that includes cooperation between the companies on software, service-provider products and other areas.
 
Acer is trying to adapt to the slowdown in the PC market by shutting down its eMachines unit and refocusing Gateway and Packard Bell to offer new products that are "beyond the PC."
 
AT&T said Thursday it had restored its U-verse broadband service to all customers who suffered from a widespread outage this week.
 
The National Institute of Standards and Technology (NIST), through its Small Business Innovation Research (SBIR) program, invites small businesses to propose solutions to specific challenges in the fields of cybersecurity and ...
 
Though Microsoft's second-fiscal-quarter profit declined, company revenue increased, helped by its Windows division, where sales shot up more than 20 percent year on year.
 
Twitter announced the launch of Vine, a service that lets mobile users capture and share short, looping videos of six seconds or less.
 
AT&T reported a slight increase in revenue and a smaller net loss for the fourth quarter, helped along largely by smartphone and broadband sales.
 
Amazon has acquired IVONA Software, a Polish company specializing in text-to-speech and voice recognition capabilities.
 
Mac sales plummeted in the fourth quarter of 2012, falling 22% from the same period the year before, with computer sales accounting for a record low percentage of Apple's total revenue of $54.5 billion.
 
As expected, the average selling price (ASP) of Apple's iPad line fell sharply in the fourth quarter of 2012 as the lower-priced iPad Mini reached customers.
 

According to Australian security company Sec Consult, several Barracuda products include a non-documented backdoor. The accounts affected are installed by default and can not be disabled. An attacker could use either SSH, or local console access, to log in using these account.

Sec Consult was able to crack some of the passwords for these accounts using the shadow file. The accounts do also have authorized ssh keys defined, but of course, it would be pretty hard to find the associated private key.

This issue affects various Barracuda products.

Default iptables firewall rules block access to port 22 from public IP addresses. But it appears that certain local networks are free to connect to port 22.

Barracuda published an alert rating this problem as medium [2]

[1]https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130124-0_Barracuda_Appliances_Backdoor_wo_poc_v10.txt

[2]https://www.barracudanetworks.com/support/techalerts



------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Researchers at a UK-based bioinformatics school have stored .mp3 and text files in DNA material that they claim can last 10,000 years.
 
Alan Cox, one of the chief contributors to the Linux kernel, has taken a step down from his volunteer duties, citing the need to attend to family matters.
 
Mac sales plummeted in the fourth quarter of 2012, falling 22% from the same period the year before, with computer sales accounting for a record low percentage of Apple's total revenue of $54.5 billion.
 
Skype owner Microsoft should release information about how much user data it gives to third parties, including government agencies, several organizations and individuals said in a letter to company officials.
 
Under the helm of new CEO Steve Bennett, Symantec late yesterday outlined a re-organization intended to lead to a leaner company and a new range of security and backup services and products, built primarily on internal research and development not acquisitions, within the next six to nine months.
 
Nokia swung to a net profit during the fourth quarter, as it sold a growing number of Windows Phone-based smartphones.
 
Google Maps slipped last year, giving Facebook enough room to become the most popular mobile app in the U.S., according to ComScore.
 
The Hadoop open source programming framework for large-scale data analysis is already one of the highest-profile technologies in the "big data" market, but users can expect it to become even more prevalent over the next couple of years, according to Gartner.
 
Over the last few days, Microsoft Security Essentials has stopped automatically updating virus signatures on some systems. The problem can be resolved by manually installing a signature package


 
CVE ID Syntax Change - Call for Public Feedback
 
SEC Consult SA-20130124-0 :: Critical SSH Backdoor in multiple Barracuda Networks Products
 
IPv6: How to avoid security issues with VPN leaks on dual-stack networks
 
New Blog Post: Attacking the Windows 7/8 Address Space Randomization
 
In CIO.com's latest Resume Makeover, executive career coach Donald Burns works with an IT professional who's won awards, worked for Fortune 500 companies, pharmaceutical businesses and in the government sector. The challenge: His resume was just a running list of the jobs he's held. The goal: make his most impressive skills stand out.
 
Appearing to further distance itself from VCE coalition partners EMC and VMware, Cisco this week expanded collaboration with storage titan NetApp to deepen integration and market reach.
 
The discovery of default and fixed user accounts and preset holes on firewalls to allow the company, or anyone else from the /24 network range, to log in has led to Barracuda releasing a security update for nearly all of their appliances


 
A freely available tool can be used to determine plain text passwords for Siemens industrial control systems


 
In the last quarter the security specialist turned over $1.79 billion, up 4.4% on the same quarter of the previous year


 
A cheaper iPhone ? A deal with China Mobile ? Despite having neither of the two, Apple reported strong earnings in the Chinese market in its fiscal first quarter, with revenue buoyed by triple digit growth in iPhone sales.
 
The nuts and bolts of systems designed for storing petabytes (and more) of data that can be easily accessed and analyzed are more complex than the inner workings of your average storage platform. Here's how to handle the data deluge.
 
A problem caused by a software upgrade has caused a widespread outage on AT&s U-verse broadband service this week, leading to a torrent of attacks against the carrier on social media.
 
A government body in the U.K. has fined Sony $396,000 for using lax network security when its PlayStation network was hacked in 2011.
 
Google has added offline presentations and editing to its Slides application, as it continues to bring its Internet apps to the desktop.
 
The U.S. International Trade Commission has decided to review an earlier decision that found Samsung Electronics' products infringed four patents owned by Apple.
 
Verizon Wireless today debuted two shared data plans for business customers -- the first of their kind in the industry.
 
Sony did not take sufficient care before 2011's breach of its PlayStation Network says the UK's Information Commissioner's Office, which has fined the company £250,000 for contravening the Data Protection Act


 
Sony did not take sufficient care before 2011's breach of its PlayStation Network says the UK's Information Commissioner's Office, which has fined the company £250,000 for contravening the Data Protection Act


 
A government body in the U.K. has fined Sony APS250,000 (US$396,000) for using lax network security when its PlayStation network was hacked in 2011.
 
FreeIPA CVE-2012-5484 Man in The Middle Security Vulnerability
 
Adobe Flash Player and AIR CVE-2012-5278 Remote Code Execution Vulnerability
 
Adobe Flash Player and AIR CVE-2012-5274 Buffer Overflow Vulnerability
 

Posted by InfoSec News on Jan 24

http://www.clinical-innovation.com/topics/privacy-security/lost-usb-drive-source-breach-utah-medicaid-patients

By Editorial staff
Clinical Innovation + Technology
Jan 23, 2013

The Utah Department of Health (UDOH) has begun the process of notifying
approximately 6,000 Medicaid clients that some of their personal information
was misplaced by a third-party contractor. The contractor, Goold Health
Systems, processes Medicaid pharmacy...
 

Posted by InfoSec News on Jan 24

http://www.wired.com/threatlevel/2013/01/mastermind-behind-gozi-charged/

BY KIM ZETTER
Threat Level
Wired.com
01.23.13

The mastermind who designed and distributed the Gozi malware — infecting more
than a million computers worldwide in order to steal banking and other
credentials from tens of thousands of victims — has been charged in New York
along with two co-conspirators, according to documents unsealed Wednesday.

Nikita Vladimirovich...
 

Posted by InfoSec News on Jan 24

http://www.darkreading.com/advanced-threats/167901091/security/security-management/240146871/supply-chain-uncertainties-make-security-difficult.html.html

By Robert Lemos
Contributing Writer
Dark Reading
Jan 23, 2013

Supply-chain security has become a growing concern for national governments and
large enterprises, but the degree to which compromised technology is a threat
remains uncertain, especially since backdoors are hard to detect and,...
 

Posted by InfoSec News on Jan 24

http://www.csoonline.com/article/727190/sometimes-the-best-defense-is-deletion

By Taylor Armerding
CSO
January 23, 2013

Big Data is viewed as a very good thing by most enterprises. With the right
analytics, it can generate meaning and business value. But like with many
things there can be too much of a good thing, say a number of Information
Governance (IG) experts.

Their message is that enterprises need to do more than protect their data...
 

Posted by InfoSec News on Jan 24

http://www.informationweek.com/security/vulnerabilities/security-flaws-leave-networked-printers/240146805

By Mathew J. Schwartz
Informationweek
January 23, 2013

Printers that use popular print server software sold by Hewlett-Packard are
vulnerable to attacks that can bypass built-in biometric defenses, recover
previously printed documents and crash all vulnerable machines attached to a
network.

That warning comes from viaForensics...
 
Internet Storm Center Infocon Status