InfoSec News

This year, a smaller percentage of U.S. Internet users are contributing to social media sites -- uploading videos, writing blog entries, posting comments to news articles and writing online product reviews -- than in 2009, according to Forrester Research.
 
Internet policymakers and industry leaders are hailing the Obama Administration's plan to upgrade all federal Web sites and e-government services over the next two years to support IPv6.
 
Enterprise BlackBerry handsets can now be remotely managed via an Odyssey Software plug-in, based on its Athena device management code, for RIM's BlackBerry Enterprise Server.
 
ISC reader Keith reports a strange packet on his network. He gets the following alert
9/28/2010 2:09 PM : C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET 272: Sep 28 19:09:41: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 5 times)Packet received with invalid source MAC address (45:42:55:47:3D:57) on port Po1 in vlan 24
and the following packet to go with it:
0000 3d 3d 4b 56 3d 44 45 42 55 47 3d 57 26 4c 3d 3d

0010 64 61 79 6c 69 67 68 74 20 72 65 6b 69 63 6b 21

0020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0030 00 00 00 00 00 00 00 00 00 00 00 00
No surprise really that this packet is illegal. When parsed into plain ASCII, it reads
==KV=DEBUG=WL==

daylight rekick!
Has anyone seen this before and might know what sort of device could be burping out these non-IP packets directly onto the VLAN? (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Emergency patch repairs a vulnerability in the ASP.NET framework that causes faulty AES encryption implementations.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

ASP.NET - Microsoft - Programming - Advanced Encryption Standard - ASP
 
Reports are circulating on the Internet that Facebook executives are a few years away from taking the company public.
 
Draft legislation from the U.S. Congress would create a new network neutrality law but would prohibit the FCC from making its own rules prohibiting broadband providers from selectively slowing Web traffic.
 
Enterprise adoption of SharePoint is rapidly on the rise: A new survey from document management company Global 360 reveals that 90% of the survey's 886 respondents use SharePoint, with 8% using SharePoint 2010.
 
Analysts say RIM faces a very difficult task in marketing its new PlayBook tablet to both consumer and business users.
 
Reports are circulating on the Internet that Facebook executives are a few years away from taking the company public.
 
The first public beta of version 14 of the Fedora Linux distribution edges towards potential enterprise use
 
A new law makes it illegal in California to maliciously impersonate someone online.
 
Microsoft on Monday added new security features to its Windows Live Hotmail Web mail service to help users regain control of hijacked accounts.
 
Companies like Melodeo, SEOmoz and startup Spiral Genetics say they wouldn't be where they are now without access to hosted computing services.
 
Legacy enterprise software, like well-known CRM and ERP applications, are moving to the cloud, but new kinds of applications will need to be developed to take full advantage of these computing services, said Amazon's Web Services chief.
 
Google pulled out its wallet and went on an acquisition spree this year, according to research firm CB Insights.
 
Bill Brenner reached a troubling conclusion as he reported this year's Global Information Security Survey results: CSOs and CIOs are not exactly on the same page when it comes to corporate security.
 
Microsoft today delivered an emergency patch for a Windows Web server flaw that is being actively exploited by hackers.
 
The federal government has selected the last of 62 regional extension centers that will assist remote medical facilities and private physician practices in converting from paper to electronic medical records.
 
Following Friday's tip on how to share a link, reader Jeff wants to know more. Specifically, he's curious about sharing embedded links, like the one in the preceding sentence. He knows how to copy and paste from the browser's address bar, but wants to provide the actual link that's under the hyperlinked text--not just the text itself.
 
Microsoft Bulletin MS10-070 has been released. An update is now available that addresses the ASP.NET information disclosure vulnerability (CVE-2010-3332) that we reported on earlier
The core pieces in the advisory are probably in the sections that read
In Microsoft .NET Framework 3.5 Service Pack 1 and above, this vulnerability can be used by an attacker to retrieve the contents of any file within the ASP.NET application, including web.config and This vulnerability can also be used for data tampering, which, if successfully exploited, could be used to decrypt and tamper with the data encrypted by the server.
Translated, this means that the vulnerability undermines basic web application security. I suspect that online shops and such might rate the risk that an attacker can read any file on their web application server a bit higher than just important.
According to the bulletin, MSFT are aware of active attacks.
In combination, this sure sounds like PATCH NOW! to me.

Update 1800UTC: If you're wondering what a Padding Oracle is, the original attack is described very well in this research paper.
Update 1830UTC: Changing InfoCon to YELLOW, to raise awareness for this problem and patch. We'll go back to GREEN in 24hrs unless significant new information develops. (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
By now, you probably know that Microsoft is releasing Office 2011, the latest version of its productivity suite, at the end of October. (We’re posting our reviews of Word 2011, Excel 2011, PowerPoint 2011, and the rest this week.) What you may not know is whether or not you should buy that suite when it arrives.
 
Kno, the small start-up that announced a dual-panel touchscreen device this year, has a 14.1-inch single-panel device in the works.
 
A CDW business continuity survey showed that 25% of its customers reported a network disruption over the past year, yet only 44% said employees could work from home during the outage.
 
AOL has made two acquisitions to boost its content offerings, buying technology news blog TechCrunch and video syndication platform 5min Media.
 
Minnesota Tuesday disclosed plans to have some 33,000 state workers use a cloud-based e-mail system hosted by Microsoft.
 
Microsoft today announced that Office for Mac 2011 will launch Oct. 26, the same date leaked by Amazon.com earlier this month.
 
Kno, the small start-up that announced a dual-panel touchscreen device this year, has a 14.1-inch single-panel device in the works.
 
Some developers of the OpenOffice.org desktop productivity suite announced a break from Oracle on Tuesday, introducing a new name for the project and establishing a new foundation to guide its future.
 
By buying Hyperformix, CA Technologies will boost its virtualization portfolio
 
Microsoft has created status dashboards for the three data centers that power its Business Productivity Online Suite (BPOS), a set of hosted communication and collaboration applications for workplaces.
 
One of Computerworld's Premier 100 IT leaders has advice on communicating more clearly, and dealing with a poorly performing peer.
 
Attackers are targeting a weakness in the ASP.NET Web application framework. A fix is expected today at 1 p.m. ET.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Microsoft - ASP.NET - Programming - ASP - NET
 
Let’s face it: The Android browser isn’t perfect. While performance is improving with each update (Android 2.2, in particular, boosted the speed of the browser with a new Javascript engine), it’s a fairly bare-bones browser compared with some of the others available in the Android Market.
 
As more states ban the practice – Massachusetts will become the 31st to do so on Thursday – new research from the insurance industry claims that the prohibition of texting while driving does not reduce auto crashes and may actually increase them.
 
Writing applications for devices like tablets and smartphones could become more challenging as CPUs and hardware accelerators are added to mobile chips, experts agreed at a processor conference on Monday.
 
If you've been hoping a giant like Google, Microsoft, Facebook or Cisco will scoop up your company, here are some tips: Don't e-mail Steve Ballmer directly, don't tell wild stories about how great your company is, don't use the press to start a bidding war and don't sign perpetual contracts with customers.
 
Some developers of the OpenOffice.org desktop productivity suite announced a break from Oracle on Tuesday, introducing a new name for the project and establishing a new foundation to guide its future.
 
Unable to find a way to turn a profit, the Xmarks browser bookmark service will close its doors in January, four years after its founding.
 
Sony Ericsson has unveiled a remote control with a 1.3-inch screen that will allow Android smartphone users to view Facebook and Twitter updates and control their phone's music player.
 
Seeking to shed its Microsoft root, CodePlex Foundation has become the Outercurve Foundation
 
Ericsson will acquire Nortel's global multiservice switching assets for $65 million.
 
Smart succession planning ensures IT departments have expertise waiting in the wings when a key employee moves on.
 
InfoSec News: Iran admits Stuxnet worm infected PCs at nuclear reactor: http://www.computerworld.com/s/article/9188147/Iran_admits_Stuxnet_worm_infected_PCs_at_nuclear_reactor
By Gregg Keizer Computerworld September 27, 2010
Although some computers at Iran's Bushehr nuclear reactor were infected by the Stuxnet worm, none of the facility's crucial control systems were affected, Iranian officials claimed Sunday.
The news followed Saturday's admission by Iran that Stuxnet had infected at least 30,000 computers in the country. The worm, which researchers have dubbed the most sophisticated malware ever, targets Windows PCs that manage large-scale industrial-control systems in manufacturing and utility companies.
Those control systems, called SCADA, for "supervisory control and data acquisition," manage and monitor machinery in power plants, factories, pipelines and military installations.
"The studies show that few PCs of Bushehr nuclear power plant workers are infected with the virus," Mahmoud Jafari, the facility's project manager, told Iran's state-run Islamic Republic News Agency on Sunday.
[...]
 
InfoSec News: DHS Launches Cyber Attack Exercise: http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=227500797
By J. Nicholas Hoover InformationWeek September 28, 2010
For three or four days this week, the Internet will come under a virtual attack from an unknown adversary, and it will be up to the government [...]
 
InfoSec News: CIA used 'illegal, inaccurate code to target kill drones': http://www.theregister.co.uk/2010/09/24/cia_netezza/
By Chris Williams The Register 24th September 2010
The CIA is implicated in a court case in which it's claimed it used an illegal, inaccurate software "hack" to direct secret assassination drones in central Asia. [...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, September 19, 2010: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, September 19, 2010
1 Incidents Added.
======================================================================== [...]
 
InfoSec News: Stuxnet Attack Exposes Inherent Problems In Power Grid Security: http://www.darkreading.com/insiderthreat/security/attacks/showArticle.jhtml?articleID=227500817
By Kelly Jackson Higgins DarkReading Sept 27, 2010
While the Stuxnet worm attack has raised the bar for targeted attacks on the critical infrastructure, it's not the first time the power grid has [...]
 
InfoSec News: POS System Breached?: http://www.bankinfosecurity.com/articles.php?art_id=2949
By Linda McGlasson Managing Editor Bank Info Security September 27, 2010
A summertime spike in credit card fraud in the Tallahassee, Fla., region is linked to one restaurant that had its point of sale software targeted [...]
 
The Apple Peel 520, a Chinese-developed product that drew the media's attention for being able to turn an iPod Touch into an iPhone-like device, is coming to America.
 

Savid Technologies' CEO Michael Davis Gives Successful Presentation at Infosec 10
PR Web (press release)
Technologists and security professionals came out in full force on September 14th at Infosec in Nashville to hear Michael Davis, CEO of Savid Technologies, ...

 

Posted by InfoSec News on Sep 28

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=227500797

By J. Nicholas Hoover
InformationWeek
September 28, 2010

For three or four days this week, the Internet will come under a virtual
attack from an unknown adversary, and it will be up to the government
and private sector's coordinated efforts to root out the cause and work
together to keep systems up and running -- at least within the simulated...
 

Posted by InfoSec News on Sep 28

http://www.theregister.co.uk/2010/09/24/cia_netezza/

By Chris Williams
The Register
24th September 2010

The CIA is implicated in a court case in which it's claimed it used an
illegal, inaccurate software "hack" to direct secret assassination
drones in central Asia.

The target of the court action is Netezza, the data warehousing firm
that IBM bid $1.7bn for on Monday. The case raises serious questions
about the conduct of Netezza...
 

Posted by InfoSec News on Sep 28

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, September 19, 2010

1 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported
data loss incidents world-wide. The Open Security Foundation asks for
contributions of new incidents and new data for...
 

Posted by InfoSec News on Sep 28

http://www.darkreading.com/insiderthreat/security/attacks/showArticle.jhtml?articleID=227500817

By Kelly Jackson Higgins
DarkReading
Sept 27, 2010

While the Stuxnet worm attack has raised the bar for targeted attacks on
the critical infrastructure, it's not the first time the power grid has
been in the bull's eye. Attacks against these systems are actually quite
common -- it's just that they are mostly kept under wraps and rarely
face...
 

Posted by InfoSec News on Sep 28

http://www.bankinfosecurity.com/articles.php?art_id=2949

By Linda McGlasson
Managing Editor
Bank Info Security
September 27, 2010

A summertime spike in credit card fraud in the Tallahassee, Fla., region
is linked to one restaurant that had its point of sale software targeted
by hackers, resulting in $200,000 in fraud losses.

Julie's Place, a Tallahassee eatery, was identified by the Leon County
Sheriff's Office Financial Crimes Unit as the...
 

Posted by InfoSec News on Sep 28

http://www.computerworld.com/s/article/9188147/Iran_admits_Stuxnet_worm_infected_PCs_at_nuclear_reactor

By Gregg Keizer
Computerworld
September 27, 2010

Although some computers at Iran's Bushehr nuclear reactor were infected
by the Stuxnet worm, none of the facility's crucial control systems were
affected, Iranian officials claimed Sunday.

The news followed Saturday's admission by Iran that Stuxnet had infected
at least 30,000 computers in...
 

Internet Storm Center Infocon Status