Hackin9
Forget fumbling with cash and credit cards; smartphones have long been seen as a way to make in store purchases faster and easier. But several challenges need to be overcome before the technology takes off.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Sprint Nextel posted another quarterly loss but reported progress toward becoming just plain Sprint, a company with more money and fewer networks, which it hopes to be by the end of this year.
 
Twitter is modifying its search engine to include tweets more than a week old, a move it said will help users uncover better content.
 
These days, it seems that every single website I visit wants me to log in, no matter how trivial the service it offers. Of course, the most basic of cautions dictates that a different set of credentials are created for each site, least I wake up one morning to find out that my bank account was wiped clean because my favorite social network inadvertently leaked my password.
 
Using a smartphone to pay for purchases in lieu of a physical debit or credit card may become a US$1 trillion business by 2015, and some ancillary technologies for consumer engagement could help to make that happen.
 
IRCD-Hybrid 'try_parse_v4_netmask()' Denial of Service Vulnerability
 
The head of IBM's mainframe group is looking to bring mobile and social workloads into the platform in another move that would help the mainframe stay relevant and fend off competition from lower-cost systems.
 
The Federal Government has slapped security on the frontline of IT agendas with its announcement of a new cyber security centre in Canberra and an additional $1.46 billion in funding for cyber security as part of a new national security blueprint.
 
CoolPDF Reader CVE-2012-4914 Remote Stack Buffer Overflow Vulnerability
 
video test article
 
Lost in all the Watson server news this week from IBM was its release of is a self-service software portal that allows end-users to dynamically provision storage within minutes.
 
Former Oracle partner CedarCrestone is alleging the vendor has engaged in an "unlawful and systematic attack" against the third-party support market and has a monopoly on support revenue.
 
A U.S. district court judge has ruled that 13 Motorola Mobility patent claims related to digital video are invalid in a patent licensing case brought by Microsoft.
 

--

John Bambenek

bambenek \at\ gmail /dot/ com

Bambenek Consulting
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
For the first time, a major botnet take-down has included direct victim notification that warns users their PCs are infected and shows them how to scrub clean their machines.
 
Should an abstract idea written into software and run on a computer be patentable? That's one question a U.S. appeals court will consider Friday when it hears arguments in a case with broad implications for software patents for companies as diverse as Google and Red Hat.
 
For those that call tablets personal computers, Apple Inc. is the world's top PC maker, according to research firm Canalys.
 
When a relatively small high-tech company with some big aerospace and defense customers wanted to adopt cloud-based email for its employees, it faced the challenge that whatever choice of cloud service it adopted, it had to meet the government's security regulations known as ITAR, or the "International Traffic in Arms Regulations."
 
Microsoft's Surface Pro tablet with the Windows 8 OS is due to ship on Feb. 9, starting at $899. Surface Pro's early reviews have been mixed, and there are many Windows 8 alternatives already available from Samsung, Acer, Lenovo and Hewlett-Packard.
 
Microsoft will issue 12 security updates next week, including two for Internet Explorer, that will patch a near-record 57 vulnerabilities in the browser, Windows, Office and the enterprise-critical Exchange Server email software.
 
Smartphones running the open source Ubuntu operating system will start shipping in October, although it isn't clear if they will be available in the U.S., according to a report.
 
Multiple Lorex DVR Product Security Bypass Vulnerability
 
IBM Netezza WebAdmin Multiple Security Vulnerabilities
 
A new exploit kit called Whitehole has emerged on the underground market, providing cybercriminals with one more tool to infect computers with malware over the Web, security researchers from antivirus vendor Trend Micro reported Wednesday.
 
Cisco ATA 187 Analog Telephone Adapter Unauthorized Access Security Bypass Vulnerability
 
MatrixSSL TLS Implementation Information Disclosure Vulnerability
 
[CVE-2013-1464]Wordpress Audio Player Plugin XSS in SWF‏‏
 

SANS Provides Students Remote Access to its Largest InfoSec Training Event of ...
MarketWatch (press release)
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...

and more »
 
In a question-and-answer session on Reddit Wednesday, Microsoft's Surface Pro team ignored most questions about the tablet's battery life, but hinted that the company might sell an add-on battery pack in the future.
 
Facebook has deleted all European facial recognition data, the Irish data protection commissioner and a German data protection regulator confirmed independently Thursday after reviewing parts of the social network's source code.
 
A misdeclared function deep within the open source PostgreSQL database could allow a simple query to crash the server. Updates are now available which close that and a range of other issues


 
Google Chrome 24.0.1312.57 HTTP Authentication Security Bypass Weakness
 
Google is rolling out a new version of AdWords that will allow advertisers to manage and bid for ads across computers, smartphones and other devices within the same campaign, in a bid to simplify mobile advertising.
 
Sam Yu won't name the handset makers involved. But the executive at Taiwanese firm Polytron Technologies is confident that consumers this year will see the arrival of partially transparent glass smartphones.
 
There is a lot yet to be told about how going private will change Dell, but one thing it won't change is its enterprise strategy.
 
Thinking about upgrading? Hang back at least a year before implementing this release, our expert advises.
 
Microsoft has launched a campaign in the U.S. that targets Google's alleged practice of going through the contents of all Gmail messages to sell and target advertisements, raising again an old issue the Redmond, Washington, software giant has with the free email service.
 
Thousands and thousands of computers with Kaspersky anti-virus products were cut off from all network connections after a signature update Monday. Only computers with Windows XP were affected


 
The two companies have collaborated with US and Spanish government officials to take down the Bamital botnet which has infected at least 1.8 million computers, redirecting web searches to their servers to generate revenue


 
Alcatel-Lucent reported a fourth-quarter net loss of $1.81 billion, and at the same time announced it is hunting for a new CEO.
 

Posted by InfoSec News on Feb 06

http://www.eweek.com/security/federal-reserve-doe-confirm-hackers-breached-servers-stole-data/

By Robert Lemos
eWEEK.com
2013-02-06

The U.S. banking and energy agencies confirmed that hackers, in separate
incidents, breached their systems and made off with hundreds of accounts.

Two federal agencies acknowledged this week that hackers had breached their
systems and stole the personal and account information of workers.

On Feb. 3, a group...
 

Posted by InfoSec News on Feb 06

http://www.wired.com/threatlevel/2013/02/tridium-niagara-zero-day/

By Kim Zetter
Threat Level
Wired.com
02.06.13

SAN JUAN, PUERTO RICO -- A critical vulnerability discovered in an industrial
control system used widely by the military, hospitals and others would allow
attackers to remotely control electronic door locks, lighting systems,
elevators, electricity and boiler systems, video surveillance cameras, alarms
and other critical building...
 

Posted by InfoSec News on Feb 06

http://www.csoonline.com/article/728343/japan-foreign-ministry-says-pc-leaked-docs-to-external-server

By Jay Alabaster
IDG News Service
February 06, 2013

Japan's foreign ministry said that a computer was compromised and
documents were probably copied to an external server.

The Ministry of Foreign Affairs said that about 20 documents are feared
to have been stolen, though none of them were confidential. The ministry
said it was made...
 

Posted by InfoSec News on Feb 06

Forwarded from: William Fitzgerald <wfitzgerald (at) 4c.ucc.ie>

Dear All,

SETOP 2013: 6th SETOP International Workshop on Autonomous and Spontaneous
Security (co-located with ESORICS)

URL: http://conferences.telecom-bretagne.eu/setop/2013/

Proceedings: Published by Springer in the Lecture Notes in Computer Science
(LNCS) series.

Venue The workshop will be held in Egham U.K. at Royal Holloway, University of
London, in conjunction...
 

Posted by InfoSec News on Feb 06

http://www.cl.cam.ac.uk/~rja14/book.html

Security Engineering -- The Book

‘I'm incredibly impressed that one person could produce such a thorough
coverage. Moreover, you make the stuff easy and enjoyable to read. I
find it just as entertaining - and far more useful - than novels (and my
normal science fiction). When I first got it in the mail, I said to
myself "I'm never going to read all of that." But once I started...
 
VMware OVF Tool OVF File CVE-2012-3569 Format String Vulnerability
 
Internet Storm Center Infocon Status