InfoSec News

----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
An analyst's open letter to Nokia's CEO, a former Microsoft executive, has triggered intense speculation that the Finnish phone maker will adopt Windows Phone 7 as the firmware for at least some of its struggling smartphone line.
ARM is considering 64-bit extensions for its CPU designs, but its absence today doesn't harm its chances in the server market, ARM CEO Warren East said this week.
About six months ago I wrote a post on fixing a Windows 7 system that randomly freezes. Since then I've heard from lots of readers (some of whom were scratching their heads over a mistake in the print edition, which left out the link to the actual fix), leading me to believe this is a pretty widespread problem.
Given all the hype SaaS (software as a service) has garnered, you might be inclined to think every category of software will be delivered predominantly from the cloud at some point. Not so, says a new Forrester Research report.
As Super Bowl Sunday approaches, we take a look at science and technology that could redefine football as we know it.
Advisory firm Institutional Shareholder Services announced its support for a proposal that would ask Apple to produce a written CEO succession policy.
Cisco Systems announced its intent to acquire privately held Inlet Technologies, a provider of adaptive bit rate (ABR) digital media processing platforms, for $95 million in cash and retention-based incentives.
Google on Thursday patched nine bugs in Chrome and upgraded the most stable edition of the browser to version 9.

Gov't Infosec Pros Give Howard Schmidt Advice (blog)
The last question in's The State of Government Information Security Today Survey asks: What one piece of advice would you give White ...

Safari extensions, first introduced with version 5 of Apple's Web browser, allow developers to create all sorts of clever add-ons to augment and enhance the surfing experience. If you know a little bit about HTML, CSS, and JavaScript (or even just one of the three) you're already well equipped to create a Safari extension.
Apache APR-util 'apr_brigade_split_line()' Denial of Service Vulnerability
Come Tuesday, Adobe is apparently planning to issue critical updatesfor Adobe Reader. Microsoft's advance notification indicatesthat we'll be getting a plethora of patches, most prominently a critical one (remote code execution) forInternet Explorer. Further, Firefox 3.6.14 is also tentatively scheduled for a release on same Tuesday. Looks like we're in for a busy patch week. (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
The latest release of Microsoft Windows SBS updates core products in the SBS package and streamlines employee remote access and the deployment process.
CA's Chorus allows companies that use 3270 terminals to access data in a more useable browser-based interface.
Adobe's Reader X, last year's upgrade that features a "sandbox" designed to protect users from PDF exploits, stymied a recent attack campaign, researchers said.
Less than two years after his appointment as national coordinator for health IT, Dr. David Blumenthal said he will step down from the post this spring to return to teaching at Harvard.
Two U.S. Congressman have sent a letter to Facebook CEO Mark Zuckerberg seeking information on the company's plan to make specific user data available to third party application developers and publishers.
(TAD-2011-001) Vulnerability in HTC Peep: Twitter Credentials Disclosure
[USN-1058-1] PostgreSQL vulnerability
[SECURITY] [DSA-2157-1] PostgreSQL security update
Verizon Friday said it set a first day mobile phone sales record yesterday after just two hours of selling Apple's iPhone.
Egypt finds its voice, Verizon gives iPhone lovers a choice
Reformatting and restoring a PC is not fun--in the way spending 2 hours in the dentist's chair is not fun. You have to back up all your data (and pray that you haven't forgotten anything), reformat the hard drive, install Windows, track down missing drivers, find and reload all your software, restore your data, and pull out clumps of hair over the things you inevitably neglected to save. (Firefox plug-ins, anyone?)
ZDI-11-039: BMC PATROL Agent Service Daemon BGS_MULTIPLE_READS Remote Code Execution Vulnerability
[ MDVSA-2011:020 ] pango
[USN-1057-1] Linux kernel vulnerabilities
DriveCrypt 'DCR.sys' Arbitrary File Read Write Local Privilege Escalation Vulnerability
The FTC settles cybersecurity complaints against three credit report resellers.

BlackHat Europe 2011
Help Net Security
The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec ...

Today's job changers must figure out how to separate personal electronics and social networks from company systems. It ain't always easy.
Google's Chrome will likely survive the first day at next month's Pwn2Own hacking challenge, but may fall the next when the rules change, the contest organizer predicted.
As protests in Egypt continue, the head of the government agency charged with developing the nation's tech sector, Yasser El-Kady, has been going to work, doing conference calls with tech firms -- and planning for the future.

Posted by InfoSec News on Feb 04


The Secunia Weekly Advisory Summary
2011-01-27 - 2011-02-03

This week: 60 advisories

Table of Contents:

1.....................................................Word From...

Posted by InfoSec News on Feb 04

By James Niccolai
IDG News Service
February 3, 2011

SAP will ask a California court to reduce the US$1.3 billion jury award
it was hit with last November in Oracle's TomorrowNow lawsuit against
the company, SAP said Thursday.

Earlier in the day the court entered its final judgment against SAP,
basically confirming the jury's award. SAP has already...

Posted by InfoSec News on Feb 04

Forwarded from: Richard Forno <rforno (at)>
To: InfoSec News <alerts (at)>
Cc: Infowarrior List <infowarrior (at)>

Umm, yeah, okay.

What happens when you can't reach the cloud? Mission Fail.

What happens when the cloud provider drops the ball on security or other
operational requirements? Mission Fail.

What happens when you want to switch cloud providers for a better price?...

Posted by InfoSec News on Feb 04

By David Kravets
Threat Level
February 3, 2011

The U.S. Bureau of Reclamation is shooting down a key legislative
talking point: that the internet “kill-switch” legislation is needed to
prevent cyberterrorists from opening the Hoover Dam’s floodgates.

The brouhaha started last week, when legislative aides on the Homeland
Security and Governmental Affairs committee offered...

Posted by InfoSec News on Feb 04

By Jackie Valley
Las Vegas Sun
Feb. 3, 2011

Anthony Carleo, the 29-year-old judge’s son suspected of stealing $1.5
million worth of chips from the Bellagio during a brazen armed robbery,
expressed his desire to “come up with some very big money” at the very
casino he allegedly robbed days later, according to an arrest report

Internet Storm Center Infocon Status