InfoSec News

EMC announced on Tuesday that it intends to buy Greenplum, Inc., a data warehouse software vendor whose product is based on a massively parallel processing architecture able to scale to petabytes of capacity.
 
The free tool is meant to simplify ASP.Net Web app development by offering support for core coding, deployment, and more
 
EMC plans to acquire Greenplum for an undisclosed sum and form a new division around the privately held company's data warehousing technology.
 
Advanced Micro Devices is looking to invest in technology companies as it tries to build a hardware and software ecosystem around its upcoming Fusion processor, the company said on Tuesday.
 
The Razor view engine, a pluggable module that implements different template syntax options, is due to ship soon
 
Microsoft's Windows Phone 7 has a lot of things but it's been lacking local persistent storage for third-party applications -- until now. A British mobile developer has ported McObject's open source Perst database to Windows Phone, creating an embedded, object-oriented data store for individual applications.
 
After three years in development, Oracle Corp.'s much-anticipated Oracle Business Intelligence Enterprise Edition 11g (OBIEE) suite will be formally released at an event in London on Wednesday.
 
Apple pulled a large number of apps created by a Vietnamese iPhone developer after claims by competitors that he had pushed his software to the top of the bestseller list by purchasing them with stolen credit cards.
 
Over the next decade, the benefits of being social online will greatly outweigh any hindrances that come with it, according to a study.
 
A former senior database administrator at a Houston electricity provider was sentenced to a year in prison for hacking into his former employer's computer network, the U.S. Department of Justice said.
 
Nokia is selling off its wireless modem business to Renesas Electronics, a move that could help the mobile giant better focus on phone competition and get rid of a business that may have been struggling.
 
Drew, one of our readers, wrote us let us know about a new scam being used to spread malware - - well, ok, not so new, but certainly new to me and becoming more popular, enough that it should be on your radar.



Picture this - you're surfing away, and your phone rings. A person claiming to be from a support company or in some cases a Registered Microsoft Support Partner (note that Microsoft does not use this term, it's a made-up designation) tells you that you have a virus, and that for a few hundred in your favourite currency, they'll clean your computer for you. Of course, if this happened as a pop-up, you'd know it was a scam right? maybe? Your Antivirus might catch it, but if not, you'd probably close the window, or perhaps reboot your computer. But would you fall for the live operator on the phone? Would your parents, grandparents or other relatives? How about your manager? your CEO?
The attackers in these schemes have nothing but time to help you to install malware, remote desktop applications or really anything they feel would make their life easier.


After digging a bit, some of these scams seem to be run from locations in India (but most likely not all of them), but when they call your phone, they'll most likely have an area code in your country. They also take advantage of VOIP services to keep their costs low and profits high.



There is no good protection against things like this except for user education in security awareness. Especially in corporations, this should be an ongoing effort, and things like phishing, vishing, fake antivirus and the like should be presented to your user community for what they are as frequently as possible.



More info here == http://www.pcpro.co.uk/news/security/359233/the-unstoppable-tech-support-scam
and here ==http://www.pcpro.co.uk/news/security/356833/pensioner-targeted-by-fake-virus-phone-scam

=============== Rob VandenBrink, Metafore =============== (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Virtually every employee, process and transaction depends on an overly complex business application environment that has grown organically over the decades with no overarching strategy. The environment is populated by aging applications whose ownership, management and user base can be hard to identify. Sometimes these applications are serving inefficient processes that don't meet business demands. And all of this is managed by an already overwhelmed technology staff.
 
Information security pros are picky about the words they use. CSO's Bill Brenner says the annoying terms aren't going away without some creativity.
 
An Adobe patch for a well-publicized bug in the company's Reader PDF software doesn't fix the vulnerability, the security researcher who uncovered the flaw confirmed.
 
Oracle is preparing to launch a major migration of portals that serve customers and technologies gained through its acquisition of Sun Microsystems.
 
How strong is your schmooze? That is the question participants in an upcoming contest at this year's Defcon event will attempt to answer at the end of July. The Social Engineering CTF (capture-the-flag contest) is sponsored by the group that runs the website social-engineer.org and will ask contestants to gather information and then plan a realistic and appropriate attack vector, according to Chris Hadnagy, one of the site's founders.
 
Most corporate networks lack serious oversight, that is, no one is really watching. Watching the network and computer systems is expensive, overwhelming and fraught with false positives. No wonder then that insider attacks go undetected for months, malware proliferates stealthily and hackers can spend their time gradually infiltrating deeper and deeper, undetected.
 
Worldwide chip sales for May reached an all-time high, growing by 47% compared to the same month last year, the Semiconductor Industry Association said in a study.
 
Take a look at the all-in cloud strategy of the Telegraph Media Group. It's an instructive lesson in how rapidly the business world is changing and why IT must take an approach that supports it.
 
A study finds that readers using an e-reader such as the Kindle 2 read nearly 11% slower than reading the equivalent traditional printed page.
 
If you're a techie looking to tune up Windows 7, and are willing to pay for help, you'd do well to give 7Smoker Pro ($30, 7-day free trial) a try. It peers deep into your Windows 7 setup, and lets you customize countless aspects of how it looks and works, including tweaking performance and the user interface, improving security, and cleaning your hard disk.
 
A suspicious application circulating on Facebook has attracted nearly 300,000 fans whose profiles could be used as launching pads for spam, according to a security analyst.
 
Jim Hagemann Snabe was appointed SAP co-CEO in February 2010. Jim Joined the organisation in 1990 and has been a member of the Executive Board of SAP AG since 2008. He spoke with CIO about how he fosters innovation within the enterprise.
 
The WAN that supports the emerging era of mainframe computing is totally different from the WAN that supported the previous era.
 
Microstrategy on Tuesday is announcing a next-generation mobile BI (business intelligence) application for Apple's iPhone, joining the growing pack of enterprise vendors that are embracing the red-hot platform.
 

Forbes (blog)

Throwing The Sun Tzu Baby Out With The InfoSec Bathwater
Forbes (blog)
I'd love to hear either of these two gentlemen discuss where they make the distinction between InfoSec for the enterprise versus InfoSec as an "expression ...

 
If you're on Facebook or MySpace then you're wanted by Interpol -- to help in a hunt for the international police organization's most-wanted fugitives.
 
An anonymous group of security researchers last week published information about an unpatched Windows bug, saying that they were disclosing the vulnerability because of the way Microsoft treated a colleague.
 
Developers who want to create apps for the iPhone or Android devices have a variety of issues to contend with.
 
One of Singapore's biggest banks suffered a major IT outage Monday that took down its computer systems for seven hours.
 
Cisco Systems' reputation as an enterprise vendor could give it an edge, but Apple's popular devices have been out for a while and could be in demand with health care providers.
 
InfoSec News: BlackBerry has to pass security muster in 15 days: http://economictimes.indiatimes.com/Infotech/Hardware/BlackBerry-has-to-pass-security-muster-in-15-days/articleshow/6112344.cms?curpg=1
The Economic Times 1 July 2010
NEW DELHI: Security concerns associated with the services of BlackBerry, the smartphone used by nearly a million customers in India, have come to the fore again, raising the possibility of a fresh standoff between the Canadian service provider and the government.
The government plans to give BlackBerry maker Research in Motion (RIM) 15 days to ensure that its email and other data services comply with 'formats that can be read by security and intelligence agencies' after its spooks recently raised a red flag against the popular handset, said department of telecom (DoT) officials familiar with the matter.
Senior officials of key security agencies in a recent meeting argued that the continuation of BlackBerry services in the present format presents a danger to the country, said these persons who were part of the discussions. The meet was chaired by home secretary GK Pillai and attended by representatives of the home ministry, DoT, intelligence agencies and the National Technical Research Organisation (NTRO).
The government's move is surprising because it had said in late 2008 that all security concerns associated with these devices have been resolved. The government had then, too, threatened to ban the Canadian company's services in India.
[...]
 
InfoSec News: Linux Advisory Watch: July 2nd, 2010: +----------------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | July 2nd, 2010 Volume 11, Number 27 | | | [...]
 
InfoSec News: Social Security numbers of 3,500-plus Guard members at risk: http://www.statesmanjournal.com/article/20100701/UPDATE/100701064/Social-Security-numbers-of-3-500-plus-Guard-members-at-risk
By Capi Lynn Statesman Journal July 1, 2010
The Oregon National Guard continues to deal with the aftermath of a stolen laptop computer that contained the names and Social Security numbers of more than 3,500 soldiers.
The last of the notification letters were mailed today to individuals whose personal information was on the laptop, which was reported stolen from a Guard member’s vehicle June 21 in the Portland area. The Guard member was using the laptop to conduct work from home.
Maj. Gen. Raymond F. Rees, adjutant general Oregon, has asked for a review of laptop procedures and policies as a result of the incident. "He wants an updated policy and education program, and definitely accountability," said Capt. Stephen Bomar, spokesman for the Oregon National Guard.
[...]
 
InfoSec News: Secunia Weekly Summary - Issue: 2010-26: ========================================================================
The Secunia Weekly Advisory Summary 2010-06-24 - 2010-07-01
This week: 51 advisories [...]
 
InfoSec News: Let’s kill the kill-switch debate: http://gcn.com/articles/2010/07/05/cybereye-kill-the-kill-switch-debate.aspx
By William Jackson GCN.com Jul 05, 2010
Let's all get a grip on ourselves and forget about the supposed "kill switch" in the cybersecurity legislation introduced last month by Sen. Joseph Lieberman (I-Conn. [...]
 
InfoSec News: [HITB-Announce] HITB Magazine Issue 003 + HITBSecConf2010 - Amsterdam: Forwarded from: Hafez Kamal <aphesz (at) hackinthebox.org>
Our first ever HITBSecConf in Europe is over! A big big thank you to all our sponsors, speakers, crew, volunteers and of course attendees who made it over to join us!!!
We're already planning for 2011 and the tentative timing for the HITB [...]
 
InfoSec News: UTSA names Frederick Chang AT&T Distinguished Chair in Infrastructure Assurance and Security: http://business.utsa.edu/news/2010/att_chair.aspx
June 29, 2010
(San Antonio) — The University of Texas at San Antonio (UTSA) announced today the appointment of Frederick R. Chang, as the inaugural AT&T Distinguished Chair in Infrastructure Assurance and Security in the UTSA College of Business. [...]
 
InfoSec News: 'US launching cyberwar against Iran': http://www.presstv.ir/detail.aspx?id=133385&sectionid=351020101
Press TV 04 July 2010
A top Iranian official says the United States has devised a model of war against Iran based on information technology.
"Americans have developed a model of war against Iran dubbed irregular war. [...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, June 27, 2010: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, June 27, 2010
6 Incidents Added.
======================================================================== [...]
 

Posted by InfoSec News on Jul 05

http://www.presstv.ir/detail.aspx?id=133385&sectionid=351020101

Press TV
04 July 2010

A top Iranian official says the United States has devised a model of war
against Iran based on information technology.

"Americans have developed a model of war against Iran dubbed irregular
war. It is focused on people and is completely different from classical
wars," Head of the Iranian Passive Defense Organization Gholamreza
Jalali was...
 

Posted by InfoSec News on Jul 05

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, June 27, 2010

6 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide. The Open
Security Foundation asks for contributions of new incidents and new data for...
 

Posted by InfoSec News on Jul 05

http://economictimes.indiatimes.com/Infotech/Hardware/BlackBerry-has-to-pass-security-muster-in-15-days/articleshow/6112344.cms?curpg=1

The Economic Times
1 July 2010

NEW DELHI: Security concerns associated with the services of BlackBerry,
the smartphone used by nearly a million customers in India, have come to
the fore again, raising the possibility of a fresh standoff between the
Canadian service provider and the government.

The...
 

Posted by InfoSec News on Jul 05

+----------------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| July 2nd, 2010 Volume 11, Number 27 |
| |
| Editorial Team: Dave Wreski <dwreski () linuxsecurity com> |
| Benjamin D. Thomas <bthomas () linuxsecurity...
 

Posted by InfoSec News on Jul 05

http://www.statesmanjournal.com/article/20100701/UPDATE/100701064/Social-Security-numbers-of-3-500-plus-Guard-members-at-risk

By Capi Lynn
Statesman Journal
July 1, 2010

The Oregon National Guard continues to deal with the aftermath of a
stolen laptop computer that contained the names and Social Security
numbers of more than 3,500 soldiers.

The last of the notification letters were mailed today to individuals
whose personal information...
 

Posted by InfoSec News on Jul 05

========================================================================

The Secunia Weekly Advisory Summary
2010-06-24 - 2010-07-01

This week: 51 advisories

========================================================================
Table of Contents:

1.....................................................Word From...
 

Posted by InfoSec News on Jul 05

http://gcn.com/articles/2010/07/05/cybereye-kill-the-kill-switch-debate.aspx

By William Jackson
GCN.com
Jul 05, 2010

Let's all get a grip on ourselves and forget about the supposed "kill
switch" in the cybersecurity legislation introduced last month by Sen.
Joseph Lieberman (I-Conn.) and look at the reality instead.

There has been a lot of outrage expressed in recent weeks, much of it by
unquestioning bloggers, about national...
 

Posted by InfoSec News on Jul 05

Forwarded from: Hafez Kamal <aphesz (at) hackinthebox.org>

Our first ever HITBSecConf in Europe is over! A big big thank you to all
our sponsors, speakers, crew, volunteers and of course attendees who
made it over to join us!!!

We're already planning for 2011 and the tentative timing for the HITB
Europe is mid May (stay tuned to our @hitbsecconf twitter stream for all
conference updates).

All conference materials from the event can be...
 

Posted by InfoSec News on Jul 05

http://business.utsa.edu/news/2010/att_chair.aspx

June 29, 2010

(San Antonio) — The University of Texas at San Antonio (UTSA) announced
today the appointment of Frederick R. Chang, as the inaugural AT&T
Distinguished Chair in Infrastructure Assurance and Security in the UTSA
College of Business. Chang joins UTSA from UT-Austin where he currently
serves as the associate dean of information technology for the College
of Natural...
 

Internet Storm Center Infocon Status