InfoSec News

HTC said on Wednesday its newest smartphones models had all passed a required U.S. Customs review, clearing device shipments to the country after they were previously delayed because of the inspection.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Whether or not Facebook acquires facial recognition services provider Face.com, as rumors say it will, the persistence of the speculation calls attention to the expanding use of the technology in social applications.
Oracle may lay out how it plans to become a player in the burgeoning PaaS (platform as a service) market next week during a webcast event featuring CEO Larry Ellison and co-president Mark Hurd.
HTTP as a protocol has done pretty well so far. Initially intended to be a delivery medium for scientific data and documents, HTTPhas become The Web / The Internet for most people and the content being transmitted via HTTPhas changed a lot from its initial days.
There are two limitations in particular that some modern proposals attempt to overcome:
- request based nature of HTTP: The server will not be able to notify the client of new data

- latency:HTTPuses pretty extensive headers and isn't exactly latency friendly.
Google in particular has put out a number of proposals to address some of these challenges:
1 - Sending HTTP request data on SYN
The TCPRFC always allowed to send data on SYN, but nobody really attempted to do it... ever. A standard HTTPrequest is typically a couple of hundred bytes in size. It is unlikely that it will get fragmented, and it would make sense to send it as part of the SYNpacket, removing the overhead (in particular latency) caused by properly establishing the TCPconnection first. Establishing the full 3 way handshake will easily add 100ms to a new connection on a well connected server.
However, if you have ever done any kind of IDS work, the idea of sending data on SYN probably doesn't sound all that comforting, and I would assume that many firewalls/IPSs/IDSs will not allow data on SYNto pass unnoticed.
2 - Compressing HTTPheaders / SPDY
Most browsers will support compressing the HTTPbody. However, they do not support compressing HTTP headers right now. A proposal to frame HTTPrequests called SPDY (pronounce speedy), among other features, includes the ability to compress HTTPheaders. This should be in particular interesting for asymmetric internet connections with little upstream bandwidth.
SPDY in itself is probably worth a future diary as it provides a lot more then just compressed headers. It is implemented (but turned off by default) in recent versions of Chrome and Firefox). Twitter starts using SPDY so does Google on select pages. Interestingly, SPDY is currently only used over SSL.
3 - Websockets
Websockets (in addition to SPDY) are an attempt to allow the web server to notify the client about new events. Think about web mail or instant messenger software notifying you of a new message. The web sockets specification has had a rough start, but got finalized last November. It starts to see some use on social networking websites.
4 - Speed + Mobility
Microsoft came up with its own proposal: Speed + Mobility . So far, I am not aware of any implementations of it, and it may be pre-empted by SPDY as it directly competes with SPDY.
Looking further ahead: All of this (SPDY, S+M...) may ultimately become HTTP 2.0. HTTP 2.0 is specifically going to address performance issues, and SPDY as well as S+M are trying to address these.
[1] http://googlecode.blogspot.com/2012/01/lets-make-tcp-faster.html

[2] http://dev.chromium.org/spdy/spdy-whitepaper



Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A sophisticated malware toolkit has targeted Iran, Lebanon, Syria, Sudan and Israel, and is believed to be part of a cyberespionage operation.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
On-the-go reader Wally Bock would like to move his email from here to there. He writes:
Samsung will launch this week two new Chrome OS-based computers, a laptop and desktop that have been designed to be significantly faster and more versatile than previous models.
Sprint Nextel will finish shutting down its narrowband iDEN network as early as June 30, 2013, the company disclosed on Tuesday.
The newest release of the Red Hat-sponsored Fedora Linux distribution includes a number of technologies that haven't made their way into Red Hat Enterprise Linux (RHEL) yet, including a new version of the OpenStack cloud platform, code-named Essex, that the company plans to adopt in future editions of its flagship distribution.
Corporations are starting to embrace technologies used to monitor employee Internet use, with 60% expected to watch their workers social media use for security breaches by 2015, according to Gartner.
While analysts ridicule the idea of a Facebook smartphone, one Paris-based marketing expert predicts that a 'FacePhone' will appear in 18 months -- and that the social networking giant will buy Nokia for $10 billion to make it happen.
The sophisticated cyber espionage malware known as 'Flame' was discovered after computers within Iran's energy industry were wiped clean of data, a security expert said today.
Twelve individuals were detained by Romanian authorities on Tuesday, suspected of being members of a cybercriminal group that hacked into the websites of various Romanian and foreign public institutions and government agencies.
Apple today laid out the schedule for its Worldwide Developers Conference (WWDC), and confirmed that it will, as usual, kick off the annual meeting with a keynote address, likely hosted by CEO Tim Cook.
Dell announced a prototype low-power server with ARM processors, following a growing demand by Web companies for custom-built servers that can scale performance while reducing financial overhead on data centers.
DDIVRT-2012-43 SCLIntra Enterprise SQL Injection and Authentication Bypass
[ MDVSA-2012:084 ] ncpfs
[ MDVSA-2012:083 ] util-linux

NetClarity Receives Expansion Capital from Rose Park Advisors Disruptive ...
San Francisco Chronicle (press release)
Bedford, MA (PRWEB) May 29, 2012 NetClarity, Inc., the leading provider of Next Generation Network Access Control (NAC) technology in the marketplace, on the heels of receiving the "Most Innovative New Security Product for 2012" award from InfoSec ...

and more »
Book Crawler--a $2 app for iPhone and iPad from Jaime Sokes--is an excellent way to create and keep a database of your books, but only after you overcome the challenge of understanding how the app works.
Mobile payments will reach $171 billion globally in 2012, a 62% increase over last year's total of $105.9 billion, according to research firm Gartner Inc.
The rest of 2012 will be very challenging for smartphone makers as they struggle to find ways to differentiate their "black slabs," Richard Kramer, managing partner at Arete Research, said during the opening address at the Open Mobile Summit conference in London.
For fans of soccer--or football, on the other side of the Atlantic--the just-completed season was one for the books. Manchester City won the English Premier League in the waning moments of the season. Unheralded Montpellier took the title in France, while Juventus returned to glory in Serie A. And Chelsea took Europe's big prize, with a stirring and improbable run to Champions League glory. It's the kind of excitement you don't want to see come to an end, even with the Euro 2012 tournament set to get underway in a few weeks. And if you've got an iPhone, iPod touch, or iPad, you don't have to let something as inconvenient as an off-season stand in the way of you and constant soccer excitement.

NetClarity Receives Expansion Capital from Rose Park Advisors Disruptive ...
PR Web (press release)
NetClarity, Inc., the leading provider of Next Generation Network Access Control (NAC) technology in the marketplace, on the heels of receiving the “Most Innovative New Security Product for 2012” award from InfoSec Products Guide, today announces ...

and more »
Dell challenged Apple's popular iMac all-in-one with the introduction of XPS One 27, which has the largest screen in an all-in-one desktop from the company to date.
ispVM System '.xcf' File Multiple Buffer Overflow Vulnerabilities
Research In Motion, the ailing maker of the BlackBerry, is planning to cut at least 2,000 jobs as part of a global restructuring plan, according to reports.
Google's Chrome is about to grab the top browser spot for a full month for the first time from Microsoft's Internet Explorer, data from a Web analytics company showed.
By interlocking business services, companies gain customer knowledge, efficiency and speed. The payoffs are huge, but laying the groundwork for IT standardization is no easy task.
Japan's Softbank will launch a phone with a built in radiation detector, the world's first, it said Tuesday.

ITEC Apprentice joins Infosec Technologies technical team
iTWire (press release)
Infosec Technologies, the Chineham-based IT security and networking reseller has recently recruited Kelsey Heynes following her initial training at Basingstoke ITEC. Kelsey has joined the company's technical team to assist with internal IT support and ...


Posted by InfoSec News on May 29


By Kim Zetter
Threat Level
May 28, 2012

A massive, highly sophisticated piece of malware has been newly found
infecting systems in Iran and elsewhere and is believed to be part of a
well-coordinated, ongoing, state-run cyberespionage operation.

The malware, discovered by Russia-based anti-virus firm Kaspersky Lab,
is an espionage toolkit that has been infecting targeted systems in...

Posted by InfoSec News on May 29


By Ellen Messmer
Network World
May 29, 2012

Everyone talks about "risk and compliance" in security, but what do
companies have to do to make it through audits and meet regulations
related to information security? And what are the costs?

McAfee asks those questions in its "Risk and Compliance Outlook - 2012"
survey of 438 IT professionals in...

Posted by InfoSec News on May 29


The Yomiuri Shimbun
May 28, 2012

The industry ministry will host its first-ever computer hacking
competition this fiscal year, aiming to find "hackers of justice" who
can protect the nation following a recent series of cyber-attacks on
government-related targets, officials said.

The Economy, Trade and Industry Ministry plans to hold preliminary
contests as early as October,...

Posted by InfoSec News on May 29


By John Ribeiro
IDG News Service
May 28, 2012

A hack in July last year of a computer used by third-party services
provider Serco to support the Thrift Savings Plan run by the U.S.
Federal Retirement Thrift Investment Board resulted in unauthorized
access to the personal information of about 123,201 TSP participants and
payees, FRTIB said Friday....

IT security training event in Morocco by SANS
Security Park
Security 401 is also is endorsed by the Committee on National Security Systems (CNSS) NSTISSI 4013 Standard for Systems Administrators in Information Systems Security (INFOSEC). SANS Certified Instructor Steve Armstrong will be teaching the SANS ...

Internet Storm Center Infocon Status