Share |

InfoSec News

Lawyers for Oracle and Google gave the judge overseeing their Java patent dispute a tutorial on Wednesday that underscored the complexity of the case between the two companies.
 
Microsoft and Toyota plan to use Windows Azure, the software giant's cloud offering, to build a telematics service that will initially serve people who have the car maker's electric and plug-in hybrid cars.
 
During a panel discussion on converging LAN and SAN networks, audience members became agitated over the prospect of network administrators somehow being able to perform their job, or vice versa.
 
Microsoft is advising people not to use an unauthorized tool for downloading two software updates to Windows Phone 7 devices.
 

Information security sector rapidly growing
Lansing State Journal
With increasingly frequent reports of big companies such as Google, DuPont, GE, and Johnson & Johnson being targeted by hackers, the "infosec" career field is growing "as fast as online computing is expanding," said Weaver, 33. ...

and more »
 
The Linux Foundation has started a high availability working group to speed Linux enterprise features.
 
Search engines should stop showing results for websites that infringe copyright and sell counterfeit products, or be held accountable, some U.S. lawmakers and witnesses said Wednesday during a hearing on digital piracy.
 
Hackers have broken into The Hartford insurance company and installed password-stealing programs on several of the company's Windows servers.
 
Cycle Computing builds a 10,000-core supercomputer in the cloud to boost scientific research.
 
Toshiba America Electronic Components introduced a new NAND flash product using 24nm circuitry, along with a dedicated controller for error correction code.
 
If the U.S. government is shut down by a budget impasse, various services could be interrupted, but the IRS will still collect tax returns filed electronically and it will still process refunds.
 
Microsoft and Toyota plan to use Windows Azure, the software giant's cloud offering, to build a telematics service that will initially serve people who have the car maker's electric and plug-in hybrid cars.
 
You wouldn't believe how often I get the same few questions about Microsoft Word. Perhaps the most common: "How do I change the line spacing?"
 

Air Force Link

Windows feature to connect to IPv6 opens door for massive data hijack
Ecommerce Journal
Experts at InfoSec Institute, an information security services company, tried the MITM, or man-in-the-middle, attacks that exploit features that present in recent versions of Windows to make it easy for computers to connect to networks using the next ...
Windows PCs can be compromised by an IPv6 flawInquirer

all 13 news articles »
 
Google's YouTube site is in the midst of an overhaul, according to a Wall Street Journal report Wednesday.
 
Remember how PCs came to dominate corporate computing? It's all going to happen again with tablets and smartphones.
 
A Sprint executive said the carrier could enter the mobile payments market as early as this year, but several analysts urged consumers to be wary of the mounting hype about mobile wallets from wireless carriers.
 
A U.S. Court of Appeals has ruled that the government can confiscate computers from travelers at border locations, and then transport the devices to distant labs for analysis.
 
Microsoft today blamed Apple for changes that will prevent users of Office for Mac 2011 from synchronizing their Outlook calendars with Apple's MobileMe service.
 
Democratic senators call for changes to a 25-year-old e-surveillance law.
 
Toshiba America Electronic Components introduced a new NAND flash product using 24nm circuitry, along with a dedicated controller for error correction code.
 
If the U.S. government is shut down by a budget impasse Friday night at midnight, various services could be interrupted, but the IRS will still collect tax returns filed electronically and process payments.
 
Google's YouTube site is in the midst of an overhaul, according to a Wall Street Journal report Wednesday.
 
[USN-1107-1] x11-xserver-utils vulnerability
 
[SECURITY] CVE-2011-1475 Apache Tomcat information disclosure
 
[USN-1106-1] NSS vulnerabilities
 
A Milan judge has found Google Italy guilty of defamation because of the way its search engine linked the name of an Italian businessman to the word "fraud" and has ordered the company to modify the operation of its Autocomplete service.
 
Microsoft and Toyota plan to use Windows Azure, the software giant's cloud offering, to build a telematics service that will initially serve people who have the car maker's electric and plug-in hybrid cars.
 
Canonical has not yet built an Ubuntu Linux distribution for tablets and will continue development of the OS for PCs and netbooks, company executives said.
 
[SECURITY] CVE-2011-1183 Apache Tomcat security constraint bypass
 
Sonexis ConferenceManager SQL Injection
 
Sonexis ConferenceManager Multiple Cross-site Scripting (XSS) Vulnerabilities
 
Chris Capossela takes the spot vacated by Mich Mathews last week.
 
RETIRED: Joomla Component 'com_media' Local File Include Vulnerability
 
Just hours after launching a tool that let Windows Phone 7 owners grab smartphone updates directly from Microsoft, the developer yanked the utility from his Web site.
 
Xiotech’s new entry level storage blade will integrate controller functions
 
Julian Assange, the embattled founder of Wikileaks, has been granted an extradition appeal by the British High Court.
 
chCounter 'anzahl' Parameter SQL Injection Vulnerability
 
RETIRED: Hot Links SQL Cookie Authentication Bypass Vulnerability
 
Multiple Vendors IPv6 Neighbor Discovery Router Advertisement Remote Denial of Service Vulnerability
 
eyeOS Cross Site Scripting and Information Disclosure Vulnerabilities
 
A network engineer fired by fashion house Gucci has been charged with going on an IT rampage against his former employer in which he deleted data, shut down servers and left the company nursing an estimated $200,000 cleanup bill.
 
Mozilla Firefox's flashy features often bogged down its performance--until now. Though it's still not quite as fast overall as rivals Safari 5 ( Macworld rated 4.5 out of 5 mice ) and Chrome, the leaner, meaner Firefox 4 makes a quantum leap forward from its predecessor. (Image Caption: Results in seconds. Shorter bars are better.)
 
CA Technologies acquires U.S. public sector consulting firm, Base Technologies
 
XSS Vulnerability in Redmine 1.0.1 to 1.1.1
 
Re: [eVuln.com] Cookie Auth Bypass in Hot Links SQL
 
Re: Multiple vulnerabilities in chCounter <= 3.1.3
 
Re: XSS in CompactCMS
 
Yahoo is unhappy with a recent ruling in an Italian court that ordered the company to remove links from its search engine that lead to pirated copies of an Iranian movie.
 
Novell offers Mono for Android, which works with Microsoft's Visual Studio
 
X.Org xrdb Remote Arbitrary Shell Command Injection Vulnerability
 
Classified Ads PLUS Scripts 'cid' Parameter SQL Injection Vulnerability
 
TiVo found a way to create a more agile provisioning method and offer developers cloned databases with which they can test code without worrying about blowing up their joint test environment.
 
MPlayer '.m3u' File Buffer Overflow Vulnerability
 
Ruby on Rails Cross Site Scripting Vulnerability
 
Isis, a joint venture of three U.S. wireless carriers, plans to test smartphone-based mobile wallet technology in Salt Lake City next year.
 
A Taiwanese producer of plastic lenses said on Wednesday its March revenues shot up because of a surge in orders from tablet PC makers, indicating that cameras will be installed on devices due for release later in the year.
 
Freescale Semiconductor won't reopen a seriously damaged chip factory in Sendai, northern Japan, the company said Wednesday.
 
Microsoft and Toyota Motor will announce a collaboration between the two companies later Wednesday, they said.
 
Satyam settles with U.S. Securities and Exchange Commission for $10 million penalty
 
Intuit has warned users of its tax preparation software to be aware of identity theft scams in the wake of a major breach at marketing firm Epsilon.
 
The Smithsonian Museum of American History has added a number of robotic technologies to its collection, including what may have been one of the smallest robots in the world.
 
Seagate's new 320GB GoFlex Slim external hard drive offers USB 3.0 performance in a nicely thin case; however, you will pay for the privilege.
 
InfoSec News: RSA detailing SecurID hack to customers sworn to secrecy: http://www.networkworld.com/news/2011/040511-rsa-hack-nda.html
By Ellen Messmer Network World April 05, 2011
RSA has started providing more detail into the mid-March attack on its SecurID token-based authentication system, but to get a fuller story you [...]
 
InfoSec News: DNSSEC Finally Comes To .com, But Secure DNS Still Has A Long Way To Go: http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/229400940/dnssec-finally-comes-to-i-com-i-but-secure-dns-still-has-a-long-way-to-go.html
By Kelly Jackson Higgins Darkreading Apr 05, 2011
The DNSSEC protocol for securing the Internet Domain Services Name (DNS) [...]
 
InfoSec News: PCTEL Plans Secure Android Phone for 'Top Secret' Clearances: http://www.pcmag.com/article2/0,2817,2383072,00.asp
By Mark Hachman PC Mag April 4, 2011
PCTEL said Monday that the company had established a supply agreement for the development of a secure Android phone that it will market to government agencies whose employees have "Top Secret" clearance. [...]
 
InfoSec News: Phone hacking: NoW journalists arrested: http://www.guardian.co.uk/media/2011/apr/05/phone-hacking-affair-now-journalists-arrested
By Amelia Hill Guardian.co.uk 5 April 2011
The former news editor and current chief reporter from the News of the World have been arrested on suspicion of unlawfully intercepting mobile [...]
 
InfoSec News: Cyberwars Should Not Be Defined in Military Terms, Experts Warn: http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=363
By Eric Beidel NDIA Blog 4/5/2011
NATIONAL HARBOR, Md. -- Military leaders have repeatedly proclaimed that they cyberspace should be considered a "battle domain," like land, sea, air and space. [...]
 
eyeOS Cross Site Scripting and Local File Include Vulnerabilities
 
TextPattern 'index.php' Cross Site Scripting Vulnerability
 
IBM Lotus Domino iCalendar Remote Stack Buffer Overflow Vulnerability
 
Graugon Forum 'admin.php' SQL Injection Vulnerability
 

Posted by InfoSec News on Apr 05

http://www.networkworld.com/news/2011/040511-rsa-hack-nda.html

By Ellen Messmer
Network World
April 05, 2011

RSA has started providing more detail into the mid-March attack on its
SecurID token-based authentication system, but to get a fuller story you
have to be an RSA customer willing to sign a nondisclosure agreement
(NDA).

An NDA means that you agree to keep secret what RSA would be willing to
tell you. Sources say RSA is reaching out...
 

Posted by InfoSec News on Apr 05

http://www.guardian.co.uk/media/2011/apr/05/phone-hacking-affair-now-journalists-arrested

By Amelia Hill
Guardian.co.uk
5 April 2011

The former news editor and current chief reporter from the News of the
World have been arrested on suspicion of unlawfully intercepting mobile
phone voicemail messages.

Ian Edmondson and Neville Thurlbeck had voluntarily presented themselves
at different London police stations this morning and were arrested....
 

Posted by InfoSec News on Apr 05

http://www.nationaldefensemagazine.org/blog/Lists/Posts/Post.aspx?ID=363

By Eric Beidel
NDIA Blog
4/5/2011

NATIONAL HARBOR, Md. -- Military leaders have repeatedly proclaimed that
they cyberspace should be considered a "battle domain," like land, sea,
air and space.

But that may be the wrong approach to cybersecurity, said Martin
Libicki, senior management scientist at the RAND Corp. It also would be
a mistake for the U.S....
 

Posted by InfoSec News on Apr 05

http://www.pcmag.com/article2/0,2817,2383072,00.asp

By Mark Hachman
PC Mag
April 4, 2011

PCTEL said Monday that the company had established a supply agreement
for the development of a secure Android phone that it will market to
government agencies whose employees have "Top Secret" clearance.

The phone will be branded by PCTEL Secure, the partnership between PCTEL
and Eclipse Design Technologies, the companies said. The phone,...
 

Posted by InfoSec News on Apr 05

http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/229400940/dnssec-finally-comes-to-i-com-i-but-secure-dns-still-has-a-long-way-to-go.html

By Kelly Jackson Higgins
Darkreading
Apr 05, 2011

The DNSSEC protocol for securing the Internet Domain Services Name (DNS)
is now fully deployed at the root servers and top-level domains, with
the last of the domains and the biggest -- .com -- signed with DNSSEC
late last...
 


Internet Storm Center Infocon Status