InfoSec News

Google is spending US$8.5 million to settle a class-action lawsuit filed over the rollout of its Google Buzz social-networking service.
 
Over the years, Windows has gotten progressively better at laptop power management--but it still doesn't tell you much about your battery.
 

3 areas where FUD needs to stop
NetworkWorld.com
Beware of what you see and hear about these topics, according to infosec veteran Jimmy Blake. By Joan Goodchild, CSO There is a new breed of animal ...

and more »
 
Google on Friday said that the Texas Attorney General's Office is conducting an antitrust review of the search giant, following a similar investigation launched in Europe earlier this year.
 
A clever spammer found a glitch in Facebook's photo upload system and used it to post thousands of unwanted Wall messages this week.
 
-- John Bambenek bambenek at gmail /dot/ com (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
For more than 20 years we have been using Layer 3 connectivity powered by dynamic routing protocols to route traffic between data centers, but adoption of virtualization and geo-clustering technologies is forcing us to re-examine our data center interconnect (DCI) models.
 
Hewlett-Packard swooped in with the better bid to overtake Dell and win 3Par, so now we can all sit back and wait for the next acquisition battle to roll around. Meanwhile, Apple debuted updated iPods and Apple TV to entertain us, among other IT news stories of the week.
 
A Nigerian advance-fee scammer, Okpako Diamreyan, has been sentenced to 12 years in prison by a federal judge.
 
The inside of the new Apple TV likely resembles the interior of the iPod Touch, a move that allowed Apple to dramatically cut costs, a Canadian research company said today.
 
As people spend more time online with their phones and as smartphone technology improves, users continually expect better performance from their mobile Web browsers. Dolphin Browser HD (for Android 2.0 and above; use Dolphin Browser for earlier Android versions) very nearly provides desktop-quality browsing optimized for a pocketable device.
 
The wrangling over net neutrality deserves an opera. Gibbs obliges.
 
Armin Van Buuren is one of the world's most well-known trance music DJs. He also apparently has had his credit card details stolen.
 
The U.S. and Canadian governments this week said that Toshiba is voluntarily recalling some Satellite laptops for posing a burn hazard to customers.
 
After recent settlements by Hewlett-Packard and EMC in a long-standing government contracting fraud case, three major IT and consulting companies are still embroiled in lawsuits brought by two former insiders.
 

Symantec's “Hack Is Wack,” And Cybersecurity's Most Embarassing Marketing ...
Forbes (blog)
Even infosec vocabulary–words like “cyber,” “hacker,” “spam,” and “computer virus”–seem like frozen relics of the late 1990s. Now Symantec, with the bizarre ...

and more »
 
A critical bug in QuickTime was reported to Apple two months before a second researcher independently revealed the vulnerability this week, the director of a bug bounty program said Friday.
 
Twitter's mobile user base has spiked 62% since mid-April, thanks in great part to the release of official Twitter applications for iPhone, Android and BlackBerry phones.
 
The latest beta version of Skype offers the ability to do group video calls with up to 10 people.
 
Secunia has updated its Personal Software Inspector (PSI) with the ability to silently download and apply patches from multiple vendors soon after their release. PSI 2.0 is now available in an open beta test.
 
Consumer Watchdog, a group that has been a sharp critic of Google's privacy practices in the past, is at it again.
 
Techies share their most noteworthy IT experiences in InfoWorld's Off the Record blog
 
If you're still waiting for Android 2.2 -- or aren't going to get it -- here are 5 ways to get the same features without the upgrade.
 
Nvidia on Friday announced seven new GeForce 400M series graphics cards for laptops, which could provide parallel-processing capabilities to accelerate Web browsing and 3D image rendering.
 
The market for enterprise disk storage systems grew strongly in the second quarter, continuing to recover from a slump brought on by the economic slowdown of 2008 and 2009, research company IDC said on Friday.
 
A technical problem kept an undetermined number of Windows Live Hotmail users locked out of their e-mail accounts for hours on Thursday.
 
With faster processors and updated graphics, Apple's new 27-in. iMac delivers 'everything I could want from a modern computer,' says Michael deAgonia.
 
InfoSec News: Cross-subdomain Session Fixation: http://blog.skeptikal.org/2010/09/cross-subdomain-session-fixation.html
By Mike Bailey skeptikal.org September 2, 2010
Last fall I wrote a bit about cross-subdomain cookie attacks. As often as I come across more uses for them, I think that they are a much more [...]
 
InfoSec News: Snoop Dogg joins cybercrime fight because 'hack is wack': http://gcn.com/articles/2010/09/02/hack-is-wack-with-snoop-dogg.aspx
By Michael Hardy GCN.com Sept 02, 2010
Hack is wack, fo' shizzle.
Ready to show off your mad freestyle rap skillz? Snoop Dogg and Symantec's Norton are teaming up to sponsor a video contest for raps [...]
 
InfoSec News: Botnet takedown may yield valuable data: http://www.computerworld.com/s/article/9183299/Botnet_takedown_may_yield_valuable_data
By Jeremy Kirk IDG News Service September 2, 2010
Researchers are hoping to get a better insight on botnets after taking down part of Pushdo, one of the top five networks of hacked computers [...]
 
InfoSec News: Russian Trojan blamed for credit card losses at US diner: http://news.techworld.com/security/3237726/russian-trojan-blamed-for-credit-card-losses-at-us-diner/
By John E Dunn Techworld 01 September 10
Hundreds of lunchtime customers of a diner in the US city of Memphis are believed to have had funds stolen from their debit and credit cards [...]
 
InfoSec News: Secunia Weekly Summary - Issue: 2010-35: ========================================================================
The Secunia Weekly Advisory Summary 2010-08-26 - 2010-09-02
This week: 82 advisories [...]
 
InfoSec News: News of the World faces fresh phone hacking charge: http://www.guardian.co.uk/media/2010/sep/02/news-of-the-world-phone-hacking
By Nick Davies, Vikram Dodd and Nicholas Watt guardian.co.uk September 2010
The government tonight came under pressure to set up a judicial inquiry into the phone hacking scandal at the News of the World after the paper confirmed that it has suspended a journalist while it investigates new allegations of the unlawful interception of voicemail.
The prime minister's media adviser, Andy Coulson, has denied a report in the New York Times which claimed he freely discussed the use of unlawful news-gathering techniques when he was editing the paper and "actively encouraged" a named reporter to engage in illegal interception of voicemail messages. Coulson has always denied knowing of any illegal activity by his journalists.
Scotland Yard, too, found itself in the firing line after the New York Times quoted unnamed detectives alleging they had cut short their investigation because of their close relationship with the News of the World. A group of four public figures, including former deputy prime minister John Prescott, is poised to sue police over a failure to warn them they had been targeted by the private investigator at the centre of the scandal, Glenn Mulcaire.
The Guardian has learned that the Metropolitan police commissioner at the time of the original investigation, Sir Ian Blair, was among those whose names were found in material seized from Mulcaire, raising questions about whether officers who were directly involved in the investigation had discovered that they, too, had been targets of the newspaper. It is understood Blair was assured at the time that his phone had not been hacked.
[...]
 
InfoSec News: Russian government email servers hacked: http://www.mn.ru/society/20100824/188002181.html
By Evgeniya Chaykovskaya The Moscow Times 24/08/2010
On Monday it turned out that the Federal Service of Protection (FSO) is not that good at protecting its own privacy. Yesterday internet forums [...]
 
InfoSec News: DARPA Soliciting Bids On Insider Threat Prevention: http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=227300041
By Elizabeth Montalbano InformationWeek September 2, 2010
The Defense Advanced Research Projects Agency (DARPA) has launched a new program aimed at quickly finding and stopping insiders from trying to [...]
 
Organizers of a recent Defcon social engineering contest will release their results next week. One conclusion is that women did well in protecting corporate secrets.
 

Posted by InfoSec News on Sep 02

http://blog.skeptikal.org/2010/09/cross-subdomain-session-fixation.html

By Mike Bailey
skeptikal.org
September 2, 2010

Last fall I wrote a bit about cross-subdomain cookie attacks. As often
as I come across more uses for them, I think that they are a much more
serious issue than most people (myself included) have made them sound.
Today, I came across a variant which I'd theorized about in the past,
but never bothered to find in the wild,...
 

Posted by InfoSec News on Sep 02

http://gcn.com/articles/2010/09/02/hack-is-wack-with-snoop-dogg.aspx

By Michael Hardy
GCN.com
Sept 02, 2010

Hack is wack, fo' shizzle.

Ready to show off your mad freestyle rap skillz? Snoop Dogg and
Symantec's Norton are teaming up to sponsor a video contest for raps
about hacking, identity theft and computer viruses.

Yes, that Snoop Dogg. Yes, that Norton. Fo' realz y'all.

The contest is open now at www.hackiswack.com, and the deadline is...
 

Posted by InfoSec News on Sep 02

http://www.computerworld.com/s/article/9183299/Botnet_takedown_may_yield_valuable_data

By Jeremy Kirk
IDG News Service
September 2, 2010

Researchers are hoping to get a better insight on botnets after taking
down part of Pushdo, one of the top five networks of hacked computers
responsible for most of the world's spam.

Thorsten Holz, an assistant professor of computer science at
Ruhr-University in Bochum, Germany, said his group is working...
 

Posted by InfoSec News on Sep 02

http://news.techworld.com/security/3237726/russian-trojan-blamed-for-credit-card-losses-at-us-diner/

By John E Dunn
Techworld
01 September 10

Hundreds of lunchtime customers of a diner in the US city of Memphis are
believed to have had funds stolen from their debit and credit cards
after PCs at the venue became infected with malware.

Large numbers of customers reported having had funds taken after using
Jason’s Deli in recent weeks,...
 

Posted by InfoSec News on Sep 02

========================================================================

The Secunia Weekly Advisory Summary
2010-08-26 - 2010-09-02

This week: 82 advisories

========================================================================
Table of Contents:

1.....................................................Word From...
 

Posted by InfoSec News on Sep 02

http://www.guardian.co.uk/media/2010/sep/02/news-of-the-world-phone-hacking

By Nick Davies, Vikram Dodd and Nicholas Watt
guardian.co.uk
September 2010

The government tonight came under pressure to set up a judicial inquiry
into the phone hacking scandal at the News of the World after the paper
confirmed that it has suspended a journalist while it investigates new
allegations of the unlawful interception of voicemail.

The prime minister's...
 

Posted by InfoSec News on Sep 02

http://www.mn.ru/society/20100824/188002181.html

By Evgeniya Chaykovskaya
The Moscow Times
24/08/2010

On Monday it turned out that the Federal Service of Protection (FSO) is
not that good at protecting its own privacy. Yesterday internet forums
were bubbling with information about a hack into the FSO internal email
system.

The attack was aimed at an email server of one of the services’
departments, the FSO’s official representatives...
 

Posted by InfoSec News on Sep 02

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=227300041

By Elizabeth Montalbano
InformationWeek
September 2, 2010

The Defense Advanced Research Projects Agency (DARPA) has launched a new
program aimed at quickly finding and stopping insiders from trying to
steal information from Department of Defense (DoD) computer networks for
use against the federal government.

To develop its Cyber Insider Threat...
 

Internet Storm Center Infocon Status