Share |

InfoSec News


Infopackets (blog)

Kaspersky's son freed after kidnap ordeal
PC Pro
Ivan Kaspersky, 20, was taken hostage while his father was visiting the Infosec security conference in London last week. Eugene Kaspersky reportedly received a $3 million ransom demand for the release of his son. The 20-year-old was reportedly taken ...
Kidnapped Kaspersky freed without ransomiT News

all 23 news articles »
 
Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
When I first unpacked the Digital Storm xm15, only the logo on the glossy lid distinguished it from a gazillion other generic, ODM (original design manufacturer) laptops. At just under 6 pounds without the power brick, it's a tad lighter than similar laptops with a discrete graphics chip. The xm15 uses Nvidia's Optimus technology to shift automatically between the Intel integrated graphics and the GeForce GT 540M GPU when greater 3D graphics performance is required.
 
According to every shred of evidence from our performance tests, we should tell you to banish the Gateway NV51B05u from consideration. It's slow for an all-purpose laptop, it has limited battery life, and its gaming frame rates are pathetic. At the checkout counter and in subjective use, however, it's a different story. You can have the NV51B05u for just a bit more coin than a high-end netbook ($470 as of April 26, 2011), yet it offers a 15.6-inch widescreen display, a full-size keyboard, a full-size touchpad, and a DVD burner. It also handles 1080p movies with ease, and--numbers aside--its performance is adequate for many everyday tasks.
 
If you have any pictures on Friendster you want to keep, you had better grab them now. The social networking pioneer announced on Tuesday that it's making some significant changes to the site.
 
Asterisk Manager Interface Arbitrary Command Execution Security Bypass Vulnerability
 
There has been a bit of press lately about how external threats are overtaking internal threats in the near term. Traditionally it has been viewed that internal threats (i.e. disgruntled employees) pose a greater threat to an organization than outsiders. In reality, the lines are blurring but external attackers are becoming more sophisticated in their attacks. That said, I was made aware by a coworker of an interesting controversy emerging from South Korea. In essence, one of their major banks was offline and unable to process any transactions for several days. Around April 12, customers were unable to perform ATM transactions, online transactions or any in-bank transactions for about a day. For several days afterwards, transaction were highly unreliable. In essence, this bank (Nongyhup Bank, NH Bank) basically suffered a catastrophic system failure.
According to reports, a contractor from IBM had his laptop infected, which in turn successfully attacked about 60% of the banks infrastructure and crippled its ability to do business. The running controversy is whether this was an insider attack or someone who compromised a contractor and used as used it as a beach-head to get into the bank. That investigation is playing out and we'll see where that goes. From what I can tell (and that's limited because... well... I don't speak Korean) there was a contractor's laptop that was compromised, Chinese IP addresses were involved (and for those of you who know the geopolitical history know that is entirely unsurprising) and there are 300,000 some odd complaints about people not being able to get their money who are in various states of non-pleased.
Like I said, the investigation is ongoing and who knows what really will happen.
Disclaimers aside, my first thought was the IMF incidentwhich ultimately led to the spectacular collapse of Satyam. Maybe that's not the case here, but I do know when I've applied for contractor positions at pretty big firms, I've been appalled by how easy it would be to game the system and, for that matter, how easy the system has been gamed.
In this particular case, there has been a non-trivial amount of incidents that should have served as a warning sign for internal controls. My personal favorite expression regarding the failures of this bank and how they responded (after it became catastrophic) is that they started a 2011 training session with a highly critical self-reflection and atonement. Maybe I'm odd, I find that expression humorous.
Ultimately, organizations security is determined by who it trusts to run the shop. If all you do is a phone screen (which may or may not be the actual person who is going to start the job the following Monday), you may be asking for trouble.
What are your thoughts? How important is it to consider the insider threat and to vet your contractors and employees?
Background:
IEEE:South Korean NH Bank's Week-Long System Failure That Affected 30 Million An Inside Job?
Korea Times:Chinese IPs linked to Nonghyup crash
The Dong-A-Ilbo:`Nonghyup Bank averaged 2 financial accidents per month`
--

John Bambenek

bambenek at gmail /dot/ com

Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A recently published Apple patent application indicates the company may have plans to collect iPhone user location history but it's not clear if the patent application is related to the recent discovery that iPhones and iPads store historical location information.
 
Although the FBI said a federal temporary restraining order has crippled the Coreflood botnet in the U.S., Microsoft today took the unusual step of pushing a second version of its monthly malware cleaner to Windows users to again quash the botnet.
 
Federal and state government budget problems have forced the SETI Institute to halt its effort to scan the skies to listen for communications from extraterrestrial life.
 
It's been six days and the PlayStation Network is still offline -- and now Sony has acknowledged that the problem involved a security breach.
 
In the midst of an uproar over ways that Apple and Google collect and store location information from mobile phones, Microsoft has laid out details about its Windows Phone 7 data collection policies.
 
A trade group raises concerns about the FTC settlement with Google over Buzz.
 
Opera Web Browser Prior to 10.63 Multiple Security Vulnerabilities
 
Running an application security program requires more than a solid budget. It needs a person with deep knowledge of the organization and its engineering processes.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
While developer interest in Apple's mobile devices remains high, interest in Android has stalled among programmers disappointed with tablet prices and pressed by Android fragmentation, a survey published today showed.
 
Alcatel-Lucent is reportedly shopping around its enterprise switching, IP telephony and contact center businesses in an effort to boost its financial performance by focusing on core telecom markets.
 
LG Electronics on Tuesday announced it had signed a license for ARM's upcoming application and graphics processors, opening a path for the device maker to design a new chip and expand in the market of smartphones and tablets.
 
Facebook Tuesday added a new service that makes it more competitive with the popular Groupon discount coupon service.
 
Google will allow companies to sign up users for its paid Apps for Business hosted collaboration and communication suite on a month-to-month basis, without having to commit them to an annual contract.
 
Oracle has subpoenaed scores of Rimini Street customers in connection with its intellectual property suit against the third-party software maintenance provider, but at least one has no interest in complying with its demands.
 
Google's position on doing business in China will not change because of Larry Page's succession as CEO of the Internet search company.
 
Google Chrome prior to 6.0.472.59 Multiple Security Vulnerabilities
 
Apple has given up its attempts to trademark the word 'pod' after seven years, according to reports.
 
Verizon Wireless and Sprint said they will start selling new Android-based smartphones on April 28 and May 8 respectively.
 
Lawson Software has agreed to be purchased by an Infor affiliate GGC Software Holdings for roughly $2 billion, the company announced Tuesday.
 
Sermon Browser WordPress Plugin Cross Site Scripting and SQL Injection Vulnerabilities
 
HTB22955: Path disclosure in BuddyPress WordPress plugin
 
HTB22957: XSRF (CSRF) in phpList
 
HTB22956: XSS vulnerabilities in phpList
 
HTB22948: Path disclosure in Cotonti
 
HTB22954: Path disclousure in yappa-ng Photo Gallery
 
Sony will take its first step into the tablet market later this year when it launches two devices. Prototypes of the two tablets were previewed at a Tokyo news conference on Tuesday, but what are they like to use? On Tuesday evening I had a brief chance to try them out.
 
Sony will make its long-awaited entry into the tablet PC market later this year with two models based on the latest version of Google's Android operating system.
 
Nick Selby and Dave Henderson on the power of simplicity when it's time to sell cops new technology.
 
You have to take only a couple of business trips or vacations with a 6-pound laptop in tow before you start thinking about switching to a PC with a little less meat on its bones.
 
Sony launching two models of Android tablets later this year
 
Dell's Boomi AtomSphere can bridge internal systems with public clouds
 
Lawson Software has agreed to be purchased by an Infor affiliate GGC Software Holdings for roughly $2 billion, the company announced Tuesday.
 
Dell on Tuesday announced a desktop workstation that acts like a server from which remote client PCs can exploit graphics processing capabilities.
 
Without a sample of the new worm that an Iranian official says attacked the country's computers, it's impossible to verify his claims, a security researcher said.
 
With cloud storage providers closing -- and Amazon's cloud service problems continuing -- users are left to wonder what happens to their data when they can't access it in the cloud.
 
Despite the heightened focus on cloud availability and uptime caused by Amazon's prolonged service outage last week, security will likely remain the bigger long-term concern for enterprises, analysts say.
 
Amazon promises to fully explain recent cloud outage; IT managers will likely be asked to do the same by execs at companies using the services.
 
InfoSec News: DHS chief: What we learned from Stuxnet: http://www.computerworld.com/s/article/9216166/DHS_chief_What_we_learned_from_Stuxnet
By Robert McMillan IDG News Service April 25, 2011
If there's a lesson to be learned from last year's Stuxnet worm, it's that the private sector needs to be able to respond quickly to [...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, April 17, 2011: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, April 17, 2011
45 Incidents Added.
======================================================================== [...]
 
InfoSec News: Phishing: Consumer Education Lacking: http://www.bankinfosecurity.com/articles.php?art_id=3571
By Tracy Kitten Managing Editor Bank Info Security April 22, 2011
The Oak Ridge National Laboratory, located in Tennessee, recently disconnected Internet access after hackers attacked employees at the federal facility. [...]
 
InfoSec News: New Workshop: USENIX FOCI '11 Submission Deadline Approaching: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>
We're writing to remind you that the submission deadline for the first USENIX Workshop on Free and Open Communications on the Internet (FOCI '11) is approaching. Please submit your work by May 1, 2011, at 11:59 p.m. PDT.
http://www.usenix. [...]
 
InfoSec News: The Rising Tide Of Cyber-Threats Could Engulf National Infrastructures: http://www.eweekeurope.co.uk/comment/the-rising-tide-of-cyber-threats-could-engulf-national-infrastructures-27457
By Eric Doyle eWEEK Europe April 25, 2011
Cyber-attacks are increasing but national infrastructures are ill-prepared to defend themselves. [...]
 
Sony launching two models of Android tablets later this year
 

Posted by InfoSec News on Apr 26

Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>

We're writing to remind you that the submission deadline for the first
USENIX Workshop on Free and Open Communications on the Internet (FOCI
'11) is approaching. Please submit your work by May 1, 2011, at 11:59
p.m. PDT.

http://www.usenix.org/foci11/cfpb/

FOCI '11 seeks to bring together researchers and practitioners from both
technology and policy backgrounds to...
 

Posted by InfoSec News on Apr 26

http://www.eweekeurope.co.uk/comment/the-rising-tide-of-cyber-threats-could-engulf-national-infrastructures-27457

By Eric Doyle
eWEEK Europe
April 25, 2011

Cyber-attacks are increasing but national infrastructures are
ill-prepared to defend themselves. Urgent action, not endless planning,
is required, argues Eric Doyle

Threats to major companies and national utilities have increased over
the past year as cyber threats escalate into cyber...
 

Posted by InfoSec News on Apr 26

http://www.computerworld.com/s/article/9216166/DHS_chief_What_we_learned_from_Stuxnet

By Robert McMillan
IDG News Service
April 25, 2011

If there's a lesson to be learned from last year's Stuxnet worm, it's
that the private sector needs to be able to respond quickly to
cyber-emergencies, the head of the U.S. Department of Homeland Security
said Monday.

"The key thing we learnt from Stuxnet was the need for rapid...
 

Posted by InfoSec News on Apr 26

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, April 17, 2011

45 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported
data loss incidents world-wide. The Open Security Foundation asks for
contributions of new incidents and new data for...
 

Posted by InfoSec News on Apr 26

http://www.bankinfosecurity.com/articles.php?art_id=3571

By Tracy Kitten
Managing Editor
Bank Info Security
April 22, 2011

The Oak Ridge National Laboratory, located in Tennessee, recently
disconnected Internet access after hackers attacked employees at the
federal facility. On April 7, a spear phishing e-mail, feigning to be
from human resources, was sent to 530 of the lab's 5,000 employees. The
e-mail included a malicious link that...
 
eZip Wizard Zip File Stack Remote Buffer Overflow Vulnerability
 

Computing

InfoSec 2011: Can social media be tamed?
Computing
Attendees to this year's InfoSec conference in London were told that social media in the enterprise is always going to be anarchic, and corporate controls are limited in their ability to temper this. This was the opinion expressed by ...

 


Internet Storm Center Infocon Status