InfoSec News

Cisco Systems plans to expand its services business over the next several years, seeing a more important role for itself in a world of connected machines and devices.
An EMC executive said customers should have a sense of urgency about deploying IT as a service via a cloud infrastructure, but not everyone at the data storage company's user forum agreed with him.
TP-LINK TL-WR841N Router Multiple HTML Injection Vulnerabilities
The U.S. Patent Office has delivered a 'non-final' rejection of a Verizon patent application for a controversial technology that would serve targeted ads to TV viewers based on what they're doing or saying in front of their sets.
Apple has the money, talent and resources to build a highly automated factory in the U.S. that turns out products that are potentially cost competitive with those it now makes in China.
Even though sales of some mobile devices are booming, overall confidence in the tech sector continues to erode as economic weakness puts downward pressure on the computer market.


A little while ago we announced the Infosec Glossary at https://isc.sans.edu/diary/ISC+Feature+of+the+Week+Glossary/14188. In this feature, we update the layout and add Suggest Edit and Suggest Addition features! The new layout has a much more compact look so you dont have to scroll the page so much.


Overview - https://isc.sans.edu/glossary.html#overview

Mostly unchanged except for the link to Suggest an Addition described below.

List of Terms - https://isc.sans.edu/glossary.html#terms

This is a much more responsive, compact list and still has the search box to limit list to matching terms.

Mouse over a term in the list to view definition and options.

suggest edit option displays definition box for you to change then optionally enter a name and click the check button to submit.

Suggest an Addition - https://isc.sans.edu/glossary.html#add

Enter a Term not in the list above

Enter a definition for the term

Optionally enter your name

Click the check button to submit

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form


Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center https://isc.sans.edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Software security expert Gary McGraw explains the processes commonly found in highly successful software security programs.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Security researchers have identified a botnet controlled by its creators over the Tor anonymity network. It's likely that other botnet operators will adopt this approach, according to the team from vulnerability assessment and penetration testing firm Rapid7.
Apple's iPad and iPad Mini took top honors in a pair of tablet battery shootouts conducted by consumer watchdogs in the U.S. and the U.K.
TVMOBiLi Media Server Multiple Remote DoS Vulnerabilities
Multiple SQL Injection vulnerabilities in ClipBucket
Multiple vulnerabilities in Achievo
WordPress Video Lead Form Plugin 'errMsg' Parameter Cross Site Scripting Vulnerability
IBM plans to issue fixes early next week for glitches that have hit Notes users who upgraded to the latest version of Google's Android OS.
CanSecWest13 CFP Open Until December 14 2012, Conf March 7-9 2013, Vancouver
General Dynamics is looking for exploit authors, Microsoft improves ASLR in Windows 8, hooking the CryptProtectData() function, Mac malware targeted at the Dalai Lama, picky malware, and a support backdoor becomes a real problem

[SECURITY] [DSA 2582-1] xen security update
[slackware-security] ruby (SSA:2012-341-04)
[slackware-security] libxml2 (SSA:2012-341-03)

Are human firewalls the enterprise info. sec of the future?
Are human firewalls the enterprise info. sec of the future? Summary: Gartner is incubating a concept called People Centric Security that loosens controls and relies on end-users to assume responsibilities for protecting IT systems and data. John ...


A reader posted that they are observing strange TCP 443 behavior that looks like a fast flux [1] style pattern. They have a large snort sensor install base. Is anyone else seeing behavior like this? If so.... Got packets?

If you are seeing this behavior and are allowed please report it!


Richard Porter

--- ISC Handler on Duty
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The four largest mobile carriers in the U.S. -- AT&T, Verizon, Sprint Nextel and T-Mobile -- have agreed to accelerate the availability of emergency texting, or text-to-911.
German consumer organizations are suing Facebook because the social network keeps sharing personal data with third-party app makers without getting explicit consent from users.
Seven bundles of patches will arrive in next week's patch Tuesday to fix every version of Windows and many versions of Word, as they all have critical remote code execution vulnerabilities

How "public" are public Facebook posts?
Google has ended a free version of its Google Apps online application suite for small businesses, saying it wants to provide a stronger and more uniform experience to users.
Advanced Micro Devices has cut orders to contract chip manufacturer GlobalFoundries, expecting a "choppy demand environment" in the next few quarters.
Foxconn Technology Group is considering expanding its existing manufacturing operations in the U.S., in a move that could be linked with Apple's plan to bring back Mac manufacturing to the country.
DEP and ASLR are basic security characteristics of modern operating systems; however, many Windows programs are still being deployed without these protective mechanisms

Given a choice, customers of a Pacific Northwest PC system builder overwhelming pick Windows 7 over the newer Windows 8, the company's president said Thursday.
IDC today released its Disk Storage Tracker, showing steady growth in external storage systems worldwide for the third quarter.
Google's new Private Channels allow companies to have their own private corner of the Google Play store for their employees to download or publish custom applications and indirectly helps with the Android malware issue

A 22-year-old hacker from Northampton was convicted for taking part in Operation PayBack, a series of DDoS attacks on PayPal and other companies in 2010 and 2011. The hacker coordinated the attacks via IRC


Posted by InfoSec News on Dec 07

Forwarded from: Dragos Ruiu <dr (at) kyx.net>

The CFP is open and a new conference rushes forward. The
shorter version: Package up your PII/contact info that we
need so we can book flights and figure out visas, put
together a summary of who you are and what you want to
talk about that is cool new security research, and email
them to our jaded, grumpy reviewers (some of whom still
use mutt so make sure you...

Posted by InfoSec News on Dec 07


By Daily Mail Reporter
6 December 2012

Former U.S. Navy submarine warfare specialist Robert Patrick Hoffman II
was arrested Thursday morning on charges of turning over classified
information to undercover FBI agents posing as representatives of the
Russian Federation.

Hoffman, 39, of Virginia,...

Posted by InfoSec News on Dec 07


By Ken Dilanian
Washington Bureau
The Los Angeles Times
December 6, 2012

WASHINGTON -- The U.S. intelligence community is nearing completion of
its first detailed review of cyber-spying against American targets from
abroad, including an attempt to calculate U.S. financial losses from
hacker attacks based in China, officials said.

The National...

Posted by InfoSec News on Dec 07


[I'm disturbed that the Today Show's security expert mentioned in this
article/episode didn't correct NBC that it wasn't thieves that invented
this device, but this is also the same network that let Bob Costas flap
his gums about a number of factually incorrect claims about gun control
during NBC's...

Posted by InfoSec News on Dec 07


By Antone Gonsalves
December 06, 2012

Anonymous is planning to launch a cyberattack this weekend against the
website of the International Telecommunications Union, a United Nations
agency holding a meeting of 190 governments to discuss political and
commercial control of the Internet, a security firm says.

The ITU-organized World Conference...
Internet Storm Center Infocon Status