Information Security News

Lenovo has done a magnificent job giving the keyboard a full-size feel, but the 1366 by 768, 11.6-inch display suffers in comparison to the 12- and 13-inch displays of other ultraportable laptops.

Lenovo calls its ThinkPad X120e an ultraportable--and its new AMD Fusion CPU certainly endows the laptop with much better performance than netbooks have achieved in the past. But it's nowhere near as fast as the average Intel Core processor-based ultraportable. Lenovo has done a magnificent job giving the keyboard a full-size feel, but the 1366 by 768, 11.6-inch display suffers in comparison to the 12- and 13-inch displays of other ultraportable laptops. Given the choice between characterizing the X120e as an underpowered ultraportable or as a wonderful netbook, I'm going with the latter.

A teardown analysis of Motorola's Xoom tablet by IHS iSuppli found its materials cost nearly $360, compared with $320 for materials in the comparable 32GB iPad 3G.

Mozy tomorrow will notify MozyHome customers that it's preparing to release new apps for mobile devices based on Apple's iOS and Android; It will also announce a beta program for a file sharing service on those platforms.

Apple on Wednesday is expected to announce its latest iPad, but buyers are on the fence about purchasing the device and hope it will be a major upgrade from the original iPad.

Google will soon start letting Apps users buy additional storage for some of the applications in the hosted collaboration and communication suite.

A New Hampshire man who made US$8 million by installing unwanted dial-up software on computers and then forcing them to call expensive premium telephone numbers was handed down an 82-month sentence on Monday.

Verizon Wireless will join AT&T in adopting data caps soon, probably in mid-summer, Verizon CFO Fran Shammo said at an investor's conference Tuesday.

[SECURITY] [DSA 2163-2] dajaxice regression fix

Security cameras caught Samarth Agrawal stealing source code to a multi-million proprietary trading system used by Societe Generale.

IBM is hoping to take advantage of the demand for energy efficiency with new systems and services targeted at a variety of industries.

Apple should get a jump on the tablet competition Wednesday by dropping the price of the iPad and expanding its distribution, an analyst said today.

Using a robotic arm, astronauts brought a humanoid robot aboard the International Space Station on Tuesday.

Later this year, Oracle will begin requiring people interested in gaining Java and Solaris certifications to attend "hands-on" training courses, at an additional cost of thousands of dollars.

IBM is aiming to make it easier for enterprises to manage their virtualized environments, with new features in the Tivoli Provisioning Manager and other software products.

Microsoft's Internet Explorer gained more browser market share last month than at any time in the last three years, but at least part of the boost came from an accounting change by Net Applications.

Verizon Wireless sold more than 1 million iPhone 4 devices at the end of the first weekend of sales in February, according to a report from TheStreet.com that combined a top executive's comment with analyst estimates.

Google is bolstering its collection of Street View images by getting off the street and taking users into beautiful parks, castles, hiking trails and historic landmarks

HP's new 802.11n Wi-Fi access points include two models that support three data streams, capable of yielding a data rate of 450Mbit/sec. per radio, or 900Mbit/sec. per access point. That translates into greater throughput, sustained over longer distances compared with products that use two data streams.

Some tech groups have opposed a patent reform bill being debated in the U.S. Senate.

Apple is holding a special event at 1 p.m. ET Wednesday at which it is expected to unveil a new iPad tablet. Macworld will be livblogging the event as it happens.

PrestaShop Cartium Multiple SQL Injection Vulnerabilities

A former Apple manager accused of accepting kickbacks from Asian iPhone and iPod accessory suppliers pleaded guilty Monday in federal court and has been ordered to forfeit $2.3 million in money and property.

Online retail sales in the U.S. will grow solidly in coming years, helped in part by consumers' broad Internet connectivity options and their increased familiarity and satisfaction with e-shopping, according to Forrester Research.

DDIVRT-2010-30 Alcatel-Lucent OmniVista 4760 NMS 'lang' Directory Traversal Vulnerability [ CVE-2011-0345 ]

Virtual Censorship - Revenge and Retribution
CSO (blog)
Retribution and revenge have long been methods to suppress and prevent the spoken word from being heard. Even the threats of retribution are many times enough to stop actions from occurring. ...

Social media's emergence as a key business app is just one of the trends that have led to a point of no return on consumer IT. Dell's Paul D'Arcy explains -- and shares how CIOs can plan for and benefit from the consumerization of IT.

Two days after tens of thousands of Google Gmail users lost their e-mail, chat histories and contacts, the problem still is not fixed.

Logwatch Log File Special Characters Local Privilege Escalation Vulnerability

HTB22848: XSS in Mingle Forum wordpress plugin

HTB22849: Path disclosure in Mingle Forum wordpress plugin

HTB22858: SQL Injection in WP Forum wordpress plugin

CIO sat down with the head of actuarial studies at the Australian School of Business, University of NSW, Associate Professor John Evans, to talk risk management and the role it plays in the enterprise.

Information Builders announced a BI product suite that includes native capabilities for Apple and Android devices.

Seagate today announced its first 3TB internal hard disk drive, the 3.5-in Barracuda XT, which uses free software driver in order to allow legacy OSes, such as Windows XP, to access its full capacity.

SnapProof (cart.php) Cross Site Scripting

vsftpd 2.3.2 remote denial-of-service

[USN-1079-1] OpenJDK 6 vulnerabilities

Re: prestashop vuln: sql injection submitted to [email protected]

Security researchers have discovered a new mobile malware hidden in apps on unregulated third-party Android marketplaces.

Job of the Day: Peterson AFB IT Specialist
KOAA Colorado Springs News
The primary purpose of this position is to perform as the MAJCOM Lead INFOSEC, System Administration, and subject matter expert for the Geospatial Situational Awareness (GSA) Program to lead HQ AND Command-wide support for a variety of Logistics, ...

WeeChat SSL Certificate Validation Security Bypass Vulnerability

PHP user group president says Microsoft's effort to woo PHP developers qualifies as a success story.

Paul Devine, a former Apple manager accused of taking kickbacks from the company's suppliers in Asia, pleaded guilty to wire fraud, conspiracy and money laundering, the U.S. Department of Justice said Monday.

abcm2ps 'getarena()' Heap Based Buffer Overflow Vulnerability

Gianugo Rabellino traded his Linux and Mac PCs for a Windows 7 laptop, left the open source company he founded and moved to Redmond, Wash., for a new job with Microsoft. His goal: Improve Microsoft’s credibility within open source circles.

Google on Monday patched 19 vulnerabilities in Chrome, paying nine researchers $14,000 in bug bounties for reporting the flaws.

SAP will show an upcoming application called Sales OnDemand that could be a potential rival to Salesforce.com and Microsoft CRM Online.

Concerns about latency and questions about security and regulatory issues aren't stopping CIOs from moving key systems to the cloud, even if it means using apps hosted in data centers on the other side of the globe.

Motorola's versatile new Android smartphone outshines the iPhone in some ways, but falls short overall

InfoSec News: HBGary Federal CEO Aaron Barr Quits Due to Anonymous Attack: http://www.eweek.com/c/a/Security/HBGary-Federal-CEO-Aaron-Barr-Quits-Due-to-Anonymous-Attack-325042/
By Fahmida Y. Rashid eWEEK.com 2011-03-01
The embattled CEO of HBGary Federal has resigned his post three weeks after Anonmyous hacked into the company’s network and stole thousands of [...]

InfoSec News: [Dataloss Weekly Summary] Week of Sunday, February 20, 2011: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, February 20, 2011
13 Incidents Added.
======================================================================== [...]

InfoSec News: Death by BlackBerry crisis averted: http://www.smh.com.au/digital-life/mobiles/death-by-blackberry-crisis-averted-20110301-1bca6.html
By Asher Moses The Sydney Morning Herald March 1, 2011
With threats of cyber war on the horizon, one would think the Department of Defence has more pressing security concerns than whether politicians keep the flashing blue light on the top of their BlackBerry handsets on or off.
But the secretive Defence Signals Directorate (DSD) was so concerned that it instituted a recommendation requiring politicians to enable the flashing light on their taxpayer-funded mobiles.
It has now backflipped on the rule after senators rebelled, arguing it could cause serious accidents.
The seemingly innocuous BlackBerry light, which flashes blue when paired with a Bluetooth device such as a car hands-free kit, caused such consternation that Senator Stephen Parry used a Senate estimates hearing to rail against the Defence order to leave the light on and warned it was "exceptionally dangerous at night".
[...]

InfoSec News: WOOT '11 Call For Papers Now Available: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>
On behalf of the 5th USENIX Workshop on Offensive Technologies (WOOT '11) program committee, we invite you to submit papers that present research advancing the understanding of attacks on operating systems, networks, and applications. [...]

InfoSec News: Morgan Stanley hit by same attackers that breached Google: http://www.theregister.co.uk/2011/03/01/morgan_stanley_aurora_attacks/
By Dan Goodin in San Francisco The Register 1st March 2011
Morgan Stanley was hit by a “very sensitive” breach to its network by the same attackers who penetrated computer systems maintained by Google [...]

InfoSec News: Three-time Pwn2Own winner knocks hacking contest rules: http://www.computerworld.com/s/article/9211720/Three_time_Pwn2Own_winner_knocks_hacking_contest_rules
By Gregg Keizer Computerworld February 28, 2011
Organizers of Pwn2Own on Sunday defended the hacking contest's rules after a three-time winner criticized the challenge for encouraging [...]

InfoSec News: Newly Discovered Mac OS X, Android Trojans Reflect Cybercriminals' Expanding Targets: http://www.darkreading.com/insider-threat/167801100/security/vulnerabilities/229219534/newly-discovered-mac-os-x-android-trojans-reflect-cybercriminals-expanding-targets.html
By Kelly Jackson Higgins Darkreading Feb 28, 2011
Microsoft's and Adobe's software are still some of the biggest targets [...]

China Unicom announced a new smartphone and software platform Monday, Wophone, that will rival Apple's iPhone, Google's Android and China Mobile's Ophone offerings.

Two of China's biggest websites, the search engine Baidu and online retailer Taobao, were named as "notorious markets" in a new U.S. government report for allegedly supporting pirated and counterfeit goods.

Paul Devine, a former Apple manager accused of taking kickbacks from the company's suppliers in Asia, pled guilty in a San Jose federal court to wire fraud, conspiracy and money laundering, the U.S. Department of Justice said Monday.

Visitors to the London Stock Exchange's Web site were hit with malicious ads over the weekend, designed to pop up fake security messages on their computers.