InfoSec News

AT&T said on Wednesday that it will allow tethering of multiple devices to Apple's iPhone, and add a 2GB data allowance to the $20-per-month service.
 
Some PC makers are halting sales of PCs with Sandy Bridge processors as they try to work out issues related to Intel's faulty chipset, companies said on Wednesday.
 
When involved in a spat over allegations of unauthorized copying or misappropriation of content and ideas, Google -- fairly or not -- usually plays the villain, accused of parasitically overstepping boundaries to profit from someone else's work.
 
Oracle Sun Solaris 10 CVE-2010-4433 Remote Security Vulnerability
 
Open Handset Alliance Android Local Privilege Escalation Vulnerability
 
VLC Media Player Subtitle 'StripTags()' Function Memory Corruption Vulnerability
 
Egyptian networks are now being announced on BGP which has lead to a number of Egyptianweb sites being available again.
Reported at the web site BGPmon[1], over 2800 BGP announcements for Egyptian networks have returned.
Whether full internet services to and from Egypt will return and stayaccessableremains to be seen over the coming days and weeks.
[1] http://www.bgpmon.com/blog/?p=480
Chris Mohan --- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Tandberg C Series Endpoints and E/EX Personal Video units that are running software versions prior to TC4.0.0 ship with a root administrator account that is enabled by default with no password.
Cisco advise that all customers set the password on these devices to secure them.
Ciscoadvisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20110202-tandberg.shtml.
Chris Mohan --- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The great tease is over: Today, here at its headquarters in Mountain View, Calif., Google showed off Android 3.0, a tablet-friendly operating system also known as Honeycomb.
 
The scoop: Lenovo ideaPad U260, by Lenovo, starts at $900.
 
Announced on Wednesday, The Daily was touted by its creators at News Corp. as a rethinking of journalism for a new audience and new technology. There's just one problem with the hype: Rupert Murdoch's new iPad newspaper closely resembles other--often unsuccessful--attempts over the last decade to "reinvent" the news. The only difference, from a user perspective, is that a few semi-new digital flourishes have been thrown into the mix.
 
The U.S. government needs to focus more on competitiveness, the CEOs of Dell and IBM said Wednesday at a Center for Strategic and International Studies event.
 
The CompTIA Educational Foundation has created a council charged with convincing more women to become IT professionals.
 
News Corp. on Wednesday took the wraps off The Daily, its national news publication built specifically for the iPad. The media giant is touting its new offering as the first national daily news publication built from the ground up for Apple's tablet.
 
Apple today said it would begin taking pre-orders for the Verizon iPhone 4 from the general public on Feb. 9, just one day before the smartphone goes on sale at retail.
 
The government of Marin County, Calif., is suing two SAP subsidiaries and Deloitte Consulting, alleging they "engaged in a pattern of racketeering activity designed to defraud the County of more than $20 million."
 
Version 11 of Opera Software's proudly independent browser has a few of the gently oddball developments that made its predecessors stand out from the pack. But it's also added a few more conventional features that help close the performance gap with its rivals.
 
Google on Wednesday introduced a new Android Market Web store and said in-app purchasing is coming soon.
 
Reader Tony Moon has been having occasional problems with the Netflix app on his iPad. He writes:
 
Egyptian Web sites that have been unreachable for days began to reappear Wednesday.
 
Egypt returned to the Internet earlier today by reversing the "kill switch" move it made last week when it withdrew router announcements, experts said.
 
Facebook has quietly fixed a vulnerability discovered recently by two student researchers that allowed malicious websites to access a Facebook user's private data without permission and post malicious links onto their profile.
 
Xinha 'mode' Parameter Cross Site Scripting Vulnerability
 
Xinha Multiple Remote Arbitrary File Upload Vulnerabilities
 

The charitable state of infosec
CSO (blog)
by CSO, Salted Hash – IT security news analysis, over easy! The hacker community raised a lot of money for two worthy causes this past weekend. ...

 

Symplified CEO Eric Olden to Discuss the State Of Cloud Security at America's ...
Bradenton Herald
Eric Olden is the founder, CEO and Chairman of Symplified, the Cloud Security Company. He is a thought leader in identity management and the visionary ...

and more »
 
IT executives at Chevron and TD Bank are testing whether tablets like Apple's iPad and the upcoming BlackBerry PlayBook can be used to improve workflow processes in their companies.
 
Open Handset Alliance Android 'data/WorkingMessage.java' Information Disclosure Vulnerability
 

Symplified CEO Eric Olden to Discuss the State Of Cloud Security at America's ...
Business Wire (press release)
Eric Olden is the founder, CEO and Chairman of Symplified, the Cloud Security Company. He is a thought leader in identity management and the visionary ...

and more »
 
Microsoft has released an HTML5 video-player extension for the Chrome browser to counteract Google's decision to drop support for the most widely used HTML5 video format.
 
If the European Commission has its way, all air travelers regardless of nationality will have to give their personal details to national authorities when they fly in or out of the European Union.
 
Will your next computer be a tablet? Android 3.0 'Honeycomb,' designed for tablets and expected to be launched today, promises to fuel some compelling iPad rivals. Is there an Android tablet in your future?
 
News Corp. on Wednesday took the wraps off The Daily, its national news publication built specifically for the iPad. The media giant is touting its new offering as the first national daily news publication built from the ground up for Apple's tablet.
 
Carnival Cruise Lines is nearing the end of a two-and-a-half year project to change its entire storage infrastructure from traditional Fibre Channel to Ethernet-based iSCSI, and estimates it will save 60% of what it formerly paid as a total cost of ownership upwards of $1 million.
 
Multiple TIBCO Products Unspecified Local Privilege Escalation Vulnerability
 
Cisco Security Advisory: Default Credentials for Root Account on Tandberg E, EX and C Series Endpoints
 
Mac OS X gained share last month by the largest amount since March 2010, while iOS, the operating system that powers the iPhone and iPad, passed 2% for the first time, a Web metrics vendor said Tuesday.
 
T-Mobile USA today said the Galaxy S 4G smartphone will ship this month and offered more details on its G-Slate tablet by LG, which will have an 8.9-in. 3D-capable display when it ships this spring.
 
In the course of scores of conversations about security, I have regularly elicited a gobsmacked silence with a simple question: "How do you reliably secure access from an untrusted computer?"
 
FUSE fusermount Multiple Unmounting Security Vulnerabilities
 
[USN-1055-1] OpenJDK vulnerabilities
 
We have gotten reports of a phish group which may reside in Indonesia compromising large numbers of web servers. There isn't a lot of detail so far. One interesting facet is that the phish usually goes live on a Friday, probably in an attempt to maximize response time.
Each compromised site typically hosts phishing pages for multiple banks.
Many of the sites appear to have outdated versions of OS Commerce installed which is a likely source of the compromise.
If you have any logs willing to share: Please send them in via our contact form. We are trying to determine the exact entry vector (is it OS Commerce or something else?), maybe any tools used to achieve the compromise and anything else left behind besides the phishing pages.
https://isc.sans.edu/contact.html

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The Waledac botnet, crippled by legal action from Microsoft and covert infiltration by security researchers just a year ago, appears poised for a big comeback.
 
The shift to cloud computing offers an opportunity to better secure the national digital infrastructure by concentrating the burden of cyber security among a relatively small number of service providers, says a foreign policy think tank.
 
[USN-1054-1] Linux kernel vulnerabilities
 
fix for Nvidia CUDA drivers security breach
 
Plone CVE-2011-0720 Remote Security Bypass Vulnerability
 

HITRUST Announces InfoSec Award Winners for 2010
Business Wire (press release)
The InfoSec Awards recognize organizations and individuals that have demonstrated outstanding contributions to the advancement of information security in ...

and more »
 
Microsoft co-founder Bill Gates is increasing his foundation's commitment to the fight against polio, as the disease increasingly appears on the verge of eradication.
 
EC-CUBE CVE-2011-0451 Multiple Cross Site Scripting Vulnerabilities
 
Egyptian Web sites that have been unreachable for days began to reappear Wednesday.
 
From troubleshooting DNS queries and misbehaving network applications to keeping your configurations and passwords organized, these free open source tools have you covered
 
Dell is offering a pair of servers that can run workloads designed for Amazon Web Services.
 
Terminal Server Client '.rdp' File Processing Remote Denial of Service Vulnerability
 
Raja Natarajan Guestbook 'lang' Parameter Local File Include Vulnerability
 
Many prospective customers are mulling whether to buy a Verizon iPhone 4 or wait for the enhanced iPhone 5, which is due this summer. Here are some factors to consider.
 
Egyptian websites that have been unreachable for days began to reappear Wednesday.
 
Before Egypt turned off the Internet, the country had received increasingly high marks from leading analysis firms as a promising offshore outsourcing destination, despite the nation's political risk.
 

Posted by InfoSec News on Feb 02

http://www.washingtonian.com/blogarticles/people/capitalcomment/18158.html

By Shane Harris
Capital Comment Blog
Washingtonian
01/28/2011

While the candid characterizations of foreign leaders by diplomats
(“thin-skinned” Nicolas Sarkozy,“corrupt” Vladimir Putin) have received
much of the attention from the recent WikiLeaks document dump, hidden in
the flood of cables are behind-the-scenes dramas involving Washington
power players....
 

Posted by InfoSec News on Feb 02

http://www.theregister.co.uk/2011/02/02/waledac_account_compromise/

By Dan Goodin in San Francisco
The Register
2nd February 2011

Researchers have taken a peek inside the recently refurbished Waledac
botnet, and what they've found isn't pretty.

Waledac, a successor to the once-formidable Storm botnet, has passwords
for almost 500,000 Pop3 email accounts, allowing spam to be sent through
SMTP servers, according to findings published on...
 

Posted by InfoSec News on Feb 02

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=229200206

By Elizabeth Montalbano
InformationWeek
February 1, 2011

Insider threats, botnets and malware, and research to support the
Comprehensive National Cyber Initiative (CNCI) are among areas of
cybersecurity investment the Department of Homeland Security (DHS) will
make in fiscal year 2011.

The DHS Science and Technology Homeland Security Advanced...
 

Posted by InfoSec News on Feb 02

http://www.bakersfield.com/news/local/x1818937321/Bertram-computer-hacking-trial-set-for-April

BY JAMES BURGER
Californian staff writer
Bakersfield.com
Feb 01 2011

Martin Bertram, who lost his bid for a Bakersfield City Council seat in
November, is scheduled to go on trial in April on charges he illegally
took private campaign data from the computers of former Kern High School
District Trustee and Assembly candidate Ken Mettler.

The charge...
 

Posted by InfoSec News on Feb 02

Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>

I am writing to remind you that the paper submission deadline for the
20th USENIX Security Symposium (USENIX Security '11) is quickly
approaching. Please submit your work by Thursday, February 10, 2011,
at 11:59 p.m. PST.

http://www.usenix.org/sec11/cfpb/

The USENIX Security Symposium brings together researchers,
practitioners, system administrators, system programmers, and others...
 
Egyptian websites that have been unreachable for days began to reappear Wednesday.
 
TCExam 'user_password' Parameter Cross Site Scripting Vulnerability
 


Internet Storm Center Infocon Status