InfoSec News

Adobe patched 23 security vulnerabilities in its Reader PDF viewer on Tuesday, most of them critical, including one that has been exploited by hackers for at least a month or possibly much longer.
 
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Facebook calls him a spammer and a U.S. court has fined him US$873 million. But Montreal's Adam Guerbuez doesn't seem to care; he calls himself the US$873 million man and says he won't pay a cent.
 
Sony targets the everyman with its VAIO EA series of all-purpose laptops. They're affordable, medium-size, general-purpose workhorses with a variety of customization options. Available in a swath of colors and configurations, the EA series is neither slim and sexy nor bulky and heavy. It's as close to the middle of the road as you're likely to get from Sony.
 
IBM has upgraded its hosted collaboration suite, LotusLive, with additional capabilities, including a revamped e-mail and calendaring service called LotusLive Notes, and a new set of collaboration tools, called Communities.
 
Intel is developing a tool that will make it easier for developers to port iPhone applications to Intel-based smartphones, tablets and other devices, a company executive said Tuesday.
 
The last time Nielsen declared Android to be the most popular smartphone operating system in the United States, Google's victory was incomplete. Apple hadn't launched the iPhone 4 yet, and sales were bound to spike in the months that followed.
 
Intel is developing a tool that will make it easier for developers to port iPhone applications to Intel-based smartphones, tablets and other devices, a company executive said Tuesday.
 
With QuickBooks 2011, Intuit performs a balancing act of reaching out to new users while trying to tempt veterans to upgrade to its latest market-leading small-business accounting software. And once again, the upgrade's usefulness depends on how much your business can benefit from the new features.
 
The last time Nielsen declared Android to be the most popular smartphone operating system in the United States, Google's victory was incomplete. Apple hadn't launched the iPhone 4 yet, and sales were bound to spike in the months that followed.
 
Qualcomm has suspended sales of devices for its mobile TV service, FLO TV, as it considers options for how to use its national network that is currently dedicated to multimedia.
 
Smartphone exploits are coming, as cybercriminals start to figure out how to make money by hacking mobile devices, two mobile security experts said.
 
Android is the most popular mobile operating system among consumers who bought a smartphone in the past six months, according to new research from Nielsen.
 
The organization in charge of defining security for the payment-card industry's merchants and service providers Tuesday issued two guidance papers, the first on end-to-end encryption and the second on payment card technology used more commonly in Europe than in the U.S.
 
The new Apple TV costs less than $64 to manufacture and get out the factory door, an analyst with iSuppli said today, putting Apple's living room entry at the low end of the profit margin.
 
Despite dozens of recent arrests targeting large online fraud organizations, other criminals are continuing to use the Zeus Trojan and other Web tools to steal identities and money from Internet users, a cybersecurity expert said.
 
Hitachi, Seagate and Western Digital are touting hard drive and solid-state drive innovations that include a hybrid optical drive with on-board NAND flash memory and a line of external drives with up to 3TB capacity.
 
The switch in leadership at Twitter is signaling that the company is ready to turn what has been something of an online adventure into a real moneymaking business.
 
Now that the Ceton InfiniTV 4 card has arrived (check out my review), Windows Media Center is back in my good graces. Consequently, I'm back on the prowl for cool ways to trick out Microsoft's couch-friendly interface.
 
Google has made a sweeping request that a court throw out the lawsuit filed by Oracle over Java use in Android.
 
Following its recent encryption acquisitions, Symantec will phase out the GuardianEdge name and integrate PGP Whole Disk Encryption with support for Symantec Data Loss Prevention.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

Reportlinker Adds Global Unified Communications Industry
IT News Online
... into Strategic Partnership with Microsoft II-63 InfoSec Pacific Signs Distribution Agreement with FaceTime Communications II-64 Alcatel-Lucent Chooses ...

and more »
 
Iran today made its strongest statement yet that it believes a Western plot is behind the Stuxnet worm that has infected tens of thousands of computers in the country, including some at its sole nuclear power plant.
 
Lenovo could introduce a ThinkPad tablet for enterprises, depending on corporate adoption and customer demand for such a device, a company executive said on Tuesday.
 
Fewer security holes means better software quality and lower costs. Merkow and Raghavan provide expert guidance on building and managing a software security program that pays off.
 
This weekend is the HacKid conference in Cambridge, Mass. Bill Brenner on why you MUST take your children there.
 
A French court sentenced Societe Generale trader Jerome Kerviel to three years in prison following his conviction on fraud and other charges in connection with a series of significant unauthorized trades.
 
BMC Software has acquired the software business of Neptuny Software, a Milan-based provider of capacity management and IT performance optimization software.
 
Google has made a sweeping request that a court throw out the copyright- and patent-infringement lawsuit filed by Oracle over Java use in Android.
 
The FCC's white space decision significantly increases the radio spectrum available for unlicensed computer communications. It could generate billions of dollars of business.
 
Cisco announced a doubly powerful Catalyst Ethernet switch, a condensed edge router and a slew of other new and enhanced products designed to help companies extend more powerful networking services to branch offices.
 
Results of the first Verizon Payment Card Industry Compliance Report indicate that organizations that had been breached were 50% less likely to be PCI compliant.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Fewer security holes means better software quality and lower costs. Merkow and Raghavan provide expert guidance on building and managing a software security program that pays off.
 
Russian authorities have detained a Ukrainian national who oversaw a group that manufactured fraudulent payment cards and identity documents, according to a the country's Interior Ministry.
 
Oracle plans to buy enterprise single sign-on technology vendor Passlogix, a move that will boost its portfolio of security offerings.
 
Synergy, the Citrix user conference, will open its doors in Berlin on Wednesday, where the company is expected to launch a new version of XenDesktop and to talk about its client hypervisor XenClient, which allows users with a virtualized desktop to work offline.
 
For travelers who juggle a number of connected devices while on the road, Novatel’s MiFi 2200 mobile hotspot may be a little gift from tech heaven. The device connects to Sprint’s 3G EvDO network, then creates a mobile bubble of Wi-Fi that can connect up to five devices at the same time. And best of all, you can get the device with a pre-paid, no-contract data plan from Virgin Mobile.
 
Ever wish you could get PC World's awesome How-To section in your inbox every day? Sure, you can subscribe to one or more of the newsletters, but those arrive only once per week. You need your daily fix!
 
We laugh with them... well, OK, sometimes we laugh at them, too. Enjoy The Best of Shark Tank.
 
Yahoo applied lessons learned a hundred years ago to its recently completed Lockport data center in New York, a decision that is saving it money and opening the door to future data center innovations.
 
Scammers are spoofing the anti-malware warnings of popular browsers to dupe Windows users into downloading fake security software, according to Symantec.
 
TDK showed flexible and see-through organic displays at Japan's Ceatec on Tuesday. It said it will begin mass production of the flexible displays within a year, a move that would make it the first company to do so.
 
RIM's murky stance on migrating BlackBerry apps to its new tablet doesn't faze would-be developers seeking a larger screen, more horsepower
 
CommVault has released the latest version of its flashship backup software product, Simpana 9, adding dedpulication at the client level as well as snapshotting capability and automatic discovery of virtual machines for backup.
 
Lenovo's ThinkStation C20 compact workstation saves space and supports high-end graphics.
 
RIM's PlayBook tablet, which is already being seen as a good fit for the enterprise, will face an updated iPad by the time it arrives in 2011. Columnist Ryan Faas weighs in on the upcoming fight.
 
InfoSec News: New Verizon Report: Non-PCI Compliant Organizations Suffer More Breaches: http://www.darkreading.com/security_monitoring/security/app-security/showArticle.jhtml?articleID=227600072
By Kelly Jackson Higgins DarkReading Oct 04, 2010
Data from PCI DSS assessments conducted by Verizon Business' PCI auditors shows that organizations hit by breaches are 50 percent less [...]
 
InfoSec News: Are Mossad agents selling paintings in Utah?: http://www.jpost.com/International/Article.aspx?id=189989
By JPOST.COM STAFF 10/03/2010
Local Utah news station reports mysterious salesmen claiming to be Israeli art students asking locals about a new NSA data center.
Door-to-door salesmen claiming to be Israeli art students have been [...]
 
InfoSec News: Cyber warriors could see less time at sea: http://www.navytimes.com/news/2010/10/navy-cyber-seatime-100310w/
By Philip Ewing Staff writer Navy Times Oct 4, 2010
Navy leadership has plans in the works for more specialized computer-warfare careers, the fleet’s top cyber boss told Congress on Sept. [...]
 
InfoSec News: Nationwide holiday ups China's risk to Stuxnet: http://www.zdnetasia.com/nationwide-holiday-ups-china-s-risk-to-stuxnet-62203387.htm
By Tyler Thia ZDNet Asia October 4, 2010
Computer hackers have warned that the week-long National Day holiday in China that began Friday could leave the country vulnerable to further [...]
 
InfoSec News: Survey: Business continuity plans still need work: http://www.csoonline.com/article/621192/survey-business-continuity-plans-still-need-work
By Joan Goodchild Senior Editor CSO October 01, 2010
Most business report they have been negatively impacted by network disruptions in the last year, according to a new poll that attempts to [...]
 
InfoSec News: Feds detail cyber security strategy: http://www.theglobeandmail.com/news/technology/feds-detail-cyber-security-strategy/article1740997/
The Canadian Press Oct. 04, 2010
The federal government has launched a major effort to make the Internet safer.
Canada's cyber security strategy, announced in last spring's budget, [...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, September 26, 2010: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, September 26, 2010
8 Incidents Added.
======================================================================== [...]
 
InfoSec News: Money mule arrests highlight banks' efforts to fight fraud: http://www.computerworld.com/s/article/9189201/Money_mule_arrests_highlight_banks_efforts_to_fight_fraud
By Jaikumar Vijayan Computerworld October 4, 2010
The indictments unveiled last week against dozens of people who allegedly helped loot millions of dollars from U.S. [...]
 

Posted by InfoSec News on Oct 04

http://www.csoonline.com/article/621192/survey-business-continuity-plans-still-need-work

By Joan Goodchild
Senior Editor
CSO
October 01, 2010

Most business report they have been negatively impacted by network
disruptions in the last year, according to a new poll that attempts to
gauge how organizations react to disruptions and the measures they are
taking to improve their business continuity and disaster recovery plans.

The poll,...
 

Posted by InfoSec News on Oct 04

http://www.theglobeandmail.com/news/technology/feds-detail-cyber-security-strategy/article1740997/

The Canadian Press
Oct. 04, 2010

The federal government has launched a major effort to make the Internet
safer.

Canada's cyber security strategy, announced in last spring's budget,
will cost $90-million over five years and $18-million in ongoing
funding.

It aims to secure federal computer systems and join other governments
and industry to...
 

Posted by InfoSec News on Oct 04

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, September 26, 2010

8 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported
data loss incidents world-wide. The Open Security Foundation asks for
contributions of new incidents and new data for...
 

Posted by InfoSec News on Oct 04

http://www.computerworld.com/s/article/9189201/Money_mule_arrests_highlight_banks_efforts_to_fight_fraud

By Jaikumar Vijayan
Computerworld
October 4, 2010

The indictments unveiled last week against dozens of people who
allegedly helped loot millions of dollars from U.S. businesses via
online corporate account takeovers highlights the struggle by financial
firms to fight fraud.

Over the past two years, corporate account takeovers by...
 

Posted by InfoSec News on Oct 04

http://www.darkreading.com/security_monitoring/security/app-security/showArticle.jhtml?articleID=227600072

By Kelly Jackson Higgins
DarkReading
Oct 04, 2010

Data from PCI DSS assessments conducted by Verizon Business' PCI
auditors shows that organizations hit by breaches are 50 percent less
likely to be PCI-compliant than its other clients.

The first-ever Verizon Payment Card Industry Compliance Report, released
today, analyzed findings...
 

Posted by InfoSec News on Oct 04

http://www.jpost.com/International/Article.aspx?id=189989

By JPOST.COM STAFF
10/03/2010

Local Utah news station reports mysterious salesmen claiming to be
Israeli art students asking locals about a new NSA data center.

Door-to-door salesmen claiming to be Israeli art students have been
asking a few too many questions about a NSA (National Security Agency)
data center in Utah, according to a local ABC news report last week.

A woman who...
 

Posted by InfoSec News on Oct 04

http://www.navytimes.com/news/2010/10/navy-cyber-seatime-100310w/

By Philip Ewing
Staff writer
Navy Times
Oct 4, 2010

Navy leadership has plans in the works for more specialized
computer-warfare careers, the fleet’s top cyber boss told Congress on
Sept. 23, including the creation of what he called “cyber engineers and
cyber warrant officers.”

Vice Adm. Barry McCullough, head of 10th Fleet, told House lawmakers
that the Navy faces a...
 

Posted by InfoSec News on Oct 04

http://www.zdnetasia.com/nationwide-holiday-ups-china-s-risk-to-stuxnet-62203387.htm

By Tyler Thia
ZDNet Asia
October 4, 2010

Computer hackers have warned that the week-long National Day holiday in
China that began Friday could leave the country vulnerable to further
attacks from Stuxnet, according to a report by news agency AFP.

The cyberworm, which may have been designed to attack Iran's nuclear
facilities, has already hit millions of...
 
As we wander down this path that is Cyber Security Awareness month it reinforces that on one hand the Internet is a source of an unimaginable wealth of information and knowledge and on the other hand is a scary place where evil lurks in dark corners. The question for the day is how can you explore the Internet while avoiding nasty sites.
As a security practitioner I am often taken off the beaten path of the Internet to do research, so it is important that Ihave some help avoiding nefarious sites. Here are a few tools that Iuse:

Iuse Firefox and the Web-of-Trust add-on to help me identify potentially naughty sites. Web of Trust adds colored circles after all links, green for good, yellow for questionable, and red for bad. McAfee SiteAdvisor and other products do very similar things.
I use OpenDNSand utilize the Web Content Filtering capability to provide a layer of protection.

If you have other tips on how to avoid nasty sites, please feel free to comment below or contact us via our contact form.

-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Internet Storm Center Infocon Status