InfoSec News

Peppered with lawsuits over its collection of Web traffic data from wireless networks, Google wants all the cases consolidated into one, and for that single case to be heard by a court near its Mountain View, California, headquarters.
 
The U.S. Federal Bureau of Investigation has opened an investigation into the leak of an estimated 114,000 Apple iPad user e-mail addresses.
 
OCZ released new models of its enterprise-class solid state drives today that use the newer SandForce SF-1500 processor and feature either MLC-NAND or SLC-NAND flash memory.
 
If Dell's cloud server lab is a candy shop for geeks, littered with components and exotic system designs, then Jimmy Pike is the Willy Wonka of servers.
 
The IT links to clean technology get stronger by the day, and if the push in Washington by Bill Gates and others to get the federal government to triple its research and development spending succeeds, Silicon Valley is certain to benefit.
 

ICO will not compel companies to report data losses
V3.co.uk
However, Deputy Information Commissioner David Smith said at Infosec in April that companies could soon be forced to report all serious data breaches to the ...

and more »
 
Microsoft has issued a Security Advisory for the vulnerability in the Windows Help and Support

Centre function that is delivered with supported editions of Windows XP and Windows Server 2003.

The information is referenced under CVE-2010-1885.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1885
Full information for the advisory can be found at:
http://www.microsoft.com/technet/security/advisory/2219475.mspx

Deb Hale Long Lines, LLC (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
It appears that a problem has been discovered with Microsoft Help Centre that may lead to problems for

for those who are using it.
http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html
According to the information provided by Microsoft on this issue:
We are aware of a publicly disclosed vulnerability affecting Windows XP and Windows Server 2003.

We are not aware of any current exploitation of this issue and customers running Windows Vista,

Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not vulnerable to this

issue, or at risk of attack.
Microsoft warns that the analysis from the original disclosure of the event is incomplete and the

workaround provided by Google is incomplete.They have made recommendations for and have

given the steps tounregister the hcp protocol to protect from exploitation. See the information for

mitigation at:
http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx
Deb Hale Long Lines, LLC (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Over the past few years, many processor chips have moved far beyond the traditional functions of plain old central processing units (CPUs) and are now responsible for a wide array of functions including power saving, system memory and video processing.
 
Hewlett-Packard will buy Linux-based quick-boot OS and client virtualization assets from Phoenix Technologies for $12 million, Phoenix said on Thursday.
 
A federal grand jury has indicted the largest Taiwanese maker of thin-film transistor-liquid crystal display (TFT-LCD) panels, its U.S. subsidiary and six executives for participating in a conspiracy to fix TFT-LCD prices, the U.S. Department of Justice said Thursday.
 
Apple's new Safari 5 browser is the fastest browser on both Windows and Mac OS X, JavaScript benchmark tests show.
 
Some tech industry rumors have an extra-long life, and the one about SAP buying middleware vendor Software AG got an extension this week following public comments by top leaders of both companies.
 
Google engineer Tavis Ormandy releases details on a new zero-day vulnerability affecting the Windows Help and Support Center. Microsoft acknowledges the hole.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Windows XP - Microsoft - Operating system - Microsoft Windows - Zero day attack
 
Check Point said Liquid Machines' ERM capabilities could bolster its data loss prevention (DLP) offering.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Data loss prevention products - Liquid Machines - Business - Industrial Goods and Services - Check Point
 
When you start and shut down Windows 7, you're presented (albeit briefly) with a rather bland Welcome screen. Hey, we don't do bland around these parts!
 
Twitter, which recently announced its Promoted Tweets advertising program, has acquired the maker of a cloud-hosted Web analytics application.
 
Some of America's top business people are joining forces in a lobbying effort to convince Congress and President Obama of the need to spend more on clean energy research and development.
 
A Google engineer today published attack code that exploits a zero-day vulnerability in Windows XP, giving hackers a new way to hijack and infect systems with malware.
 
Only hours after launching vibrant background imagery on its homepage, Google stripped the page back to its usual stark white.
 
Any company with a computer in the office needs to adopt a social media policy. It is just common sense, and, frankly, a smart edict to deploy and follow.
 
Today's hint is dead-simple, but I can't find it documented anywhere--and judging from the response when I mentioned it on Twitter, it's something many Safari users are happy to hear about.
 
Hewlett-Packard will buy Linux-based quick-boot OS and client virtualization assets from Phoenix Technologies for $12 million, Phoenix said on Thursday.
 
A Kaufman Brothers investment analysts Thursday predicted that T-Mobile will be the next U.S. iPhone carrier, refuting the widespread belief that Verizon Wireless is next in line.
 
Newshounds and marketers may still debate whether Google's Caffeine, which now delivers search results from updated sites within seconds, is fast enough. But it wasn't too long ago that it was acceptable for Google to update its index only once every 30 days.
 
Computerworld this week posted a rather thought provoking article on the risks that Social Networking

sites may pose on a company or organization. We all know that even if we tell the employees that

discussion of work related issues is strictly forbidden that there is a good possibility that it will slip

through. We also know that social networking sites are laden with badware/malware and viruses.

That is the nature of the beast.But are there other issues to consider. My company has been

discussing just this issue at length.We have a policy but we know that it is not near comprehensive

enough.



Take a look at this article if you are interested.
http://www.computerworld.com/s/article/9177786/Group_lists_top_five_social_media_risks_for_businesses
Deb Hale Long Lines, LLC (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Wireshark has released an update.This update corrects some vulnerabilities found

in earlier versions. Thanks to J. for sending this information to us.
http://www.wireshark.org/download.html
http://www.securityfocus.com/bid/40728/discuss
Deb Hale Long Lines, LLC (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A Kaufman Brothers investment analysts Thursday predicted that T-Mobile will be the next U.S. iPhone carrier, refuting the widespread belief that Verizon Wireless is next in line.
 
Some of you may have noticed that I was a little slow in getting started this morning.

Iwasn't prompt with replying to your emails. For that I apologize. I thought it would be

good if I explained why.
At my day job/paid job one of my responsibilities is handling abuse complaints, another

responsibility is cleaning up mail serversthat are doing bad things. The two usually go

hand and hand and generally are due to something one or more of the users did. Today

was no exception. I logged into my email this morning and immediately knew I had a

problem. I knew how the first half ofmy day was going to go. I had several hundred

abuse reports for one of my mail servers. I immediately began to investigate what

was going on with the server. I soon discovered that I had over 33,000 emails queued

up and a bunch of bounces for undeliverable emails to domains like hotmail, yahoo,

comcast, aol, etc. I began to review the emails and soon realized that someone had

logged into the webmail on the server with userid's on the box and sent emails. All of

the emails indicated the webaccess came from ip's in 41.138.x.x which happens to be

in Africnic's world. This particular server is a local server and I knew that it was highly

unlikely that someone would be legitmately logging in from Africa. I immediately blocked

the CIDR from accessing the server and cleaned up the emails so that no more would

get out. After the cleanup was done I began reviewing the logs for the webmail service.
Sure enough, I discovered that 3 valid userid's had indeed been used to login to the server

from the 41.138.x.x ip's. I immediately changed the passwords on the 3 accounts so that the

spammers could not login again from a different CIDR. Once the passwords were changed

I notified the customers of the situation.



I soon discovered that yesterday an email had been sent to the users on this adomain.net

(name changed to protect the domain). Here is what the email said:
Dear adomain.net Subscriber,
We are currently carrying-out a maintenance process to your adomain.net account, to

complete this, you must reply to this mail immediately, and enter your User Name

here (,,,,,,,,) And Password here (.......) if you are the rightful owner of

this account.
This process we help us to fight against spam mails. Failure to summit your password,

will render your email address in-active from our database.
NOTE: If your have done this before, you may ignore this mail. You will be send a

password reset messenge in next seven (7) working days after undergoing this process

for security reasons.
Thank you for using adomain.net!

THE adomain.net TEAM


Inspite of multiple warnings in the past to the users on this domain, three of them responded

to the email. Those three logins were then used last night to login to the webmail and send

the emails. Now some of you reading this are probably just shaking your head and wondering

why end users are so gullible. Well, I am with you on that. If you read the content of the email

you will soon realize that the email contained a number of grammatical errors and it is pretty

obvious that it is a poor attempt at English grammar. Most of us would just ignore the email and

delete it. Not these users... They fell for it hook, line and sinker.
I put this out for you because we have received inquiries from several other folks today about this

or a similar phish. Remind your employees/users that these emails are bogus and bad - not to

respond to them. If you are on any of my mail servers.... I thank you heartedly. This mornings

little investigation and cleanup took out 3 otherwise product hours from my day.
Deb Hale Long Lines, LLC (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
U.S. regulators are planning to investigate whether Apple is shutting out third parties such as Google and Microsoft in advertising the iPhone and iPad, according to a report published by the Financial Times on Thursday.
 
Some of you may have seen the article about an iPad security breach. Some of the information floating around is leading readers to believe that it is an

iPhone software problem. It is not, the issue is with a web application not the iPhone or iPad software.
http://www.sophos.com/blogs/duck/g/2010/06/10/apples-worst-security-breach/
Apparently, the breach was the result of a web application vulnerability on an ATT site. This allowed a malcontent to guess

at an ATT SIM card identifier (the so-called ICC-ID) and if the ICC-ID was issued to an iPad to use it to retrieve the email address

of the iTunes account associated with the device.
The fact that this happened is bad, however the amount of incorrect information circulating the Net is even worse.For the whole story see the

Sophos blog.
Another take on the situation:
http://www.wired.com/threatlevel/
Deb Hale Long Lines, LLC (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Check Point said Liquid Machines' ERM capabilities could bolster its data loss prevention (DLP) capabilities.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Data loss prevention products - Liquid Machines - Business - Industrial Goods and Services - Check Point
 
The research giant's latest data points suggest stable IT security spending in the near term, but most CIOs value other initiatives ahead of security.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Gartner - Security - Business - Consultants - United States
 
It's official. China and Taiwan have signed an agreement to promote a number of telecommunications technologies, including Google's Android mobile software and networking technologies for wireless cities.
 
Security experts blamed a 'brute force' attack that exposed the e-mail addresses of more than 100,000 iPad owners on poorly-designed AT&T software.
 
Take a peek at laptops that roll up, sport multiple screens and imitate Transformers. While not all of these intriguing designs will make it to market, they show us what laptops might look like in just a couple of years.
 
Take a peek at laptops that roll up, sport multiple screens and imitate Transformers. While not all of these intriguing designs will make it to market, they show us what laptops might look like in just a couple of years.
 
Lenovo on Thursday announced the ThinkCentre M90Z all-in-one touchscreen PC, which will be offered with Intel's VPro technology for easier management and maintenance.
 
North and South Korea could stand to take a page out of the book of other potential warring factions in Asia, China and Taiwan.
 
Eric Kim, the senior vice president in charge of Intel's Digital Home Group, is stepping down to run a start-up company that is developing solid-state lighting technology .
 
InfoSec News: Recon 2010 - Speaker list, new additional capacity for sold-out training, party details: Forwarded from: Hugo Fortier <hfortier (at) recon.cx>
CONNECT 2010
+ + + + + + + + + \ / + _ - _+_ - ,__ _=. .:. /=\ _|===|_ ||::| | | _|. | | | | | | __===_ -=- ||::| | ==| | | __ |.:.| /\| |:. | | | | .|| : |||::| | | - |.:|_|. :__ |.: |--|==| | .| |_ | ' |. ||. |||:.| __|. | |_|. | |.|...||---| |==| | | | |_--. || |||. | | | | | . | | |::.||: .| |==| | . : |=|===| :|| . ||| .| | : .| .| | | | |:.:|| . | |==| | |=|===| . |' | | | | | | | | ' : . | ; ; ' | | | | | | ' : ` : ' . ' . . : ' . R E C O N 2 0 1 0 . ` . . ' . Speakers Announcement
++ REC0N 2010 ++ MONTREAL ++ JULY 9-11
++ http://www.recon.cx
+ RECON returns for 2010
- Training sessions + conference
+ The conference is nearly sold out, if you didn't register yet, hurry up while there are still tickets left.
+ We expanded the two sold-out training courses - Rolf Rolles and Alex Ionescu will each train a second session July 12-14.
July 6-8: - Binary Literacy: Static Reverse Engineering by Rolf Rolles (sold out) - Binary Vulnerabilities and Exploit Writing by Gerardo 'gera' Richarte - Windows Internals for Reverse Engineers by Alex Ionescu (sold out) - Coding Unpackers for Fun and Profit: TitanEngine by Tomislav Pericin
July 12-14: - Binary Literacy: Static Reverse Engineering by Rolf Rolles - Windows Internals for Reverse Engineers by Alex Ionescu
++ Speakers lineup (Description at http://recon.cx/2010/speakers.html)
+ Keynote
- Richard Thieme - Ethical Considerations of Intelligence and Information Security
+ Speakers
- Pierre-Marc Bureau and Joan Calvet - Understanding Swizzor's Obfuscation Scheme - Ero Carrera and Jose Duart - Packer Genetics: The Selfish Code - Gynvael Coldwind and Unavowed - Syndicate Wars Port: How to port a DOS game to modern systems - Dino Dai Zovi - Mac OS X Return-Oriented Exploitation - Nicolas Falliere - Reversing Trojan.Mebroot's Obfuscation - Yoann Guillot and Alexandre Gazet - Metasm Feelings (30 minutes) - Travis Goodspeed - Building hardware for exploring deeply embedded systems - Sean Heelan - Applying Taint Analysis and Theorem Proving to Exploit Development - Alex Ionescu - Debugger-based Target-to-Host Cross-System Attacks - Ricky Lawshae - Picking Electronic Locks Using TCP Sequence Prediction (20 minutes) - Assaf Nativ - Memory analysis - Looking into the eye of the bits - Deviant Ollam - Finding Chinks in the Armor - Reverse-Engineering Locks - Sebastien Porst - How to really obfuscate your malware PDF files - Danny Quist - Reverse Engineering with Hypervisors - Jason Cheatham and Jason Raber - Reverse Engineering with Hardware Debuggers (20 minutes) - Stephen Ridley - Escaping the Sandbox - Igor Skochinsky - Intro to Embedded Reverse Engineering for PC reversers - Michael Sokolov - SDSL reverse engineering - Jonathan Stuart - DMS, 5ESS and Datakit VCS II: interfaces and internals - William Whistler - Reversing, better - Georg Wicherski - dirtbox, a highly scalable x86/Windows Emulator - Sebastian Wilhelm Graf - Rainbowtables re-implemented
++ Recon wouldn't be Recon without a Party!
- Saturday 10 July at Cafe Campus (http://www.cafecampus.com) - Open to everyone (not just Recon attendees) - Lightning talks (1-10 minutes each), come prepared! - More details to be posted on the website soon.
+ DJ & VJ (http://cruzcontrol.org/) - Banditos - DualCore (http://dualcoremusic.com/nerdcore/) - The Gulf Stream - HpNoTik - Kasdal - Ma" - YanKat - More to come
NO CARRIER
 
InfoSec News: Mass Web attack hits Wall Street Journal, Jerusalem Post: http://www.computerworld.com/s/article/9177904/Mass_Web_attack_hits_Wall_Street_Journal_Jerusalem_Post
By Robert McMillan IDG News Service June 9, 2010
Internet users have been hit by a widespread Web attack that has compromised thousands of Web sites, including Web pages belonging to the [...]
 
InfoSec News: Auditors Fault GSA Travel System Security: http://www.informationweek.com/news/government/enterprise-apps/showArticle.jhtml?articleID=225600134
By Elizabeth Montalbano InformationWeek June 9, 2010
Federal auditors have criticized the security and design of a General Services Administration e-travel system, suggesting changes to it as [...]
 
InfoSec News: Australian ISPs Adopt Industry Security Standard: http://www.eweek.com/c/a/Security/Australian-ISPs-Adopt-Industry-Security-Standard-421378/
By Brian Prince eWEEK.com 2010-06-09
A new industry standard for Internet Service Providers (ISPs) in Australia lays out how ISPs should respond to zombie computers and [...]
 
InfoSec News: Apple's Worst Security Breach: 114,000 iPad Owners Exposed: http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed
By Ryan Tate Gawker.com June 9, 2010
Apple has suffered another embarrassment. A security breach has exposed iPad owners including dozens of CEOs, military officials, and top politicians. They. [...]
 

Posted by InfoSec News on Jun 09

Forwarded from: Hugo Fortier <hfortier (at) recon.cx>

CONNECT 2010

+ + + +
+ + +
+ +
\ /
+ _ - _+_ - ,__
_=. .:. /=\ _|===|_ ||::|
| | _|. | | | | | | __===_ -=- ||::|
| ==| | | __...
 

Posted by InfoSec News on Jun 09

http://www.computerworld.com/s/article/9177904/Mass_Web_attack_hits_Wall_Street_Journal_Jerusalem_Post

By Robert McMillan
IDG News Service
June 9, 2010

Internet users have been hit by a widespread Web attack that has
compromised thousands of Web sites, including Web pages belonging to the
Wall Street Journal and the Jerusalem Post.

Estimates of the total number of compromised Web sites vary between
7,000 and 114,000, according to security...
 

Posted by InfoSec News on Jun 09

http://www.informationweek.com/news/government/enterprise-apps/showArticle.jhtml?articleID=225600134

By Elizabeth Montalbano
InformationWeek
June 9, 2010

Federal auditors have criticized the security and design of a General
Services Administration e-travel system, suggesting changes to it as
part of a yearly review of the agency's IT process.

In the Office of the Inspector General's semiannual report to Congress,
auditors said that the...
 

Posted by InfoSec News on Jun 09

http://www.eweek.com/c/a/Security/Australian-ISPs-Adopt-Industry-Security-Standard-421378/

By Brian Prince
eWEEK.com
2010-06-09

A new industry standard for Internet Service Providers (ISPs) in
Australia lays out how ISPs should respond to zombie computers and
attacks on the country's critical infrastructure.

An Australian collective of technology firms has developed an industry
code in cooperation with the country's government to help...
 

Posted by InfoSec News on Jun 09

http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed

By Ryan Tate
Gawker.com
June 9, 2010

Apple has suffered another embarrassment. A security breach has exposed
iPad owners including dozens of CEOs, military officials, and top
politicians. They.and every other buyer of the cellular-enabled
tablet.could be vulnerable to spam marketing and malicious hacking.

The breach, which comes just weeks after an Apple...
 
A glitch in AT&T's Web site has exposed the e-mail addresses of more than 100,000 iPad buyers.
 

Internet Storm Center Infocon Status