InfoSec News


Is InfoSec Ready for Big Data?
E-Commerce Times
"Big data" is the logical outgrowth of increased use of virtualization technology, cloud computing and data center consolidation. What organizations are finding as they centralize resources like storage is that they've produced quite a lot ...

and more »
 
One of our readers noticed a spike in activity recently with regard to port 8909 which can be seen at Dshield. However, we do not have any idea what was causing this. Anyone have any packets or information with regard to this recent trend? Please take a look at your netflows, or other packet captures and lets see if we can answer this question.

Update 1:
It appears that this one was perhaps easy to figure out. Per www.proxynova.com/proxy-server-list/port-8909/ and mrhinkydink.blogspot.com/2011/08/tcp-port-8909-proxies.html there appears to be a number of proxy servers in China (and elsewhere) which may be using this port. One explanation for the spike may be related to individuals trying to find proxy servers which can be exploited.

Scott Fendley ISC Handler (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A 43-year-old former Akamai employee has pleaded guilty to espionage charges after offering to hand over confidential information about the Web acceleration company to an agent posing as an Israeli consular official in Boston.
 
Sprint will be the first U.S. mobile carrier to sell Samsung's Galaxy S II, starting Sept. 16, but T-Mobile and AT&T said Tuesday they also will offer the phone.
 
Verizon CTO David Small today estimated that Verizon's LTE network will cover 185 million people by the end of the year, according to Frost & Sullivan analyst Ronald Gruia.
 
While VMware had no shortage of new and updated products to debut at its VMworld conference, being held this week in Las Vegas, many VMware partners and competitors introduced their own offerings at the show as well.
 
The Court of Appeals for the Ninth Circuit will begin hearing arguments on Wednesday on two related lawsuits involving the constitutionality and the legality of warrantless wiretaps of phone and email conversations of U.S. citizens by the government.
 
Brocade has unveiled an infrastructure procurement model designed for cloud computing, along with additions to its new VDX data center switch line.
 
Cisco Systems and NEC will jointly sell LTE networks to carriers under a deal announced on Tuesday.
 
Scenario: The user experience will make or break desktop virtualization
 
Two Nobel Prize winning scientists out of the U.K. have come up with a new way to use graphene – the thinnest material in the world – that could make Internet pipes feel a lot fatter.
 
A partnership between Google and an Internet service provider in eastern Africa launched Wazi Wi-Fi, a high-speed wireless broadband network in Nairobi, Kenya.
 
Oracle accused Hewlett-Packard of fraud in connection with the companies' settlement agreement over the hiring of former HP CEO Mark Hurd, and wants the pact dissolved, according to a court filing Tuesday.
 
Just one day after Dell announced its first infrastructure-as-a-service offering, the company is jumping deeper into the cloud. Dell will offer a family of hosted software applications for small and midsized businesses, through partnerships with Salesforce.com, Microsoft, Intuit and others, the computer maker announced Tuesday.
 
After just a few months at search giant, Gosling is taking a chief software architect position at Liquid Robotics
 
A new survey from whitelisting vendor Bit9 found many firms are relying on the honor system to prevent unauthorized downloads.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Details about Windows 8, Microsoft's newest operating system expected in 2012, have been leaking out thanks largely to Microsoft previews and a stream of blog posts on the company's Building Windows 8 blog.
 
How does IT play a role in the continuing economic trouble?
 
Apple has started selling the new MacBook Air in China, a move one analyst said would prove a "big hit" in the country that delivered more than an eighth of the company's revenues last quarter.
 
Hewlett-Packard said it will manufacture more TouchPads in response to "stunning" demand following the company's decision to discontinue the tablets.
 
webyuss (prodotto.php?id) (quadri.php?id) Remote SQL injection Vulnerability
 
Pc Web Agency (prodotto.php?id) Remote SQL injection Vulnerability
 
A Dutch company that issues digital certificates used to authenticate websites said late Tuesday that several dozen other websites in addition to Google have been affected by a security breach.
 
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The expected Amazon tablet could easily sell 3 million to 5 million units in the final quarter of 2011, outselling all competitors to the popular Apple iPad, Forrester Research said.
 
Just one day after Dell announced its first infrastructure-as-a-service offering, the company is jumping deeper into the cloud. Dell will offer a family of hosted software applications for small and midsized businesses, through partnerships with Salesforce.com, Microsoft, Intuit and others, the computer maker announced Tuesday.
 
U.S. authorities met with European officials on behalf of Oracle with regard to its $7.4 billion acquisition of Sun Microsystems, according to a U.S. diplomatic cable recently released by activist group Wikileaks.
 
Google's Android smartphones surged by 15% in popularity in the U.S., topping out the field with a nearly 42% share, according to a ComScore survey.
 
New Relic is taking its Web application performance service to Java apps running on Heroku's platform.
 
The Dutch company that issued a rogue digital certificate for all Google Internet domains said Tuesday that its network had been hacked last month.
 
Intel has formed a subsidiary charged with growing the company's business relationship with the U.S. government, with the new organization's initial focus on high-performance computing, the company said.
 
DigiNotar, a certificate authority said fraudsters began issuing public key certificate requests for a number of domains, including Google.com. The firm revoked all fraudulent certificates.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
I thought we could examine a recent theme in a little more detail this month: the challenges of dealing with the consumerization of IT devices in the workplace. We recently completed a study, in partnership with Symantec, that looked at the security and compliance risks of a mobile workforce. It affirmed what I've believed for a long time, namely, that there is a consensus that mobile workers pose a great risk and that, for the most part, businesses are not prepared to mitigate that risk.
 
Pandora FMS 'index.php' Cross Site Scripting Vulnerability
 
Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability
 
bizConsulting (prodotto.php?id) Remote SQL injection Vulnerability
 
XSS in IBM Open Admin Tool
 
[SECURITY] [DSA 2298-1] apache2 security update
 
Earlier today, Cisco released a security advisory concerning the Apache HTTPd DoS vulnerability discussed last week (see here).
Cisco is continuing to evaluate the web services embedded in a number of their devices including their Wireless Control System, some of their Video Surveillance and Video Communication Services, and multiple lines of switches which may contain this vulnerability.
In most of these cases, there are workarounds or other forms of mitigation available (such as restricting the IPs or Hosts which can access the service on affected devices). More information is available at http://www.cisco.com/warp/public/707/cisco-sa-20110830-apache.shtml
Scott Fendley ISC Handler (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
While VMware users harbor little doubt about the cost savings and productivity gains brought by virtualizing their networks, security concerns still exist on many fronts, whether it's figuring out how to meet regulatory compliance with auditors, or evaluating cloud services.
 
Salesforce.com CEO Marc Benioff is known as a big thinker and talker, and now he's hoping to be one of Silicon Valley's biggest party hosts, with more than 42,000 people registered so far for the company's annual Dreamforce event this week in San Francisco.
 
As the executive director of the Linux Foundation, Jim Zemlin is frequently asked to forecast the future of the IT industry. While he's happy to do so, he's the first to admit that he could be wrong. He joked in his opening remarks at LinuxCon 2011 held recently in Vancouver, British Columbia, that he has been wrongly predicting the Year of the Linux Desktop for many years now. He doesn't need to know the future, he says, because open source projects don't need a master plan.
 
Now that Microsoft has launched Office 365, it is officially "game on" for online office productivity suites. Microsoft may enjoy a near-monopoly in the desktop office suite market, but online it faces established rivals in the form of Google Apps and Zoho Docs.
 
Google Apps is firmly established as the primary competitor to Microsoft Office--both the desktop software and the Office 365 online productivity suite. Without question, Google Apps offers a very capable collection of tools, but unless your world revolves around Google, it might not be the right productivity suite for you.
 
Microsoft Office 365 is the company’s answer to online productivity suites. A replacement for Microsoft’s Business Online Professional Services, Office 365 includes online versions of Word, Excel, PowerPoint, and Outlook, as well as Lync and SharePoint. Together, these comprehensive and powerful online office tools represent the best overall value you can find today.
 
You probably heard about the breach of the DigiNotar SSL certificate authority by now. In the process, a fraudulent certificate was issued for *.google.com and there is some evidence that the certificate was used to intercept traffic from Iran.
The reason we haven't really written about this so far is that we are somewhat struggling with the advice we should give you.
First of all: The SSL race to the bottom CA model is broken. Fraudulent certificates have been issues before, even without breaching a CA's systems.
But what can you do to replace or re-enforce SSL? Lots go over some of the options:
One possibility is to remove the DigiNotar CA from the list of trusted CAs. The problem with this approach is that now legitimate certificates, signed by DigiNotar, will no longer validate. The last thing you want to do IMHO is to get users accustomed to bypassing these warnings. I am not sure how popular DigiNotar is, so maybe it is an option in this case.
Certificate revocation lists are supposed to solve this problem. But they are not always reliable. However, for high profile breaches like this one, expect a browser patch that adds the certificate to a blacklist. Apply the patch as it becomes available.
Use DNSSEC. DNSSEC provides an alternative means to validate that you are connecting to the correct site. It is not perfect either, but somewhat complimentary to SSL and the two together provide some meaningful protect. Sadly, it is not up to you to enable DNSSEC on most sites you connect to.
There are a number of browser plugins that implement reputation systems. I am not sure how well they work. They are pretty new. One that gained some traction is Convergence, which will compare the certificate you received with certificates others received from the same site. How well this works (in particular: false positives...) will yet need to be shown.

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Wyse is introducing the concept of a personal cloud--a seamless connection between your mobile device and your PC--with the launch of the latest version of Wyse PocketCloud Pro for Android. The new PocketCloud Pro challenges file syncing and transfer services by providing drag and drop file sharing between Android mobile devices and Windows PCs.
 
Paul wrote in with some stray packets he detected on his home firewall against UDP port 10119. The packet appear to come from all over and don't look spoofed (various TTLs and IP IDs). All packets have normal source ports, and the TTLs suggest that they are all Windows hosts. He is seeing about a dozen packets / minute. So not a DoS, but annoying enough to notice.
Paul uses a dynamic IP address, so the obvious assumption is that this is some for of P2P afterglow from a prior user of this IP address. The question is: What kind of P2P? Is anybody able to identify it? Below you will see a quick excerpt of the traffic (source IP, source port, TTL, IP ID and the payload)


tshark -r 10119.pcap -T fields -e ip.src -e ip.ttl -e ip.id -e data
70.171.209.146 3382 113 0xb692 0000000900000000000000000002f000139c19140000000000
14.198.249.36 2195 109 0x614b 0000000900000000000000000002f0000271e5db0000000000
83.20.76.167 21926 111 0x3f58 0000000900000000000000000002f0000137e7980000000000
74.136.209.108 53251 107 0x419e 0000000900000000000000000002f00001ffb15e0000000000
70.72.59.104 59754 116 0x433a 0000000900000000000000000002f000030f02ae0000000000
46.249.134.251 8741 111 0x2a03 0000000900000000000000000002f0000121f80e0000000000
72.189.39.53 60320 112 0x0ee8 0000000900000000000000000002f000356a1fa80000000000
76.23.146.138 56123 107 0x4859 0000000900000000000000000002f00006eb13260000000000
195.132.68.50 49312 108 0x050f 0000000900000000000000000002f0000109c9e80000000000
67.169.138.216 53355 111 0x6aed 0000000900000000000000000002f000034692cd0000000000
174.62.200.217 55644 109 0x35bc 0000000900000000000000000002f000099db30b0000000000
174.58.91.106 60308 110 0x729f 0000000900000000000000000002f000096ee2350000000000
188.193.225.7 51967 99 0x4d14 0000000900000000000000000002f00001163b7f0000000000







------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Samsung plans to make phones running VMware's mobile hypervisor technology and enterprises may be able to better manage those phones with new software from VMware, the virtualization company is announcing Tuesday.
 
Google said late Sunday that an attack mounted against its Gmail service targeted users primarily located in Iran, although the company has taken steps to block further interception attempts.
 
We look at six laser mice that offer unusual, interesting and useful features for better laptop control.
 
IBM has proved it can cluster together more than 2,000 hard drives to create a 120 petabyte storage system that appears as one massive disk drive that could help in computer modeling of weather.
 
Samsung Electronics has introduced three new smartphones based on its own operating system Bada, including the new flagship model Wave 3, which includes a software client for the company's new messaging service ChatOn, Samsung said on Tuesday.
 
Infosys, India's second largest outsourcer, is offering business platforms on a subscription model from the cloud, as part of its strategy to focus on intellectual property to boost revenue, the company's new CEO and managing director said.
 
The community section of Nokia's developer site was hacked, and some member's e-mail addresses have been accessed, the mobile phone maker said.
 
Fusion-io has bundled virtualization software from its IO Turbine acquisition with its PCIe-based solid-state storage adapter card to serve up flash cache to multiple VMs on a single physical server.
 

Posted by InfoSec News on Aug 30

Forwarded from: Wim Remes <wim (at) remes-it.be>

=====
Change is hard work -- My bid for the (ISC)2 Board of Directors ballot
=====

(ISC)2, the institution best-known through the CISSP certification, has been
the subject of a lot of discussions in the past years. Here on Infosec Island,
via twitter or on personal blogs, (ISC)2 certifcation holders and the
uncertified have written about the value of the certification, the process of...
 

Posted by InfoSec News on Aug 30

http://www.darkreading.com/advanced-threats/167901091/security/security-management/231600409/one-third-of-security-pros-not-practicing-what-they-preach.html

By Kelly Jackson Higgins
Dark Reading
Aug 29, 2011

Most security pros at businesses and government agencies have talked to
their senior managers about the recent high-profile breaches at Sony,
RSA, and Citigroup, but fewer than one-fourth of them have taken any
further action....
 

Posted by InfoSec News on Aug 30

http://english.chosun.com/site/data/html_dir/2011/08/30/2011083000444.html

The Chosun Ilbo
August 30, 2011

North Korea attempts up to 250 million indiscriminate cyber attacks on
government agencies and private corporations in South Korea per day,
said an official with the National Cyber Security Center under the
National Intelligence Service last Thursday.

"In the past, the North focused its cyber terrorist attacks on major
government...
 

Posted by InfoSec News on Aug 30

http://www.chinadaily.com.cn/china/2011-08/30/content_13215404.htm

By Cao Yin and Zhao Yinan
China Daily
2011-08-30

BEIJING - Starting on Thursday, hackers who broke into 20 or more
computers will face jail terms of up to seven years, according to a new
judicial interpretation issued jointly by the China's Supreme People's
Court and Supreme People's Procuratorate.

People who hack from 20 to 100 computers, or steal from 10 to...
 

Posted by InfoSec News on Aug 30

http://www.computerworld.com/s/article/9219569/Hackers_acquire_Google_certificate_could_hijack_Gmail_accounts

By Gregg Keizer
Computerworld
August 29, 2011

Hackers have obtained a digital certificate good for any Google website
from a Dutch certificate provider, a security researcher said today.

Criminals could use the certificate to conduct "man-in-the-middle"
attacks targeting users of Gmail, Google's search engine or any...
 
Internet Storm Center Infocon Status