ISC is reporting that a new, remotely exploitable vulnerability has been found in all versions of BIND 9. A specially crafted dynamic update packet will make BIND die with an assertion error. There is an exploit in the wild and there are no access control workarounds. Red Hat claims that the exploit does not affect BIND servers that do not allow dynamic updates, but the ISC post refutes that. This is a high-priority vulnerability and DNS operators will want to upgrade BIND to the latest patch level.

Via: Slashdot

Nmap Security Scanner version 5 has been released. Significant performance improvements were made, and many scripts have been added. Nmap can now log into Windows a system and perform local checks such as Conficker detection.

Announcement
Changes
Download

Researchers have built a tool that automatically finds and exploits SQL injection and cross-site scripting vulnerabilities in Web applications.

The so-called Ardilla tool uses a technique developed by the researchers — MIT’s Adam Kiezun, the University of Washington’s Michael Ernst, Stanford’s Philip Guo, and Syracuse University’s Karthick Jayaraman — that creates inputs that pinpoint bugs in Web applications and then generates SQL injection and XSS attacks. Ardilla is for PHP-based Web apps.

There is also a table of results from analysis done against several PHP web applications

Via: darkREADING

OpenBSD 4.5 has been released today. This release includes OpenSSH 5.2 as well as various tweaks, bugfixes, and enhancements. New and extended platforms include sparc64, and added device drivers. See the announcement page for a full list

A piece of malicious software unwittingly shared over a peer-to-peer network in January was the key tool in what security researchers are saying was the first known attempt to create a botnet of Mac computers.

Researchers at Symantec say the Trojan, called OSX.Iservice, hid itself in pirated versions of the Apple application iWork ’09 and the Mac version of Adobe Photoshop CS4 that were shared on a popular peer-to-peer bittorrent network.

SecureMac has released a tool to remove the Trojan, and can be downloaded from here.

Via: cbc.ca

“The people who bring you the DroneBL DNS Blacklist services, while investigating an ongoing DDoS incident, have discovered a botnet composed of exploited DSL modems and routers. OpenWRT/DD-WRT devices all appear to be vulnerable. What makes this worm impressive is the sophisticated nature of the bot, and the potential damage it can do not only to an unknowing end user, but to small businesses using non-commercial Internet connections, and to the unknowing public taking advantage of free Wi-Fi services. The botnet is believed to have infected 100,000 hosts.”

Poorly configured devices that allow remote administration access from the WAN side, combined with weak passwords for root, appears to be the reason for the successful proliferation of the worm.

Via Slashdot

A bold new type of malware has been identified.  Its attack vector is based on hijacking the DNS settings for devices on a local area network. Any device regardless of operating system that depends on an internal or external name server can be affected.

The trojan configures and runs a rogue DHCP daemon on the infected host. Other devices on the same LAN are misled into using name servers settings provided by the trojan DHCP daemon for DNS lookups instead of using the origional configured name servers.

Devices on the network are then sent to fraudulent websites that can be more difficult to identify as imposters since the DNS lookups appear correct.

This is a more advanced attack of a well known vector of attacking a systems hosts file, but by being system agnostic and using the familiar DNS protocol, it is much more effective.

More details can be found at SANS

Techworld reports the following:

The world’s six largest computer drive makers have published the final specifications for a single, full-disk encryption standard that can be used across all hard disk drives, solid state drives (SSD) and encryption key management applications.

Read the full article at Techworld.

Technical problems with the license management servers at SonicWall Inc. created havoc last week for users of the company’s firewall and e-mail security products, leaving many companies temporarily unprotected against spam, phishing and malware threats.

The problems resulted in affected enterprise users of the SonicWALL UTM Firewall, Email Security, Content Security appliances temporarily having their content filter, intrusion prevention and antivirus protection disabled due to the reset of license keys that were treated as invalid.

More details on the matter can be read at the Register

Triggerfish, also known as cell-site simulators or digital analyzers, are nothing new: the technology was used in the 1990s to hunt down renowned hacker Kevin Mitnick. By posing as a cell tower, triggerfish trick nearby cell phones into transmitting their serial numbers, phone numbers, and other data to law enforcement. Most previous descriptions of the technology, however, suggested that because of range limitations, triggerfish were only useful for zeroing in on a phone’s precise location once cooperative cell providers had given a general location.

This summer, however, the American Civil Liberties Union and Electronic Frontier Foundation sued the Justice Department, seeking documents related to the FBI’s cell-phone tracking practices. Since August, they’ve received a stream of documents—the most recent batch on November 6—that were posted on the Internet last week. In a post on the progressive blog Daily Kos, ACLU spokesperson Rachel Myers drew attention to language in several of those documents implying that triggerfish have broader application than previously believed.

More details on Ars Technica