InfoSec News

Windows and operating systems in general have lost their status as the center of innovation in the IT industry, VMware CEO Paul Maritz, himself a former Microsoft executive, said as VMworld kicked off Tuesday.
 
IT in the modern enterprise has evolved from a back-office component to a core operational constituent that can improve business performance and increase shareholder value. CIOs now have an opportunity to demonstrate a truly executive level-leadership role in defining their enterprises.
 
Even with limited resources, you can provide effective leadership training for your team by following these three suggestions.
 
Russian police are reportedly investigating a criminal gang that installed malicious "ransomware" programs on thousands of PCs and then forced victims to send SMS messages in order to unlock their PCs.
 
A survey by research firm TheInfoPro indicates that IT managers plan to curb spending on data storage systems this year and next, preferring to do more with what they already have.
 
Scientists at Rice University have been able to create a non-volitile memory using a chain of nano-sized silicon crystals that can be stacked atop one another to create 3-D memory that offers far great scale than today's flash memory.
 
As IPv4 addresses continue to dwindle, the day of the IPv6 transition is imminent.
 
When it comes to total cost of ownership, outsourcing stateside to Iowa or Arkansas trumps offshoring for some CIOs.
 
Palm's WebOS 2.0 beta is now available in limited release to developers, with a full public release planned for later this year.
 
Ford's unified vision, facilitated by IT, is bringing the company back to profitability without a bailout.
 
CIO publisher emeritus Gary Beach once ditched Twitter. But after several CIOs touted social media tools like the microblogging site as the most game-changing technology, he decided to give it another chance.
 
SAP customer Airgas said Tuesday that its "highly customized" implementation of the vendor's ERP software is looking like a major success.
 
A survey by research firm TheInfoPro indicated that IT managers plan to spend less this year and next on data storage systems, preferring to do more with what they already have.
 
A brokerage firm report overstates that companies negotiating network neutrality rules have agreed to a compromise, according to two sources close to the discussions.
 
Starting Wednesday, a little-known group of security researchers will kick off a month of bug disclosures that target unpatched vulnerabilities in software from Adobe, Microsoft, Mozilla, Apple and others.
 
Despite an effort by ISPs and security research teams to cripple the botnet, follow-up analysis finds it recovering its strength with new command and control servers.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Botnet - Internet service provider - Command and control - Security - Pushdo botnet
 
Borders today continued the e-reader price war by announcing that it will sell the Aluratek Libre eBook Pro for $99.99 starting tomorrow.
 
About a third of Internet users will abandon slow-loading websites within five seconds, and users of mobile devices expect website performance to be as good as it is on wired computers, according to a new survey that may have implications for the Net neutrality debate in the U.S.
 
These days, most of your electronics have miniature computers built-in: Home-theater gear, handheld devices, phones, and even appliances now have embedded smarts in the form of a microprocessor, memory, and software. And just like computer software, firmware--the software that runs on your gadgets--needs periodic updating.
 
Of all the hassles that can plague a PC user (and, trust me, there are many), few are as infuriating as random lockups.
 
Chrome users yesterday bombarded Google's Gmail support forum with complaints about music suddenly playing in the background when they reached their inboxes.
 
Trouble with an SAP implementation in Jefferson County, Ala. has county officials there pondering whether to fix the system or move on to an alternative.
 
Gartner on Tuesday joined PC and chip makers in projecting a weaker-than-expected second half for worldwide PC shipments in light of slower economic recovery in mature markets.
 
Stream TV is trying to be the first company to introduce an Android-based tablet computer. Will its eLocity A7 have a chance against the iPad and other upcoming tablets?
 
When you ask IT professionals if they use cloud computing or software-as-a-service, most start by saying "no". But if you ask some follow up questions, you will quickly find out about "that one application" that is a SaaS application.
 
A botnet responsible for a significant amount of spam has been crippled but may reconstitute itself in a matter of weeks, according to vendor M86 Security.
 
Twitter has nearly finished migrating to a new authentication protocol, called OAuth
 
Google's CEO Eric Schmidt will deliver the closing keynote at the Internationale Funkaustellung (IFA) trade show, the organizer said on Tuesday.
 
Spring Framework linked with app server, other technologies to create a Java cloud platform.
 
Motorola released two new Android smartphones for China on Monday, and announced details of another, as the company broadens its product offerings for the Chinese market.
 
Google plans to begin rolling out to Gmail users on Tuesday a new feature designed to automatically rearrange messages in their inbox so that the most important and pressing ones appear at the top.
 

GovInfoSecurity.com

Reasoning Behind Enhancing DHS Infosec Prowess
GovInfoSecurity.com
Sen. Tom Carper addresses a prospective Senate cybersecurity bill and its chances of passage in 2010. As senators negotiate provisions to be included in a ...

 
The world's largest consumer electronics makers are gathering in Berlin for the 50th Internationale Funkaustellung (IFA) trade show. The push to put 3D screens in homes continues unabated, and a plethora of tablet PCs are expected to be launched.
 
Google argued that a recent report claiming it failed to patch one-third of the serious bugs in its software had the facts wrong. IBM's X-Force admitted the error.
 
Power outages caused by Hurricane Earl, now swirling in the southern Atlantic, may pose more of a problem to IT telecommuters than to overall data center operations.
 
PHP injection attacks have become increasingly popular lately. If you look at your web server logs Im pretty sure that you will find dozens of requests for PHP injection, usually by bots that are simply trying some well known (and less known) vulnerabilities.
One of our readers, Blake, managed to capture some interesting attempts to exploit various PHP injection vulnerabilities on his web site, thanks to installation of mod_security. Contrary to popular PHP injection attempts, where the attacker tries to exploit a variable to get the PHP interpreter to retrieve a remote PHP script, Blake noticed that the attacker tried to exploit a vulnerability in a PHP script through POST request. The attacker submitted a malicious PHP script (with other data) hoping that the PHP interpreter will execute it this vulnerability also exist, although not that common. Here is what the attack looked like in log files:
POST http://www.hostname.somewhere en-US) AppleWebKit/133.7 (KHTML, like Gecko) Chrome/5.0.375.99 Safari/533.4

Host: www.hostname.somewhere boundary=---------------------------phpsploit

Content-Length: 46266


The POST request contained, besides data needed by the main script, an (of course) obfuscated PHP script that the attacker tried to execute. The deobfuscation part is shown in the picture below where I beautified it a bit and cut the long eval string.

Now, the interesting part is that the script uses the User-Agent field as the deobfuscation key. If you carefully check the User-Agent shown in above you will see that, while it looks legitimate, it in fact isnt the combination of versions is not legitimate.
But thats not all the injected PHP script contains multiple eval() calls of which every one uses a different deobfuscation key. This allows the attacker to test only parts of the script and never reveal its true side unless the attack works the part that I was able to deobfuscate is shown below and it just tries to connect to a well known (public and legitimate) IRC server. Very clever, especially if we know that PHP will nicely eat any garbage that it cant parse so the attacker doesnt have to worry about only one eval() call working.

This attack demonstrated how important it is to use all available protection layers not only Blakes scripts where not vulnerable, but he also ran mod_security which successfully blocked this attack and he was checking his logs, something that a lot of administrators underestimate.
What do your logs look like? If you find similar attacks or something else that looks interesting, let us know through our contact form available here.



--

Bojan

INFIGO IS (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
InfoSec News: HP Holds Navy Network 'Hostage' for $3.3 Billion: http://www.wired.com/dangerroom/2010/08/hp-holds-navy-network-hostage/
By Noah Shachtman Danger Room Wired.com August 31, 2010
Someday, somehow, the U.S. Navy would like to run its networks -- maybe even own its computers again. After 10 years and nearly $10 billion, [...]
 
InfoSec News: Focus on Secrecy Could Hamper Pentagon's Cybersecurity Plans: http://threatpost.com/en_us/blogs/focus-secrecy-could-hamper-pentagons-cybersecurity-plans-083010
By Paul Roberts Threatpost.com 08/30/2010
The former head of the Department of Homeland Security's Cyber Security Division warns that the U.S. military's preoccupation with secrecy could [...]
 
InfoSec News: Obama to loosen rules on technology exports: http://www.washingtonpost.com/wp-dyn/content/article/2010/08/30/AR2010083004278.html
By Howard Schneider Washington Post Staff Writer August 30, 2010
The Obama administration is overhauling the decades-old rules for the export of sensitive military and other technology, jettisoning what [...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, August 22, 2010: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, August 22, 2010
5 Incidents Added.
======================================================================== [...]
 
InfoSec News: IT Security Unleashes Employee Complaints: http://www.informationweek.com/news/security/client/showArticle.jhtml?articleID=227101732
By Mathew J. Schwartz InformationWeek August 30, 2010
For 12% of CIOs, hearing complaints from employees over IT security measures -- specifically, limits on their access to certain types of [...]
 

Posted by InfoSec News on Aug 31

http://www.wired.com/dangerroom/2010/08/hp-holds-navy-network-hostage/

By Noah Shachtman
Danger Room
Wired.com
August 31, 2010

Someday, somehow, the U.S. Navy would like to run its networks -- maybe
even own its computers again. After 10 years and nearly $10 billion,
many sailors are tired of leasing their PCs, and relying on a private
contractor to operate most of their data systems. Troops are sick of
getting stuck with inboxes that hold...
 

Posted by InfoSec News on Aug 31

http://threatpost.com/en_us/blogs/focus-secrecy-could-hamper-pentagons-cybersecurity-plans-083010

By Paul Roberts
Threatpost.com
08/30/2010

The former head of the Department of Homeland Security's Cyber Security
Division warns that the U.S. military's preoccupation with secrecy could
hamper efforts to get the upper hand in cyber security.

An article last week by the U.S Deputy Secretary of Defense put the U.S.
military's cybersecurity plans...
 

Posted by InfoSec News on Aug 31

http://www.washingtonpost.com/wp-dyn/content/article/2010/08/30/AR2010083004278.html

By Howard Schneider
Washington Post Staff Writer
August 30, 2010

The Obama administration is overhauling the decades-old rules for the
export of sensitive military and other technology, jettisoning what
industry groups criticize as an antiquated "Cold War" set of regulations
for a more streamlined approach.

After a year-long review by officials at...
 

Posted by InfoSec News on Aug 31

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, August 22, 2010

5 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide. The Open
Security Foundation asks for contributions of new incidents and new data for...
 

Posted by InfoSec News on Aug 31

http://www.informationweek.com/news/security/client/showArticle.jhtml?articleID=227101732

By Mathew J. Schwartz
InformationWeek
August 30, 2010

For 12% of CIOs, hearing complaints from employees over IT security
measures -- specifically, limits on their access to certain types of
websites or networks while using the office network -- is a common
occurrence. Meanwhile, 29% of CIOs say such gripes are at least
"somewhat common."...
 
Scammers are trying to take advantage of the fact that many users will soon have to update their version of the TweetDeck Twitter software.
 

Internet Storm Center Infocon Status