Hackin9

InfoSec News


ITWeb

Infosec needs an injection of honesty
ITWeb
“We desperately need to inject honesty (and some knowledge) into the vendor space because, as an industry, infosec is still largely driven by vendor supply.” Meer says problems arise because vendors simply sell the products they have (even if they ...

and more »
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
HP ProCurve 5400 zl Switch, Flash Cards Infected with Malware
HP has released a security bulletin (CVE-2012-0133) indicating that a [...] vulnerability has been identified with certain HP ProCurve 5400 zl switches containing compact flash cards which may be infected with a virus. Reuse of an infected compact flash card in a personal computer could result in a compromise of that system's integrity. [1]
A list of of HP 5400 zl series switch purchased after April 30, 2011 with their serial numbers as well as a resolution is posted here.
[1] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03249176
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A vulnerability was found in the current Backtrack 5 R2 version of the Wicd ( Wireless Interface Connection Daemon) software, where several design flaws have been found culminating in privilege escalation exploit. [1]
To address this vulnerability, Wicd 1.7.2 was released to patch this vulnerability (CVE-2012-2095) as well as several other fixes have been included in this update. The list of fixes is available here and the latest tarball can be downloaded here.
[1] http://www.infosecinstitute.com/courses/ethical_hacking_training.html

[2] https://launchpad.net/wicd/+announcement/9888

[3] https://bugs.launchpad.net/wicd/+bug/979221

[4] https://launchpad.net/wicd/1.7/1.7.2/+download/wicd-1.7.2.tar.gz
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
In an unusual case, a U.S. judge ruled on Wednesday that Motorola cannot enforce an injunction that would prevent Microsoft from selling Windows products in Germany, should a German court issue such an injunction next week.
 
Google's principal engineer, Matt Cutts, dropped serious hints in March about an imminent change to Google's algorithm that will penalize websites for being "overly optimized". Unfortunately, he didn't specify exactly what "overly optimized" means, or when this big shift will come--but you'd be wise to prepare your website now.
 
Google Reader and Gmail are two of the most customizable Web apps available today. Need a different inbox layout? Sure thing. Want to change the colors or visual density? No problem. Still, some interface elements, like the Google Bar at the top of the window, will never go away, no matter what you do. If you wish they did, try free Chrome extension Minimalist for Everything.
 
The new Galaxy Tab 2 (7.0) tablet is a good tablet at an excellent price, but how much better is it than Samsung's previous models?
 
Siemens Scalance Firewall Multiple Security Vulnerabilities
 
Siemens Scalance X Switches 'HTTP' Request Denial of Service Vulnerability
 
Koyo ECOM100 Ethernet Module Multiple Security Vulnerabilities
 
Enterprise social networking vendor Yammer said it has purchased OneDrum, a maker of software that allows users to work on Microsoft Office documents and other files collaboratively. Terms were not disclosed.
 
A new type of NAND flash storage for consumer electronics that can store data more densely might lower the cost of devices such as tablets and thin "ultrabook" laptops, according to Samsung.
 
The U.S. Department of Justice's antitrust lawsuit against Apple and five book publishers over alleged e-book price fixing means that the publishers have to reinvent their digital futures, some experts said.
 
The Acer Timeline M3 is a study in polar opposites. Its thin, elegant chassis and superb performance for its class suggest that the M3 might be a true category leader, but an painfully poor LCD panel prevents the Acer from achieving that goal.
 
Barnes & Noble's next Nook eReader may solve the problem of reading in the dark (or rather, not) on an e-ink screen.
 
The commonly used tool contains an error that can be executed remotely by attackers, giving them root access to a system. Proof-of-concept code is available, experts warn.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

Critical Flaw Found In Security Pros' Favorite: Backtrack Linux
Threatpost (blog)
The previously undiscovered privilege escalation hole was disclosed in a post on the Web site of the Infosec Institute. It was discovered by a student taking part in an InfoSec Instutite Ethical Hacking class, according to the post.

and more »
 
The materials used to build the Nokia Lumia 900 smartphone cost $209, according to IHS iSuppli, which did a physical teardown of one of the new smartphones.
 
Google Wednesday morning said it has started rolling out a redesign of its Google+ social network.
 
Toshiba expanded its Excite family of Android tablets with three new models, but the one getting all the attention, and already some scorn, is the Excite 13, which as a 13.3-in. display.
 
At the risk of offending my betters in Redmond, I am fairly certain that the punishment for leading a less-than-exemplary lifestyle here on earth is an afterlife full of an unending series of PowerPoint presentations. And if you want just a taste of the tortures that await the damned, trying viewing those PowerPoint presentations on an iPad using any one the suboptimal methods for converting your presentation into a PDF or video that can be displayed on your tablet. It's enough to make a man turn to a life of prayerful contemplation--or at least to seek out a cleverly implemented iPad app like SlideShark.
 
Within hours of an anti-trust lawsuit filed against some of the largest trade book publishers in the United States and Apple for fixing the prices on e-books, three of publishers have settled their involvement in the case with the U.S. Department of Justice (DOJ).
 
Reader Ned Mitchell find his MacBook's media drive is a little picky about the discs he inserts. He writes:
 
Sales of Mac security software have jumped since the news broke last week about a massive malware infection of Apple computers, according to application statistics and some antivirus vendors.
 
AT&T has added St. Louis to its growing 4G LTE network, bringing the carrier's nationwide total to 32 cities.
 
Offering a glimpse of the new features some database administrators will be working with before too long, Oracle has posted a preview version of the next MySQL relational database management system.
 
Bored by Skype's plain-Jane interface? Wish you could jazz up your chats and calls just a bit? Then Messenger Plus! for Skype could be just the thing: This free application lets you add animations and effects to your Skype conversations.
 
The U.S. Department of Justice has filed an antitrust lawsuit against Apple and five large publishers, accusing the companies of working together to raise prices of e-books.
 
The U.S. Department of Justice has filed an antitrust lawsuit against Apple and five large publishers, accusing the companies of working together to raise prices of e-books.
 
When it comes to disaster recovery, the cloud is showing itself to be a mixed bag. CIO.com's Jeff Vance explains how the great shift in technology has both lowered the entry barriers for DR technology and given smaller businesses what could be a dangerous sense of false security.
 
Nokia estimates the company will sell only 12 million smartphones during the first three months of 2012, as "multiple factors negatively" impact sales.
 
Ilient SysAid Multiple Cross Site Scripting and HTML Injection Vulnerabilities
 
OpenSSL S/MIME Header Processing Null Pointer Dereference Denial Of Service Vulnerability
 
Backtrack 5 R2 priv escalation 0day found in CTF exercise
 
Re: Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities Are Fixed!
 
[ MDVSA-2012:055 ] samba
 
Multiple XSS vulnerabilities in All-in-One Event Calendar Plugin for WordPress
 
Nokia estimates the company will sell only 12 million smartphones during the first three months of 2012, as "multiple factors negatively" impact sales.
 
The U.S. Department of Justice filed an antitrust lawsuit against Apple and five book publishers for alleged e-book price fixing The Wall Street Journal reported.
 
Samba 'Perl-Based DCE/RPC IDL' Compiler Remote Code Execution Vulnerability
 

Cloud transparency remains a highly coveted but seemingly elusive wish for organizations. How can you trust a cloud provider with your data if you don’t know what security controls they implement? You can get details under NDA, but how can you compare that provider’s controls with another’s to make an educated buying decision?

limmer of hope on the horizon. The Cloud Security Alliance’s (CSA) Security, Trust and Assurance Registry (STAR), which aims to provide a standards-based public repository of cloud provider security controls, is slowly growing. Launched last August, CSA’s STAR recently added SHI International to the three other providers publishing documentation of their controls: Microsoft, Mimecast and Solutionary. On March 30, Microsoft published a self-assessment of Windows Azure to add to its Office 365 documentation. Last week, it published a self-assessment for Microsoft Dynamics CRM Online.

The Windows Azure STAR documentation provides an overview of how core Azure services meet the requirements listed in the CSA’s Cloud Controls Matrix. Microsoft maps its security practices to the CCM guidance in 11 areas, including data governance, resiliency, risk management and security architecture. The software giant produced a video interview about the Azure STAR assessment on its Trustworthy Computing Blog.

Obviously, STAR needs more cloud providers participating to be an effective tool for cloud users, but with a major provider such as Microsoft taking the lead, one can hope it will lead more providers to step up. At the RSA Conference 2012, CSA Executive Director Jim Reavis told me he expected several providers to participate in the next two to three months, which would “force their peers to do this more wholeheartedly.”

He added that he would be surprised if any of the major providers are not in the registry by the end of this year. Let’s hope that’s the case.



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Presented By:
Reduce Human Error in Distributed Server Rooms and Remote Wiring Closets
  Click here to Download a FREE white paper – “How Monitoring Systems Reduce Human Error in Distributed Server Rooms and Remote Wiring Closets ” and learn how a basic monitoring system can help reduce the occurrence of unanticipated downtime events in server rooms and remote wiring closets.
www.apc.com

Ads by Pheedo

 
Making videos, much like Facebooking, blogging, and tweeting, is not an end but a means. It is a means of communicating with customers and marketing your wares. And it is increasingly a means of promoting yourself more visibly via search engines. On many a Web search, Google will place videos at the top of the results. This is common for many terms, and some have suggested that Web pages that contain embedded videos place higher in Google's search results.
 
Citrix said Wednesday it has acquired Podio, maker of a cloud-based software platform for project management and collaboration. Terms were not disclosed.
 
Apple is in the process of developing a tool that will detect and remove the Flashback virus from infected Macs, the company revealed Tuesday.
 
Adobe Systems released new versions of Adobe Reader 10.x and 9.x on Tuesday, addressing four arbitrary code execution vulnerabilities and making several security-related changes to the product, including the removal of the bundled Flash Player component from the 9.x branch.
 
The U.S. Department of Justice has filed an antitrust lawsuit against Apple and five book publishers for alleged e-book price fixing the Wall Street Journal reported Wednesday.
 
Not sure what cloud computing is, or how it can benefit your business? In this article, I'll introduce you to the cloud, help you interpret the buzzwords, and explain how your business might save time and money using a cloud hosting service such as Windows Azure, Amazon EC2, or Rackspace.
 
Puppet Multiple Security Vulnerabilities
 

Akamai Director of Security Intelligence Josh Corman to Keynote SOURCE Boston 2012
Sacramento Bee
Akamai Director of Security Intelligence Josh Corman and co-presenter Jericho will address issues related to Anonymous that are relevant to citizens, InfoSec, law enforcement, and government as the hacker collective continues to evolve.

and more »
 

BankInfoSecurity.com (blog)

Dilemma on Reporting Infosec Job Data
BankInfoSecurity.com (blog)
By Eric Chabrow, April 10, 2012. A dearth of information makes tracking employment among IT security professionals difficult. Even the most trustworthy organization in collecting employment data in the United States, the Labor Department's Bureau of ...

and more »
 
HP System Management Homepage CVE-2011-3846 Cross Site Request Forgery Vulnerability
 
Nokia announced an NFC-enabled version of the recently launched Lumia 610 smartphone in a blog post on Wednesday.
 
Apple for the first time publicly acknowledged a malware campaign that has infected an estimated 600,000 Macs, and said it would release a free tool to disinfect users' machines.
 
Yahoo's open source framework combines YUI on the client, Node.js on the server, and excellent use of MVC design pattern
 
Intel said on Wednesday 75 ultrabook models are already in development and will include new form factors such as hybrids, which can switch from laptops to touchscreen tablets.
 
Intel is working with 10 undisclosed Chinese and global vendors to design Windows 8 tablets using the its chips, a senior company executive said Wednesday.
 

Akamai Director of Security Intelligence Josh Corman to Keynote SOURCE Boston 2012
MarketWatch (press release)
... MA What: Akamai Director of Security Intelligence Josh Corman and co-presenter Jericho will address issues related to Anonymous that are relevant to citizens, InfoSec, law enforcement, and government as the hacker collective continues to evolve.

and more »
 
Hewlett-Packard sees cloud computing's Big Bang, which started with the launch of Google Apps and Amazon EC2, coming to en end and a new future about to begin.
 

SYS-CON Media (press release) (blog)

Cloud Computing Turns InfoSec Upside Down
SYS-CON Media (press release) (blog)
By Tim Crawford The role Information Security (InfoSec) is nothing new to many organizations. InfoSec's methods and best practices are well understood. Note I am distinguishing between being understood and well implemented. As technology and methods ...

and more »
 
Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability
 
Anticipating a growing need for larger preconfigured systems, IBM has unveiled a new product line of integrated sets of IBM hardware and software, called PureSystems.
 

Posted by InfoSec News on Apr 10

http://www.wired.com/threatlevel/2012/04/security-of-medical-devices/

By Kim Zetter
Threat Level
Wired.com
April 10, 2012

In the wake of increasing concern about the security of wireless medical
devices, a privacy and security advisory board is calling on the
government to grant the FDA or other federal entity the authority to
assess the security of devices before they’re released for sale to the
market.

The group also wants the...
 

Posted by InfoSec News on Apr 10

https://www.networkworld.com/news/2012/041012-army-security-certs-258136.html

By Ellen Messmer
Network World
April 10, 2012

The U.S. Army is having a hard time manning its IT staff because it
cannot find military personnel with the right networking and IT security
qualifications.

The Department of Defense (DOD) Directive 8570.01-M is a military
regulation first published in 2005 that puts forward considerable detail
on the workplace and...
 

Posted by InfoSec News on Apr 10

http://blogs.computerworld.com/20010/interview_with_place_hacker_hacking_skyscrapers_to_exploit_physical_security_holes

By Darlene Storm
Security Is Sexy
Computerworld
April 10, 2012

Hackers come in all shapes and sizes as well as flavors of what they
like to hack, web applications, servers and even lock-picking to name
but a few. Besides an insatiable curiosity, most hackers take words like
'inaccessible' as a thrown gauntlet of...
 

Posted by InfoSec News on Apr 10

http://arstechnica.com/apple/news/2012/04/apple-to-release-flashback-removal-software-working-to-take-down-botnet.ars

By Jacqui Cheng
ars technica
April 10, 2012

Apple plans to release software that will detect and remove Flashback
malware infections on the Mac, the company announced Tuesday. In a
knowledge base link published late in the day, Apple explained that it's
aware of the infection—which takes advantage of a previously...
 

Posted by InfoSec News on Apr 10

Forwarded from: Simon Taplin <simon (at) simontaplin.net>

http://www.businessweek.com/articles/2012-04-03/fico-hacks-itself-to-prevent-cybercriminal-attacks

By Sarah Frier
Businessweek
April 03, 2012

Vickie Miller is trying to break into FICO’s computer network, whose
hundreds of servers store essential data for Visa (V), MasterCard (MA),
and many other large corporations and banks.

Don’t mistake this for hacking. Miller is the...
 
Internet Storm Center Infocon Status