InfoSec News

Apple and Verizon late Thursday halted pre-orders of the iPhone, indicating that the companies have exhausted the inventories they had set aside for existing customers of the carrier.
 
Java and Java Applets are featuring prominently on my annoyances list this year. There are vulnerabilities aplenty, and incompatibilities keep many a firm or university from applying the patches. We've covered these to some extent.
The latest incarnation of annoyance though is commercial software applets that are signed with an expired certificate. Dear vendors, if your release is supported until 2013, it is a bad idea to sign the code of said release with a cert that expires in December 2010. And it is an even worse idea to suggest to clients who open a ticket that they should just tell their users to click yes on the certificate warning until a patch can be provided.
The Original Sin of certificate handling in Java and Web Browsers alike?
The oh, connect anyway button.
I sure wish it simply weren't there.
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Gibbs ponders mobile devices and concludes that enterprises are in serious trouble.
 
SAP will ask a California court to reduce the US$1.3 billion jury award it was hit with last November in Oracle's TomorrowNow lawsuit against the company, SAP said Thursday.
 
While Verizon's mobile data throttling move has been criticized by users, analysts have defended the change -- announced a week before the release of the Verizon iPhone -- for trying to avoid the problems AT&T faced with Apple's data-hungry smartphone. Is Verizon's move fair?
 

HITRUST Announces InfoSec Award Winners for 2010
Citybizlist (press release)
The InfoSec Awards recognize organizations and individuals that have demonstrated outstanding contributions to the advancement of information security in ...

 
Customers reacted with outrage at a Verizon Wireless warning that it will throttle back network speeds for the top 5% of customers consuming mobile network data data.
 
The Dell Vostro V130 is the latest model in the company's Vostro lineup, joining such earlier entrants as the Vostra 3300 and the Vostra V13. With its snazzy anodized aluminum case, thin profile (a hair over 0.75 inch at its thickest) and widescreen 13.3-inch LED-backlit display, the Vostro V130 covers pretty much all the style bases for a contemporary ultraportable. And a respectable audio system makes it a good choice for multimedia presentations on the road.
 
PHP 'php_filter_validate_email()' Function Denial of Service Vulnerability
 
Lenovo on Thursday said it would stop shipments of its latest IdeaPad laptops and IdeaCentre desktops in the wake of Intel's revelation of a flaw in the Sandy Bridge chipset design.
 
Cisco Systems has thrown its weight behind OpenStack, the open-source cloud infrastructure platform developed jointly by NASA and managed service provider Rackspace Hosting.
 
AT&T said it will start taking pre-orders of the Motorola Atrix 4G smartphone on Feb. 13, with the carrier selling the Android 2.2 device for $199.99 with a two-year agreement.
 
This year's survey finds law firms still tops.
 
Microsoft today said it will issue 12 security updates next week to patch 22 vulnerabilities in IE, Windows, its Internet server and Visio, the company's data diagramming tool.
 
In its advance notification, Microsoft said it would issue 12 bulletins, three critical, addressing holes in Windows, Internet Explorer, Office, Visual Studio and IIS.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Some Verizon customers had problems earlier today placing their pre-orders for Apple's iPhone 4, according to threads on the carrier's support forum.
 
The Egyptian government's order to shut down the Internet backfired, an activist says.
 
The chairman of Asustek Computer, Jonney Shih, discusses his company's response to the iPad and cloud computing in this interview with the IDG News Service.
 
The Internet Assigned Numbers Authority (IANA) has handed out its last IPv4 addresses, leaving the remaining blocks to regional registries that in some cases may exhaust them within a few months.
 
A cybersecurity proposal wouldn't allow the U.S. president to shut down the Internet, as has happened in Egypt.
 
There's nothing subtle about Oxio's Retrostriper LTB-1041 Laptop Brief for 15-inch laptops. Most of the bag is the kind of bright orange you might wear to avoid being shot by hunters. Yet somehow, Oxio has managed to make the look work by complimenting the bold color with smartly designed accents.
 
Verizon Wireless today warned new customers that it will throttle back data speeds on users who hog network bandwidth, a move apparently timed with the Feb. 10 carrier's launch of the iPhone 4.
 
This week, readers weigh in on contentious issues such as Americans vs. immigrants, young workers vs. experienced, and iPhone vs. Android.
 
Replacing faxes and snail mail, health-care facilities and state agencies have implemented a federal pilot program that shares patient information over the Internet in order to improve patient care and track public health trends.
 
The ease with which cloud computing services can be deployed heightens the security and management risks, according to a National Institute of Standards and Technology report.
 
The chairman of Asustek Computer, Jonney Shih, discusses his company's response to the iPad and cloud computing in this interview with the IDG News Service.
 
Researchers at security firm, Last Line of Defense, have discovered a cache of hundreds of thousands of stolen email credentials and FTP passwords.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
New York prosecutors indicted 27 people on Wednesday as part of a crime ring that bought Apple iPods, iPads and other products with stolen credit card information for resale in the criminal underground.
 
The Internet Assigned Numbers Authority (IANA) has handed out its last IPv4 addresses, leaving the remaining blocks to regional registries that in some cases may exhaust them within a few months.
 
Two-year-old Hearsay is launching a cloud-hosted social media management application tailored specifically for companies with a national brand and a broad base of local affiliates.
 
Jou Baur asked how to stop Microsoft Word from blocking macros.
 
HTB22802: XSS in Podcast Generator
 
HTB22806: SQL Injection in ReOS
 
HTB22808: Local File Inclusion in ReOS
 
HTB22800: Path disclosure in Podcast Generator
 
Yahoo Labs has formed a team to improve the targeting and effectiveness of online advertising, the company said Thursday.
 
SigPlus Pro ActiveX Control Multiple Vulnerabilities
 
Majordomo 2 'help' Command Directory Traversal Vulnerability
 
The rumored combination of two pieces of advanced online banking malware appears to be fully underway after several months of speculation.
 
What's the fastest 4G network? Real-world speed tests in and around New York City show a clear winner.
 
Google will pay $20,000 to the first researcher who successfully exploits its Chrome browser at this year's Pwn2Own hacking contest.
 
What's the fastest 4G network? Real-world speed tests in and around New York City show a clear winner.
 
The Egyptian government's five-day block of Internet services cost the national economy at least $90 million, the Organization for Economic Cooperation and Development (OECD) said Thursday.
 
A 27-year-old California man pleaded guilty Wednesday to charges that he tried to coerce a 14-year-old girl into sending him pornographic videos by threatening to publicize sexually explicit pictures of her that he'd dug up.
 
FTPGetter 'PASV' Command Remote Stack Buffer Overflow Vulnerability
 
Stiff price competition in the flat-screen TV market and the strong Japanese yen hurt profits at Sony in the last three months of 2010, the company said Thursday.
 

Posted by InfoSec News on Feb 03

http://www.networkworld.com/news/2011/020211-cloud-services-cyber-security.html

By Tim Greene
Network World
February 02, 2011

The shift to cloud computing offers an opportunity to better secure the
national digital infrastructure by concentrating the burden of cyber
security among a relatively small number of service providers rather
than thousands of individual businesses, according to a report by a
foreign policy think tank.

"Cloud...
 

Posted by InfoSec News on Feb 03

http://www.theregister.co.uk/2011/01/31/ligatt_security_subpoena_quashed/

[A little more on Gregory D. Evans / LIGATT Security as it seems there's
never a dull moment with this saga. It appears Greg Evans' Twitter
account was hacked with this message. 'It's my birthday, so I thought
I'd "air" on the side of transparency: http://pastebin.com/raw.php?i=3k8jrMJn ' - WK]

[...]...
 

Posted by InfoSec News on Feb 02

http://www.darkreading.com/security/security-management/229200293/csos-at-a-crossroads.html

By Kelly Jackson Higgins
Darkreading
Feb 02, 2011

A sign of the times for the chief security officer (CSO): In some
organizations, CSOs now report either directly to the CEO, board of
directors, chief financial officer, or legal and risk assessment groups.

It should come as no surprise that the CSO's job description is changing
as security has...
 

Posted by InfoSec News on Feb 02

http://www.allfacebook.com/hacker-steals-12-million-in-zynga-poker-chips-2011-02

By Gregory Pleshaw
All Facebook
February 2nd, 2011

A hacker in Devonshire, England pled guilty to stealing an alleged $12
million in online poker chips from Zygna’s Texas Hold ‘Em on Facebook,
and he faces possible jail time.

In in Exeter Crown Court, presided over Judge Philip Wassal, 29-year-old
Ashley Mitchell admitted hacking into the online account of...
 

Posted by InfoSec News on Feb 02

http://www.independent.co.uk/news/uk/crime/news-of-the-world-hacked-phones-to-steal-stories-from-rivals-2202666.html

By Cahal Milmoand Martin Hickman
The Independent
3 February 2011

Phone hacking was allegedly used by the News of the World to obtain a
story which rival titles had already obtained via the more traditional
Fleet Street tactic of a paid-for "kiss and tell", according to newly
disclosed High Court documents.

Lawyers...
 


Internet Storm Center Infocon Status