InfoSec News

Company: Microsoft
As Linux fans know, there are two kinds of hackers: the good guys who develop free software, such as the Linux kernel, and the bad guys who break into computers. announced that it was compromised sometime earlier this month [1]. The compromise was discovered on Aug. 28th. At this point, the assumption is that the attacker obtained valid user credentials, and then escalated privileged to become root. The exact nature of the privilege escalation is not known so far.
At this point, malicious changes to OpenSSH were discovered. OpenSSH, which is hosted on, was modified to log user actions. The modifications were made to the startup scripts. Based on the note at, it appears the investigation is ongoing and not all details have been uncovered yet.
What should you do?
If you downloaded code from within the last 30 days, please double check that you didn't get a trojaned copy, in particular if this code affected the OpenSSH client or server. Also, if you patched OpenSSH recently from another source: Double check. it is possible that this other source got its files from during the time it was compromised.
For more details, see the note on

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Study claims "serious holes" in enterprise infosec
SC Magazine Australia
By SC Staff on Sep 1, 2011 10:18 AM Research by a security vendor claims 99 percent of enterprise-level networks have a serious gap in IT security defences. According to FireEye, advanced malware and targeted attacks are easily evading traditional ...

and more »
A programming glitch in Apple's OS X operating system is making it hard for Mac users to tell their computers not to trust digital certificates, exacerbating an ongoing security problem with a Dutch certificate authority that was recently hacked.
eCryptfs 'mtab' Security Bypass Vulnerability
Hurricane Irene mattered not to NYSE Euronext's large data center, which is built on land high enough to avoid 100-year floods and just about everything else.
Isn't it grand when things work? And isn't it frustrating when they don't? I recently lost my password for an application at work. I sent a "forgot password" message to the department that built the application and promptly received a temporary password. The password-reset page looked well designed but seemed out of touch with its users. Why? The first question it asked me was to put in my old password.
A leaked photo purportedly showing Nokia's first smartphone using Mango, the latest version of the Windows Phone operating system, depicts the handset as a full touchscreen device with no physical buttons on the front.
Hackers may have obtained more than 200 digital certificates from a Dutch company after breaking into its network, including ones for Mozilla, Yahoo and the Tor project, a security researcher reported today.
A video posted on YouTube of memory card maker Transcend and Industrial Technology Research Institute says they have teamed up to produce a USB 3.0 flash drive with up to 2TB of capacity.
Traditionally, if you found yourself without an Internet connection -- say at the airport, on a train or in the midst of a hurricane (ahem, Irene) -- you were usually out of luck if you wanted to get some work done.
VMware yesterday said it has added more security vendor partners to its vShield product-development program in which security firms work with the company to develop data protection specifically designed for VMware's flagship virtualization platform, which today is vSphere 5.0.
Sony Ericsson will upgrade its Android-based Xperia Arc smartphone with a faster processor, the company announced at the IFA consumer electronics show in Berlin on Wednesday.
[SECURITY] [DSA 2299-1] ca-certificates security update
Cisco Security Advisory: Denial of Service Vulnerability in Cisco TelePresence Codecs
724CMS SQL 'section.php' SQL Injection Vulnerability
724CMS 'section.php' Local File Include Vulnerability
724CMS SQL 'ID' Parameter SQL Injection Vulnerability
Full disclosure for SA45649, SQL Injection in LedgerSMB and SQL-Ledger
[SECURITY] [DSA 2200-1] nss security update
Some people have already forgotten about just how important Steve Jobs was, not only to Apple, but to all of technology.
AT&T announced the new HTC Jetstream, its first LTE-ready tablet, will go on sale Sept. 4 for $700 and a two-year contract.
Mobile software vendor Openwave Systems filed a complaint against Apple and Research In Motion at the U.S. International Trade Commission on Wednesday, saying the companies violated its patents and asking the agency to block importation of their products.
Microsoft has always positioned Hyper-V to be a less expensive alternative to VMware. Now the software giant says that with VMware's new VRAM-based pricing, it calculates a private cloud built on Microsoft can cost up to $70,000 less than one built under VMware's licensing schemes.
OCZ today announced its first hybrid drive product based on the PCIe interface and that incorporates 100GB of flash cache with a 1TB hard drive.
The DOJ has moved to block AT&T's takeover of T-Mobile USA. Critics say the acquisition would reduce competition and drive up prices. AT&T argues it needs the buy to build out its network. Should AT&T be allowed to take over T-Mobile?
Sony's Android Honeycomb-based single and dual-screen tablets will be called Tablet S and Tablet P, and cost from €479 ($690 U.S.) and €599, the company said on Wednesday at the IFA consumer electronics show in Berlin.
The Apache open-source project patched its Web server software Tuesday to quash a bug that a denial-of-service tool has been exploiting.
Chrome browser users will be able to access Gmail when they're not connected to the Internet starting Wednesday and will gain similar offline capabilities for Docs and Calendar in the coming week, the company announced on Wednesday.
Expanding its portfolio of analytic software for state and local governments, IBM is in the process of acquiring security analytics software provider i2, the companies announced Wednesday. Terms of the deal were not disclosed.
The VMworld Conference here, attended by more than 19,000 people, is highlighting the dynamic creativity of VMware's software division managers and technical staff as they present what's in the works for virtualization of desktops, servers and their management. But that doesn't mean this show isn't without its quirky moments. Here are a few: is joining forces with Dun & Bradstreet on, a cloud-based storehouse of company and customer contact information for use in CRM (customer relationship management) systems, the companies said Wednesday.
The U.S. Department of Justice has filed a lawsuit to block AT&T' $39 billion deal to buy mobile competitor T-Mobile USA, according to sources.
Geoff wrote in with an interesting phishing sample. The part that it interesting is less the content of the phish, but the e-mail address it was sent to. The content is a standard ACH Payment Canceled phish. There are probably a dozen or so that my spam filter dutifully removes each day.
The interesting part: The particular email was send to an address, Geoff only uses for one particular credit rating agency. The user part of the e-mail address is the credit rating agencies name.
I assume others here are doing similar tricks to cut down on spam, or at least track where spam is coming from. Many times I see addresses like [email protected] in our database. However, in Geoff's case, this would be [email protected], and it is possible that spammers do us company names like that as part of their username dictionary.
Has anybody else seen [email protected] addresses used as To: addresses in spam? In particular if the company name is a financial institution?


Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Apache has released an updated version of its Web server to address a DDoS vulnerability, for which exploit tools have been found in the wild.

Add to digg Add to StumbleUpon Add to Add to Google
The U.S. Department of Justice has filed a lawsuit to block AT&T's $39 billion acquisition of mobile competitor T-Mobile USA, according to sources.
Like 'the cloud,' the concept of 'big data' is the subject of a lot of hype and means different things to different people. Here's what it really means, who's really doing it, and what it could mean for the future of data mining.
The U.S. Department of Justice has filed a lawsuit to block AT&T's US $39 billion[b] deal of mobile competitor T-Mobile USA, according to sources.
RebelDroid asked the Laptops forum to recommend a laptop powerful enough for gaming and heavy video editing, but with good battery life. I think he needs more than one computer.
AT&T promises to bring 5,000 call-center jobs back to the U.S. if it's acquisition of T-Mobile USA is approved.

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Secunia, a Danish security company that makes two tools that ensure applications have up-to-date patches, released a product on Wednesday that can deploy non-Microsoft patches using that company's widely used patching tool.
U.S. federal agencies are investigating whether Oracle violated federal anti-bribery laws in dealings abroad, The Wall Street Journal reported on Wednesday, citing people familiar with the matter.

Opinion: Convicted hackers need not apply
CRN Australia
The decision one makes here can be the catalyst that rules out a career in the infosec industry. This is because many of the major security vendors are united in their stance to never hire known black hat hackers. Vendors say they can't be trusted, ...

Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2011-2988 Buffer Overflow Vulnerability
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2011-2992 Remote Memory Corruption Vulnerability
Environmental groups in China criticized Apple on Wednesday, alleging that it is employing suppliers that are damaging the environment and threatening the lives of residents. Apple, however, maintains the company has been vigilant in ensuring all its suppliers follow environmental safety requirements.
MillerCoors is using enterprise mentoring and social learning software in an effort to help far-flung female salespeople feel less isolated and more part of a cohesive team.
Apple did not have a global security team, including in China, until March, 2008, when it hired employees from drug company Pfizer, to counter rampant counterfeiting of its products in China, according to a cable leaked by activist group, WikiLeaks.
IBM Open Admin Tool Multiple Cross Site Scripting Vulnerabilities

Posted by InfoSec News on Aug 31

By Adrian Chen
Aug 29, 2011

The newest hacker gang isn't after credit card numbers or classified
NATO documents. Their game is blockbuster scripts, verified Twitter
accounts and nude cell phone snapshots. Harden your passwords,
glitterati: Hollywood Leaks will use any means necessary to bust open
the entertainment industry.

Hollywood Leaks has...

Posted by InfoSec News on Aug 31

By Nadir Hassan
The Express Tribune
August 28, 2011

KARACHI: In an effort to ramp up the monitoring of internet security,
Pakistan Telecommunication Authority (PTA) has directed all ISPs to
prevent internet users from using technology that would allow them to
privately browse the internet. This was stated in a PTA notice...

Posted by InfoSec News on Aug 31

Forwarded from: Guofei Gu <smart.gophy (at)>

Call for Participation

14th International Symposium on Recent Advances in Intrusion Detection

September 20-21, 2011
SRI International, Menlo Park, CA

Register online now!

About the conference:

For the fourteenth year, the intrusion detection community will...

Posted by InfoSec News on Aug 31

By Dan Goodin in San Francisco
The Register
30th August 2011

A counterfeit credential authenticating Gmail and other sensitive Google
services was the result of a network intrusion suffered by DigiNotar, the
parent company of the Netherlands-based certificate authority said in a press
release that raised disturbing new questions about security on the internet....

Posted by InfoSec News on Aug 31

By William Jackson
Aug 30, 2011

Sophisticated attacks using Advanced Persistent Threats are top of mind for
nearly two-thirds of government IT officials in a recent security survey, but
too little attention often is being paid to the low-hanging fruit being
exploited by low-tech attacks.

“The results reinforce what we have known for a while,” said Dan...

Posted by InfoSec News on Aug 31

By Robert McMillan
IDG News Service
August 30, 2011

A 43-year-old former Akamai employee has pleaded guilty to espionage charges
after offering to hand over confidential information about the Web acceleration
company to an agent posing as an Israeli consular official in Boston.

Starting in September 2007, Elliot Doxer played an elaborate...

Posted by InfoSec News on Aug 31

By Liam Tung
CSO Online (Australia)
31 August, 2011

Self-exiled, gun-loving ex-Anon, who goes by the name SparkyBlaze on Twitter,
claims that skilled liars are the number one concern for information security.

“We have the software/hardware to defend buffer overflows, malware, DDoS and
code execution. But what good is that if you can get someone to give...
Companies that have as many as 400 servers, including machines running internally as well as in public clouds, can start using a hosted management tool from ScaleXtreme, starting Tuesday. is placing HTML5 at the forefront of its mobile strategy with an upcoming product,, that will automatically render its applications on touch-enabled devices like Apple's iPad, the company plans to announce Wednesday during its annual Dreamforce conference in San Francisco.
Internet Storm Center Infocon Status