InfoSec News

The U.S. National Security Agency confirmed the existence of a controversial program aimed at protecting the country's critical infrastructure Thursday, but disputed claims that the program would monitor network traffic on critical infrastructure networks.
 
Nonprofit organization One Laptop Per Child on Thursday said it is adding a multitouch screen to the upcoming XO-1.75 laptop and is modifying software to take advantage of the new hardware.
 

Jobs Aplenty for the IT Security Pro
GovInfoSecurity.com (blog)
The government doesn't track infosec job titles; they're mostly lumped in with eight IT job categories, but the online employment service Dice.com does. ...

and more »
 
Following a final ruling from a judge in the U.S. District Court for the District of Utah in June, SCO Group on Wednesday filed an appeal in its long-running legal battle with Novell.
 
A security researcher said on Thursday he was the first to crack the code embedded in the seal of the U.S. Cyber Command (Cybercom), the group responsible for protecting the country's military networks from attack.
 
Someone hacked the list of attendees for the recent Cisco Live 2010 users' conference, a security breach that led Cisco to notify the customers as well as a broader group who have dealings with the company.
 
Nearly two years after promising a client hypervisor, VMware has yet to deliver.
 
Premier 100 IT Leader Melvin Evans answers questions about advancing from the help desk, dealing with a boss who claims your ideas as his own, coping with stupid users and more.
 
Recently, a group of hackers was able to gain access to user's personal files on a file-sharing site via SQL injection flaws. The group was able to view and edit personal information further proving that SQL injection is a major problem.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Filesharing - SQL injection - Pirate Bay - Database - SQL
 
In a major triumph for alternative energy researchers and enthusiasts, an experimental, solar-powered plane Thursday successfully completed a 26-hour flight powered by 12,000 solar cells and sunlight-powered lithium batteries.
 
Facebook has acquired NextStop, a two-year-old startup that lets people create and share travel guides and recommendations.
 
Ubuntu has released a security advisory and update that fixes PAM. The vulnerable code would allow any user with local login privileges to escalate to root. http://www.ubuntu.com/usn/usn-959-1 It is recommended to upgrade immediately.
-Kyle Haugsness (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
It's unlikely that consumers' iTunes accounts were hacked by a Vietnamese iPhone developer, a security researcher said,
 
The U.S. Department of Health and Human Services has proposed new federal privacy rules that would further restrict the use of patient information by healthcare facilities and ban the sale of patient data without consent.
 
The packaging for the Apricorn Aegis NetDock docking station ($89, as of 7/6/2010) only implies that there's an optical drive on board. But don't be fooled: Not only is there one--an 8X TEAC DV-W28S-V DVD burner in this case--but four USB 2.0 ports as well. Two of these ports remain powered even when the unit isn't attached to a computer, so you can charge cell phones and other mobile devices with them. It's this versatility that helps make the NetDock a useful add-on for laptop and netbook users who may find themselves without such amenities.
 
Android is gaining on all the major smartphone platforms in the U.S., though it was only the fourth-most-used mobile operating system in May, market data firm comScore reported on Thursday.
 
Sure, Firefox 4's new Chrome-like UI is nice, but the real story is under the hood
 
A Canadian law firm has filed a class-action lawsuit against Facebook, alleging the social network mishandled users' private information and breached their privacy.
 
Microsoft will release a patch for a bug exposed last month by a Google engineer on Patch Tuesday next week, a month earlier than planned.
 
The U.S. International Trade Commission has launched an investigation into patent complaints brought by FlashPoint Technology, which alleges that four smartphone makers violated three patents related to the digital camera functions in the devices.
 
Juha-Matti was the first to write in with this article from Brian Krebs. The article explains how the Pirate Bay user database was compromised via SQLinjection. http://krebsonsecurity.com/2010/07/pirate-bay-hack-exposes-user-booty/
Of course, I am sure that none of our readers would have an account at the Pirate Bay except for the rare I'm doing security research purpose only. But you may want to drop a helpful hint to your friends.
-Kyle Haugsness (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Evidence is mounting that there's more FaceTime video chat coming in handheld devices, with reports surfacing that the next iPod Touch will have a front-facing camera.
 
Sayonara spotty hotel Internet. Au revoir overloaded coffee-shop wireless. Bye-bye pricey airport Wi-Fi.
 
Microsoft plans to release four bulletins, next week, repairing an actively targeted Help and Support Center zero-day vulnerability in Windows XP and a display driver error.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Windows XP - Microsoft - Zero day attack - Operating system - Microsoft Windows
 
The reported U.S. plan to have the National Security Agency oversee the monitoring of critical government and private infrastructure networks has drawn cautious support from security analysts.
 
As more people seem to be releasing 0day vulnerabilities against Microsoft products, Iposted a new poll on the Microsoft-Spurned Researcher Collective. Give us your opinions. http://isc.sans.edu/poll.html?pollid=295 (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A lot has been written about the iPhone 4's ability to record HD video, and its inability to upload via the AT&T 3G wireless network (maybe next year, guys). However, there's another way you can record HD video and upload it wirelessly (via Wi-Fi), with the help of two cool tools.
 
Mozilla has released the first beta version of Firefox 4, its updated browser that offers new features like a revised menu layout, more screen space for Web pages, and more HTML 5 HD video support.
 
A ruling Thursday in Europe’s Court of Justice could have wide-reaching implications for online advertising.
 
With Firefox 4 emerging as a public beta this week, it's time to take a closer look at the next version of Mozilla's Web browser. I spent some time with this pre-release version to see how it compares to its predecessor.
 
HP Labs India has developed a cloud-based technology, called SiteonMobile, that simplifies accessing content and doing transactions on the Web.
 
Facebook faces a fine from a German privacy regulator for failing to obtain the consent of the people whose contact details it stores.
 
CloudZap ($60, 30-day free trial) allows for easily sending documents to services such as Box.net, Google Docs or Microsoft SharePoint when you print or scan a file. It can send to multiple such services at once, and also zap files off to the services via Windows Explorer.
 
Quanta Computer, the world's largest contract laptop computer maker, set record highs for shipments and revenue in the month of June, a sign demand for technology products hasn't stumbled despite fears of debt problems in some parts of Europe.
 
After months of debate, the European Parliament gave its consent to the controversial Swift agreement.
 
The White House Office of Science and Technology Policy has so far failed to live up to its responsibility to coordinate a national cybersecurity R&D agenda, the Government Accountability Office (GAO) said in a report released this week.
 
Does Firefox look like a Chrome copy to you? Or simply similar, only better? Take a spin through these five pairs of compare-and-contrast slides, then decide.
 

Forbes (blog)

Throwing The Sun Tzu Baby Out With The InfoSec Bathwater
Forbes (blog)
I'd love to hear either of these two gentlemen discuss where they make the distinction between InfoSec for the enterprise versus InfoSec as an "expression ...

 

Internet Storm Center Infocon Status