InfoSec News

Motorola Xoom users on Thursday will finally get a promised free hardware upgrade so they can use Verizon's 4G LTE network.
The U.S. Department of Justice has asked Google for more information about its planned US$12.5 billion purchase of Motorola Mobility, potentially slowing the transaction, Google said in a blog post Wednesday.
Advanced Micro Devices on Wednesday reduced its revenue projection for its third fiscal quarter ending Oct. 1, citing manufacturing yield problems.
Gibbs just wanted to use a different DSL modem but AT&T had opinions about the switch
Quagga Multiple Remote Security Vulnerabilities
At $199, the price of Amazon's Kindle Fire tablet is a tempting purchase for some iPad owners, who are wondering whether the tablets will coexist or compete.
The White House this month began allowing people to create petitions on its website, and an early favorite asks the president to "direct the patent office to cease issuing software patents."
Hang on a minute. Last I checked, most CIOs had authority over the IT spending in their organizations, and a majority of you (68 percent) were members of the C-suite’s executive committee. That’s data drawn from a survey of 729 IT leaders one year ago in our annual State of the CIO survey.
SPEC, the standards body for performance benchmarks, has developed a tool-kit to help more accurately measure the energy efficiency of servers.
Wireshark OpenSafety Dissector Denial of Service Vulnerability
Wireshark Lua Script File Arbitrary Code Execution Vulnerability
Wireshark Malformed Packet Trace File Remote Denial of Service Vulnerability
Wireshark CSN.1 Dissector Remote Denial of Service Vulnerability
[ MDVSA-2011:136 ] openssl bumped up security and synchronization on its content management and sharing platform and teamed up with Hewlett-Packard and Motorola Mobility for pre-installation deals at its BoxWorks user conference in San Francisco.
ECMAScript 6, which will also provide developers with more convenience and security, is anticipated for release in 2013
Unauthorized charges on enterprise telecom bills are getting more sophisticated and harder to detect.
Mozilla on Tuesday patched 11 vulnerabilities in the desktop edition of Firefox as it upgraded the browser to version 7.
Advocacy group Free Press has filed a lawsuit challenging the U.S. Federal Communications Commission's net neutrality rules, with the group arguing the new regulations are too weak.
Novell GroupWise Internet Agent Yearly RRULE Variable Parsing Remote Code Execution Vulnerability
[ MDVSA-2011:137 ] openssl
Cisco Security Advisory: Cisco IOS Software Smart Install Remote Code Execution Vulnerability
QLogic today announced upgrades to its line of converged network adapters, as well as a new switch and router product that can consolidate LAN traffic.
Mac users can thank Microsoft for taking down a small but dangerous botnet -- Kelihos.
iDefense Security Advisory 09.26.11: Novell GroupWise iCal RRULE ByWeekNo Memory Corruption Vulnerability
Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Memory Leak Vulnerabilities
Cisco Security Advisory: Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities
(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Many businesses struggle to maintain PCI DSS compliance, suggesting meeting the standard is a goal rather than an ongoing initiative, according to a new report from Verizon Business.

Add to digg Add to StumbleUpon Add to Add to Google
Amazon's new Fire tablet may disrupt the Android market, but it's unlikely to have a significant impact on Apple's iPad business, analysts said today.
While the Kindle Fire tablet consumed much of the focus at Amazon's launch event Wednesday in New York, the company also showed off a bit of potentially radical software technology as well, namely the new browser for the Fire, called Silk.
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities
Cisco Security Advisory: Cisco IOS Software IPv6 over MPLS Vulnerabilities
Cisco Security Advisory: Cisco IOS Software IPv6 Denial of Service Vulnerability
Positioned as a data loss prevention tool, the app and server software focus on enforcing SharePoint content policies on iOS devices
Microsoft has signed a cross-license patent agreement with Samsung Electronics that grants Microsoft royalties from Samsung's Android-based smartphones and tablets, Microsoft said in a statement on Wednesday.
phpMyAdmin Multiple HTML Injection Vulnerabilities
iDefense Security Advisory 09.26.11: Novell GroupWise iCal Date Invalid Array Indexing Vulnerability
iDefense Security Advisory 09.26.11: Novell GroupWise iCal RRULE Weekday Recurrence Heap Overflow Vulnerability

Address Resolution protocol [1] in IPv4 is a method in which 48 bit ethernet addresses are matched up with network addresses. We cover many things here on the Storm Center, and lately Man in the Middle has come up often. One of the ways that Man in the middle can be achieved is via ARP Cache poisoning.

Wait, that sounds like a very old method? Shouldnt we be protected against that?

Most of your higher end hardware have ARP validation or Dynamic ARP inspection. The question often comes up is, who has turned the feature on? [2] [3]

There are simple tools and tutorials out on the Intertubes that demonstrate how to achieve an ARP cache poison man-in-the-middle [4] attack, so I will not reproduce them here. This diary is to simply state that I am seeing this in my day to day operations still and to increase awareness.

In this XSS web app penetration world, we often forget the lower layers and how to best protected them. 802.1x is pervasive in the Wifi space, and with the Wired edge disappearing, perhaps that is a blessing in disguise, but how many networks implement 802.1x at the edge? Or better? Data Center?

Fortunately the last event that was encountered was simply a miss-configuration, however it does demonstrate the risks. This client also had validation turned on and detected it but that was a first that I could remember.

Question for this diary, given that MiTM [4] is on our minds lately? What, if possible for you to share, steps do you take to insure L2 protection?





Richard Porter
--- ISC Handler on Duty
Twitter: packetalien
Email: richard at isc dot sans dot edu (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Argonne National Lab researchers say they easily hacked an electronic voting machine model that's expected to be widely used to tally votes in the 2012 elections using inexpensive, widely-available electronic components.
Amazon unveiled its much anticipated tablet, the Kindle Fire. The 7-in. tablet will cost $199. The company also announced a new touchscreen e-Ink device called the Kindle Touch.
Amazon unveiled its tablet computer, the $199 Android-based Kindle Fire, on Wednesday during a Manhattan launch event.
Integer overflow in Sterling Trader 7.0.2
Vulnerabilities in EViews 7.2
Vulnerabilities in PcVue 10 (SCADA)
Multiple vulnerabilities in Traq
FreeBSD Security Advisory FreeBSD-SA-11:03.bind
VUPEN Security Research - Novell GroupWise "BYWEEKNO" Remote Memory Corruption Vulnerability
FreeBSD Security Advisory FreeBSD-SA-11:05.unix
FreeBSD Security Advisory FreeBSD-SA-11:04.compress
Microstrategy is hoping to get its BI (business intelligence) software in front of people looking to get more out of Microsoft Excel with a new service, Cloud Personal, that is being offered at no charge.
Telecommuting, which allows people to work together from different locations, offers a wealth of opportunities for small businesses, including cost savings and the ability to quickly add specialized temporary workers. Telepresence tools, such as video conferencing, make telecommuting possible.
Visa Europe introduced an Android application on Wednesday that lets users send money to other Visa cardholders over their mobile phone, with security measures in place to alert users of possible fraud.
Linux Foundation and Limo Foundation are rebooting their efforts to compete with Apple and the Android camp by merging MeeGo and Limo into a new operating system called Tizen, with the backing of Intel and Samsung.
Oracle has developed a hardware road map that it hopes can pull Sparc away from its Sun Microsystems legacy.
Mozilla Firefox/Thunderbird/SeaMonkey OGG headers Use-After-Free Memory Corruption Vulnerability
VUPEN Security Research - Novell GroupWise "TZNAME" Remote Buffer Overflow Vulnerability
Barracuda Backup v2.0 - Multiple Web Vulnerabilities
European Security Services GPS v1.0 - Multiple Vulnerabilities
[SECURITY] [DSA 2311-1] openjdk-6 security update
Juniper this week unveiled a portfolio of switching, wireless and security products designed to enable enterprises to easily deploy them and then ensure management and security of all connected mobile devices.
Ayco Shop 'id' Parameter Multiple SQL Injection Vulnerabilities
Citrix Provisioning Services Remote Code Execution Vulnerability

Online monitoring: An undemocratic move for Internet control
Bareja is involved in training and conducts regular online mentoring sessions, as well as maintains for InfoSec certifications. You can connect with him at [email protected]

Google's smartphone payment app, Google Wallet, has brought the ease of paying for goods with the tap of a phone to America.
Multisite Global Search Plugin 'mssearch' Parameter Cross Site Scripting Vulnerability
Barracuda Backup Service Multiple Security Vulnerabilities
Oracle has developed a hardware roadmap that it hopes can pull Sparc away from its Sun Microsystems legacy.
Google has acquired land in Hong Kong, Taiwan and Singapore to build data centers in these three locations, it said Wednesday.
Sony said Wednesday it had acquired a small medical researcher in the U.S. and plans to enter the market for portable medical testing.
IBM has launched a system designed to help cities ease parking congestion and collect more parking fees, the company announced Wednesday. The service could also help motorists find parking spaces more easily in crowded urban areas.
Google's smartphone payment app, Google Wallet, has brought the ease of paying for goods with the tap of a phone to America.
redmind Online-Shop / E-Commerce-System 'prodID' Parameter SQL Injection Vulnerability

Posted by InfoSec News on Sep 27

By Elinor Mills
InSecurity Complex
CNet News
September 27, 2011

Hackers today released personal information for Goldman Sachs Chief
Executive Officer Lloyd Blankfein.

The document, posted to the Pastebin Web site, includes the CEO's age,
recent addresses, details of litigation he has been involved in, as well
as registration information for...

Posted by InfoSec News on Sep 27

The 2nd Android DevCon, November 6-9 in San Francisco, is the technical
conference for software developers building or selling Android apps, arrives
after a smashing debut in March, 2011 (nearly 1,000 attendees and 20 major
sponsors).  It will offer one day of intensive workshops, followed by three
days of technical classes.  More than 1,000 software developers, engineers and
entrepreneurs from 35 nations are projected to attend Android...

Posted by InfoSec News on Sep 27

By Tim Wilson
Dark Reading
Sept 26, 2011

Say the word "security" in most large corporations, and you'll generally
get two very different responses: One is a group of IT technicians in
the data center; the other is a group of armed guards.

Historically, these two...

Posted by InfoSec News on Sep 27

By Jeremy Kirk
IDG News Service
September 27, 2011

Hackers have found a new hook to trick people into opening malicious
attachments: send emails that purport to come from office printers, many
of which now have the ability to email scanned documents.

"This is a new tactic we haven't really seen before," said Paul Wood,

Posted by InfoSec News on Sep 27

By Mathew J. Schwartz
September 27, 2011

A security firm warned Monday that the website for downloading the
popular MySQL open source relational database was infecting PCs via
drive-by downloads.

Browsers that visited Monday were immediately injected with a
JavaScript executable, which generated an iFrame that redirected to a
website hosting the Black...

Posted by InfoSec News on Sep 27

By C.S. Magor
The UberReview
September 27, 2011

Troy Lange might work for one of the more secretive spy agencies in the
United States, but he is happy to talk about his work. He is the NSA’s
mobility mission manager and he has been tasked with creating a
smartphone that is secure enough to allow government personnel who deal
with highly sensitive information to take...
Internet Storm Center Infocon Status