Hackin9
A judge has ordered a partial retrial in Apple's patent lawsuit against Samsung in California, and has cut hundreds of millions of dollars from the $1 billion in damages that Apple was awarded last summer.
 
Guy Kawasaki, venture capitalist and former Apple chief evangelist, announced this week that he has taken on advisory work for Motorola Mobility - which is owned by rival Google.
 
A judge has ordered a partial retrial in Apple's patent lawsuit against Samsung in California, and has cut hundreds of millions of dollars from the $1 billion in damages that Apple was awarded last summer.
 
After a successful liftoff of the SpaceX Dragon on Friday, the company's engineers were working on a glitch in the spacecraft's thruster system, delaying a Saturday rendezvous with the International Space Station.
 
The social network sent press invitations to a March 7 event at the company's offices in Menlo Park, Calif. "Come see a new look for News Feed," the invite reads.
 
After a successful liftoff this morning, the SpaceX Dragon spacecraft is on its way to rendezvous with the International Space Station.
 
Microsoft may upgrade Office 2013 as often as four times a year, the company's top Office executive said this week, a massive change from decades of more measured development.
 
New legislation in the U.S. Senate that would allow Internet users to tell companies to stop tracking them is unnecessary and could slow e-commerce growth, some tech groups said.
 
Google is open-sourcing a new general purpose data compression library called Zopfli that can be used to speed up Web downloads.
 
SPEC, the standards body for performance benchmarks, has released a new toolkit that should help customers choose the most energy-efficient server for the workloads they need to run.
 
HP has reached the halfway point in its restructuring, with 15,000 employees left to cut to meet its layoff target by the end of next year, according to CEO Meg Whitman.
 
Oracle has ported one of its most coveted Solaris tools to the Linux platform, a real-time debugging tool called DTrace, though the company has made it officially available only for its own Oracle Linux distribution.
 
Rights groups fear widespread sharing of personal information; security managers see threat information sharing as key part of corporate cyber defenses
 
Video: Bruce Schneier explains why Google, Apple and others have adopted a feudal model of security, and the resulting data privacy concerns.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Government IT leaders who oversee sensitive or classified information require firm device-management policies to address security concerns before they will even consider allowing workers' personal smartphones and tablets behind the firewall.
 
Western Digital's HGST Labs announced a breakthrough in the ability to double HDD capacity through two innovative nantechnologies -- self-assembling molecules and nanoimprinting.
 
A security researcher has found a loophole in how the HTML5 Web Storage standard is implemented in the Google Chrome, Internet Explorer and Apple Safari browsers that could allow malicious websites to fill visitors' hard disk drives with large amounts of junk data.
 

As Johannes posted about at the end of January, were going to focus on IPv6 during the month of March. It probably wont be quite like our Cybersecurity Awareness Month posts in Oct, but we do want to look at the security issues and implications of IPv6. We are still open to suggestions for topics or guest diaries, so feel free to send them to us in e-mail or reach out via the contact page. To kick things off, I figured it would be worthwhile to point you to the diaries that we have done in the past with respect to IPv6, Johannes, Guy, and I have each written on the subject more than once. We also have some IPv6 videos, the 6to4 conversion tool, and the IPv6 tcpdump cheatsheet (though the first page doesnt seem to display all that well in the new HTML5 PDF viewer in Firefox 19, at least, not for me).



References:

https://isc.sans.edu/diary/IPv6+Focus+Month/15049

https://isc.sans.edu/tag.html?tag=ipv6

https://isc.sans.edu/ipv6videos/

https://isc.sans.edu/tools/ipv6.html

https://isc.sans.edu/presentations/ipv6.pdf

---------------

Jim Clausing, GIAC GSE #26

jclausing --at-- isc [dot] sans (dot) edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
[SECURITY] [DSA 2635-1] cfingerd security update
 
After a successful liftoff this morning, the SpaceX Dragon spacecraft is on its way to rendezvous with the International Space Station.
 
Companies with IT security strategies that focus mostly on complying with key standards are dangerously unprepared for emerging cyber threats, said security experts at the RSA Conference 2013 here this week.
 
ESA-2013-012: RSA® Authentication Agent 7.1.1 for Microsoft Windows® Access Control Vulnerability
 
Windows 8's uptake pace slowed in February for the third straight month, Net Applications said today.
 

The bad guys certainly seem to be picking on Oracle in the last month or two. The folks over at Fireeye have posted some info about another 0-day affecting Java that is being exploited in the wild. This one hits even the latest versions of Java 6u41 and 7u15. From the writeup the it seems the exploit is currently not always successful, but when it is drops a remote access trojan on the systme and connects back to an HTTP command and control server. I havent had a chance to actually look at the malware yet, so go read the Fireeye writeup for the indicators of compromise to look for in your network. Simultaneously, Adam Gowdiak has also informed Oracle of 2 different exploitable vulnerabilities (though at least one of his only affects 7u15, not 6u41), though those exploits are apparently not be used in the wild at the moment. In the meantime, all our previous advice still applies. If you dont need Java, dont install it/remove it. If you do need it, only enable it when you need it and/or run it inside another sandbox (SandboxIE, a sacrificial VM).

References:

http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html

http://www.zdnet.com/oracle-investigating-after-two-more-java-7-zero-day-flaws-found-7000011965/

https://isc.sans.edu/diary/When+Disabling+IE6+%28or+Java%2C+or+whatever%29+is+not+an+Option.../14947

---------------

Jim Clausing, GIAC GSE #26

jclausing --at-- isc [dot] sans (dot) edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Skype as a hacker's accomplice, measures to combat XSS, Keccak for C++, an analysis of a Java attack, a new security distribution, and videos from the RSA Conference


 
Multiple VMware Products CVE-2013-1659 Memory Corruption Vulnerability
 
Joomla! 'highlight' Parameter PHP Object Injection Vulnerability
 
A new exploit for a previously unknown and unpatched Java vulnerability is being actively used by attackers to infect computers with malware, according to researchers from security firm FireEye.
 
Cyber criminals are trying to exploit a previously unknown Java vulnerability. The issue also affects the version 6 branch that is no longer maintained by Oracle


 
The federal government's automatic budget cuts, due to begin Friday, may accelerate cost savings measures already in place. But there will be damage to IT spending, and a period of uncertainty as the government reacts to the cuts.
 
The three most popular free Web-based email services have all seen big changes recently, from revamped interfaces to advanced features. Does Google, Microsoft or Yahoo now deserve your webmail business?
 
NTT DoCoMo has launched a Twitter-based Yellow Pages service that offers information about regions around the country.
 
A court in the U.K. has ordered key Internet service providers in the country to block three torrent sites on a complaint from music labels including EMI Records and Sony Music.
 
Megaupload lost a bid on Friday to see a trove of evidence held by U.S. prosecutors prior to extradition proceedings expected to begin later this year in New Zealand.
 
A simple trick that works in most popular browsers can completely clog up a computer's disk space without any action on the user's part


 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status