InfoSec News

Motorola Xoom users on Thursday will finally get a promised free hardware upgrade so they can use Verizon's 4G LTE network.
 
The U.S. Department of Justice has asked Google for more information about its planned US$12.5 billion purchase of Motorola Mobility, potentially slowing the transaction, Google said in a blog post Wednesday.
 
Advanced Micro Devices on Wednesday reduced its revenue projection for its third fiscal quarter ending Oct. 1, citing manufacturing yield problems.
 
Gibbs just wanted to use a different DSL modem but AT&T had opinions about the switch
 
Quagga Multiple Remote Security Vulnerabilities
 
At $199, the price of Amazon's Kindle Fire tablet is a tempting purchase for some iPad owners, who are wondering whether the tablets will coexist or compete.
 
The White House this month began allowing people to create petitions on its website, and an early favorite asks the president to "direct the patent office to cease issuing software patents."
 
Hang on a minute. Last I checked, most CIOs had authority over the IT spending in their organizations, and a majority of you (68 percent) were members of the C-suite’s executive committee. That’s data drawn from a survey of 729 IT leaders one year ago in our annual State of the CIO survey.
 
SPEC, the standards body for performance benchmarks, has developed a tool-kit to help more accurately measure the energy efficiency of servers.
 
Wireshark OpenSafety Dissector Denial of Service Vulnerability
 
Wireshark Lua Script File Arbitrary Code Execution Vulnerability
 
Wireshark Malformed Packet Trace File Remote Denial of Service Vulnerability
 
Wireshark CSN.1 Dissector Remote Denial of Service Vulnerability
 
[ MDVSA-2011:136 ] openssl
 
Box.net bumped up security and synchronization on its content management and sharing platform and teamed up with Hewlett-Packard and Motorola Mobility for pre-installation deals at its BoxWorks user conference in San Francisco.
 
ECMAScript 6, which will also provide developers with more convenience and security, is anticipated for release in 2013
 
Unauthorized charges on enterprise telecom bills are getting more sophisticated and harder to detect.
 
Mozilla on Tuesday patched 11 vulnerabilities in the desktop edition of Firefox as it upgraded the browser to version 7.
 
Advocacy group Free Press has filed a lawsuit challenging the U.S. Federal Communications Commission's net neutrality rules, with the group arguing the new regulations are too weak.
 
Novell GroupWise Internet Agent Yearly RRULE Variable Parsing Remote Code Execution Vulnerability
 
[ MDVSA-2011:137 ] openssl
 
Cisco Security Advisory: Cisco IOS Software Smart Install Remote Code Execution Vulnerability
 
QLogic today announced upgrades to its line of converged network adapters, as well as a new switch and router product that can consolidate LAN traffic.
 
Mac users can thank Microsoft for taking down a small but dangerous botnet -- Kelihos.
 
iDefense Security Advisory 09.26.11: Novell GroupWise iCal RRULE ByWeekNo Memory Corruption Vulnerability
 
Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerabilities
 
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Many businesses struggle to maintain PCI DSS compliance, suggesting meeting the standard is a goal rather than an ongoing initiative, according to a new report from Verizon Business.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Amazon's new Fire tablet may disrupt the Android market, but it's unlikely to have a significant impact on Apple's iPad business, analysts said today.
 
While the Kindle Fire tablet consumed much of the focus at Amazon's launch event Wednesday in New York, the company also showed off a bit of potentially radical software technology as well, namely the new browser for the Fire, called Silk.
 
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities
 
Cisco Security Advisory: Cisco IOS Software IPv6 over MPLS Vulnerabilities
 
Cisco Security Advisory: Cisco IOS Software IPv6 Denial of Service Vulnerability
 
Positioned as a data loss prevention tool, the app and server software focus on enforcing SharePoint content policies on iOS devices
 
Microsoft has signed a cross-license patent agreement with Samsung Electronics that grants Microsoft royalties from Samsung's Android-based smartphones and tablets, Microsoft said in a statement on Wednesday.
 
phpMyAdmin Multiple HTML Injection Vulnerabilities
 
iDefense Security Advisory 09.26.11: Novell GroupWise iCal Date Invalid Array Indexing Vulnerability
 
iDefense Security Advisory 09.26.11: Novell GroupWise iCal RRULE Weekday Recurrence Heap Overflow Vulnerability
 


Address Resolution protocol [1] in IPv4 is a method in which 48 bit ethernet addresses are matched up with network addresses. We cover many things here on the Storm Center, and lately Man in the Middle has come up often. One of the ways that Man in the middle can be achieved is via ARP Cache poisoning.


Wait, that sounds like a very old method? Shouldnt we be protected against that?


Most of your higher end hardware have ARP validation or Dynamic ARP inspection. The question often comes up is, who has turned the feature on? [2] [3]

There are simple tools and tutorials out on the Intertubes that demonstrate how to achieve an ARP cache poison man-in-the-middle [4] attack, so I will not reproduce them here. This diary is to simply state that I am seeing this in my day to day operations still and to increase awareness.

In this XSS web app penetration world, we often forget the lower layers and how to best protected them. 802.1x is pervasive in the Wifi space, and with the Wired edge disappearing, perhaps that is a blessing in disguise, but how many networks implement 802.1x at the edge? Or better? Data Center?

Fortunately the last event that was encountered was simply a miss-configuration, however it does demonstrate the risks. This client also had validation turned on and detected it but that was a first that I could remember.

Question for this diary, given that MiTM [4] is on our minds lately? What, if possible for you to share, steps do you take to insure L2 protection?





[1] http://tools.ietf.org/html/rfc826

[2] http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/dynarp.html

[3] http://www.juniper.net/techpubs/software/erx/erx50x/swconfig-routing-vol1/html/ip-config8.html

[4] http://en.wikipedia.org/wiki/Man-in-the-middle_attack

Richard Porter
--- ISC Handler on Duty
Twitter: packetalien
Email: richard at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Argonne National Lab researchers say they easily hacked an electronic voting machine model that's expected to be widely used to tally votes in the 2012 elections using inexpensive, widely-available electronic components.
 
Amazon unveiled its much anticipated tablet, the Kindle Fire. The 7-in. tablet will cost $199. The company also announced a new touchscreen e-Ink device called the Kindle Touch.
 
Amazon unveiled its tablet computer, the $199 Android-based Kindle Fire, on Wednesday during a Manhattan launch event.
 
Integer overflow in Sterling Trader 7.0.2
 
Vulnerabilities in EViews 7.2
 
Vulnerabilities in PcVue 10 (SCADA)
 
Multiple vulnerabilities in Traq
 
FreeBSD Security Advisory FreeBSD-SA-11:03.bind
 
VUPEN Security Research - Novell GroupWise "BYWEEKNO" Remote Memory Corruption Vulnerability
 
FreeBSD Security Advisory FreeBSD-SA-11:05.unix
 
FreeBSD Security Advisory FreeBSD-SA-11:04.compress
 
Microstrategy is hoping to get its BI (business intelligence) software in front of people looking to get more out of Microsoft Excel with a new service, Cloud Personal, that is being offered at no charge.
 
Telecommuting, which allows people to work together from different locations, offers a wealth of opportunities for small businesses, including cost savings and the ability to quickly add specialized temporary workers. Telepresence tools, such as video conferencing, make telecommuting possible.
 
Visa Europe introduced an Android application on Wednesday that lets users send money to other Visa cardholders over their mobile phone, with security measures in place to alert users of possible fraud.
 
Linux Foundation and Limo Foundation are rebooting their efforts to compete with Apple and the Android camp by merging MeeGo and Limo into a new operating system called Tizen, with the backing of Intel and Samsung.
 
Oracle has developed a hardware road map that it hopes can pull Sparc away from its Sun Microsystems legacy.
 
Mozilla Firefox/Thunderbird/SeaMonkey OGG headers Use-After-Free Memory Corruption Vulnerability
 
VUPEN Security Research - Novell GroupWise "TZNAME" Remote Buffer Overflow Vulnerability
 
Barracuda Backup v2.0 - Multiple Web Vulnerabilities
 
European Security Services GPS v1.0 - Multiple Vulnerabilities
 
[SECURITY] [DSA 2311-1] openjdk-6 security update
 
Juniper this week unveiled a portfolio of switching, wireless and security products designed to enable enterprises to easily deploy them and then ensure management and security of all connected mobile devices.
 
Ayco Shop 'id' Parameter Multiple SQL Injection Vulnerabilities
 
Citrix Provisioning Services Remote Code Execution Vulnerability
 

Online monitoring: An undemocratic move for Internet control
SearchSecurity.in
Bareja is involved in training and conducts regular online mentoring sessions, as well as maintains thefaqproject.com for InfoSec certifications. You can connect with him at [email protected]

 
Google's smartphone payment app, Google Wallet, has brought the ease of paying for goods with the tap of a phone to America.
 
Multisite Global Search Plugin 'mssearch' Parameter Cross Site Scripting Vulnerability
 
Barracuda Backup Service Multiple Security Vulnerabilities
 
Oracle has developed a hardware roadmap that it hopes can pull Sparc away from its Sun Microsystems legacy.
 
Google has acquired land in Hong Kong, Taiwan and Singapore to build data centers in these three locations, it said Wednesday.
 
Sony said Wednesday it had acquired a small medical researcher in the U.S. and plans to enter the market for portable medical testing.
 
IBM has launched a system designed to help cities ease parking congestion and collect more parking fees, the company announced Wednesday. The service could also help motorists find parking spaces more easily in crowded urban areas.
 
Google's smartphone payment app, Google Wallet, has brought the ease of paying for goods with the tap of a phone to America.
 
redmind Online-Shop / E-Commerce-System 'prodID' Parameter SQL Injection Vulnerability
 

Posted by InfoSec News on Sep 27

http://news.cnet.com/8301-27080_3-20112400-245/hackers-leak-data-of-goldman-sachs-ceo/

By Elinor Mills
InSecurity Complex
CNet News
September 27, 2011

Hackers today released personal information for Goldman Sachs Chief
Executive Officer Lloyd Blankfein.

The document, posted to the Pastebin Web site, includes the CEO's age,
recent addresses, details of litigation he has been involved in, as well
as registration information for...
 

Posted by InfoSec News on Sep 27

The 2nd Android DevCon, November 6-9 in San Francisco, is the technical
conference for software developers building or selling Android apps, arrives
after a smashing debut in March, 2011 (nearly 1,000 attendees and 20 major
sponsors).  It will offer one day of intensive workshops, followed by three
days of technical classes.  More than 1,000 software developers, engineers and
entrepreneurs from 35 nations are projected to attend Android...
 

Posted by InfoSec News on Sep 27

http://www.darkreading.com/vulnerability-management/167901026/security/security-management/231602187/physical-logical-security-worlds-continue-slow-convergence.html

By Tim Wilson
Dark Reading
Sept 26, 2011

Say the word "security" in most large corporations, and you'll generally
get two very different responses: One is a group of IT technicians in
the data center; the other is a group of armed guards.

Historically, these two...
 

Posted by InfoSec News on Sep 27

http://www.computerworld.com/s/article/9220315/Scammers_pretend_to_be_friendly_office_printers

By Jeremy Kirk
IDG News Service
September 27, 2011

Hackers have found a new hook to trick people into opening malicious
attachments: send emails that purport to come from office printers, many
of which now have the ability to email scanned documents.

"This is a new tactic we haven't really seen before," said Paul Wood,
senior...
 

Posted by InfoSec News on Sep 27

http://www.informationweek.com/news/security/attacks/231602232

By Mathew J. Schwartz
InformationWeek
September 27, 2011

A security firm warned Monday that the website for downloading the
popular MySQL open source relational database was infecting PCs via
drive-by downloads.

Browsers that visited MySQL.com Monday were immediately injected with a
JavaScript executable, which generated an iFrame that redirected to a
website hosting the Black...
 

Posted by InfoSec News on Sep 27

http://www.uberreview.com/2011/09/the-nsa-wants-its-own-smartphone.htm

By C.S. Magor
The UberReview
September 27, 2011

Troy Lange might work for one of the more secretive spy agencies in the
United States, but he is happy to talk about his work. He is the NSA’s
mobility mission manager and he has been tasked with creating a
smartphone that is secure enough to allow government personnel who deal
with highly sensitive information to take...
 
Internet Storm Center Infocon Status