InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Open Handset Alliance Android Dailer Remote Denial of Service Vulnerability
The HP ElitePad 900 tablet, announced earlier Monday, has a screen resolution below what's required to run Snap, a unique feature that allows two apps to be viewed simultaneously.
Instagram has seen a huge spike in popularity among mobile device users over the past six months, pushing it past Twitter for the first time.
FreeType TrueType Font 'SHC' Heap Buffer Overflow Vulnerability
Microsoft will debut a major redesign of its MSN consumer web portal with a new layout and navigation scheme optimized for the upcoming Windows 8 operating system.
Apple will introduce a smaller iPad in two weeks, and if it holds to past practice, will start selling the new tablet in early November, according to a report today.
Worldwide ultrabook shipments are falling short -- way short-- of expectations, according to a report from IHS iSuppli released Monday.
Verizon has launched a hosted service for storing healthcare information for providers and insurers that meets HIPAAs strict privacy and security standards.
VMware Hosted Products 'vmware-vmx' Virtual Network Stack Information Disclosure Vulnerability
VMware Remote Console 'connect' Method Remote Format String Vulnerability
VMware View URL Processing Cross-site Scripting Vulnerability

For a few years now, October is designated National Cyber Security Awareness Month. The target audience of the awareness month effort is mostly consumers. This year's motto is the Internet is a shared resource and securing it is our Shared Responsibility.
We will feature a special diary each day in October in observance of cyber security awareness month. Realizing that our audience tends to be more technical, we are picking our own theme. This year, we picked Standards and Security. Many standards have important security components, and we will try to illustrate how particular standards affect current attacks. One of the great things about our group of handlers is that we have a very diverse background, geographically and professionally. To take this diversity into account, we will interpret the term standards very widely. You will see diaries about ISO standards, IETF standards (RFCs), W3C standards and so on. If there is a particular standard you would like to see covered: Let us know. This is also a great opportunity for guest articles (or guest diaries as we call them). If you would like to write something, let us know. Send the topic, and maybe a brief outline first to see if it fits.
Resources for Cyber Security Awareness Month:
http://www.staysafeonline.org (Main Cyber Security Awareness Month website)
http://www.securingthehuman.com (SANS Security Awareness Program)
Securing the Human will also be offering a number of free webcasts:
Why Security Awareness Matters- Tuesday, 02 Oct


Security Awareness: Planning For Success- Tuesday, 16 Oct


How To Create an Engaging Program People Want To Take- Tuesday, 13 Oct



Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Microsoft will debut a major redesign of its MSN consumer web portal with a new layout and navigation scheme optimized for the upcoming Windows 8 operating system.
Off all things, Trend Micro's centralised Control Manager software is vulnerable to a blind SQL injection attack. Trend Micro has released patches for both the affected versions 5.5 and 6.0 of the product

In an era when wireless data and phone service can cost a U.S. contract customer more than $1,200 annually, some lower-cost pre-paid options are emerging.
Premier 100 IT Leader Todd Coombes also answers questions on seeking a mentor and keeping up with changes in the industry.
If the community edition of the JBoss enterprise Java application server could no longer be called JBoss, what other name would you choose? JOpen? JWorker? JFree? JMinion? JBoss community users get to decide.
Verizon today said that it would not charge iPhone 5 customers for the bits they downloaded before Apple patched a data-draining bug.
The ex-FBI man's work laptop either was encrypted or had no sensitive data according to reports, but the theft from a hotel could have had much more serious consequences

Google's new Field Trip smartphone application offers users facts, photos and deals within their immediate proximity. The app is a free download from the Google Play store and is coming to iOS and international users soon.
Half of U.S. adults now have a mobile connection to the Web through a smartphone or tablet, up sizably from a year ago, according to a survey by the Pew Research Center.
Europe's top consumer watchdog received complaints about Apple's advertising of product warranties from 11 different countries.
AT&T will soon launch Sony's Xperia TL smartphone, which features Near Field Communication (NFC) but not LTE wireless. Pricing was not announced.
Security as a profession has come a long way in the last decade. This is not just noteworthy, it's also worth celebrating.
With just weeks before the public launch of Windows 8, users are five times less likely to be running the new OS than they were Windows 7 at the same point in its countdown, an analytics firm said today.
Java EE 7 and Java SE 8 will offer new capabilities in JavaScript programming and multicore processors, but PaaS cloud enhancements have been deferred
Sys admins are from Mars, developers are from Venus, and legal is from hell -- here's how to heal friction among IT factions
Pen testers often focus on system errors and application flaws, but employees are often an enterprise's greatest weakness, explains Chris Nickerson.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Expert Matt Pascucci examines free tools and offers simple tactics that organizations can use to streamline the network log analysis and management process.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Google Chrome Prior to 17.0.963.46 Multiple Security Vulnerabilities
Nokia and Oracle have joined forces on mapping, with details of the deal to be announced at the Oracle OpenWorld conference on Monday.
Moodle Multiple Security Vulnerabilities
The next version of Oracle's database will feature support for multitenancy as a critical feature, providing superior security, control and efficiency for software services delivered from the cloud, CEO Larry Ellison said Sunday during the OpenWorld conference in San Francisco.
Apple released on Sunday an update that fixes a problem where the iPhone 5 draws data from the carrier Verizon despite being connected to a Wi-Fi network.
Adobe announced on Monday a new version of its Acrobat desktop application for creating and editing PDF documents that now features integration with other Adobe cloud services and with Microsoft PowerPoint.
Hewlett-Packard on Monday announced the new ElitePad 900 tablet, which has Windows 8, and which the company says can be easily disassembled to replace components in order to save hardware and support costs.
While NoSQL may be getting all the buzz, in many cases an old fashioned relational database, such as MySQL, may work just as well if not better. That was the message from a number of MySQL users who presented their stories at Oracle's first MySQL Connect conference, held Saturday and Sunday in San Francisco.
As the countdown clock ticks toward Windows 8's launch later this month, Microsoft has still not shown that there will be enough apps to drive users toward the new OS, said analyst Patrick Moorhead.
Oracle is updating its widely used open source MySQL database, and a range of associated products, in order to meet the increasing demands of Web users.
At the CEATEC show that opens in Japan this week, the country's electronics manufacturers will show a host of products that are probably a few years from catching on, as well as a few design concepts that will need a bit longer than that.
It looks like a bull, trots at the speed of a wolf and carries equipment like a pack mule, but does it have a place on the battlefield of the future? Researchers are conducting a two-year study of a robot that promises to lighten the load that soldiers must carry and they gave it a high-profile demonstration in September.
With worldwide demand and prices at an all-time high, Western Digital's plans to use helium in its drives may be ill-timed as the world's reserves are quickly drawing down.

Posted by InfoSec News on Sep 30


By Bill Gertz
Washington Free Beacon
September 30, 2012

Hackers linked to China’s government broke into one of the U.S.
government’s most sensitive computer networks, breaching a system used
by the White House Military Office for nuclear commands, according to
defense and intelligence officials familiar with the incident.

One official said the cyber breach was one of Beijing’s most brazen...

Posted by InfoSec News on Sep 30


The New York Times
September 26, 2012

WASHINGTON -- For years, even as the United States carried out
sophisticated cyberattacks on Iran’s nuclear program and the Pentagon
created a Cyber Command, officials have been hesitant to discuss
American offensive cyberwarfare programs openly. Since June, in fact,
F.B.I. agents have been investigating...

Posted by InfoSec News on Sep 30


By Kim Zetter
Threat Level

The ongoing security saga involving digital certificates got a new and
disturbing wrinkle on Thursday when software giant Adobe announced that
attackers breached its code-signing system and used it to sign their
malware with a valid digital certificate from Adobe.

Adobe said the attackers signed at least two malicious utility...

Posted by InfoSec News on Sep 30


By Kelly Jackson Higgins
Dark Reading
Sept 27, 2012

First in an occasional series on knowing the attacker.

Chinese hackers operate more as big-box, thrifty enterprises with
bargain-basement mini-botnets and commodity malware. Eastern European
hackers run higher-end operations with bulletproof hosting...

Posted by InfoSec News on Sep 30


By Jordan Press
Postmedia News
September 29, 2012

OTTAWA - When a federal cyber-security expert gave his colleagues a
rundown of the hacktivist collective Anonymous, his coworkers were
impressed with his expertise - so impressed they jokingly became

"Seems like Ken is awfully knowledgeable about the inner workings of
Anon.," reads a Feb. 3 email to Luc...
Internet Storm Center Infocon Status