InfoSec News

SGI has launched a modular data center that uses outside air instead of chilled water to cool the IT gear inside, making it highly energy efficient, the company said Monday.
 
E-book readers aren't limited to the portable hardware devices that deliver traditional printed books in electronic format. Instead of focusing on new hardware, the folks at K-NFB Reading Technology (a company founded by voice recognition pioneer Ray Kurzweil) have developed PC software that re-creates the graphic elements of traditional printed books and effortlessly delivers related content such as multimedia.
 
An online retailer who boasted that complaints about his business helped boost its standing in Google search results was arrested Monday.
 
GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
 
With its buyout offer of Groupon reportedly rejected, Google has several options. It could try again to buy the localized deal-of-the-day Web site, it could for a similar company to buy, or it could build its own Groupon-like service.
 
NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability
 
Cisco Unified Videoconferencing FTP Server Security Weakness
 
Cisco Unified Videoconferencing Password Obfuscation Vulnerability
 
Cisco Unified Videoconferencing Security Bypass Vulnerability
 
It would be foolhardy to proclaim the death of the PC in a year in which Windows 7 was key to record quarterly sales for Microsoft. The top stories of 2010, however, show that the PC for many people around the world has already become just one of several devices used to tap the Internet and a world of applications for entertainment and business -- and that increasingly, the main Internet access device is not a PC. The billions of devices connected to the Internet globally are also giving rise to data and security issues for the wired and mobile worlds alike. Microsoft Chief Software Architect Ray Ozzie's farewell note to his colleagues in October warned them that the PC software giant has to brace for a "post-PC world." News flash for Mr. Ozzie & Co.: The post-PC era has already begun.
 
You've probably heard the phrase, "Failure is the key to success." But are security professionals really learning from their mistakes? As identity theft and online risks keep growing, is our industry rising to the challenge or repeating the miscues of the past? While security technology is improving, the bad guys also have access to better tools. So are the good guys working smarter?
 
Amazon plans to demonstrate a new version of Kindle for the Web on Tuesday, one day after Google launched its Google eBooks and eBookstore strategy.
 
Salesforce.com enters this year's Dreamforce conference riding a wave of rapid growth and increasing technological breadth, but much work remains ahead of it, analysts say.
 
Firefox 4 will automatically update the browser's extensions, a Mozilla interface designer said Sunday.
 
An Alabama jury has ordered Ross Systems Inc. to pay $61.4 million in damages to pet food maker Sunshine Mills over a botched ERP implementation.
 
Linux Kernel Invalid 'fs' and 'gs' Registry Denial of Service Vulnerability
 
Apple will launch its Mac App Store next week, according to a blog that cited an "inside source" at the company.
 
Businesses will increasingly turn to social networking tools in 2011, but there will be fewer social platforms for companies to choose from, according to predictions from IT research firm IDC.
 
The Bose Bluetooth headset offers great sound but lacks features available elsewhere (for a lower price), such as A2DP technology and voice prompts.
 
Oracle will port its Enterprise Linux distribution to Sun's Sparc processor, a move that could help it compete better against IBM and Hewlett-Packard in the high-end server business.
 
A quick perusal of your Downloads folder may reveal a lot of executable and/or Zip files your just plain don't recognize. For example, I have one called pwhe42, another called 385-INST-WIN7-A, and three with oh-so-helpful name of Setup. (Developers should be shot for that one.) How are you supposed to know what these files are for--especially if they've been there awhile?
 
AVG, McAfee and Microsoft Corp. will work with the ISCA Labs to test and certify integrated endpoint security components.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Juniper Networks acquired Altor Networks in a $95 million deal to sell its virtualization security technologies alongside security appliances that protect physical systems.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Call for papers: 4th USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET)
 
Shipments of smartphones, tablets and other app-enabled devices will overtake PCs shipments in the next 18 months, an event that may signify the end of the PC-centric era, market research firm IDC said.
 
The Integrated Cloud Delivery Platform, jointly developed by Cisco and BMC, is aimed at eliminating many of the manual steps required to set up and provision cloud computing services.
 
Buffalo shattered the $1,000 barrier for a terabyte of shared storage back in 2005. With storage prices continuing to drop, that same $1,000 today can buy a four or even five terabyte network attached storage (NAS) device with RAID 5 disk redundancy, plus additional features, like backup storage licenses and indexing capabilities.
 
Samsung Electronics and Google on Monday announced the Nexus S smartphone, which will come with Android 2.3, the latest version of Google's OS, also code-named Gingerbread.
 
WordPress 'do_trackbacks()' Function SQL Injection Vulnerability
 
Adobe ExtendScript Toolkit CS5 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
 
010 Editor 'wintab32.dlll' DLL Loading Arbitrary Code Execution Vulnerability
 
Chinese security firms with ties to the Chinese military have hired hackers, including the group behind the original Blaster worm, U.S. diplomats alleged in a 2009 cable published by WikiLeaks.
 
When it comes to data centers, location counts, at least if your organization does high-speed trading.
 
Samsung Electronics and Google on Monday announced the Nexus S smartphone, which will come with Android 2.3, the latest version of Google's OS, also code-named Gingerbread.
 
Adobe Photoshop 'dwmapi.dll' DLL Loading Arbitrary Code Execution Vulnerability
 
MPLAB IDE 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
 
Google Earth 'quserex.dll' DLL Loading Arbitrary Code Execution Vulnerability
 

Cable reveals US concerns over Chinese cyber-warfare
ZDNet UK
Chinese information security companies such as Topsec, the largest Chinese infosec vendor, have recruited known hackers, according to a US diplomatic cable ...

and more »
 
A jury in Alabama last week awarded pet food maker Sunshine Mills $61 million in connection with its lawsuit over a problematic Ross Systems ERP software package.
 
After online spending records were set on Cyber Monday, holiday e-commerce dropped off sharply later that week.
 
rPSA-2010-0076-1 gnupg
 
[www.eVuln.com] SQL Injection vulnerability in Alguest
 
DIMVA 2011 Call for Workshops Proposals
 
'Pulse CMS Basic' Local File Inclusion Vulnerability (CVE-2010-4330)
 

The Tech Herald

Security firm fights racism in InfoSec while apparently profiting from it
The Tech Herald
However, within IT, the InfoSec community cares little for such things. This is why the previous claims and recent actions taken by Ligatt Security have ...

 
Google announced Google eBooks and Google eBookstore on Monday, launching a long-anticipated cloud-based system to allow readers to buy e-books online from a choice of booksellers and to read them with a variety of devices.
 
The dirty dozen of application development pitfalls -- and how to avoid these all-too-common programming blunders
 
Is Congress really ready to make the U.S the world's No. 2 supercomputing power?
 
Linux Kernel TIOCGICOUNT CVE-2010-4077 Information Disclosure Vulnerability
 
Linux Kernel CVE-2010-4073 Information Disclosure Vulnerability
 

Information Security Bookshelf: Part 1 (2011 Edition)
informIT
A great book to start into the InfoSec field; or to recommend to friends, co-workers, or family members who just want to understand and apply fundamental ...

 
Insomnia is bad news for software engineers' mental health and deserves greater attention, according to the authors of a study in India.
 
Our manager's new company uses more 30 SaaS apps, a situation that opens many doors to potential data compromise.
 
A Computerworld Premier 100 IT leader offers advice on handling a colleague's negativity and leveraging an MBA. Plus, after weathering the economic turmoil of the past three years, premium pay for IT certifications took a tumble in the third quarter.
 
With the sluggish economy and new licensing models, IT managers are in a strong position to negotiate with software vendors and get more for their money. But it requires doing more homework than usual.
 
Traditional text search technologies fail to find all relevant documents, but there are efforts under way to improve the technology and add human expertise.
 
Web creator Tim Berners-Lee warns that social networking sites lead to a fragmented Web instead of a 'universal information space.'
 
IT leaders are expected to anticipate the business's needs, but recent events suggest we often don't know what is actually going on.
 
One in every eight malware attacks occurs via a USB device, often targeting the Windows AutoRun function, according to security vendor Avast Software.
 
The Southern California Earthquake Center is moving its simulations to a 10-petaflop supercomputer to speed up analysis of the effects of a big quake.
 
Data center workers were a big part of the unexpectedly weak U.S. labor report released Friday, as TechServe Alliance said only 600 new IT jobs were created in November.
 
Pulse CMS Basic Local File Include Vulnerability
 
InfoSec News: Hacking of CBI website raises question over safety regulations: http://economictimes.indiatimes.com/articleshow/7047770.cms
The Economic Times 5 Dec, 2010
NEW DELHI: The recent hacking of CBI's website by a group called 'Pakistani Cyber Army' has raised questions over the safety regulations of servers provided by National Informatics Centre, the organisation responsible for maintaining government servers.
While the NIC maintains a studied silence over the entire issue, sources in the security establishment say that the safety mechanism of the NIC was not up to the mark and several reminders were being sent to them for upgrading their hardware.
The official website of the CBI was hacked by the 'Pakistani Cyber Army' on the intervening night of December 3 and 4. The CBI had yesterday registered a case against unknown persons in this connection.
[...]
 
InfoSec News: 'Long-term' Employee Responsible for Mesa County Data Breach: http://www.kjct8.com/news/26008917/detail.html
By Don Coleman kjct8.com December 3, 2010
GRAND JUNCTION, Colo. -- Mesa County is trying to figure out the extent of a security breach that put secure law enforcement files and some peoples' personal information out on the internet for anybody to view.
Officials say the error occurred while preparing for a future transition to a new software system for the Mesa County Sheriff’s Office. The person responsible has been let go, but the problem is just beginning for investigators.
"It's the county's fault that it was there," Sheriff Stan Hilkey said.
On purpose or not, Mesa County is dealing with a pretty big problem. "We are taking this very seriously," acting County Administrator Stefani Conley said. "This was a situation, that again, should not have happened."
Hundreds of thousands of pieces of personal information have been leaked onto an un-secure file-transfer website, or FTP.
[...]
 
InfoSec News: Chinese Authorities Arrest 460 Hackers: http://www.eweekeurope.co.uk/news/chinese-authorities-arrest-460-hackers-14955
By Sophie Curtis eWEEK Europe December 3, 2010
Hundreds of computer hackers have reportedly been arrested in China this year, as part of a large-scale crackdown on cyber crime. [...]
 
InfoSec News: Expert: Pentagon cybersecurity changes 'very basic, very late': http://articles.cnn.com/2010-12-02/us/wikileaks.computer.security_1_cyber-security-wikileaks-website-computer-system?_s=PM:US
By Ashley Fantz CNN December 02, 2010
When WikiLeaks first caused an international uproar this summer by publishing reams of classified U.S. [...]
 
InfoSec News: Frank W. Lewis, Master of the Cryptic Crossword, Dies at 98: http://www.nytimes.com/2010/12/03/arts/03lewis.html
By DOUGLAS MARTIN The New York Times December 3, 2010
For more than six decades, Frank W. Lewis mesmerized, mystified and miffed a circle of obsessed people by writing a devilishly quirky cryptic crossword puzzle for The Nation. [...]
 
ClamAV Prior to 0.96.5 Multiple Vulnerabilities
 
VideoCharge Studio '.vsc' File Remote Buffer Overflow Vulnerability
 
HotWeb Scripts HotWeb Rentals 'resorts.asp' SQL Injection Vulnerability
 
TFTPUtil GUI Long Transport Mode Buffer Overflow Vulnerability
 
GateSoft Docusafe 'ECO.asp' SQL Injection Vulnerability
 
Tokyo Institute of Technology's newest supercomputer, Tsubame 2.0, proves that high-power computing can go hand-in-hand with energy efficiency. The new computer, which was inaugurated last week, is the second most energy-efficient supercomputer in the world and that's thanks to an administrator who was more concerned with the monthly electricity bill than the cost of the hardware.
 
We installed the IPsonar EliteBook server on a network consisting of six Fast Ethernet subnet domains connected via Cisco routers and T1, Frame Relay and DSL Internet links.
 
Documenting your network may sound like a mundane task, but it’s vitally important for IT managers to keep their network documentation up to date for a number of reasons.
 

Posted by InfoSec News on Dec 05

http://www.nytimes.com/2010/12/03/arts/03lewis.html

By DOUGLAS MARTIN
The New York Times
December 3, 2010

For more than six decades, Frank W. Lewis mesmerized, mystified and
miffed a circle of obsessed people by writing a devilishly quirky
cryptic crossword puzzle for The Nation. But there were some bridges
even he would not cross.

If the clue “BEFORE FALL” led to the answer “PRIDE,” for example,
drawing from the Bible, he...
 

Posted by InfoSec News on Dec 05

http://economictimes.indiatimes.com/articleshow/7047770.cms

The Economic Times
5 Dec, 2010

NEW DELHI: The recent hacking of CBI's website by a group called
'Pakistani Cyber Army' has raised questions over the safety regulations
of servers provided by National Informatics Centre, the organisation
responsible for maintaining government servers.

While the NIC maintains a studied silence over the entire issue, sources
in the security...
 

Posted by InfoSec News on Dec 05

http://www.kjct8.com/news/26008917/detail.html

By Don Coleman
kjct8.com
December 3, 2010

GRAND JUNCTION, Colo. -- Mesa County is trying to figure out the extent
of a security breach that put secure law enforcement files and some
peoples' personal information out on the internet for anybody to view.

Officials say the error occurred while preparing for a future transition
to a new software system for the Mesa County Sheriff’s Office. The...
 

Posted by InfoSec News on Dec 05

http://www.eweekeurope.co.uk/news/chinese-authorities-arrest-460-hackers-14955

By Sophie Curtis
eWEEK Europe
December 3, 2010

Hundreds of computer hackers have reportedly been arrested in China this
year, as part of a large-scale crackdown on cyber crime.

The Ministry of Public Security reported on Tuesday that, since January
2010, Chinese authorities have arrested 460 hackers, resolved 180 cases
of computer crimes, and closed 14 websites...
 

Posted by InfoSec News on Dec 05

http://articles.cnn.com/2010-12-02/us/wikileaks.computer.security_1_cyber-security-wikileaks-website-computer-system?_s=PM:US

By Ashley Fantz
CNN
December 02, 2010

When WikiLeaks first caused an international uproar this summer by
publishing reams of classified U.S. intelligence, possibly stolen by a
23-year-old soldier using a CD and a memory stick, the Pentagon pledged
to fix loopholes in its computer systems.

So how is that going?

Sixty...
 


Internet Storm Center Infocon Status