Information Security News

ISC StormCast for Thursday, February 23rd 2012 http://isc.sans.edu/podcastdetail.html?id=2347, (Thu, Feb 23rd)

2012-02-22T20:00:10-0700

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Symantec's pcAnywhere Woes May Be Worse Than We Thought - PC Magazine

2012-02-22T20:00:09-0700

Sci-Tech Today

Symantec's pcAnywhere Woes May Be Worse Than We Thought
PC Magazine
Meanwhile, an anonymous security researcher posting on the InfoSec Institute website reported Wednesday that even patched versions of pcAnywhere may be vulnerable to attack. The researcher claimed that "core functionality in the product has and ...
Symantec's PCAnywhere Vulnerable to Source Code AttackeWeek
Researcher Releases Exploit Code That Can Allegedly Crash PcAnywherePCWorld
Researchers Note Risks for Symantec's pcAnywhereSci-Tech Today
Redmondmag.com -Australian Techworld
all 40 news articles »

Mobile app stores to require, disclose privacy policies

2012-02-22T20:00:07-0700

Apple, Google and other mobile platform providers will present privacy policies for all the apps offered in their stores as part of an agreement with the state of California.

Whitman gives HP harsh report card, outlines recovery plan

2012-02-22T20:00:07-0700

Hewlett-Packard has underinvested in its business and become "too complex and too slow," President and CEO Meg Whitman said Wednesday, offering a three-part turnaround plan to get the ailing company back on track.

Vuln: Microsoft Internet Explorer CVE-2012-0155 VML Handling Remote Code Execution Vulnerability

2012-02-22T17:00:11-0700

Microsoft Internet Explorer CVE-2012-0155 VML Handling Remote Code Execution Vulnerability

Report: pcAnywhere Code Unchanged for 10 Years - Redmondmag.com

2012-02-22T17:00:10-0700

Report: pcAnywhere Code Unchanged for 10 Years
Redmondmag.com
According to Infosec Institute's report, the best course for action would be to permanently block the ports used by the software and look for alternative remote desktop tools, even for those that have patched their software.

Next round of 'meaningful use' rules for eHealth records expected Thursday

2012-02-22T17:00:08-0700

The second of three sets of rules established by the federal government for attaining 'meaningful use' of electronic medical records by healthcare facilities is expected to be published online Thursday.

Lebanese Yellow Pages Website hacked

2012-02-22T17:00:07-0700

Lebanese hackers Mad Hackerz have started a campagin agasint there own country starting out with a defacing and then a data leak from the world wide known directory websites, yellow pages.

HP profit falls 44 percent amid weak PC sales

2012-02-22T16:00:08-0700

Hewlett-Packard's profit dipped sharply in the first quarter as consumers slowed spending on its PCs and printers, HP announced Wednesday.

Apple to open another data center in Oregon

2012-02-22T16:00:08-0700

Apple has bought a vast sprawl of land in Prineville, Oregon, where it will open a data center, the company said on Wednesday.

Adobe to Linux users: Get Chrome or forget Flash

2012-02-22T16:00:08-0700

Adobe today said that it would stop offering direct downloads of Flash Player for Linux, telling users to move to Google's Chrome browser, which bundles Flash with its updates.

Google updates Docs on Android and improves presentation app

2012-02-22T16:00:08-0700

Google has expanded the functionality of its Docs word processing application on Android devices while simultaneously improving the Docs presentation application for desktop browsers.

Feds request DNS Changer extension to keep 400K users online

2012-02-22T16:00:08-0700

U.S. government officials have asked a New York judge to extend an impending deadline that could sever ties to the Internet for hundreds of thousands of users infected with the "DNS Changer" malware.

Oracle lawsuit alleges 'gray market conspiracy' over support services

2012-02-22T16:00:08-0700

Oracle is alleging that two companies violated its intellectual property as part of a "gray market" conspiracy to provide support for Oracle's Sun Solaris OS and hardware, according to a lawsuit filed last week in U.S. District Court for the Northern District of California.

Vuln: Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability

2012-02-22T15:00:11-0700

Microsoft Internet Explorer Use-After-Free Remote Code Execution Vulnerability

Vuln: Microsoft Windows ASX File Parsing Remote Buffer Overflow Vulnerability

2012-02-22T15:00:11-0700

Microsoft Windows ASX File Parsing Remote Buffer Overflow Vulnerability

ISC Feature of the Week: Handler Diaries, (Wed, Feb 22nd)

2012-02-22T15:00:10-0700

Overview
Internet Storm Center features daily handler diaries with summarizing and analyzing new threats to networks and internet security events. Diaries range from 0day vulnerability announcements to the latest software update releases. If it's security related, we'll probably put up a diary about it!
The ISC homepage https://isc.sans.edu always displays the last 24 hours of diaries. The top and bottom of every diary, wherever it is listed, contains a previous/next navigation link that will iterate through all the diaries in order. You can click the title to view the full diary page.
What's in a Diary?
A Diary title is always an active link so you can right-click and copy to send to a friend or co-worker you think would be interested in the information. Alternatively, there is a Share menu to the right of the title if you want to publicly share on any number of social networking sites!!
Under the title you will see the original published date and the last updated date if any changes have been logged to the diary. Below that you will see the name of the handler that authored the diary and version number. The Rate this diary is currently disabled but should be back soon.
The number of comments displays how many comments have been added and is a link that will take you straight to the comments section below the diary. You can leave a comment if you are logged to your ISC/DShield account. Not logged in? No worries, just click the link, login and you should be brought right back to leave your comment. The Alias will default to what you have set in Your Information https://isc.sans.edu/myinfo.html but you can change it to whatever you want. Every comment is vetted by the handlers and inappropriate or blatant ads are removed.
The diary content will vary. It can contain anything from just a few lines of text, sometimes with web links, to a full tutorial with illustrated graphics. A handler will have their own custom signature at the end of every diary posted. If an announcement is short and doesn't require a lot of detail, a handler may post a oneliner which is highlighted with a different background/border and generally just one sentence.
A Keywords list follows the diary content. This is a individually linked list that will take you to a page displaying a table of all the diaries that contain that same keyword, along with the date published and author.
How can I find past dairies?
The easiest way to find past diaries is to search for keywords as explained here https://isc.sans.edu/diary/ISC+Feature+of+the+Week+ISC+Search/12496. ALL the diaries can be listed by date on the Diary Archives page https://isc.sans.edu/diaryarchive.html. This is useful if you know the general timeframe or title text of a specific diary or just want to skim titles as an entire month is shown at once.
The site footer always contains some of the most recent Diary Archives in the center as well as a link to all the archives page. The homepage also lists some more of the most recent diaries as well as a link to the Diary Archives page https://isc.sans.edu/diaryarchive.html. There is also a link to the archives after every comment section on the diary page.
How can I get these diaries you speak of?
Well, you can make https://isc.sans.edu your default browser page so you don't miss anything.
You can also receive full or title only diaries by subscribing in your favorite RSS reader. The links can be found here https://isc.sans.edu/xml.html#rss

Let us know in the section below if you have suggestion or feeback about our diaries or send us any questions or comments in the contact form at https://isc.sans.edu/contact.html
--

Adam Swanger, Web Developer (GWEB)

Internet Storm Center (http://isc.sans.edu)

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

FCC chairman calls on ISPs to adopt new security measures

2012-02-22T15:00:07-0700

U.S. Internet service providers should take new steps to protect subscribers against cyberattacks, including notifying customers when their computers are compromised, the chairman of the U.S. Federal Communications Commission said Wednesday.

How to go hybrid

2012-02-22T15:00:07-0700

When online marketing firm Hubspot started in 2006, the company's IT needs were not very taxing, but they expanded quickly as the company realized success.

Healthcare CIO group decries ICD-10 delay by government

2012-02-22T15:00:07-0700

An organization that represents CIOs and other healthcare IT leaders is protesting government plans to delay a deadline requiring a new medical coding system.

University of Central Florida Hacked by @b4lc4nh4ck

2012-02-22T15:00:06-0700

The target website was http://www.getinvolveducf.com University of Central Florida Office of Student Involvement and the leaked information was announced to us via twitter.

Cyberespionage attacks shine harsh light on security technology failures

2012-02-22T14:00:08-0700

High-profile attacks on Nortel, RSA and others have thrust cyberespionage attacks into the spotlight ahead of RSA Conference 2012

RSA 2012 talk to offer help understanding IPv6 security issues

2012-02-22T14:00:08-0700

Understanding IPv6 security issues can be a challenge, but the protocol's co-inventor says enterprises can no longer afford to ignore IPv6 security concerns.

Vuln: Advantech WebAccess Multiple Remote Vulnerabilities

2012-02-22T14:00:08-0700

Advantech WebAccess Multiple Remote Vulnerabilities

Amazon cloud service automates business processes

2012-02-22T14:00:05-0700

Amazon's newest offering, announced Wednesday, is designed to ease application development and automate business processes.

FCC chairman wants ISPs to adopt new security measures

2012-02-22T13:00:07-0700

Price of DRAM plunges to all-time low of around $1

2012-02-22T13:00:07-0700

Prices of DDR3 DRAM memory used in laptops and desktops have dipped to an all-time low of around $1, and will continue to fall, which could help PC makers pack more memory into computers, analysts said.

Verizon users whacked with another LTE outage

2012-02-22T13:00:07-0700

Verizon's 4G LTE network has been knocked offline again just two months after its last serious outage.

OS X should embrace multiple displays

2012-02-22T13:00:07-0700

For most of my life, I've been a single screen kind of guy. I spent the vast majority of the last several years working from a 13-inch MacBook. When I did eventually add a 27-inch Cinema Display to the mix, it took at least two weeks before I was willing to finally stop piling all my windows into roughly the same amount of space as that MacBook screen.

Google's smart glasses reportedly coming in 2012

2012-02-22T12:00:08-0700

The New York Times reported Wednesday that Google's new Android-based goggles will be priced between $250 and $600, and include a 3G or 4G data connection along with motion and GPS sensors.

BSA: The world is not yet cloud friendly

2012-02-22T12:00:07-0700

The United States is the fourth friendliest country in the world for global cloud interoperability, according to a new study from the Business Software Alliance. But, the organization said a "patchwork" of laws and regulations around the world is holding back cloud adoption internationally.

Researcher: 200,000 Windows PCs vulnerable to pcAnywhere hijacking

2012-02-22T12:00:07-0700

As many as 200,000 systems connected to the Internet could be hijacked by hackers exploiting bugs in Symantec's pcAnywhere, including up to 5,000 point-of-sale programs that collect credit card data, a researcher said today.

Ranking 24 Nations by Cloud Policy

2012-02-22T11:00:15-0700

The Business Software Alliance surveyed 24 countries that comprise lion's share of global information and communication technologies market to identify the most cloud-friendly policy environments. Where does the U.S. rank?

Researcher releases exploit code said able to crash pcAnywhere

2012-02-22T11:00:15-0700

Exploit code targeting a newly identified vulnerability in Symantec's pcAnywhere computer remote control product has been published on the Internet, exposing its users to possible attacks that disrupt the software's functionality.

Group files FTC complaint against Google for privacy changes

2012-02-22T11:00:15-0700

The U.S. Federal Trade Commission should force Google to halt its plan to consolidate user identities across its services and fine the company for violating an October privacy settlement with the agency, privacy group the Center for Digital Democracy said in a complaint filed Wednesday.

Groups ask FCC to block Verizon spectrum deals with cable providers

2012-02-22T11:00:14-0700

The U.S. Federal Communications Commission must block Verizon Wireless from buying wireless spectrum from cable providers because two proposed deals would concentrate too much spectrum in the hands of one company, a coalition of advocacy groups said.

Microsoft complains to the EU about Motorola Mobility

2012-02-22T11:00:14-0700

Microsoft has filed a formal complaint with the European Commission against Motorola Mobility for alleged abuse of essential patents.

Bugtraq: [ MDVSA-2012:023 ] libxml2

2012-02-22T10:00:10-0700

[ MDVSA-2012:023 ] libxml2

Bugtraq: Multiple XSS in Chyrp

2012-02-22T10:00:10-0700

Multiple XSS in Chyrp

SMART Storage releases SSD with consumer flash, enterprise endurance

2012-02-22T10:00:07-0700

SMART Storage today announced an MLC-based SAS SSD that it says approaches the resiliency and performance of an SLC NAND flash drive that it said is suitable for top tier enterprise use.

MYSQL, NERO, US Miliatary Exposed as vulnerable by @D35m0nd142

2012-02-22T10:00:06-0700

@D35m0nd142 has discovered and rediscovered a few vulnerable sites that carry big names. Its not the first time either that D35m0nd142 has hacked and exploited high profile sites as we have seen close to 100 over the past few months.

Bugtraq: [ MDVSA-2012:022 ] libpng

2012-02-22T09:00:14-0700

[ MDVSA-2012:022 ] libpng

Bugtraq: Multiple security vulnerabilities in Tremulous 1.1.0, GPP1, and unofficial MG and TJW engines

2012-02-22T09:00:14-0700

Multiple security vulnerabilities in Tremulous 1.1.0, GPP1, and unofficial MG and TJW engines

Bugtraq: [SECURITY] [DSA 2415-1] libmodplug security update

2012-02-22T09:00:14-0700

[SECURITY] [DSA 2415-1] libmodplug security update

Bugtraq: [SECURITY] [DSA 2414-1] fex security update

2012-02-22T09:00:14-0700

[SECURITY] [DSA 2414-1] fex security update

Security B-Sides Announces 2012 Speaker Line-Up and Participants at B-Sides ... - MarketWatch (press release)

2012-02-22T09:00:12-0700

Security B-Sides Announces 2012 Speaker Line-Up and Participants at B-Sides ...
MarketWatch (press release)
"2012: The End of Security Stupidity" panel by Amit Yoran, Kevin Mandia, Ron Gula and Roland Cloutier -- "So you want to be the CSO" by Daniel Blander -- "Across the Desk: Different Perspectives on InfoSec Hiring and Interviewing" by Lee Kushner ...

and more »

Find the best mobile tax filing app for iOS

2012-02-22T09:00:10-0700

When it comes to giving Uncle Sam his due, we're dealing with an embarrassment of riches. Want to use an online service to prepare and file your tax return? You've got at least five online tax preparation sites to pick from. More comfortable with traditional desktop products? I've looked at both TurboTax Premiere 2011 from Intuit and At Home Premium 2011 from H&R Block. And if you're turning to an iPhone or iPad for an increasing number of day-to-day tasks, tax app makers have something to offer as well.

Vuln: Dolibarr 'adherents/fiche.php' SQL Injection Vulnerability

2012-02-22T08:00:10-0700

Dolibarr 'adherents/fiche.php' SQL Injection Vulnerability

Vuln: freelancerKit SQL Injection and HTML Injection Vulnerabilities

2012-02-22T08:00:10-0700

freelancerKit SQL Injection and HTML Injection Vulnerabilities

Vuln: Fork CMS Cross Site Scripting and Local File Include Vulnerabilities

2012-02-22T07:00:11-0700

Fork CMS Cross Site Scripting and Local File Include Vulnerabilities

Apache 2.4 Features, (Wed, Feb 22nd)

2012-02-22T07:00:10-0700

The Apache Foundation released version 2.4.1 of its popular web server, including a number of interesting changes [1]. Among the features, I would like to highlight some of the security relevant changes:
- more granular logging. Logging is always a tedious and often overlooked security component. Apache 2.4 will allow for log levels to be configured on a per-directory level.
- various changes to timeouts. We had a number of tools over the last few years that attacked web servers by exhausting connections. The new timeout changes may help with that, but over all, I don't think there is a simple fix for this problem.
- changes to the proxy configuration. Some use apache not just as a web server, but as a proxy to restrict access to resources, or as a load balancer. This can help with security, but in the past, bugs in Apache's implementation of these features has caused problems.
- Apache now includes a mod_session that will have Apache take care of sessions. This includes support for encrypted sessions, and support for session based authentication. Really have to see how this will all work in more detail. It appears that headers will be used to add data to sessions. This could be a new opportunity to exploit http response splitting. Note that the session information may be stored on the client, not just the server. Unencrypted sessions on the client could pose interesting security issues.
- mod_ssl has been improved to allow it to check for invalid client certificates via OCSP.
Version 2.4.1 is now available for download. I recommend you start testing it, but hold off on using it in production until some of the features have been debugged.
[1] http://httpd.apache.org/docs/2.4/new_features_2_4.html
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

AT&T vs. Verizon: LTE showdown in the Big Apple

2012-02-22T07:00:06-0700

AT&T is rolling out its 4G LTE service in selected markets across the country. How does the new network stand up to Verizon's more mature offering in terms of availability, speed and price?

UK gets its own version of English in Windows 8

2012-02-22T07:00:06-0700

Microsoft's Windows 8 operating system will have the U.K. version of English as a display language option, to address customers in that country, and some other countries like South Africa, India, Ireland, and Australia that use the version of the language.

Vuln: RabidHamster R4 File Disclosure and Multiple Buffer Overflow Vulnerabilities

2012-02-22T06:00:10-0700

RabidHamster R4 File Disclosure and Multiple Buffer Overflow Vulnerabilities

Vuln: Yoono Extension 'create' Field HTML Injection Vulnerability

2012-02-22T06:00:10-0700

Yoono Extension 'create' Field HTML Injection Vulnerability

DIARY-US MEETINGS/WEEK AHEAD - Reuters

2012-02-22T06:00:09-0700

DIARY-US MEETINGS/WEEK AHEAD
Reuters
... at Morgan Stanley Tech Conf 27 Feb 22:10 Parametric Tech Corp. at Morgan Stanley Tech Conf 27 Feb 22:10 Scripps Networks Interactive at Morgan Stanley Tech Conf 27 Feb 23:00 Akamai Tech at AGC West Coast Info Sec & Growth Conf 27 Feb 23:40 ANCESTRY ...

and more »

Windows Server 8 to be storage-focused OS

2012-02-22T06:00:07-0700

With the beta of Windows Server 8 to be released in the next few weeks, Microsoft executives said the next-generation OS is focused squarely on storage.

Node.js tools: Server-side JavaScript comes of age

2012-02-22T06:00:06-0700

Node-inspired development environments and cloud platforms are rapidly remaking the Web application stack

CBI, Central Bureau Of Investigations India taken offline by Bangladeshi Cyber Army

2012-02-22T05:00:06-0700

BCA, Bangladeshi cyber army, a self claimed largest hacking group in bangladeshi has taken the CBI offline and as a result the sites been down for some time now due to the attack.

SANS Institute Makes its Largest Training Event of the Year, SANS 2012 ... - Bradenton Herald

2012-02-22T04:00:07-0700

SANS Institute Makes its Largest Training Event of the Year, SANS 2012 ...
Bradenton Herald
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...

Cybersecurity Hype

2012-02-22T04:00:05-0700