InfoSec News

Intel and Nvidia have signed a patent cross-licensing agreement and ended a long-standing legal dispute between the two companies, Intel said on Monday.
 
NSS Labs, Inc. said tuning is crucial in improving network IPS effectiveness. Some vendors failed certain tests, leaving gaping holes in defenses, the testing firm said.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Sun Solaris IP Tunnel Param Local Code Execution Vulnerability
 
Microsoft Windows Common Control Library Remote Heap Buffer Overflow Vulnerability
 
T.J. Hooper was a precedent setting tort case in 1932. While I'm not a lawyer, I have a good friend, Ron Coleman, Esq., who blogs about law issues, so a bit of jurisprudence has rubbed off on me. In Hooper, Judge Learned Hand described what is now called the calculus of negligence or the Hand Test.
 
Oracle is moving further into rival SAP's turf with Oracle Financial Analytics for SAP.
 
Google News suffered from about a half hour of downtime Monday afternoon.
 
Looking for better growth and financials, chip maker AMD has come to a parting of the ways with CEO Dirk Meyer.
 
Analysts say Verizon may sell its long-anticipated iPhone at a higher price than customers are used to paying for Apple's iconic smartphone, but split on how much more one could cost.
 
Verizon may price the long-anticipated iPhone for its network higher than customers are used to paying for Apple's iconic smartphone, an analyst said today.
 
Facebook quickly moved to dispel any thoughts that it plans to shut down in March.
 
Facebook quickly moved to dispel any thoughts that it plans to shut down in March.
 
Malicious hackers attacked the IBM DeveloperWorks site over the weekend
 
Bob Muglia, Microsoft's president of tools and servers, will step down from his position later this year.
 
It's nice to know that OS X Hints editor emeritus Rob Griffiths still visits the site, as evidenced by his posting of this nifty hint for Firefox users:
 
Analysts say Verizon's first iPhone probably won't support next-generation LTE networks; carrier may wait until U.S. implementation is done, analysts say.
 
Apple plans to ditch its 10% restocking fee for all returned hardware, according to reports by a pair of technology blogs.
 
Cisco this week is rolling out two lines of Catalyst Ethernet switches in compact form factors intended for deployment in workgroups closer to users vs. wiring closets.
 

If you are a frequent user of virustotal service, you might find useful as Idid the firefox plugin they have to interact with their service. It allows to scan suspicious links, scan downloads before storing them, scan websites being displayed and search for a file/url report. Saves time to use their service.

Download it here. More information at http://www.virustotal.com/advanced.html#browser-addons

-- Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
IrfanView Multiple Memory Corruption Vulnerabilities
 
NewvCommon.ocx ActiveX Insecure Method Vulnerability
 
Microsoft will issue two security bulletins, addressing a critical vulnerability affecting all versions of Windows.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

New year comes with more malware. This time facebook users can see inside their chat messages a link pointing to a picture. That link looks like an application link, but this time it doesn't ask for your permission to install and have access to yourpersonal info. Instead, victim is showed a View picture button that tricks them to download the malware.

Social networks are very interesting and Social networks are a useful source of information and will remain as one of the innovations that will constantly change the way most human interact, but equally will remain as one of the most favorite sources for attackers to compromise the information of their victims. For this reason, it is extremely important that users of social networks only work with applications that are well known and not get carried away on scams like the recently one about Tupac Shakur.

More information at http://www.theregister.co.uk/2011/01/10/facebook_worm_photo_chat_scam/

-- Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
About 80 tablets were shown at the CES trade show last week, but many are not expected to be around a year from now. Here are 11 that merit a closer look.
 
Traditional enterprise software vendors are building tools that let people use consumer-oriented devices on the job.
 
Pcpchelp has been getting a lot of Blue Screens of Death lately. He asked the Windows forum for help.
 
[ MDVSA-2011:003 ] MHonArc
 
NewvCommon.ocx ActiveX Remote Code Execution Vulnerability
 
NewV: NewvCommon.ocx arbitrary command execution via the Runcommand attribute
 
www.eVuln.com : "fold" and "site" SQL Injections in WikLink
 
From scent-replication devices to miniature candy, CES had its share of unexpected announcements
 
Despite claims that IT systems are getting easier to use and manage, more people are calling help desks than ever before -- and companies are cutting back on support personnel, according to recent surveys.
 
In an attempt to further ease deployments for third-party developers, Microsoft is reengineering its Microsoft Dynamics ERP (enterprise resource planning) software.
 
Silicon Graphics Inc (SGI) - IRIX - Local Kernel Memory Disclosure/Denial of Service
 
[ MDVSA-2011:002 ] wireshark
 
Myspace's China office cut about 30 employees last month and saw its CEO depart, a sign that the U.S.-based social networking service may be pulling back from the country's Internet market.
 
Computex, the world’s second-largest computer show, will grow in scale this year with tablet PCs and new object-locator Internet technology as the headline acts, a senior event planner said on Monday.
 
This year's Consumer Electronics Show attracted some 140,000 people, easily surpassing pre-show estimates and beating the two prior events
 
Research in Motion said Monday it will work with Indonesia's carriers to filter out pornography websites as soon as possible for BlackBerry subscribers.
 

Security Manager's Journal: Stopping stupid human tricks
Computerworld
I also want infosec awareness guidelines to become part of the materials given to all new hires. And I'm doing ongoing education with things like an ...

and more »
 
Widespread use of SaaS apps at our manager's new company makes it essential to raise employees' awareness of security risks.
 
An ACM report paints a 'pretty bleak' picture of the state of computer science education in K-12 schools.
 
Netflix engineers are blogging about the pros and cons of their move to Amazon's public cloud service.
 
IT vendors such as IBM, Google, Cisco and Microsoft will be battling with incumbent vendors like Johnson Controls and dozens of start-ups in the 'gold rush' to make buildings greener.
 
A ChangeWave survey of IT buyers finds a surge of businesses planning to buy tablets -- mostly Apple iPads -- for employees in the first three months of this year.
 
Harry Lukens, CIO at Lehigh Valley Health Network, created a team of IT staffers, physicians and nurses who work to solve problems, create a more efficient work environment and introduce new technologies.
 
The co-author of Crucial Conversations says new research shows that people who have strong interpersonal skills and get good results are the most likely to become managers.
 
U.S. mid-size outsourcer iGate is to acquire a majority stake in Patni Computer Systems, a larger Indian mid-size outsourcer, reflecting the need for smaller outsourcers to merge and become larger to compete.
 
With more hospitals moving toward centralized IT networks to carry critical healthcare data, the U.S. Food and Drug Administration is considering regulating those networks as medical devices.
 
The vast majority of executives have never pictured themselves becoming the boss. What does that tell us about today's workplace?
 
InfoSec News: Crime ring instigates cyber attack against rival websites: http://www.koreatimes.co.kr/www/news/nation/2011/01/113_79384.html
By Kim Rahn The Korea Times 01-09-2011
A group of gangsters have been caught hiring hackers to make “cyber attacks” to shut down rival gambling websites, the first of its kind here. [...]
 
InfoSec News: IT used in majority of crimes committed: http://gulfnews.com/news/gulf/uae/crime/it-used-in-majority-of-crimes-committed-1.743128
By Dina Aboul Hosn Staff Reporter Gulf News January 9, 2011
Sharjah: Crimes, in which information technology is used, are accountable for about 70 per cent of all crimes according to a recent [...]
 
InfoSec News: Vodafone says security breach a 'one-off': http://www.abc.net.au/news/stories/2011/01/09/3109168.htm
ABC News Jan 9, 2011
Vodafone has confirmed it believes its secure customer database has been breached by an employee or dealer who has shared the access password, revealing the personal details of millions of customers. [...]
 
InfoSec News: China's $90bn ups cyberwar stakes: http://www.zdnet.com.au/china-s-90bn-ups-cyberwar-stakes-339308397.htm
By Darren Pauli ZDNet.com.au January 10th, 2011
Last year, Northrup Grumman released a report warning that China had a mighty cyber arsenal which it could use in a possible future cyber conflict. [...]
 
InfoSec News: France probes China link in Renault spying case: http://www.smh.com.au/world/france-probes-china-link-in-renault-spying-case-20110109-19jyi.html
By Henry Samuel The Sydney Morning Herald January 10, 2011
PARIS: The French President, Nicolas Sarkozy, has ordered his country's intelligence service to investigate whether China is behind suspected industrial espionage at Renault.
While no judicial inquiry has been opened, a source at the Elysee Palace said the Central Directorate of Interior Intelligence was ''investigating a Chinese link'' after the car maker suspended three senior executives for ''very serious faults''. The potential connection to China has emerged as a vice-premier, Li Keqiang, begins a European tour.
The three Renault executives, one of whom is on the company's management committee, were removed after an investigation into the leaking of secrets about the company's electric vehicle program. Renault has said industrial espionage poses a serious threat to its ''strategic assets''. Advertisement: Story continues below
The Industry Minister, Eric Besson, said France was facing ''economic war'' over the case of Renault, which is 15 per cent government-owned. A presidential source said the government had warned of an ''overall risk'' to French industry.
[...]
 
InfoSec News: Obama to hand Commerce Dept. authority over cybersecurity ID: http://news.cnet.com/8301-31921_3-20027800-281.html
By Declan McCullagh Privacy, Inc CNet News January 7, 2011
STANFORD, Calif. -- President Obama is planning to hand the U.S. Commerce Department authority over a forthcoming cybersecurity effort to [...]
 
InfoSec News: Celebrities prepare legal cases against Met over phone-hacking: http://www.independent.co.uk/news/uk/home-news/celebrities-prepare-legal-cases-against-met-over-phonehacking-2180280.html
By Robert Verkaik Law Editor The Independent 10 January 2011
Stars of screen, stage and sport are preparing court action against the [...]
 
FriBidi Python binding (pyfribidi) Heap Buffer Overflow Vulnerability
 

Posted by InfoSec News on Jan 09

http://www.koreatimes.co.kr/www/news/nation/2011/01/113_79384.html

By Kim Rahn
The Korea Times
01-09-2011

A group of gangsters have been caught hiring hackers to make “cyber
attacks” to shut down rival gambling websites, the first of its kind
here.

The prosecution said Sunday that it arrested a server rental company
head, 32-year-old Lee, and a hacker, 37-year-old Park, on charges of
attacking gambling websites with distributed...
 

Posted by InfoSec News on Jan 09

http://gulfnews.com/news/gulf/uae/crime/it-used-in-majority-of-crimes-committed-1.743128

By Dina Aboul Hosn
Staff Reporter
Gulf News
January 9, 2011

Sharjah: Crimes, in which information technology is used, are
accountable for about 70 per cent of all crimes according to a recent
study in Abu Dhabi, which showed that most crimes were committed using
information technology, a Dubai Police officer said.

Addressing interrogators, judges and...
 

Posted by InfoSec News on Jan 09

http://www.abc.net.au/news/stories/2011/01/09/3109168.htm

ABC News
Jan 9, 2011

Vodafone has confirmed it believes its secure customer database has been
breached by an employee or dealer who has shared the access password,
revealing the personal details of millions of customers.

Vodafone chief executive, Nigel Dews, says he became aware the password
to the online portal had been shared when the company was tipped-off on
Saturday by a...
 

Posted by InfoSec News on Jan 09

http://www.zdnet.com.au/china-s-90bn-ups-cyberwar-stakes-339308397.htm

By Darren Pauli
ZDNet.com.au
January 10th, 2011

Last year, Northrup Grumman released a report warning that China had a
mighty cyber arsenal which it could use in a possible future cyber
conflict. News last week that Chinese defence spending could be double
the public figure could mean that such claims are true, and perhaps even
conservative.

The news arose in...
 

Posted by InfoSec News on Jan 09

http://www.smh.com.au/world/france-probes-china-link-in-renault-spying-case-20110109-19jyi.html

By Henry Samuel
The Sydney Morning Herald
January 10, 2011

PARIS: The French President, Nicolas Sarkozy, has ordered his country's
intelligence service to investigate whether China is behind suspected
industrial espionage at Renault.

While no judicial inquiry has been opened, a source at the Elysee Palace
said the Central Directorate of Interior...
 

Posted by InfoSec News on Jan 09

http://news.cnet.com/8301-31921_3-20027800-281.html

By Declan McCullagh
Privacy, Inc
CNet News
January 7, 2011

STANFORD, Calif. -- President Obama is planning to hand the U.S.
Commerce Department authority over a forthcoming cybersecurity effort to
create an Internet ID for Americans, a White House official said here
today.

It's "the absolute perfect spot in the U.S. government" to centralize
efforts toward creating an...
 

Posted by InfoSec News on Jan 09

http://www.independent.co.uk/news/uk/home-news/celebrities-prepare-legal-cases-against-met-over-phonehacking-2180280.html

By Robert Verkaik
Law Editor
The Independent
10 January 2011

Stars of screen, stage and sport are preparing court action against the
Metropolitan Police in a co-ordinated campaign to force the disclosure
of more evidence that they believe implicates News of the World
executives in the phone-hacking scandal.

News...
 


Internet Storm Center Infocon Status