InfoSec News

libsoup SoupServer Directory Traversal Vulnerability
 
Motorola reported a loss of $56 million, or 19 cents a share, on net revenue of $3.3 billion for the second quarter, as the phone and tablet maker continues to struggle to make 4G products.
 
Sprint Nextel's deal with LightSquared to build and run its LTE network for more than $13 billion in cash and credits all comes down to money.
 
A California man was sentenced to 12 years and seven months in prison Thursday for his role as the brains behind a widespread phishing scam that took in more than 38,000 victims.
 
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu SEC 503 coming to Ottawa Sep 2011 (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Citrix XenApp and XenDesktop XML Service Interface Multiple Remote Code Execution Vulnerabilities
 
ZDI-11-244: (0day) FlexNet License Server Manager lmadmin Remote Code Execution Vulnerability
 
n.runs-SA-2011.002 - Citrix XenApp / XenDesktop XML Service Heap Corruption
 
Sprint's decision to strike a deal with LightSquared today was a tacit admission that its early adoption of WiMax has not worked out as well as intended.
 
Strong demand for Fusion chips helped Advanced Micro Devices take global microprocessor market share from Intel in the second quarter this year, Mercury Research said in a study .
 
BlueCross BlueShield of Tennessee said today it has completed a year-long effort to encrypt all of its at-rest data, a move it took after 57 of its hard drives were stolen in 2009.
 
Motorola reported a loss of $56 million, or 19 cents a share, on net revenue of $3.3 billion for the second quarter, as the phone and tablet maker continues to struggle to make 4G products.
 
[security bulletin] HPSBUX02689 SSRT100494 rev.2 - HP-UX Running OpenSSL, Remote Denial of Service (DoS)
 
[security bulletin] HPSBMU02669 SSRT100346 rev.3 - HP Data Protector Media Management Daemon (mmd), Remote Denial of Service (DoS)
 
[security bulletin] HPSBMU02691 SSRT100483 rev.2 - HP Performance Agent and HP Operations Agent, Remote Arbitrary File Deletion
 
[security bulletin] HPSBMU02692 SSRT100581 rev.2 - HP SiteScope, Remote Cross Site Scripting (XSS) and Session Fixation Attack
 
Two security issues fixed in ioQuake3 engine
 
The virtualization vendor says a severe XenDesktop and XenApp security flaw needs immediate patching, or else an attacker may execute arbitrary code.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
[SECURITY] [DSA 2287-1] libpng security update
 
Twitter is placing its promoted tweets right in front of users' eyeballs in an attempt to boost its advertising business.
 
Computers running the decade-old Windows XP make up a huge reservoir of infected PCs that can spread malware to other systems, a Czech antivirus company said today.
 
n.runs-SA-2011.001 - Citrix XenApp / XenDesktop Stack-Based Buffer Overflow
 
indiacon (selloffers.php?cid) Remote SQL injection Vulnerability
 
A1 Solutions (cat_sell.php?cid) Remote SQL injection Vulnerability
 
Infocus Web Solutions (news_desc.php?id) Remote SQL injection Vulnerability
 
In what is the first major update to the programming language in more than five years, Oracle has shipped Java Platform Standard Edition 7 (Java SE 7), the company announced Thursday.
 
The U.S. Federal Trade Commission says an online business listing company billed small businesses and nonprofit groups for unwanted listings.
 
HP Operations Manager 'Register' Request Arbitrary File Deletion Vulnerability
 
Zones Web Solution (status.asp?print) (search_result.php?loc_id) Remote SQL injection Vulnerabilities
 
Zones Web Solution (StoneDetails.php?stone) XSS Vulnerability
 
Canoy Softwares (search_result.php?loc_id) Remote SQL injection Vulnerability
 
WOC Consulting (search_result.php?cid) Remote SQL injection Vulnerability
 
SAP and Rent-a-Center are locked in a legal battle over whether the rent-to-own chain owes the vendor about $9 million in fees for excess use of its Business Objects analytics software.
 
A stagnant laptop market could be reinvigorated with the arrival of ARM processors, which will enable lighter machines with all-day battery life, industry observers said.
 
About 100,000 Web pages for e-commerce sites based on the open source OS Commerce software have been compromised with malware through a mass iFrame injection attack, according to security firm Armorize.
 
A trade agency judge has ruled that some Macs infringe patents held by S3 Graphics and could be barred from the U.S., according to a decision made public Wednesday.
 
A stagnant laptop market could be reinvigorated with the arrival of ARM processors, which will enable lighter machines with all-day battery life, industry observers said.
 
ClamAV Hash Manager Off-By-One Denial of Service Vulnerability
 
VirtueMart Component for Joomla! SQL Injection Vulnerability
 
Novell has decided to shut down its Web-hosted Vibe Cloud enterprise social collaboration suite, which bombed with customers although the market is hot for competing products.
 
Oracle is buying knowledge management vendor InQuira in order to improve the capabilities of its Fusion and Siebel CRM applications.
 
It gets a lot of things right, especially the idea that not all 'friends' are created equal.
 
Hoping to boost its services offerings, IBM is assigning 200 of its researchers to the help the company manage its customers' business systems with more scientific precision.
 
The CTO of NASA’s famous JPL told a Gartner Catalyst 2011 crowd how his group conducts sensitive scientific work using a hybrid cloud security model.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
We all know that web applications are the new firewall. However, so far we had a hard time collecting web application logs. The hard part is to balance ease of install of a sensor (without disrupting the web application), fidelity of the log information and privacy.
With firewall logs, it is pretty simple. A rejected packet in a firewall has very little information and privacy isn't a big issue. Web application are different as the actual meat of the log event is in the request content, which may contain personal information. Parsing web logs isn't so easy either. Administrators frequently customize log formats for special purposes.
To balance these different issues we decided to focus on errors, but instead of parsing logs, we set up a little php script that you can add to your error page. In its current form, the script will work with PHPweb servers (tested with Apache) that support the curl extension. Curl is installed by default in current versions of PHP.
Now all you need is an error page. In Apache, just use the ErrorDocument configuration directive. For example:

ErrorDocument 404 /error.html

Will redirect users to /error.html in case of a 404 error [1]. You may already have a page like that configured. All you need to do is add the php snippet to the end, sending us the intended URL, the user agent and the IPaddress of the client access the missing page.
The hope is to collect data from automated probes, similar in how DShield's firewall logs reflect portscan activity.
In particular if you are running a personal / home web server:Please consider adding the collector script.
Once we get a few submitters, we will start adding continuously updated reports to the site, just like we do for the DShield data. However, we can't do this until we have at least a dozen submitters (better 100 or more) . We can not publish one off errors as they will likely be specific to your site and again could cause privacy issues.
Why do we only support PHP? Well, that's the language I know. Feel free to submit a .Net/Java/Ruby/Perl or whatever version of the script.
Simple steps to sign up:

Login to retrieve your authentication key here https://isc.sans.edu/myinfo.html
Download the php snippet here https://isc.sans.edu/tools/404project.html
paste it into your Error Document
test...

Please contact us if you have any questions.
[1] http://httpd.apache.org/docs/2.0/mod/core.html#errordocument
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Avecto Announces Significant Year End Results for 2011
Sacramento Bee
Between now and the end of their next financial year Avecto is scheduled to attend a wide range of industry events including Focus 11 - the fourth annual McAfee security conference, Microsoft Management Summit, InfoSec Europe and TechEd. ...

and more »
 
Dell said Thursday it will warranty servers to run at 113 degrees Fahrenheit (40 degrees Celsius) for parts of the year, so that customers can make wider use of "fresh-air cooling" in their data centers.
 
The BBC is expanding its popular iPlayer digital content service, launching a subscription iPad application for 11 European countries, the broadcaster said on Thursday.
 
Sprint and LTE technology provider LightSquared announced a 15-year deal Thursday that gives Sprint $9 billion in cash, primarily for spectrum hosting and LTE network services it would provide LightSquared.
 
Google has developed a hosted service that analyzes Web pages, rewrites their code to make them perform better and serves them up from Google servers.
 
HTC OBEX FTP Service Directory Traversal Vulnerability
 
A startup called Totango is hoping to make it big by solving the business problems of fellow SaaS vendors, not end users.
 
Alcatel-Lucent reported a smaller increase in revenue than analysts had expected, but returned to profit in the second quarter.
 
Cost-justifying the replacement of legacy software isn't easy. Here's how four shops approached the issue. One common theme: identifying business challenges and opportunities.
 
GE is about to begin distribution of holographic optical disc technology and plans to license it to manufacturing partners in the next few months. But a rival company, InPhase, says its own holographic technology is better.
 
Outgoing federal CIO Vivek Kundra believes that cloud security issues ave been used to discourage cloud adoption. That's not stopping the Department of Homeland Security.
 

Avecto Announces Significant Year End Results for 2011
PR Newswire (press release)
Between now and the end of their next financial year Avecto is scheduled to attend a wide range of industry events including Focus 11 - the fourth annual McAfee security conference, Microsoft Management Summit, InfoSec Europe and TechEd. ...

and more »
 
Nintendo will slash the price of its 3DS handheld gaming device in Japan from mid August.
 
Sony reported a net loss for the three month period from April to June as the company dealt with unfavorable exchange rates, cut-throat competition in the consumer electronics business, and a hacking attack on its online gaming network.
 

Top strategies to mitigate targeted cyber intrusions
SearchSecurity.com.au
The remainder of the list can be found on the DSD website at http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm and many non-government organisations would benefit from reviewing these strategies against their own IT Security risk mitigation ...

and more »
 
Internet Storm Center Infocon Status