Share |

InfoSec News

If you were to go hands-on with the $700 (as of March 30, 2011) Toshiba Satellite L675D-S7106 before you looked at its test scores, you'd never guess that it was one of the slower desktop replacement laptops we've tried. Subjectively, its performance is agile in standard desktop applications, and its large, 17.3-inch, 1600-by-900-pixel display gives you plenty of screen real estate. The machine even has a Blu-ray drive on board, so you can watch high-def moves. For the price, it's a lot of laptop.
 
Samsung Electronics is investigating allegations that some models of its R Series laptops contain keylogging software that could be used to record anything typed on the laptop computers.
 
Privacy advocates cheered on Wednesday in response to the U.S. Federal Trade Commission's crackdown on Google over privacy violations it called deceptive and potentially illegal resulting from the bungled launch of the Buzz social networking and microblogging service.
 
EMC Replication Manager Client Control Service Remote Code Execution Vulnerability
 
Normally two Cisco security advisories would warrant a One-liner of their existence, with URLs pointing to them. In this case eagle eye fellow handler Daniel noticed some of the wording in one of them. Its name is Cisco Secure Access Control System Unauthorized Password Change Vulnerability and it lives at: http://www.cisco.com/warp/public/707/cisco-sa-20110330-acs.shtml
This is the summary: A vulnerability exists in some Cisco Secure Access Control System (ACS) versions that could allow a remote, unauthenticated attacker to change the password of any user account to any value without providing the account's previous password. Successful exploitation requires the user account to be defined on the internal identity store.
So essentially pretty much anyone can change anyone elses password, any time they feel like it, as long as they know the user account. So far so good. The interesting part comes next: This vulnerability does not allow an attacker to perform any other changes to the ACS database. That is, an attacker cannot change access policies, device properties, or any account attributes except the user password.
So, hypothetically speaking if I knew a user account, changed its password to one only I knew, could I not then start changing stuff? I would suppose that the account I changed would have to have privileges to make changes. Therefore, it must be impossible to guess or find any accounts that are able to make changes? There are some caveats: This vulnerability cannot be used to change the password for the following types of users accounts:

User accounts that are defined on external identity stores such as a Lightweight Directory Access Protocol (LDAP) server, a Microsoft Active Directory server, an RSA SecurID server, or an external RADIUS server
System administrator accounts for the Cisco Secure ACS server itself that have been configured through the web-based interface
Users accounts for the Cisco Secure ACS server itself that have been configured through the username username password password CLI command

So which accounts does that leave that may be able to make changes?
The other advisory summary Cisco Network Access Control (NAC) Guest Server system software contains a vulnerability in the RADIUS authentication software that may allow an unauthenticated user to access the protected network. is here: http://www.cisco.com/warp/public/707/cisco-sa-20110330-nac.shtml
Comments?
Cheers,

Adrien de Beaupr

Intru-shun.ca Inc.
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The shortfalls of Google Apps will likely resonate with the inordinate amount of Microsoft shops in the industry. Years of investment in SharePoint developers, Exchange support teams and business processes built around the fickle aspects of Microsoft Office and its ribbon interface cannot be discarded easily. That’s ultimately where Microsoft’s strength is likely to reside. No matter when its Office 365 bundle is released, and despite numerous attempts to forge links between legacy applications and Google Apps, the complexity of a migration for a large organisation would likely be a headache most CIOs are eager to avoid. At least, that can be said for Coca Cola Amatil CIO, Barry Simpson.
 
Idaho may be out millions of dollars due to problems with a new system for processing Medicaid claims, according to a legislative auditor's report released this week.
 
Internet Explorer 9 (IE9) is the most power-efficient browser on the planet, Microsoft claimed this week.
 
Two U.S. agencies closely involved with GPS are calling on the FCC to force a more complete study of potential interference with the navigation system from the planned LightSquared mobile broadband network.
 
Google is enabling users to give and get recommendations on search results. Called +1, the new service lets people share their recommendations with friends, as well as strangers.
 
The hacker who claimed credit for breaking into systems belonging to digital certificate vendor Comodo said he has compromised another certificate authority, along with two more Comodo partners, a move that could further undermine trust in the system used to secure websites on the Internet.
 
The newly released Hive 0.7.0 adds new capabilities considered essential for production use, such as indexing, concurrency and advances in authentication management.
 
ISC BIND 9 IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability
 
AT&T plans enable faster upload speeds for the Motorola Atrix 4G and HTC Inspire 4G in April in the wake of customer anger for not offering the faster speeds when the devices launched in February.
 
Microsoft needlessly botched getting timely updates for Windows Phone 7 to customers and antagonized some of its most loyal fans by not delivering on its promises, a crisis communication expert said today.
 
Sprint Nextel CEO Dan Hesse received compensation worth $9.1 million in 2010, down from $12.3 million in 2009, according to documents filed with the Securities and Exchange Commission this week.
 
A healthcare provider network is offering $3 million to any developer who can create a computer program that can scan databases of electronic health records and identify patients who may wind up in the hospital, in order to preemptively treat the illnesses.
 
Re: HTB22905: Path disclosure in Wordpress
 
Re: HTB22905: Path disclosure in Wordpress
 
Microsoft is boosting the price of a client license but sweetening the deal by giving buyers access to a new endpoint security product and the new Lync unified communications software.
 
Mich Mathews, senior vice president for Microsoft's Central Marketing Group, has stepped down after 22 years,
 
Kansas City is the lucky winner of a 1Gbit/sec. broadband network that Google plans to build.
 
Kansas City is the winner of a 1Gbit/sec. broadband network that Google plans to build.
 
Cisco today announced encryption and network convergence features across its entire Data Center Business Advantage portfolio, including its Nexus and MDS storage switches, its Unified Computing System, Data Center Network Manager and its data center operating system, NX-OS.
 
With tablets invading the enterprise, IT departments are facing new challenges for controlling mobile connectivity expenses.
 
Zend Server Java Bridge 'javamw.jar' Service Remote Code Execution Vulnerability
 
The U.S. is sending specialized robots to Japan to help officials there get control of the Fukushima Daiichi nuclear power plants damaged by this month's devastating earthquake and tsunami.
 
Cisco Security Advisory: Cisco Network Access Control Guest Server System Software Authentication Bypass Vulnerability
 
ESA-2011-012: Security update for EMC NetWorker Module for Microsoft Applications
 
[ MDVSA-2011:056 ] openldap
 
OpenLDAP 'modrdn' NULL OldDN Remote Denial of Service Vulnerability
 
Mahara Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
 
Cisco Security Advisory: Cisco Secure Access Control System Unauthorized Password Change Vulnerability
 
Managing security complexity is the number one obstacle that enterprises face today, according to a recent Check Point and Ponemon Institute survey of over 2,400 IT security professionals. With the prevalence of data loss and the proliferation of Web 2.0 applications, mobile computing and the rise of sophisticated, blended attacks, it is no wonder that businesses--regardless of their size--are struggling to keep up with the evolving threat landscape.
 
Salesforce.com plans to buy social media monitoring vendor Radian6, whose technology tracks conversations occurring on social sites like Facebook, Twitter and LinkedIn, the company said.
 
Cisco today announced encryption and network convergence features across its entire Data Center Business Advantage portfolio, including its Nexus and MDS storage switches, its Unified Computing System, Data Center Network Manager and its data center operating system, NX-OS.
 
A few weeks ago at the CTIA 2011 conference in Orlando, I lamented to an attendee about being stuck with 3G connectivity at my hotel room. "Wow, someone complaining about only having 3G" was his response, which got me to think about how fickle we get about technology whenever something new or faster comes out (in this case, so-called 4G wireless).
 
Gartner has revised upward its forcast for global IT spending through 2015; cites soaring tablet computer sales
 
Amazon beat rivals Google and Apple to the punch Tuesday when it launched its Cloud Drive digital music storage service, but the rivals are probably happy to let Amazon take the lead, an expert said today.
 
Massachusetts Attorney General Martha Coakley announced a $110,000 settlement against the owner of several Boston area bars for failing to secure its patrons' personal information.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Google settles an FTC privacy complaint over its Buzz social network.
 
Salesforce.com plans to buy social media monitoring vendor Radian6, whose technology tracks conversations occurring on social sites like Facebook, Twitter and LinkedIn, the company said.
 
NASA spacecraft Messenger delivered its first photograph of Mercury -- the first image of the planet taken from its own orbit.
 
Massachusetts Attorney General Martha Coakley announced a $110,000 settlement against the owner of several Boston area bars for failing to secure its patrons' personal information.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Google has added the ability for developers to sell digital content from inside applications on Android Market, the company said in [a blog post on Tuesday.
 
DataDynamics Report Library CoreHandler XSS
 
VMSA-2011-0006 VMware vmrun utility local privilege escalation
 
[SECURITY] [DSA 2207-1] tomcat5.5 security update
 
[ MDVSA-2011:055 ] openldap
 
No screening process is going to be foolproof, but we can all take steps to make our devices safer.
 
Salesforce.com plans to buy social media monitoring vendor Radian6, whose technology tracks conversations occurring on social sites like Facebook, Twitter and LinkedIn, the company said Wednesday.
 
Texas Instruments anticipates between four and six months of disruption to its chip manufacturing operations in Japan following the massive March 11 earthquake.
 
As companies take steps to develop private clouds, mainframes are looking more and more like good places to house consolidated and virtualized servers. Their biggest drawback? User provisioning is weak.
 
Google has yet to apply for the necessary state license to operate its online mapping service in China, putting another Google product in jeopardy as the first deadline looms.
 
If the new MacBook Pro and its amazing Thunderbolt don't blow your mind, you're not paying attention
 
InfoSec News: Report: NASA Vulnerable To Crippling Cyber Attacks: http://www.ibtimes.com/articles/128181/20110329/nasa-audit-cyber-attacks-cybercriminals-inspector-general.htm
By Gabriel Perna International Business Times March 29, 2011
The computer network NASA relies upon to carry out its billion dollar missions is just like your Mac or PC at home; [...]
 
InfoSec News: ASIO plugs national security gap: http://www.dailytelegraph.com.au/news/national/asio-plugs-national-security-gap/story-e6freuzr-1226030367928
By Simon Benson The Daily Telegraph March 30, 2011
SPY agencies moved to plug a major national security hole in the Federal Parliament after it was discovered computers of several Cabinet [...]
 
InfoSec News: BP employee loses laptop containing data on 13, 000 oil spill claimants: http://www.computerworld.com/s/article/9215316/BP_employee_loses_laptop_containing_data_on_13_000_oil_spill_claimants
By Jaikumar Vijayan Computerworld March 29, 2011
The personal information of 13,000 individuals who had filed compensation claims with BP after last year's disastrous oil spill may have been potentially compromised after a laptop containing the data was lost by a BP employee.
The information, which had been stored in an unencrypted fashion on the missing computer, included the names, Social Security numbers, addresses, phone numbers, and dates of birth of those who filed claims related to the Deepwater Horizon accident.
BP said in a statment that the personal information had been stored in a spreadsheet maintained by the company for the purposes of tracking claims arising from the accident. "The lost laptop was immediately reported to law enforcement authorities and BP security, but has not been located despite a thorough search," BP said on Tuesday.
The information was part of a claims process that was implemented before BP had established its Gulf Coast Claims Facility.
[...]
 
InfoSec News: SecurID Breach Warning Signs In The Audit Logs: http://www.darkreading.com/security-monitoring/167901086/security/security-management/229400558/securid-breach-warning-signs-in-the-audit-logs.html
By Kelly Jackson Higgins Darkreading March 29, 2011
Most security experts caution RSA SecurID customers not to panic about [...]
 
Tests by Computerworld and others have found that the HTC ThunderBolt battery needs recharging far more often than advertised by its maker.
 
As data centers continue to gain more and more IT equipment, they arent necessarily getting more people to manage their servers, new surveys have found.
 
Pointdev IDEAL Migration & IDEAL Administration '.ipj' File Stack Buffer Overflow Vulnerability
 

Posted by InfoSec News on Mar 30

http://www.darkreading.com/security-monitoring/167901086/security/security-management/229400558/securid-breach-warning-signs-in-the-audit-logs.html

By Kelly Jackson Higgins
Darkreading
March 29, 2011

Most security experts caution RSA SecurID customers not to panic about
the breach the security company revealed last week. But that doesn't
mean they shouldn't plan for the worst-case scenario: The SANS Internet
Storm Center has come up with a...
 

Posted by InfoSec News on Mar 30

http://www.ibtimes.com/articles/128181/20110329/nasa-audit-cyber-attacks-cybercriminals-inspector-general.htm

By Gabriel Perna
International Business Times
March 29, 2011

The computer network NASA relies upon to carry out its billion dollar
missions is just like your Mac or PC at home; vulnerable to cyber
attacks.

NASA's servers contain vulnerabilities that could enable a cyberattack
to cripple the entire agency, according to a recent audit...
 

Posted by InfoSec News on Mar 30

http://www.dailytelegraph.com.au/news/national/asio-plugs-national-security-gap/story-e6freuzr-1226030367928

By Simon Benson
The Daily Telegraph
March 30, 2011

SPY agencies moved to plug a major national security hole in the Federal
Parliament after it was discovered computers of several Cabinet
ministers had been hacked - including Prime Minister Julia Gillard's.

Government sources confirmed measures were now being taken by ASIO to
make...
 

Posted by InfoSec News on Mar 30

http://www.computerworld.com/s/article/9215316/BP_employee_loses_laptop_containing_data_on_13_000_oil_spill_claimants

By Jaikumar Vijayan
Computerworld
March 29, 2011

The personal information of 13,000 individuals who had filed
compensation claims with BP after last year's disastrous oil spill may
have been potentially compromised after a laptop containing the data was
lost by a BP employee.

The information, which had been stored in an...
 
Apache Tomcat WAR File Directory Traversal Vulnerability
 
Apache Tomcat Host Working Directory WAR File Directory Traversal Vulnerability
 


Internet Storm Center Infocon Status