Share |

InfoSec News

April 1st is upon us. In some circles it is celebrated as April Fools' Day. I choose to observe it as Open Source Intelligence Analysts' Day-- the one day of the year that we all have to be extra-suspicious of every news article, blog post and tweet. It's a good skill to develop, and we have this unique time where we know that there are hidden gems of disinformation being introduced into the streams of information we've come to rely on the rest of the year.
It's like a tornado drill for truth. (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The Institute of Electrical and Electronics Engineers has approved IEEE 802.16m, the standard for the next generation of WiMax, which may deliver downstream speeds of more than 300M bps (bits per second).
 
Samsung and Visa will roll out a mobile payments program in London in time for the Olympic Games next year, they said Thursday.
 
Android isn't just content to be the top smartphone operating system in the world, as it will come to gobble up nearly half the market by 2016.
 
Dell has posted detailed instructions to guide Dell Venue Pro smartphone users through the process of updated the Windows Phone 7-based machine.
 
That middle time period, the meso-future, is too often ignored by management teams.
 
Verizon Wireless' first phone to operate on its 4G LTE network has been plagued by short battery life, a problem attributed to the new high-speed data network. Is battery drain on LTE phones a buzzkill for the new 4G network?
 
Android users face a new threat, a rogue app that tells all their friends they pirated the program, a Symantec security manager said today.
 
Salesforce.com and Intuit announced Friday that they plan to integrate their respective CRM and QuickBooks accounting applications, in an alliance meant to further win the hearts and pocketbooks of the world's millions of small businesses.
 
An unemployed U.S. IT worker flew from Miami to Washington to attend a hearing on general issues surrounding H-1B visas.
 
Microsoft bragged Thursday about growth in its Windows Phone 7 developer community one year after its birth, but immediately got blasted for not disclosing developer revenues.
 
An adventurous but deadly Egyptian cobra this week created an online marketing bonanza for a few businesses clever enough to take advantage of the Twitter sensation.
 
Resellers are making hundreds by listing Apple's iPad 2 on eBay, where the selling prices have averaged as high as 53% above retail, the auction giant said today.
 
The chairman of the U.S. House Judiciary Committee has proposed cutting the number of professions eligible for H-1B visas to make more available to tech firms.
 

By Ryan Cloutier, Contributor

New among the rapidly growing mobile malware landscape is Android.walkinwat; however, instead of the usual black hat aims of normal malware this version seeks to deter victims from downloading pirated software.

Walkinwat attracts victims by posing as a version of a legitimate app in off label versions of Android app stores and the infected application is available on several prominent file sharing websites throughout North America and Asia. The real app, Walk and Text, is available in the Google approved app store.

Upon running the infected app, the infected user is presented with a pop-up screen that gives the appearance the app is being cracked, while instead the app is actually gathering sensitive information from the victim’s phones and sending it to an eternal server according to Ifran Asrar writing for Symantec’s Security Response blog.

According to Asrar the malware also sends the following text message to all of the contacts in the infected user’s contact list:

“Hey, just downlaoded a pirated app off the internet, Walk and Text for Android I’m stupid and cheap, it costed only 1 buck. Don’t steal like I did!(sic)”

The app concludes with a similar message to the user instructing them to check their phone bill and offering them the option of buying the legitimate app from the App Store.

“Although this isn’t the first case of disciplinary justice being used as means to send a message against piracy, this is the first of its kind discovered on the mobile landscape,” writes Asrar.



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

BankInfoSecurity.com

Former Intelligence CIO New BofA CISO
BankInfoSecurity.com
In an interview with Information Security Media Group last summer (Is Infosec Worker Need Underestimated?), Gorman addressed the struggles businesses and governments face in finding IT security professionals to safeguard their organizations' digital ...

and more »
 
Google's latest attempt to infuse its search engine with social networking elements appears underwhelming and its success is questionable, as the company struggles to respond to the increasingly serious threat posed by the Facebook and Microsoft search tandem, according to industry experts.
 
Google has quietly stopped offering QR codes for businesses with Places pages.
 
Hewlett-Packard enhanced its mobile printing service by adding support for Google's Cloud Print, which will enable smartphones and tablet users to print documents from applications such as Gmail and Google Docs.
 
Quagga BGP Daemon 'AS_PATHLIMIT' Denial Of Service Vulnerability
 
Re: Solaris 10 Port Stealing Vulnerability
 
Quagga BGP Daemon Null Pointer Deference Denial Of Service Vulnerability
 
This article over on the Websense blog is warning about a new mass sql-injection attack that they have dubbed Lizamoon. (As that's the domain that the sql injection attack is referring people to.)
By searching for the string in Google, an estimated 226,000 sites have been attacked and defaced with this method. (We know that the numbers from Google aren't accurate, we are putting them there to display the size of the attack -- BIG.)
While I don't necessarily agree with the title of the article (implying that iTunes is infected), this attack and the Mysql attack from earlier this week are just more examples of how there isn't enough emphasis put on preventing sql injection.

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Faced with rival Firefox 4's record-setting launch, Microsoft this week argued that it's unfair to grade its Internet Explorer 9 (IE9) against Mozilla's newest browser.
 
A whopping 85% of women using Facebook say friends on the site annoy them, according to a survey by Eversave, a Groupon-like company that offers users local deals.
 
A GFI Security exec apologized today to Samsung for the false report that Samsung had installed keylogging software on some of its laptops. This "is a big embarrassment for us," said Alex Eckelberry, general manager of GFI.
 
HTB22931: XSS vulnerability in InTerra Blog Machine
 
[USN-1100-1] OpenLDAP vulnerabilities
 
With firewalls, antivirus and other security mechanisms protecting corporate networks, how do attackers manage to penetrate enterprise computer systems? Simply by exploiting the weakest link in the security chain. One of the newest methods is tunnelling in via employees' browsers using an attack known as "Man-in-the-Browser" (MitB).
 
Infor is now shipping a new user interface utilizing Microsoft SharePoint that provides customers with a "consumer-grade" experience, tying together core business processes, BI (business intelligence) and collaboration.
 
Tokyo Electric Power is looking to send radiation-hardened robots into the wrecked Fukushima Daiichi nuclear power plant, but obstacles literally stand in the way of their use.
 
HTB22909: Path disclosure in Tine 2.0
 
HTB22910: XSRF (CSRF) in Feng Office
 
HTB22906: XSS vulnerabilities in Collabtive
 
HTB22908: XSRF (CSRF) in Collabtive
 
Your personal data is out there. Every thought you tap out on Twitter, every status update you post on Facebook, and even the last credit card purchase you made is accessible via the Internet.
 
[USN-1099-1] GDM vulnerability
 
Re: Re: HTB22905: Path disclosure in Wordpress
 
'Andy's PHP Knowledgebase' SQL Injection Vulnerability (CVE-2011-1546)
 
[SECURITY] [DSA 2208-1] bind9 security update
 
Looking at this article that I received from a reader this morning (thanks Bill!) over on MSNBC (A news agency which is a joint venture in between Microsoft and NBC), a security researcher claims that Samsung is installing the Keylogging software StarLogger into new Samsung laptops.
Samsung, according to the article blames Microsoft initially, only to back that out and claims it's installed to monitor the performance of the machine and to find out how it is being used.
Naturally, if this is true, it's not a good thing.
So let's put a call out to our readers. Apparently this software puts itself in C:WindowsSL. So if you have a Samsung laptop, let us know at the contact link if that directory exists. If it does, this is wrong, and we need to emphasize that this type of thing isn't acceptable to these manufacturers.
Remind anyone of the Sony rootkit from a couple years ago?
-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The Python SDK for Google's cloud platform App Engine has a new search feature that can be used to build notification, monitoring, or filtering services, Google said in a blog post on Wednesday.
 
Mitsubishi Gas Chemical will restart production of a resin vital for chip packaging early next month, at a factory that was damaged by the March 11 earthquake in Japan.
 
Microsoft's 2010 SDL progress report praised the software security program's steady progress, but points out room for further improvements.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Mozy today announced availability of a mobile app for iPhone as well as other iOS-driven devices that allows users to access files remotely. The company said it is working on an Android version.
 
Vodafone says it is buying out Indian partner, Essar Group, in mobile joint venture
 
U.S. Sen. Chuck Grassley (R.-Iowa) has asked the U.S. Department of Homeland Security inspector general to investigate the L-1 visa program, saying he is increasingly concerned about loopholes in it.
 
IDC's forecast that Windows Phone will surge to second plac> in global smartphone OSes by 2015 has some support from other analysts. But it may be a tough climb.
 
If there is a cyberwar with China, as described in a new hypothetical scenario, it will not necessarily involve power grids being knocked offline and planes falling from the sky.
 
The continuing failure by most enterprises to encrypt sensitive data stored on laptops and other mobile devices is inexcusable, analysts said following BP's disclosure this week of a data compromise involving a lost laptop.
 
The future of e-commerce is going to feel a lot like walking into a store 50 years ago, according to a Google executive at Web 2.0 Expo.
 
Hewlett-Packard is giving developers early access to the webOS 3.0 software development kit,, hoping they will start working on applications for the company's upcoming TouchPad tablet, the company said in a blog post.
 
Microsoft filed an antitrust complaint against Google with the European Commission on Thursday, accusing Google of taking technical measures to squeeze Microsoft and other competitors out of the advertising and search markets.
 
Acer President and CEO Gianfranco Lanci has resigned from the company, over differing views on the future development of the company, Acer said Thursday.
 
Acer President and CEO Gianfranco Lanci has resigned from the company, Acer said Thursday, without saying why.
 
Pligg CMS Multiple Security Vulnerabilities
 
InfoSec News: Thief Gets Away with Eisenhower Medical Center Computer: http://www.kpsplocal2.com/news/local/story/Thief-Gets-Away-with-Eisenhower-Medical-Center/iHz9UARsj02KcejAkj2inA.cspx
By KPSP Local 2 News kpsplocal2.com 3/30/2011
A computer housing the information of thousands of Eisenhower Medical Center has been stolen, potentially compromising a half of a million records.
The Rancho Mirage hospital says the computer was taken back on March 11, but it wasn't discovered missing until March 14 when a worker returned from the weekend.
A report was filed with the Riverside County Sheriff's Department on March 18, but no arrests have been made.
We're told that the records of more than 514,000 patients were on the computer, which listed patients names, ages, dates of birth, medical record numbers and the last four digits of their social security numbers.
"The computer did not contain any information regarding the patients' medical conditions or treatments at EMC or any other medical records," a press released issued by the hospital said.
[...]
 
InfoSec News: Hackers breach bank's online system: http://www.kjonline.com/news/hackers-breach-banks-online-system_2011-03-30.html
By Keith Edwards centralmaine.com Staff Writer March 31, 2011
AUGUSTA -- Kennebec Savings Bank's online banking system was infiltrated by an outside party and bank officials are working with a team of [...]
 
InfoSec News: Comodo hacker claims another certificate authority: http://www.computerworld.com/s/article/9215360/Comodo_hacker_claims_another_certificate_authority
By Robert McMillan IDG News Service March 30, 2011
The hacker who claimed credit for breaking into systems belonging to digital certificate vendor Comodo said he has compromised another [...]
 
InfoSec News: Industry chain behind hacker attacks on government websites: http://news.xinhuanet.com/english2010/china/2011-03/31/c_13806104.htm
English.news.cn 2011-03-31
BEIJING, March 31 (Xinhuanet) -- Two young men, Fan Dongdong and Wen Chao, who have only a junior high school education, received 18- and 12-month sentences for hacking into the website of the country's Supreme People's Procuratorate, the top agency for legal supervision, and more than a dozen other government websites.
Xin Zuguo, a judge with the People's Court of Chaoyang District in Beijing, said this was not an isolated case. From May 10 to 16 of last year, 81 government websites on the mainland were hacked and altered, including four ministry-level websites, according to the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC).
The rampant hacking against government websites is aimed at making illegal profits, and an "industry chain" already exists, Xinhua reported.
The hackers can make money by putting illegal links on the government websites.
[...]
 
InfoSec News: NSA to Investigate Nasdaq Hack: http://www.wired.com/threatlevel/2011/03/nsa-investigates-nasdaq-hack/
By Kim Zetter Threat Level Wired.com March 30, 2011
The National Security Agency has been called in to help investigate recent hack attacks against the company that runs the Nasdaq stock market, according to a news report. [...]
 
InfoSec News: Bank of America Denies Breach: http://www.bankinfosecurity.com/articles.php?art_id=3479
By Tracy Kitten Managing Editor Bank Info Security March 28, 2011
Bank of America branches in Greater Detroit were reportedly flooded this past weekend, after several BofA debit cardholders noticed fraudulent transactions on their accounts. [...]
 
InfoSec News: HealthSec '11 Submission Deadline Approaching: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>
We are writing to remind you that the submission deadline for the 2nd USENIX Workshop on Health Security and Privacy (HealthSec '11) is quickly approaching. Please submit all work by Tuesday, April 5, 2011, at 11:59 p.m. UTC (7:59 p.m. [...]
 

Posted by InfoSec News on Mar 30

http://www.kpsplocal2.com/news/local/story/Thief-Gets-Away-with-Eisenhower-Medical-Center/iHz9UARsj02KcejAkj2inA.cspx

By KPSP Local 2 News
kpsplocal2.com
3/30/2011

A computer housing the information of thousands of Eisenhower Medical
Center has been stolen, potentially compromising a half of a million
records.

The Rancho Mirage hospital says the computer was taken back on March 11,
but it wasn't discovered missing until March 14 when a...
 

Posted by InfoSec News on Mar 30

http://www.kjonline.com/news/hackers-breach-banks-online-system_2011-03-30.html

By Keith Edwards
centralmaine.com
Staff Writer
March 31, 2011

AUGUSTA -- Kennebec Savings Bank's online banking system was infiltrated
by an outside party and bank officials are working with a team of
computer forensics experts to find out which customers may have been
affected and what information may have been accessed.

Bank officials said there was no...
 

Posted by InfoSec News on Mar 30

http://www.computerworld.com/s/article/9215360/Comodo_hacker_claims_another_certificate_authority

By Robert McMillan
IDG News Service
March 30, 2011

The hacker who claimed credit for breaking into systems belonging to
digital certificate vendor Comodo said he has compromised another
certificate authority, along with two more Comodo partners, a move that
could further undermine trust in the system used to secure websites on
the Internet.

In...
 

Posted by InfoSec News on Mar 30

http://news.xinhuanet.com/english2010/china/2011-03/31/c_13806104.htm

English.news.cn
2011-03-31

BEIJING, March 31 (Xinhuanet) -- Two young men, Fan Dongdong and Wen
Chao, who have only a junior high school education, received 18- and
12-month sentences for hacking into the website of the country's Supreme
People's Procuratorate, the top agency for legal supervision, and more
than a dozen other government websites.

Xin Zuguo, a judge with...
 

Posted by InfoSec News on Mar 30

http://www.wired.com/threatlevel/2011/03/nsa-investigates-nasdaq-hack/

By Kim Zetter
Threat Level
Wired.com
March 30, 2011

The National Security Agency has been called in to help investigate
recent hack attacks against the company that runs the Nasdaq stock
market, according to a news report.

The agency’s precise role in the investigation hasn’t been disclosed,
but its involvement suggests the October 2010 attacks may have been more...
 

Posted by InfoSec News on Mar 30

http://www.bankinfosecurity.com/articles.php?art_id=3479

By Tracy Kitten
Managing Editor
Bank Info Security
March 28, 2011

Bank of America branches in Greater Detroit were reportedly flooded this
past weekend, after several BofA debit cardholders noticed fraudulent
transactions on their accounts.

According to one local news report, the incident involves more than
$100,000 in fraudulent debit transactions. Over the weekend, Detroit
BofA...
 

Posted by InfoSec News on Mar 30

Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>

We are writing to remind you that the submission deadline for the 2nd
USENIX Workshop on Health Security and Privacy (HealthSec '11) is
quickly approaching. Please submit all work by Tuesday, April 5, 2011,
at 11:59 p.m. UTC (7:59 p.m. EDT).

http://www.usenix.org/healthsec11/cfpb/

The focus of HealthSec '11 is the exploration of security and privacy
issues that arise from the...
 


Internet Storm Center Infocon Status