Hackin9

InfoSec News

A Black Hat volunteer mistakenly sent to 7,500 conference goers a password-reset email that was initially thought to be a phishing attempt.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The file-sharing company BitTorrent has begun testing an advertising model through which it would share ad revenue with content producers whose work is downloaded through the service, promising a way for artists to monetize informal sharing of their digital content.
 
A federal judge in California has rejected a request by Samsung that would have doubled the length and increased the complexity of a highly anticipated trial in which the company will lock horns with Apple over smartphone and tablet PC patents.
 
Following the best marketing practices of traditional IT firms, Google has launched a partner program to help third-party vendors use and sell Google cloud services.
 
Broadcom plans to bring IEEE 802.11ac Wi-Fi to smartphones starting early next year, using a chipset announced on Tuesday that the company said can deliver about 300Mbps (bits per second) of real-world speed.
 
Oracle is yanking advertising claims that its Exadata database machine had vastly super performance to IBM's Power Systems hardware, according to an announcement Tuesday by the National Advertising Division, an industry self-regulatory group.
 
For the newest release of NetBeans, Oracle has equipped the open-source IDE (integrated development environment) to continuously run a static analysis tool, which could point out possible coding errors to developers as they write their programs.
 
Apple will launch its Mountain Lion operating system tomorrow, the company's chief financial officer said Tuesday.
 
Google and the European Commission appear close to a settlement that would end the Commission's investigation of the Internet giant for potential violations of European antitrust regulations, according to The New York Times.
 
Apple on Tuesday reported revenue for the quarter just ended that was lower than analysts had expected, despite a big jump in iPad sales.
 
Oracle and Google are at loggerheads over some $4 million in court costs Google wants Oracle to pay in connection with its patent and copyright lawsuit over the Android mobile OS.
 
Windows malware slipped past Apple's eye and has been found tucked into software available on the company's iOS App Store.
 
Twitter is teaming with NBC to make it easier for users to take in all the tweets about the upcoming Olympic Games.
 
The default YouTube app that comes with iOS was great back in 2007, but it hasn't seen a significant update in years and is lacking many features compared to the newer mobile YouTube website (m.youtube.com) that Google launched two years ago.
 

European Commission seeks public comments on infosec issues
Infosecurity Magazine
You are here: Home; /; News; /; European Commission seeks public comments on infosec issues · The European Commission has opened public consultations on network security and net neutrality ...

and more »
 
A reader reported (thanks @Scott) that he is observing a sudden jump in DNS Traffic all asking for the same thing.
Here is a snip from logs, slightly edited.


Jul 24 13:28:56 ns1 named[3240]: client XX.194.158.62#55148: query: gd21.net IN TXT +E

Jul 24 13:28:56 ns1 named[3240]: client XX.194.158.62#63757: query: gd21.net IN TXT +E

Jul 24 13:28:56 ns1 named[3240]: client XX.194.158.62#50037: query: gd21.net IN TXT +E

Jul 24 13:28:57 ns1 named[3240]: client XX.194.158.62#57822: query: gd21.net IN TXT +E

Jul 24 13:28:57 ns1 named[3240]: client XX.194.158.62#21294: query: gd21.net IN TXT +E

Jul 24 13:28:57 ns1 named[3240]: client XX.194.158.62#6076: query: gd21.net IN TXT +E

Jul 24 13:28:58 ns1 named[3240]: client XX.194.158.62#27221: query: gd21.net IN TXT +E

Jul 24 13:28:58 ns1 named[3240]: client XX.194.158.62#34485: query: gd21.net IN TXT +E

Jul 24 13:28:58 ns1 named[3240]: client XX.194.158.62#56117: query: gd21.net IN TXT +E

** used with permission **

gd21.net seems to link to a Korean Shopping site of some kind. As always, use caution when following links



Is anyone else seeing this? If so could you report it?



UPDATE:

Starting to look like reflective amplified DOS. If you are seeing this let us know.

Truncated, retrying in TCP mode.

DiG 9.7.3-P3 -HEADER QUERY: 1, ANSWER: 13, AUTHORITY: 2, ADDITIONAL: 0

gd21.net. IN TXT

ANSWER SECTION:

gd21.net. 236 IN TXT v=spf1 ip4:211.236.180.119 ip4:211.236.180.120 ip4:211.236.180.121 ip4:211.236.180.122 ip4:211.236.180.123 ip4:211.236.180.124 ip4:211.236.180.125 ip4:211.236.180.126 ip4:211.236.180.127 ip4:211.236.180.128 ~all

gd21.net. 236 IN TXT v=spf1 ip4:211.236.180.118 ip4:211.236.180.40 ~all

gd21.net. 236 IN TXT v=spf1 ip4:211.236.180.9 ip4:211.236.180.10 ip4:211.236.180.11 ip4:211.236.180.12 ip4:211.236.180.13 ip4:211.236.180.14 ip4:211.236.180.15 ip4:211.236.180.16 ip4:211.236.180.17 ip4:211.236.180.18 ~all

gd21.net. 236 IN TXT v=spf1 ip4:211.236.180.19 ip4:211.236.180.20 ip4:211.236.180.21 ip4:211.236.180.22 ip4:211.236.180.23 ip4:211.236.180.24 ip4:211.236.180.25 ip4:211.236.180.26 ip4:211.236.180.27 ip4:211.236.180.28 ~all

gd21.net. 236 IN TXT v=spf1 ip4:211.236.180.29 ip4:211.236.180.30 ip4:211.236.180.31 ip4:211.236.180.32 ip4:211.236.180.33 ip4:211.236.180.34 ip4:211.236.180.35 ip4:211.236.180.36 ip4:211.236.180.37 ip4:211.236.180.38 ~all

gd21.net. 236 IN TXT v=spf1 ip4:211.236.180.39 ip4:211.236.180.40 ip4:211.236.180.41 ip4:211.236.180.42 ip4:211.236.180.43 ip4:211.236.180.44 ip4:211.236.180.45 ip4:211.236.180.46 ip4:211.236.180.47 ip4:211.236.180.48 ~all

gd21.net. 236 IN TXT v=spf1 ip4:211.236.180.49 ip4:211.236.180.50 ip4:211.236.180.51 ip4:211.236.180.52 ip4:211.236.180.53 ip4:211.236.180.54 ip4:211.236.180.55 ip4:211.236.180.56 ip4:211.236.180.57 ip4:211.236.180.58 ~all

gd21.net. 236 IN TXT v=spf1 ip4:211.236.180.59 ip4:211.236.180.60 ip4:211.236.180.61 ip4:211.236.180.62 ip4:211.236.180.63 ip4:211.236.180.64 ip4:211.236.180.65 ip4:211.236.180.66 ip4:211.236.180.67 ip4:211.236.180.68 ~all

gd21.net. 236 IN TXT v=spf1 ip4:211.236.180.69 ip4:211.236.180.70 ip4:211.236.180.71 ip4:211.236.180.72 ip4:211.236.180.73 ip4:211.236.180.74 ip4:211.236.180.75 ip4:211.236.180.76 ip4:211.236.180.77 ip4:211.236.180.78 ~all

gd21.net. 236 IN TXT v=spf1 ip4:211.236.180.79 ip4:211.236.180.80 ip4:211.236.180.81 ip4:211.236.180.82 ip4:211.236.180.83 ip4:211.236.180.84 ip4:211.236.180.85 ip4:211.236.180.86 ip4:211.236.180.87 ip4:211.236.180.88 ~all

gd21.net. 236 IN TXT v=spf1 ip4:211.236.180.89 ip4:211.236.180.90 ip4:211.236.180.91 ip4:211.236.180.92 ip4:211.236.180.93 ip4:211.236.180.94 ip4:211.236.180.95 ip4:211.236.180.96 ip4:211.236.180.97 ip4:211.236.180.98 ~all

gd21.net. 236 IN TXT v=spf1 ip4:211.236.180.99 ip4:211.236.180.100 ip4:211.236.180.101 ip4:211.236.180.102 ip4:211.236.180.103 ip4:211.236.180.104 ip4:211.236.180.105 ip4:211.236.180.106 ip4:211.236.180.107 ip4:211.236.180.108 ~all

gd21.net. 236 IN TXT v=spf1 ip4:211.236.180.109 ip4:211.236.180.110 ip4:211.236.180.111 ip4:211.236.180.112 ip4:211.236.180.113 ip4:211.236.180.114 ip4:211.236.180.115 ip4:211.236.180.116 ip4:211.236.180.117 ip4:211.236.180.118 ~all

AUTHORITY SECTION:

gd21.net. 236 IN NS ns2.goldennet.co.kr.

gd21.net. 236 IN NS ns.goldennet.co.kr.

MSG SIZE rcvd: 2735



leslie-2:~ packetalien$ dig gd21.net txt | wc

35 283 3349





Richard Porter
--- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Legislation that would allow U.S. states to collect sales tax from online sellers is good for consumers, because it would help them pay the taxes they already owe, supporters said Tuesday.
 
Amazon Web Services has filed details on its security controls with Cloud Security Alliance online registry, showing a new level of transparency.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
With services like Dropbox, Google Docs, and even IMAP email, users today expect their data to remain up-to-date and available on every device. iOS users want conflict-free access to their data--whether it's documents, in-game progress, or other details--on their iPads, iPhones, and Macs. Apple aims to satisfy that user need with iCloud.
 
Android DNS poisoning: Randomness gone bad (CVE-2012-2808)
 
[ MDVSA-2012:110 ] mozilla
 
Re: Wordpress (chenpress Plugin) Arbitrary File Upload Vulnerability
 
[ MDVSA-2012:109 ] libxslt
 
Texas Memory Systems announced a firmware upgrade that allows its PCIe flash cards to be used as an OS boot device.
 
It would offer Airtel's customers the ability to make retail payments and do basic banking using their mobile phones and Airtel's network.
 
India's first credit information company, CIBIL, also becomes the first to provide market analytics to financial institutions on a SaaS model.
 
Narayana Hrudayalaya finds a way to deliver better healthcare services and expand by hosting its hospital management system on the cloud.
 
Video-conferencing is yesterday's news. VC-on-mobile is the tech of the future. But the CIO of DDB Mudra Group is doing it here and now.
 
The European Commission on Tuesday warned 13 optical disk drive suppliers that they may face a formal antitrust investigation for participating in a worldwide cartel.
 
More mobile customers and increasing mobile data use pushed AT&T's revenue up slightly in the second quarter of 2012 and helped drive an 8.7% increase in net income.
 
Apple will seek billions of dollars in damages from Samsung when a high-profile patent lawsuit between the companies goes in front of a California jury next week.
 
Japan's Finance Ministry has uncovered evidence of a major Trojan cyber-attack on its computer systems that lay undetected for almost two years, according to local sources.
 
Box plans to announce a new application for the Windows Phone OS and a partnership with Qualcomm, moves that it hopes will boost adoption of its cloud storage and file-sharing service on mobile devices.
 
Dell is expanding the range of laptops with Linux, with its new Precision mobile workstations being offered with Red Hat Enterprise Linux 6 OS as an option.
 
Notebooks equipped with hard drives will dominate the market for years to come, meaning the market for notebooks with SSDs pose no threat, according to a new report from iSuppli.
 
Savvy IT departments that set aside time for employee creativity say they gain happier workers, more satisfied customers and sometimes even revenue.
 
Intel is porting the Android 4.1 operating system, also called Jelly Bean, to work on smartphones and tablets using low-power Atom processors, the company said this week.
 
Samsung Electronics is assuming that technology in the iPad and iPhone violates its patents without knowing the actual processes in the devices' chipsets, Apple argued on Tuesday in Australian Federal Court.
 
Firefox 14 accounted for nearly half of all copies of the open-source browser in use just a week after its launch, a sign that Mozilla's automatic update mechanism may be working as intended.
 
Wi-Fi chip makers are lining up to add WiGig technology to their wireless LAN products, preparing the way for tri-band equipment that can deliver multi-gigabit speeds within a room.
 
Toshiba announced a reduction in its production of NAND flash memory, which go into smartphones, tablets and storage devices, by about 30% from Tuesday, to cope with oversupply conditions in the market.
 
Samsung's Galaxy Tab 7.7 was banned in Europe by the higher court of DA1/4sseldorf on Tuesday because it found the tablet infringes on Apple's design rights and looks too much like the iPad.
 
Developers are rapidly losing interest in Windows Phone 7, but see potential in Windows 8
 

Posted by InfoSec News on Jul 24

http://www.darkreading.com/security-services/167801101/security/security-management/240004217/darpa-funded-service-seeks-flaws-in-smartphones.html

By Robert Lemos
Contributing Writer
Dark Reading
July 24, 2012

Beset by malware and malicious attackers, developers in the
personal-computer world have found ways to reduce the time between the
release of a patch and the installation of the fix on vulnerable
systems.

With Android smartphones and...
 

Posted by InfoSec News on Jul 24

http://arstechnica.com/security/2012/07/industial-bugs-exploited-by-stuxnet-fixed/

By Dan Goodin
Ars Technica
July 23 2012

German conglomerate Siemens on Monday said it has fixed vulnerabilities
in its software products that appeared to be identical to those that
allowed the Stuxnet computer worm to disrupt Iran's nuclear program.

In advisories published here and here, Siemens said it updated its
Simatic Step7 and Simatic WinCC...
 

Posted by InfoSec News on Jul 24

http://www.cmio.net/index.php?option=com_articles&view=article&id=34638:beth-israel-suffers-large-data-breach

By Beth Walsh
CMIO.net
July 23, 2012

Beth Israel Deaconess Medical Center (BIDMC) in Boston is in the process
of notifying approximately 3,900 patients of a potential breach of
protected health information (PHI) as a result of a physician's stolen
personal laptop computer.

The computer was stolen from the office of a...
 

Posted by InfoSec News on Jul 24

Just a little heads-up...

I will be covering Black Hat USA & DEF CON in Las Vegas.

Likewise, the moderation of InfoSec News for the next several days will
non-existent due to the hostile network environments.

If it looks like I am not up to something constructive or destructive, feel
free to drag me off to the side and say Hello.

Cheers!

William Knowles
wk (at) c4i [.] org
 

Posted by InfoSec News on Jul 24

http://www.forbes.com/sites/andygreenberg/2012/07/23/hacker-will-expose-potential-security-flaw-in-more-than-four-million-hotel-room-keycard-locks/

By Andy Greenberg
Forbes.com
7/23/2012

The next time you stay in a hotel room, run your fingers under the
keycard lock outside your door. If you find a DC power port there, take
note: With a few hacker tricks and a handful of cheap hardware, that
tiny round hole might offer access to your room...
 
SAP's revenue for the second quarter grew 18 percent over the same quarter last year to a!3.9 billion (US$4.9 billion) following record software revenue of over a!1 billion, it reported on Tuesday.
 
Internet Storm Center Infocon Status