InfoSec News

A security patch was released for BIND 9.9.2. The patch addresses 26 different bugs and/or security issues. Update your bind DNS server to version 9.9.2-P1.

Updates can be downloaded here: http://www.isc.org/downloads/all

More information is available here: https://kb.isc.org/article/AA-0082
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
EMC plans to sell flash storage for use across data centers and is developing software to tie all those components together.


South Carolina Inspector General: Centralize Security
As a result of a breach of the state's tax IT system that exposed Social Security numbers and other personal information of nearly 4 million people, South Carolina's inspector general calls for the state to centralize the way it governs information ...

and more »
The U.S. government needs a comprehensive doctrine addressing cybersecurity instead of the current patchwork of policies and agencies dealing with cyberthreats, according to a group of experts.
Two days ahead of the first post-trial hearing in the patent infringement fight between Apple and Samsung, a California judge has signaled to lawyers for both companies that she expects them to follow her instructions and work by her rules.
Qualcomm saw a double-digit increase in sales this year and is now the world's third-largest chip maker, according to research firm IHS iSuppli.
VMware and EMC today confirmed rumors that have been circulating for weeks that it would spin out its big data and platform as a service (PaaS) cloud products into a new division within the company named Pivotal Initiative, which will be led by former VMware chief Paul Maritz.
With voting open on Facebook's proposed privacy policy changes, more than 110,000 users have weighed in -- and so far, the vote is heavily in favor of the status quo.
Twitter has restricted the ability of attackers to post tweets and perform other actions on behalf of many users who have phone numbers associated with their accounts, but some users need to enable a PIN option in order to be protected.
Microsoft will 'draw a line in the sand' in 2014 when Windows XP exits support, security researchers said today, even if millions of people are still running the aged OS and a zero-day bug threatens the Windows ecosystem.
AT&T Tuesday unveiled a personalized video service to help explain each new customer's wireless bill in some detail.
Smartphone shipments to retailers worldwide this year are expected to total 717 million, 45% more than shipped in 2011, IDC said Tuesday.
A U.S. appeals court has upheld the U.S. Federal Communications Commission's authority to require mobile carriers to enter into data roaming agreements with each other.
Secure software development training is having an impact on vulnerability submissions, according to Brian Gorenc of HP TippingPoint DVLabs.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

(ISC)2 Board of Directors election results: @gattaca is in
CSO (blog)
Several highly-respected infosec professionals campaigned for a spot on the ballot this year, including Scot Terban, aka @Krypt3ia, Chris Nickerson, aka @indi303, and Boris Sverdlik, aka @Jadedsecurity. Many have criticized (ISC)2, which administers ...

Facebook wants to get mobile phone users to forget text messaging and switch to its updated Messenger service.
An aggressive iPad Mini cannibalization rate could add as few as 3 million tablets to Apple's bottom line in what is shaping up to be a record total for the quarter, an analyst said today.
Centrify Deployment Manager v2.1.0.283
After almost eight years, the developer of the PHP Gift Registry web application has finally responded to a notice regarding a serious security vulnerability. Apparently, the problem has now been fixed

DC4420 - London DEFCON - Christmas 2012 meet! Tuesday 11th December 2012
Centrify Deployment Manager v2.1.0.283
[SECURITY] [DSA 2581-1] mysql-5.1 security update
Privilege Escalation through Binary Planting in Panda Internet Security
Hewlett-Packard has filed a complaint against display manufacturers Chunghwa Picture Tubes and Tatung Company of America, seeking to recover damages it claims it suffered as a result of their involvement in a price fixing scheme.
Many chess players--and I'm sure you are going to find this hard to believe--are boring. Even to their fellow chess players.
Hewlett-Packard CEO Meg Whitman has once again affirmed the company's commitment to its embattled Autonomy software division, stressing that HP's fiscal health is stronger than recent developments may have suggested.
The hacker Kingcope, has demonstrated how to more efficiently brute force passwords on the MySQL database and all it takes is an unprivileged login for the database

Symantec joins other security firms in supporting VMware vShield Endpoint in a bid to reduce the problem of AV storms.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Tibco SmartSockets Multiple Remote Vulnerabilities
Aruba Networks announced three new Wi-Fi controllers that have built-in controls to boost application delivery.
The desktop group is pushing to abandon enterprise-class tools for built-in antivirus, firewall and encryption software from Microsoft. Is that any way to run a business?
An outbreak of a malicious posting insulting users has occured on the microblogging platform Tumblr. The worm self-replicated its message and spread from account to account until Tumblr put an end to the infection

An outbreak of a malicious posting insulting users has occured on the microblogging platform Tumblr. The worm self-replicated its message and spread from account to account until Tumblr put an end to the infection
Qualcomm has agreed to invest up to $120 million in struggling Japanese firm Sharp, with the two companies to work together to develop low-power displays for mobile devices.
A court in California has given its preliminary approval to a revised class settlement in a lawsuit brought against Facebook by users who claimed that their names and likeness were used without their prior consent in 'Sponsored Stories' advertisements shown to their online friends on the social networking website.
Unlike rival Microsoft, Apple has consistently been able to get a significant portion of its Mac customers to quickly upgrade to the newest version of OS X, data from a Web measurement company showed.
If you travel to China or Russia, assume government or industry spooks will steal your data and install spyware. Here's how to thwart them
A new piece of malicious software targeted at Apple users has been found on a website dedicated to the Dalai Lama, but one security vendor is labeling it as low risk.
Mobile network operator Orange will install Lookout's Mobile Security application on some of the Android-based tablets and smartphones it distributes starting in 2013, aiming to protect millions of subscribers in the first year alone.
As Apple prepares to launch its iPhone 5 in China, some analysts expect the product to sell well in the country and possibly even top sales for Apple's previous iPhone models there.
Privacy campaign group Europe vs. Facebook has threatened to take the Irish Data Protection Commissioner to court if it is not satisfied with the DPC's final responses to its 22 complaints about Facebook's privacy policies, and appealed for donations to cover the costs of such an action.
With a call for suggestions for testing software and commodity IT devices, the Defense Advanced Research Projects Agency (DARPA) is declaring war on backdoors, which it sees as a widespread problem



Advanced Persistent Threats to top infosec challenges for 2013
Tech4Biz | 04 Dec 2012 : Countering Advanced Persistent Threats (APT), tops the list of information security priorities for businesses in 2013, according to governance, risk management and compliance firm IT Governance. To help businesses respond to ...

The worldwide chip market dropped from being labeled 'stagnant' to 'in a slump' this year, with one analyst firm downgrading its forecast to a level that puts the entire year in a decline.
Good Technology announced Good Vault, a system for adding two-factor authentication to the iPhone 4 and 4S for access to Good for Enterprise email.

Posted by InfoSec News on Dec 04


By Mathew J. Schwartz
December 03, 2012

Does commercial, off-the-shelf software or hardware contain built-in
backdoors to give foreign attackers direct access to corporate or
government networks, or pose some other type of information security
risk? The Department of Defense wants to find out.

The Defense Advanced...

Posted by InfoSec News on Dec 04


By Robert Lemos
Contributing Writer
Dark Reading
Dec 03, 2012

Whether by mandate or mission, companies have increasingly focused on
creating better systems for managing the identities and access rights of
their employees. Such systems can be a goldmine of information on
security events that...

Posted by InfoSec News on Dec 04


By Michael Lee
ZDNet Australia
December 3, 2012

Macquarie University has had one of its sites breached and defaced over
the weekend in an apparent show to demonstrate that its servers'
security are not being maintained to a sufficient standard.

On Friday, one of Macquarie University's web applications, designed to...

Posted by InfoSec News on Dec 04


By John Leyden
The Register
4th December 2012

Foreign states may already have used malware to map the networks that
support the UK's critical infrastructure systems, the government

The admission by government officials came in the run-up to a
parliamentary statement by Cabinet Office minister, Francis Maude,
marking the first anniversary of the UK's...

Posted by InfoSec News on Dec 04


By Lucian Constantin
04 December 2012

Attackers can read emails, contacts and other private data from the
accounts of Yahoo users who visit a malicious page by abusing a feature
present on Yahoo's Developer Network website, according to an
independent security researcher.

A limited version of the attack was presented on Sunday...
Oracle MySQL 'acl_get()' Buffer Overflow Vulnerability
Lynx browser 'convert_to_idna()' Function Remote Heap Based Buffer Overflow Vulnerability
To break its slump in the server market, Advanced Micro Devices is embarking on an aggressive strategy that calls for ARM and x86 chips by 2014 and continued improvements to its Opteron line in the meantime.
Midnight Commander 'MC_EXT_SELECTED' Variable Remote Security Vulnerability
Internet Storm Center Infocon Status