Share |

InfoSec News

A one-of-its-kind early warning system provided seconds of advance notice to many residents of Tokyo shortly before a massive earthquake rocked the Japanese capital on Friday afternoon.
 
In a filing with the SEC on Friday, Nokia laid out the threats it faces as part of its planned deal with Microsoft to use Windows Phone 7 on its smartphones.
 
Braving rain and cold, eager customers lined up on Friday outside Apple's retail store on Fifth Avenue in New York to purchase the iPad 2, which officially went on sale at 5 p.m. Eastern Time.
 
Braving rain and cold, eager customers lined up on Friday outside Apple's retail store on Fifth Avenue in New York to purchase the iPad 2, which officially went on sale at 5 p.m. Eastern Time.
 
With 802.11n ratification a distant memory, news reports regarding this giant leap in WLAN capability have also waned. But while 11n has quietly receded into the background, WLANs have crept out of our data-only world and taken flight as full-fledged network platforms.
 
The U.S. Federal Trade Commission has closed the book on its legal action against Twitter, stemming from two 2009 hacking incidents where high-profile Twitter users -- including President Barack Obama -- lost control of their accounts.
 
Undersea telecommunications cables in and out of Japan seem to have mostly survived the devastating earthquake that struck the country on Friday.
 
Wireshark NTLMSSP NULL Pointer Dereference Denial Of Service Vulnerability
 
Microsoft today reminded customers that it will pull the support plug for the aged Office XP in July.
 
When the earthquake struck in Japan midafternoon, Jason Park was in his office in Tokyo, on the 39th floor. It started with a mild tremor, something that happens every few months.
 
As the deadly tsunami generated by Friday's massive earthquake off the coast of Japan headed toward the U.S., scientists at NOAA's Center for Tsunami Research tracked its progress in real-time.
 
Software development company MasterObjects sued Amazon and Google this week, charging the companies with infringing on a patent for technology that presents possible complete search terms as users type in a search bar.
 
The devastating earthquake that struck Japan today could affect DRAM and NAND flash memory production, causing shortages and price hikes.
 
Once again, social networking tools Twitter and Facebook are proving to be lifelines in times of crisis.
 
InfoWorld news quiz: March 11, 2011 -- HP to unveil new tricks, Facebook takes on Netflix
 
SAP announced Friday it has integrated its in-memory HANA (High-Performance Analytic Appliance) with IBM's DB2 database, a move that underscores the companies' increasing alignment against rival Oracle and its Exadata platform.
 
A U.S. Senate antitrust subcommittee will investigate search and broadband competition over the next two years.
 
The devastating earthquake that struck Japan today could affect DRAM and NAND flash memory production, causing shortages and price hikes.
 
Hints reader vczilla discovered a solution to one of OS X's most vexing features: When you summon Help in almost any Mac app, the Help Viewer window floats on top of every other open window. Even if you switch from the Help Viewer to another app, the Viewer window stays on top. This can be a real hassle.
 
Microsoft on Thursday said its Internet Explorer 9 does not contain the bug exploited this week by an Irish researcher at the Pwn2Own hacking contest.
 
Your iPad 2 is so close, you can almost hear the click of your new Smart Cover snapping into place. But if you already own the original iPad, you should take time now to prepare your migration from that device to the iPad 2. With advanced planning, you'll be ready to start playing with your new tablet practically from the moment you open up the box.
 
Calxeda on Friday revealed initial details about its first ARM-based server chip, designed to let companies build low-power servers with up to 480 cores.
 
Apple started selling its new iPad 2 earlier today through its online store, but shipping delays mounted as immediate supplies vanished.
 
Verizon Wireless started pushing a Motorola Xoom software update today that includes support for Flash Player 10.2, which Xoom tablet users will have to download on March 18 via Android Market.
 
[SECURITY] [DSA 2190-1] wordpress security update
 
DC4420 - London DEFCON - March meet - Tuesday 22nd March 2011
 
Apache Tomcat '@ServletSecurity' Annotations Security Bypass Vulnerability
 
Google was quick to launch a version of its People Finder service to help people find each other in the wake of the devastating 8.9 magnitude earthquake that hit Japan Friday.
 
Japan's 8.9-magnitude earthquake and the tsunami it spawned on Friday disrupted communications while killing an unknown number of people and causing major damage.
 
It's exciting to buy a new computer. As soon as you haul the laptop home from the store, or the delivery truck drops off the extra-large box, you just want to tear into your new machine and see what it's capable of. If you want to have a better experience, however, you'll stop, take a few deep breaths, and do a little preparatory work first. Taking a bit of time to set up your new PC can make a world of difference in its performance, its long-term stability, and your personal sanity. Besides, your old PC almost certainly has some data on it that you'll want to move to the new one, and that's a task best not delayed.
 
Medium severity flaw in QNX Neutrino RTOS
 
Swiss Cyber Storm 3 2011 Announcement
 
Re: HTB22874: Path disclosure in Lazyest Gallery wordpress plugin
 
InfoSec News: Techies Get to Work at Hacker Dojo: http://online.wsj.com/article/SB10001424052748703386704576186530946790912.html
By GEOFFREY A. FOWLER The Wall Street Journal March 10, 2011
MOUNTAIN VIEW -- In Silicon Valley, sometimes even computer geeks want a little human contact. And one place they gather is Hacker Dojo in [...]
 
InfoSec News: Stolen laptop creates concern for OrthoMontana patients: http://billingsgazette.com/news/local/crime-and-courts/article_94661460-7145-57e2-8670-1548341b0588.html
By Rob Rogers The Billings Gazette March 10, 2011
OrthoMontana is scrambling to warn current and past patients that their personal information may be on a laptop computer that was recently [...]
 
InfoSec News: iPhone, BlackBerry tumble to Pwn2Own hackers: http://www.computerworld.com/s/article/9214169/iPhone_BlackBerry_tumble_to_Pwn2Own_hackers
By Gregg Keizer Computerworld March 10, 2011
Apple's iPhone 4 and RIM's BlackBerry Torch 9800 both succumbed to hackers today at Pwn2Own, but two other smartphones running Android and [...]
 
InfoSec News: Electronic Health Records Raise Security Risks: http://www.informationweek.com/news/healthcare/security-privacy/showArticle.jhtml?articleID=229300722
By Nicole Lewis InformationWeek March 10, 2011
According to a survey of 1,000 people who recently visited a healthcare facility, 49% believe that electronic health records (EHRs) will have a [...]
 
InfoSec News: New Jersey Nearly Sold Secret Data: http://www.nytimes.com/2011/03/10/nyregion/10computers.html
By RICHARD PÉREZ-PEÑA The New York Times March 9, 2011
Files on abused children. Employee evaluations. Tax returns. A list of computer passwords. Names, addresses, birth dates and other information [...]
 
InfoSec News: Secunia Weekly Summary - Issue: 2011-10: ========================================================================
The Secunia Weekly Advisory Summary 2011-03-03 - 2011-03-10
This week: 67 advisories [...]
 
InfoSec News: Man allegedly hacked boss's e-mail after firing: http://www.sheboyganpress.com/article/20110311/SHE0101/103110440/Man-allegedly-hacked-boss-s-e-mail-after-firing
Sheboygan Press staff March 10, 2011
A 19-year-old Plymouth man was charged Wednesday for allegedly hacking into his former boss's e-mail account after being fired, using it to [...]
 
A large earthquake shook the Japanese capital Tokyo on Friday afternoon knocking items from shelves and sending people under tables.
 
Multiple Vendors STARTTLS Implementation Plaintext Arbitrary Command Injection Vulnerability
 
Linux Kernel 'fs/partitions/ldm.c' Buffer Overflow and Denial of Service Vulnerabilities
 
There will probably be some emails scams and malware circulating regarding the recent Japanese earthquake that occurred overnight. If you receive such emails, could you provide samples using our contact form?
Be aware off
Fraudulent Organizations: If possible, donate to organizations you know and trust, not to new organizations just set up for this particular event. The IRS maintains a list of tax exempt charitable organizations [1]. This list is not 100% up to date, and it takes a while for a new organization to be added. But it can serve as a first sanity check.
Malware: Malware may be advertised as a video report of the event or come under other pretenses.
Update 1: Reports are already showing Fake AV exploiting the Japanese earthquake. Some of the sites to watch for are listed here. Other reports have been added as comments.
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The Black Hat Europe conference in Barcelona next week will feature a keynote on cyberwar from Bruce Schneier, and presentations on security flaws in Apple's Mac OS X and SAP's business software.
 

Posted by InfoSec News on Mar 11

http://billingsgazette.com/news/local/crime-and-courts/article_94661460-7145-57e2-8670-1548341b0588.html

By Rob Rogers
The Billings Gazette
March 10, 2011

OrthoMontana is scrambling to warn current and past patients that their
personal information may be on a laptop computer that was recently
stolen from the company.

The Billings orthopedic and sports medicine practice has sent letters
across the city to those who may have been impacted....
 

Posted by InfoSec News on Mar 11

http://www.computerworld.com/s/article/9214169/iPhone_BlackBerry_tumble_to_Pwn2Own_hackers

By Gregg Keizer
Computerworld
March 10, 2011

Apple's iPhone 4 and RIM's BlackBerry Torch 9800 both succumbed to
hackers today at Pwn2Own, but two other smartphones running Android and
Windows Phone 7 were unchallenged, the contest's sponsor said.

Charlie Miller became the first "four-peat" at Pwn2Own when he teamed
with Dion Blazakis to take...
 

Posted by InfoSec News on Mar 11

http://www.informationweek.com/news/healthcare/security-privacy/showArticle.jhtml?articleID=229300722

By Nicole Lewis
InformationWeek
March 10, 2011

According to a survey of 1,000 people who recently visited a healthcare
facility, 49% believe that electronic health records (EHRs) will have a
negative impact on the privacy of their personal health information.

The findings of the survey, "Elevated Heart Rates: EHR and IT Security,"...
 

Posted by InfoSec News on Mar 11

http://www.nytimes.com/2011/03/10/nyregion/10computers.html

By RICHARD PÉREZ-PEÑA
The New York Times
March 9, 2011

Files on abused children. Employee evaluations. Tax returns. A list of
computer passwords. Names, addresses, birth dates and other information
on hundreds of foster children and abused children. And, of course,
Social Security numbers.

The information could hardly have been more sensitive — the raw material
of identity...
 

Posted by InfoSec News on Mar 11

========================================================================

The Secunia Weekly Advisory Summary
2011-03-03 - 2011-03-10

This week: 67 advisories

========================================================================
Table of Contents:

1.....................................................Word From...
 

Posted by InfoSec News on Mar 11

http://www.sheboyganpress.com/article/20110311/SHE0101/103110440/Man-allegedly-hacked-boss-s-e-mail-after-firing

Sheboygan Press staff
March 10, 2011

A 19-year-old Plymouth man was charged Wednesday for allegedly hacking
into his former boss's e-mail account after being fired, using it to
delete the man's Facebook and MySpace pages and send discrediting
e-mails.

Eugene A. Osbahr, of 621 McColm St., could face up to two years behind
bars...
 

Posted by InfoSec News on Mar 11

http://online.wsj.com/article/SB10001424052748703386704576186530946790912.html

By GEOFFREY A. FOWLER
The Wall Street Journal
March 10, 2011

MOUNTAIN VIEW -- In Silicon Valley, sometimes even computer geeks want a
little human contact. And one place they gather is Hacker Dojo in
Mountain View, which fashions itself as a shared office space crossed
with a modern version of the famed 1970s Homebrew Computer Club, an
incubator for early...
 
I have just released an updated CD of a hardened OS that includes Snort IDS sensor (version 2.9.0.4) with all the Sguil components ready to use. It is available in two versions, 32-bit and 64-bit. The CD has 3 options: sensor only, database only or all components on the same system.



The CD includes some new tools and updated scripts. The install.pdf document on how to install and configure the system is located in the rel_note directory.
Checksum for 32-bit available here and 64-bit available here.



-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A large earthquake shook the Japanese capital Tokyo on Friday afternoon knocking items from shelves and sending people under tables.
 
A large earthquake shook the Japanese capital Tokyo on Friday afternoon knocking items from shelves and sending people under tables.
 
A large earthquake shook the Japanese capital Tokyo on Friday afternoon knocking items from shelves and sending people under tables.
 


Internet Storm Center Infocon Status