InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The non-profit Internet Archive website has made nearly a petabyte of materials available via the BitTorrent, a controversial peer-to-peer file sharing protocol.
OpenLDAP Weak Cipher Encryption Security Weakness
Google Chrome Prior to 18.0.1025.168 Multiple Security Vulnerabilities


Infosec Jobs: Meeting the Demand
The information security job market is rapidly growing, with positions needed in areas such as application security. But finding the talent is proving difficult, says Tom Silver of Dice.com. Dice.com, the technology job site, has seen a 60 percent ...

and more »
Google today announced it had wrapped up work on a stronger Flash sandbox in the Windows version of Chrome, and would soon ship the same for its OS X browser.
Google has begun testing a search feature that mines relevant emails from users' Gmail accounts and displays links to them in the results page.
Facebook is moving to fix one of its biggest problems - finding ways to make money from its growing base of mobile users.
Easewe FTP OCX ActiveX Control 'EaseWeFtp.ocx' Multiple Insecure Method Vulnerabilities
RETIRED: SEOgento 'id' Parameter HTML Injection Vulnerability
Scrutinizer Default Password Security Bypass Vulnerability
MobileCartly 1.0 <= Remote Code Execution Vulnerability
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Jericho Systems Celebrates 10 Years of Accomplishments
EON: Enhanced Online News (press release)
DALLAS--(BUSINESS WIRE)--Jericho Systems Corporation announced that it is celebrating a decade of delivering innovative security and content filtering technology to world-class enterprises. Since August 2002, Jericho Systems has provided solutions and ...

One look at Ipininder Singh, director-technology, Convergys, and you know little fazes the man. His lithe frame and steely gaze leave little doubt.
Replacing the battery in the nearly impossible-to-repair Retina MacBook Pro laptop will run do-it-yourselfers $500, two-and-a-half times what Apple charges for the service, said iFixit.com today.
Samsung is considering buying Research in Motion or licensing RIM's BlackBerry 10 operating system, Jefferies analyst Peter Misek wrote in a note to investors this week.
Hewlett-Packard said Wednesday that it would take a $8 billion charge in its third fiscal quarter owing to weakness in its enterprise services division.
New configurations of the Shylock financial malware inject attacker-controlled phone numbers into the contact pages of online banking websites, according to security researchers from antivirus vendor Symantec.
With an extensive portfolio of services, dished out with a self-service portal, and priced with charge back mechanism, the Siva group is operating arguably one of the most mature private clouds in the country.
Samsung's Galaxy S III has won stellar reviews and reportedly sold more than 10 million units in early sales.
Microsoft will ship Internet Explorer 10 with Do-Not-Track enabled, in a move that supporters of the privacy-protecting header believe could damage acceptance by advertisers and web site operators

Security specialist Kaspersky Lab has found new versions of the ZeuS trojan apps for Android and BlackBerry devices that have one main target: mobile TANs for online banking

With the upcoming release of Microsoft Office 13, Microsoft is encouraging developers and administrators to use open Web technologies such as JavaScript, CSS and HTML to build their add-on apps.
ESA-2012-031: Iomega StorCenter/EMC Lifeline Remote Access Vulnerability
In the wake of a multi-faceted hack of a technology reporter that ended with his smartphone, tablet and notebook wiped of all data, Google's spam chief yesterday urged users to set two-factor authentication on their log-ins.
Android was on more than two-thirds of smartphones shipped in the second quarter, with Apple's iOS on around a sixth of them -- more than all the remaining smartphone OSes combined, IDC said Wednesday.
MicroStrategy CEO Michael Saylor's big interest these days is "the mobile wave," which refers to a re-ordering of technology and modern life through the proliferation of iPads, smartphones and the increasingly sophisticated software that runs on them.
Starbucks is investing $25 million in mobile payment venture Square, and will allow customers to use a Pay with Square smartphone application to buy coffee at its retail stores starting this fall.
Hitachi JP1 Multiple Products Unspecified Privilege Escalation Vulnerability
[ MDVSA-2012:127 ] libtiff
[ MDVSA-2012:126 ] libxml2

Hacker-smasher: White hats join forces to build bot-beating weapon
In a sign that the white hats are getting their act together, a variety of initiatives have sprung up to turn information security ("InfoSec") into a group activity, with the latest being Incapsula's BotoPedia online, community-sourced directory of web ...

and more »
Tests performed at the National Institute of Standards and Technology (NIST) show that a new method for splitting photon beams could overcome a fundamental physical hurdle in transmitting electronic data. These results* could lead to ...
The National Institute of Standards and Technology (NIST) has published the final version of its guide for managing computer security incidents. Based on best practices from government, academic and business organizations, this updated ...
The Identity Ecosystem Steering Group Kickoff Meeting to support the National Strategy for Trusted Identities in Cyberspace (NSTIC) will be held Aug. 15 and 16, 2012, in Chicago, Ill.In April 2011, President Obama signed the strategy, ...
A gear logo proposed to represent and easily identify open-source hardware has caught the eyes of the The Open Source Initiative, which believes the logo infringes its trademark.
The Personal Capital ( Macworld rated 4.5 out of 5 mice ) Web app is a great tool for tracking your financial assets no matter what kind of computer you're using. But you can't use the Personal Capital website with any of your iOS devices.You'll need to download the free Personal Capital iOS app, which, unsurprisingly is also a great way for you to track and manage your personal financial info while you're on the go.
LibTIFF 't2p_read_tiff_init()' Function Heap-based Buffer Overflow Vulnerability
Mahara Cross Site Scripting and HTML Injection Vulnerabilities
Before you ditch a device, you need to make sure none of your data is retrievable. Here's how to do it.
Recycling has become mandatory in many states -- here's how to choose the many different ways to sell, recycle, or give away all your unused or unusable gadgets.
Among other things, the new version of Burp Proxy offers a workaround for a problem that previously prevented the analysis of encrypted SSL connections on Android phones

A vulnerability in the ODF renderer used by KOffice and Calligra that uses a buffer overflow to execute arbitrary code has been reported. The vulnerability is rated Highly Critical



Infosec Jobs: Meeting the Demand
Infosec Jobs: Meeting the Demand. Why Organizations Struggle to Fill Open Positions. By Jeffrey Roman, August 8, 2012. Credit Eligible. Save to My Briefcase; Send Email. Tweet Like LinkedIn share. Infosec Jobs: Meeting the Demand. The information ...

While the Mars Curiosity rover is the most complex machine NASA has ever sent to another planet, the computer that runs it is no more powerful than the one in your smartphone.
A Federal Court judge warned Samsung to rethink its allegation that Apple improperly influenced expert witnesses key to the companies' ongoing patent infringement trial.
The number of new lawsuits against Apple in China continues to grow, as a Taiwanese man has sued the company, alleging that the FaceTime feature on its iPhone and iPad infringes on one of his patents.
A Samsung supplier in China allegedly employs workers under the age of 16, according to a labor watchdog group, which found the student workers earn about US$1 an hour.

Posted by InfoSec News on Aug 08


By Erik Waxler
ABC Action News
August 7, 2012

NEW PORT RICHEY, Fla. - While Roy Antigua is in jail on a violation of
probation charge, New Port Richey police are looking to see if he
committed any other crimes. But they say they need the public to help.

Seven tables inside the police department are filled with badges,...

Posted by InfoSec News on Aug 08


By Taylor Armerding
August 07, 2012

In the war over government data security, the statistics indicate the
bad guys are winning. And some security experts say any hope of
reversing that trend will take "a whole new paradigm" in IT security.

The U.S. Government Accountability Office (GAO) reported last week that
federal data breaches involving...

Posted by InfoSec News on Aug 08


By Steven Musil
August 7, 2012

Apple has reportedly stopped taking AppleID password resets requests
over the phone, following the account hack of a technology reporter over
the weekend.

An unnamed Apple employee told Wired that the ban would remain in effect
for at least 24 hours and speculated that the freeze was...

Posted by InfoSec News on Aug 08


By Beth Walsh
August 6, 2012

Less than a year after it was discovered that almost 20,000 patient
names and diagnoses were published on a public website where they
remained for a full year, Stanford Hospitals & Clinics and the School of
Medicine has suffered another data breach. A...
Apple and Amazon have, at least temporarily, stopped allowing password resets over the phone

Todd Miller Sudo Insecure Temporary File Creation Vulnerability
Palo Alto Networks Multiple Products 'inputStr' Parameter Cross Site Scripting Vulnerability
Internet Storm Center Infocon Status