InfoSec News


VietNamNet Bridge

Experts hold opposite opinions about the website attack risk
VietNamNet Bridge
According to CMC InfoSec, a network security solution provider, since early May 2011, more than 300 websites in Vietnam have been defaced and hacked; of which 100 websites have the “.org” or “gov.” domain names. The attacks sourced from Turkey, ...
Website owners urged to invest in security information securityAsiaOne

all 2 news articles »
 
Microsoft said it remains committed to HealthVault, its service that lets users store all their medical information in one place, despite Google's announcement last week that it would shut down a similar service because it wasn't popular enough.
 
In an era of increasing software bloat there's something to be said for a small, efficient application that goes about its business without fanfare or distraction. Drive Power Manager ($15, 21-day free trial) weighs in at a mere 1.5 MB fully installed and has a single function: To provide component level access to hard disks and optical storage devices, allowing highly granular control of power usage, performance, standby, and noise settings. The interface is simplicity itself, with all functions available via a single window per drive. Drive Power Manager applies changes immediately, with no rebooting required.
 
LaCie today announced a hybrid storage product that combines a network-attached storage box with an online backup service.
 
It looks like self-driving cars may be on the road sooner than most people had thought -- at least in Nevada.
 
Microsoft's launch of Office 365 has Google feeling pressure to explain why businesses should use Gmail and Google Docs.
 
Skype is set to unveil a video chat app for the iPad tomorrow, a move that brings rivals Apple and Microsoft closer.
 

Most recent quarter sees rise in information security salary figures
SearchSecurity.co.uk
Salaries in information security have begun to creep back up during the last quarter, and, for the first time since the credit crunch began, no section of the infosec market has seen a reduction in pay. According to Q2 2011 figures supplied by ...

 

THINQ.co.uk

Anonymous launches hacking lessons at School4Lulz
THINQ.co.uk
With the disbandment of hacker group LulzSec, the online 'hacktivist' collective is clearly looking for buddies to continue its fight under the banner Operation InfoSec - and one way of recruiting fellow travellers, it seems, is to issue them with a ...

 

Gartner: Prepare today or face cloud computing security problems tomorrow
SearchSecurity.com
Enterprise infosec teams must put security plans in place not only to prepare for the adoption of those cloud computing services in the coming years, but also to stave off the security risks posed by consumer cloud computing services. ...

and more »
 
Opera Software will debut a new, streamlined user interface in Opera 11.5, a company executive said today, that closely resembles the minimalist design now sported by most of its competitors.
 
The PCI-Express standards-setting organization is creating a thin interconnect that would link mobile devices such as smartphones and tablets to external peripherals, the organization's chief said.
 
Three PlayStation Network users charge that Sony 'cut corners' in its efforts to protect personal data of its users.
 
Mambo CMS Multiple Cross Site Scripting Vulnerabilities
 

I was teaching this week at University. It was a pretty normal class until I heard the following from one of my students:

What happened to google?

A couple of seconds after, many people started to make the same complaint and one minute after nobody had access to google. I typed the google URL from my computer and got the following screen:



First thing I though was that google suffered an attack. Looking further, I queried for the current google IPand found the following:



When I looked for the owner of that IPaddress, ARIN says it is not precisely google. I performed a nslookup from another domain and got the correct ip address for google:



At this time I found out we were victim of a DNScache poisoning attack.Since the network admin was not at his office because class was in the night, there was nothing I could do but wait for the DNScache to expire.

How this attack works and How we can protect ourselves

The DNS process works as follows to resolve ip address from a fully qualified domain name (FQDN):

Client sends a query to the internal DNS looking for an ip address for a machine name.
Internal DNS server performs recursion and if it's not present in the cache looks for the IPaddress on the internet from the authoritative nameserver of the domain.
The authoritative nameserver answers the IPaddress requested.
The Internal DNS server answers the IPaddress to the client.

The attack works as follows:

Attacker queries the target DNS server for a FQDN not present in the cache.
Target DNS server performs recursion and looks for the IP address on the internet from the authoritative nameserver of the domain.
Attacker floods the target DNS server with fake responses for the query.
Target DNS server updates the cache and begins serving the fake ip address every time the FQDN is requested.

How do we protect ourselves from the attack?

Use the last version of your DNS server (I really like BIND) as it randomize the source port of your queries.
Do not allow recursion from outside of your network. Allow it only from your corporate network computers.
Use DNSSEC. The root servers support it since July 15 2010 and the protocol allows to authenticate valid records from domains zones.

Any other protection measure you want to share with us? Please use our contact form.
Manuel Humberto Santander Pelez | http://manuel.santander.name | http://twitter.com/manuelsantander (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The mobile industry should adopt do-not-track tools, an FTC commissioner says.
 
Relatively few colleges and universities around the world offer dedicated degree programs for business intelligence, despite the rapidly growing popularity of analytics technology among businesses, according to a study.
 
Knomo's $80 11" Leather Envelope for MacBook Air is sturdy, cushioned, and attractive. Made of brown leather with a cloth-and-velvet interior, the landscape-orientation sleeve provides a classy way to carry your laptop by itself or inside a larger bag. (Oddly, the Leather Envelope doesn't appear on Knomo's website; however, it's currently available in U.S. Apple retail stores, as well as from Apple's UK online store at the above link.)
 
Can CISOs turnaround IT security programs to be more proactive? Experts say many programs are frozen in a reactive mode.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Upload directory traversal in Novell ZenWorks Handheld Management 7.0.2
 
Arbitrary files deletion in Novell File Reporter 1.0.4.2
 
Off-by-one in Sybase Advantage Server 10.0.0.3
 
Serva32 Directory Traversal and Denial of Service Vulnerabilities
 
MySQLDriverCS Cross-Parameter SQL Injection Vulnerability
 
Microsoft is telling Windows users that they'll have to reinstall the operating system if they get infected with a new rootkit that hides in the machine's boot sector.
 
Explorer Pipeline has deployed Sprint's new fixed wireless WiMax-based 4G Enterprise WAN at its Houston fuel storage facility.
 
Asterisk 'Contact' Header SIP Channel Driver Denial of Service Vulnerability
 
cURL/libcURL CURLOPT_ENCODING Option Buffer Overflow Vulnerability
 
cURL / libcURL NULL Character CA SSL Certificate Validation Security Bypass Vulnerability
 
SolidFire recently revealed the details of its all solid state storage technology targeted at cloud storage providers.
 
Oracle has quietly revealed pricing information for its long-awaited Fusion Applications, suggesting the software may finally be available after six years in development.
 
Ever since Mac OS X Lion was announced, many of us have been wondering what it will mean for businesses and IT departments. So far, that discussion has focused largely on distribution: How will Apple's Mac-App-Store-only approach work when you're installing and managing the new OS on dozens, if not hundreds, of machines? But while that is indeed a big question (to which we know some, but not all, of the answer), it's not the only one worth asking. Mac OS X Lion has more than 250 new features; a few of them will really matter to businesses and IT. What will they mean? Here's what I think.
 
When Microsoft launches Office 365 on Tuesday, the countdown will officially begin for current BPOS customers to upgrade to the new suite.
 
The Los Alamos National Laboratory was forced to close this morning as an advancing wildfire closed in on the U.S. research facility.
 
CMS from Scratch 'upload.php' Arbitrary File Upload Vulnerability
 
WordPress WP-Cumulus Plugin 'tagcloud.swf' Cross-Site Scripting Vulnerability
 
SmallFTPD Multiple Connection Requests Remote Denial Of Service Vulnerability
 
Joomla! 'com_morfeoshow' Component 'idm' Parameter SQL Injection Vulnerability
 
The Yes school system in Houston installed a wireless network using Aruba and Microsoft gear that officials say cost far less than a traditional wired system using PBX gear.
 
Apple said it would pull MobileMe's plug in 2012, months after it is to be replaced by iCloud. We answer some questions about what parts would shift to iCloud and what would be ditched.
 
CA Technologies has added fresh user interfaces to its stack of mainframe management tools.
 
WordPress Beer Recipes Plugin HTML Injection Vulnerability
 
Mobile apps are in high demand, and developers are in short supply. With a few key tweaks to your skill set, you could be working in the hottest tech market going.
 
The decision by computer hacking group LulzSec on Saturday to fold operations may be helping another online group, Anonymous, which stepped up attacks over the weekend.
 
Sending your IT business to the cloud comes with risk, as those affected by these 10 colossal cloud outages can attest
 
Need to up your professional influence? Plug into five major sources of personal power at work.
 
JomSocial Event Module HTML Injection Vulnerability
 

Posted by InfoSec News on Jun 27

http://news.cnet.com/8301-1009_3-20074416-83/hacking-group-lulzsec-says-its-calling-it-quits/

By Edward Moyer
Security
CNet News
June 25, 2011

After a whirlwind run of headline-grabbing hacking exploits that
involved the likes of Sony, the CIA, the U.S. Senate, and FBI partner
Infragard, hacking group LulzSec is apparently--and suddenly--calling it
quits.

The group, which cropped up on many people's radar for the first time
just last...
 

Posted by InfoSec News on Jun 27

http://www.darkreading.com/authentication/167901072/security/vulnerabilities/231000218/john-the-ripper-gets-a-face-lift.html

By Kelly Jackson Higgins
Dark Reading
June 22, 2011

One of the industry's first open-source password-cracking tools just got
a big boost in power and performance with sponsorship from Rapid7, which
also plans to more tightly integrate the so-called John the Ripper tool
with Metasploit.

Alexander Peslyak, founder...
 

Posted by InfoSec News on Jun 27

http://www.bankinfosecurity.com/articles.php?art_id=3785

By Tracy Kitten
Managing Editor
Bank Info Security
June 24, 2011

In a new twist to the Michaels point-of-sale breach, a police department
in Oregon is asking the public to help nab suspects believed to be
involved in the card skimming scheme.

Police in Beaverton, Ore., are investigating 50 fraud reports related to
the breach, which Michaels has confirmed likely compromised debit...
 

Posted by InfoSec News on Jun 27

http://www.telegraph.co.uk/news/worldnews/asia/china/8596647/China-opens-string-of-spy-schools.html

By Malcolm Moore
Shanghai
The Telegraph
24 June 2011

Last week, China opened its eighth National Intelligence College on the
campus of Hunan University in the central city of Changsha. Since
January, similar training schools have opened inside universities in
Beijing, Shanghai, Xian, Qingdao and Harbin.

The move comes amid growing worries in...
 

Posted by InfoSec News on Jun 27

http://www.theregister.co.uk/2011/06/23/ipad_data_hacker_guilty/

By Dan Goodin in San Francisco
The Register
23rd June 2011

A San Francisco man has admitted writing the code that plucked personal
data of 120,000 early iPad adopters from servers AT&T had left wide open
to the attack.

Daniel Spitler, 26, pleaded guilty in federal court in New Jersey to one
count each of identity theft and conspiracy to gain unauthorized access
to...
 
Microsoft Visio 'DXF' File Insertion Buffer Overflow Vulnerability
 

Posted by InfoSec News on Jun 27

========================================================================

The Secunia Weekly Advisory Summary
2011-06-17 - 2011-06-24

This week: 47 advisories

========================================================================
Table of Contents:

1.....................................................Word From Secunia...
 

Posted by InfoSec News on Jun 27

http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=10734815

By Glenn Chapman
nzherald.co.nz
June 27, 2011

DEFCON hackers will share their skills with the next generation at a
first-ever children's version of the infamous gathering of software
renegades, lock pickers and social engineers.

DEFCON Kids will take place in Las Vegas on August 6-7 during the 19th
annual DEFCON started by hackers such as "Dark...
 
Internet Storm Center Infocon Status