InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Based in Singapore, Vish Iyer is president, Tata Consultancy Services (TCS)-Asia Pacific, where he is responsible for managing TCS operations across five geographies and 13 countries in the region. Recently, he had a freewheeling conversation with Zafar Anjum in TCS' Singapore office. The discussion ranged from his new role in the company to the company's initiatives and plans for the region. Here are excerpts from the interview.
Lenovo Monday said that its lighter, quicker ThinkPad, unveiled last spring as part of an effort to attract buyers more interested in smartphones and tablets than PCs, will go on sale later this month.
Microsoft has blocked a popular work-around that let users boot directly to the Windows 8 desktop, a co-author of an upcoming book on the operating system confirmed today.
Almost half of all smartphone owners in the U.S. use mobile shopping apps, with established online players eBay and Amazon.com leading in popularity, according to research company Nielsen.
In a package aimed to mobilize small-business employees, Verizon Wireless has packaged a version of the Microsoft Office 365 online office suite to run on its own cellular services, pricing the service at US$6 per user per month.
OpenTTD 'Water Clearing' Feature Denial Of Service Vulnerability
Intel's former head of Ultra Mobility, hired Monday to become Qualcomm's chief marketing officer, shows that the San Diego-based chip maker is finally serious about marketing, one analyst said.
[ MDVSA-2012:125 ] wireshark
Now that NASA's rover Curiosity has safely landed on Mars, it's time for the robot to get to work, researchers said.
Nuance Communications Monday introduced Nina, a virtual speech assistant that companies can add to iOS and Android mobile apps.
Apple's personal computers remained fixed in fourth place during 2012's second quarter, a spot it's occupied most of the year, according to Rescuecom, a technical support franchise.
Which shared data plans are better -- those from AT&T's Mobile Share, which arrives on Aug. 23, or Verizon Wireless's Share Everything plans that debuted in June?
Criminals are sending malicious emails that purport to come from payroll services firms in order to infect with malware the computers of payroll administrators from various companies, according to researchers from the SANS Internet Storm Center (ISC).
The IPFire developers have ended their support for the Reiser4 filesystem after finding it too difficult to maintain synchronisation between their kernel and the filesystem development

Microsoft has released version 1.0 of its Attack Surface Analyzer tool which allows developers and administrators to gauge the security impact of installing an application on a Windows system

[security bulletin] HPSBMU02798 SSRT100908 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS)
AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution
[SECURITY] [DSA 2522-1] fckeditor security update
iAuto Mobile Application 2012 - Multiple Web Vulnerabilities
DLm8000 is the first EMC disk library for mainframe that will leverage its flagship VMAX storage teshnology.
ZDI-12-134 : IBM Lotus Quickr QP2 ActiveX _Times Remote Code Execution Vulnerability
ZDI-12-133 : GE Proficy Historian ihDataArchiver.exe Multiple Opcode Parsing Remote Code Execution Vulnerabilities
ZDI-12-132 : IBM Lotus iNotes dwa85W ActiveX Attachment_Times Remote Code Execution Vulnerability
PHP '_php_stream_scandir()' Buffer Overflow Vulnerability
ZDI-12-135 : Apple QuickTime JPEG2k Sample Size Atom Remote Code Execution Vulnerability
Apple is investigating reports of shorter battery life on Mac laptops that customers have upgraded to OS X Mountain Lion, according to the company's support forum.
Name: Joe Busky
Coco Chanel once famously advised women to look in the mirror before they left the house and remove one accessory. If the French fashion designer hadn't died 40 years ago and was really into iOS gaming, she might look at Bucketz and cry out for the designers to remove lots of things--anything--to make this physics puzzler less cluttered.
The Norwegian Data Protection Agency is planning to launch an investigation into Facebook's facial recognition feature this fall, a spokesman said on Monday.
Graphics chip maker Nvidia released a new version of its Unix driver on Friday in order to address a high-risk vulnerability that can be exploited by local users to gain root privileges on Linux systems.
AT&T's new voluntary Mobile Share data-sharing plans for consumers and business customers will be available Aug. 23, the carrier announced today.
Sprint plans to deploy small cell gear from Alcatel-Lucent to augment its wireless coverage -- including in its new 4G LTE network -- in high-traffic areas, the two companies announced Monday.
GLPI Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
Wireshark Versions Prior to 1.8.1 Multiple Denial of Service Vulnerabilities
ZDI-12-131 : Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability
ZDI-12-130 : Apple QuickTime Player MP4A Uninitialized Pointer Remote Code Execution Vulnerability
ZDI-12-129 : Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel)
ZDI-12-128 : Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability

Route1, InfoSec Institute and MSPAlliance to Host Webinar on Security, Remote ...
Virtual-Strategy Magazine
Route1 Inc. (TSXV: ROI), a digital security and identity management company, today announced that in conjunction with the InfoSec Institute and the International Association of Cloud and Managed Service Providers (MSPAlliance), that it will host a free ...

and more »

Everything Will Be Connected, Everything Will Be Hacked
blogs.hbr.org (blog)
Africa is not what you'd call a hotbed of information security (infosec) expertise. Some in the field tell me that in three crucial infosec sub-professions — malware expertise, exploit writing, and cryptanalysis/cryptography — the continent cannot ...


You've Got Mail…..and it's delivered via CloudGateway 2
Specifically, the ability to access email via a mobile device significantly boosts employee productivity, but often keeps the InfoSec guys up at night as well. As some of you might have heard, as part of our CloudGateway 2 launch, we announced the ...

Qualcomm on Monday said it has appointed a former Intel executive to run marketing as the company expands in the mobile device space.

Route1, InfoSec Institute And MSPAlliance To Host Webinar On Security ...
Daily Markets (press release)
Route1 Inc. (TSXV: ROI), a digital security and identity management company, today announced that in conjunction with the InfoSec Institute and the International Association of Cloud and Managed Service Providers (MSPAlliance), that it will host a free ...

and more »
eBay goes public about its first implementation of OpenStack along with Nicira network virtualization, hinting at broader adoption to come
One of the most complicated missions ever attempted by NASA, the landing of the one-ton rover Curiosity inside a crater on Mars after a 500 million kilometer journey, has apparently gone without a hitch.
Nvidia has closed a hole in its proprietary graphics driver for Unix systems that allowed attackers to gain root-level access

Lenovo's ThinkPad team plans to release more ultrabook models, and remains "bullish" about the upcoming release of Microsoft's Windows 8, according to company executives, who also said on Monday that the famed PC unit needs to expand further outside its traditional notebook business.
Apache Libcloud Man In The Middle Vulnerability
FCKEditor 'spellchecker.php' Cross Site Scripting Vulnerability
Samsung Electronics will start shipping the Galaxy Note 10.1 later this month, with a 1.4GHz quad-core processor and a software feature from the Galaxy S III.
The adoption of flash storage in the enterprise is boosting database performance, cutting in half the time needed for nightly full backups and providing users with real-time responses. Here's how four companies chose to up their game with flash.
Samsung accused Apple of improperly influencing expert witnesses on Monday, following the amendment of an expert report delivered to the Korean company's legal team late Sunday night.
Following Intel's lead, contract chip maker Taiwan Semiconductor Manufacturing Co. (TSMC), is investing a!838 million (US$1 billion) in Netherlands tools maker ASML to speed up the development of faster and more power-efficient chips while reducing manufacturing costs.
Thanks to increased computerization and access to the outside world for functions including music and social networking, researchers have successfully hacked cars -- brakes applied remotely, conversations overheard, GPS signals interfered with. This has potentially disastrous consequences, especially for managers of large fleets of trucks, cars and other vehicles.
Speculation about a Sept. 12 announcement of a new iPhone triggered a 70% increase in the number of owners trying to unload their current smartphones, online auctioneer eBay said.
Linux Kernel 'rds_recvmsg()' Function Local Information Disclosure Vulnerability
In a recent series of interviews, IDG Enterprises's chief content officer, John Gallant, spoke with several CEOs about a wide range of current challenges facing top tech executives. Some put the customer first, and some decidedly do not. Register to download the PDF.
NVIDIA UNIX Driver VGA Window Local Privilege Escalation Vulnerability
ISC BIND 9 DNSSEC Validation CVE-2012-3817 Denial of Service Vulnerability

Posted by InfoSec News on Aug 06


The New York Times
August 5, 2012

MENLO PARK, Calif. -- The question is no longer who have hackers hit. It
is who has not been hit.

The organizations attacked by pranksters, criminal syndicates or foreign
governments include Google, LinkedIn and the Central Intelligence

Big companies...

Posted by InfoSec News on Aug 06

Forwarded from: Alessandra De Paola <alessandra.depaola (at) unipa.it>

----------Apologies for multiple copies of this announcement---------

The Ninth IEEE PerCom International Workshop on
Sensor Networks and Systems for Pervasive Computing (PerSeNS 2013)...

Posted by InfoSec News on Aug 06


The Economist
from the print edition
Aug 4th 2012

BANBURY, a little English town best known for a walk-on part in a
nursery rhyme and as the eponymous origin of a fruitcake, is an unlikely
fulcrum for the balance of power in the world of telecoms. But the
“Cyber Security Evaluation Centre” set up there by Huawei, a Chinese
telecoms giant, in 2010 marks a new way of...

Posted by InfoSec News on Aug 06


By Steven Musil
Security & Privacy
August 5, 2012

Former Gizmodo reporter Mat Honan is blaming an AppleCare technician for
allowing his personal e-mail and Twitter accounts to be hacked, as well
as the tech blog's official feed.

The Gizmodo breach, apparently perpetrated by a person or group of
people calling themselves...

Posted by InfoSec News on Aug 06


By Robert Tait
The Telegraph
05 Aug 2012

Reza Taghipour, the country's telecommunications minister, said the step
was being taken because sensitive intelligence was vulnerable on the
worldwide web, which he said was untrustworthy because it was controlled
by "one or two" countries hostile to Iran.

IBM Lotus iNotes Upload Module ActiveX Control Buffer Overflow Vulnerability
Internet Storm Center Infocon Status