Cisco IronPort Email Security and IronPort Security Management Appliances contain a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges.  Fixed software versions or patches are not yet available.  Configuration workarounds that mitigate this vulnerability are available.

Cisco IronPort Email Security Appliance (C-Series and X-Series) versions prior to 7.6.0 and IronPort Security Management Appliance (M-Series) versions prior to 7.8.0 are affected by the FreeBSD telnetd remote code execution vulnerability documented by Common Vulnerabilities and Exposures (CVE) identifier CVE-2011-4862.  This one scores a 19 out of 20 on the CVSS score (BASE & TEMPORAL), so you may want to exercise the workaround on this one.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport

This is a serious step, and I applaud Symantec for coming clean on the risks of this powerful and popular product.  Most vendors woould simply warn users of increased risk and provide workaround and mitigation steps that may or may not be implementable or effective.  I hope that Symantec can release new code quickly, and overcome this unfortunate problem.

Moore found he was able to listen in on meetings, remotely steer a camera, and zoom in on items in the room to read proprietary information on documents.  Most expensive videoconferencing systems offer encryption, password protection and camera lock down capabiilties, but they found that administrators were setting them up outside of firewalls for convenience, and not properly configuring security features.  Some systems were set up to automatically accept inbound calls, opening the way for anyone to call in and eavesdrop on a meeting.

“These are literally some of the world’s most important boardrooms — this is where their most critical meetings take place — and there could be silent attendees in all of them.”

Time to review your video and conference  call setups, folks.  It would be terrible to find out that privileged client or finiancial information was so easily obtainable AFTER the fact!

So, what does that indicate to you?

• Does Twitter know that the Internet is a dangerous playground, and is investing in application security from the inside out?
• Are they hedging their bets that they can re-enter the security market with a new Twit-Brand?
• Was it just the right time and place to merge development resources?

Still seething over the arrest of Megaupload mogul Kim Dotcom, Anonymous tweeted the following:

Just out of curiosity, what would you like to see #Anonymous hack next? Tweet and let us know…

They are vowing to keep up the pressure, launching attacks and causing disruptions until Dotcom is released.

.

.

Highlights from the Cisco 4Q11 Global Threat Report include:

• An overall average of 362 Web malware encounters per month occurred throughout 2011.
• Enterprise users experienced an average of 339 Web malware encounters per month in the quarter.
• The highest average rate of encounters occurred during September and October (698 and 697).
• An average of 20,141 unique Web malware hosts were encountered per month in 2011, compared to 14,217/month in 2010
• During 4Q11, 33% of Web malware was zero-day, not detectable by traditional signature-based methodologies.
• The rate of SQL injection signature events remained steady, with a slight decrease observed as the quarter progressed.
• Denial-of-service events increased slightly over the course of 4Q11.
• Global spam volumes continued to decline throughout 2011.

The new Cisco Security Intelligence Operations (SIO) portal provides early-warning intelligence, threat and vulnerability analysis, and proven Cisco mitigation solutions to help protect your network.  Cisco Global Threat Reports, as well as previous publications, including the Cisco Annual Security Reports, are now located there.

Download a copy of the Cisco 4Q11 Global Threat Report.

“We hold that the government’s installation of a GPS device on a target’s vehicle, and its use of that device to monitor the vehicle’s movements, constitutes a ‘search,” Justice Antonin Scalia wrote.  They declined to clarify whether that search was unreasonable and required a warrant.

Core Security Technologies is a computer and network security company that provides penetration testing and security measurement software products and services.  The company’s research arm, CoreLabs, identifies security vulnerabilities, publishes advisories, and works with vendors to eliminate the exposures they find.

Core is dismissing the attack as insignificant, claiming that it was launched against an 8 year old, unused server that contains no relevant information.

Questions;

• What is an unused server doing connected to the internet?
• What access does it offer to other internal and external resources?
• Just how irrelevant is the information that is stored on it, or accessible using its credentials?

HC’s question:  Why do we connect on LinkedIn?  When I log into LinkedIn, I usually see just line after line, “So-as-so is now connected to So-and-so…”.  Okay, that’s great.  Then I see that I have something in my Inbox, and it’s a couple of folks I’ve never met, or perhaps someone who attended a presentation, who wants to connect with me.  For the past couple of months, I’ve been asking folks, “why do you want to connect with me?”  What’s the value in this “relationship” to you?  Most often, the response is, “oh, sorry to offend…”, and then nothing else.  The thing is…I’m not offended.

I too have been asking, if I didn’t invite the link, what the nature of the request is, or how I can help them otherwise.  Again, not intended to offend, I have always been somewhat selective with my Social Networking connections.  I will gladly share information with others, but will try my hardest to avoid sharing others’ information.  In my 5 or so years on LinkedIn I still only have 250 connections.

There are people in the “real world” that are members of my LinkedIn network.  People that I have worked very closely with, care a good deal about, and respect greatly.  I want to make myself avaialble to them as easily as possible, and am on the move often, have changed email addresses and phone numbers, and may only be in their thoughts occassionally (Security folks are about as popular as Auditors at parties).  I use LinkedIn to serve that purpose.  My info and locale may change, but you can find me there.

There are also people on my roster that I have met, worked with, attended conferences with, or had business conversations with somewhere.  Acquaintances.  I like to keep up with where they are working, what they are working on, and occassionally ping them to get together socially or professionally if a mutually interesting topic or activity presents itself.  They also offer a symbiotic relationship; they are often a source of continued employment through contacts and contracts, and recipients of investigative efforts and intell should their need arise.

There are also people that I have never directly met.  These are the few individuals that I have email-based conversations with, have authored books on subjects that I am interested in, published research or useful tools, and have impressed and/or influenced me in some positive manner.  I link with these folks more selfishly than with others, as I am interested in what they are becoming interested in.  They are my thought leaders, if you will.  I look to see what areas they are exploring, what keeps them awake at night, what do they fear is hiding over the horizon?  They provide initial links to papers about new discoveries, vulnerabilities, threats, and solutions.  I hope that if they spot something new in the InfoSec or IT domains, they will share it on LinkedIn, and allow me to start looking over my own shoulder, and the shoulders of those I hold near and dear.

The value of these relationships, and my LinkedIn relationship with HC, is selfish.  I work in Information Security, and often in the field of Incident Response.  This is a field that is both complex and dangerous.  Not dangerous like police work, I don’t anticipate being shot at every morning, but there is a hint of danger in that I am the thin pink line between some organized crime boss and the loot stored in the electronic vault.  In some places, that can make you a real target.  I respect the work that HC has done, have read a couple of books with his name on them, and have placed his name in my online rolodex to be pulled out if the event arises that I come across something that I and perhaps my local, trusted, CSIRT buddies can’t figure out for ourselves.  I don’t solicit his opinion on things lightly, as I assume that he has bills to pay, consults on things that require his expertise, and may not appreciate every Tom Dick and Mark constantly pleading for free advice.  I haven’t needed to bother him to date beyond the initial link request, as I prefer to do my own homework, until I reach my limits, then look to engage the closest allies first.  It is reassuring to know that I can access HC if I need to, though.

I may never reach out to HC, and I solicited a connection to him with a selfish heart.  Now I ask you all, if we are linked-in, why did you accept my request, and why do you link to others?