InfoSec News

Fusion-io previewed a technology on Thursday that gives server CPUs more direct access to stored data, apparently achieving I/O performance far beyond that found in typical data centers.
One Laptop Per Child's XO-3 tablet is ready to ship after years in the making, and working units will be shown next week at the Consumer Electronics Show in Las Vegas, OLPC founder and chairman Nicholas Negroponte said.
Novell Netware 'XNFS.NLM' Component 'xdrDecodeString()' Remote Buffer Overflow Vulnerability

New York Times

Hackers expose Norton's Antivirus source code
GMA News
Infosec Island said a hacker with the handle YamaTough provided it a copy of the file, which Symantec confirmed to contain a segment of its source code. "Symantec can confirm that a segment of its source code has been accessed. ...
Hackers Get Copy of Symantec AntiVirus Source CodeSecurityNewsDaily
Symantec downplays source-code trophy theftRegister
Symantec confirms antivirus source code hackNew Scientist (blog)
Naked Security
all 134 news articles »
The leak affected Symantec?s endpoint protection and corporate antivirus software. Symantec recommends customers ensure their products are up to date.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2011-3660 Multiple Memory Corruption Vulnerabilities


IT Security Pros Go Full Year with No Joblessness
Even if the unemployment rate for information security analysts wasn't zero, as the statistics imply, it was likely to have been extremely low, suggesting available jobs requiring IT security know-how far outnumber individuals with the needed infosec ...

and more »
Casio has developed a new way to send information between smartphones and other gadgets, encoding it visually in small sets of flashing pixels that appear on the screen of one device and are read by the camera of another.
Surfers around the world are getting ready to honor Surfline founder and president Sean Collins, who died December 26 from a sudden heart attack. He was 59-years-old. Collins turned a hobby into a profitable surf forecasting business relied-on by many surfers and ocean enthusiasts.
Redmine Multiple Vulnerabilities
Intel will get a strong indication at next week's Consumer Electronics Show whether its decision to bet heavily on ultrabooks is a good one -- or not.
Windows 8 includes a storage scheme suitable for business deployment that can treat hundreds of disks as a single logical storage reservoir and ensures resiliency by backing up data on at least two physical disks.
Owners of Apple's new iPhone 4S consume twice as much data as iPhone 4 users, and triple that of iPhone 3GS owners, a U.K.-based network management firm said today.
NetApp announced it will raise the price of disk drives in its storage systems by 5% to 15% in the wake of Thailand's flooding, which affected the world hard drive supply.
0xOmar, the Saudi hacker who has pretty much owned every credit card in Israel has released another statement today in light of yet more disinformation from the governments and news coverage in attempts to cover this up and make it end. The message which has been posted on paste bin can been seen below, has one clear [...]

Well just a couple of days worth of account dumps, as normal cant really confirm exactly how they was obtained or how real they all are but one thing is for sure there is a lot. http://pastebin.com/UAwP8uD3 http://pastebin.com/DxTB2DeJ http://pastebin.com/ptt0eRP3 http://pastebin.com/Y37h5TAK http://pastebin.com/JLQ6zjxB http://pastebin.com/bqpfPhju  

A report released by PhishTank, the world’s largest community-powered anti-phishing effort, shows a surge in phishing sites targeting Visa, MasterCard and Airlines Rewards Programs during the holiday spending season.

FAIRFAX, Va., Jan 06, 2012 (BUSINESS WIRE) — SRA International, Inc., a leading provider of technology and strategic consulting services and solutions to government organizations, today announced that the National Library of Medicine on behalf of the Center for Information Technology (CIT) has awarded SRA the National Institutes of Health (NIH) IT Customer Service Portfolio [...]

724CMS SQL Injection Vulnerability

Fox News

Symantec downplays source-code trophy theft
The Lords of Dharmaraja threatened to publicly disclose the secret sauce source code of the industry's largest infosec firm. In the meantime the group published documents related to API interfaces on Pastebin. In addition, the group shared source code ...
Hackers Get Copy of Symantec AntiVirus Source CodeSecurityNewsDaily
Symantec confirms antivirus source code hackNew Scientist (blog)
Symantec's Norton AntiVirus source code exposed by hackersNaked Security

all 127 news articles »
Mozilla on Thursday said it will kick off a slower-paced Firefox release schedule for enterprises at the end of this month. Insider (registration required)
With ultrabooks poised to be the hottest devices to come out of this year's Consumer Electronics Show, analysts say the new hardware should be a boon for enterprise IT shops.
A company making ARM processors used in inexpensive Chinese tablets hopes to make a splash in the U.S. and Europe this year and drive down prices of Android 4.0 tablets to under US$100.
It would seem that STRATFOR has been taken for fools again, this time some one has hijacked the official email message and started sending it out to the exposed clients list. Now its really no need to explain who and what has happened to them over the past weeks so lets just move on. Now really [...]

IpTools - Rcmd Remote Overflow Vulnerability
[SECURITY] [DSA 2381-1] squid3 security update
IpTools(Tiny TCP/IP server) - WebServer Directory Traversal Vulnerability
[ GLSA 201201-02 ] MySQL: Multiple vulnerabilities
Computerworld coverage of the Consumer Electronics Show from Las Vegas.
Marvell today unveiled a new solid state storage controller that can be used to create PCIe-based flash cards that scale up in performance and capacity using commodity hardware.
As end users bring their own devices to work, download apps and sign up for cloud services, it's getting harder for IT to maintain application visibility and control performance. Trends such as consumerization, mobility and cloud computing are also increasing business risk, CIOs say.
ZDI-12-007 : Novell Netware XNFS.NLM STAT Notify Remote Code Execution Vulnerability
ZDI-12-006 : Novell Netware XNFS.NLM NFS Rename Remote Code Execution Vulnerability
ZDI-12-005 : Apple Quicktime RLE BGRA Decoding Remote Code Execution Vulnerability
ZDI-12-004 : Apple Quicktime JPEG2000 COD Remote Code Execution Vulnerability
ZDI-12-002 : HP OpenView NNM ov.dll _OVBuildPath Remote Code Execution Vulnerability
ZDI-12-001 : HP Managed Printing Administration img_id Multiple Vulnerabilities
At the end of every year, we take the requisite look back, and the end of 2011 was no exception—we reviewed the year in iOS, the year in Mac, Apple’s financial performance, the year in quotes, and Macworld’s most read and most loved and loathed stories.
The ability of the U.S. to compete globally is eroding, according to a Commerce Department report released Friday that described itself as a "call to arms."
In advance of CES in Las Vegas next week, Lenovo today announced laptops targeting small and midsize businesses. Looking to combine "serious business technology and personal lifestyle computing features", Lenovo introduced the $499 B Series entry-level laptop. But it’s the ThinkPad Edge S Series that’s more interesting, with an ultrabook option as well as hybrid storage that combines a solid-state drive (SSD) with a hard disk.
Corporations need to carefully consider how they will use social networking. One certainty: They can't ignore it. Insider (registration required

Fox News

Symantec confirms antivirus source code hack
New Scientist (blog)
But later, a hacker known as Yama Tough provided security site Infosec Island with files that appeared to contain source code from the 2006 version of Norton Antivirus. The site passed the code on to Symantec, who then confirmed in a statement that it ...
Symantec's Norton AntiVirus source code exposed by hackersNaked Security

all 92 news articles »
Sony said Friday it will begin selling memory cards with write speeds of 125 Mbps, the fastest in the industry, from February.
Oracle MySQL Prior to 5.1.49 'DDL' Statements Denial Of Service Vulnerability

Naked Security

Symantec's Norton AntiVirus source code exposed by hackers
Naked Security
And secondly, the hacking group shared source code related to what appears to have been the 2006 version of Symantec's Norton AntiVirus product with journalists from Infosec Island. The content on PasteBin has since been removed, and Yama Tough's ...

and more »
An electronic ballot scanning device set for use in this year's presidential elections, misreads ballots, fails to log critical events and is prone to freezes and sudden lockups, the U.S. Elections Assistance Commission found.
The four top Linux distributions -- Fedora, Mint, openSUSE and Ubuntu -- differ widely in their approach to the desktop. We look at all four and figure out which is right for you.
The four top Linux distributions -- Fedora, Mint, openSUSE and Ubuntu -- differ widely in their approach to the desktop. We look at all four and figure out which is right for you.
Symantec late Thursday confirmed that source code used in two of its older enterprise security products was publicly exposed by hackers this week.
Recently there has been great deal of interest within the interwebs about the big Israeli credit card leaks. Well the hacker behind this has recently released another update that has been aimed at main media that is getting it wrong, released another dump of credit cards and continued to urge people to use them; as well as sending out further warnings. [...]


Posted by InfoSec News on Jan 06


Chicago Sun-Times
January 5, 2012

FLAGSTAFF, Ariz. -- Keith Little envisioned a place that would house the
stories of the Navajo Code Talkers and where people could learn more
about the famed World War II group who used their native language as a

His family now hopes to carry out his dream of a museum...

Posted by InfoSec News on Jan 06


By Max Harrold
Postmedia News
January 5, 2012

MONTREAL -- "For the other 20 kilos, let's talk on Skype."

It may be marketed as a cheery way to video-chat live on the Internet
with your cousin overseas but Skype is also the method of choice for a
lot of organized criminals, especially now that police have breached the...

Posted by InfoSec News on Jan 06


By Oded Yaron and Ophir Primat
Haaretz Daily Newspaper

The Saudi hacker who earlier this week exposed the details of an
estimated 15,000 Israeli credit cards yesterday posted 11,000 additional
card numbers and threatened to release the details of one million stolen
credit card numbers in all.

In a message...

Posted by InfoSec News on Jan 06


By Spencer Ackerman
Danger Room Wired.com
January 5, 2012

The President announced his vision for the future of the U.S. military
today. Kiss big counterinsurgencies goodbye. Get ready for more shadow
wars, drone attacks and online combat, with the military’s eyes on the
Pacific, rather than Afghanistan.

In a rare visit to the Pentagon, President Obama declared that the U.S....

Posted by InfoSec News on Jan 06


By Kelly Jackson Higgins
Dark Reading
Jan 05, 2012

A researcher today published proof-of-concept code that takes a
different spin on the slow HTTP denial-of-service (DoS) attack simply by
dragging out the process of reading the server's response -- and
ultimately overwhelming...

Posted by InfoSec News on Jan 06


The Secunia Weekly Advisory Summary
2011-12-29 - 2012-01-05

This week: 19 advisories

Table of Contents:

1.....................................................Word From Secunia...

Posted by InfoSec News on Jan 06


By Gregg Keizer
January 5, 2012

Microsoft today said it would deliver seven security updates next week
-- tying the record for January -- to patch eight vulnerabilities in
Windows and its developer tools.

But the company declined to confirm that the Jan. 10 slate will include
a patch pulled at the last minute a month ago.

One of the seven...
Apache Struts Remote Command Execution and Arbitrary File Overwrite Vulnerabilities
Google said Thursday that TV heavyweights Samsung and LG will launch sets that run its Google TV platform, with new models to be showcased at the International Consumer Electronics Show next week in Las Vegas.
Well it whats been an eventful day with fair few big things going down, one namely been Sony Pictures facebook and website got hacked. well shortly after one of the hacker @s3rver_exe has has had their twitter account hacked as well. What lead out from the words “skid” to the wrong person has ended up [...]

The Brazilian government has come under attack once again by Anonymous this time its targeting the Ministry of Environment, the attack which was done recently has leaked server data and few logins from ambiente.gov.br. English Press release image from Anonymous Also it has emerged that #OpAmaZonaSave 2.0 is in action with clear targets set out already so we can [...]

Internet Storm Center Infocon Status