InfoSec News

Pursuing speed, Google now refreshes search results while people type queries, which could usher in major changes for end users, advertisers and publishers.
 
We take a look at what's coming up next on his IT agenda.
 
No patch yet available for zero-day vulnerability that is reportedly being exploited in the wild.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Adobe Acrobat - Zero day attack - Adobe Systems - Security - Reader
 
The mastermind behind one of the biggest hacking paydays in history has been sentenced to four years' probation and an US$8.9 million fine, according to published reports.
 
Apple may think that its iPad is magical and revolutionary, but it's far from perfect, requiring additional accessories and products to enhance its features and functions. Here's a bunch of the latest iPad accessories that have come across the desk recently.
 
U.S. President Barack Obama has called on Congress to approve a permanent research and development tax credit for U.S. companies as part of a multibillion-dollar package intended to jump-start the nation's economy.
 
Adobe today warned users that attacks have begun exploiting an unpatched bug in its popular Reader and Acrobat PDF viewing and creation software.
 
HP expanded its IP phone and wireless LAN offerings for small and medium-size businesses as part of a broad set of product introductions for those customers.
 
Oracle's board of directors has weighed in against a shareholder proposal calling for the creation of a board-level committee on sustainability, according to the proxy statement for the vendor's upcoming annual meeting.
 
Four months ago, amidst a backlash from government regulators and privacy advocates, Google stopped collecting Wi-Fi data with its Street View cars. But that doesn't mean Google has stopped collecting wireless data altogether, and neither have other companies such as Apple.
 
As expected, Apple today released the iOS 4.1 update for its iPhone and iPod Touch and patched two dozen security vulnerabilities in its mobile operating system.
 
HP announced storage hardware upgrades and management software updates for SMBs. The upgrades include the ability to create a SAN using both VMware and HyperV servers as well as being able to back up SQL and Exchange servers.
 
We just received word that there is a report of a 0-day exploit for Adobe Acrobat/Reader being exploited in the wild. Secunia has a brief write up and here is the link to the original advisory. The exploit was discovered in a phishing attempt with the subject of David Leadbetter's One PointLesson. Adobe has issued an advisory and references CVE-2010-2883(which just shows as reserved at this point with no details). It does effect the latest version of Acrobat/Reader and Adobe is investigation a patch. More to come on that.
The exploit in the wild I'm aware of causes a crash in Acrobat/Reader and then tries to open a decoy file. So the good news is that, as of right now, it's a loud exploit. Early VirusTotal scans also had partial coverage under various forms of Suspicious PDF categories. At this point, standard precautions apply (don't open PDFs from strangers) and this can probably only really be used in a phishing style scenario. Will update this dairy as needed with developments.
--

John Bambenek

bambenek at gmail /dot/ com (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
IBM's Hetal Thaker bucks a couple of common stereotypes regarding football viewership and fantasy football leagues -- and uses predictive analytics to draft her way to success. Here's her advice on analyzing data on running backs and running your business.
 
I admit it: my eyes are getting old. And more and more these days I find myself suffering from eyestrain after spending hours in front of the computer.
 
Google today announced a new feature that will allow users to get search results as they type their queries.
 
Apple yesterday patched three vulnerabilities in Safari, including one in the Windows version that quashed a bug Microsoft said individual developers had to fix themselves.
 
Oracle CEO Larry Ellison received compensation in fiscal 2010 valued at $70.1 million, compared to $84.5 million in 2009.
 
-- John Bambenek bambenek at gmail /dot/ com (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
CapGemini's $300 million bet on Brazilian outsourcer CPM Braxis is another sign of a sizzling South American IT services market. But much of the activity remains focused on serving local Latin American customers rather than winning over U.S.-based clients.
 
Catsgirl complained about "big Bing, little Bing, everywhere a Bing Bing." She asked the Answer Line forum how to get Bing out of her face.
 
-- John Bambenek bambenek at gmail /dot/ com (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
-- John Bambenek bambenek at gmail /dot/ com (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
-- John Bambenek bambenek at gmail /dot/ com (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Cybercriminals are dumping the traditional email phishing campaigns for social networks, where it's easier to social engineer attacks and gain trust of users.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

phish - Facebook - Social network - Theft - Crime
 
Pliant released its first MLC-based solid state drive products today for data centers, saying the drives are half the price of SLC-based SSDs while still offering vastly higher performance than hard disk drives.
 
Hewlett-Packard on Wednesday announced a low-cost, entry-level server for small businesses that bundles advanced features in a small package.
 
Mozilla on Tuesday patched 15 vulnerabilities in Firefox, 11 of them labeled critical.
 
A wide-ranging flock of Python IDEs offer great options for Windows scripting, GUI applications, Web frameworks, multilanguage development, and more
 
Netbooks and iPads currently coexist in an increasingly mobile world. But what is the future for these two devices -- will one push out the other?
 
Hewlett-Packards reaction to the move by its former CEO, Mark Hurd, to the upper ranks of Oracle is one of sound and fury, but mostly fear.
 
InfoSec News: Cyber Task Force Passes Mission to Cyber Command: http://www.defense.gov/news/newsarticle.aspx?id=60755
By Army Sgt. 1st Class Michael J. Carden American Forces Press Service Sept. 7, 2010
ARLINGTON, Va., -- After spending the better part of the past decade defending the Defense Department’s computer networks, the Joint Task [...]
 
InfoSec News: HP Sues Mark Hurd Over Oracle Competition: http://www.informationweek.com/news/storage/systems/showArticle.jhtml?articleID=227300300
By Thomas Claburn InformationWeek September 7, 2010
HP said on Tuesday that it had filed a civil lawsuit against former CEO Mark Hurd in response to news on Monday that Hurd had been hired by [...]
 
InfoSec News: Big cybersecurity contractors turn to little firms for specialized monitoring services: http://www.washingtonpost.com/wp-dyn/content/article/2010/09/03/AR2010090305331.html
By Marjorie Censer Captial Business The Washington Post September 6, 2010
Large defense contractors are increasingly readying to bid for cybersecurity work by buying or partnering with smaller firms that [...]
 
Just under two-thirds of all Internet users have been hit by some sort of cybercrime, and while most of them are angry about it, a surprisingly large percentage feel guilt too, according to a survey commissioned by Symantec.
 

Posted by InfoSec News on Sep 08

http://www.washingtonpost.com/wp-dyn/content/article/2010/09/03/AR2010090305331.html

By Marjorie Censer
Captial Business
The Washington Post
September 6, 2010

Large defense contractors are increasingly readying to bid for
cybersecurity work by buying or partnering with smaller firms that
specialize in closely monitoring the data that courses over
communications networks.

One chief capability in demand these days is known as "deep...
 

Posted by InfoSec News on Sep 08

http://www.defense.gov/news/newsarticle.aspx?id=60755

By Army Sgt. 1st Class Michael J. Carden
American Forces Press Service
Sept. 7, 2010

ARLINGTON, Va., -- After spending the better part of the past decade
defending the Defense Department’s computer networks, the Joint Task
Force Global Network Operations command cased its colors.

The task force was deactivated in a ceremony today here at the Defense
Information Systems Agency. The task...
 

Posted by InfoSec News on Sep 08

http://www.informationweek.com/news/storage/systems/showArticle.jhtml?articleID=227300300

By Thomas Claburn
InformationWeek
September 7, 2010

HP said on Tuesday that it had filed a civil lawsuit against former CEO
Mark Hurd in response to news on Monday that Hurd had been hired by
Oracle as President and had joined the database company's board of
directors.

"Mark Hurd agreed to and signed agreements designed to protect HP's
trade...
 
SAP partner and start-up Leapfactor announced a cloud-based system to support mobile applications, including back-office custom applications for accounting and customer support.
 
Oracle called Hewlett-Packard's lawsuit against its former CEO "vindictive" and said it threatened the companies' close relationship.
 

Internet Storm Center Infocon Status