InfoSec News

USAID has "suspended" a plan to train people in Sri Lanka in outsourcing skills, and says it will review whether this training impacts U.S. jobs, says a lawmaker who opposed the program.
 
Security experts warned Thursday of a fast-spreading e-mail worm, the first large outbreak of this type in nearly a decade.
 
The National Science Foundation (NSF) has doled out grants worth up to $32 million in total to a pack of universities dedicated to rethinking everything about the Internet from from its core routing system to its security architecture and addressing the emergence of cloud computing and an increasingly mobile society.
 
Microsoft apologized to customers of its hosted software services for businesses after at least three outages over the past few weeks.
 
Three trade groups representing U.S. businesses have called on the U.S. Federal Communications Commission to back away from plans to create formal network neutrality rules, saying new regulations could hurt innovation and development of broadband to rural areas.
 
Microsoft apologized to customers of its hosted software services for businesses after at least three outages over the past few weeks.
 
An operator of upscale hotels and resorts under such widely-known names as Marriott, Sheraton and Westin.
 
We are aware of the Here you have malware that is spreading via email. As we find out more, we'll update this diary.
Update:2010-09-09 21:28 UTC (JAC) There are several good writeups on the behavior of this malware see some of the references below. The spam contains a link to a document, the link looks like it is to a PDF, but is, in fact, to a .SCR file and served from a different domain from what the link appears to point to. The original file seems to have been removed, so further infections from the initial variant should not occur, but new variants may well follow. The .SCRwhen executed downloads a number of additional tools, one of which appears to attempt to check in with a potential controller. The name associated the controller has been sink-holed. The malware attempts to deactivate most anti-virus packages and uses the infected user's Outlook to send out its spam.
References:

http://www.virustotal.com/file-scan/report.html?id=fedb7b404754cf85737fb7e50f33324b84eb4c0b98024c7d3302039a901b04b7-1284058335#

http://www.threatexpert.com/report.aspx?md5=2bde56d8fb2df4438192fb46cd0cc9c9

http://www.threatexpert.com/report.aspx?md5=bd9208edf44d0ee32b974a2d9da7bc61

http://www.avertlabs.com/research/blog/index.php/2010/09/09/widespread-reporting-of-here-you-have-virus/

---------------

Marcus H. Sachs

Director, SANSInternet Storm Center
Jim Clausing

FOR408 coming to central OH in Sept, see http://www.sans.org/mentor/details.php?nid=22353

(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Laptops and desktops with Intel's next-generation Core chips will ship early next year, and the chip maker will use its conference next week to highlight the architecture behind the new processors.
 
Microsoft apologized to customers of its hosted software services for businesses after at least three outages over the past few weeks.
 
SanDisk today said it has entered the set-top box market with its SSDs through a development agreement with middleware company NDS.
 
Microsoft plans to issue nine security updates to patch 13 bugs in Windows, Office and its Web server software next week.
 
A Web site specializing in gadget news and reviews reported that Microsoft will formally launch Windows Phone 7 on Oct. 11 at an event in New York.
 
Proposals in the U.S. Congress that would create new rules for websites collecting personal data would cripple the online advertising and publishing industries, e-commerce trade group NetChoice said Thursday.
 
A California bill that would make malicious impersonation of other on the Internet a misdemeanor now awaits the signature of Gov. Arnold Schwarzenegger.
 
A California bill that would make malicious impersonation of other on the Internet a misdemeanor now awaits the signature of Gov. Arnold Schwarzenegger.
 
Among the nine bulletins are fixes for Windows, IIS and Microsoft Office, but probably not a fix for the recently discovered IE8 CSS bug that can harvest social network data.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

microsoftoffice - Microsoft - Internet Information Services - Operating system - Social network
 
Tired of getting e-mail from Nigerian strangers offering to help you claim several million dollars? Don't want your inbox littered with offers to enlarge private body parts? Try Cloudmark DesktopOne Basic (free), which does an excellent job of killing spam before you ever read it. Even if you have a spam filter on your e-mail software, you'll find it useful.
 
Apple today reversed an earlier decision that barred developers from using rival programming tools, including one that has since been discontinued by Adobe, to build applications for the iPhone, iPad and iPod Touch.
 
According to a recent report from Forrester Research, IT spending in the United States is expected to ramp up in the second half of the year with an estimated 19% increase in computer equipment spending, 11% growth in software spending, 7% hike in communications equipment spending, and 6% uptick in consulting services.
 
The Android OS comes with a decent stock Web browser, but it lacks many features, such as tabs, text-to-speech, RSS feed subscriptions, and language translation, that are common to desktop browsers. Infinity Web Browser offers these features, but unfortunately, they are poorly executed.
 
A letter sent to AT&T customers and a news release issued today about wireless network improvements are stoking speculation that the carrier is near the end of its exclusive deal for the Apple iPhone in the U.S.
 
New Oracle co-president Mark Hurd's experience in the data warehouse appliance business could prove a problem for rival Teradata, analysts say.
 
A North Carolina-based firm with mostly foreign customers failed to identify and verify customer identities, officials say.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Anti-money laundering - United States - Money laundering - Business and Economy - Financial services
 
Reader Stephen Mette and his keyboard don’t see eye-to-eye about what should appear on his Mac’s display when he presses the quote key. He writes:
 
---------------

Jim Clausing, jclausing --at-- isc [dot] sans (dot) org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
With a new range of hardware announced Thursday, Dell's is targeting high-performance and cloud computing environments that share similar hyperscale characteristics.
 
T-Mobile today unveiled the G2 smartphone made by HTC. It is the successor to the first Android phone, the G1.
 
NetApp Thursday announced that it had settled with Oracle a patent litigation lawsuit filed in 2007 against the former Sun Microsystems.
 
Software vendor MobileIron announced the release of version 3.0 of its Virtual Smartphone Platform today, giving IT shops the ability to integrate mobile management with other enterprise-based systems.
 
Jonathan Schwartz ended six months of silence on his Twitter feed on Thursday with the words "Started a new company."
 
Dramatic cost and agility benefits make server virtualization an essential part of any data center. Here's how to plan, deploy, and maintain a sound virtual infrastructure
 
President Barack Obama is proposing to allow businesses to write off all of the investment they do in 2011. But theres a lot of uncertainty ahead for IT managers interested in this tax break.
 
In a precedent-setting decision, a federal appellate court this week ruled that judges have the option of asking prosecutors to obtain a warrant before they are allowed to access to an persons cell phone location data.
 
Now that Microsoft Bing and Yahoo officially have joined forces, Google needed to turn around and offer up a new, splashy feature that would give it a clear edge.
 
Let's learn from the past: Some bugs have wreaked disaster, embarrassment and destruction on the world -- and some have literally killed people. Feel free to weigh in with your 'worst bug' candidates.
 
InfoSec News: DHS Cybersecurity Watchdogs Miss Hundreds of Vulnerabilities on Their Own Network: http://www.wired.com/threatlevel/2010/09/us-cert/
By Kevin Poulsen Threat Level Wired.com September 8, 2010
The federal agency in charge of protecting other agencies from computer intruders was found riddled with hundreds of high-risk security holes on [...]
 
InfoSec News: Fraud At Sprint Offers Lessons For Enterprises, Experts Say: http://www.darkreading.com/insiderthreat/security/management/showArticle.jhtml?articleID=227300424
By Robert Lemos Contributing Writer DarkReading Sept 08, 2010
The recently revealed abuse of insiders' system privileges to commit fraud at Sprint could be a wake-up call for other enterprises to [...]
 
InfoSec News: UK hacker fined for personnel database mischief: http://www.theregister.co.uk/2010/09/08/salary_database_hack/
By John Leyden The Register 8th September 2010
A court has ordered a UK hacker to pay compensation after he used a purloined laptop to hack into his ex-employer's personnel database.
Colin Parker, 31, gained unauthorised access to staff contracts containing salary details and emailed this to around 400 workers at his ex-employer, CHI and Partners. Parker's attempt to create bad feeling among workers at the firm was foiled by an alert sys admin, who intercepted and deleted the potentially incendiary emails.
Parker, who was found responsible for the theft of a laptop and given a conditional discharge*, agreed to pay his ex employer CHI and Partners £4,000 in compensation and £3,000 in prosecution costs to settle the case during a hearing at Southwark Crown Court on Monday. He is liable for 12 months' imprisonment if he fails to satisfy these conditions, a spokesman for Southwark Crown Court confirmed.
[...]
 
InfoSec News: Gov 2.0 Summit: NSA Chief Outlines Cybersecurity Plans: http://www.informationweek.com/news/government/leadership/showArticle.jhtml?articleID=227300374
By Elizabeth Montalbano InformationWeek September 8, 2010
Addressing challenges to the federal government's cybersecurity efforts, the head of the National Security Agency (NSA) said that teamwork, [...]
 
InfoSec News: Report: RBS WorldPay hacker gets four years' probation: http://www.computerworld.com/s/article/9184179/Report_RBS_WorldPay_hacker_gets_four_years_probation
By Robert McMillan IDG News Service September 8, 2010
The mastermind behind one of the biggest hacking paydays in history has been sentenced to four years' probation and an US$8. [...]
 

Posted by InfoSec News on Sep 08

http://www.wired.com/threatlevel/2010/09/us-cert/

By Kevin Poulsen
Threat Level
Wired.com
September 8, 2010

The federal agency in charge of protecting other agencies from computer
intruders was found riddled with hundreds of high-risk security holes on
its own systems, according to the results of an audit released
Wednesday.

The United States Computer Emergency Readiness Team, or US-CERT,
monitors the Einstein intrusion-detection sensors...
 

Posted by InfoSec News on Sep 08

http://www.darkreading.com/insiderthreat/security/management/showArticle.jhtml?articleID=227300424

By Robert Lemos
Contributing Writer
DarkReading
Sept 08, 2010

The recently revealed abuse of insiders' system privileges to commit
fraud at Sprint could be a wake-up call for other enterprises to
implement more stringent security practices, experts said this week.

Last week, nine Sprint employees were charged with misusing their access
to the...
 

Posted by InfoSec News on Sep 08

http://www.theregister.co.uk/2010/09/08/salary_database_hack/

By John Leyden
The Register
8th September 2010

A court has ordered a UK hacker to pay compensation after he used a
purloined laptop to hack into his ex-employer's personnel database.

Colin Parker, 31, gained unauthorised access to staff contracts
containing salary details and emailed this to around 400 workers at his
ex-employer, CHI and Partners. Parker's attempt to create bad...
 

Posted by InfoSec News on Sep 08

http://www.informationweek.com/news/government/leadership/showArticle.jhtml?articleID=227300374

By Elizabeth Montalbano
InformationWeek
September 8, 2010

Addressing challenges to the federal government's cybersecurity efforts,
the head of the National Security Agency (NSA) said that teamwork,
global leadership, and a respect for citizens' privacy are necessary to
secure U.S. critical infrastructure against cyber attacks.

There are 250,000...
 

Posted by InfoSec News on Sep 08

http://www.computerworld.com/s/article/9184179/Report_RBS_WorldPay_hacker_gets_four_years_probation

By Robert McMillan
IDG News Service
September 8, 2010

The mastermind behind one of the biggest hacking paydays in history has
been sentenced to four years' probation and an US$8.9 million fine,
according to published reports.

Victor Pleshchuk, 28, was sentenced to four years' probation on
Wednesday, according to Bloomberg News. He is...
 
Arm Holdings has taken the wraps off its next major chip design, promising a five-fold increase in performance that the company hopes will take it beyond smartphones and into new types of equipment such as high-performance routers and servers.
 

Internet Storm Center Infocon Status