InfoSec News

EMC's acquisition of data warehouse software provider Greenplum is in keeping with a strategy over the past five or so years go acquire technology that will allow it to play in the information infrastructure space that includes cloud computing and data analytics.
 
The U.S. National Security Agency is building a system that would help detect cyber-attacks on critical U.S. infrastructure, according to a report in the Wall Street Journal that cites unnamed sources.
 
IBM on Wednesday said it was establishing a consortium with the European Union and universities to research new cloud-computing models to reduce the cost of hosting and maintaining Internet-based services.
 
A European Commission executive Wednesday said his office is continuing to investigate antitrust allegations filed against Google earlier this year.
 
A bill in the Congress that would require Internet sellers in many states to collect sales tax would hurt small businesses online, a tech trade group said.
 

Caveat Emptor - Why the Cloud is Still a High Risk Option
CSO (blog)
We are no longer planning to support production usage of Atmos Online. Going forward, Atmos Online will ...

and more »
 
Most of my calendar data lives in Outlook. Not by choice, mind you, but because that's just where it has accumulated over the years.
 
U.S. Supreme Court patent decision in Bilski case satisfies no one, except perhaps patent lawyers.
 
Oracle's claims about its Exadata database machine's performance capabilities are merited, but in order to get the benefits, customers have to do more than flip a switch, according to a customer and consultant who are working with the platform.
 
Heavy demand for upload capacity from the iPhone 4 has exposed a flaw in the software for Alcatel-Lucent's 3G network equipment, temporarily forcing lower upstream speeds for some AT&T subscribers.
 
AT&T announced a service for small and midsize businesses that want to use smartphones to accept credit and debit card transactions. The service is based on technology from payment device manufacturer Apriva.
 
RIM Wednesday unveiled a new version of its Blackberry Enterprise Server that includes features aimed at allaying security fears of IT managers.
 
Windows 7 comes with a host of new features that greatly simplify everyday tasks. In a corporate environment, however, the last thing IT wants is for users to have free rein of these features once Windows 7 is deployed on their desktops.
 
Nokia has asked Russian authorities to help retrieve what it says is an unauthorized model of a future phone that a blogger wrote about and photographed on a phone review site.
 
The pen-testing specialist offers a preview of its new product, which it says can automatically pinpoint second- and third-level exploits to avoid Heartland-style data breaches.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Core Security - Security - Penetration test - Consultants - General and Freelance
 
A Chinese government official told the Wall Street Journal that Google's application to renew its license to do business in the country is still under review.
 
The newly released TPC-Energy specification measures the power consumption of transactional systems.
 
The number of zero-day vulnerabilities in widely-used Microsoft software products continues to grow, according to security experts.
 
RIM's new BlackBerry Enterprise Server 5.0 Service Pack 2 for both Microsoft Exchange and IBM Lotus Domino packs a handful of valuable new features for administrators and BlackBerry users.
 
Borders today launched an e-book store with 1.5 million titles, coming somewhat late to the game but committed to grabbing a 17% share of the market within a year.
 
The Bluetooth 4.0 low-power wireless networking specification has been approved, and the technology will start appearing in devices such as smart meters and laptops later this year, the Bluetooth Special Interest Group said on Wednesday.
 
The Boston Celtics' VP of technology explains how using the MacBook Pro and cloud-based services helped improve the franchise's IT security.
 
Twitter has introduced another advertising service, hoping to generate revenue this time by promoting special offers, events and one-time deals from marketers.
 
Reader Jacob Franks is curious about a folder he's found on his Mac. He writes:
 
Firefox 4 offers a refreshed layout and appearance, as well as some under-the-hood tweaks. Here's a look at some of the highlights.
 
Ad-Aware Total Security ($50, 30-day free trial), the newest addition to the Lavasoft line of security software, is an all-in-one suite that builds on the longtime anti-spyware favorite Ad-Aware. It adds anti-virus, rootkit detection, a personal firewall, spam protection, parental control software and more. It's essentially the same software as Ad-Aware Internet Security Free or the $30 Ad-Aware Internet Security Pro, with extra capabilities bolted on.
 
Ad-Aware Internet Security Pro ($30, 30-day free trial), designed for businesses, resides at the upper end of Lavasoft's Ad-Aware product line. What began as anti-spyware has grown into a sizable suite that includes comprehensive malware protection--including antivirus, network protection, and rootkit removal. Lavasoft also offers a free version of the software, called Ad-Aware Internet Security Free, which is for home users only; and a more full-featured new $50 suite, Ad-Aware Total Security.
 
Google has made a further investment in Chinese online music provider Top100.cn, it confirmed this week, even as the U.S. search giant waits to hear if its license to operate in China will be renewed.
 
Samsung Electronics, one of the world's largest electronics makers, on Wednesday forecast record operating profit for the second quarter of 2010 on strong sales.
 
A Chinese offshore outsourcing company that has started hiring U.S. computer science graduates in Shanghai requires job applicants from the U.S. to demonstrate an IQ of 125 or above on a test it administers.
 
Holy TurboNAS, Batman! The Qnap TS-259 Pro TurboNAS posted sky-high performance for a network-attached storage box. Granted, our test configuration of this two-bay NAS device ($600 sans drives, price as of 7/710) includes two 750GB Western Digital Black Caviar drives in RAID 0, which is optimized for performance, not data redundancy. But that generally explains only a couple of percentage points of performance (depending on the specific test)--and the TS-259 Pro was more than two times faster than the nearest competitor we've tested to date. This speed difference is visible--in my hands-on examination, directory windows snapped open with almost startling speed.
 
Ad-Aware Internet Security Free, one of the most popular spyware killers on the planet, just got better: It's not just an anti-spyware killer any more. The newest version adds anti-virus capabilities to its already very good job of detecting and killing spyware while keeping a low profile.
 
Browser-based add-on, Blitzableiter, cleans SWF files prior to running on a user's computer. The tool will be released at Black Hat 2010 in Las Vegas.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Add-on - Mozilla Firefox - Adobe Flash - Firefox - browser
 
If you have kids and you are at all familiar the classic children's board book Brown Bear, Brown Bear, What Do You See? authored by Bill Martin Jr and illustrated by Eric Carle, then you will understand that the subject of this diary is a tribute to that book and read in the same tone.
All good things should be used in moderation. The same goes for the social networking sites Facebook, LinkedIn, Twitter, etc. (There are plenty more...) Those that jump in and friend, connect, post, and share in excess may expose themselves if they are not aware of all of the consequences possible from using these sites.
The information you post and share on these sites are not only controlled by the companies that host it, but may also be available to a countless sized audience. There is an article posted on darkREADING yesterday that highlights some good reasons to show moderation when using social networking sites.



http://www.darkreading.com/insiderthreat/security/privacy/showArticle.jhtml?articleID=225702468
There are many reminders through out the piece that your private information should NOT be shared on these sites.



So go back to each of your social networking sites and ask yourself the question:
What do I see?


--

Kevin Shortt

ISC Handler on Duty

(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Mozilla released the first beta of Firefox 4, a major upgrade expected later this year that features a revamped interface, support for a wide range of Web technologies and performance improvements.
 
After seeing chip sales decline in 2009, the semiconductor industry's fortunes are looking brighter in the coming years, according to IDC.
 
Extensible cross-domain user authentication and automated user rights management highlight these powerful tools
 
The death of the Kin smartphone doesn't bode well for Microsoft's future in the mobile device business, analysts say.
 
Hong Kong's Cathay Pacific Airways plans to offer in-flight broadband, cell-phone service and live television on its aircraft from early 2012, it said Wednesday.
 
InfoSec News: 'Robin Sage' Profile Duped Military Intelligence, IT Security Pros: http://www.darkreading.com/insiderthreat/security/privacy/showArticle.jhtml?articleID=225702468
By Kelly Jackson Higgins DarkReading July 06, 2010
Seasoned red team hacker Chris Nickerson initially accepted Robin Sage's LinkedIn invitation because several of his colleagues had, but after [...]
 
InfoSec News: Throwing The Sun Tzu Baby Out With The InfoSec Bathwater: http://blogs.forbes.com/firewall/2010/07/06/throwing-the-sun-tzu-baby-out-with-the-infosec-bathwater/
By Jeffrey Carr The Firewall Forbes.com July 6, 2010
Steve Tornio and Brian Martin just published a 5,000 word rant [1] against anyone who dares utter the name Sun Tzu in connection with [...]
 
InfoSec News: Apple App Store Suffers Hack Attack: http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=225702415
By Paul McDougall InformationWeek July 6, 2010
Apple said Tuesday that it removed a seller from its online applications store after discovering that he gamed the store's sales ranking system [...]
 
InfoSec News: IT Official Blames N. Korea for Cyber Attacks: http://english.donga.com/srv/service.php3?bicode=040000&biid=2010070747078
THE DONG-A ILBO July 07, 2010
North Korea was behind the cyber attacks that occurred a year ago Wednesday, according to a government IT source in South Korea.
The distributed denial of service, or DDoS, attacks paralyzed more than 20 domestic sites including those of the presidential office and major portal sites.
On foreign media reports saying no evidence linked the North to the attacks, Jeong Seok-hwa, investigation director at the Cyber Terror Response Center in charge of the investigation, said, "No country including the U.S. could identify the origin of the DDoS attacks that occurred a year ago. Thankfully, the discovery by Korean investigation agencies has been the most credible so far."
On how he was sure that it was Pyongyang, Jeong said, "It might be too early to conclude this, but the facts so far have shown that the IP address used for the attacks was the same one rented by North Korea's Posts and Telecommunications Ministry from a Chinese Internet provider."
[...]
 
InfoSec News: DentaQuest notifies local families of possible fraud: http://www.clevelandbanner.com/view/full_story/8389835/article-DentaQuest-notifies-local-families-of-possible-fraud
By Rick Norton Associate Editor Cleveland Daily Banner July 6, 2010
A dental benefits manager for multiple government programs in the U.S. [...]
 
InfoSec News: DeepSec 2010 - Call for Papers - REMINDER: Forwarded from: DeepSec Conference <deepsec (at) deepsec.net>
== REMINDER: Call for Papers and Experts === DeepSec In-Depth Security Conference 2010 - Quad Core, the fourth DeepSec
The is a reminder for the Call for Papers sent out in April. The next [...]
 
InfoSec News: Army Major cleared of espionage charges: http://www.hindustantimes.com/Army-Major-cleared-of-espionage-charges/Article1-568259.aspx
Press Trust Of India New Delhi July 06, 2010
An Andaman-based Army Major, who came under the scanner after his computer was remotely accessed from Pakistan, has been cleared by the [...]
 

Posted by InfoSec News on Jul 07

http://www.darkreading.com/insiderthreat/security/privacy/showArticle.jhtml?articleID=225702468

By Kelly Jackson Higgins
DarkReading
July 06, 2010

Seasoned red team hacker Chris Nickerson initially accepted Robin Sage's
LinkedIn invitation because several of his colleagues had, but after
making a few inquiries he realized something was fishy about "Robin," a
twenty-something woman who purportedly worked for the Naval Network...
 

Posted by InfoSec News on Jul 07

http://blogs.forbes.com/firewall/2010/07/06/throwing-the-sun-tzu-baby-out-with-the-infosec-bathwater/

By Jeffrey Carr
The Firewall
Forbes.com
July 6, 2010

Steve Tornio and Brian Martin just published a 5,000 word rant [1]
against anyone who dares utter the name Sun Tzu in connection with
information security. According to Tornio and Martin, Sun Tzu - the
principal strategic authority who's seminal work has served to guide
China's military...
 

Posted by InfoSec News on Jul 07

http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=225702415

By Paul McDougall
InformationWeek
July 6, 2010

Apple said Tuesday that it removed a seller from its online applications
store after discovering that he gamed the store's sales ranking system
to make it appear as though his e-books accounted for 42 of the site's
top 50 electronics books.

Apple said the hack was carried about by a developer named Thuat...
 

Posted by InfoSec News on Jul 07

http://english.donga.com/srv/service.php3?bicode=040000&biid=2010070747078

THE DONG-A ILBO
July 07, 2010

North Korea was behind the cyber attacks that occurred a year ago
Wednesday, according to a government IT source in South Korea.

The distributed denial of service, or DDoS, attacks paralyzed more than
20 domestic sites including those of the presidential office and major
portal sites.

On foreign media reports saying no evidence...
 

Posted by InfoSec News on Jul 07

http://www.clevelandbanner.com/view/full_story/8389835/article-DentaQuest-notifies-local-families-of-possible-fraud

By Rick Norton
Associate Editor
Cleveland Daily Banner
July 6, 2010

A dental benefits manager for multiple government programs in the U.S.
has declined to identify the number of Bradley County families
potentially impacted by the theft of a contracted employee's laptop
computer containing confidential information like client...
 

Posted by InfoSec News on Jul 07

Forwarded from: DeepSec Conference <deepsec (at) deepsec.net>

== REMINDER: Call for Papers and Experts
=== DeepSec In-Depth Security Conference 2010 - Quad Core, the fourth DeepSec

The is a reminder for the Call for Papers sent out in April. The next
DeepSec conference will be in Vienna from November 23rd to 26th 2010 and
we invite you to send your submission for conference talks and
workshops. Additionally we call for submisison from...
 

Posted by InfoSec News on Jul 07

http://www.hindustantimes.com/Army-Major-cleared-of-espionage-charges/Article1-568259.aspx

Press Trust Of India
New Delhi
July 06, 2010

An Andaman-based Army Major, who came under the scanner after his
computer was remotely accessed from Pakistan, has been cleared by the
security agencies of any involvement in espionage.

The agencies are unlikely to proceed against the Major under the
Official Secrets Act (OSA) but he may face a...
 

Internet Storm Center Infocon Status