Hackin9

InfoSec News

Microsoft is preparing to addressing 20 vulnerabilities for its December Patch Tuesday, including flaws in Internet Explorer, Windows Media Player and Microsoft Publisher

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Gigabit-speed wireless LAN products based on the emerging IEEE 802.11ac standard will start shipping next year and usher Wi-Fi into its next era of high speed and long range, communications chip maker Broadcom said Thursday.
 
Google has released a free mobile app that pulls content from different websites into one place and lets people build what looks a bit like their own personalized online magazine.
 
QEMU KVM Virtio Component VSC_ATR Message Local Privilege Escalation Vulnerability
 
WebKit SVG CVE-2010-3113 Memory Corruption Vulnerability
 
Executives from Microsoft and Google on Thursday gave a glimpse into the size of their privacy organizations, which are required for the companies to try to avoid running foul of complicated U.S. privacy regulations and prepare for changes coming to privacy laws around the globe.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
ISC DHCP Regular Expressions Denial of Service Vulnerability
 
Dovecot SSL Certificate 'Common Name' Field Validation Security Bypass Vulnerability
 
Call for Papers - 2012 Rocky Mountain Information Security Conference
 
Re: seamless bait-and-switch
 
[ MDVSA-2011:182 ] dhcp
 
[DCA-2011-0015] QuesCom Qportal User - OctoWebSvr/COM - Source Code Disclosure
 
Google has started pushing its Google+ social networking service further into Gmail with new features that let users add to their circles directly from their email accounts.
 
Microsoft and Hewlett-Packard, hardly strangers to joint product efforts, are now teaming up to sell cloud services.
 
Google launched its Android mobile operating system as an open platform, but the company hasn't been very open about how it's working with Verizon Wireless on the Google Wallet mobile payment app on the Galaxy Nexus, an analyst said.
 
The Internet Corporation for Assigned Names and Numbers (ICANN) may be moving forward too fast on a plan to sell hundreds of new generic top-level domains starting early next year, several U.S. senators said Thursday.
 
Google Executive Chairman Eric Schmidt today distanced his company from Carrier IQ's software, even as he described the technology as a keylogger. Schmidt's comments came at an Internet freedom conference in the Netherlands.
 
Microsoft today announced it will issue 14 security bulletins next week to patch 20 vulnerabilities in Windows, Internet Explorer (IE), Office, and Windows Media Player.
 
A researcher has published some information about two new previously unknown vulnerabilities that appear to be exploitable in Adobe Flash version 11.1.102.55 and previous. Adobe has not yet released an advisory. There is no patch or workaround for the vulnerabilities. As far as I know there have not been any IDS/IPS or anti-virus signatures released yet for the exploit. On the good side this one does not yet appear to have been exploited in the wild. The major operating systems that run Flash all appear to be vulnerable. The vulnerability impacts are full compromise as the user running Flash via remote arbitrary code execution, typically delivered from a malicious web page with a crafted SWF file. Little else is known about the specific nature of the vulnerabilities. CVE CVE-2011-4693 and CVE-2011-4694 have been assigned. This will likely be another major one to keep an eye one in the near future. Particularly as Adobe scrambles to get a patch out and everyone else looks for mitigation strategies.
References:
http://www.securitytracker.com/id/1026392

http://secunia.com/advisories/47161

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4693

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4694
Cheers,

Adrien de Beaupr

intru-shun.ca (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft have released the advance bulletin notification for the gifts we will be presented with next week. Too early for Christmas! 14 security bulletins; 3 Critical and 11 Important.
http://technet.microsoft.com/en-us/security/bulletin/ms11-dec
Cheers,

Adrien de Beaupr

intru-shun.ca
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft today announced it will issue 14 security bulletins next week to patch 20 vulnerabilities in Windows, Internet Explorer (IE), Office, and Windows Media Player.
 
Facebook confirmed Thursday that it has launched a corporate reorganization around its product development.
 
Federal agencies will soon have a government-wide security standard for assessing, authorizing and monitoring cloud products and services.
 
Hard disk drive shortages triggered by flooding in Thailand could mean 3.8 million fewer PC shipments in the first quarter of 2012 than IHS iSuppli expected in August.
 
Two U.S. lawmakers have released an alternative proposal to two controversial bills intended to crack down on online copyright infringement, and they're asking the Internet community to comment on and suggest changes to the draft bill.
 
A study of enterprise applications designed for Android devices found over 40% of Android applications contain hard-coded cryptographic keys, a practice that weakens Android app security.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Microsoft will be able to throw a "kill switch" to disable or even remove an app from users' Windows 8 devices, the company revealed in documentation for its upcoming Windows Store.
 
Social networking services really do a bad job with managing our privacy ... and the problem apparently is that we and they don't know and don't care to fix it
 
After the U.K. government blamed social networks for fueling the riots last summer, a study shows that Twitter did not incite rioters but was used as a source for positive work.
 
Amazon Web Services customers this week are worrying about a server reboot the provider is pushing out, but if users have architected their applications properly, they shouldn't be concerned, experts said.
 
Four residents of Romania have been charged for their alleged participation in a multimillion-dollar scheme to remotely access point-of-sale systems at more than 150 Subway restaurants and other U.S. merchants and steal payment card data, the U.S. Department of Justice said.
 
Twitter announced a redesign today aimed at making the site more customizable and easier to use.
 
Verizon Wireless said its nationwide 4G LTE network service returned to normal Wednesday night after a technical issue was resolved.
 
Red Hat Linux Kernel Ethernet Bridge Interface Denial of Service Vulnerability
 
0A29-11-2 : Privilege escalation vulnerability in HP Application Lifestyle Management (ALM) Platform v11
 
Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities
 
The top antitrust official at the U.S. Department of Justice (DOJ) on Wednesday confirmed that the agency is investigating possible price-fixing in the electronic book industry.
 
Verizon Wireless said its nationwide 4G LTE network service returned to normal Wednesday night after a technical issue was resolved.
 
Re: Wordpress pretty-link.1.5.2 plugin Cross-Site Scripting Vulnerabilities
 
ZDI-11-345 : TrendMicro Control Manager CmdProcessor.exe AddTask Remote Code Execution Vulnerability
 
ZDI-11-344 : RealNetworks RealPlayer RV20 Decoding Remote Code Execution Vulnerability
 
IBM is buying analytics vendor DemandTec for $440 million in a bid to build out its line of e-commerce software, the companies announced Thursday. The transaction is expected to close in the first quarter of next year.
 
seamless bait-and-switch
 
Verizon Wireless said its nationwide 4G LTE network service returned to normal Wednesday night after a technical issue was resolved.
 
OnLive officially goes where no cloud gaming service has gone before today—Android tablets and smartphones, with Apple's iOS devices to follow pending certification.
 
ZDI-11-343 : RealNetworks RealPlayer mp4arender esds channel count Remote Code Execution Vulnerability
 
ZDI-11-341 : Cisco WebEx Player WRF Type 0 Parsing Remote Code Execution Vulnerability
 
ZDI-11-340 : Apple Quicktime Font Table Signed Length Remote Code Execution Vulnerability
 
There is a lot of badly engineered software in the world that's creating a lot of risk to businesses and organizations, and accumulating so-called 'technical debt.'
 
As more and more iPads, iPhones and Android devices show up in the workplace -- the 'bring your own device' trend writ large -- IT shops have to figure out how to manage and secure them all. Columnist Ryan Faas has some advice. (Insider, registration required)
 
Micro Focus has adapted its SilkPerformer platform for testing of mobile web applications, in a effort to help users improve performance, the company said on Thursday.
 
Apricorn's Velocity Solo upgrade kit gives older Windows PCs the ability to read SATA 3.0 hard drive and SSDs.
 
With some funding from Google and the U.S. Energy Department, a pair of computer scientists at Dartmouth University are updating the venerable grep and diff Unix command line utilities to handle more complex types of data.
 
Chinese authorities continue to inspect a factory that produces aluminum casings for Apple's MacBook laptops, following residents' complaints of unbearable odors coming from the facility.
 
Microsoft and General Electric's healthcare IT business are setting up a 50:50 joint venture to develop and market an open, interoperable technology platform and clinical applications for enabling better population health management, the companies said Thursday.
 
Internet Storm Center Infocon Status