InfoSec News


SYS-CON Media (press release) (blog)

F5 Friday: Is Your Infosec Motto 'Compone Accomoda Supera'?
SYS-CON Media (press release) (blog)
That's “Improvise. Adapt. Overcome.” and it should be if it isn't. The right tools can help you live up to that motto. If you Google “Zeus Trojan” you'll ...

 
Intel engaged in high-level talks with Russian officials and ultimately said it would pull research and development work from the country unless it could get around Russia's tough encryption import laws, according to a U.S. Department of State cable published by WikiLeaks.
 
You've heard about the Firesheep Firefox add-in that lets someone with virtually no hacking experience steal your identity when you visit a number of Web sites, including Facebook. Here's more bad news: Firesheep is far from the only privacy danger out there. There are plenty of powerful tools that hackers can use to steal private information from you not just specific Web sites, but wherever you are on the Web, or when you use other Internet services, such as client-based e-mail and instant messaging. The for-pay AlwaysVPN (pricing varies with bandwidth) does a great job of keeping you safe no matter what you do and where you go on the Internet.
 
Adobe Illustrator 'aires.dll' DLL Loading Arbitrary Code Execution Vulnerability
 
A Dutch journalist has launched a new search engine that indexes the content of all U.S. State Department cables published so far by WikiLeaks.
 
[ MDVSA-2010:247 ] kernel
 
WikiLeaks appears to be quickly taking steps to reduce its reliance on Internet infrastructure in the U.S. as it battles to keep secret diplomatic cables online while its new French hosting provider is seeking court protection.
 
Nvidia is looking to pack more CPU cores into mobile devices like smartphones and tablets as a way to improve performance while preserving battery life.
 
Linux Kernel EXT4 Multiple Local Denial of Service Vulnerabilities
 
Linux Kernel Ptrace (CVE-2010-3301) Local Privilege Escalation Vulnerability
 
VMware Movie Decoder VMnc Codec (CVE-2010-4294) Heap Memory Corruption Vulnerability
 
A Microsoft executive's self-described job of driving Internet Explorer 6 (IE6) into extinction will be difficult unless he can move Chinese users off the aged browser.
 
European Justice Ministers have agreed to work toward an accord with the U.S. on personal data protection. The decision was made at the Justice and Home Affairs Council on Friday.
 
The Indian government said on Friday that its security agencies are still not able to intercept and monitor in a readable format the communications made through Research In Motion's Messenger and enterprise services.
 
Android's share of the mobile OS market continues to grow at the expense of rivals like Research in Motion and Apple.
 
Often accused of being lax about copyright protection in its online services, Google is pledging to sharpen its anti-piracy policies and procedures.
 
D-Link DIR-300 WiFi Key Security Bypass Vulnerability
 
Vulnerabilities in Register Plus Redux for WordPress
 

Fox News

'Hacktivist' Jester Claims Responsibility for WikiLeaks Attack
Fox News
“I'm very confident that he took down the WikiLeaks site when he said he did,” said Michael Menefee, founder and president of Infosec Island, ...

and more »
 
The net neutrality framework FCC chairman Julius Genachowski outlined in a speech last week and which will be voted on later this month sustains many of the original goals of neutrality while giving the telcos enough to give a tentative nod of approval, all of which adds up to a meaningful step forward.
 
The CIO who doesn't collaborate is doomed. If the IT function waits until a crisis to talk to the business side, it will have a hard time finding common ground that will make it easier to solve the problem. And it will confront a lot more crises.
 
WikiLeaks appears to be quickly taking steps to reduce its reliance on Internet infrastructure in the U.S. as it battles to keep secret diplomatic cables online while its new French hosting provider is seeking court protection.
 
SAP AG SAPgui KWEdit ActiveX Control Insecure Method Remote Code Execution Vulnerability
 
Easy Travel Portal 'travelbycountry.asp' SQL Injection Vulnerability
 
I've seen a few reports that say kids these days think e-mail is passé. Heh. That may be, but for people who have actual work to do, the inbox remains the center of the universe. And I have some tricks to help you take that universe in the palm of your hand and utterly dominate it--you know, just in case e-mail doesn't go the way of the telegraph anytime soon.
 
It's late October. Steve Jobs stands center-stage at a media event billed as "Back to the Mac," in front of a crowd of journalists and analysts. The audience is looking forward to hearing some Mac news from a company that's been pretty focused on iOS lately, and the Mac-themed invitation has actually served to suppress the crowd, since iPhone- and iPad-mad reporters don't care so much about the boring old Mac.
 
People who don't work with files on a regular basis have a devil of a time remembering the keyboard shortcut for selecting multiple files. (You hold down the Ctrl key while clicking each individual file.)
 
You back up data on your computer in case it crashes, and you might install LoJack on your car to help recover it in case someone steals it--so why shouldn't you protect your Android phone? Most people carry a lot of sensitive data on their phones. If someone steals your handset or if you happen to lose it, all that personal information is suddenly not so personal anymore. Your phone is an investment, so you should safeguard your contacts, photos, texts, videos, and music.
 
For the past week-plus I've taught you a few basic things about Windows Explorer. It's a pretty important tool, and I hope you've found the lessons helpful.
 
Forrester has made a set of predictions for NAC technology in 2011
 
Palm WebOS Contacts Application HTML Injection Vulnerability
 
[eVuln.com] PHP Code Execution in Alguest
 
[eVuln.com] Cookie authentication bypass in Alguest
 
VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues
 
[security bulletin] HPSBUX02610 SSRT100341 rev.1 - HP-UX Running OpenSSL, Remote Execution of Arbitrary Code, Denial of Service (DoS)
 
A new variant of malware associated with the Zeus Trojan will double the work for those trying to block it

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
BMC Software announced Friday it has purchased GridApp Systems, maker of software tools for database provisioning, patching and management in physical and cloud deployments. Terms were not disclosed.
 
D-Link DIR-300 Multiple Security Bypass Vulnerabilities
 
Best Buy will feature free smartphones each day in December, subject to a new or upgrade activation and a two-year service agreement from one of the four major U.S. carriers.
 
Google on Thursday patched 13 vulnerabilities in Chrome as it shifted the most stable edition of the browser to version 8.
 
Multiple VMware products 'vmware-mount' Local Privilege Escalation Vulnerability
 
Verizon Wireless' planned rates for LTE data usage are either too costly or a relative bargain, depending on who is offering an opinion.
 
IT pros warn that enterprises without adequate security processes are vulnerable to insider leaks of sensitive information.
 
This holiday season's biggest gifts -- the e-readers, tablets and digital games techies and kids are clamoring for -- are the result of 40 years of innovation. We take a look back at some of the biggest breakthroughs in tech gadgets from the '70s, '80s and '90s.
 
In about 15 years, the Millennial Generation -- the "digital natives" who began entering the workforce in 2000 -- will be, more or less, in charge of their workplaces, with those who have leadership potential having moved up the corporate rungs by then.
 
Multiple VMware products 'vmware-mount' Local Privilege Escalation Vulnerability
 
WikiLeaks' main website could not be accessed on Friday through its WikiLeaks.org domain name after a subsidiary of Dynamic Network Services terminated its domain name service.
 
VMware has released some security updates.
VMSA-2010-0018

http://lists.vmware.com/pipermail/security-announce/2010/000112.html



http://www.vmware.com/security/advisories/VMSA-2010-0018.html(link is not live yet, but should be soon.)

M (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
InfoSec News: State-owned France 24 is in turmoil over boardroom 'spying' claims: http://www.guardian.co.uk/world/2010/dec/02/france24-spying-turmoil-police-hacking
By Angelique Chrisafis guardian.co.uk 2 December 2010
It was Jacques Chirac's dream: a French rolling-news channel to challenge the BBC and CNN, beaming Paris's global view into the living rooms of the world. [...]
 
InfoSec News: Hacker threat put HISD records at risk: http://www.chron.com/disp/story.mpl/metropolitan/7321902.html
By ERICKA MELLON HOUSTON CHRONICLE Dec. 2, 2010
Hundreds of thousands of students and employees in the Houston school district had their Social Security numbers and other personal data [...]
 
InfoSec News: Government Considers Selling GCHQ Security Expertise: http://www.eweekeurope.co.uk/news/government-considers-selling-gchq-security-expertise-14859
By Tom Jowitt eWEEK Europe December 2, 2010
The Government has revealed it is considering offering the security expertise of Government Communications Headquarters (GCHQ) for possible [...]
 
InfoSec News: Secunia Weekly Summary - Issue: 2010-48: ========================================================================
The Secunia Weekly Advisory Summary 2010-11-25 - 2010-12-02
This week: 69 advisories [...]
 
InfoSec News: German hackers "gained access to Lady Gaga's computer": http://www.telegraph.co.uk/news/worldnews/europe/germany/8176827/German-hackers-gained-access-to-Lady-Gagas-computer.html
By Matthew Day Telegraph.co.uk 02 Dec 2010
Two German hackers gained access to the computers of over 50 pop stars, including Justin Timberlake and Lady Gaga, in an attempt to steal unreleased songs and issue blackmail threats over intimate photographs, prosecutors have alleged.
The pair, according to German police, used nothing more than perseverance and simple invasive programmes called Trojans, which can break into private computer networks. But they are alleged to have hacked into the computers of a string of world famous stars and downloaded hundreds of documents including music, credit card details, emails and photographs.
Their haul included a picture of the American singer Kesha, reportedly naked and having sex. Prosecutors said that the two had tried to blackmail the 24-year-old singer, but no money changed hands.
Happy with their success, the duo allegedly bragged on internet forums about their ability to hack into the computers of A-list celebrities. But prosecutors believe their main goal was unreleased musical material, which can fetch high prices on the internet. They sold some of the music they had obtained.
[...]
 

Posted by InfoSec News on Dec 02

http://www.guardian.co.uk/world/2010/dec/02/france24-spying-turmoil-police-hacking

By Angelique Chrisafis
guardian.co.uk
2 December 2010

It was Jacques Chirac's dream: a French rolling-news channel to
challenge the BBC and CNN, beaming Paris's global view into the living
rooms of the world. But the beleaguered France 24 channel has instead
become a showcase for the back-stabbing, bullying and bravado that some
say dominate French workplace...
 

Posted by InfoSec News on Dec 02

http://www.chron.com/disp/story.mpl/metropolitan/7321902.html

By ERICKA MELLON
HOUSTON CHRONICLE
Dec. 2, 2010

Hundreds of thousands of students and employees in the Houston school
district had their Social Security numbers and other personal data
exposed to a suspected computer hacker, HISD officials announced
Thursday.

A criminal investigation, launched in October after district employees
noticed a security breach, has found that the...
 

Posted by InfoSec News on Dec 02

http://www.eweekeurope.co.uk/news/government-considers-selling-gchq-security-expertise-14859

By Tom Jowitt
eWEEK Europe
December 2, 2010

The Government has revealed it is considering offering the security
expertise of Government Communications Headquarters (GCHQ) for possible
sale or hire to the private sector.

Speaking to the Science and Technology Committee, the security minister
Dame Pauline Neville-Jones told MPs that ministers were...
 

Posted by InfoSec News on Dec 02

========================================================================

The Secunia Weekly Advisory Summary
2010-11-25 - 2010-12-02

This week: 69 advisories

========================================================================
Table of Contents:

1.....................................................Word From...
 

Posted by InfoSec News on Dec 02

http://www.telegraph.co.uk/news/worldnews/europe/germany/8176827/German-hackers-gained-access-to-Lady-Gagas-computer.html

By Matthew Day
Telegraph.co.uk
02 Dec 2010

Two German hackers gained access to the computers of over 50 pop stars,
including Justin Timberlake and Lady Gaga, in an attempt to steal
unreleased songs and issue blackmail threats over intimate photographs,
prosecutors have alleged.

The pair, according to German police, used...
 
ProFTPD Backdoor Unauthorized Access Vulnerability
 


Internet Storm Center Infocon Status