InfoSec News

In its first earnings report since becoming a standalone company, Motorola Mobility said it was profitable in the fourth quarter of 2010 and shipped more than twice as many smartphones during the quarter as it did in all of 2009.
 
Twitter has launched a feature designed to show users common contacts and thus serve as a mechanism to suggest people to follow.
 

GovInfoSecurity.com

10 Top Government Infosec Leaders for 2011
GovInfoSecurity.com
A year ago, we introduced The Influencers, which spotlighted the most influential people in government cybersecurity for 2010. Those on the 2010 list remain ...

 
Google Quick Scroll (free) will be welcomed by any Chrome user who does a lot of Web searching, which means pretty much any Chrome user. Normally, when you do a search on Google, after you click a search result to go to a Web page, you're on your own. You'll have to scrounge around for the search term you typed into the Google search bar.
 
The scoop: Voyager Pro UC Bluetooth headset, by Plantronics, about $200.
 
In its first earnings report since becoming a standalone company, Motorola Mobility said it was profitable in the fourth quarter of 2010 and shipped more than twice as many smartphones during the quarter as it did in all of 2009.
 
If you've ever listened to National Public Radio's Prairie Home Companion, you may have heard the host mention in a folksy way that "all the children are above average." Alas, some products are just average--neither setting the bar for excellence nor dismally poor. Micro Express' NLB26 is just such an undistinguished product.
 
MyProxy SSL Certificate Validation Security Bypass Vulnerability
 
Novell GroupWise Internet Agent 'TZID' Variable Parsing Buffer Overflow Vulnerability
 
Sen. Ron Wyden, an Oregon Democrat, wants to rewrite rules for police access to the location information of mobile device customers.
 
Gibbs ponders Apple’s sudden use of pentalobe screws.
 
Facebook is rolling out a more secure way to connect to its website, which will protect users from a widely publicized wireless networking attack called Firesheep.
 
OpenOffice Multiple Remote Code Execution Vulnerabilities
 
PRTG Network Monitor 'errormsg' Parameter Multiple Cross Site Scripting Vulnerabilities
 
Cisco Content Services Gateway Malformed TCP Packet (CVE-2011-0350) Denial of Service Vulnerability
 
Coincidence or not, Facebook today announced two new security measuresless than 24 hours after the Facebook page of company founder Mark Zuckerberg was defaced by a hacker.
 
Company integrates its Real-Time ID Service with CRM to boost the user experience for target accounts
 
Facebook CEO Mark Zuckerberg's belittling of the idea of burning the social network's brand on a smartphone has done little to squash the rumors that such an animal will be unleashed this year. The latest prediction is that Taiwan-based phone maker HTC will pull the wraps off two smartphones bearing Facebook's brand and colors at an event in Barcelona next month.
 
The European Union's competition authorities have cleared Intel's proposed acquisition of McAfee subject to certain conditions.
 
When is a tablet not a tablet? When it's a PC. And if that's the case, the iPad's popularity makes Apple the third biggest computer maker in the world.
 
E-mail use on mobile phones is soaring and has become a mainstream way of checking e-mail in the U.S., according a study by ComScore.
 

Giving Obama a 'D' in Infosec
BankInfoSecurity.com (blog)
How fair is the report card issued by a little known group, National Security Cyberspace Institute, that gives President Obama middling grades on his ...

 
Now that Verizon has confirmed its data plan price for the iPhone, U.S. customers can compare the ongoing costs of owning an Apple smartphone.
 
Cisco Content Services Gateway Malformed TCP Packet (CVE-2011-0349) Denial of Service Vulnerability
 
Novell ZENworks Handheld Management Access Point 'ZfHIPCND.exe' Buffer Overflow Vulnerability
 
Cisco Content Services Gateway Service Policy Security Bypass Vulnerability
 
MuPDF 'closedctd()' PDF File Handling Remote Code Execution Vulnerability
 
Intel announced today that it's set to invest $100 million over the next five years into U.S. university research.
 
Facebook founder Mark Zuckerberg appears to be the second high-profile victim of a hacking attack on his own Facebook page, following a similar account takeover early this week targeting French president Nicolas Sarkozy.
 
App downloads for smartphones and tablets will explode in the next few years, reaching 185 billion from all app markets by the end of 2014, according to Gartner.
 
CakePHP combines easy installation with command-line tools that jump-start development, striking a good balance between small and large
 
With interest in IPv6 accelerating and adoption heating up more attention is being paid to address planning, but where do you start?
 
The Zend Framework offers a comprehensive feature set and popular components in return for a significant time investment
 
Symfony offers extensive features such as excellent debugging and logging, but the learning curve is steeper than most
 
RubyGems mail Remote Arbitrary Shell Command Injection Vulnerability
 
Acer, one of the world's top PC vendors, reported record high revenue of NT$629.7 billion (US$19.9 billion) in 2010 and profits in its core business, the company said on Wednesday.
 
Intel plans to invest some $25.8 million in joint research with Taiwan's top-ranked university study how the Internet can detect and interact with objects.
 
United Microelectronics, the world's second-largest contract chip maker, saw revenue for 2010 increase 35.9% over 2009. Robust demand for a range of consumer electronics including smartphones drove the growth.
 
Questionnaires will be sent out to CIOs around Europe in the coming weeks as research funded by the European Commission seeks to set out guidelines for IT best practice.
 
Zend Framework, Symfony, CodeIgniter, CakePHP, and other PHP frameworks conquer Web development with extensive features, powerful tools, and superior ease
 
More and more European Union member states are delegating online policing to private companies and Internet service providers, according to a report released Wednesday.
 
The HTC EVO Shift 4G, Sprint's latest Android smartphone, is not the flashiest on the market, but it offers speed, a comfortable keyboard and some nice features.
 
Femtocell maker Ubiquisys has developed a new type of small base station for 3G mobile phones that allows 3G phones to bypass international roaming charges.
 
IBM and the China-based Range Technology will build a cloud computing data center near Beijing that the companies claim will be Asia's largest by floor space.
 
Microsoft has started a 30-day free trial program for Office for Mac Home and Business 2011.
 
Intel CTO Justin Rattner said on Tuesday that the company's scientists are working on technology that will stop all zero-day attacks.
 
AWCM 'awcm_theme' Cookie Parameter Local File Include Vulnerability
 

Business continuity briefs:
Continuity Central (press release)
... hottest ideas in information security today. www.infosec.co.uk VMware hosting provider StratoGen has announced the launch of a new generation of cloud ...

 
Couple of days ago one of our readers, Thomas, wrote about weird DNS requests that he is seeing coming from his machine. After spending some time he found out that Chrome is sending those requests that he could not explain every time it is started.

Since I spent some time on this (long) time ago, I decided to pay more attention to Chromes DNS request (besides that, this diary might help someone who stumbles upon the same thing in the future).



So, in order to speed up browsing Google Chrome does a lot of DNS requests in advance (DNS prefetching this can be even turned on and off in Chromes options). When Chrome is started it will lookup domain names for previously opened web pages early in the startup process so if the user clicks on one of those links Chrome can connect to the target site immediately.



Among those requests Chrome also tries to find out if someone is messing up with the DNS (i.e. nastyISPs that have wildcard DNS servers to catch all domains). Chrome does this by issuing 3 DNS requests to randomly generated domain names, for every DNS extension configured. For example, for my system you can see a Wireshark capture below:

In a normal setup this results in a No such name response from your DNS server, as you can see in the screenshot above. If the owner of the DNS server you use has a wildcard setup, each of these requests will result in a response (which is normally even the same) so Chrome knows that there is someone potentially modifying DNS responses. This can happen for example also on wireless networks where you have to authenticate through a browser in order to get access to the Internet.
However, this is not all. Chrome actually does quite a bit of extra DNS lookups that some people might not be happy with. When a user is typing in a URL in Chromes address bar, Chrome automatically tries to determine if the user typed in a domain and tries to resolve it in the background.



For example, if you type isc.sans.org in Chromes address bar (as you should, at least once a day :), while typing Chrome will see that isc.sa is a possible domain (.sa = Saudi Arabia) and Chrome will happily send a request for that domain. Since isc.sa doesnt exist, .sas root server will send back an NXDOMAIN response. Good thing is that these negative responses can be cached by your local DNS too so the request does not have to go out every

single time. You can see Wiresharks output for this request below:



What other popular cases are there?
www.cnn.com ends up at www.cn (China)

www.facebook.com ends up at www.fa (doesnt exist)

www.twitter.com ends up at www.tw (Taiwan)



How bad is this? Well, its not too bad but it is certainly causing some extra traffic, especially since it depends on caching of (mostly) negative answers. A bad guy could, for example, possibly buy the www.cn domain, set up TTL to 0 (means do not cache) and watch in real time how this domain gets resolved every single time a Chrome user types in www.cnn.com in the address bar (clicking on a bookmark will not cause this).



Now, good thing for those wanting a bit more privacy is that you can turn of DNS prefetching in Chromes Options menu so it wont try to resolve domain names as you type (it will still try to resolve those random domain names to figure out if someone is messing up with DNS though). You can see more info about DNS prefetching in Chrome at https://sites.google.com/a/chromium.org/dev/developers/design-documents/dns-prefetching too.



--

Bojan

INFIGO IS (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
SAP saw revenue rise 27 percent in the fourth quarter but profits dropped by more than a third due to increased provisions linked to litigation with Oracle related to its former TomorrowNow unit, the company said Wednesday.
 
Twitter was blocked in Egypt on Tuesday as the country witnessed a large protest against the rule of President Hosni Mubarak.
 
A new free app from Brainshark for the iPad and iPhone allows users to easily navigate Brainshark business sales and training presentations on those devices
 


Internet Storm Center Infocon Status