InfoSec News

Of all the hassles that can plague a PC user (and, trust me, there are many), few are as infuriating as random lockups. There you are, typing along, when suddenly everything just freezes. No error message, no blue screen, just a locked-up, unresponsive system. I've been there. I feel your pain.
 
A bug introduced during a routing system update caused Gmail to turn some users into unintentional spammers by resending some messages multiple times to increasingly annoyed recipients including company bosses, clients, prospective employers and friends.
 
Cisco Systems and distributor Westcon Group North America have agreed to pay the U.S. government $48 million to settle charges that they misrepresented prices in contracts with the U.S. General Service Administration and other agencies.
 
The U.S. government is asking the public for help with some of its most vexing problems with the launch of a new Web site that offers rewards for the best ideas.
 
The head of eBay's mobile efforts wants to make eBay the first place that people look on their phones when searching for a product to buy.
 
When you click the Start menu--or visit the Windows logon screen--you're presented with a rather arbitrary thumbnail image. Usually it's a flower, soccer ball, rubber ducky, or one of the other handful of Windows' stock images.
 
HP is suing former CEO Mark Hurd, who was named co-president of rival Oracle on Monday, saying his hiring violates the terms of a severance agreement he signed with HP.
 

Filling the Infosec Talent Gap in the United States
CIO
The NSA and DHS have a jointly funded what is essentially an ROTC program. The problem exists where the graduates are pretty much all farmed out to DoD and ...

 
Facebook today said it has fixed the bug that allowed a spamming worm to automatically post messages to users' walls earlier this week.
 
HP is suing former CEO Mark Hurd, who was named co-president of rival Oracle on Monday, saying his hiring violates the terms of a severance agreement he signed with HP.
 
Symantec announced several upgrades to its backup and archive software products that allow users to collect and store data from laptops and desktops for discovery purposes. The company also announced its first de-duplication appliance.
 
Hewlett-Packard is suing its former CEO, Mark Hurd, who was named co-president of rival Oracle on Monday, according to the Wall Street Journal.
 
Google CEO Eric Schmidt said the company will launch its TV service in the U.S. this fall.
 
Apple's U.K. site over the weekend revealed that the iOS 4.1 update will be launched tomorrow.
 
LG Electronics on Tuesday announced a new series of smartphones with next-generation dual-core processors, which should provide a big leap in performance while maintaining device battery life.
 
The ascendancy of former Hewlett-Packard CEO Mark Hurd to a co-president slot at Oracle could give the vendor's strategy of selling integrated systems a boost, according to some industry observers.
 
The point of demarcation is important to service providers as it limits their exposure and risk, thus limiting their scope of responsibility and costs, but the growing popularity of cloud computing and hosted communications services promises to dramatically change the picture -- perhaps most dramatically in the wiring closet.
 
The World Wide Consortium is investigating integrating speech capabilities into Web standard
 
The Samsung Fascinate smartphone goes on sale online Wednesday for $199.99 after rebate and will be in Verizon Wireless stores on Thursday.
 
The American Civil Liberties Union and other groups have filed a lawsuit challenging the U.S. Customs and Border Protection practice of searching laptops and other electronic devices at U.S. borders.
 
IDC is increasing its earlier projection for 2010 smartphone shipments by 10% to 270 million.
 
A Japanese journalist freed over the weekend by captors in Afghanistan managed to send two Twitter messages before his release while teaching a captor how to access the Internet on a new cell phone, he said Tuesday.
 
Police across Europe conducted raids against ISPs and private individuals to collect evidence against several Web sites suspected of offering content to file-sharing networks without permission of the copyright holder.
 
Microsoft is looking into a long-known vulnerability in Internet Explorer (IE) that could be used to access users' data and Web-based accounts.
 
Bob Bragdon says legislative developments can help or hinder the security industry
 
A flaw in Internet Explorer 8 can enable an attacker to steal data or force the victim to post to Twitter or other social networks.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Microsoft - Internet Explorer - Browsers - Clients - WWW
 

GovInfoSecurity.com

Is Infosec Worker Need Underestimated?
GovInfoSecurity.com
"If we don't have human capital in place, the other stuff is not going to work," says Patrick Gorman, former associate director of the Office of National ...

 
We've been writing about SSH brute force attempts for numerous times already. A lot of security researchers are collecting various information about such brute force attacks and numerous other tools exist that can prevent or block them.
DRG (Dragon Research Group), which is a volunteer research organization dedicated to further understanding of online criminality and to provide actionable intelligence for the benefit of the entire Internet community, last month published a very nice paper about such SSH brute force attempts. Among the other things, the paper lists a whole bunch of tools that can be used in order to limit or block SSH brute force attempts, and configuration recommendations that will help you increase security of your SSH installations. Check the paper at http://www.dragonresearchgroup.org/insight/sshpwauth-tac.html
Additionally, DRG is also publishing a list of IP addresses of SSH attackers that were detected on various pods DRG uses, that are spread around the world. This list is available at http://www.dragonresearchgroup.org/insight/sshpwauth.txt.
DRG also created a very cool tag cloud showing most common usernames and passwords that have been tried in latest SSH brute force attacks. The cloud is available at http://www.dragonresearchgroup.org/insight/sshpwauth-cloud.html - check it make sure there arent any of your passwords there :). Both the list and the cloud are updated every hour.
More information about DRG is available at http://www.dragonresearchgroup.org/ and Im sure they could use more pod runners.
--

Bojan

INFIGO IS (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Our privacy columnist takes a close look at the privacy policies of two leading online-survey vendors.
 
Samsung has announced a dual-core application processor for tablets PCs, netbooks and smartphones that will be able to handle 1080p video playback and recording, the company said on Tuesday.
 
Microsoft is looking into a long-known vulnerability in Internet Explorer (IE) that could be used to access users' data and Web-based accounts.
 
In just one month, Mark Hurd has gone from CEO of HP, which he helped turn into the world's largest technology company, to a president of Oracle, which wants to become as big as HP or IBM.
 
HP paid roughly 11 times what 3Par made in revenue in 2009, so perhaps Dell should be wiping sweat from its forehead after losing the bidding battle for the storage vendor. Still, HP could make hay with 3Par in a big way.
 
Google's Chrome 6 is 17% faster than the version it replaced, putting it in a virtual dead heat with the speed leaders, Opera and Safari, according to benchmark scores.
 
Ohio Gov. Ted Strickland is delivering one of the strongest attacks yet on offshore outsourcing, calling it not only a threat to jobs but an IT security risk.
 
InfoSec News: Kim Jong Il Bowls for Murdoch's Dollars With Korean Video Games: http://www.bloomberg.com/news/2010-09-06/kim-jong-il-bowls-for-murdoch-dollars-with-video-games-made-in-north-korea.html
By Matthew Campbell and Bomi Lim Bloomberg.com Sept 6, 2010
North Korean leader Kim Jong Il has found an unlikely ally to help raise [...]
 
InfoSec News: Police terror trainers lose USB stick in street: http://news.techworld.com/security/3238344/police-terror-trainers-lose-usb-stick-in-street/
By John E Dunn Techworld 06 September 10
The curse of the unencrypted memory stick has stuck Manchester Police, which has suffered embarrassment as a drive containing apparently [...]
 
InfoSec News: Can you trust your data recovery vendor?: http://gcn.com/articles/2010/09/06/data-recovery-vetting.aspx
By Henry Kenyon GCN.com Sept 03, 2010
Many government and private-sector organizations consider recovering data from damaged laptop PC hard drives to be a minor budget item that third-party vendors can best handle. [...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, August 29, 2010: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, August 29, 2010
25 Incidents Added.
======================================================================== [...]
 
InfoSec News: Symantec finally secures HackIsWack: http://www.theregister.co.uk/2010/09/06/hackiswack_secure/
By John Leyden The Register 6th September 2010
Symantec has belatedly secured its laughable HackIsWack competition website.
The site - a collaboration between the security software firm and rapper [...]
 

Posted by InfoSec News on Sep 06

http://www.bloomberg.com/news/2010-09-06/kim-jong-il-bowls-for-murdoch-dollars-with-video-games-made-in-north-korea.html

By Matthew Campbell and Bomi Lim
Bloomberg.com
Sept 6, 2010

North Korean leader Kim Jong Il has found an unlikely ally to help raise
cash for his impoverished regime: The Dude, the pot-smoking
underachiever played by Jeff Bridges in the movie "The Big Lebowski."

Programmers from North Korea’s General...
 

Posted by InfoSec News on Sep 06

http://news.techworld.com/security/3238344/police-terror-trainers-lose-usb-stick-in-street/

By John E Dunn
Techworld
06 September 10

The curse of the unencrypted memory stick has stuck Manchester Police,
which has suffered embarrassment as a drive containing apparently
sensitive information was found lying in the street.

The unsecured data on the drive related to training information on
coping with riots, violent suspects, and public...
 

Posted by InfoSec News on Sep 06

http://gcn.com/articles/2010/09/06/data-recovery-vetting.aspx

By Henry Kenyon
GCN.com
Sept 03, 2010

Many government and private-sector organizations consider recovering
data from damaged laptop PC hard drives to be a minor budget item that
third-party vendors can best handle. But a seemingly inexpensive fix
could lead to compromised or stolen data, network breaches and other
security nightmares because organizations typically do not vet...
 

Posted by InfoSec News on Sep 06

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, August 29, 2010

25 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported
data loss incidents world-wide. The Open Security Foundation asks for
contributions of new incidents and new data for...
 

Posted by InfoSec News on Sep 06

http://www.theregister.co.uk/2010/09/06/hackiswack_secure/

By John Leyden
The Register
6th September 2010

Symantec has belatedly secured its laughable HackIsWack competition
website.

The site - a collaboration between the security software firm and rapper
Snoop Dogg - is designed to raise awareness about malware and identity
theft by providing a forum for a user-generated cybercrime-themed rap
competition. The site had a slow start, and...
 
Former Hewlett-Packard CEO Mark Hurd has been appointed co-president of Oracle, the software company announced Monday.
 
Former HP CEO Mark Hurd has a new job: Oracle announced Monday night that it has hired him to be one of its two co-presidents.
 
Former Hewlett-Packard CEO Mark Hurd has been appointed co-president of Oracle, the software company announced Monday.
 

Internet Storm Center Infocon Status