InfoSec News

Tor Remote Denial of Service Vulnerability
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Sprint is set to showcase its Velocity in-vehicle communications platform in Chrysler's redesigned 2013 Ram 1500 truck and new SRT Viper car at the L.A. Auto Show this week.
Microsoft plans to issue an over-the-air fix next month for a problem that has caused some Windows Phone 8 handsets to reboot themselves unexpectedly.
Nokia has asked a California court to enforce an arbitration award that would prevent Research In Motion from selling products with wireless LAN capabilities until the companies can agree on patent royalty rates.
Unrealistic HR and hiring manager expectations and a widening security skills gap is challenging CISOs trying to find the right security talent.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
LaCie's impressive Rugged USB3 Thunderbolt Series portable drive has all of the features that the modern media professional could want.
Google announced on Tuesday that it has integrated Gmail with its cloud storage service Google Drive. The result is a significant increase in size of documents that can be emailed -- up to 10GB.
Microsoft has sold 40 million licenses of the Windows 8 OS since its launch a month ago.
Hard-coded passwords on some Samsung and Dell printers could enable an attacker to take control of an affected device.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Slow updates to signature databases cause some antivirus products to be ineffective against known threats, according to a study by security firm Imperva.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
OCZ announced its new Vector SSD Series developed with its new Barefoot 3 controller. Meanwhile, BitMicro announced its next-generation solid-state drive controller, that it claims will produce 400,000 I/Os per second when used with flash memory.
Asustek has delayed U.S. shipments for its dual-screen Taichi ultrabooks, which were available for order from retail sites like Amazon, Newegg and TigerDirect.
Bradley Manning, the U.S. soldier accused of leaking thousands of classified military and diplomatic documents to WikiLeaks, is expected to argue this week that the charges against him should be dropped because he has already been punished enough while in custody awaiting trial.

Right-sizing security and information assurance, a core-versus-context journey ...
I think InfoSec security executives understand the role of compliance, but it can give business leaders a false sense of security to say, "Hey, we passed our audit, so we're compliant." There was a famous case of a very large financial-services ...

The National Institute of Standards and Technology (NIST) has published the final version of Notional Supply Chain Risk Management Practices for Federal Information Systems. This guide offers an array of supply chain assurance methods to ...
The feud between Autonomy founder Mike Lynch and Hewlett-Packard's leadership over alleged accounting fraud at the software vendor has intensified, with Lynch declaring his innocence in an open letter to the company's board and HP quickly returning fire.
Romanian law enforcement authorities have dismantled a criminal group that stole credit card data from foreign companies as part of an operation that resulted in fraudulent transactions totaling $25 million.
The annual list of top search queries on Bing show that Facebook, Apple's iPhone 5 and the presidential election have been of significant interest to the online world during 2012.
It's the one thing TV makers don't highlight when gushing over the colors, detail and sharpness of pictures on their new higher-than-high-def televisions: how consumers can get suitable content into their homes and then onto the screen.

SANS Launches NetWars CyberCity to Train Cyber Warriors for Defense
Sacramento Bee
In addition to world-class training, SANS offers certification via the ANSI accredited GIAC security certification program. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters ...

and more »
BBVA Compass, the U.S. subsidiary of the Madrid-based Banco Bilbao Vizcaya Argentaria banking group, is modernizing its core IT banking infrastructure, making it one of the first banks in the U.S. to offer real-time processing for its customers.
A Maine construction company that sued its bank after losing $345,000 in an online banking heist settled its dispute after a protracted legal battle that raised questions about a bank's responsibility in protecting customer accounts against cyber fraud.
Online assessment tests the security posture, but more detailed guidance documents and reports are available from government agencies and organizations.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Soaring iPhone 5 sales in the U.S. have helped make iOS the top smartphone operating system in the country, edging out Android, according to market research firm Kantar Worldpanel ComTech.
Cyber Monday 2012 was the biggest online shopping day in history, according to multiple sources.
[SE-2011-01] Additional materials released for SAT TV research
Apple today announced that it will start selling its redesigned iMac desktop computers Friday, barely making a self-set deadline to ship some by the end of the month.
US-CERT is warning of a backdoor in network printers manufactured by Samsung that allows attackers to take complete control of the systems and also gives them access to other parts of the network


Better off without AV? Not yet
CSO (blog)
But it's important to remember that we're still in a transitional period for security technology and that most us us shouldn't be ditching AV just yet. I'm reminded of a story I wrote three years ago where some infosec practitioners told me they had ...

and more »
After a number of delays, the beta of the Fedora 18 Linux-based distribution has been released.
Mozilla yesterday released a first beta of its next browser, Firefox 18, touting a revamped JavaScript engine and support for Macs with Apple's higher-resolution 'Retina' displays.
Boundary has added analytics features to its cloud monitoring service to give enterprises a better idea of how applications running on public clouds are performing and warn them when something starts to go wrong.
Bugzilla Multiple Cross Site Scripting and Information Disclosure Vulnerabilities

InfoSec World Conference & Expo 2013
Help Net Security
InfoSec World features over 60 sessions, dozens of case studies, 8 tracks (including a Hands-On Track), 11 in-depth workshops, 3 co-located summits and an exhibit hall showcasing the industry's leading vendors. With the primary objective of providing ...

As the traditional security perimeter dissolves in a virtualized environment, organizations need a new cybersecurity framework and architecture.
The Piwik web analytics software's server appears to have been compromised and has recently been serving a manipulated version of the software which gives attackers access to the server and surrounding system

Debian 'android-tools' Package Insecure Temporary File Creation Vulnerability

Blocking phishing emails is part and parcel of now commonplace technology controls, supplied by a wide range of vendors and, depending on your viewpoint (or how many angry user phone calls received daily), they do a great, resonable or bad job of blocking this type of unsolicited email. Despite the technologies deployed, ultimately the human factor is at play [1]. If someone in your company is going to click a link, open an attachment or click on a link to download a password protected file, then go to another site to get the password to open the file and have to install an old version of Java to see the Christmas Chickens dancing Gangnan style, then our reliance on user awareness training and constant reminders is the final safety net.

The ones that get through the technical controls are the ones that cause pain, either from afore mentioned angry users or, more seriously, possibly having to spin up some form of incident response. The question should be can these phishing email that evade our front line defenses be of more use other than to be forwarded to the filtering vendor with a pithy comment along the lines another one gets through again?

Something to think on before you tell the user to just delete that, it s a stupidly obvious phishing email have a read of some of the Anti Phishing Workgroups reports [2]. Phishing attacks clearly works and is still on the increase, so ignoring this problem is doing a disservice to your company and the staff.

Here is one way to get a bit more insight to the impact those nasty phishing emails to your network, then appy some defense and awareness in one fell swoop. Im going to focus on the most common type of phishing email, one that contains an obfuscated URL leading to a malicious site.

Once you have a phishing email, a quick look at the source html will clearly show the link to https: // mylovelybank.com is actually pointing to http: // muhaha-Im-an-evil-scammer.org. This tells us we have a real phish on our hands to deal with.

With that single URL, it enables you to search firewall, proxy and DNS logs[3] to see if anyone on your network has followed that link. And with that you now know the current impact of that one phish email to your organization.

Add it to the firewall/proxy block and alert rule, or better still, to a redirect rule that sends the next hapless phishing victim to a user awareness internal page educating them on what a phishing email is. This provides a list of people to receive the next batch of user awareness training and again shows the scale of how effective this phish was after the block was added.

Ah-ha! I hear you cry How do I get the phishing email in the first place, if my users dont know they been phished in the first place!

Well, thats a fair point, but you can use the natural, local resources of every IT/Security admin: The helpdesk/support team, well known unused email addresses directed to one mailbox ( e.g. [email protected], [email protected], [email protected] etc), the entire user population and Bob, the guy that seems to always get spam and phishing emails first. Either you already know who the Bob in your company is or the support staff most definitely will.

Have them forward known or suspected phishing emails to your special mailbox to investigate. Those that are real phishing email can be added to URL defenses and can be also added into your newly created Phishing scam blog/wiki/intranet site with recognition being given to the person that reported it. This provides a great teaching and reference material for not only staff but they can use it to warn their friends and families as phishing targets anyone with an email address.

To make some security graphics for those all important weekly/months reports, create them from the numbers of URLs the added phishing blocks, number of staff that clicked on the before and after the blocks were place and the number of phishing email reported by staff. That should keep management happy and provide historical charting of the amount of reported phishing events to help frame the overall security awareness health of the staff.

Youve now gone from a one lone skirmisher to an army against the menace of phishing emails. Getting the staff working for you to protect the company is one step closer to improving the over all security posture (and possibly being able to go home on time).

As ever, feel free to pitch in any thoughts or comments.

[1] Top tips to help the human element http://www.securingthehuman.org/blog/

[2] http://www.antiphishing.org/resources/apwg-reports/

[3] Some great tips on fun security stuff to do with DNS https://blog.damballa.com/archives/1834

Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Despite Samsung Electronics' efforts to rectify labor violations at its factories in China, little has changed for some workers.
Telecommunications equipment vendor Ericsson has asked a U.S. court to block sales of a variety of Samsung Electronics cameras, Blu-ray Disc players, televisions and phones, including the Galaxy S III and the Galaxy Note II, alleging that they infringe its patents.
Infor has teamed up with VMWare to help customers of its Infor10 LN ERP software run on VMWare's latest virtualization technology, opening a door to private cloud deployments and potentially lower infrastructure costs.
Visual Studio 2012 Update 1, now available for download, allows users to develop applications for Windows XP and more thoroughly test their work.
Symfony CVE-2012-5574 Arbitrary File Access Vulnerability
U.S. and European agencies have seized 132 domain names that were allegedly used to sell counterfeit merchandise online.
Two digital rights group urged Facebook on Tuesday to halt changes to its governance and data use policies, warning the modifications could increase privacy risks.
Apple retained its stranglehold on mobile shopping over the two-day stretch of Thanksgiving and Black Friday in the U.S., IBM said.
Cloud service providers claim they can secure your data, but as the technology model is put to the test by more and more organizations, security holes, malware and other vulnerabilities are coming to light. Insider (registration required)
NEC is working on a new type of small data center unit that uses convection to slash power usage by a third, even in Japan's hot, sticky climate.
For a second time in as many months, U.S. House Republicans will try to win approval of legislation to issue up to 55,000 so-called STEM visas to students who earn advanced degrees at U.S. universities.
The Piwik web analytics software's server appears to have been compromised and has recently been serving a manipulated version of the software which gives attackers access to the server and surrounding system

Internet Storm Center Infocon Status