InfoSec News

As we are looking at hurricane Irene taking aim at major population and technology centers on the east coast, here a couple of tech tips:
- Cell phone batteries last longer if you turn off non essential services like 3G, bluetooth, wifi.

- keep a hard copy of important phone numbers handy

- make sure all batteries are charged (including spare batteries you may have)

- electricity and water don't mix. If there is a threat of flooding, you may want to turn off the main breaker of your house (not if it is outside and it is wet / raining)

- hurricanes tend to come along with power outages. If you experience a power outage, disconnect major appliances, in particular sensitive ones like computers. During the recovery phase, irregular power and power spikes are likely (you may want to flip the main breaker)

- power suggest caused by lightning can travel over network cable. Unplug networks, in particular cable/DSL modems or other devices that connect to the outside

- in most cases, you will be safer at home in your house then on the road once the storm started. If you want to get out, get out now before it is too late

- to contact others, use SMS vs. voice calls. Most cell phone networks will deal with SMS much better then voice
The Red Cross is operating a site that you can use to leave brief safe and well messages : . Twitter and Facebook can also be handy to leave quick messages for friends telling them that you are fine.
Security issues and Scams:
- if you evacuate your home, consider taking hard drives with other valuables (but they are not always easy to remove)

- frequently, the need arises to make quick system configuration changes to mitigate the impact of a location that is down. Document them carefully even if you appreciate normal change control.

- compromised social networking accounts could be used to send fake pleas for help (and money)

- only donate to reputable organizations that you know and trust. Don't donate to organizations you never heard about

- disaster movies and pictures are likely going to be used to spread malware
We will move this to a disaster recovery section that we are about to built. Let me know if you have additional tips. Also: What is in your jump bag of stuff that you would take with you?


Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
The fire sale of the HP TouchPad (and the resulting rush to snag the tablet) proved one thing: if it's cheap enough, they will come. This could be good news for Amazon, who reportedly plans to release its own tablet in late September/early October for "hundreds less" than the iPad.
When Bill McCown joined The Situs Companies six years ago, the Houston-based real estate consulting firm was anticipating growth, and the company figured its tape-based backup systems would need to be upgraded. Then came September 2008, when Hurricane Ike slammed into Houston. "Our data center stayed up but our office didn't have power for a week," recalls McCown, who is the director of IT for the firm. While employees in other locations had access to the data center, the central office was offline and out of the communications loop.
The state-run China Central Television network has yanked a video that inadvertently included a short clip of a cyber-attack tool targeting Falun Gong websites.
Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution
Jcow CMS 4.2 <= | Cross Site Scripting
Listendifferent (prodotto.php?IDprodotto) Remote SQL injection Vulnerability
OMNITEC (prodotto.php?id_prodotto) Remote SQL injection Vulnerability
Web Art Studio (prodotto.php?lang) Remote SQL injection Vulnerability
Spherica Remote SQL injection Vulnerability
(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Marinet Remote SQL injection Vulnerability
Marinet Remote SQL injection Vulnerability
At next week's Internationale Funkaustellung (IFA) in Berlin, smartphone makers are expected to push the boundaries of the device's screen sizes, while also launching tablets and trying to accelerate the momentum for 3D-capable products.
As people up and down the East Coast of the United States prepare for Hurricane Irene, social networks are being used to get the word out about its path and how best to deal with it.
Verizon won't offer the Samsung Galaxy S II smartphone, which is being introduced by other major U.S. carriers next week and could be a top contender against the coming iPhone 5.
In discussions about cloud computing and in comments readers leave on my blog posts, I commonly get statements along the lines of "Yeah, this cloud computing stuff sounds great, but at the end of the day, you have to have an IT guy solving problems like they've always done." In personal interactions, I often hear this sentiment portrayed as, "Public cloud computing is fine for the SMB and startup market, but enterprises aren't ready to move to that model." The tone of much of this feedback is that anyone who advocates cloud computing is at best naive or at worst incapable of understanding the real details of IT.
As Hurricane Irene barrels toward the eastern seaboard, the Department of Homeland Security is warning government agencies and private companies to be on the lookout for storm-related phishing attacks and other malicious cyberactivity.
Web Progetto (prodotti.php?idcategoria) Remote SQL injection Vulnerability
Foresta Creativa (prodotti.php?idCategoria) Remote SQL injection Vulnerability
BUZLAB (prodotti.php?idCategoria) Remote SQL injection Vulnerability
B-Keen communication (dettaglio_news.php&id) Remote SQL injection Vulnerability
Google+ has a new option that will enable users of the social networking site to take a simple step to 'ignore' certain people.
Steve Jobs' signature moments over the past 30-plus years.
The nation's largest wireless carriers today are preparing for Hurricane Irene as it moves up the East Coast.
Air Display lets you extend your OS X or Windows desktop onto your "Apple whatever you're using."
Apparently the age of "superpoking" social network friends and throwing sheep at them is coming to a close.
Gibbs ponder our obsession with our digital electronics.
Panasonic is the latest big company to announce new camera offerings for the fall, as it unveiled two new fixed-lens cameras, a firmware update to last year's excellent Lumix LX5, and two new lenses for its G series of compact interchangeable-lens cameras.

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
U.K. police said Thursday a 22-year-old student has been charged in connection with participating in distributed denial-of-service attacks (DDOS) with the hacking collective Anonymous.
Google has received another setback in its vigorous efforts to keep a potentially damaging e-mail out of the lawsuit Oracle filed over alleged Java patent violations in the Android mobile OS.
Mozilla will not scrub the version number from Firefox's 'About' box after all, putting an end to a often-heated debate that first surfaced two weeks ago.
Four major credit card companies are working with the Isis mobile wallet venture to install mobile payment security applications on upcoming NFC-ready smartphones in the U.S.
Groovy Media Player '.m3u' File Remote Stack Buffer Overflow Vulnerability
With Hurricane Irene bearing down on the East Coast, companies are already executing business continuity and disaster recovery plans. Here are tips to help you keep your company up and running.
With the reign of Steve Jobs as Apple's CEO officially over, Ryan Faas takes a look at his 14-year tenure and how he shaped the company and, by extension, our digital lives.
With a new CEO finally at the helm, AMD can begin to move forward in what has become an Intel world.
Some residents of a small town in Iowa have cut their electricity use by 11 percent in a test that combines smart meters with cloud-based data analytics.
"I forward this file to you for review. Please open and view it."
Internet Storm Center Infocon Status