InfoSec News

Data Security Leader Vormetric Expands into European Market
SYS-CON Media (press release)
Click to tweet: Data security leader @Vormetric announces EMEA expansion: http://bit.ly/KC5D11 #Infosec #security. Vormetric's move to establish a local presence in the EMEA region has been driven by a number of factors. Continued data breaches at ...

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The Apple executive in charge of hardware engineering for the iPhone, iPad and other Apple products is retiring from the company, Apple said Thursday.

Google unveils Android 4.1 Jelly Bean
ZDNet Australia
RT @ECCOUNCIL: Huawei urges cybersecurity cooperation http://t.co/013FLm6g #infosec #hack #cybersecurity. 3 hours ago by Dr_Craig_Wright on twitter, retweet. So please do "jump ship". 3 hours ago by omk2 on Telstra logs customer history for new filter ...

AccountsService 'user_change_icon_file_authorized_cb()' Function File Disclosure Vulnerability
Openfire Multiple Input Validation Vulnerabilities
One of the big disadvantages to using cloud-based office apps is that you have to be connected to the Internet to use them. Well, Google took care of that issue today.
Research In Motion is delaying the launch of its BlackBerry 10 operating system due to delays in completing the software.
At US$199, Google's Nexus 7 may seem like a tempting tablet, but some potential buyers and analysts say that it lacks hardware features and is a feeble attempt to energize the Android OS in a market dominated by Apple.

Business Insider

Fifty-Two Troops Who Went Down In A Plane Like This Have Finally Been Found ...
Business Insider
Big, Beautiful Photos Of The Only Rolls-Royce Dealership In New York City · More · Latest · Video · The Hive · Data · Your News · BI Intelligence · Events · About BI · Events · BI Intelligence · Military & Defense Home · Troops · Hardware · INFOSEC ...

Google co-founder Sergey Brin today played the role of ringmaster in a modern-day circus for the second time at Google I/O as parachutists jumped from an airship to the roof of San Francisco's Moscone Center and bikers jumped and then rappelled down the exterior of the building.
The online industry doesn't need new privacy legislation because it is doing a good job of protecting users' privacy, an executive of an advertising trade group told U.S. lawmakers Thursday.
ZDI-12-113 : IBM Rational ClearQuest CQOle ActiveX Control Remote Code Execution Vulnerability
ZDI-12-112 : SAP Netweaver ABAP msg_server.exe Parameter Name Remote Code Execution Vulnerability
ZDI-12-111 : SAP Netweaver ABAP msg_server.exe Opcode 0x43 Remote Code Execution Vulnerability
ZDI-12-110 : Mozilla Firefox AttributeChildRemoved Use-After-Free Remote Code Execution Vulnerability
It's been a big month for tech news. What was the biggest announcement?
Google's Chrome OS-based laptops could now be on the shelves of a nearby Best Buy store.
Google today launched a version of its Chrome browser for iOS, the Apple mobile operating system that powers the iPhone and iPad.
ZDI-12-108 : Apple Quicktime TeXML sampleData Element Parsing Remote Code Execution Vulnerability
ZDI-12-109 : Apple Quicktime TeXML Karaoke Element Parsing Remote Code Execution Vulnerability
ZDI-12-107 : Apple Quicktime TeXML Style Element Parsing Remote Code Execution Vulnerability
Expanding its portfolio of cloud computing services, Google is launching an IaaS (infrastructure-as-a-service) package, called Google Compute Engine (GCE).
Many organizations have acquired legacy applications over the years, storing password data and other information in clear text, according to one noted security expert.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
[SECURITY] [DSA 2504-1] libspring-2.5-java security update
[SECURITY] [DSA 2503-1] bcfg2 security update
Ever wondered when, how or why the Internet Storm Center started? Want to know what we do, why we do it and how you can help! We'll summarize the information from https://isc.sans.edu/about.html in this feature and you can click through to read the specific sections in full.

About the Internet Storm Center - https://isc.sans.edu/about.html#about

Links to participate in the DShield program https://isc.sans.edu/participate.html and a link to details on the INFOCON threat alert https://isc.sans.edu/infocon.html.

ISC History and Overview - https://isc.sans.edu/about.html#history

Learn about what event prompted the formation of the ISC, how it went down and why.

Behind the Internet Storm Center - https://isc.sans.edu/about.html#behind

Tells about the people that make up ISC and the sensors that make DShield. The who, what and how of the Internet Storm Center and DShield sensor.

Early Warning - https://isc.sans.edu/about.html#early

How the ISC Handlers determine the significance of an event and if/how a warning is disseminated

Participating with the Internet Storm Center - https://isc.sans.edu/about.html#participate

We strongly encourange anyone who is able to contribute logs for analysis, including running a DShield sensor of your own that submits automatically. This section goes into detail of the how and benefits of submitting logs as a registered user. You can get started by visiting https://isc.sans.edu/howto.html.

The work is supported by the SANS Institute from tuition paid by students attending SANS security education programs. You can view all the SANSSite Network websites at https://isc.sans.edu/help/site_network or hold your mouse over the up/down arrows to the right of the ISClogo.

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form


Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center https://isc.sasns.edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Name: Eric Baldeschwieler
Google's new consumer media streaming device, the Nexus Q, poses little threat to Apple's growing Apple TV business, analysts said, with one calling Google's round sphere an 'Apple TV-1.'
A significant number of high-level technology executives appear to believe Silicon Valley's days as the world's innovation hub are numbered.
Lawyers for Samsung Electronics have petitioned a U.S. court to suspend a preliminary injunction that has blocked its Galaxy Tab 10.1 tablet computer from sale in the country.
Virgin Mobile consumers can now purchase iPhones on the carrier's prepaid wireless plans. Consumers will have to pay full price for the phones -- $649 for a 16GB iPhone 4S and $549 for an 8GB iPhone 4 -- but pay less for service than they'd pay for a plan that subsidized the cost of the phone.

Business Insider

Military Rape Survivors Call On Congress To Stop The Silent Epidemic
Business Insider
Big, Beautiful Photos Of The Only Rolls-Royce Dealership In New York City · More · Latest · Video · The Hive · Data · Your News · BI Intelligence · Events · About BI · Events · BI Intelligence · Military & Defense Home · Troops · Hardware · INFOSEC ...

Qualcomm on Thursday said it had restructured its business operations, adding a new unit to handle the chip business as the company tries to protect its portfolio of patents, which includes key mobile communications intellectual property.
Central to the success of Google's Nexus 7 tablet, the Nexus Q media player and other Android ventures sits Google Play, formerly called Android Market.
Soundfreaq's $100 SFQ-04 Sound Kick is a decent portable Bluetooth speaker. Its sound, looks, and features all strike me as acceptable, if unremarkable.
Salesforce.com experienced system problems in a number of regions on Thursday, starting at 3:34 a.m. PDT, according to an online status page.
Bcfg2 'Trigger' Plugin Remote Command Injection Vulnerability
ZDI-12-106 : Avaya IP Office Customer Call Reporter ImageUpload Remote Code Execution Vulnerability
Google is looking to make science fiction real when it ships its computerized eyeglasses by 2014.
Boosting its line of open-source middleware, Red Hatis in the process of acquiring open-source integration software vendor FuseSource from its parent company Progress Software. Terms of the deal were not disclosed.
[security bulletin] HPSBPI02794 SSRT100542 rev.1 - Certain HP Photosmart Printers, Remote Denial of Service (DoS)
Red Hat CEO Jim Whitehurst is coming up on his five-year anniversary at the helm, following his arrival in December 2007. Under Whitehurst's leadership, Red Hat's revenue has grown from US$523 million in its fiscal 2008 to more than $1.1 billion in its fiscal 2012, without deviating from its core strategy of open-source infrastructure software.
Google has added the ability to run App Engine applications on a cluster located in Europe, in order to improve performance for local users, the company said at the Google I/O developer conference.
Danish vulnerability intelligence and research firm Secunia has launched version 3.0 of its Personal Software Inspector patch management program, which can silently install security updates for many software applications.
Web development and open standards have triumphed, while the JavaFX framework is merely a last gasp
How do you get your Google+ app featured at Google's blockbuster I/O conference? According to Bjorn Haugland, the CEO of Symphonical, you just invite product manager Amit Fulay to join you in a Hangouts video chat and show him your stuff.
I've recently waged war with paper, so I've been looking at several PDF reader/annotator apps to try to reduce the seemingly never-ending number of dead trees that I eject from the printer. The latest app I've investigated is DocAS, a $5 PDF reader/annotator/note-taker by 9 Square. Unfortunately, I don't think DocAS is worth putting in my arsenal as I found it filled with bugs and quirky behaviors.
The Dutch government was unprepared to handle an SSL hack that caused the its communication infrastructure to be vulnerable for months, the Dutch Safety Board said in report on Thursday. Because the government was unable to replace the certificates immediately, citizen and company data was left unsecured, the board said.
When I tested the SpeechWare TableMike for the microphones for speech recognition buying guide, I used the company's 3-in-1 model. SpeechWare has now released new versions of their microphones, including the USB 6-in-1 TableMike, which includes a number of features and options that are not in the 3-in-1 model, such as an optional foot/hand switch that turns the microphone on and off.

Mobile device security threats are taking center stage as IT managers strive to protect and control these nimble creatures that contain company information and access the company network.  But looking at the big picture of all IT security concerns, just how significant are specific types of mobile device threats? According to one expert, mobile botnets, at least, should not keep you awake at night.

Mobile botnets are created when an attacker infects a number of mobile devices with malicious software. The infected devices communicate with other mobile devices, thus spreading the infection and growing the botnet. The attacker’s goal, in theory, is to gain root control of the mobile devices in order to use their combined bandwidth and computing power for nefarious means.

In an interview with SearchSecurity.com News Director Rob Westervelt, Joe Stewart, director of malware research at Dell SecureWorks, provided his perspective on the relative importance of the mobile botnet threat. Because mobile networks don’t have as much bandwidth as broadband connections, Stewart said, mobile botnets are not likely to be very profitable for the botnet operator.

“I don’t think you can say at this time that someone will get a whole lot of value out of a mobile botnet,” Stewart said. “There are certain categories where it is useful, but as a DDoS botnet, it would probably be pretty abysmal.”

However, findings by Symantec Corp. suggest revenue for the mobile botnet “industry” may be on the rise.  Writing in Symantec’s official blog in February, Symantec Security Response Engineer Cathal Mullaney noted the discovery of one particular mobile botnet that had the ability to use premium SMS scamming to generate millions of dollars a year.

Still, all indications suggest mobile botnets are a small niche in the overall threat landscape. Antimalware investments might be better spent in other areas right now, but be wary of a possible invasion of mobile botnets in the future as attackers prey on the relatively easy vulnerabilities of mobile platforms.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Symantec Web Gateway Arbitrary File Download And Delete Vulnerability
There are serious violations of worker rights at Apple's other suppliers in China, even as Foxconn tries to improve working conditions, according to a labor rights group in New York.
Google Wallet launched support for recurring subscription payments and has begun automatically assigning the lower of two fees for processing payments, Pali Baht, Google Wallet product manager for digital goods said at the I/O conference on Wednesday.
The hedge fund that owns most of troubled mobile startup LightSquared has been rocked by securities fraud charges filed by the U.S. Securities and Exchange Commission.
Hewlett-Packard's new Velocity software helps IT staff optimize network performance for users who work on its thin or zero clients, the company said on Wednesday.
Qualcomm has expanded its augmented reality platform with cloud-based image recognition, and announced a new SDK for adding contextual information to apps and a developer competition for Windows 8 RT.
Nokia has started rolling out a Windows Phone software update for the Lumia 800 and the Lumia 710, which includes Wi-Fi tethering and a feature that silences incoming calls and messages when the phone is turned face down, the company said in a blog post.

Cyber Security Challenge candidates fail to utilise free training
SC Magazine UK
Terry Neal, CEO of Infosec Skills, said it is offering training and education modules to those who enter the Cyber Security Challenge but only 20 per cent took up the option in the first year. Speaking to SC Magazine, Neal said that of the 60 who ...


SANS: Send 2 students to SEC401 or MGT414 for the price of 1
CSO (blog)
SEC401, SANS' flagship course, will teach you the language and theory of computer security, as well as the practical skills that all infosec professionals should possess. This vLive class will be taught by Tanya Baccam and Chris Christianson two nights ...

Microsoft will deemphasize the Windows desktop in future releases of its operating system as usage of traditional Windows applications falls to just 10% of users' time by 2020, analysts said this week.
A group of Republican Senators introduced on Wednesday a revised version of a previously proposed bill that seeks to improve cybersecurrity through improved information sharing between private industry and government.
With Amazon.com's most recent outage, cloud detractors and apologists alike missed its real lesson: All technology can fail. Insider (registration required)
Warrants used to seize external hard drives, laptops and phones from Megaupload founder Kim Dotcom's mansion in January are illegal, a New Zealand High Court judge ruled on Thursday.




/* Style Definitions */
{mso-style-name:"Table Normal";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-bidi-font-family:"Times New Roman";

Reader Yin wrote in after noticing a huge spike in unsolicited border gateway protocol (BGP) traffic. This same spike in BGP connections has also been noted on DShield's sensors [1]. Thankfully he provided a packet capture which contained numerous BGP OPEN [2] messages.

Here is a snippet of the BGP packet with the relevant details:

These messages all originated from the same system, based in Korea.

The Korean system IP is part of:

AS Number : AS9848


From my understanding of BGP, this system is attempting to pass itself off as AS65333, a private ASN [3] and poison the router with false details.

Whether misconfiguration or a malicious act is unknown at this point. Most, if not all routers should have basic protections in place to protect against this type of event having an effect [4].

Please let us know if you're seeing the same thing, can added anything further or if my analysis needs correcting.

UPDATE: Thank you to Reader Job for the clarification on private ASNs }

[2] http://www.inetdaemon.com/tutorials/internet/ip/routing/bgp/operation/messages/open.shtml

[3] http://www.apnic.net/services/services-apnic-provides/helpdesk/faqs/asn-faqs#UsePrivateASN

[4] http://www.inetdaemon.com/tutorials/internet/ip/routing/bgp/security/index.shtml

Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
It's hard to one-up skydivers flying into a tech conference while being live-streamed through Google's computerized glasses. But Google's Vic Gundotra might have done that when he told developers that they would be leaving Google I/O with the just-announced Nexus 7 tablet and Nexus Q home streaming device, as well as a Galaxy Nexus smartphone.
Internet Storm Center Infocon Status