InfoSec News

Sprint launched a new smartphone on Monday that runs Google's Android OS and has two 3.5-in. touchscreens that can be viewed side by side.
 
Wikileaks defenders Anonymous are firing both barrels at a security researcher who promised to name people in the group.Aaron Barr vowed he’d expose organizers of the online activist group Anonymous next week, but in response Anonymous hacked his Twitter account, broke into his company network and posted more than 44,000 of the company’s e-mails.They also posted his home address, phone number and Social Security number on his Twitter page.
 
Facebook is threatening to take legal action against the creators of an online "dating" site that features 250,000 profiles of men and women whose photos and personal details were scraped off the social networking giants site and used without their permission.
 
Security B-Sides hits San Francisco a day ahead of RSA Conference 2011 and features some of security's most important researchers and analysts.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Google's Android outranked Apple's iPhone in total smartphone subscribers in the U.S. at the end of the fourth quarter of 2010, according to survey data from market research firm comScore.
 
I was at the airport, standing in line, when I struck up a conversation with a traveler about his iPhone. He discussed its features with me and its ability to harness the internet anytime and anywhere. He indicated that the phone's simple, elegant, and intuitive interface is a joy.
 
Intel will start shipping its dual-core Core i5 and i7 microprocessors based on the Sandy Bridge architecture for laptops starting on Feb. 20.
 
Riverbed Technology has added new GUIs and dashboard views that allow business managers to see how their applications are meeting service levels agreements.
 
The federal government's effort to improve the security on its Web sites may get a boost now that Verisign has taken over operation of the .gov registry.
 
Apple will introduce the next iPhone on June 6, analyst Ezra Gottheil said today, noting "they've set expectations that they'll do this every year."
 
Will Nokia team up with Microsoft to put the Windows Phone OS on Nokia's mobile handsets? The idea gained steam last week after Berenberg Bank analyst Adnaan Ahmad sent an open letter to both companies pleading that they save themselves by forming an exclusive partnership.
 
Doctors have fallen in love with the Apple iPad, becoming one of the biggest early adopters among professionals. They want iPads for personal use and to get their work done. It's the latter that has healthcare IT staff scrambling to secure the devices.
 
Bballgurl84life's laptop battery isn't charging.
 
Google executive Wael Ghonim has been released from government custody in Egypt today and has already tweeted about his freedom.
 
The FCC wants to phase out subsidies for traditional telephone service to rural areas, with the money transferred to a broadband deployment program.
 
Version 5 of Encrypt Stick remains one of the most secure and least intrusive ways to store and encrypt sensitive data. It installs to and runs off of your USB thumb drive, and leaving no footprint on your (or others') PC or Mac. It also uses polymorphic encryption (the algorithm will change for each device it runs from) that the company claims is 10 times faster than 256-bit AES, and provides a virtual keyboard to prevent key-logging programs from stealing your password. Encrypt Stick is available in a full $40 version and a Free version, which is basically a demo of the full version.
 
RETIRED: MySource Matrix CMS 'id' Parameter SQL Injection Vulnerability
 
[ MDVSA-2011:021 ] postgresql
 
Attackers are becoming more skilled at harvesting the amount of bandwidth available and selecting specific targets, a new report finds.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Security vendor, HBGary Federal, has been hacked by the group known as "Anonymous" because the firm is helping federal investigators infiltrate the group.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

BSidesSF preview: Amit Yoran sees improvement in national infosec effort
CSO (blog)
He also credited presidential cybersecurity advisor Howard Schmidt with amassing a team of high-caliber infosec professionals. ...

 
Industry watchers and IT execs are hailing the cloud computing model for advantages it brings to the enterprise - agility, ease of use, scalability and, especially, lower costs realized in the trade off of capital outlays for ongoing, more digestible operational expenses.
 
Cloud experts and early adopters offer up five entry points to the cloud
 
Cloud experts and early adopters offer up five entry points to the cloud
 
Dave DiMeo, service delivery network operations manager at Ford Motor has a mouthful of a title. And while the word "cloud" isn't part of it, it might as well be.
 
There's no getting away from politics in the workplace, but you can survive it.
 
Cloud services have the potential to deliver important business benefits to the enterprise, including cost savings, flexibility, resiliency, agility, quicker time to market, better customer service and the ability to handle unexpected spikes in demand.
 
Cloud services have the potential to deliver important business benefits to the enterprise, including cost savings, flexibility, resiliency, agility, quicker time to market, better customer service and the ability to handle unexpected spikes in demand.
 
Industry watchers and IT execs are hailing the cloud computing model for advantages it brings to the enterprise - agility, ease of use, scalability and, especially, lower costs realized in the trade off of capital outlays for ongoing, more digestible operational expenses.
 
Sprint plans to unveil a dual-screen Android smartphone called the Echo at a New York City event tonight, according to the Wall Street Journal.
 
Microsoft will take yet another crack this month at fixing a December update for Outlook 2007, the company said last week.
 
Re: TinyWebGallery: XSS + Directory Traversal
 
Troopers11 - Security Conference in Germany
 
Chamilo 1.8.7 / Dokeos 1.8.6 Remote File Disclosure
 
[SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability
 


There is an interesting piece running on several web news outlets and twitter is abuzz with HBGary Federal being hacked by Anonymous. HBGary was in the news less than 3 days ago stating they were tracking down members of Anonymous and aiding the FBI.



Last month we ran a piece Crime is still Crime and were assessing the risks of non-security firms attacking back.



http://www.isc.sans.org/diary.html?storyid=10300



With today's events and HBGary having an incident it re-enforces the advice for of assess your risk and posture before attacking back. Esspecially for those that are not in the Information Security field.If your revenue driver is making baby bottles then ask yourself is this the right move and do Ihave the skill set on staff.



Less than 3 days ago:

http://uk.finance.yahoo.com/news/Cyberactivists-warned-arrest-ftimes-3487898538.html?x=0

Today:

http://nakedsecurity.sophos.com/2011/02/07/hbgary-federal-hacked-and-exposed-by-anonymous/



I have been following these events (And will continue to follow) from the start as they cross government lines and this could set legal precedent for the future. Let's stay tuned as this takes shape.



And remember a paraphrase/quote from Cliff Stoll's The Cuckoo's Egg Professionals don't make big mistakes, they make little ones!
Richard Porter
--- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Embattled WikiLeaks founder Julian Assange appeared in a British court on Monday, where his attorney laid out a series of arguments why he should not be extradited to Sweden to face questions over sexual assault allegations.
 
What do The Golem and The Cabinet of Dr. Caligari have in common? They're the cinematic inspiration for our as-yet-unfilmed low-budget epic: The Lost Continent of January. Who cares what the storyline is? The scenery will be distressingly colorless, the actors wearily dreary, and the screen titles heart-breakingly hip thanks to Chinese Watch Shop, a typeface designed by Daniel Gauthier of Gaut Fonts. With its elongated, hand-drawn look, this TrueType font adds a forlorn and faintly creepy touch to your creations.
 
Hewlett-Packard is trying to bridge the gap between mobile devices such as tablets and desktops with its new desktop PCs, an effort that could help the company ease data flow and standardize the deployment of applications among devices.
 
Following the application delivery process isn't just for the business units.
 
Apache Tomcat NIO Connector Denial of Service Vulnerability
 
Embattled WikiLeaks founder Julian Assange appeared in a British court on Monday, where his attorney laid out a series of arguments why he should not be extradited to Sweden to face questions over sexual assault allegations.
 

Bluenog Corporation Creates New Risk Management & Security Practice
PR Newswire (press release)
He holds the following certifications: Certified Information Systems Security Professional (CISSP), National Security Agency INFOSEC Assessment Methodology ...

and more »
 
The Egyptian government's Internet shutdown shows that CIOs around the world must create contingency plans to deal with the potential shutdown of critical infrastructure.
 
Older IT workers have been more likely than younger ones to lose their jobs -- and stay unemployed -- since the latest economic recession began in 2008, according to new U.S. government data.
 
Hackers are increasingly using the old Telnet remote-access protocol to attack corporate servers, according to a report by Akamai Technologies.
 
CIOs can't count on a well-timed act of nature to convince executives to invest more in business continuity and disaster recovery. But they're getting better at quantifying the risk and impact of a business disruption.
 
Improved data handling should be an easy win for our manager, who is especially excited about the opportunity to better protect his employer's intellectual property.
 
The Patriots are a team with great promise that has been lavished with money, but they failed to perform -- again. Does that remind you of something else?
 
David Edelstein, director of the Grameen Technology Center and vice president of technology programs at Grameen Foundation, uses technology to battle poverty. His weapon of choice: the mobile phone.
 
Worried about lousy cloud security? There's plenty of lousy security in other areas as well.
 
Software licensing for desktop virtualization is incredibly complex and confusing, as software increasingly becomes divorced from its traditional association with a specific piece of hardware.
 
Leadership development programs like Clearwire's CIO University can nurture up-and-coming IT leaders while tackling real company issues.
 
OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
 
FreeBSD Kernel SendFile System Call Local Information Disclosure Vulnerability
 
Escortservice 'custid' Parameter SQL Injection Vulnerability
 

Posted by InfoSec News on Feb 07

http://www.herald.ie/national-news/intrigue-builds-as-bank-chiefs-laptop-stolen-with-imf-data-2525596.html

By Cormac Byrne
Herald.ie
Friday February 04 2011

INTRIGUE grew today as it emerged another laptop containing sensitive
financial information has been stolen.

News that a computer was taken from the home of Anglo Irish Bank chief
Mike Aynsley comes days after the Herald revealed that a number of
laptop stolen from the offices of the...
 

Posted by InfoSec News on Feb 07

http://www.theregister.co.uk/2011/02/04/cyberwar_rules_of_engagement/

By John Leyden
The Register
4th February 2011

Rules of engagement for the deployment of cyber-weapons need to be
developed, an international security conference is due to be told later
today.

The influential EastWest Institute is due to present proposals for the
cyberspace equivalent of the Geneva convention at the Munich Security
Conference, which has included a debate...
 

Posted by InfoSec News on Feb 07

http://timesofindia.indiatimes.com/city/patna/Cybersecurity-a-sham-in-India-Ethical-hacker/articleshow/7432529.cms

[Seems Ankit Fadia is confused what the term 'Ethical Hacker' really means,
http://timesofindia.indiatimes.com/city/patna/Ankit-Fadia-wows-students-with-hack-demo-at-IIT-Patna-fest/articleshow/7432187.cms
If you do a demo hacking two companies websites and teaching a crowd how to
remove your name from the phone company billing...
 

Posted by InfoSec News on Feb 07

http://www.dailyfinance.com/story/investing/the-nasdaq-hacking-case-raises-big-red-flags-for-exchanges/19830853/

By ALEX SALKEVER
Daily Finance
02/06/11

Revelations over the past few days that hackers had penetrated certain
systems at the Nasdaq stock exchange are reverberating throughout the
financial world. Indeed, the case is shaking some bedrock assumptions of
a digitized, high-speed, globally connected stock market run essentially
by...
 

Posted by InfoSec News on Feb 07

http://krebsonsecurity.com/2011/02/hbgary-federal-hacked-by-anonymous/

By Brian Krebs
Krebs on Security
February 7th, 2011

A company that is helping the federal government track down
cyberactivists who have been attacking business which refused to support
Wikileaks has itself been hacked by the very same activists.

At the center of the storm is a leaderless and anarchic Internet group
called Anonymous, which more recently has been...
 

Posted by InfoSec News on Feb 07

http://www.smh.com.au/digital-life/mobiles/bikies-blackberrys-beat-law-20110205-1ahmo.html

By Natalie O'Brien
The Sydney Morning Herald
February 6, 2011

Bikie gangs and organised crime groups are believed to have foiled
police attempts to tap their phones by importing untraceable, encrypted
BlackBerrys from Mexico.

The telecommunications black hole exploited by the Comanchero gang and
drug cartels has come to light after countries around...
 

Posted by InfoSec News on Feb 07

http://english.farsnews.com/newstext.php?nn=8911170676

Fars News Agency
07 Feb 2011

TEHRAN (FNA) - Iranian Defense Minister Brigadier General Ahmad Vahidi
stressed that Iran's first nuclear power plant in the Southern port city
of Bushehr enjoys sufficient and appropriate level of security and
immunity to hazards.

"The Bushehr power plant's premises and facilities have a good level of
security," Vahidi told reporters on...
 
AOL has agreed to buy the second most popular news website in the U.S., The Huffington Post, for US$315 million, it said in a statement Monday.
 


Internet Storm Center Infocon Status