InfoSec News

A secretive volunteer group that tries to track terrorists and criminals on the Internet went to the Defcon hacker conference this past week in hopes of recruiting information security experts, but it will first have to overcome some skepticism.
 
The Entourage Edge looks like a bright red notebook PC until you flip it open to reveal its true, dual-screen colors. On one side is an oversize, touch-enabled E-Ink digital paper display, and on the other side, a bright touchscreen LCD from which you can runs apps, including e-mail and a browser via built-in Wi-Fi (or an optional broadband connection using the Edge's SIM card slot). With the addition of a built-in Webcam, mic, and audio player, it's a potentially powerful combination, but several shortcomings--most notably its 3-pound weight and high price ($499, price as of June 7, 2010)--will limit its appeal to mainstream users.
 
Android took the top U.S. spot among smartphones shipped in the second quarter, according to new research from Canalys.
 
Microsoft today said that it will not sell upgrades for the upcoming Office for Mac 2011, mimicking the move it made earlier this year when it ditched upgrades for the Windows Office 2010.
 
Global chip sales jumped in the second quarter on robust demand for PCs and wireless handsets, the Semiconductor Industry Association said on Monday.
 
Intel and GE will combine health-IT assets to form a company that focuses on providing medical care technologies to the elderly and people with chronic illnesses, the companies announced on Monday.
 
Two MIT students may have helped WikiLeaks suspect Bradley Manning spirit classified information out of military databases, according to CNN.
 
With an impending influx of more than 16 million new Medicaid recipients under national healthcare, state CIOs are quickly trying to update IT systems to share information with other agencies and support state health insurance exchanges, a new report shows.
 
Astronauts will use robotics in at least one of two emergency spacewalks needed to make critical repairs to the International Space Station after part of its cooling system stopped working over the weekend.
 
Metal Detector is an app that falls into the "wow, that's cool" category, but don't expect it to turn your Android device into a replacement for a real metal detector. Several reviewers have commented that this app could more accurately be described as a magnetic field detector. My tests seem to bear out this assertion: Electronic devices and live power cords will trigger Metal Detector; ferrous (iron-based and therefore magnetic) metals will trigger it too--but nonferrous metals like aluminum will not.
 
Still playing Spore? Compositing stretchy limbs and bulging organs? Shaking your double-tailed, spike-tipped derriere? Exploring not-so-strange "new" worlds?
 
There are many companies that are using windows kiosk to provide people an alternate way to provide automated customer service. These kiosk are even developed sometimes by the same company.
How to tell if they provide enough security level? When I have had to answer that question, I have found useful iKAT, which is a tool to test how secure is a Kiosk by telling if it can spawn a shell or other programs, crash the browser, navigate to forbidden sites, among many other interesting plugins. You can also find iKAT for Linux.
-- Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander| http://manuel.santander.name| msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft today issued an emergency patch for the critical Windows shortcut bug attackers have been exploiting for several weeks.
 
If you find navigating and typing text on your Android phone to be frustrating, Gesture Search may provide some relief. Just start drawing letters (gestures) on the touchscreen, and Gesture Search will match results from your installed apps, Contacts, music, and browser bookmarks. Each subsequent letter you draw will further refine the search.
 
Critical update comes a week ahead of Microsoft's regular Patch Tuesday, amid increased malware attacks.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Microsoft - Patch Tuesday - Malware - Patch - Business
 
Over the last 10 years 802.11 technology has made remarkable strides -- getting faster, stronger and more scalable. But one problem still haunts Wi-Fi: reliability.
 
The e-book war between Amazon and Apple has attracted the attention of the Connecticut Attorney General
 
The umbrella of security responsibilities now includes brand protection at many companies (See Brand protection: The expanding CSO portfolio for an in-depth look) and it seems like a constantly moving target. When the internet took off, organizations had to contend with scammers registering web site domains using company names for fraudulent purposes. Now similar activity is happening on the hottest forum for brand abuse--social networks.
 
For the second straight month, Microsoft's Internet Explorer browser gained ground in the usage share race, a company manager said today.
 
E-mail played a key role in popularizing the Web, but is now taking an online back seat to both social networks and online games.
 
Overall server spending in enterprises remains weak in 2010 as companies continue to look for ways to save money following the economic downturn, research firm TheInfoPro said in a study released on Monday.
 
Researchers at AVG have uncovered a botnet that has been harvesting personal information and uses the latest version of the Zeus code, underscoring the widespread use of the sophisticated malware.
 
The latest version of software that allows iPhone 4 owners to install applications not approved by Apple has been released just days after the practice was declared legal under U.S. copyright law.
 

As announced on Friday, Microsoft released an out-of-band bulletin to address the recent Shortcut/LNK exploits. As confirmed in Microsoft's announcement, various malware is now attempting to exploit this vulnerability. The vulnerability is rather easy to exploit in particular given the tools available to craft necessary shortcuts.
Clients are the main target but servers are as vulnerable and should be patched as soon as possible. Please report any issues you have with the patch !





#
Affected
Contra Indications
Known Exploits
Microsoft rating
ISC rating(*)


clients
servers





MS10-046
Vulnerability in Windows Shell (LNK/Shortcut)


Windows Shell

CVE-2010-2568
KB 2286198
actively exploited.
Severity:Critical

Exploitability: 1
PATCH NOW!
PATCH NOW!






-----

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The onslaught of unstructured digital content -- video, audio and images -- is taxing storage systems and creating the need to be able to store multi-petabytes, but current industry practices using RAID and replication to accomplish data protection are expensive at this scale.
 
Linus Torvalds releases version 2.6.35 of the Linux kernel
 
A newly launched Google site for Chinese users appears to be blocked in China just days after it went online.
 
Apple's version 5 of its Safari browser for Windows (free) debuted in June with a new Reader feature for news stories, some speed tweaks for its JavaScript engine and URL lookups, an improved address bar, and sundry nice but not earth-shattering improvements. Its most significant update, support for user-made extensions à la Firefox, won't fully bear fruit until Apple opens the doors to its in-the-works extensions gallery.
 
From a device that combines multiple broadband lines into one, to a way of backing up multiple data centers relatively easily, some of these products and services may well make your life easier.
 
Harris Corp. today announced a radio technology based on voice over IP (VoIP) that can be used globally for instant communications by small or large groups in business, public safety and other organizations.
 
A big week is ahead for the Android world. Both the Motorola Droid and the HTC EVO 4G are now set to receive Froyo over the next several days. Verizon and Motorola confirmed plans to upgrade the Droid late on Friday, just a day after Sprint announced its EVO upgrade schedule.
 
The latest version of software that allows iPhone owners to install applications not approved by Apple has been released just days after the practice was declared legal under U.S. copyright law.
 
It's still a bit rough around the edges, but the beta of Google's App Inventor lets you create mobile apps with a drag-and-drop graphical user interface.
 
Microsoft's Windows 7 reached a major milestone in July, while Apple's Mac OS X lost ground for the fourth straight month, a Web analytics firm Net Applications said Sunday.
 
It's still a bit rough around the edges, but the beta of Google's App Inventor lets you create mobile apps with a drag-and-drop graphical user interface.
 
Sometimes sticking to the status quo can actually hinder your success. Dave Willmer offers some suggestions to help you keep your career moving forward.
 
Pancetera Software today announced Pancetera Unite, a virtual appliance that consolidates backups of virtual machines, including the amount of I/O streamed to backend storage.
 

Internet Storm Center Infocon Status