InfoSec News

Bookseller Barnes & Noble is considering spinning off its Nook digital business to help it grow, following strong growth in sales of the Nook reader and tablet and digital content in the nine-week holiday period ending Dec. 31.
Well this has just happened, Sony has been hacked again by anonymous, this time targeting the Sony Pictures website. They have also obtained access to the facebook page and left a comment or two that will no doubt leave them thinking. The attack has been carried out in light to Sony showing its support for [...]

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Gamers have become a target again with the huge online game WoW, world of Warcraft has been hit by a hacker using the handle C0DY and had a small amount of accounts dumped. The account leak comes in the format of username, passwords and email. all passwords are encrypted. http://pastebin.com/zQ08sQeg

Symantec is investigating an Indian hacking group's claims that it accessed source code used in the company's flagship Norton Antivirus program.
If you are avid users of tcpflow, Simson Garfinkel has just released a public beta of tcpflow which contains significant changes. If you want to participate in the beta testing, the tool is available for download here which include several prebuild packages are also available for download. A list of the changes is posted here. A final release is planned within the next two weeks.
[1] http://afflib.org/software/tcpflow

[2] http://old.nabble.com/tcpflow-1.1.0-beta1-td33081226.html
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
It is a brand new year and this upcoming Tuesday Microsoft is releasing seven bulletins ranging from Important (6) to critical (1) affecting all Windows OS. Detailed information can be found in the advance notification bulletin.
[1] http://technet.microsoft.com/en-us/security/bulletin/ms12-jan
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Apple QuickTime Prior To 7.7.1 Movie File Handling Integer Overflow Vulnerability
The National Oceanic and Atmospheric Administration has moved 25,000 employees and contractors to Google Apps for Government.
Live reports from the Consumer Electronics Show in Las Vegas.
Sprint Nextel will launch LTE in the first half of this year, most likely beginning in Dallas, Houston and San Antonio, Texas, and Atlanta, the company announced on Thursday.
Researchers at security firm Seculert have discovered a cache of 45,000 Facebook login credentials tied to the Ramnit worm.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
The software giant will issue seven bulletins, including one critical, as part of its January 2012 Patch Tuesday security updates.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Among the experts are Verizon?s Wade Baker on data breaches, Microsoft?s David Ladd on software security and Catalin Cosoi of BitDefender on targeted attack prevention.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Care2, a social network that promotes a variety of causes, announced a data security breach Dec. 28 in which hackers targeted account credentials on the company servers.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Intel will make a major mobile push at the upcoming Consumer Electronics Show, where it will likely announce smartphone customers and show off a Windows 8 tablet with its upcoming Atom chip code-named Clover Trail, a person familiar with the company's plans said.
Oracle's impending upgrade to its support portal promises to deliver a "next-generation" experience, but some users are worried they will endure a fiasco of the sort that occurred with the last revamp of the site.
ImpressPages CMS 'actions.php' Remote Code Execution Vulnerability
Microsoft today said it would deliver seven security updates next week -- tying the record for January -- to patch eight vulnerabilities in Windows and its developer tools.
Congress appears likely to move forward with two controversial copyright enforcement bills this year, even with vocal and widespread opposition to the Stop Online Piracy Act and the Protect IP Act in the Internet community.
Just one day after Yahoo announced that it found a new CEO, speculation began swirling that the Internet company may be looking to scoop up Netflix.
Ultrabooks are already hot this year. With Apple proving that thin, light laptops are desirable and Intel pushing the platform, the Consumer Electronics Association expects as many as 50 ultrabooks to be launched at CES in Las Vegas next week. With so many new models to choose from, how should your business decide which is the best fit?
Lotus Notes creator and former Microsoft Chief Software Architect Ray Ozzie is coming back with a startup named Cocomo that seems to be focused on mobile communication.
The DRAM market, already suffering from low demand, now faces an alarming rise in inventory that threatens to further sink the industry.
AT&T announced Thursday it has rolled out 4G LTE services to 11 more markets, including New York City, Los Angeles and San Francisco.
A federal judge this week denied Apple's request to keep secret the technical information that describes how the company locks Mac OS X to its hardware.
A pervasive worm has expanded its reach to now steal login and password details for Facebook users, warned security vendor Seculert, which found a server holding 45,000 login credentials.
FFmpeg Multiple Unspecified Vulnerabilities
SQLiteManager 1.2.4 Multiple Cross-Site-Scripting vulnerabilities
VertrigoServ 2.25 Cross-Site-Scripting vulnerability
Pligg CMS 'status' Parameter SQL Injection Vulnerability
Research firm Gartner announced Thursday that it has lowered its 2012 IT spending forecast, with spending expected to rise only 3.7 percent, rather than the previous forecast of 4.6 percent growth.
In the beginning, it was Macintosh vs. Windows. Then it was Windows against OS/2 against the Mac. Followed by Netscape Navigator head-to-head against Internet Explorer.
Ggb Guestbook - XSS Vulnerabilities
SEC Consult SA-20120104-0 :: Multiple critical vulnerabilities in Apache Struts2
Care2, a social network that promotes a variety of causes, announced a data security breach Dec. 28 in which hackers targeted account credentials on the company servers.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
We've talked people’s ears off--colleagues, relatives, friends, and even strangers around town (to make reservations, for instance)--all for a good cause. We wanted to find the best Bluetooth headsets and car units in the land.
For a peek into what experts expect this year and beyond when it comes to privacy, we turn to the Rebecca Herold (aka the Privacy Professor) for answers.
Yesterday I talked about my concerns about the security of my data if I store it in the cloud. It seems like an awful lot of faith to put in a third-party to expect it to protect my data. However, there is a flip side to that coin that suggests that maybe my data is better off in their hands than mine.
Sprint announced it will sell the Galaxy S II Epic 4G Touch in a frost white color starting on Jan. 8 for $199.99 with a new two year plan.
NGS00106 Technical Advisory: Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability
NGS00109 Technical Advisory: Remote Code Execution in ImpressPages CMS
HServer webserver - Directory Traversal Vulnerability
Revised IETF I-D: Advice on IPv6 RA-Guard Implementation
The International Consumer Electronics Show next week may be a major launchpad for a new, faster generation of Wi-Fi that goes about three times faster than current gear, with at least one major silicon vendor announcing and demonstrating a set of chips for the IEEE 802.11ac standard.
With its newly updated NetBeans Java IDE (integrated developer environment), Oracle has focused on updating the tools and libraries so they can be used to build more sophisticated user interfaces.
Marvell was set to announce a new ARM-based chip for televisions on Thursday that will run Android and Google TV software, filling a void left by Intel's decision in October to depart the TV market.
Acer America today unveiled the Iconia Tab A200, an Android-based tablet that will go on sale Jan. 15 in the U.S. starting at $329.99.
OpenSSL Multiple Vulnerabilities
LG Electronics has introduced two new ultrabooks -- the Z330 and Z430 -- which will be on display at the International Consumer Electronics Show in Las Vegas next week, the company said Thursday.
First look: Lantronix's xPrintServer overcomes Apple's printer gap, with amazing simplicity
Lenovo announced ThinkPad laptops with cutting-edge technologies including Intel's upcoming third-generation Core processors and the Thunderbolt interconnect.
Yahoo's choice of a new corporate head is sending the message that the company will be rebuilt instead of sold, analysts say.
With ultrabook announcements expected to get all the attention at next week's CES, it's important to lament the ill-fated netbook -- left for dead by a callous and capricious tech industry. Patrick Thobodeau explains.
Even the things I don't like speak to the flexibility of the platform.
The U.S. Department of State said on Wednesday it is investigating Huawei Technologies for allegedly providing censorship and mobile phone tracking technology to Iran, following a request from six U.S. lawmakers.

Posted by InfoSec News on Jan 04


[On the @attritionorg Twitter feed, it was noticed that the
website Mitnick recommends to buy this escape and evasion item
doesn't use HTTPS for checking out orders. Oops... - WK]

By Elinor Mills
January 4, 2012

Famed hacker Kevin Mitnick has seen enough of the inside of a jail to
know he never wants to go back. Now...

Posted by InfoSec News on Jan 04


By John Foley
January 04, 2012

An FBI project to develop a digital case-management system to replace
outdated, paper-based processes has been delayed again, despite the
agency's decision to use agile development to hasten its completion. The
system, called Sentinel, is now due to be deployed in May, eight months
later than the FBI planned when it...

Posted by InfoSec News on Jan 04


By Michael Lee
January 5th, 2012

In the lead-up to the festive season, overseas customers were unable to
access the trading platform. In order to execute trades they were
required to contact the bank directly. The Australian Financial Review,
which first reported the problem, had originally been told that the
bank's trading platform had not been...

Posted by InfoSec News on Jan 04

Forwarded from: security curmudgeon <jericho (at) attrition.org>

: http://www.yomiuri.co.jp/dy/national/T120102002799.htm
: The Yomiuri Shimbun
: Jan. 3, 2012
: The Defense Ministry is in the process of developing a computer virus
: capable of tracking, identifying and disabling sources of cyber-attacks,
: The Yomiuri Shimbun has learned.
: The development of the virtual cyberweapon was launched in 2008. Since
: then, the weapon has...

Posted by InfoSec News on Jan 04


By Kelly Jackson Higgins
Dark Reading
Jan 04, 2012

Another SQL injection campaign is literally going viral, with some 1
million URLs possibly infected.

The SANS Internet Storm Center over the weekend counted some 1,070,000
URLs injected with the so-called lilupophilupop.com malware....
Well its that time of the year again, where facebook is holding its 2nd Hacker Cup that is due to start on the 20th, putting computer programmers thru a range of different tasks to see who comes out best. The top 25 will be flown into the facebook campus for final rounds and the 1st place [...]

Internet Storm Center Infocon Status