InfoSec News

A strongly worded order by a California judge saying Oracle has to keep porting its software to Itanium-based Hewlett=Packard servers is not the end of the nasty legal battle between the two companies, but it could have an effect on the broader IT industry.
Yammer is adding functionality to its cloud-based enterprise social networking (ESN) software that lets organizations gauge the types of emotions expressed in employee posts.
U.S. drivers seem to hold conflicting opinions on in-car Internet access, viewing the technology as a driving hazard and even a threat to privacy while praising the entertainment and safety features it offers.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
SAP has agreed to pay Oracle US$306 million in connection with the corporate-theft case that Oracle filed against it and a former SAP subsidiary in 2007, according to a filing made Thursday in the U.S. District Court for the Northern District of California.
Drupal Core Path Disclosure Vulnerability
HP Operations Agent Multiple Remote Code Execution Vulnerabilities
IcedTea-Web Multiple Arbitrary Code Execution Vulnerabilities
PHP PDO Memory Access Violation Denial of Service Vulnerability
What made Microsoft want to spend more than $1 billion for the social networking company? It could be because Yammer successfully marketed its business virally, offering a basic service for free and then convincing customers to pay for additional features.
Researchers at the Massachusetts Institute of Technology have figured out a way of helping developers more easily rearrange their image processing code so that it could execute faster and use fewer computational resources.
Oracle Thursday held the first of nearly 100 Cloud Builder Summit events scheduled for locations across the globe between now and December.
AT&T plans to acquire NextWave Wireless, a holder of spectrum that could be used for mobile data services, for about US$650 million.
As their company's stock continued to slump, Facebook executives had to face not one but two other pieces of tough news this week.
A new 4G BlackBerry PlayBook will go on sale next week, a year after Research In Motion introduced its first tablet.
Anti-malware vendor Webroot has bet the company on cloud.
Oracle Outside In Technology CVE-2012-1773 Remote Code Execution Vulnerability
IBM Eclipse Help System Multiple Security Vulnerabilities
Oracle Outside In Technology CVE-2012-3108 Remote Code Execution Vulnerability
AT&T plans to acquire NextWave Wireless, a holder of spectrum that could be used for mobile data services, for about US$650 million.
The U.S. Senate on Thursday failed to end debate on a comprehensive cybersecurity bill, pushing action on the bill into September and potentially killing it.
Name: Darren Platt
With Microsoft's new Outlook.com free email service getting so much attention, will Google and Yahoo need to update their own email offerings before they start to lose users?
Cybersecurity policy should encourage bug fixes instead of simply recording and reporting attacks, software security expert Gary McGraw explains.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
My ROP mitigation
Fusion-io unveiled software that allows servers with its PCIe flash cards installed to be clustered to create a single, shared pool of high-performance storage capacity.
Apple sold more PCs worldwide last quarter -- 21 million -- than any rival, retaking the lead it lost the quarter before, U.K.-based Canalys said yesterday.
LibreOffice and OpenOffice Multiple Heap Based Buffer Overflow Vulnerabilities
QEMU CVE-2012-2652 Insecure Temporary File Creation Vulnerability
[security bulletin] HPSBMU02796 SSRT100594 rev.3 - HP Operations Agent and HP Performance Agent for AIX, HP-UX, Linux, Solaris and Windows, Remote Execution of Arbitrary Code
Kaspersky Password Manager - Software Filter Vulnerability
Tekno.Portal v0.1b 'link.php' Blind SQL Injection Vulnerability
[ MDVSA-2012:121 ] libjpeg-turbo
Opera Web Browser Prior to 11.64 Remote Code Execution Vulnerability
The Home Depot says its rollout of a PayPal in-store payment system to 1,976 U.S. stores in March has generally been a success -- but the system still accounts for a very small percentage of transactions.
Version 12.01 of the Opera web browser closes a number of security vulnerabilities, one of which is rated as critical and could be exploited by an attacker to execute arbitrary code on a victim's system


Help Net Security

Infosec student pleads guilty to online coupon scam
Help Net Security
Infosec student pleads guilty to online coupon scam. Posted on 02 August 2012. Bookmark and Share. Lucas Henderson, the 22-year-old former computer security student who was arrested in May 2011 for posting counterfeited coupons online, has plead ...

and more »
IT service providers in north and west India were largely unaffected by blackouts that hit 600 million people. But the threat of global power shortages means you should take steps to ensure you're protected -- regardless of where your outsourcing provider is located.
Opera released version 12.01 which contains some recommended security updates. Information regarding security and stability enhancements for the various version are available here: Windows changelog, Mac changelog, Unix changelog.
[1] http://www.opera.com/docs/changelogs/windows/1201/

[2] http://www.opera.com/docs/changelogs/mac/1201/

[3] http://www.opera.com/docs/changelogs/unix/1201/

[4] https://ssl.opera.com:8062/desktopteam/blog/2012/08/01/opera-12-01-security-and-stability-release
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Oracle Sun Products Suite CVE-2012-3124 Remote Solaris Vulnerability
Oracle Sun Products Suite CVE-2012-3121 Remote Solaris Vulnerability
Moodle Multiple Security Vulnerabilities
Nokia is updating its Maps application with integrated Groupon deals and a route planner, as the company tries to find ways to differentiate its smartphones from the competition.
Version 3.5.0 of the open source network access control (NAC) system adds a new configuration interface aimed at making it easier to install and configure new installations of PacketFence

Google's Chrome lost usage share for the fifth time in the last seven months, while Mozilla's Firefox gained share for the second consecutive month, a Web measurement company said Wednesday.
Apple has requested a court in California to sanction Samsung Electronics in a patent infringement dispute by granting judgment in favor of Apple, after the South Korean company released to the press documents including exhibits that were not allowed as evidence in the suit.
In the era of big data, good old RDBMS is no longer the right tool for many database jobs. Here's a quick guide to choosing among NoSQL alternatives
Japanese display maker Sharp said Thursday it is ramping up production of a screen technology rumored to be favored by Apple for its new devices, even as its yearly outlook plunged toward another large fiscal loss.
A U.S. appeals court on Wednesday reversed an order by the U.S. International Trade Commission that ruled that Nokia did not infringe two wireless cellular patents of InterDigital Technology Corporation.
Nokia's Lumia smartphones struggled to lift the Finnish handset provider's market share in China, while domestic vendors ZTE, Huawei Technologies and Lenovo overtook Apple in smartphone shipments in the second quarter, according to research firm Canalys.
Samsung Electronics has started producing new smartphone and tablet flash storage chips, which the company said is four times faster than its predecessors.
A new security project is monitoring in real time the price of stolen credit-card data sold in underground forums, which may eventually reveal emerging cybercrime trends.
Huawei Technologies said on Thursday it was verifying claims that its routers contained critical vulnerabilities, after security researchers disclosed alleged problems last weekend.
Cloud computing and virtualization are redefining the role of the systems administrator. Here's how smart sysadmins are staying ahead out of the wave.
Previous versions of the open source LibreOffice productivity suite are vulnerable to multiple buffer overflows that could be exploited by an attacker to compromise a victim's system and execute arbitrary code

A vulnerability in NVIDIA's proprietary graphics driver for Linux has been publicised. The hole allows an attacker to gain root access by manipulating the position of a VGA window in RAM

Internet Storm Center Infocon Status