InfoSec News

A healthcare software provider has upgraded its Gigabit Ethernet network to improve service to customers and reduce errors during backup.
 
Outgoing Hewlett-Packard CEO Leo Apotheker will get a severance payment of US$7.2 million, plus a $2.4 million performance bonus and additional stock benefits, according to documents filed with the U.S. Securities and Exchange Commission on Thursday.
 
Amazon's new Silk browser has raised some eyebrows among privacy and security experts because of the way it will by default connect to the company's cloud service.
 
Science Applications International (SAIC), a subcontractor and two former government employees will pay nearly $22.7 million to resolve allegations that they rigged bids for a $3.2 billion supercomputing contract with the U.S. General Services Administration, the U.S. Department of Justice announced Thursday.
 
Microsoft grabbed headlines Wednesday with its report about the successful takedown of the Kelihos botnet, but while the company detailed the achievements of its Digital Crimes Unit, it failed to mention the major role security firm Kaspersky Lab played in the operation.
 
New York City Mayor Michael Bloomberg wants to end the cap on H-1B visas and believes restrictive U.S. visa policies are a form of 'national suicide.'
 
A new form of mobile DDR3 memory that can speed up tablets, smartphones and laptops could appear in devices starting as early as late next year, with adoption ramping up in 2013, analysts said on Thursday.
 
Django Multiple Security Vulnerabilities
 
Mozilla Firefox CVE-2011-2995 Remote Memory Corruption Vulnerability
 

E-discovery laws: Having an information governance framework matters
SearchSecurity.co.uk
Unfortunately, many UK infosec pros don't realise how important e-discovery is. Some Europeans think [e-discovery] doesn't matter here, but the fact is that the rules of disclosure and discovery are no different in any jurisdiction. ...

 
When the "kill the laptop" breakout session was an unexpected success at our last event, CIO magazine editor in chief Maryfran Johnson knew mobility had become the hottest topic in IT.
 
Facebook's tracking technology has landed the social network in hot water, with two lawmakers calling for a Federal Trade Commission investigation.
 
Research in Motion said Thursday that it remains committed to the PlayBook tablet and the tablet market, discounting an analyst's report that said the death of the tablet is imminent.
 
Twitter, Facebook and other social media sites are often criticized for encouraging people to share thoughts of little consequence, but social scientists are finding that these electronic missives, when assembled en masse and analyzed with big data tools, offer a wealth of information about how people think and act.
 
Apache Error and Access Logs Escape Sequence Injection Vulnerability
 
Oracle April 2007 Security Update Multiple Vulnerabilities
 
PHP Multiple Input Validation Vulnerabilities
 
Apache HTTP Server Worker Process Multiple Denial of Service Vulnerabilities
 
Sensitive data including Social Security Numbers, names, addresses, phone numbers and personal health data belonging to about 4.9 million active and retired U.S. military personnel may have been compromised.
 
Based on past practice and recent reports, Apple will likely release iOS 5, the next version of its mobile operating system, in two weeks.
 
Tembria Server Monitor Cross Site Scripting Vulnerabilities and Password Encryption Weakness
 
DeepSec 2011 Conference - Final Schedule Published
 
[SECURITY] [DSA 2312-1] iceape security update
 
Sensitive data including Social Security Numbers, names, addresses, phone numbers and personal health data belonging to about 4.9 million active and retired U.S. military personnel may have been compromised.
 
 
 
 
Mozilla Firefox and SeaMonkey CVE-2011-3003 Remote Code Execution Vulnerability
 
Mozilla Firefox RegExp Remote Integer Underflow Vulnerability
 
Mozilla Firefox/Thunderbird/SeaMonkey Enter Key Dialog Bypass Weakness
 
Mozilla Firefox/SeaMonkey/Thunderbird CVE-2011-2999 Cross Domain Scripting Vulnerability
 
Research in Motion's PlayBook looks to be in trouble, as it appears that the smartphone maker has stopped production of the tablet and is actively considering getting out of the business.
 
oboinus Remote Arbitrary Shell Command Injection Vulnerability
 
Cisco IOS IPv6 over MPLS Multiple Denial of Service Vulnerabilities
 
Cisco IOS IPS and Zone-Based Firewall Multiple Denial of Service Vulnerabilities
 
Mozilla Firefox/Thunderbird/SeaMonkey Enter Key Dialog Bypass Vulnerability
 
Bitweaver 2.8.1 Multiple Cross-site Scripting Vulnerabilities
 
Google's Chrome is on the brink of replacing Firefox as the second-most-popular browser, according to one Web statistics firm.
 
RETIRED: Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-36 through -45 Multiple Vulnerabilities
 
Arbitrary memory corruption in NCSS 07.1.21
 
Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities
 
[ MDVSA-2011:138 ] wireshark
 
[security bulletin] HPSBUX02707 SSRT100626 rev.1 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
 
As early as 15 years ago, when memory sticks and SD cards started to become more and more prevalent, forensic researchers began looking into how evidence can be recovered from such storage media. Due to features like wear leveling and garbage collection, which automatically re-arrange content on the storage media even without instruction by the host computer, the consensus was that it is very difficult to make true forensic bit-level copies of flash storage media, and that it is even harder to obtain reliable copies of unallocated space.
Since then, both the size and usage of solid state disks (SSD) have grown significantly. Laptops and tablets are today often sold with SSD storage by default, and do no longer contain any spinning disk drives.
Recent research shows the full dilemma that this rapid adoption brought with it:

In an outstanding paper, Graeme Bell and Richard Boddington show the effects of what they call self-corrosion: how simply applying power to a SSD disk or memory stick can be sufficient for the on-board micro controller to start re-arranging and zeroing out storage sectors, and how this affects evidence preservation and recovery of deleted files. If you are pressed for time, scroll to chapter 6 on page 12, and just read their Recommendations and Guidance.
An equally interesting paper by researchers from UCSD shows the other angle of the same problem: How difficult it is to reliably erase content from SSD drives. The authors show that software used to wipe single files mostly does not work at all with SSDs, and that traditional software used to wipe entire drives often does not reliably erase the SSD media, either.

Conclusions:

If you are into forensics and evidence preservation, keep track of and familiarize yourself with all the types of SSD media in use in your company, and how they behave during forensic acquisition, before you actually need to do so in earnest on a real case.
If your company is still using the wipe and re-use processes developed for magnetic disks also for SSD media, update your procedures to include instructions for SSD media. Since the UCSD paper quoted above shows quite dismal results even when using the built-in Secure Erase command of the SSD device, you might have to come up with a combination of several erasing methods to more reliably scrub the disk. The best solution today is to deploy full disk encryption (TrueCrypt, etc) to portable devices with SSD media, because this addresses several risks (loss/theft/inability to wipe) in one swoop.



If you have pointers to recent research or suggestions on how to deal with forensic acquisition or secure wiping of SSD media, please let us know or comment below.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Within the IT security community, identity- and access-management (IAM) initiatives are considered high value, but are notoriously problematic to deploy. Yet despite IAM's complexity, it represents 30 percent or more of the total information security budget of most large institutions, according to IDC (a sister company to CSO's publisher).
 
A few years ago businesspeople carried a laptop on the road, used a desktop PC in the office, and worked on another PC at home. Maybe they had a BlackBerry, too--but only if they were real big shots.
 
Whether you're running a business out of your den or from a penthouse in the sky, you don't have time or money to waste on second-rate tools. These well-designed services and resources are among the best the Web offers for small and midsize businesses. Some include apps for smartphones and downloads for your desktop, but all of them provide the bulk of their features within a Web browser.
 
Today is the inaugural Box.net conference for customers and developers--BoxWorks. Box.net CEO and co-founder used the event to announce a slew of new features and updates, as well as a few key partnerships.
 
Perl 'decode_xs()' and 'File::Glob::bsd_glob()' Remote Code Execution Vulnerabilities
 
Zope Unspecified Security Vulnerability
 
Joomla! 1.7.0 and Prior Multiple Cross Site Scripting Vulnerabilities
 
Norman Security Suite 'nprosec.sys' Local Privilege Escalation Vulnerability
 
Cisco announced improvements to its video product line Thursday to make it easier for businesses to capture and share video, including a free app coming soon for iPad and iPhone.
 
A Russian security company has upgraded a phone-password cracking suite with the ability to figure out the master device password for Research in Motion's BlackBerry devices.
 
Apple trails behind Samsung in India's fledgling tablet market, which is largely driven by relevant content and low prices, according to research released Thursday.
 
Softbank, Japan's third-largest mobile carrier and exclusive purveyor of the Apple iPhone in the country, said Thursday it would launch in November a new data network allowing downloads of up to 110 Mbps, faster than many wired connections provide today.
 
T-Mobile USA asked a court on Wednesday leave to submit a brief of amicus curiae ("friend of the court") to prevent a preliminary injunction asked by Apple against the sale in the U.S. of Samsung's Galaxy S 4G smartphone and Galaxy Tab 10.1 tablet, citing its impact on holiday sales this year.
 
ZTE, one of China's largest network and phone suppliers, is working on several new tablets, including one built with Nvidia's newest quad-core Tegra 3 processor.
 
Skype has released version 2.5 of its application for Android, which allows Android-based tablets such as the Samsung Galaxy Tab 10.1 and Motorola Xoom to use its video calling feature, it said in a blog post on Wednesday.
 
A month with the updated Mac Mini was enough to convince columnist Michael deAgonia that Apple's entry-level computer impresses in both the office and the living room.
 
The Kindle Fire tablet, announced by Amazon.com on Wednesday, has three traits that make it competitive in a crowded tablet market: a low $199 price, a browser called Amazon Silk, and access to an abundant ecosystem of movies, music, apps, and books.
 
Nokia is planning to lay off an additional 3,500 employees, as the company continues to restructure after announcing its decision to focus on Microsoft's Windows Phone operating system.
 

Posted by InfoSec News on Sep 28

http://www.washingtontimes.com/news/2011/sep/28/inside-the-ring-866142641/?page=2

By Bill Gertz
The Washington Times
September 28, 2011

U.S. officials said there is evidence linking hackers in China to recent
cyber-attacks on Japan’s main defense contractor, Mitsubishi Heavy
Industries.

Mitsubishi stated Sept. 19 that 83 company computers at 11 places were
infected with a computer virus.

U.S. officials said military data was likely...
 

Posted by InfoSec News on Sep 28

http://www.darkreading.com/vulnerability-management/167901026/security/attacks-breaches/231602264/outdated-browsers-leave-many-enterprises-vulnerable-to-attack.html

By Robert Lemos
Contributing Editor
Dark Reading
Sep 27, 2011

Starting this month, a host of popular Web sites will warn users who are
surfing the Web on outdated browsers. The effort, spearheaded by the
Online Trust Alliance, aims to move the low-hanging fruit of
easy-to-attack...
 

Posted by InfoSec News on Sep 28

http://osvdb.org/show/osvdb/75811

Timeline

Disclosure Date Exploit Publish Date
2011-04-05 2011-04-05

Description

By default, Ducati Diavel motorcycles install with a default ignition
password. The bike can be started using a manufacturer default PIN, set
to the last 4 numbers of the Vehicle Identification Number (VIN), which
is publicly known and documented. This allows attackers to trivially
access the bicycle and...
 

Posted by InfoSec News on Sep 28

http://english.yonhapnews.co.kr/national/2011/09/28/81/0301000000AEN20110928003700315F.HTML

By Kim Eun-jung
Yonhap News Agency
2011-09-29

More than 2,700 hacking attempts to infiltrate South Korea's military
Web sites have been made in the last 14 months, a government report
showed Thursday, raising concerns over growing cyber threats to the
military security system.

The Ministry of National Defense said that its Cyber Command has...
 

Posted by InfoSec News on Sep 28

http://www.computerworld.com/s/article/9220356/Argonne_researchers_hack_Diebold_e_voting_system_

By Jaikumar Vijayan
Computerworld
September 28, 2011

Researchers at the Argonne National Laboratory this week showed how an
electronic voting machine model that's expected to be widely used to
tally votes in the 2012 elections can be easily hacked using
inexpensive, widely-available electronic components.

Roger Johnston, head of the...
 

Posted by InfoSec News on Sep 28

http://www.eweek.com/c/a/Security/Most-Organizations-Slipping-Out-of-PCI-Compliance-Within-a-Year-Survey-553745/

By Fahmida Y. Rashid
eWEEK.com
2011-09-28

Retailers and merchants are still falling short of payment card security
requirements, according to a new report.

The latest Payment Card Industry Compliance Report found that a majority
of small businesses in the United States, Europe and Asia have fallen
short of maintaining compliance...
 

Posted by InfoSec News on Sep 28

http://threatpost.com/en_us/blogs/hosting-provider-inmotion-hacked-thousands-sites-affected-092811

By Dennis Fisher
Threat Post
September 28, 2011

InMotion, a large hosting provider based in California, was compromised
in recent days and the attackers were able to replace the index files of
thousands of sites, defacing them and in some cases making it difficult
for site owners to recover and reload their sites.

The attack occurred on Sunday...
 
Internet Storm Center Infocon Status