InfoSec News

A slip on the keyboard could land Web surfers on questionable survey pages instead of the websites they really want to visit: Twitter, Facebook or YouTube.
 
Adobe released a critical security update for Shockwave player 11.5.8.612 and earlier (Windows and Macintosh). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-3653). Adobe recommend to update to the newest version. The bulletin is available here.
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org
FOR 558: Network Forensics coming to Toronto, ON in Nov 2010 (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
SWIFT announced it will be upgrading its messaging platform for financial institutions to include greater security features and a move from file-based formats for storing messages to a customer-hosted Oracle database.
 
Microsoft is acquiring Canesta, a company that has developed chips that allow natural user interactions with machines, furthering Microsoft's goal of creating more natural user interfaces.
 
Linux Kernel 'video4linux' IOCTL and IP Multicast 'getsockopt' Privilege Escalation Vulnerability
 
PayPal is experiencing an outage that is affecting most of its members, preventing them from using the online payment service to conduct transactions.
 
bzip2 'BZ2_decompress' Function Integer Overflow Vulnerability
 
Attempts by Dutch authorities to take down the massive Bredolab botnet captured headlines this week, with infected PCs downloading fake antivirus software at week's end, and news surfacing that the suspected ringleader of the botnet was bringing in up to €100,000 (US$139,000) a month from his alleged illegal enterprise. In other news, Oracle's intellectual property lawsuit against SAP took a turn, but is still headed for trial on Monday.
 
The last month has seen a blur of activity in Oracle's corporate theft lawsuit against SAP, which goes to trial in a California district court on Monday morning. SAP has conceded some misdeeds, Oracle has made a meal of it in the press, and HP has somehow been dragged into the kerfuffle. Here's what you need to know to understand what's going on with Oracle, SAP, HP and that now defunct company called TomorrowNow.
 
The way VoIP works, the company will have to pay for calls made by hackers, but it doesn't want that to happen again.
 
Why don't we make the Internet a real infrastructure, with the sort of oversight that benefits commercial air travel?
 
A 24-year-old Texas man has been sentenced to 18 months in prison for selling more than $1 million worth of pirated software online, the U.S. Department of Justice announced.
 
Nearly half of the companies still using Windows XP plan to keep running the aged OS even after Microsoft withdraws its support in 2014, a research analyst said today.
 
State elections officials downplay concerns about the reliability and auditability of some electronic voting machines.
 
Adobe Shockwave Player 'SetVertexArray()' CVE-2010-4090 Memory Corruption Vulnerability
 
Adobe Shockwave Player 'dirapi.dll' CVE-2010-3655 Stack Overflow Vulnerability
 
A man fired as IT director for a Richmond, Virginia, seller of telecom equipment has been sentenced to 27 months in prison for hacking into his former employer's website and deleting files, the U.S. Department of Justice said.
 
PayPal is experiencing an outage that is affecting most of its members, preventing them from using the online payment service to conduct transactions.
 
Three big NAND flash competitors have formed an unlikely alliance to develop the smallest semiconductors in history -- NAND flash memory made with circuitry just 10 nanometers wide.
 
No matter the outcome of Oracle and SAP's sprawling intellectual-property dispute that goes to trial Monday, it will likely fail to clear up questions that have major financial implications for software vendors and customers around the globe.
 
A judge has denied Oracle's motion to delay proceedings in its intellectual-property lawsuit against SAP, according to a court filing.
 
Famed programmer Poul-Henning Kamp argues that programming languages are limited by their reliance on ASCII
 
Enterprises are "jazzed" about the iPad, an industry analyst said today, citing conversations with dozens of companies that are replacing notebooks with Apple's tablet or putting them into the hands of workers who previously relied on paper.
 
Platinum UPnP Library Post UPnP Buffer Overflow Vulnerability
 
By all measures, Georg Avanesov was very good at his job -- until he was arrested earlier this week.
 
Enterprise IT has had no choice but to deal with iPads as they walk through the front door being carried by executives. But one mobile apps expert says the iPad wouldn't have passed last year's enterprise security requirements.
 
NASA today postponed the final launch of the space shuttle Discovery by a day to complete repairs to stop a pair of gas leaks.
 
Cisco AnyConnect VPN Trial Client Insecure Temporary File Creation Vulnerability
 
Oracle Java SE and Java for Business CVE-2010-3554 Remote CORBA Vulnerability
 
As you go through the process of individually-contacting abuse-contacts (http://isc.sans.edu/diary.html?storyid=9664) and work your way up the stream (http://isc.sans.edu/diary.html?storyid=9712) you may eventually end up the state/nation-level. This should only occur in cases where the ISP is unresponsive, or actually complicit in behavior. For something like slammer this shouldn't be the case, but for completeness I'd like to cover how to engage CERTs.
Each CERT is unique. They have varying levels of funding and organization, their missions are not consistent from one country to another, but they do have a couple of things in common. Most are clearing-houses for abuse-reporting. If your research into the owner and up-stream provider of an infected IP address isn't turning up working contacts, they can usually help identify the correct contacts and forward the report on for you. Also, they are each responsible to a specific constituency.
Before contacting a CERT it's important to study their mission and their constituency. You will not get good results if you report an IP address or an organization that is outside of their scope. Some CERTs do not actually accept abuse reports from individuals or organizations and only service other CERTs (e.g. Asia Pacific Computer Emergency Response Team-- apcert.org)
As an individual or organization directly reporting an incident to a CERT it's best to use their online reporting form. This assures that your report enters their work-flow and contains the information that they require. Sending an email in your own format runs the risk that it may be ignored. If you shotgun your report as an email to multiple organizations and CERTs it's almost guaranteed to be ignored by most or all of the recipients on your list. However, if what you have to report doesn't fit with their reporting-form and you think an email is necessary, they are quite fond of digital signatures.
Let's look at a couple of examples. For reporting slammer, your two most common countries are China and the United States. CNCERT has an easy web-form to report infections: http://www.cert.org.cn/english_web/ir.htm. There's a little captcha to prove that you're a human, you fill out a few fields, select Virus, worm or trojan infection from the incident type, paste your logs/packet dump in the description field, and ask that they system be taken off-line or cleaned. Be sure to record when you sent the report in your tracking spread-sheet and what kind of response you get.
US-CERT (http://www.us-cert.gov) has their own reporting forms, they break them down into: incident, phishing, and vulnerability. For something like slammer, you'd use the Report an Incident link: https://forms.us-cert.gov/report/ They collect some contact information, as well as more details about how the incident is impacting you (none to minimal in the case of slammer attacks,) what type of followup you require (none, contact or forward-- probably forward in this case.) They ask for the current status of the incident, since the slammer infection is still ongoing, you could use the Occurring status. They have a couple of fields to use to describe the incident, one of them is specifically for pasting logs-- use that.
Reporting to an organization such as a CERT is often an act of faith. You're not likely to get a quick, human response (not like when you submit something to us: http://isc.sans.edu/contact.html) but your efforts do have an impact. The attention that an IP address gets grows more and more reports come in from multiple organizations. This is why I've been soliciting you to make your own reports individually as opposed to a request of send me all of your known SQL slammer infections.
we're quickly approaching the end of this exercise, so next week I'll post the results and go into more of the background of why I chose Slammer and how I organized the drill. (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Too many passwords can lead to risky cyber behavior
FederalNewsRadio.com
Infosec Island reports that these demands usually lead to one of two results: Users will write down passwords or they will ignore the rules and reuse ...

 
Who knows what The Witcher 2 might spring on us when it ships sometime this winter, delivering an even darker world and promised deeper gameplay. We certainly weren't expecting the original, which caught us off guard, highlighting the rest of the industry's feeble codependency on hackneyed fantasy cliches involving highfalutin elves, avaricious humans, and oafish orcs voiced like a sozzled Robert England.
 
We asked, and you answered. As our thank-you, here are two of our signature research pieces for you to download and share among friends and colleagues.
 
Visual Studio Async aims to make asynchronous programming more approachable so code is as easy to write and maintain as with synchronous code
 
Columnist Tammy Browning offers some tips on transitioning your skills, elevating your marketability and getting back into the workforce.
 
Oracle Java SE and Java for Business CVE-2010-3565 JPEGImageWriter.writeImage Vulnerability
 
If you read my recent column on the untethered enterprise, you're probably wondering what you can do to maximize the success of your wireless and mobility initiatives. Fortunately, Nemertes Research recently took a close look at what does and doesn't work for wireless and mobility, based on an in-depth benchmark of over 200 organizations. We conducted correlation analyses to tease out demonstrable best practices for wireless and mobility initiatives.
 
Adobe Shockwave Player 'dirapi.dll' CVE-2010-2581 Memory Corruption Vulnerability
 
Adobe Shockwave Player 'TextXtra.x32' Module Heap Based Buffer Overflow Vulnerability
 
InfoWorld news quiz: Oct. 29, 2010: Apple's Mac gets a malware scare; MySpace wonders if anyone still cares
 
Red Hat Certificate System 'agent/request/op.cgi' Security Bypass Vulnerability
 
Intel on Friday announced the opening of a massive $1 billion chip testing and assembly facility in Vietnam, the biggest such facility for Intel anywhere in the world.
 
Apple's spectacularly responsive new MacBook Air is the best Air yet -- and might be the best MacBook, period
 
The easiest way to get streaming media to your TV is via a set-top box. We compare the three latest devices from Apple, Google/Logitech and Roku.
 
The use of key, custom-built IE6 applications is likely to slow some the migration to Windows 7 at some enterprises due to the time and money needed to upgrade the apps.
 
Acer plans to launch "multiple" tablet devices at an event in New York on Nov. 23, with different OSes and multiple form factors, the company's CEO said Friday.
 
Some election watchers are expressing concern over the estimated 25% of registered voters in next weeks general elections who will be casting ballots using electronic voting machines that offer no verifiable paper records.
 
InfoSec News: Iranian Cyber Army's plan to sell botnets increases threat level: http://www.computerweekly.com/Articles/2010/10/28/243593/Iranian-Cyber-Army39s-plan-to-sell-botnets-increases-threat.htm
By Warwick Ashford ComputerWeekly.com 28 October 2010
Hacktivist group, the Iranian Cyber Army (ICA), has announced that it plans to sell access to its botnets, which have been responsible for attacks on social networks like Twitter and the Chinese equivalent of Google, Baidu.
The rise of these 'hacker shops' represents a new level of threat for governments and businesses, with botnets now forming the backbone for malicious cyber activities, according to the latest research from Microsoft.
Some 6.5 million botnet infections were cleaned between April and June this year - double the number in the same period last year, the 9th Microsoft Security Intelligence Report revealed.
The high profile announcement by the ICA is evidence of a more co-ordinated effort than ever before by the hacking community to execute targeted attacks, said Alan Bentley, vice-president international at security firm Lumension.
"While this is certainly not the first case of malicious code being sold online, with the rise of highly complex attacks like Stuxnet and Zeus the online hacker shops of old seem like child's play when compared to this new wave of collaborative cyber warfare," he said.
[...]
 
InfoSec News: More Bredolab arrests may occur, say Dutch prosecutors: http://news.techworld.com/security/3246311/more-bredolab-arrests-may-occur-say-dutch-prosecutors/
By Jeremy Kirk TechWorld 28 October 10
Dutch authorities say more arrests related to the Bredolab botnet may occur as investigators continue to examine the business arrangements [...]
 
InfoSec News: Secunia Weekly Summary - Issue: 2010-43: ========================================================================
The Secunia Weekly Advisory Summary 2010-10-21 - 2010-10-28
This week: 76 advisories [...]
 
InfoSec News: Hackers Target G20 Seoul Summit Website: http://english.chosun.com/site/data/html_dir/2010/10/29/2010102900933.html
chosun.com Oct. 29, 2010
Several cyber attacks have targeted the website of the organizing committee of the G20 Seoul Summit and the personal computers of some members of the National Assembly, the National Intelligence Agency said Wednesday.
The NIS said there is a 1,000-strong hacker organization in North Korea with a number of hacking bases in China.
During a parliamentary audit on Thursday, the NIS said since January 2004, there have been 48,000 cyber attacks on South Korean government organizations, 9,200 of them this year, according to lawmakers.
 
InfoSec News: How to Hack Palin's Facebook Page: http://www.thedailybeast.com/blogs-and-stories/2010-10-28/letterbomb-who-hacked-sarah-palins-facebook-page/
By Brian Ries The Daily Beast October 28, 2010
Keep The Fear Alive! The inside story of a group of rogue ad execs who hijacked Sarah Palin and Glenn Beck’s Facebook pages—and how you can, [...]
 
InfoSec News: Stolen laptop causes chaos for Accomack residents: http://www.delmarvanow.com/article/20101028/NEWS01/10280366/Stolen-laptop-causes-chaos-for-residents
By Carol Vaughn Staff Writer Delmarvanow.com October 28, 2010
ACCOMAC -- At least two Northampton County residents received letters from Accomack County notifying them their personal information may have been subject to unauthorized access as a result of the theft of a county-owned laptop in Las Vegas earlier this month.
The two men, who are related, do not own personal property in Accomack County and have never paid personal property taxes to Accomack County, one said.
Accomack County Administrator Steve Miner said he has spoken to one other Northampton resident who also received a letter, and he thinks there were others.
"I saw the article in the Eastern Shore News, and I was thinking, 'Oh, those poor people in Accomack County,' " said Craig Richardson, who lives near Seaview in lower Northampton County and whose mailing address is in Cape Charles.
Then he received one of about 35,000 letters sent by Accomack County informing him that his name and driver's license number were on the stolen laptop. He called Accomack County the same day to ask why.
[...]
 
InfoSec News: President Should Have 'Kill Switch' For Internet, Most Americans Say: http://www.darkreading.com/insiderthreat/security/vulnerabilities/showArticle.jhtml?articleID=228000253
By Kelly Jackson Higgins DarkReading Oct 28, 2010
More than 60 percent of Americans say if a major cyberattack were to occur on the Internet, the president should have the capability to shut [...]
 
InfoSec News: University addresses security breach: http://www.dailycampus.com/news/university-addresses-security-breach-1.1732324
By Amy McDavitt The Daily Campus The Independent News Source of the University of Connecticut October 27, 2010
A recent security breach on the Storrs campus revealed a list of former [...]
 
CUPS 'cupsFileOpen' function Symlink Attack Local Privilege Escalation Vulnerability
 
Apple jumped past Research in Motion and Sony Ericsson during the third quarter to become the world's fourth largest cell-phone maker for the first time, according to data from the companies.
 
Samsung Electronics, the world's largest memory chip and LCD panel maker, reported its best sales ever in the third quarter due to strong demand for semiconductors and mobile phones, but it predicted a challenging fourth quarter.
 

Posted by InfoSec News on Oct 28

http://english.chosun.com/site/data/html_dir/2010/10/29/2010102900933.html

chosun.com
Oct. 29, 2010

Several cyber attacks have targeted the website of the organizing
committee of the G20 Seoul Summit and the personal computers of some
members of the National Assembly, the National Intelligence Agency said
Wednesday.

The NIS said there is a 1,000-strong hacker organization in North Korea
with a number of hacking bases in China.

During a...
 

Posted by InfoSec News on Oct 28

http://www.delmarvanow.com/article/20101028/NEWS01/10280366/Stolen-laptop-causes-chaos-for-residents

By Carol Vaughn
Staff Writer
Delmarvanow.com
October 28, 2010

ACCOMAC -- At least two Northampton County residents received letters
from Accomack County notifying them their personal information may have
been subject to unauthorized access as a result of the theft of a
county-owned laptop in Las Vegas earlier this month.

The two men, who...
 

Posted by InfoSec News on Oct 28

http://www.darkreading.com/insiderthreat/security/vulnerabilities/showArticle.jhtml?articleID=228000253

By Kelly Jackson Higgins
DarkReading
Oct 28, 2010

More than 60 percent of Americans say if a major cyberattack were to
occur on the Internet, the president should have the capability to shut
down parts of the network, according to a new survey.

Around 80 percent of Americans also say they are limiting access to
their personal information...
 

Posted by InfoSec News on Oct 28

http://www.dailycampus.com/news/university-addresses-security-breach-1.1732324

By Amy McDavitt
The Daily Campus
The Independent News Source of the University of Connecticut
October 27, 2010

A recent security breach on the Storrs campus revealed a list of former
students' names and Social Security numbers and made them available on
the Internet.

The university was made aware of the situation Oct. 4 after one of the
individuals on the list...
 

Posted by InfoSec News on Oct 28

http://www.computerweekly.com/Articles/2010/10/28/243593/Iranian-Cyber-Army39s-plan-to-sell-botnets-increases-threat.htm

By Warwick Ashford
ComputerWeekly.com
28 October 2010

Hacktivist group, the Iranian Cyber Army (ICA), has announced that it
plans to sell access to its botnets, which have been responsible for
attacks on social networks like Twitter and the Chinese equivalent of
Google, Baidu.

The rise of these 'hacker shops' represents...
 

Posted by InfoSec News on Oct 28

http://news.techworld.com/security/3246311/more-bredolab-arrests-may-occur-say-dutch-prosecutors/

By Jeremy Kirk
TechWorld
28 October 10

Dutch authorities say more arrests related to the Bredolab botnet may
occur as investigators continue to examine the business arrangements
behind the cybercrime operation.

One arrest was made on Tuesday by Armenian police of a 27-year-old man
accused of being the mastermind behind Bredolab, which included...
 

Posted by InfoSec News on Oct 28

========================================================================

The Secunia Weekly Advisory Summary
2010-10-21 - 2010-10-28

This week: 76 advisories

========================================================================
Table of Contents:

1.....................................................Word From...
 

Posted by InfoSec News on Oct 28

http://www.thedailybeast.com/blogs-and-stories/2010-10-28/letterbomb-who-hacked-sarah-palins-facebook-page/

By Brian Ries
The Daily Beast
October 28, 2010

Keep The Fear Alive! The inside story of a group of rogue ad execs who
hijacked Sarah Palin and Glenn Beck’s Facebook pages—and how you can,
too.

The vertical message that ran down the left side on Fox News’ Facebook
page the night of October 14 read clear as that evening's sky:...
 


Internet Storm Center Infocon Status