Share |

InfoSec News

Given all that is happening in the world of information security, it's not too difficult (usually) to find something to write a diary about.
What would you, our faithful readers like to see? Are there tips or tricks you're looking for? Do you want to see more diaries where we pose a challenge for you to solve? Are there specific topics you would like to see?
Write to us or comment on this diary to let us know what you would like to see, or see more of.

Christopher Carboni - Handler On Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Apple is reportedly investigating complaints from iPad 2 owners who say they can't connect to Verizon's cellular network, according to a story on the All Things Digital blog on Friday.
 
Convicted hacker Albert Gonzalez, who is serving a 20-year prison sentence after pleading guilty to the massive hacks at TJX, Heartland and numerous retailers, now claims that he thought he was authorized and directed by the government to carry out the illegal activities.
 

Attachmate and NetIQ team up at Infosec 2011 to focus on security compliance ...
SYS-CON Media (press release) (blog)
London UK 08th April 2011 - Attachmate and NetIQ will be joining forces and demonstrating their comprehensive portfolio of integrated security and compliance, enterprise fraud management and identity and access management (IAM) solutions, ...

 
The U.S. House voted largely along party lines to strike down the FCC's Net neutrality rules.
 
Exploiting hardware enhancements IBM added to its System z mainframe servers, BMC has updated its line of performance tuning products to help customers get more from the latest version of the DB2 database.
 
NASA said a government shutdown of more than a week could delay the final launch of the space shuttle Endeavour.
 
New Google CEO Larry Page is reportedly tying employee bonus amounts to the company's success in building a social networking business.
 
ISC DHCP 'dhclient' Shell Characters in Response Remote Code Execution Vulnerability
 

NCUA Preps CUs for Shutdown
BankInfoSecurity.com
[Feds Face Infosec Challenges in Shutdown.] NCUA Chairwoman Debbie Matz urges credit unions to maintain a state of readiness and to work prudently and flexibly to address financial needs of federal workers and other individuals affected by the impasse ...

and more »
 
Mozilla has set an aggressive schedule for the next version of Firefox, slating the release of Firefox 5 for June 21.
 
New Google CEO Larry Page is reportedly tying employee bonus amounts to the company's success in building a social networking business.
 
The developer of an unauthorized tool that Windows Phone 7 customers could use to force an update for their phones explained on Friday that he pulled the tool at Microsoft's request.
 
joomlacontenteditor (com_jce) BLIND sql injection vulnerability
 
[ MDVSA-2011:072 ] gwenhywfar
 
[ MDVSA-2011:071 ] kdelibs4
 
[ MDVSA-2011:070 ] gdm
 
The U.S. Department of Justice will require Google to develop and license travel software to competitors as a condition of its $700 million acquisition of travel software maker ITA Software.
 
Microsoft's record-setting security update next week may patch a large number of vulnerabilities in the Windows kernel, researchers said today.
 
[ MDVSA-2011:069 ] php
 
LFI Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Master-cPanel Package)
 
XSS Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Master-cPanel Package)
 
Directory Traversal Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta (Complete-Modules Package)
 
The U.S. Department of Justice will require Google to develop and license travel software to competitors as a condition of its $700 million acquisition of travel software maker ITA Software.
 
As the market for cloud services grows, big enterprise IT vendors are moving swiftly to develop cloud offerings that cater to their respective markets.
 
Google on Friday confirmed a realignment of the company's management structure that creates different groups whose managers report directly to new CEO Larry Page.
 
Each of the past 20 SNW shows I've attended include meetings with a few standout people that tell me something I didn't know or offer a new perspective on technology. This SNW was no different.
 
Verizon Wireless confirmed it will stop offering one-year service contracts for smartphones and other mobile phones, effective April 17.
 
Gibbs ponders the consequence of what may be, so far, the greatest data theft ever.
 
KDE kdelibs IP Address SSL Certificate Security Bypass Vulnerability
 
Things can change quickly in the tech business. One minute, you’ve got a perfectly state-of-the-art tablet in the form of Apple’s iPad. The next, Apple comes out with a lighter, thinner model and suddenly that original iPad doesn’t look so state-of-the-art anymore.
 
Acer's first tablet based on Google's Android 3.0 OS will ship later this month for $449, the company said Friday.
 
PHP 'php5-common.php5.cron.d' Race Condition Vulnerability
 
The proprietary multimedia plug-in platform and rival to HTML5 will offer 64-bit capabilities, digital rights management
 

65% of infosec professionals unsure of where their sensitive company files are ...
Infosecurity Magazine
Research carried out amongst 150 IT security professionals has revealed that almost two-thirds (65%) of them are unsure who has access to their company's sensitive data files. The study, carried out by data security specialist Imperva, ...

and more »
 

Attachmate and NetIQ team up at Infosec 2011 to focus on security compliance ...
RealWire (press release)
London UK 08th April 2011 – Attachmate and NetIQ will be joining forces and demonstrating their comprehensive portfolio of integrated security and compliance, enterprise fraud management and identity and access management (IAM) solutions, ...

and more »
 

In-depth: Security market responds to month of hacks and breaches
MicroScope (blog)
That's rather handy given the fact that later this month the industry gets a chance to tell customers just how it has the answers to the problems at the InfoSec show in London. Most customers heading to the show will be aware thanks to the latest ...

 
Lenovo, Motorola and Dell are preparing to launch tablets in China. But can the Happy Pad outsell Apple's iPad?
 
The professional networking site LinkedIn has finally announced the availability of an application for Android-based smartphones.
 
Seven segments of undersea data and telephone transmission cables that were damaged in the March 11 earthquake off Japan should be repaired by early May, an arm of Japan's biggest telecom group said on Friday.
 
With a new laptop computer under his arm, Kenji Takemoto marched into the Takasago Day Care Center in Sendai. It's been almost a month since an earthquake and tsunami devastated the coastal area of this city and for the tens of families living in the center, life is getting boring.
 

Jericho Forum publishes infosec buyers' guide
Infosecurity Magazine
Independent security expert group Jericho Forum has published a buyers' guide for information security products and services. "It is not a definitive reference guide to buying security products, but is intended to give some key pointers about what to ...

and more »
 
A federal government shutdown could disrupt business travel for people who need visas to enter the U.S., including those who use H-1B visas.
 
PHP 'substr_replace()' Use After Free Remote Memory Corruption Vulnerability
 

SecurEnvoy uses Infosec to tell its story of token security
MicroScope (blog)
As a result of the RSA hack some of the channel's finest have been making hay prior to their debut at Infosecurity 2011. One, SecurEnvoy, says it has had dozens of enquiries from potential customers ...

 
Linux Kernel 'net/bridge/br_multicast.c' Local Denial of Service Vulnerability
 
Linux Kernel Generic Receive Offload (GRO) Local Denial of Service Vulnerability
 
Linux Kernel Request Handling 'cm.c' Denial of Service Vulnerability
 


Internet Storm Center Infocon Status