Information Security News

Company: Microsoft

As Linux fans know, there are two kinds of hackers: the good guys who develop free software, such as the Linux kernel, and the bad guys who break into computers.

Kernel.org announced that it was compromised sometime earlier this month [1]. The compromise was discovered on Aug. 28th. At this point, the assumption is that the attacker obtained valid user credentials, and then escalated privileged to become root. The exact nature of the privilege escalation is not known so far.
At this point, malicious changes to OpenSSH were discovered. OpenSSH, which is hosted on kernel.org, was modified to log user actions. The modifications were made to the startup scripts. Based on the note at kernel.org, it appears the investigation is ongoing and not all details have been uncovered yet.
What should you do?
If you downloaded code from kernel.org within the last 30 days, please double check that you didn't get a trojaned copy, in particular if this code affected the OpenSSH client or server. Also, if you patched OpenSSH recently from another source: Double check. it is possible that this other source got its files from kernel.org during the time it was compromised.
For more details, see the note on kernel.org.
[1] http://kernel.org
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Study claims "serious holes" in enterprise infosec
SC Magazine Australia
By SC Staff on Sep 1, 2011 10:18 AM Research by a security vendor claims 99 percent of enterprise-level networks have a serious gap in IT security defences. According to FireEye, advanced malware and targeted attacks are easily evading traditional ...

and more »

A programming glitch in Apple's OS X operating system is making it hard for Mac users to tell their computers not to trust digital certificates, exacerbating an ongoing security problem with a Dutch certificate authority that was recently hacked.

eCryptfs 'mtab' Security Bypass Vulnerability

Hurricane Irene mattered not to NYSE Euronext's large data center, which is built on land high enough to avoid 100-year floods and just about everything else.

Isn't it grand when things work? And isn't it frustrating when they don't? I recently lost my password for an application at work. I sent a "forgot password" message to the department that built the application and promptly received a temporary password. The password-reset page looked well designed but seemed out of touch with its users. Why? The first question it asked me was to put in my old password.

A leaked photo purportedly showing Nokia's first smartphone using Mango, the latest version of the Windows Phone operating system, depicts the handset as a full touchscreen device with no physical buttons on the front.

Hackers may have obtained more than 200 digital certificates from a Dutch company after breaking into its network, including ones for Mozilla, Yahoo and the Tor project, a security researcher reported today.

A video posted on YouTube of memory card maker Transcend and Industrial Technology Research Institute says they have teamed up to produce a USB 3.0 flash drive with up to 2TB of capacity.

Traditionally, if you found yourself without an Internet connection -- say at the airport, on a train or in the midst of a hurricane (ahem, Irene) -- you were usually out of luck if you wanted to get some work done.

VMware yesterday said it has added more security vendor partners to its vShield product-development program in which security firms work with the company to develop data protection specifically designed for VMware's flagship virtualization platform, which today is vSphere 5.0.

Sony Ericsson will upgrade its Android-based Xperia Arc smartphone with a faster processor, the company announced at the IFA consumer electronics show in Berlin on Wednesday.

[SECURITY] [DSA 2299-1] ca-certificates security update

Cisco Security Advisory: Denial of Service Vulnerability in Cisco TelePresence Codecs

724CMS SQL 'section.php' SQL Injection Vulnerability

724CMS 'section.php' Local File Include Vulnerability

724CMS SQL 'ID' Parameter SQL Injection Vulnerability

Full disclosure for SA45649, SQL Injection in LedgerSMB and SQL-Ledger

[SECURITY] [DSA 2200-1] nss security update

Some people have already forgotten about just how important Steve Jobs was, not only to Apple, but to all of technology.

AT&T announced the new HTC Jetstream, its first LTE-ready tablet, will go on sale Sept. 4 for $700 and a two-year contract.

Mobile software vendor Openwave Systems filed a complaint against Apple and Research In Motion at the U.S. International Trade Commission on Wednesday, saying the companies violated its patents and asking the agency to block importation of their products.

Microsoft has always positioned Hyper-V to be a less expensive alternative to VMware. Now the software giant says that with VMware's new VRAM-based pricing, it calculates a private cloud built on Microsoft can cost up to $70,000 less than one built under VMware's licensing schemes.

OCZ today announced its first hybrid drive product based on the PCIe interface and that incorporates 100GB of flash cache with a 1TB hard drive.

The DOJ has moved to block AT&T's takeover of T-Mobile USA. Critics say the acquisition would reduce competition and drive up prices. AT&T argues it needs the buy to build out its network. Should AT&T be allowed to take over T-Mobile?

Sony's Android Honeycomb-based single and dual-screen tablets will be called Tablet S and Tablet P, and cost from €479 ($690 U.S.) and €599, the company said on Wednesday at the IFA consumer electronics show in Berlin.

The Apache open-source project patched its Web server software Tuesday to quash a bug that a denial-of-service tool has been exploiting.

Chrome browser users will be able to access Gmail when they're not connected to the Internet starting Wednesday and will gain similar offline capabilities for Docs and Calendar in the coming week, the company announced on Wednesday.

Expanding its portfolio of analytic software for state and local governments, IBM is in the process of acquiring security analytics software provider i2, the companies announced Wednesday. Terms of the deal were not disclosed.

The VMworld Conference here, attended by more than 19,000 people, is highlighting the dynamic creativity of VMware's software division managers and technical staff as they present what's in the works for virtualization of desktops, servers and their management. But that doesn't mean this show isn't without its quirky moments. Here are a few:

Salesforce.com is joining forces with Dun & Bradstreet on Data.com, a cloud-based storehouse of company and customer contact information for use in CRM (customer relationship management) systems, the companies said Wednesday.

The U.S. Department of Justice has filed a lawsuit to block AT&T' $39 billion deal to buy mobile competitor T-Mobile USA, according to sources.

Geoff wrote in with an interesting phishing sample. The part that it interesting is less the content of the phish, but the e-mail address it was sent to. The content is a standard ACH Payment Canceled phish. There are probably a dozen or so that my spam filter dutifully removes each day.
The interesting part: The particular email was send to an address, Geoff only uses for one particular credit rating agency. The user part of the e-mail address is the credit rating agencies name.
I assume others here are doing similar tricks to cut down on spam, or at least track where spam is coming from. Many times I see addresses like [email protected] in our database. However, in Geoff's case, this would be [email protected], and it is possible that spammers do us company names like that as part of their username dictionary.
Has anybody else seen [email protected] addresses used as To: addresses in spam? In particular if the company name is a financial institution?

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild.

The U.S. Department of Justice has filed a lawsuit to block AT&T's $39 billion acquisition of mobile competitor T-Mobile USA, according to sources.

Like 'the cloud,' the concept of 'big data' is the subject of a lot of hype and means different things to different people. Here's what it really means, who's really doing it, and what it could mean for the future of data mining.

The U.S. Department of Justice has filed a lawsuit to block AT&T's US $39 billion[b] deal of mobile competitor T-Mobile USA, according to sources.

RebelDroid asked the Laptops forum to recommend a laptop powerful enough for gaming and heavy video editing, but with good battery life. I think he needs more than one computer.

AT&T promises to bring 5,000 call-center jobs back to the U.S. if it's acquisition of T-Mobile USA is approved.

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Secunia, a Danish security company that makes two tools that ensure applications have up-to-date patches, released a product on Wednesday that can deploy non-Microsoft patches using that company's widely used patching tool.

U.S. federal agencies are investigating whether Oracle violated federal anti-bribery laws in dealings abroad, The Wall Street Journal reported on Wednesday, citing people familiar with the matter.

Opinion: Convicted hackers need not apply
CRN Australia
The decision one makes here can be the catalyst that rules out a career in the infosec industry. This is because many of the major security vendors are united in their stance to never hire known black hat hackers. Vendors say they can't be trusted, ...

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2011-2988 Buffer Overflow Vulnerability

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2011-2992 Remote Memory Corruption Vulnerability

Environmental groups in China criticized Apple on Wednesday, alleging that it is employing suppliers that are damaging the environment and threatening the lives of residents. Apple, however, maintains the company has been vigilant in ensuring all its suppliers follow environmental safety requirements.

MillerCoors is using enterprise mentoring and social learning software in an effort to help far-flung female salespeople feel less isolated and more part of a cohesive team.

Apple did not have a global security team, including in China, until March, 2008, when it hired employees from drug company Pfizer, to counter rampant counterfeiting of its products in China, according to a cable leaked by activist group, WikiLeaks.

IBM Open Admin Tool Multiple Cross Site Scripting Vulnerabilities