InfoSec News

Defects in Amdocs software code will push back the introduction of a new customer care and billing system at Clearwire until next year, the wireless broadband provider said in a regulatory filing.
 
The U.S. Court of Appeals for the District of Columbia circuit has rejected claims by the government that federal agents have the right to conduct around-the-clock warrantless GPS tracking of suspects.
 
After delays, Qualcomm will start shipping its fastest Snapdragon dual-core chip for smartphones and tablets in the fourth quarter, with devices possibly launching by the end of this year, the company said on Monday.
 
Tom wrote in to the handlers list today and asked a question that Ithink our readers can help with (especially since we've gotten so many great ideas from the diary asking for suggestions for Cyber Security Month). He is looking for tools to allow for more proactive monitoring of his systems, but given shrinking budgets (he works in government, but the situation isn't much better anywhere else), he's looking for something free or, at least, inexpensive. What are you using to monitor patch status? application versions? A/V? behavior? strange files? network devices? anything else? Is it centrally managed? Does it scale?
---------------

Jim Clausing, jclausing --at-- isc [dot] sans (dot) org

FOR408 Computer Forensics Essentials coming to central OH in Sept, see http://www.sans.org/mentor/details.php?nid=22353 (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
In the old days, people drank their morning coffee while reading the newspaper. These days, they're more likely to drink it while reading the Web.
 

Ten Million Cyberattacks A Day
One News Page
MarkSilver RT @SRA_One: RT @SRA_OneVault: Ten Million Cyberattacks A Day!! http://ow.ly/2n2CB #infosec #cybersecurity @hackingexposed - about 2 hours ago ...

 
---------------

Jim Clausing, jclausing --at-- isc [dot] sans (dot) org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
CSO's Bill Brenner learned the hard way that there are certain things you shouldn't do in Washington D.C. Here's his account of a run-in with Secret Service.
 
Security researchers have reported a new Windows vulnerability that could allow attackers to gain elevated privileges on vulnerable machines.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Microsoft Windows - Vulnerability - Security - Microsoft - Windows
 
The answer is probably not -- at least an unprovoked attack -- based on extensive new legal research appearing in an upcoming issue of the British journal INFO.
 
AT&T's latest filing with the U.S. Securities and Exchange Commission indicates the operator may be preparing to lose its exclusive hold on the iPhone.
 
Move over video deejays. MTV has just hired its first Twitter deejay or TJ.
 
Google and Verizon Communications have released a proposal that suggests the U.S. Federal Communications Commission should enforce network neutrality rules and fine broadband providers up to $2 million for violations.
 
With Mark Hurd's sudden resignation, Hewlett-Packard has a golden opportunity to hire a CEO with business savvy in the mobile, wireless and smartphone markets. Such a move would give the mature technology behemoth a needed and vital strategic direction.
 
Texas Instruments on Monday said it will start shipping a new dual-core chip for devices like smartphones and tablets later this year.
 
Apple's new iPad casts a 'halo' over the older iPhone, with owners of the tablet about twice as likely to want the company's smartphone as consumers who own neither, a Nielsen analyst said today.
 
Google and Verizon Communications have released a proposal that suggests the U.S. Federal Communications Commission should enforce network neutrality rules and fine broadband providers up to $2 million for violations.
 
Automobile tire pressure monitoring systems, now required on new autos in the U.S., show little concern for security, researchers have found.
 
Apple today began taking orders for its most expensive computer, the Mac Pro, but won't ship the tower-style desktop to customers for at least a week and a half.
 
A U.S. judge has ordered a halt to a Canadian operation that allegedly posed as a domain-name registrar in an effort to collect fees from thousands of U.S. consumers, small businesses and nonprofits, the U.S. Federal Trade Commission said.
 
Best Buy's chief technology officer Robert Stephens recently posted photos of a prototype tablet on his Twitter feed, fueling speculation that Best Buy is creating its own in-house branded tablet computer.
 
Joining fellow on-demand ERP (enterprise resource planning) vendor NetSuite, Intacct is taking aim at services-based businesses with a new product and partnership.
 
Skype SA seeks to raise $100 million through an initial public offering (IPO) in the U.S., as the Luxembourg-based provider of Internet telephony, video calling and instant messaging communications seeks to diversify and boost its user base and revenue.
 
A Gartner report about users looking at migrating from Lotus Notes and Domino didn't sit well with IBM's Ed Brill, who spoke his mind in a Friday blog post. But his spin on the contents of the report is too one-sided, according to Gartner's Tom Austin, who shot back over the weekend.
 
The woman who had a 'close personal relationship' with former HP Chairman and CEO Mark Hurd is a business exec and sometime actress who appeared on the reality TV show Age of Love.
 
Gather your lucky charms and stroke your rabbit foot for good luck before starting to install the DFL-210.
 
Our suburban test lab includes AT&T U-verse rated at 18Mbps, and Time Warner Cable data access rated at 15Mpbs with "Turbo" mode for faster downloads. Each router was configured with a single WAN connection first then reset for a new IP address range. Once the router was up and running, a second WAN link was added. We then ran real world tests for multiple days, tracking throughput and service issues. We also used the monitoring utilities provided by the routers to track how the traffic flowed between the two WAN connections.
 
Check Point calls the 1000N a firewall more than a router, and they advertise gigabit throughput, plus 400 VPN tunnels that can run as fast as 200Mbps. You can also run two 1000N units linked together for high availability.
 
A metal box with all the plugs in the back and status lights on the front, the TRENDnet Dual WAN Advanced VPN Router covers the same price range as Netgear. Four 10/100 Fast Ethernet ports, along with separate WAN1 and WAN2 ports fill the back of the unit. The nine-pin serial port for a console connection looks positively nostalgic in today's world of RJ-45 and USB ports.
 
Prices for SonicWall products are hard to pin down because, while the firewall and router have no client license fees, adding support for security features such as enhanced client anti-virus and anti-spyware, VPN Client Windows, UTM SSL VPNs, and a few other options need user licenses. Figure around the $400 to $450 range to start, depending on whether you add wireless support, and tally up your options from there.
 
This is the top of the three-member DPG family from Xincom, but Xincom's other products are also multi-WAN units. Its top end X16-R supports up to eight broadband connections, and its ParaLynx 70G includes wireless support.
 
Six years ago, we tested dual-WAN routers as a way to pump more bandwidth into small businesses that couldn't afford a T1 and were stuck with relatively slow DSL and cable connections.
 
Netgear, despite its consumer roots, has been making network equipment for small and midsized businesses for years. The FVS336G, though awkwardly named, is the result of that experience; it's easy to install, easy to configure, and easy to manage.
 
The official reason for Mark Hurd's resignation as chairman and CEO of HP left a lot of unanswered questions.
 
A look at Intel's Core i3, i5 and i7 processors and how to decide how much processing power you should buy to meet your needs.
 
IT's view of the future is compressing, and still we're having a hard time planning.
 
Ten years ago, storage capacity utilization rates hovered around 25%. Now, even after many companies have implemented better management tools, most IT shops still waste as much as 60% of their storage capacity.
 
More companies are expected to move to on-demand supercomputing services to slash costs and improve production during a stagnant economic period.
 
Some people seem to think that business cases are a waste of time. Bart Perkins disagrees, though he acknowledges that some IT organizations may use business cases as a way to avoid work.
 
Figuring the good .com domain names are already taken, major companies are registering the newly available Internet domain names ending in .co.
 
The old way of running IT is not coming back -- ever. What is the profession going to look like?
 
Discovery of the Stuxnet malware, which targets utility control systems, raises concerns about the security of the U.S. power grid.
 
The Memphis police department is using predictive analytics technology to fight crime.
 
A Gartner-backed user group is urging IT vendors to follow a 'code of conduct' for maintenance contracts and fees.
 
InfoSec News: The hackers life -- my weekend at Defcon: http://nationalgeographicassignmentblog.com/2010/08/06/the-hackers-life-my-weekend-at-defcon/
By Lou Lesko National Geographic Assignment Blog August 6, 2010
I’m walking with Nico through the hallways of the convention area of the Riviera Hotel in Las Vegas. [...]
 
InfoSec News: A Man With Muffin Secrets, but No Job With Them: http://www.nytimes.com/2010/08/07/business/07muffin.html
By William Neuman The New York Times August 6, 2010
Bite into a Thomas’ English muffin and, it turns out, you are about to swallow one of the most closely guarded secrets in the world of baking. [...]
 
InfoSec News: A strong password defense is easy to construct: http://www.rbj.net/article.asp?aID=184758
By Roger Dube Rochester Business Journal August 6, 2010
We've all read the news items: Someone's identity is stolen, bank accounts emptied and credit cards used to make thousands of dollars' worth of phony purchases. [...]
 
InfoSec News: Saudis, BlackBerry-Maker Strike Deal: http://www1.voanews.com/english/news/Saudis-BlackBerry-Maker-Strike-Deal-100182649.html
Voice Of America News 07 August 2010
Officials in Saudi Arabia say the country has reached an agreement with BlackBerry, avoiding a permanent ban on the smartphone's messaging service. [...]
 
InfoSec News: Secunia Weekly Summary - Issue: 2010-31: ========================================================================
The Secunia Weekly Advisory Summary 2010-07-29 - 2010-08-05
This week: 77 advisories [...]
 
InfoSec News: Fort Worth medical clinic spends $15, 000 notifying patients of theft: http://www.star-telegram.com/2010/08/06/2389717/fort-worth-medical-clinic-spends.html
By Jan Jarvis star-telegram.com Aug. 06, 2010
FORT WORTH -- In June, employees at a Fort Worth allergy clinic discovered that the office door had been kicked in and four computers [...]
 
InfoSec News: Linux Advisory Watch: August 6th, 2010: +----------------------------------------------------------------------+ | LinuxSecurity.com Linux Advisory Watch | | August 6th, 2010 Volume 11, Number 32 | | | [...]
 
InfoSec News: Update: Network admin Terry Childs gets 4-year sentence: http://www.computerworld.com/s/article/9180339/Update_Network_admin_Terry_Childs_gets_4_year_sentence
By Robert McMillan IDG News Service August 7, 2010
A City of San Francisco administrator who refused to hand over administrative passwords to the city's network was sentenced to four [...]
 
Even as average enterprise security spending has risen over the years from 2% of the total IT budget to 10%, the percentage of compromised corporate machines has also climbed, now up to 7% to 9% by some estimates.
 
Much is being made of the fact that Microsoft has at least temporarily stanched the bleeding in terms of Internet Explorer's market share, and, in fact, has managed to nudge the number upward slightly in each of the past two months.
 

Posted by InfoSec News on Aug 08

http://nationalgeographicassignmentblog.com/2010/08/06/the-hackers-life-my-weekend-at-defcon/

By Lou Lesko
National Geographic Assignment Blog
August 6, 2010

I’m walking with Nico through the hallways of the convention area of the
Riviera Hotel in Las Vegas. There is a distinct old school feeling at
the Riviera that reminds one of the days when Las Vegas was run by the
family. Walking swiftly Nico tells me that we might see security expert...
 

Posted by InfoSec News on Aug 08

http://www.nytimes.com/2010/08/07/business/07muffin.html

By William Neuman
The New York Times
August 6, 2010

Bite into a Thomas’ English muffin and, it turns out, you are about to
swallow one of the most closely guarded secrets in the world of baking.

The company that owns the Thomas’ brand says that only seven people know
how the muffins get their trademark tracery of air pockets — marketed as
nooks and crannies -- and it has gone to...
 

Posted by InfoSec News on Aug 08

http://www.rbj.net/article.asp?aID=184758

By Roger Dube
Rochester Business Journal
August 6, 2010

We've all read the news items: Someone's identity is stolen, bank
accounts emptied and credit cards used to make thousands of dollars'
worth of phony purchases. Individuals no longer are the prime targets of
such attacks, however. The Wall Street Journal has reported that a
growing number of small businesses are losing large sums of money...
 

Posted by InfoSec News on Aug 08

http://www1.voanews.com/english/news/Saudis-BlackBerry-Maker-Strike-Deal-100182649.html

Voice Of America News
07 August 2010

Officials in Saudi Arabia say the country has reached an agreement with
BlackBerry, avoiding a permanent ban on the smartphone's messaging
service.

The officials spoke Saturday on the condition of anonymity because they
were not authorized to talk to the media.

They said the deal calls for the smartphone maker to...
 

Posted by InfoSec News on Aug 08

========================================================================

The Secunia Weekly Advisory Summary
2010-07-29 - 2010-08-05

This week: 77 advisories

========================================================================
Table of Contents:

1.....................................................Word From...
 

Posted by InfoSec News on Aug 08

http://www.star-telegram.com/2010/08/06/2389717/fort-worth-medical-clinic-spends.html

By Jan Jarvis
star-telegram.com
Aug. 06, 2010

FORT WORTH -- In June, employees at a Fort Worth allergy clinic
discovered that the office door had been kicked in and four computers
containing patients' personal information including Social Security
numbers and birth dates had been stolen.

This week Fort Worth Allergy and Asthma Associates spent $15,000...
 

Posted by InfoSec News on Aug 08

+----------------------------------------------------------------------+
| LinuxSecurity.com Linux Advisory Watch |
| August 6th, 2010 Volume 11, Number 32 |
| |
| Editorial Team: Dave Wreski <dwreski () linuxsecurity com> |
| Benjamin D. Thomas <bthomas () linuxsecurity...
 

Posted by InfoSec News on Aug 08

http://www.computerworld.com/s/article/9180339/Update_Network_admin_Terry_Childs_gets_4_year_sentence

By Robert McMillan
IDG News Service
August 7, 2010

A City of San Francisco administrator who refused to hand over
administrative passwords to the city's network was sentenced to four
years in state prison Friday.

Terry Childs was convicted in April of violating California's hacking
laws after he refused to hand over administrative control...
 

Internet Storm Center Infocon Status