InfoSec News


----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Google has bought some more storage, but not the digital kind. The company has acquired BufferBox, a Canadian startup that offers temporary storage lockers where people can receive online purchases when they're not at home.
A court in Mexico has entered a US$2.7 billion judgment against Yahoo in a breach-of-contract suit over a yellow-pages listing service.

IAM: The Reason Why OWASP Top Ten Doesn't Change
Dark Reading (blog)
OWASP's AppSec conference is easily one of the best in the Infosec industry. Where will it be held this year? Why not Punxsutawney? Some years ago Chris Hoff asked- why doesn't the OWASP Top Ten change? Yes, Appsec feels like Groundhog Day, but its ...

The U.S. Dept. of Energy has set a goal to develop battery and energy storage technologies that are five times more powerful and five times cheaper than today's within five years.
In the fast moving world of technology, there are perhaps few things that have proved as resistant to change as the simple SMS text message.
News of weak server sales, continuing turmoil at Hewlett-Packard and the ongoing U.S. political impasse over the so-called "fiscal cliff" have not given tech industry watchers much to cheer about this week.
"The Human Face of Big Data" is an ambitious and attractive new large-format book that aims to give readers, through photography and short articles, a glimpse of how powerful new data processing capabilities are changing people's lives. Author Rick Smolan is a photographer who gained fame for his "Day in the Life" series, which included an edition focused on the Internet in 1996, "24 Hours in Cyberspace." He says that his latest work is based on the premise that "our planet is beginning to develop a nervous system."
The Internet shutdown in Syria probably took very little to accomplish considering the country's limited Internet infrastructure and international connectivity, network analysts said Friday.
Nagios XI 'visApi.php' Multiple Command Injection Vulnerabilities
Apple today announced that it will start selling the iPad Mini, fourth-generation iPad and iPhone 5 in China over the next two weeks, putting those new products on shelves in time for the January 2013 kick-off of Chinese New Year sales.
How IT leaders are recruiting ideas, building trust and embracing lessons learned when building tools sales teams want to use.
Information security is often seen as more trouble and cost than it's worth. Until it fails. How can CIOs truly make it part of enterprise risk management?
Kristen Lamoreaux says it's better to stock your talent pool throughout the year than to make a hasty hire in the frenetic days of December
The U.S. House Friday approved a Republican-backed STEM visa bill, but the legislation has likely reached a dead-end.
Web hosting providers from the U.S., Canada and other Western nations are hosting official Syrian government websites, in violation of sanction orders from the U.S. and other governments, according to a Canadian Web research organization.

Posted by InfoSec News on Nov 30


By Bill Brenner
Salted Hash
November 28, 2012

I want to take a moment and say a few things about Brad Smith, an
infosec professional who has had a big influence on the community. He
suffered a devastating stroke at last year's Hacker Halted conference in
Miami as he was delivering a talk, and his recovery has been full of...

Posted by InfoSec News on Nov 30


By John Ribeiro
IDG News Service
November 29, 2012

Samsung Electronics will close a security hole in the firmware of some
of its printers by issuing an update on Friday, and said they could be
protected by disabling SNMP.

The affected printers have a backdoor administrator account hard-coded
in their firmware that does not...
NGS000263 Technical Advisory: Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator
Japan's space agency said Friday that sensitive information on a new long-range rocket project may have been stolen by a computer virus.
More than half of next year's expected 5.7% increase in global IT spending will be driven by sales of smartphones, tablets and e-readers, IDC said in a forecast published Friday.

Posted by InfoSec News on Nov 30


By Andrew Auernheimer

Editor’s Note: The author of this opinion piece, aka "weev," was found
guilty last week of computer intrusion for obtaining the unprotected
e-mail addresses of more than 100,000 iPad owners from AT&T’s website,
and passing them to a journalist. His sentencing is set for February 25,

Right now...

Posted by InfoSec News on Nov 30


By Ellyne Phneah
ZDNet News
November 30, 2012

Thailand is ramping up efforts to improve its cybersecurity, as risk of
the public sector being attacked is growing due to the wide use of
social media and inadequate security systems.

The increasing number of social media users was a concern among
cybersecurity experts, noted Bunjerd Tientongdee, deputy director at the...

Posted by InfoSec News on Nov 30


November 27, 2012

Alere Home Monitoring, a provider of patient monitoring and management
services, recently notified about 116,000 individuals about a data
breach involving their personal health information, Modern Healthcare

About the Breach

Alere did not specify when the theft occurred but said a...
In this edition: the latest edition of Nmap arrives, a router to route everything over Tor, an Autorun pest, a PDF autopsy, Stockholm's stuck stock exchange, and a rather breakable unbreakable DRM

NGS000268 Technical Advisory: Symantec Messaging Gateway - Out-of-band stored-XSS delivered by email
NGS000266 Technical Advisory: Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL
NGS000267 Technical Advisory: Symantec Messaging Gateway SSH with backdoor user account plus privilege escalation to root due to very old Kernel

ISC reader Phil asked a great question earlier today: Im wondering if there are data leakage concerns with screenshot tools such as MS Snipping Tool, if such tools have metadata in any of the formats they support.

Well, yes, they do.

Screenshots taken with the MS Snipping Tool and saved in JPG format contain both an EXIF and XMP header. You can look at whats in there for example with Phil Harveys excellent ExifTool (http://www.sno.phy.queensu.ca/~phil/exiftool/)

The leakage is nowhere near as extensive as what is often found in MS Office documents, but it is definitely present. Among lots of information that describe the geometry of the screenshot taken, the more interesting fields include the name of the user who created the snip, as well as the time stamp. The name is the full user name as configured for the respective windows account. If you want to surreptitiously post an image somewhere under a pseudonym, that).

EXIF and XMP tags can be readily removed - again using ExifTool, a simple exiftool -ALL= image.jpg will remove all meta tags from the image. Exiftool is friendly enough to create a backup named image.jpg_original, in the rare case something goes wrong in the process.

If you use other screen capture tools and have information on the meta data that gets stored together with the capture, please comment below or via our contact form.

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
NGS000330 Technical Advisory: Squiz CMS File Path Traversal
NGS000194 Technical Advisory: Nagios XI Network Monitor Blind SQL Injection
NGS000196 Technical Advisory: Nagios XI Network Monitor OS Command Injection

Last chance to vote for new sheriffs of security town
(ISC)2, which administers the widely recognised Certified Information Systems Security Professional (CISSP) qualification, has around 80,000 members and several vocal critics in the infosec community. Respected members of the security community, ...

More than a month after Apple unveiled new all-in-one desktops, the company today started selling its redesigned iMacs.
[SECURITY] [DSA 2579-1] apache2 security update
NGS000193 Technical Advisory: DataArmor Full Disk Encryption Restricted Environment breakout
SilverStripe CMS - Multiple Vulnerabilities - Security Advisory - SOS-12-011
This past Cyber Monday was the biggest online spending day in history. In the aftermath, two trends are clear: mobile shopping is a growing trend and retailers are doing a good job prepping for traffic spikes but third-party service providers are not.
Good timing is critical when it comes to allocating resources for effective digital transformations, according to a recent report co-authored by Telstra and Deloitte.
Syrians are turning to satellites to communicate as the country's Internet connections are shut down, but instances of jamming are making even that challenging. Google is also letting people who can find a working phone publish voice messages on Twitter.
The chief European and U.S. antitrust regulators will meet on Monday in Brussels, and the probes both have into Google's market domination is likely to be high on their agenda.
APPLE-SA-2012-11-29-1 Apple TV 5.1.1
VUPEN Security Research - Mozilla Firefox "imgRequestProxy" Remote Use-After-Free Vulnerability
Following in the footsteps of Facebook, Twitter and Google+, social bookmarking site Pinterest has unveiled pages exclusively for businesses.
Western Connecticut State University said Thursday that a vulnerability in its computer system present for more than three years may have exposed the data of 233,880 students and other people affiliated with the institution.
For those who use an Arcor, Asus or TP-Link router, just opening an email could have far-reaching consequences

While spoken input is spreading on mobile devices, it barely has a toehold in the office. But artificial intelligence that operates in the cloud will help drive speech technology beyond smartphones to computers and into other areas of the workplace, say experts.
Facebook and Zynga have loosened their ties in an amended agreement that does away with most of Facebook's exclusive rights to Zynga games, but also permits Facebook to develop its own games from March next year.
Surveillance software firms are using offshore companies in countries like the British Virgin Islands to do business with regimes that want to spy on their citizens

Wireshark Information Disclosure and Denial of Service Vulnerabilities
PHP Enter 'banners.php' PHP Code Injection Vulnerability
Internet Storm Center Infocon Status