InfoSec News

Christian (@cseifert) of the Honeynet Project advised us that they've released A.R.E, theAndroid Reverse Engineering Virtual Machine.
This VirtualBox-ready VM includes the latest Android malware analysis tools as follows:

Android sdk/ndk

A.R.E. is freely available from http://redmine.honeynet.org/projects/are/wiki
Given the probable exponential growth in mobile malware, A.R.E. presents an opportunity to test, learn, and analyze.
Russ McRee
Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
With its upgrade of Google Reader on Monday, Google has shut down the native social content-sharing features of the popular RSS feed manager and shifted the functionality in modified form to Google+.
IBM's Watson supercomputer eked out a victory in a 'Jeopardy' quiz-show battle with a trio of Harvard Business School students on Monday, pulling out the win with a higher wager on the Final Jeopardy clue that ends every game.
Motorola Mobility will lay off 800 people, the latest in a string of worker reductions at the handset maker, as it prepares to become part of Google.

U.S. Department of State Office of the CIO Wins 2011 National Cybersecurity ...
Sacramento Bee
SANS offers a myriad of free resources to the Infosec community including consensus projects, research reports, newsletters, and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...

and more »
Woodforest National Bank implements a replication system for its virtualized data center in the Gulf Coast
At long last, the first AT&T LTE phones will hit store shelves November 6. The HTC Vivid and the Samsung Galaxy S II Skyrocket both have 4.5-inch displays, dual-core processors and 8-megapixel cameras.
At long last, the first AT&T LTE phones will hit store shelves November 6. The HTC Vivid and the Samsung Galaxy S II Skyrocket both have 4.5-inch displays, dual-core processors and 8-megapixel cameras.
A coalition of technology trade groups today joined the growing chorus of voices opposing a recently filed anti-piracy bill that they contend is far too heavy-handed.
A shortage of rare-earth elements in computers, digital cameras, televisions, smartphones, in the batteries of hybrid vehicles, in long-lasting light bulbs and serving as critical magnets in guided missiles may soon be alleviated.
Check Point Software is buying governance, risk management and compliance vendor Dynasec.
AT&T is getting ready to add the one crucial piece that's been missing from its LTE rollout: smartphones.
Attackers used an off-the-shelf Trojan horse to sniff out secrets from nearly 50 companies, many of them in the chemical and defense industries, Symantec researchers said today.
Computers and robots will replace humans in enough jobs that they will dramatically change the economy, said industry watchers and MIT economists at a robotics symposium Monday. And, they said, the transition has already started.
Hackers are testing new Mac malware that they've ported from a nine-year-old Trojan horse originally written for Linux, according to security experts.
LSI said its planned purchase of flash chip maker SandForce will not affect other equipment makers that use the company's products.
A newly identified Mac OS X Trojan bundles a component that leverages the processing power of video cards (GPUs) to generate Bitcoins, a popular type of virtual currency.
An open-source hardware group on Monday announced an $89 credit-card sized motherboard based on an ARM processor that could be used for robotics, gaming and medical devices.
Apple's new iPhone 4S is running through its battery at a prodigious rate, according to reports on the company's own support forum.
Microsoft Windows AFD Driver CVE-2011-2005 Local Privilege Escalation Vulnerability
Apple QuickTime Prior To 7.7.1 'Flic' Movie File Handling Buffer Overflow Vulnerability
A serious code injection vulnerability affecting timthumb, a popular image resize script used in many WordPress themes and plugins, has been exploited in recent months to compromise over 1 million Web pages.
When contracting for cloud services, it's vital to anticipate the worst that could happen. Insider (registration required)
Find out what Microsoft's forthcoming OS means for developers, admins, network security, mobile usage, and more in InfoWorld's comprehensive guide Insider (registration required)
After reporting sales of 13.2 million smartphones during the third quarter, HTC is now the fourth largest smartphone vendor after having outpaced Research In Motion, according to market research company Canalys.
Canonical plans to expand its Ubuntu Linux distribution so it could be used on smartphones, tablets and other touch interface consumer electronics, said Canonical founder Mark Shuttleworth.
phpLDAPadmin Cross Site Scripting and PHP Code Injection Vulnerabilities
Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based Buffer Overflow PoC (*.oce)
YaTFTPSvr TFTP Server Directory Traversal Vulnerability
About a month ago, my wife posted a House for Rent-) ). A couple responses came in, among them, one from a person in England. Odd, but there are actually a couple British living in the neighborhood, so she responded:

From: C M [*** names altered ***]
Subject: Rent Inquiry

Hello -
I'm inquiring about the rental property, I will like to get some more details about the property,
I'll like you to give me the below detail ...

[*** questions about property ***]

Certainly not a native speaker of English (the questions I omitted where normal questions someone would have about a house. Cost, when will it be available, utilities included, address...). Some where answered already in the Craigslist ad, but ok. If you deal with prospective tenants, that isn't unusual. As this point, we didn't know that we dealt with someone who isn't local.

My wife's response:

From: H
Subject: your inquire about ...

Hi C

thanks for your interest. Please see the answers to your detailed questions below.
Please feel free to call my cell phone *** if you would like to see the property
in person

... answers to questions removed ....

And another email from the prospective renter. Again, sort of routine questions. At this point, the renter identifies he lives in England:

From: C M

Subject: Re: your inquire about ...

Hello H -

Thanks for your respond, firstly I would want you to know that the property
is OK with me and I would like to rent the property. I will be staying in the
property for 1 year after which I will extend my contract on the property if OK
with my need.

I work with '*** ENGINEERING LIMITED' in England as a CNC 5 axis machining centre
setter/operator/programmer and I'm on transfer to the USA.

I will be moving with my wife, I'd like to know how far is the place from bus station,
police station and gas station.

At this point I want you to know that my company will handle the first month
and the deposit which is ($2470) after which other payment for the property will
be handle by me in person.

I would also want you to know that all application and lease papers will be sign
by me in person when I arrive.

If this is OK with you, kindly send me the following details listed below ...

'Full Name that will be on the check'
'Mailing Address where you can receive the check'
'Home Phone'
'cell phone'

Once I receive these details from you, I'll send it to my employer, so that the
payment can be issued out to you immediately. We'll be moving in on the 1st of
November 2011. Looking forward to your reply.

Best Regards


my wife responded (PO Box address she uses for the rental business, and she did not provide a home phone number). This was WAY too easy. A person being so fast signing up for a house unseen? We must have been too cheap!
And a few days later, the check arrived:

The check was written in the name of a person that is listed as an accountant / notary public in the town of Temecula, but the number I found is now used by a different company. The bank, Temecula Valley Bank, failed in July 2009 (http://fdic.gov/bank/individual/failed/temecula.html) and has since been acquired by First Citizens. It is not clear if the check would be honored (if it would be real). We didn't try to cash it.
It didn't take long to find out why we got such a generous check. First month rent + depost was only around $2,000. Instaed, we got almost $7,000!!An e-mail arrived essentially the same day the check arrived, apologizing for the overpayment, asking us to split the overpayment and send it via Western Union to two different addresses in the UK.
Luckily no damage has been done to us. I am still trying to figure out if the person named as origin of the check actually exists and got harmed. I have no reason to believe that this person, if they exist, are aware or profiting from this scan. We did report this tohttp://www.ic3.gov .
According to the FBI's Internet Crime Complaint Center (IC3), 3.6% of the complaints relate to overpayment fraud.


Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

What a broken arm teaches us about incident response
CSO (blog)
You might find it weird that I'd find a teachable infosec moment in my son breaking his arm. But he did do it at a security meet-up, after all. Saturday we drove an hour north to Nottingham NH for an outdoor gathering of some friends in the security ...

[SECURITY] [DSA 2333-1] phpldapadmin security update
PlotLineControl ActiveX Control "LinePutPoint" Integer Overflow
Apple's Mail.app mail of death
[SECURITY] [DSA 2332-1] python-django security update
PROMOTIC ActiveX Control 'GetPromoticSite' Method Remote Code Execution Vulnerability
The two primary forms of public cloud computing, Infrastructure-as-a-Service (IaaS) and Software-as-a-Service (SaaS), are both growing dramatically in popularity. Over the last few years, the primary focus of the IaaS providers has been on offering the basic compute and storage resources required to run applications.
A Bluetooth keyboard can add a whole new dimension to your Android tablet. We highlight three excellent and affordable options.
Hacker group Anonymous has threatened to expose the identity of members and supporters of a Mexican drug cartel by Nov. 5, in retaliation for the kidnapping of a group member, and has already hacked the web site of a former state official, alleging that he has associations with the dreaded Zetas.
IBM has embraced the growing 'bring your own device' trend by allowing its employees to buy and use their own smartphones and tablets for work tasks, said IBM's CTO for mobility, Bill Bodin.
China has built its first supercomputer based entirely on homegrown microprocessors, a major step in breaking the country's reliance on Western technology for high-performance computing.

Posted by InfoSec News on Oct 30


By Iain Thomson in San Francisco
The Register
28th October 2011

A Tennessee man, found guilty of cracking the Gmail account of Miley
Cyrus and posting private photos of her online, has asked the sentencing
judge to spare him prison because of his diminutive stature.

A teenaged Josh Holly was arrested by federal investigators three years
ago after he correctly...

Posted by InfoSec News on Oct 30


[This won't end well... - WK]

By Elinor Mills
InSecurity Complex
CNet News
October 30, 2011

The online collective Anonymous is making threats to a Mexican drug
cartel over the alleged kidnapping of one of its activists in Veracruz.

"You made a huge mistake by taking one of us. Release him. And if
anything happens to him, you...

Posted by InfoSec News on Oct 30


By Jim Bronskill
The Canadian Press
Oct. 30, 2011

Canada's spy agency warned the government that federal departments were
under assault from rogue hackers just weeks before an attack crippled
key computers.

A newly released intelligence assessment, prepared last November,
sounded a...

Posted by InfoSec News on Oct 30


By Anh Nguyen
October 29, 2011

NHS staff have been breaching the Data Protection Act (DPA) by posting
confidential patient details and photographs on Facebook, a report has

This was one of the ways that patient medical records were compromised
by staff at NHS trusts across the country between July 2008 and July
2011. There were at least 806...

Posted by InfoSec News on Oct 30


Oct 29, 2011

The Finnish defense forces are working to build up further capability to
deal with cyber attacks. Recruitment of specialists was recently started
and a cyber strategy, now under preparation, is set for completion next

Like most other developed countries, Finland wants a credible network
defense capability. The defense forces have already...
Internet Storm Center Infocon Status