InfoSec News

Verizon Wireless said Wednesday that its engineers are working to resolve an issue with its 4G (fourth-generation) LTE (Long Term Evolution) service, that is affecting some customers' 4G devices.
The Greenplum division of EMC is building a single data analytics platform that can crunch both structured and unstructured data and give a broad range of users the tools to study an enterprise's information.
While consumers and developers have enjoyed free access to the developer's preview of Windows 8 for a few months, precious little information surrounding Microsoft's promised online app store was available for consumption--until Tuesday night.
Yahoo will introduce on Wednesday several new features in its Search BOSS application development platform intended to make it easier for programmers and web publishers to adopt and use.
Cisco WebEx WRF and ATAS32 File Format Multiple Remote Buffer Overflow Vulnerabilities
Apple QuickTime Prior To 7.7.1 Movie File Handling Remote Code Execution Vulnerability
ChaSen Unspecified Buffer Overflow Vulnerability
The government of India has asked Internet giants Google, Facebook and Yahoo to screen user content from that country and nix anything "disparaging, inflammatory or defamatory," according to reports.
One of the main reasons for deploying desktop virtualization is the security advantages it can provide, such as keeping sensitive data off the endpoint, according to Citrix.
Oracle has suffered a setback in its lawsuit accusing Google of patent infringement and copyright violation in its Android operating system: The U.S. Patent and Trademark Office has rejected one of Oracle's Java-related patents -- although it did uphold another.
colord Multiple SQL Injection Vulnerabilities
[SECURITY] [DSA 2361-1] chasen security update
Yahoo has won a lawsuit against spammers, a legal victory that also includes a default judgment of $610 million.
One Click Orgs Multiple Security Vulnerabilities
simplePHPWeb 'file.php' Authentication Bypass Vulnerability
[ MDVSA-2011:181 ] proftpd
DDIVRT-2011-38 KnowledgeTree login.php Blind SQL Injection
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Security researchers at Symantec today confirmed that exploits of an unpatched Adobe Reader vulnerability targeted defense contractors, among other businesses.
If used correctly, TeleHealth can deliver a 15% reduction in emergency room visits, a 20% reduction in emergency admissions and a 45% reduction in mortality rates, according to a U.K. Department of Health study.
A Facebook bug came back to haunt the company's co-founder and CEO, Mark Zuckerberg.
util-linux Package 'mount' and 'umount' Multiple Local Denial of Service Vulnerabilities
Malware authors are just beginning to target popular mobile platforms, and experts say enterprises need to gain control of the devices connecting to the corporate network.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Adobe has issued a warning about a critical zero-day vulnerability in Adobe Reader and Acrobat for Windows. An emergency security update is scheduled.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Family Connections 'argv[1]' Parameter Remote Arbitrary Command Execution Vulnerability
Gibbs is really impressed with a tiny computer with an amazing set of features.
Dell is rounding out its cloud CRM (customer relationship management) service with the addition of Salesforce.com's Service Cloud customer-service software, the companies announced Wednesday.
Verizon Wireless is thwarting the use of the Google Wallet mobile payment app, at least for now, on the coming Galaxy Nexus smartphone running on Verizon's 4G LTE network.
AT&T's decision to withdraw its application to obtain T-Mobile USA's mobile spectrum license at the U.S. Federal Communications Commission raises a question about whether the company's proposed acquisition is still active, the U.S. Department of Justice has said.
XOOPS HTML Injection and Cross Site Scripting Vulnerabilities
Flipboard shipped its first iPhone app earlier today, but within hours the company acknowledged that its service was down, overwhelmed by demand.
OpenDNS has released a preview of a tool that will encrypt DNS (Domain Name System) requests between a person's computer and the company's lookup service, potentially blocking malicious interceptions.
30 Days With the Cloud: Day 18
A major SAP ERP project being conducted by the New South Wales Department of Education and Communities has hit a rocky patch, with projected costs for the first phase ballooning from $157 million (U.S.) to $215 million (U.S.), according to a new report by the Australian state's auditor.
It used to be that when I said 'cloud services,' people's eyes would glaze over and in minutes they'd be gently snoring. That was then. This is now. While CIOs and CTOs still debate about what role the cloud will have in business, personal cloud services have been slowly easing their way into almost everyone's computing plans.
SourceBans Local File Include and SQL Injection Vulnerabilities
[security bulletin] HPSBHF02723 SSRT100536 rev.2 - HP ProtectTools Device Access Manager for Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS)
Java platform-as-a-service cloud provider CloudBees has launched a commercial version of the Jenkins CI (continuous integration) platform, the company announced Wednesday.
Migrating from multisite MPLS to 100Mbps Ethernet can save you a bundle; here's how. Insider (registration required)
Starbucks said 26 million smartphone transactions were made to buy its coffee and other products since it started using a mobile payment app less than a year ago, making it the nation's largest mobile payment program.
Code-Crafters Ability Server FTP STOR And APPE Arguments Remote Buffer Overflow Vulnerability
Adobe announced a currently-unpatched vulnerability (CVE-2011-2462) that seems to affect all versions ofAdobe Reader and Acrobat. The issue is most relevant to the users of Adobe Reader and Acrobat 9 on Windows, because of reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild.Adobe Reader X and Adobe Acrobat X Protected View are likely to block the exploit because of the sandbox integrated into these products on Windows Visa or later.
Adobe plans to release an out-of-cycle security update for Adobe Reader and Acrobat 9.x for Windows no later than the week of December 12, 2011. Patches to other versions of the products will be released as part of the next quarterly security update on January 10, 2012.
This situation is a reminder why organizations should consider upgrading toAdobe Reader X and Adobe Acrobat X Protected View when using Windows Vista or later. The sooner this happens, the better from the security perspective. Sadly, it will be a long time beforeAdobe Reader and Acrobat 9 disappear from the wild, in part because end-users don't see a good reason to upgrade.
-- Lenny
Lenny Zeltser focuses on safeguarding customers' IT operations at Radiant Systems. He also teaches how toanalyzeandcombatmalware at SANS Institute. Lenny is activeon Twitterand writes adaily security blog.

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Opera Software on Tuesday released Opera 11.6, an interim build to tide over users while the company continues to work on version 12 and its hardware acceleration.
I am not a neat person. You need only to see my desk to realize that. However, when it comes to my PC case, I keep the cables organized.
HP Device Access Manager for HP ProtectTools Heap Memory Corruption Vulnerability
Cross-site scripting flaws are the most prevalent vulnerabilities found in Web applications, posing a risk to data and intellectual property, according to a study of thousands of applications by vendor Veracode.
NTT DoCoMo and a unit of electronics giant Omron said Wednesday they will form a joint venture to produce products and services that record and analyze personal health data.
Broadcom is working on a Bluetooth chipset that will give wireless keyboards a battery life of up to 10 years, the company said on Tuesday.
Fuji Xerox will launch a new cloud storage service that hooks directly into its multifunction copiers next week, allowing documents to be uploaded by scan or fax, then edited or downloaded by computer or phone.
Responding to increased use of tablets within workplaces, IBM will release on Wednesday several mobile applications designed to let employees use IBM enterprise social collaboration software with iPads and other mobile devices.
All it takes is a few simple browser add-ons and other tools to unlock the potential of the Web's most popular services including Gmail, Dropbox and more.
Microsoft yesterday confirmed that it will release a public beta of Windows 8 -- and open its Windows Store to the public -- in late February.
Apache Struts Session Tampering Security Bypass Vulnerability

Posted by InfoSec News on Dec 07


By Gregg Keizer
December 6, 2011

Adobe today confirmed that an unpatched, or zero-day, vulnerability in
Adobe Reader is being exploited by criminals.

Those attacks may have been aimed at defense contractors.

Adobe promised to patch the bug in the Windows edition of Reader and
Acrobat 9 no later than the end...

Posted by InfoSec News on Dec 07


Special to Globe and Mail
Dec. 06, 2011

Reports last week revealed that computer hackers in China who had
“attacked” the federal Department of Finance, Treasury Board and
departments within the Saskatchewan government in 2010 were attempting
to obtain confidential information about...

Posted by InfoSec News on Dec 07


By William Jackson
Dec 05, 2011

Evolving mobile computing platforms offer a target-rich environment to
hackers and have not fully benefitted from 20 years of experience in
securing desktop and laptop computers, according to a recent study by
McAfee Labs.

“Mobile devices are not going to be less susceptible to security
problems,” concludes the report,...

Posted by InfoSec News on Dec 07


By Kelly Jackson Higgins
Dark Reading
Dec 07, 2011

The connection between a user and his or her DNS service can now be
locked down with an encrypted session to prevent man-in-the-middle
attacks, spoofing, or sniffing: OpenDNS has written an open-source tool
that secures that traditionally...

Posted by InfoSec News on Dec 07


By Elizabeth Montalbano
December 05, 2011

Custom-code computer-vision algorithms helped a San Francisco-based team
solve a challenge by the Defense Advanced Research Projects Agency
(DARPA) to solve complex puzzles comprised of shredded documents.

Thirty-three days after DARPA unveiled the so-called Shredder Challenge,
a team of three programmers called...
Research In Motion has rebranded its next generation mobile platform as BlackBerry 10, after its use of the BBX brand ran into a trademark dispute in the U.S.
Yahoo will introduce on Wednesday several new features in its Search BOSS application development platform intended to make it easier for programmers and web publishers to adopt and use.
A Chinese court has rejected Apple's lawsuits to gain control of the iPad trademark in China, while a little-known Chinese firm raises the stakes and seeks to ban the iconic tablet from being sold in the country under the iPad brand.
A court in the U.S. has barred Research In Motion from using the BBX name at the company's Asian DevCon conference this week in Singapore, after a software company, Basis International, filed for a temporary restraining order in a trademark dispute.
Internet Storm Center Infocon Status