InfoSec News

Update planned for Monday to fix zero-day vulnerability in wake of increased attacks.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Microsoft - Zero day attack - Microsoft Windows - Malware - Operating system
 
For companies deploying desktop virtualization, the main criteria for evaluating the success of the project is the end-user experience, according to a recent survey of 1,500 IT executives.
 
SAP catches up with rival Oracle on the open source software front
 
The nonprofit organization One Laptop Per Child wants to join forces to help develop the Indian government's planned $35 tablet.
 
Next week's CRM Evolution conference will offer presentations on how technologies and economic forces are changing the software industry.
 
The research firm's new 123-point maturity model is intended to go beyond COBIT as a more comprehensive way to help companies find and fix gaps in their infosec programs.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

COBIT - Information security - Security - Consultants - Research
 
Health-care providers looking to implement a mobile strategy need to understand the strong bond people have with their smartphones, concluded a panel today at the World Congress Summit on mHealth in Boston.
 
Microsoft today said it will issue an emergency patch for the critical Windows shortcut bug on Monday, August 2.
 
Ernest von Simson, co-founder of The Research Board, a 40-year-old IT-focused think tank, says that steadfastness is the most vital IT leadership characteristic.
 
If you're a Sprint customer who is happy with your Evo 4G device but disappointed you can't bring it to work, help is on the way.
 
U.S. Defense Secretary Robert Gates said military officials are launching a review of IT security procedures following the leaking of tens of thousands of classified documents related to the war in Afghanistan.
 
As Gartner warns IT leaders to be ready in case a second recession hits, CIO.com's Thomas Wailgum shares his thoughts on how CIOs can actually slash pesky budgets. Hint: Unpaid interns, meet Russian hackers!
 
Pancho asked the Desktops forum how to print a list of all the programs that come up when you boot Windows.
 
As many as four million users of Android phones have downloaded wallpaper apps that swipe personal data from the phone and transmit it to a Chinese-owned server, a mobile security firm said today.
 
CIO spoke exclusively to Hugh Banister, CIO at gas supplier Santos, about the challenge he faces in his role, what his average work day looks like and some of the IT projects Santos is working on.
 
Microsoft is planning to release an out of band patch addressing the Shortcut vulnerability. The patch is scheduled for release on Monday, August 2nd, at 10am PDT.
As confirmed by Microsoft, a number of malware families started incorporating the vulnerability in their exploit repertoire. For more details, see the Microsoft Technet blog post [1]

[1] http://blogs.technet.com/b/msrc/archive/2010/07/29/out-of-band-release-to-address-microsoft-security-advisory-2286198.aspx
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Announced at this week's Black Hat Briefings, root servers and Internet domains have now been signed with DNSSEC.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

ICANN - Domain Name System Security Extensions - Root nameserver - Organizations - Domain Name System
 
When Steve Jobs unveiled the iPad in January, he pitched it mostly as a consumer device--a relaxation tool for reading books, playing games, watching video and perusing family photos. But Michael Kanzleiter and his colleagues at Mercedes-Benz Financial saw something else: A better way to sell cars.
 
What a difference a display can make. Turning on the $380 Amazon Kindle DX (Graphite) second-generation large-format e-reader was all it took to see that Amazon's claims of a higher-contrast display than its predecessor were true.
 
Cybercriminals are increasingly looking at business rather than consumer accounts to hack as banks scramble to shore up their defenses, according to an executive from vendor IronKey.
 
Adobe's Brad Arkin discusses the company's struggle to protect Reader, Acrobat and Flash, including its new partnership with the Microsoft Active Protections Program.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Adobe Systems - Microsoft - Adobe Acrobat - Adobe Flash - Adobe
 
Gibbs ponders the problems with employees and social networking and suggests that nannying won't cut it.
 
Smartphones, tablet PCs and other wireless devices are poised to play a greater role in health care as doctors and patients embrace the mobile Internet, panelists at a mobile health technology conference in Boston said Thursday.
 
RIM mobile phone shipments grew by 40% in the second quarter, tops in an overall market that grew by more than 14% during the period, according to IDC.
 
Froyo, the Android 2.2 update, will come to the HTC Evo starting Tuesday, bringing support for Flash video and external storage of applications, according to Sprint.
 
A Defcon contest that invites contestants to trick employees at U.S. corporations into revealing not-so-sensitive data has rattled some nerves.
 
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Wireshark released an update to fix multiple vulnerabilities in version 1.2.0. to 1.2.9. This release fixes several bugs. Wireshark indicated that It may be possible to make Wireshark crash, hang, or execute code by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.
References for the 1.2.x branch:
Release announcement is available here.
Release Notes and bug fixes is available here.
Reference for the 1.0.x branch:
Release announcement is available here.
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A Defcon contest that invites contestants to trick employees at U.S. corporations into revealing not-so-sensitive data has rattled some nerves.
 
Your next new hire might not have the 'classic IT' résumé. Let go of your old assumptions to find the person who's truly best for your open position.
 
Alcatel-Lucent's second-quarter revenue fell 2.4 percent year on year, dragged down by slow sales in fixed-line network equipment and terrestrial optical networks, but the company reduced costs, cutting its operating loss by two-thirds compared to a year earlier.
 
Google's search engine in China appeared to have been partially blocked overnight Thursday, but a Google spokeswoman said the service was up and running again by Friday morning local time.
 
A security expert found a way to catch the talks at Black Hat for free, thanks to bugs in the video streaming service used by the security conference.
 
Samsung Electronics on Friday reported a record high operating profit and net profit for the second quarter, driven by strong sales of memory chips and LCDs, but it warned that stiff competition in consumer electronics means it may not be able to maintain profitability at current levels.
 
httpry is a tool specialized for the analysis of web traffic. The tool itself can be used to capture traffic (httpry -o file) but other other tools are better suited for that such as tcpdump, Snort, Sguil. When it comes to finding out if certain types of files were downloaded via http, this tool does a super job. It can be used in combination with regular expressions (Regex) to find if a file, a script or a malware was downloaded from site or by a host and will ignore everything else. Whether the http traffic is using port 80, 443, 8080, etc, it will parse and display all the web traffic using this simple command:
httpry -i eth0
If you are working with a large pcap file and want to filter on a particular IP or network, httpry support libpcap filters to zoom in on the web traffic you want to analyze. This libpcap filter will show all the web traffic associated with host 192.168.5.25 using this filter:
httpry -r file 'host 192.168.5.25'
07/28/2010 18:00:02 192.168.5.25 216.66.8.10 GET www.symantec.com /enterprise/security_response/threatexplorer/threats.jsp HTTP/1.0 - -

07/28/2010 18:00:02 216.66.8.10 192.168.5.25 - - - HTTP/1.0 301 Moved Permanently

07/28/2010 18:00:02 192.168.5.25 216.66.8.16 GET www.symantec.com /business/security_response/threatexplorer/threats.jsp HTTP/1.0 - -

07/28/2010 18:00:03 216.66.8.16 192.168.5.25 - - - HTTP/1.0 200 OK

07/28/2010 18:00:03 192.168.5.25 67.97.80.71 GET vil.nai.com /VIL/newly_discovered_viruses.aspx HTTP/1.0 - -

07/28/2010 18:00:03 192.168.5.25 67.97.80.71 GET vil.nai.com /VIL/newly_discovered_viruses.aspx HTTP/1.0 - -

07/28/2010 18:00:03 67.97.80.71 192.168.5.25 - - - HTTP/1.1 200 OK

07/28/2010 18:01:48 74.125.157.101 192.168.5.25 - - - HTTP/1.1 200 OK

07/28/2010 18:01:48 192.168.5.25 173.194.15.95 GET safebrowsing-cache.google.com /safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYlZQCIJaUAioFFooAAAEyBRWKAAAB HTTP/1.1 - -

07/28/2010 18:01:48 173.194.15.95 192.168.5.25 - - - HTTP/1.1 200 OK


If you are checking for a particular file extension such as.exe, .js, .msi, .jpg, etc, if you combined your search with grep, httpry can be used to find if any binaries (i.e. malware) were downloaded from a certain site or by a particular client using a pcap captured files. In this example we grep for all the JavaScript transffered by host 192.168.5.25.
httpry -r file 'host 192.168.5.25' | grep \.js
07/28/2010 10:57:08 192.168.5.25 69.192.143.238 GET www.quickquote.lincoln.com /static/com/forddirect/presentation/constants/SkinConstants_lincoln.js HTTP/1.1 - -

07/28/2010 10:57:08 192.168.5.25 69.192.143.238 GET www.quickquote.lincoln.com /yui/yahoo-dom-event/yahoo-dom-event.js HTTP/1.1 - -

07/28/2010 10:57:08 192.168.5.25 69.192.143.238 GET www.quickquote.lincoln.com /static/com/forddirect/application/bp20/metrics/s_code.js HTTP/1.1 - -


The httpry website is here. The tarball can be download here and a freeBSD port here.


-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Attackers capable of carrying out man-in-the-middle attacks to hijack Web browsing sessions can go further and render Web security protocols HTTPS and SSL/TLS useless against attack.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

HTTP Secure - Man-in-the-middle attack - Web browser - Protocols - SSL-TLS
 
Microsoft's chief executive on Thursday sought to address some common questions raised by analysts, but his answers may not have been exactly what they were looking for.
 

Internet Storm Center Infocon Status