Hackin9

InfoSec News

The proliferation of large-scale data sets is just beginning to change business and science around the world, but enterprises need to prepare in order to gain the most advantage from their information, panelists said at a Silicon Valley event this week.
 
As an open-source project with uncertain backing, webOS has a tough road ahead of it, analysts said on Friday.
 
In a reversal of sorts, some people are keen to load webOS on their Android devices, now that Hewlett-Packard has announced plans to make the software open source.
 
Experts share their 2012 mobile security threat predictions.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Hewlett-Packard said it will "contribute" its webOS operating system to the open source community.
 
Four U.S. lawmakers -- three Democrats and one Republican -- have teamed up to attack call center outsourcing with a bill that would penalize any company that moves a call center overseas.
 
Researchers have developed one of the smallest electronic circuits, potentially paving the way for smaller and more powerful mobile devices.
 
Blue Coat Systems has agreed to be bought by a private equity firm for about $1.3 billion, which will buy out shareholders for a 48% premium over what the company's stock sold for Thursday.
 
LibLime Koha 'KohaOpacLanguage' Parameter Local File Include Vulnerability
 
the week of silly PoCs continues: data://www.mybank.com/
 
Re: seamless bait-and-switch
 
When Adobe last week issued an advisory about a dangerous zero-day attack based on an unpatched Adobe Reader vulnerability that was being exploited in the wild to try and seize control of both PCs and Macs, it credited Lockheed Martin for sounding the alarm about it.
 
Despite the fact that 35 states have made it illegal, texting while driving has increased by 50% over the last year, according to a new study by The National Highway Traffic Safety Administration.
 
Small company, big ambitions. Sounds like the classic entrepreneurial dream -- but what if it means you bear the burden of big-company regulatory or standards compliance? Insider (registration required)
 
In its continuing endeavor to serve its 800 million users as quickly as possible, Facebook is once again revamping the way it handles its PHP-based Web pages.
 
Surveillance technology companies have a moral obligation not to sell to repressive regimes warned Europe's Digital Agenda Commissioner on Friday.
 
A German court ruled that Apple's iPhone and iPad devices infringe a Motorola patent and issued an injunction against sales of the products in Germany, in the latest move in a long series of legal battles between the companies.
 
Linux Kernel CVE-2011-4594 Pointer Dereference Denial of Service Vulnerability
 
*CLOSING IN 5 DAYS * Re: AppSec DC 2012 - Call for Trainers
 
The U.S. Department of Justice will file a motion to stay or dismiss its lawsuit to block AT&T's acquisition of T-Mobile USA because the agency believes there's no deal pending, a lawyer for the DOJ said.
 
India never asked Internet companies to pre-screen objectionable content, a federal minister said in interviews with local TV channels.
 
Google dove into the realm of facial recognition on Thursday, unveiling a tagging suggestion feature for its Google+ social network.
 
A U.S. district court in Texas has dismissed all but one of the claims by several banks against Heartland Payment Systems over a massive data breach the payment processor disclosed almost three years ago.
 
[SignalSEC Labs]: HTC Touch2 T3333 Video Player Memory Corruption
 
CA20111208-01: Security Notice for CA SiteMinder
 
AST-2011-014: Remote crash possibility with SIP and the â??automonâ? feature enabled
 
AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings
 
DC4420 - London DEFCON - 13 December 2011
 
It's nearly 2012, and if IT research firms are telling you to consider moving low-risk applications to the cloud, it means two things: 1) You're hopelessly behind the times. 2) You need advice that's much more cutting-edge.
 
Two newly discovered vulnerabilities in Adobe's Flash Player can be exploited to execute arbitrary code remotely, according to advisories from the U.S. Computer Emergency Readiness Team (US-CERT) and various security research companies.
 
JasPer Multiple Remote Heap Buffer Overflow Vulnerabilities
 
In a project that has taken longer than company engineers anticipated, Google is rolling out IPv6 across its entire internal employee network.
 
Holiday shopping has swung into full gear. But while others elbowed their way to Black Friday deals and clicked on Cyber Monday savings, you sat on the sidelines. Maybe you always put off holiday shopping until the last minute. Maybe you’re daunted by the thought of coming up with a list, let alone checking it twice. Maybe you think the entire process is a bit of a drag.
 
Huawei Technologies will limit its business activities in Iran and no longer seek new customers there, it said Friday, after an October report said the Chinese company was building a surveillance system in the country to help police track people's locations via their mobile phones.
 
Panasonic said Friday it would venture abroad to sell smartphones, beginning with Europe in March and then expanding to the U.S., China, and rest of Asia.
 
ZTE plans to launch high-end smartphones in the U.S. next year, according to a company spokeswoman, breaking out of its mold as primarily a player in the low-end phone market.
 
Flooding in Thailand will affect hard disk drive supplies into 2013, but the most significant impact is being felt now and will continue well into 2012 by companies such as PC maker Lenovo, which is telling its customers there are no more 7200-rpm replacement drives.
 
From tablets and smartphones to HDTVs and a few surprises, we've rounded up the best tech gear to give and get this year.
 
From tablets and smartphones to laptops, HDTVs and a few surprises, we've rounded up the best tech gear to give and get this year.
 

Posted by InfoSec News on Dec 09

http://www.computerworld.com/s/article/9222530/Update_Microsoft_plans_20_patches_next_week_will_fix_Duqu_and_BEAST_bugs

By Gregg Keizer
Computerworld
December 8, 2011

Microsoft today announced it will issue 14 security bulletins next week
to patch 20 vulnerabilities in Windows, Internet Explorer (IE), Office,
and Windows Media Player.

Among the patches will be ones that plug the hole used by the Duqu
intelligence-gathering Trojan, and fix...
 

Posted by InfoSec News on Dec 09

http://www.guardian.co.uk/media/2011/dec/09/bbc-review-clears-journalists-hacking

By Mark Sweney
guardian.co.uk
9 December 2011

A wide-ranging BBC review launched in the wake of the News of the World
phone-hacking scandal has concluded there is no evidence of phone or
computer hacking or bribery by the corporation's journalists, although
it found that private investigators are occasionally used.

However, despite the clean bill of...
 

Posted by InfoSec News on Dec 09

http://www.informationweek.com/news/healthcare/security-privacy/232300099

By Nicole Lewis
InformationWeek
December 07, 2011

The frequency of patient data losses at healthcare organizations has
increased by 32% compared to last year, with nearly half (49%) of
respondents citing lost or stolen computing devices such as laptops,
tablets, and smartphones, according to recently published figures from
the Ponemon Institute's second annual...
 

Posted by InfoSec News on Dec 09

http://www.wired.com/threatlevel/2011/12/romanians-subway-hack/

By Kim Zetter
Threat Level
Wired.com
December 8, 2011

Four Romanian nationals have been charged with hacking card-processing
systems at more than 150 Subway restaurants and 50 other unnamed
retailers, according to an indictment unsealed Thursday.

The hackers compromised the credit-card data of more than 80,000
customers and used the data to make millions of dollars of...
 

Posted by InfoSec News on Dec 09

http://www.theregister.co.uk/2011/12/08/certificate_authority_hacked/

By Dan Goodin in San Francisco
The Register
8th December 2011

Websites belonging to a Netherlands-based issuer of digital certificates
were unavailable following reports hackers penetrated their security and
accessed databases that should have been off limits.

Dutch telecommunications giant KPN issued a statement (translation here)
that said it temporarily shut the...
 

Posted by InfoSec News on Dec 09

http://www.washingtonpost.com/national/national-security/cyber-intruder-sparks-response-debate/2011/12/06/gIQAxLuFgO_story.html

By Ellen Nakashima
The Washington Post
December 8, 2011

The first sign of trouble was a mysterious signal emanating from deep
within the U.S. military’s classified computer network. Like a human
spy, a piece of covert software in the supposedly secure system was
“beaconing” -- trying to send coded messages...
 
acpid Event Scripts Local Information Disclosure Vulnerability
 
Internet Storm Center Infocon Status