InfoSec News

The news that former Apple CEO Steve Jobs had died staggered long-time technologists of all stripes, giving them pause and a chance to remember their passion for an industry that grew out of a garage.
Drawing from some of the most pivotal points in his life, Steve Jobs, then-CEO and co-founder of Apple Computer and of Pixar Animation Studios, urged graduates to pursue their dreams and see the opportunities in life's setbacks -- including death itself -- at the university's 114th Commencement on June 12, 2005.
Steve Jobs' passing is a profound event for Apple, and for the entire tech industry, says Computerworld Editor-in-Chief Scot Finnie.
As news of the death of Steve Jobs spread around the Internet, the tributes came pouring in Wednesday, crediting Apple's co-founder and chairman with -- more than once -- changing computing as we know it.
The Internet and social networks like Facebook and Twitter lit up Wednesday night with the news of the death of Apple Chairman Steve Jobs.
Steve Jobs, the Apple co-founder who resigned from the company in the mid-1980s and returned a decade later to make Apple one of the most successful technology companies in the world, has died.
Oracle CEO Larry Ellison on Wednesday unveiled a public cloud service that will run its Fusion Applications and others, and while doing so delivered a withering broadside against competitors, with his harshest words for Salesforce.com.
A statement from Apple's board of directors on the death of Steve Jobs.
1955 -- Born Feb. 24 in San Francisco to Joanne Simpson and Abdulfattah Jandali.
Steve Jobs, the Apple co-founder who resigned from the company in the mid 1980s and returned a decade later to make Apple one of the most successful technology companies in the world, has died.
Steve Jobs, the Apple co-founder who resigned from the company in the mid-1980s and returned a decade later to make Apple one of the most successful technology companies in the world, has died.
Responding to the rapid adoption of their software, the folks behind the OpenStack cloud software are planning to form a stand-alone nonprofit foundation to steward future development of the open-source software suite.
RETIRED: LightNEasy 'LightNEasy.php' Multiple HTML Injection Vulnerabilities
Perl Digest Module 'Digest->new()' Code Injection Vulnerability
The U.S. Federal Communications Commission has issued warnings to 20 online retailers selling illegal mobile phone jammers, GPS jammers, Wi-Fi jammers and other signal jamming devices, the agency said Wednesday.
LightNEasy 'LightNEasy.php' Multiple HTML Injection Vulnerabilities
Shaw reviews Lenovo's ThinkPad Tablet.
A start-up consulting firm founded by former Cisco engineers is targeting a new niche for enterprise IT departments: helping them deploy IPv6 and cloud computing simultaneously to reduce overhead costs.
Just three years after a failed attempt to buy Yahoo, Microsoft may be considering whether to try again, Reuters reported today.
The six days of online brownouts and slowdowns that have plagued Bank of America's website are "unprecedented," a leading Internet and mobile cloud monitoring service said today.
Over two-thirds of the online buzz Tuesday about Apple's new iPhone 4S was negative, a social media monitoring company said today.
The CTIA mobile trade group is asking a federal court to stop San Francisco from making cell-phone retailers post warnings about radiation dangers from phones, just a week before an annual trade show that CTIA moved out of the city because of the law.
New York City is expanding the use of its citywide wireless network to more than a million devices as it tries to cut costs and expand the range of services available to residents, the city's CIO said on Wednesday.

CAMBRIDGE, MA. — On the same day consolidation hit the security information and event management market hard, a group of influential industry leaders was busy talking innovation and telling the entrepreneurs in the room to pick up the pace and bring new products to market that address current threats and adversaries.

Too many great ideas, several speakers said at the SINET Innovation Summit held Tuesday at MIT, smash headfirst into significant roadblocks. Regulators, lawmakers, academia share equal blame in putting the brakes on innovation in security, they said. In the meantime, attackers continue to win the cat-and-mouse game with defense contractors, government agencies and large enterprises and innovate at light speed faster than those tasked with defending corporate data, trade secrets and national security.

“[The industry] needs guidance to move ideas to a point where they can be seriously considered in terms of commercialization,” said Paul Barford, chief scientist at Qualys, Inc., and computer science professor at the University of Wisconsin. “For startups, there is a huge gap between developing a security idea and actually moving it into practice.”

Barford pointed a harsh finger at academia.

“Processes in academia stifle innovation,” he said. “Tenure stifles innovation! With tenure, you have to publish and getting published is accomplished by adding another brick to the foudnation of your particular domain. All of these little bricks end up being narrow ideas, and not the big jump in innovations we need to solve today’s security problems.”

Despite the fact that big tech companies such as IBM, and even large security firms such as McAfee, continue to consolidate the security industry as they did on Monday scooping up Q1 Labs and Nitro Security respectively, smaller companies remain capable of innovating. Heartland Payment Systems CTO Kris Herrin explained how his company reached out to Voltage Security and partnered on an encryption solution following the 2008 breach at the payment provider. Heartland purposely went with a smaller partner and fostered a relationship that required a lot of handshakes and understanding to get past some ambiguities to solve a problem.

“After the breach, we had to reach out to other innovators,” Herrin said. “The risk element involved is about both parties understanding there will be ambiguity and the lawyers can’t shore it up. Where you run into problems is when a partner shores everything up tight and isn’t comfortable with the same level of risk.”

Larger IT organizations, such as Lockheed Martin, have formalized their efforts to seek out innovative security technologies to partner with and invest in. Lockheed VP and CTO Haden Land explained how the defense contractor has built cybersecurity labs in the U.S., U.K., and Australia to foster the development of security tools. There is also an emerging technology fund that has been established in-house that is used for minority investments in startups with unique capabilities, Land said. Then there are collaborative efforts with large enterprises in other industries to meet annually with venture capital firms seeking funding in a handful of companies annually.

“These are good venuues to connect and provide guidance,” Land said.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
ServersCheck Monitoring Software Multiple Remote Security Vulnerabilities
The battle between Oracle and Google over Android is unlikely to go to trial later this month as initially planned.
Apple appears on track to release a Mac OS X Lion update by Oct. 12, when the company will roll out iCloud, its new online synchronization and backup service.
Bank of Americas online banking website has at times been inaccessible in various U.S. locations in recent days, and it continues to experience performance issues, according to Internet and mobile cloud monitoring services.
A brokerage and investment banking firm downgraded Google from "buy" to "hold" because of the growing threat from social media companies like Facebook.
Oracle's Fusion Applications are finally generally available to all customers, the company announced Wednesday at the OpenWorld conference in San Francisco as part of the most extensive public demonstration of the long-awaited software to date.
The Salesforce.com chief continued his spat with Oracle CEO Larry Ellison Wednesday morning -- and you might not see Marc Benioff at an Oracle conference again.
Android users in the U.S. grew to an even greater share of the smartphone market in comScore's latest ranking, hitting 43.7%, while iPhone users grew slightly to 27.3%.
DivX Plus Web Player 'file://' URL Stack Buffer Overflow Vulnerability
The months-long feud between Apple and Samsung over tablet and smartphone design continues to boil over, with a key ruling expected next week. Jonny Evans offers a look at the issues involved.
VMware has released security advisory VMSA-2011-0011 which describes a remote code execution vulnerability in VMware Workstation 7.1.4 and earlier, VMware player 3.1.4 and earlier, and VMware Fusion 3.1.2 and earlier. Note, VMware released Workstation 8 and Fusion 4 late last month, so if you have upgraded to the bleeding edge, you are not affected.

Jim Clausing, GIAC GSE #26

jclausing --at-- isc [dot] sans (dot) edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
On the heels of the 11 bulletins (mostly IOS) that they released last week, Cisco has released 3 more today.
The FWSM bulletin covers 4 DoS issues and one authentication bypass. The ASA bulletin covers 2 of the same DoS issues, the same auth bypass, plus 1 additional DoS. The NAC bulletin covers a directory traversal issue (by an unauthenticated user)against the (HTTPS)management interface.



Jim Clausing, GIAC GSE #26

jclausing --at-- isc [dot] sans (dot) edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Antivirus vendor Trend Micro recently detected a drive-by download attack on Facebook that used malicious advertisements to infect users with malware.
Criminals, security researchers, vendors and even investors are now taking mobile security more seriously.
Novell Identity Manager 'apwaDetail' Multiple Cross Site Scripting Vulnerabilities
Sprint has a lot to gain by selling the new iPhone 4S starting Oct. 14, including new customers attracted to Sprint's unlimited data plans and up to 2 million existing customers likely to upgrade to Apple's latest smartphone.
In order to provide greater private cloud capabilities, Symantec announced new product versions of Veritas Storage Foundation 6.0, Veritas Cluster Server 6.0 and Veritas Operations Manager 4.1 and eight other products.
NSS Labs is sweetening the pot for its ExploitHub marketplace by offering rewards to security gurus who can write working exploits for a dozen "high-value" vulnerabilities.
India is closer to its much-touted target of a US$35 tablet, with DataWind, a wireless Web access products maker in Montreal, designing and making a device that it will sell to the government for $50.
NetHope, a consortium of IT leaders serving humanitarian agencies, has been keeping things in-house with Sharepoint for years. But a recent move to the cloud via Office 365 is freeing up IT staff and allowing agencies to better share information.
Multiple HTC devices 'HtcLoggers.apk' Application Information Disclosure Vulnerability

A Twitter debate on security investments
CSO (blog)
... but an overblown statement needs to be defended." "Conventional wisdom is on my side UNLESS you are in the small minority that had your budget cut in past 10 years. Or you are are one of those InfoSec guys who think that nothing is ever enough?"

[SECURITY] [DSA 2315-1] openoffice.org security update
Secunia Research: Cyrus IMAPd NTTP Authentication Bypass Vulnerability
vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability
vTiger CRM 5.2.x <= Remote Code Execution Vulnerability
Using private cloud at separate data centers has allowed the Department of Homeland Security to strike a balance between security and cost savings.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
VMSA-2011-0011 VMware hosted products address remote code execution vulnerability
FreeBSD Security Advisory FreeBSD-SA-11:05.unix [REVISED]
HP this week is rolling out an array of networking products for the enterprise campus, branch and data center, including a switch that fills a major gap in the company's offerings.
Samsung Electronics is greeting the new iPhone with more legal action. The company plans to file preliminary injunction motions in Milan, Italy and in Paris asking the courts to block sales of the iPhone 4S, Samsung said on Wednesday.
3M has developed a see-through film that turns ordinary windows into solar panels. It will go on sale next year.
Using Amazon Web Services' new Server Side Encryption feature, enterprises will at no extra cost be able to encrypt data stored on the company's Simple Storage Service (S3), Amazon said Tuesday.
Oracle is using this week's OpenWorld event to dispel lingering questions about its still-evolving cloud computing strategy.
The U.S. tech industry as an employer is shrinking, even as it continues to regain jobs lost during the recession.
Apple shredded prognosticators' reputations yesterday -- it'll be the iPhone 5, it'll have a bigger screen, it'll be only on Sprint -- when the company finally unveiled the iPhone 4S.
CloudBees, Google App Engine, Red Hat OpenShift, and VMware Cloud Foundry reveal the pleasures and perils of coding on a public cloud platform
If you thought talking to your friends with your iPhone let you bond with the device, wait til you talk to it -- and it responds in kind. Ryan Faas takes a look at what Tuesday's iPhone 4S unveiling means.
Salesforce.com chairman and CEO Marc Benioff will on Wednesday speak at a local restaurant in San Francisco, after his keynote at Oracle OpenWorld 2011 was canceled by Oracle.
Salesforce.com chairman and CEO, Marc Benioff will on Wednesday speak at a local restaurant in San Francisco, after his keynote at Oracle OpenWorld 2011 was cancelled by Oracle.
A television broadcast viewable only on smartphones and tablets with special tuners will go live across Japan next year, according to a venture funded by the country's largest television stations and mobile operator.
Internet Storm Center Infocon Status