InfoSec News

Chip maker Calxeda has received an investment to the tune of US$55 million to develop low-power server chips with ARM processors, the company is expected to announce on Tuesday.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A study by the Ponemon Institute found that successful cyberattacks rose from 50 attacks on average per week in 2010 to 102 on average per week.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
After a yearlong investigation, a congressional committee concluded that Chinese telecommunication equipment vendors Huawei Technologies and ZTE pose a security threat to the U.S., with lawmakers advising U.S. private-sector firms not to buy networking gear from the companies.
President Barack Obama is more savvy about using social networks during the presidential campaign than his Republican opponent Mitt Romney, according to a Google-sponsored survey.
Attackers can abuse Facebook's phone search feature to find valid phone numbers and the name of their owners, according to security researchers.
One month does not make a trend, but IT employment dipped last month after a long stretch of gains.

InfoSec Skills Acquires Online Information Security Resources Site, InfoSec ...
Melodika.net (press release)
UK–based information security training company, InfoSec Skills (http://www.infosecskills.com) has today announced the acquisition of Information Security resources company, InfoSec Reviews, which is now fully assimilated into the InfoSec Skills website ...

Adobe today issued a surprise update for Flash Player that patched 25 critical vulnerabilities in the ubiquitous media software.
RapidLeech 'notes' Parameter HTML Injection Vulnerability
Tienda Virtual 'art_catalogo.php' SQL Injection Vulnerability
Models of Research in Motion's PlayBook tablet have been pulled from online stores of some top retailers in the U.S. and Canada, a move one analyst said could be a sign that the company is readying a successor tablet.
Bacula Console ACL Access Security Bypass Vulnerability
The SpaceX Falcon 9 rocket successfully blasted off from Florida's Cape Canaveral Air Force Station Sunday night, marking a new chapter in America's space program.
The Federal Trade Commission action last week against Indian scammers posing as Microsoft technical support has prompted users to relate their tales of woe.
Hackers have attacked the popular online game, World of Warcraft, and caused the death of all player and non-player characters in several in-game cities. The exploit has apparently been closed


Infosec Slowly Puts Down Its Password Crystal Meth Pipe
Dark Reading (blog)
There is an immense amount of technology churn in identity. The Cloud Security Alliance guidance alone mentions dozens of different identity standards, but which ones work best for an enterprise and how should they choose? A pragmatic way to think ...

The new dream in computing is keeping all of your files in "the cloud," on remote servers that you can access from anywhere at any time. Apple's cloud-based syncing and storage service, iCloud, debuted in June 2011. Still, only since the release of OS X Mountain Lion that enough applications have started to support iCloud document syncing for this feature to be useful. Working with iCloud is fairly simple, but you need to know the ground rules if you plan to start storing your documents in the cloud.
With its cool climate, low risk rating and skilled labor force, Canada seems like a great spot to build a new data center. If that's where your customers are, experts say, there's no reason not to expand north of the border. Otherwise, think twice.
Microsoft has settled its lawsuit with the owner of the 3322.org domain which was being used to host 70,000 subdomains for the Nitol botnet in China. The owner has agreed to several conditions to receive control of the domain again

A report by the House Intelligence Committee found Chinese telecoms, Huawei and ZTE, pose a significant security threat to the United States.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
When people die in the real world, their online alter egos may live on, creating an unusual situation for those who only knew them through their online presence. The law is only beginning to address this limbo state, and fragmented privacy legislation provides no conclusive answer to the question of who should be allowed to access or delete someone's social networking profile or email correspondence after they die, a panel discussion at the Amsterdam Privacy Conference concluded.
US lawmakers in the House of Representatives Intelligence Committee have released a report which calls for the US to not buy Huawei and ZTE equipment and to block mergers and acquisitions by the companies
Multiple IBM products GSKit Client Hello Message Remote Denial of Service Vulnerability
They've improved, which raises some interesting possibilities for shoring up security defenses.
Postmasters and other network administrators should remove RFC-Ignorant.org from their server configurations immediately. The internet misuse notification site is already responding to queries negatively

IBM Multiple Products Global Security Toolkit Security Vulnerabilities
Polycom plans to break down one more set of barriers to videoconferencing early next year with a cloud-based software platform that can set up sessions with anyone who uses Facebook, Skype, or certain other online services.
An embarrassing news hoax at Hakin9, a mobile security project from OWASP, insights at Sophos about a recent false alarm, an Anti-Cross Site Scripting Library from Microsoft, and a new SysInternals toolkit component

US lawmakers in the House of Representatives Intelligence Committee have released a report which calls for the US to not buy Huawei and ZTE equipment and to block mergers and acquisitions by the companies

Dell has developed a line of servers based on designs the company is using in an upcoming 10-petaflop supercomputer called Stampede.
Many BI vendors claim that their products support Hadoop, but Forrester says customers should find out what that support really entails.
Latest report from Foote Partners shows the pay advantage has now been documented for six straight years.
Our manager has some cleaning up to do after a third party's penetration testing uncovers some disturbing findings.
Kevin Kometer started at futures exchange CME group as a lead programmer, but by accepting myriad positions over the past 20 years, he accumulated the knowledge to lead a global company that electronically processes 3 million futures contracts a year.
The first step is to expand what, for those in IT, is a limited understanding of what influence is.
Proposals to overhaul the H-1B visa program have re-emerged in Congress -- and a particularly interesting one comes from Microsoft. Insider (registration required)
Colleges and universities are moving swiftly to create advanced degree programs aimed at helping to fill an exploding need for specialists who can manage and analyze big data.
American Airlines plans to buy some 17,000 first-generation Samsung Galaxy Note devices for use by flight attendants on its planes.
Microsoft has extended mainstream support for Windows Server 2008 by 18 months.

Posted by InfoSec News on Oct 07


By Dan Goodin
Ars Technica
Oct 6, 2012

A widely used cryptographic algorithm used to secure sensitive websites,
software, and corporate servers is weak enough that well-financed
criminals could crack it in the next six years, a cryptographer said.

The prediction about the SHA1 algorithm, posted recently to a hash
function mailing list sponsored by the National...

Posted by InfoSec News on Oct 07


By Andy Sambidge
7 October 2012

Norton by Symantec on Sunday revealed that more than 1.5 million people
fell victim to cyber crime in the UAE in the last year.

Its annual Norton Cybercrime Report said the average UAE victim suffered
direct financial losses of $283.

The global study is based on self-reported experiences of more than...

Posted by InfoSec News on Oct 07


By Andy Greenberg
Forbes Staff

The security researchers who spend their days breaking into clients’
systems to find and fix security vulnerabilities often call themselves
“penetration testers,” or “pentesters.” But one group of hotel lock
hackers just gave the term “pentest” a...

Posted by InfoSec News on Oct 07


The New York Times
October 5, 2012

This fall, 16 high schools in California started experimental workshops,
billed as a kind of "shop class for the 21st century," that were
financed by the federal government. And over the next three years, the
$10 million program plans to expand to 1,000 high schools, modeled on
the growing...

Posted by InfoSec News on Oct 07


By Aliya Sternstein
October 5, 2012

The presumed government sponsors behind a string of targeted attacks on
mainly Middle Eastern computers likely are evolving their techniques to
hide trademarks that have revealed their work to be a unified campaign,
according to computer security researchers. The public’s...
html2ps 'include file' Server Side Include Directive Directory Traversal Vulnerability
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3978 Security Bypass Vulnerability
Internet Storm Center Infocon Status