InfoSec News

Amazon.com may be considering building prototypes of gadgets other than its Kindle e-reader, according to a New York Times report.
 
A Russian man accused of selling stolen credit card numbers online for nearly a decade has been arrested in Nice, France, the U.S. Department of Justice said.
 
Samsung on Wednesday said it would start streaming some 3D movie trailers over the Internet, establishing a new way for consumers to view 3D content on TV sets.
 
Cisco Systems revenue and profit both grew significantly in the company's fiscal fourth quarter that ended in July, the company announced on Wednesday.
 
Don't ask Matt Carter, president of 4G at Sprint Nextel, about LTE, a competing wireless technology. He wants to focus on Sprint's use of WiMax for 4G wireless networks.
 
Reader Dan loves his Asus netbook--but not its clock. Every time he turns the machine off, it seems to lose a couple hours. But the minutes, he notes, remain accurate.
 
Apple today patched the two vulnerabilities used to jailbreak Apple's newest iOS 4 operating system, bugs that security researchers warned could be used to hijack iPhones, iPod Touches or iPads.
 
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Kaspersky Lab researcher Vitaly Kamluk discusses the issues weakening signature-based detection and his research into the market for botnet operations.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Kaspersky Lab - Anti-Virus - Security - Research - Malicious Software
 
Gibbs takes a look at the Barnes and Noble Nook and compares it to the Alex he recently reviewed
 
And chances are good that no app store is doing all that its users would like to ensure that apps will do no harm.
 
Analysts are developing a short list of candidates to replace former Hewlett-Packard Co. CEO Mark Hurd, who resigned Friday. Not surprisingly, some of the names are familiar.
 
Four out of five PC laptops that ship in 2014 are expected to use integrated graphics processors, according to a report from iSuppli.
 
Having been in the enterprise productivity apps game for only three years, Google has made impressive strides with Google Apps, its Web-based messaging and collaboration suite.
 
The Samsung Epic, a smartphone with a physical slideout keyboard that will run on Sprint's WiMax 4G network, could ship by Aug. 21, according to various reports.
 
Some users are angry at Microsoft over snafus in the new Hotmail that have locked them out of their accounts, blocked them from viewing mail or kept them from accessing contacts.
 
Within five years, the traditional IT outsourcing industry will be extinct, argues A.T. Kearney's Arjun Sethi. Most Indian providers will be sidelined or subsumed while the fate of seemingly stalwart U.S. players will hang in the balance. CIO.com talks to Sethi about his bold predictions for the IT outsourcing industry.
 
Samsung has brought out its first portable Blu-ray 3D player, as well as 3D TVs priced starting at $1,099, in an effort to make 3D products accessible to buyers.
 
Microsoft is warning customers that a record number of just-patched bugs will probably be exploited in the next 30 days.
 
Verizon and Google's joint compromise proposal on network neutrality rules has AT&T's blessing.
 

IT Security Pros Mentoring Each Other for Career Growth
CIO
A program started in March called InfoSec Mentors has already paired more than 100 mentors and mentees who share their expertise on technology as well as ...

and more »
 
Broadband adoption in the U.S. grew by 5% over the past year, the smallest increase since 2004, according to a survey that's widely recognized as an authority on broadband use in the country.
 
A new Forrester Research report finds that while a number of open-source BI (business intelligence) offerings are providing many of the capabilities enterprises require, certain shortcomings remain.
 
We have received some reports about a new SSH brute force script, possibly named dd_ssh, that gets dropped onto web servers, most likely via an older phpmyadmin vulnerability. If you have sample log entries from a successful attack or can share a copy of dd_ssh, please let us know.The current DShield figures do show a recent uptick in the number of sources that participate in SSH scanning.
Update 1735UTC: We have received several samples of dd_ssh, with MD524dac6bab595cd9c3718ea16a3804009. If your MD5 differs, please still send us a copy. It also looks like the vulnerability exploited is indeed in phpmyadmin, but seems to be the rather oldCVE-2009-1151. Again, if your infromation differs, please let us know. Thanks to all the ISCreaders who responded so far!
Update 2005UTC:Several readers have identified 91-193-157-206 as the most likely original source of the scanning for phpmyadmin's setup.exe. If successful, two files named vmsplice.txt and dd.txt were downloaded from that same IP. How exactly dd_ssh was installed is not yet clear, but most readers found it in /tmp after a POST request to phpmyadmin/scripts/setup.exe. A running dd_ssh was seen to talk to a bunch of IPs over port 54509 and 54510, this is most likely the CC connection.
Update 2020UTC: We got it reasonably established that the vulnerability exploited to drop the SSH scanner was indeed CVE-2009-1151. C'mon, folks, if you insist to have your phpmyadmin reachable from the Internet (why would you?? Access control isn't hard!) then please at least upgrade to the most current version, which at this time is 2.11.10 or 3.3.5. (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

IT security pros mentoring each other for career growth
ITworld.com
A program started in March called InfoSec Mentors has already paired more than 100 mentors and mentees who share their expertise on technology as well as ...

and more »
 
Plastic Logic has dropped plans to launch its Que e-book reader and will instead concentrating on a second-generation device.
 
Chances are, your PC is pretty tame--you have a beach-scene wallpaper, the default Windows 7 Aero theme, and a standard-issue Dell keyboard. But you don't have to settle for the ordinary. It's time to mix things up with a few easy ways to make everybody say "Wow."
 
Kobo announced that some bestselling books from Random House will be available free on Kobo eReaders to guests at 10 Fairmont hotels in the U.S. and Canada.
 
Indian government officials plan to meet on Thursday with mobile operators to discuss access to BlackBerry data, according to informed sources.
 
Find out which of the leading browsers is the perfect balance of features, speed, innovation, and flexibility for you
 
Apple's iPhone has always had something of an image problem in the workplace, but updates to the phone's operating system have made it easier to manage -- and secure -- than ever before.
 
Forget the fight with Microsoft. Now it looks like Google may be looking to take on social networking behemoth Facebook.
 
Even if early adopters forgive Dell for release snafus, the Streak's price seems high to some for a phone, and people will compare it with Apple's iPad tablet.
 
Researchers at Russian security company Kaspersky Lab say they've discovered the first malicious software program to target Google's Android mobile operating system.
 
InfoSec News: Notacon 2011 registrations now open! Also, new venue!: http://www.notacon.org/prereg.html
Forwarded from: Froggy <froggy (at) notacon.org>
Tyger and I are having a ball here at the Grand Traverse Frag Fest in Traverse City, Michigan! To celebrate this event, Notacon 2011 registration is now open! There are a few changes from previous years, [...]
 
InfoSec News: 4Chan Founder Moot's Weird Testimony In Sarah Palin Email Hacking Trial: http://www.businessinsider.com/4chan-founder-moots-weird-testimony-in-sarah-palin-email-hacking-trial-2010-8
By Nick Saint Business Insider Aug. 10, 2010
The Smoking Gun has dug up some entertaining testimony from the trial of David Kernell, the 22 year-old hacker convicted of breaking in to then vice-presidential candidate Sarah Palin's email in 2008.
Specifically, it's the testimony of Christopher 'Moot' Poole, founder and administrator of 4Chan, the image board on which Palin's password was posted.
Moot was called in to testify about 4Chan and the data he turned over to investigators. But, for some reason, both the prosecution and defense felt the need to question him about 4Chan slang. Nothing in the rest of the testimony makes it clear why these questions needed to be asked, but they're a lot of fun:
[...]
 
InfoSec News: How an ancient printer can spill your most intimate secrets: http://www.theregister.co.uk/2010/08/10/side_channel_printer_attack/
By Dan Goodin in San Francisco The Register 10th August 2010
Researchers have devised a novel way to recover confidential messages processed in doctors' offices and elsewhere by analyzing the sounds made [...]
 
InfoSec News: FCC charts 'Cybersecurity Roadmap' with public's help: http://fcw.com/articles/2010/08/10/web-fcc-cybersecurity-roadmap.aspx
By Ben Bain FCW.com Aug 10, 2010
The Federal Communications Commission wants help in developing its plan for dealing with vulnerabilities of core Internet protocols and technologies, as well as online threats to consumers, businesses and government agencies.
The FCC posted a public notice Aug. 9 requesting comments on the role the commission should play in cybersecurity programs. Those comments will be used as the commission develops its cybersecurity plan or “Cybersecurity Roadmap.”
The road map was called for in the FCC’s overall plan to expand broadband access in the United States. That overall strategy, called the National Broadband Plan (NBP), was released by the commission in March.
[...]
 
InfoSec News: McAfee Says Security Industry Failing On Cybercrime: http://www.informationweek.com/news/security/management/showArticle.jhtml?articleID=226600352
By Mathew J. Schwartz InformationWeek August 10, 2010
Antivirus vendor McAfee has called on security researchers and the security industry at large to go on the offensive against criminals and [...]
 
InfoSec News: Zeus Trojan steals $1 million from U.K. bank accounts: http://news.cnet.com/8301-27080_3-20013246-245.html
By Elinor Mills InSecurity Complex CNet News August 10, 2010
Consumers and businesses in Great Britain have lost more than $1 million so far this summer from a Trojan that is infecting their computers, [...]
 
InfoSec News: UNCG Discovers Health Information Security Breaches; 2,500 Being Notified: http://www.uncg.edu/ure/news/stories/2010/aug/breaches080910.htm
By University Relations Contacts: Michelle Hines, (336) 334-3207 Lanita Withers Goins, (336) 334-3890
Posted 8-9-10
GREENSBORO, N.C. -- Computer security breaches at two UNCG clinics [...]
 
As Demand Media gears up for its initial public offering, anti-spam advocates and online crime fighters say that the company needs to clean up its act.
 
Taiwan Semiconductor Manufacturing Company (TSMC) plans to break ground on its first solar cell factory before the end of this year, a company representative said Wednesday.
 
Thirteen turned out to be a lucky number for Semiconductor Manufacturing International Corporation (SMIC), which reported a net profit for the second quarter, its first in thirteen straight quarters.
 

Posted by InfoSec News on Aug 10

http://www.businessinsider.com/4chan-founder-moots-weird-testimony-in-sarah-palin-email-hacking-trial-2010-8

By Nick Saint
Business Insider
Aug. 10, 2010

The Smoking Gun has dug up some entertaining testimony from the trial of
David Kernell, the 22 year-old hacker convicted of breaking in to then
vice-presidential candidate Sarah Palin's email in 2008.

Specifically, it's the testimony of Christopher 'Moot' Poole, founder
and administrator...
 

Posted by InfoSec News on Aug 10

http://www.theregister.co.uk/2010/08/10/side_channel_printer_attack/

By Dan Goodin in San Francisco
The Register
10th August 2010

Researchers have devised a novel way to recover confidential messages
processed in doctors' offices and elsewhere by analyzing the sounds made
when documents are reproduced on dot-matrix printers.

This so-called side-channel attack works by recording the “acoustic
emanations” of a confidential document being...
 

Posted by InfoSec News on Aug 10

http://fcw.com/articles/2010/08/10/web-fcc-cybersecurity-roadmap.aspx

By Ben Bain
FCW.com
Aug 10, 2010

The Federal Communications Commission wants help in developing its plan
for dealing with vulnerabilities of core Internet protocols and
technologies, as well as online threats to consumers, businesses and
government agencies.

The FCC posted a public notice Aug. 9 requesting comments on the role
the commission should play in cybersecurity...
 

Posted by InfoSec News on Aug 10

http://www.informationweek.com/news/security/management/showArticle.jhtml?articleID=226600352

By Mathew J. Schwartz
InformationWeek
August 10, 2010

Antivirus vendor McAfee has called on security researchers and the
security industry at large to go on the offensive against criminals and
pursue "a more proactive strategy for fighting cybercrime."

"Cybercriminals prosper because they have very little reason to fear the...
 

Posted by InfoSec News on Aug 10

http://news.cnet.com/8301-27080_3-20013246-245.html

By Elinor Mills
InSecurity Complex
CNet News
August 10, 2010

Consumers and businesses in Great Britain have lost more than $1 million
so far this summer from a Trojan that is infecting their computers,
prompting them to log into their bank accounts, and then is
surreptitiously transferring money to scammers in other countries,
security researchers said on Tuesday.

About 3,000 bank...
 

Posted by InfoSec News on Aug 10

http://www.uncg.edu/ure/news/stories/2010/aug/breaches080910.htm

By University Relations
Contacts: Michelle Hines, (336) 334-3207
Lanita Withers Goins, (336) 334-3890

Posted 8-9-10

GREENSBORO, N.C. -- Computer security breaches at two UNCG clinics
allowed unauthorized access to information about more than 2,500
individuals.

The university has mailed letters to the last known addresses of those
whose personal information was exposed and...
 

Posted by InfoSec News on Aug 10

http://www.notacon.org/prereg.html

Forwarded from: Froggy <froggy (at) notacon.org>

Tyger and I are having a ball here at the Grand Traverse Frag Fest in
Traverse City, Michigan! To celebrate this event, Notacon 2011
registration is now open! There are a few changes from previous years,
including some modest price increases. New this year, groups can
register and pay online. Also, we are introducing a limited number of
reduced rate...
 

Same Goal, Differing Approach to Certification
BankInfoSecurity.com (blog)
In the blog, I observed: "Many certification programs are tailored to prepare infosec pros to fill out checklists to conform with the Federal Information ...

 
Organizations that are interested in using open source in their own products but are wary of intellectual property issues might want to examine a new, mostly free, assistance program just launched by the non-profit Linux Foundation.
 

Internet Storm Center Infocon Status