InfoSec News

Tablets and netbooks based on Intel's Meego OS are expected to start shipping in the second quarter this year, a source familiar with Intel's plans said on Friday.
 
Reading the news of Egypt's Internet crackdown, CIOs around the world may be wondering how their companies would fare if such a situation happened in their home countries.
 
The challenges cloud computing presents to database technology came into focus Friday during the New England Database Summit at MIT.
 
To sever its link with the outside digital world, Egypt "raised the drawbridge" in mere minutes by forcing the country's providers to make simple changes to their routers, experts said on Friday.
 
Asus's good-looking N53 series laptops have proven to be some of the faster all-purpose notebooks on the market. The latest N53SV model is as well, only more so thanks to its new state of the art Second Generation Intel Core CPU. Our test configuration, which sells for $1,219 , sports the high-end 2.0 GHz Core i7-2630M that pushed the unit to an excellent 126 WorldBench score. However, you can save some money at the expense of performance by ordering it with an i5-2410M or i3-2310M.
 
The shutdown of Egypt's ties to the rest of the global Internet was not announced by the government -- instead, 3,500 Internet routes suddenly vanished, with more continuing to wink out, leaving network operators in North America to wonder what exactly had happened and what the ripple effects might be.
 
Political leaders are raising concerns about the Egyptian government's blocking of the Internet in response to unrest.
 
Microsoft today warned Windows users of a new unpatched vulnerability that attackers could exploit to steal information and dupe people into installing malware.
 
Amazon.com CEO Jeff Bezos said in a fourth-quarter earnings statement Thursday that the e-book-selling milestone 'has come even sooner than we expected.'
 
Proof-of-concept code has surfaced enabling attackers to target the vulnerability. All versions of Windows are vulnerable.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
A new update of one of the handlers' favourite tool was released today. A primary focus of this release is the Nmap Scripting Engine, which has allowed Nmap to expand up the protocol stack and take network discovery to the next level. Nmap can now query all sorts of application protocols, including web servers, databases, DNS servers, FTP, and now even Gopher servers!
Check out the change log here for the list of all changes and new features. The new update is available as binary packages for Linux, Mac and Windows as well as the source code can be downloaded here.
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
TELUS Security Labs VR - Novell ZENworks Handheld Management ZfHIPCND.exe Buffer Overflow
 
TELUS Security Labs VR - Symantec Antivirus Intel Alert HandlerService Denial of Service
 
TELUS Security Labs VR - Symantec Alert Management System HNDLRSVC Arbitrary Command Execution
 
Proof-of-concept code has surfaced enabling attackers to target the vulnerability. All versions of Windows are vulnerable.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
The growing anti-government protests in Egypt are disrupting the growing tech industry in the country, according to a tech executive in the country.
 
What happens if the country you outsource to suddenly goes dark? Early adopters of Egyptian IT and business process services are finding out.
 
Samsung Electronics reported a fresh all-time sales high in the fourth quarter, boosted by two products with Google's Android mobile OS on board.
 
Through its broad attempt to shut down Internet communications, Egypt's government has not only successfully blocked Twitter but also significantly limited access to Facebook, Yahoo and Google, as it scrambles to squelch political unrest.
 
Michael Friedenberg, President and CEO of IDG Enterprise, offers his latest book recommendations for CIOs.
 
Retired: PHP link Directory software 'sbcat_id' Parameter SQL Injection Vulnerability
 
www.microsoft.com/technet/security/advisory/2501696.mspx



Information on this vulnerability first started surfacing on Full-Disclosure on 1/15/2011.The vulnerability exists in all supported versions of MS and to review detection options for email gateways and proxies/NIDS/etc.



From the advisory:



The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim's Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user.



A release date for a fix has not been posted yet.



Relevant/Interesting Links:



Enhanced Security Configuration

http://technet.microsoft.com/en-us/library/dd883248(WS.10).aspx



MHTML Info

http://msdn.microsoft.com/en-us/library/aa767916(v=vs.85).aspx



Server Core

http://technet.microsoft.com/en-us/library/ee441255(WS.10).aspx



CVE-2011-0096

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0096



Advisory

http://www.microsoft.com/technet/security/advisory/2501696.mspx



If you come across any attacks targeting this vulnerability, please upload any details you have (pcap, samples, urls, etc)

via our contact form and we'll review them, share with the community (if you permit us), and post updates to the diary.



Thanks,



Robert Danford (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The Internet blockade imposed by the Egyptian government following civil unrest is unprecedented, both in its nature and scope, according to network monitoring firms.
 
When he joined the FBI from Lehman Brothers, Chad Fulgham inherited an obsolete IT infrastructure and major project on the brink of failure. Two years later, agents have BlackBerrys and SharePoint, but the work isn't finished.
 
Hastymail2 'htmLawed.php' HTML Injection Vulnerability
 
FreeBSD local denial of service - forced reboot
 
[SECURITY] [DSA 2152-1] hplip security update
 
CA20101231-01: Security Notice for CA ARCserve D2D (updated)
 
It may seem like more mobile hype, but Senior Site Editor Eric B. Parizo writes that there are legitimate reasons why mobile device threats may be on the rise.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Reports that Apple could embed Near Field Communication technology in its upcoming iPads and iPhones has reinvigorated interest in the technology in the U.S.
 
Gibbs celebrates you, the computer geek!
 
The Egyptian government continued an unprecedented block on Internet traffic and mobile communications providers today following demonstrations against President Hosni Mubarek.
 
The White House has outlined a wide-ranging plan of putting 1 million what it calls advanced technology vehicles on the road by 2015. Can it be done?
 
Apple's iPad news not fit for print, Google hopes advertisers take the hint
 
APE is the recognition of the fact that IT organizations need to design for application performance and then test, measure and tune performance throughout the application life cycle.
 
Okta is a San Francisco-based identity and access management service provider led by CEO and co-founder Todd McKinnon, former head of engineering at Salesforce.com, and president and co-founder Frederic Kerrest, who worked in sales and business development at the SaaS provider.
 
Have you wondered how your Internet Service Provider stacks up against the competition when it comes to delivering streaming video to your home? It seems Netflix has been wondering, too, so today it launched what will be a monthly feature at its tech blog comparing average bit rate speeds of major ISPs in the United States and Canada.
 
InfoSec News: Hackers break US government smart card security: http://news.techworld.com/security/3258312/hackers-break-us-government-smart-card-security/
By Robert McMillan Techworld.com 27 January 11
The US government has been stepping up its use of smart cards to help lock down its computer networks, but hackers have found ways around them. [...]
 
InfoSec News: Secunia Weekly Summary - Issue: 2011-04: ========================================================================
The Secunia Weekly Advisory Summary 2011-01-20 - 2011-01-27
This week: 82 advisories [...]
 
InfoSec News: How Egypt shut down the internet: http://www.telegraph.co.uk/news/worldnews/africaandindianocean/egypt/8288163/How-Egypt-shut-down-the-internet.html
By Christopher Williams Technology Correspondent Telegraph 28 Jan 2011
Organisations that track global internet access detected a collapse in [...]
 
Vodafone Group has shut down cell phone service in Egypt after being ordered to do so by the government, which is under siege by protesters.
 
While flashing your iPhone or iPad near a station to make payments sounds easy, it really isn't.
 
One of the fastest growing free trade zones in the United Arab Emirates (UAE) is depending on a Cisco partner to streamline communications among locators in the zone.
 
IBM WebSphere Application Server for z/OS Unspecified Cross Site Request Forgery Vulnerability
 
IBM WebSphere Application Console Servlets Information Disclosure Vulnerability
 
IBM WebSphere Application Server CVE-2010-0783 Unspecified Cross Site Scripting Vulnerability
 
FreeBSD NULL Pointer Dereference Local Denial of Service Vulnerability
 
As protesters continue to clash with police in anti-government demonstrations, Egypt has pulled the plug on the Internet.
 

Posted by InfoSec News on Jan 28

========================================================================

The Secunia Weekly Advisory Summary
2011-01-20 - 2011-01-27

This week: 82 advisories

========================================================================
Table of Contents:

1.....................................................Word From...
 

Posted by InfoSec News on Jan 28

http://www.telegraph.co.uk/news/worldnews/africaandindianocean/egypt/8288163/How-Egypt-shut-down-the-internet.html

By Christopher Williams
Technology Correspondent
Telegraph
28 Jan 2011

Organisations that track global internet access detected a collapse in
traffic in to and out of Egypt at around 10.30GMT on Thursday night.

The shut down involved the withdrawal of more than 3,500 Border Gateway
Protocol (BGP) routes by Egyptian ISPs,...
 

Posted by InfoSec News on Jan 28

http://news.techworld.com/security/3258312/hackers-break-us-government-smart-card-security/

By Robert McMillan
Techworld.com
27 January 11

The US government has been stepping up its use of smart cards to help
lock down its computer networks, but hackers have found ways around
them.

Over the past 18 months, security consultancy Mandiant has come across
several cases where determined attackers were able to get onto computers
or networks that...
 
OpenOffice.org has released several security bulletins affecting various components of OpenOffice. Some of these security issues may allow remote unprivileged user to execute arbitrary code.
The following CVEs have been assigned to the list of issues affecting OpenOffice:
CVE-2010-2935 CVE-2010-2936 CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453 CVE-2010-3454 CVE-2010-3689 CVE-2010-3702 CVE-2010-3704 CVE-2010-4008 CVE-2010-4253 CVE-2010-4494 CVE-2010-4643
The following versions are affected by these bulletins:
- All versions of OpenOffice.org 3 prior to version 3.3

- All versions of OpenOffice.org 2

- OpenOffice.org stated that earlier versions of OpenOffice.org are no longer supported and will not be evaluated regarding this issue.
All the bulletins are posted here.


-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Security B-Sides event set for UK debut
SC Magazine UK
Already heavily discussed on Twitter, the 'middle day' of Infosec, the 20 th April, will also be home to a new event called 'Security B-Sides'. ...

 
Microsoft has asked Intel to develop a 16-core version of its low-power Atom chip for use in servers, part of a wider effort to reduce power consumption in its massive data centers.
 
While flashing your iPhone or iPad near a station to make payments sounds easy, it really isn't.
 
Apple could cause some serious disruption in the mobile payments space if it enters the field as reported, say analysts.
 
Verizon Communications plans to buy cloud service provider Terremark Worldwide for about $1.4 billion in a deal that could significantly expand its cloud offerings for enterprises.
 
U.S. authorities said they have executed more than 40 search warrants in the U.S. in connection with last month's Web-based attacks against companies that severed ties with WikiLeaks.
 
Classified ads software 'cid' Parameter SQL Injection Vulnerability
 
PHP link Directory software 'sbcat_id' Parameter SQL Injection Vulnerability
 

Security B-Sides Show To Rival Infosec London
eWEEK Europe UK
Could the second day of London's Infosec show be hijacked by an indie competitor? Security B-Sides, a new, free event for the security community, ...
Security B-Sides event set for UK debutSC Magazine UK
http://news.techworld.com/security/3258572/security-industry-invited-to-london ...Techworld.com

all 3 news articles »
 
Most of you will be aware that the domestic situation in Egypt is a tad volatile. We certainly do not get into the politics of things, however one event earlier today bears commenting on and that is the complete and utter shutdown of all internet connectivity in Egypt.
Try and resolve any .eg site and you will receive .... nothing.
To my knowledge this is unprecedented. The main stream press is reporting that this is mainly because the unrest is being organised using twitter, SMS and other online services.Similar to the events in Iran during the elections last year.
From an IT security perspective how do you shut down a country? From what I can see for us external to the country access to the DNS servers is removed
dnstracer www.eeaa.gov.eg
Tracing to www.eeaa.gov.eg[a]

|___ FRCU.EUN.eg [gov.eg] (193.227.1.1) * * *

|___ RIP.PSG.COM [gov.eg] (147.28.0.39)

| |___ NS2.TEDATA.NET [eeaa.gov.eg] (No IP address)

| ___ NS1.TEDATA.NET [eeaa.gov.eg] (No IP address)
So how is access denied to a whole country? BGPMON (http://bgpmon.net/blog/?p=450)reports that close to 3000 routes to Egyptian networks were removed, effectively cutting them off the Internet. Other articles are reporting that the major service providers went dark, easy enough to do I guess if you are the government.
Feel free to comment, but please keep comments apolitical.
Cheers
Mark (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 


Internet Storm Center Infocon Status