Share |

InfoSec News

Microsoft is close to finalizing a deal to buy Internet phone company Skype Technologies for over US$7 billion, and a deal could be announced by Tuesday, according to a news report.
 
French security research group, VUPEN, announced earlier today that they have managed to subvert Google Chrome's sandbox to permit execution of code.
The announcement, which is light on details, and a demo are available on VUPEN's website. The most interesting aspect of the announcement was the declaration This code and the technical details of the underlying vulnerabilities will not be publicly disclosed. They are shared exclusively with our Government customers as part of our vulnerability research services. Apparently this list does not include Google. Definitely an interesting twist on responsible disclosure.
Update: Further details and Google's response are available on Brian Kreb's blog.
-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Google now provides an API that can be used to find all the other Google APIs
 
Scammers looking to flog cheap software have hacked Web pages on high-profile websites, including those belonging to NASA and Stanford University.
 
Sony is reported to be considering offering a reward for information leading to the arrest and prosecution of those behind the recent breach of its PlayStation Network (PSN).
 
Linux Kernel 'mpt2sas' Local Privilege Escalation and Information Disclosure Vulnerabilities
 
Linux Kernel Multiple Local Information Disclosure Vulnerabilities
 
Linux Kernel 'agp_ioctl()' Local Privilege Escalation Vulnerability
 
MC says it will begin shipping a PCIe-based flash card to accelerate I/O between its storage arrays and applications servers as a way to increase throughput particularly for B.I. and cloud infrastructures.
 
Apache 'mod_imap' Referer Cross-Site Scripting Vulnerability
 
Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
 
Apache Server Side Include Cross Site Scripting Vulnerability
 
Apache Web Server Scoreboard Memory Segment Overwriting SIGUSR1 Sending Vulnerability
 
Citing a rise in the number and scope of distributed denial-of-service attacks across the Internet, Verisign is expanding its cloud-based DDoS protection service to cover small and midsize businesses that are increasingly frequent targets.
 
Microsoft released tools aimed at making it easier for developers to build iPhone, Android and Windows Phone 7 apps that use Windows Azure.
 
YouTube, which became the world's most popular video website by providing an outlet for amateur user-generated clips, is now officially expanding into streaming full-length movies online for rent.
 
Privacy and civil liberties groups support a new online do-not-track bill.
 
Google is experimenting with a new look for its search results page, and so far users don't seem impressed.
 
As it promised last week, Skype today began serving up an update to Mac users of its chat and Internet phone software, fixing a dangerous bug that a researcher said could be used to build a worm.
 
ZDI-11-156: Sybase M-Business Anywhere agd.exe username Parameter Remote Code Execution Vulnerability
 
ZDI-11-155: Sybase M-Business Anywhere Server agd.exe encodeUsername Remote Code Execution Vulnerability
 
ZDI-11-154: Sybase M-Business Anywhere agSoap.exe password Tag Remote Code Execution Vulnerability
 
PR10-17 Various XSS and information disclosure flaws within KeyFax response management system
 
French security company Vupen said today that it's figured out how to hack Google's Chrome by sidestepping not only the browser's built-in 'sandbox' but also by evading Windows 7's integrated anti-exploit technologies.
 
Among a flurry of announcements today at its annual user conference, EMC announced it will be distributing it's a free version of Apachee Hadoop and a licensed version for enterprises as well as a pre-configured appliance for big data analytics tasks.
 
The IEEE has formed a group to assess demand for a faster form of Ethernet, taking the first step toward what could become a Terabit Ethernet standard.
 
As of Monday, Verizon Wireless was 12 days late with the start of sales for its second LTE smartphone, the Droid Charge from Samsung, which was first promised on April 28.
 
With a Senate hearing scheduled for tomorrow, the concept of privacy by design could get more attention.
 
[security bulletin] HPSBTU02684 SSRT100390 rev.1 - HP Tru64 UNIX running Java, Remote Denial of Service (DoS)
 
Memory corruption in Postfix SMTP server Cyrus SASL support (CVE-2011-1720)
 
TSSA-2011-03 - Perl : multiple functions null pointer dereference uppon parameters injection
 
TSSA-2011-02 - Opera : SELECT SIZE Arbitrary null write
 
Eclipse-based development tools to be unveiled
 
The WebGL graphics technology turned on by default in Firefox and Chrome poses a serious security risk and IT managers should consider disabling it, a security consultancy has recommended.
 
Microsoft on Monday night will debut a new television advertising campaign hoping to convince consumers to upgrade their older PCs to ones running Windows 7.
 
Professional social networking site LinkedIn is gearing up for its initial public offering, reporting that it plans to offer 7.84 million shares for $32 to $35 per share.
 
ICONICS WebHMI ActiveX Control Stack Buffer Overflow Vulnerability
 
McAfee’s security software changes bridge its Web, mobile and email security with Intel’s cloud access control products.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
A look at how the Web's inventor sees his creation more than two decades after its birth.
 
Nvidia on Monday said it had agreed to acquire baseband processor maker Icera for $367 million in cash, a move that could help Nvidia expand its reach in the mobile market.
 
Deloitte is upping its hand in BI (business intelligence), announcing Monday that it has bought "substantially all" of the assets of SaaS (software as a service) analytics vendor Oco. Terms were not revealed.
 
This month's column by one of our Premier 100 IT Leaders also addresses questions about an angry co-worker, 'buyer's remorse' over a new job and more.
 
BlackBerry's share of the U.S. smartphone market continued to decline in the first quarter of 2011, according to a ComScore report.
 
30 Days With...Google Docs: Day 8
 
While SAP has spent the past year spinning a vision for on-premises, on-demand and on-device computing, its upcoming Sapphire conference is an opportunity for the vendor to lay out some important specifics on these plans for the thousands expected to attend.
 
A Q&A with Martin Cooper, the so-called "father of the cellular phone"
 
Reporters and editors talk about their favorite moment as a journalist in the technology field.
 
Cisco says its success rate with acquisitions is 70% while 90% of them fail for the rest of the industry.
 
Imagine a world where the computers, networks and storage systems are all tens of thousands of times faster than they are today -- and then think about the sci-fi type of applications that will be possible.
 
Vic Hayes, sometimes called the "Father of Wi-Fi," hardly fits the conventional image of a "legend." Soft-spoken on the phone, self-effacing, he's less a technological visionary and more of a problem solver.
 
The network is more important today than at any time in history. In the last 25 years it has had a transformative effect on the way we all live, work, learn and play but I believe it will deliver even greater change in the next decade than it has in the last quarter century.
 
Cell phones and social media tools help topple Middle Eastern regimes. Telemedicine lets surgeons reach across time and space. Smart grids let power companies reduce fuel consumption and lower pollution. Networking has changed the world.
 
Network World started its Wider Net stories in 2003 in an effort to lighten up our news pages, acknowledging that there is a lot more to the world of enterprise networking and IT other than speeds and feeds of switches and routers and WAN links.
 
Successful for a time, but failed in the end: looking back at Digital, WorldCom, Netscape, Nortel and General Magic.
 
The golden age of networking - the 1980s and 90s that saw the rise of corporate local-area networks and the Internet become woven into the gleaming ribbon of world communication - was the work of entrepreneurs. And Paul Severino, who co-founded a number of start-ups, the best-known being Wellfleet Communications -- personifies that era to the max, having ridden its ups and downs.
 
Normally, anything done on a company's hardware is considered rightfully accessible to the business. But should that include location data?
 
China's IT outsourcing industry is small relative to India's, but it's in a good position to grow in the decade ahead, according to outsourcing consultancy TPI.
 
Pharmaceutical companies are buying large quantities of iPad tablets for 'a quicker, lighter and more attractive way of displaying drug-related information' during sales calls, an IDC analyst says.
 
Today, it's inexcusable -- if not anachronistic -- for CEOs to make decisions without data.
 
In 2024, the world's business servers will annually process the digital equivalent of a stack of books extending more than 4.37 light-years to Alpha Centauri, according to a study.
 
When manufacturing firm Cinram International migrated from Microsoft Exchange to Google Apps, the company saw 'a night-and-day difference' in the cost of the systems and the vendors' customer service.
 
The days-long partial outage of Amazon.com's EC2 cloud service has heightened fears that the technology doesn't meet the security and performance needs of large businesses.
 
Clothing retailer Gap is using SMS text messages to deliver promotions and discounts to customers' mobile phones.
 
Because suppliers exist outside of your corporate structure, their fresh perspective on your IT processes could be helpful.
 
Highly targeted phishing emails have become the preferred method for illegally breaking into corporate networks.
 

Posted by InfoSec News on May 09

http://www.channelpro.co.uk/news/879430/sophos_gets_on_utm_bandwagon_with_astaro_acquisition.html

By Will Garside
Channel Pro
May 8, 2011

Security vendor Sophos is to acquire Astaro, manufacturer of unified
threat management appliances. The move will see the UK firm offering
more hardware and potentially move into new markets such as log
management and wireless security.

“The combination of Astaro’s comprehensive portfolio of network...
 

Posted by InfoSec News on May 09

http://www.computerworld.com/s/article/9216483/Unpatched_DLL_bugs_let_hackers_exploit_Windows_7_and_IE9_says_researcher

By Gregg Keizer
Computerworld
May 6, 2011

Although Microsoft has patched multiple DLL load hijacking
vulnerabilities since last summer, Windows and Internet Explorer 9 (IE9)
can still be exploited, a security company warned today.

Microsoft confirmed that it's investigating the claims by Slovenia-based
Acros Security....
 

Posted by InfoSec News on May 09

http://blogs.forbes.com/williampentland/2011/05/07/congress-bans-scientific-collaboration-with-china-cites-high-espionage-risks/

By William Pentland
Clean Beta
Forbes.com
May 7, 2011

A two-sentence clause included in the U.S. spending bill approved by
Congress a few weeks ago threatens to reverse more than three decades of
constructive U.S. engagement with the People’s Republic of China.

The clause prohibits the White House Office of...
 

Posted by InfoSec News on May 09

http://www.eweek.com/c/a/Security/Sony-Networks-Lacked-Firewall-Ran-Obsolete-Software-Testimony-103450/

By Fahmida Y. Rashid
eWEEK.com
2011-05-06

Sony failed to use firewalls to protect its networks and was using
obsolete Web applications, which made the company’s sites inviting
targets for hackers, a Purdue University professor testified May 4 to a
Congressional committee investigating the massive data breach of the
Sony game and...
 

Posted by InfoSec News on May 09

http://www.dailynk.com/english/read.php?cataId=nk02900&num=7656

By Lee Seok Young and Kwon Eun Kyoung
Daily NK
2011-05-06

Since it was revealed that the Nonghyup computer system error was caused
by North Korea’s General Bureau of Reconnaissance, it has become clear
that North Korean cyberterrorism is a new and potent threat to South
Korea.

IT education in North Korea is reserved for a select few, as most
citizens have no access to...
 
It's tough to write a 25-year-anniversary column when you haven't been here for 25 years – my time at the helm of the Cool Tools column has only been about 10 years or so now. Instead, I'll reflect on the past 25 years in my own life and how technology (and networking!) has changed not only what I do for work, but within my life as well.
 


Internet Storm Center Infocon Status