Share |

InfoSec News

Thoma Bravo adds to its investment portfolio, which includes Entrust and LANDesk Software.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Cisco Systems plans to eliminate jobs as it focuses in on core businesses such as routing and switching, the company's executives said on Wednesday after announcing an 11 percent decline in third-quarter profit.
 
 
Perhaps it is ironic that the U.S. government antitrust oversight of Microsoft expires on the very same week that Google unveiled its Chromebook.
 
The carrier with the most spectrum says that it doesn't have enough spectrum to build out a nationwide LTE network.
 
Netbooks are so formulaic these days, it's difficult to stand out from the crowd. Samsung, in a small way, has managed that with the $330 (price as of May 11, 2011) NC110. With only the standard netbook 10.1-inch display, the typical 250GB hard drive, and the usual accoutrements, the NC110 instead makes an impression through a combination of styling, battery life, and software. Unfortunately, it also stands out as a slow performer.
 
Count NetSuite among the growing number of SaaS (software as a service) vendors positioning themselves as providers of not just stand-alone applications, but also a rich development stack that partners and customers can use to integrate with and extend the core software.
 
Cisco Systems' revenue for its fiscal third quarter grew less than 5% from a year earlier, while its earnings per share fell 11%, the company reported on Wednesday.
 
A U.S. court's antitrust oversight of Microsoft is ending after eight and a half years, with some observers questioning what the long fight accomplished.
 
Facebook today denied that it may have accidentally exposed personal user data to advertisers and other third parties for several years.
 
Microsoft's $8.5 billion acquisition of Skype could profoundly influence a set of collaboration and conferencing technologies called Unified Communications that have taken years to catch on, analysts said.
 
Several Google security engineers have countered claims that a French security company found a vulnerability in Chrome that could let attackers hijack Windows PCs running the company's browser.
 
A programming bug on Facebook's website may have accidentally given advertisers and others access to a treasure trove of personal information, according to security researchers.
 
Google unleashed Android 3.1 OS for tablets this week, but the buzzier news is that come its next release, dubbed Ice Cream Sandwich and landing this year, the company is putting a fork in "forked" versions of Android. Is one Android for all only good news?
 
Motorola on Wednesday said users of its Xoom tablets on Verizon will be the first to get the new Android 3.1 update and the first to be able to rent movies from the Android Market.
 
Several U.S. senators questioned Wednesday whether AT&T's proposed acquisition of rival mobile carrier T-Mobile USA would be good for customers, with critics saying the deal would create a duopoly in the U.S. mobile telecom business.
 
[security bulletin] HPSBMA02672 SSRT100485 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Local Read and Write Access to Data and Log Files
 
Samsung and Acer will begin selling notebook PCs running Google's Chrome OS in June, as Google presses ahead with its project to position the new operating system designed specifically for Web applications as a viable option for consumers and businesses.
 
[Announcement] ClubHACK Magazine Issue 16-May 2011 released
 
[USN-1131-1] Postfix vulnerability
 
[PRE-SA-2011-04] Heap overflow in EFI partition handling code of the Linux kernel
 
The networking giant found a 400% increase in Android malware and a rise in spyware targeting iPhone and Blackberry devices.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

ChannelBuzz.ca

Cloud computing: the new monoculture
ChannelBuzz.ca
On the final stop of a five-city tour of Canada for Trend Micro's second annual Canada Cloud Security Awareness Week, Genes gave a presentation to gathered business leaders and InfoSec administrators that detailed everything from the current online ...

and more »
 
SPlayer 'Content-Type' Header Remote Buffer Overflow Vulnerability
 
[security bulletin] HPSBMA02642 SSRT100415 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java, Remote Denial of Service (DoS)
 
Apache Struts 2 Multiple Reflected XSS in XWork error pages
 
[SECURITY] [DSA 2235-1] icedove security update
 
ZDI-11-165: HP 3COM/H3C Intelligent Management Center tftpserver opcode_table Remote Code Execution Vulnerability
 
Microsoft is telling Mac Office users it doesn't yet have a fix for a PowerPoint bug that it patched for Windows customers.
 
RETIRED:libxslt 'xsltGenerateIdFunction()' Function Heap Memory Information Disclosure Vulnerability
 

Security Think Tank: What should businesses do to ensure their IT defences ...
ComputerWeekly.com
The presence of APTs in the Infosec landscape is neither surprising nor particularly new. What is changing now is the number of well-organised threat agents and the type of target that is being attacked. The acronym should also be used with care when ...

 
At first glance, Microsoft's whopping $8.5 billion acquisition of Skype may seem like a pure consumer play to bolster Windows Live, Windows Phone 7 and Xbox Kinect-- or an extremely expensive way to prevent Google from gobbling up Skype first.
 
It tethers to your cell but uses satellite to send check-in, track progress or help messages.
 
Visa plans to offer a mobile wallet service that will use near field communications (NFC) and other technologies to allow people to use wireless devices to make retail purchases or complete person-to-person transactions
 
From the Web's early days, companies have struggled to make their sites faster, but the problem remains a thorny one, with new challenges emerging regularly as technology advances.
 
A Google Apps migration is difficult, costly, time-consuming, and virtually unsupported by Google -- so why do it?
 
Linux Kernel Bluetooth Multiple Local Information Disclosure Vulnerabilities
 
Linux Kernel EFI Partition Buffer Overflow Vulnerability
 
WebGL? I had never heard of WebGL before and I'm sure quite a few among our readers are in the same boat. Yet it is implemented in Firefox 4, Chrome and Safari browsers and apparently even turned on by default in Firefox 4 and Chrome. Yet, there's something wrong with its security.
So what is WebGL?
It's a way to let components on webpages display 3Dmodels using the full power of the graphics card in the computer. Effectively this exposes some portions of the graphics card's software via the browser to the Internet.
US-CERT recommends to turn off WebGL in the browsers that do support it (Firefox 4, Chrome, Safari (not enabled by default))
I've looked on my mac how to enable/disable WebGLin Firefox 4, Chrome and Safari, but have been unsuccessful so far as to find even a mention of WebGL in any of them [see below].
References and far more detail:

http://www.contextis.com/resources/blog/webgl/
http://www.us-cert.gov/current/index.html#web_users_warned_to_turn
http://www.theregister.co.uk/2011/05/11/chrome_firefox_security_threat/
http://www.khronos.org/news/permalink/webgl-security

Thanks go to James for the heads-up.
Update: how to disable webgl in firefox 4.0.1:

Type about:config in the address bar. And toggle the webgl.disabled variable to true.

I can confirm this stops webgl from working on demo sites that explain how to use webgl such as http://www.webkit.org/blog-files/webgl/SpiritBox.html. Shows a spinning box if you have webgl, and a rectangle if you don't.
Update:how to disable webgl in chrome:

It needs the --disable-webgl argument on the command line
Update: we will from now on need to keep a much more careful eye on the security issues of graphic card drivers, and get these updated if and when they fix security issues.
Update:if you're using derived browsers from one of the affected browsers, it's a good idea to check if they support WebGL and then contact the makers in order to figure out how to disable it.
--

Swa Frantzen -- Section 66 (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The Google Plugin for Eclipse makes it easier to build native Android apps that can take data with them wherever they go
 
Just over a decade ago, a U.S. District Court judge decided that Microsoft was as much of a threat to the technology sector as Standard Oil was almost a century ago to the oil industry, and with that he ordered Microsoft split into two.
 
Open-source collaboration platform provider Open-Xchange has a released Mobile Web App, which gives smartphone users online and offline access to appointments, e-mails and contacts while on the road, the company said on Tuesday.
 
The Crucial M4 SSD offers better performance than previous SSDs, and it costs less.
 
Google is under investigation by the U.S. Department of Justice in connection with its advertising program, and has set aside $500 million for a potential resolution.
 
A programming bug on Facebook's website may have accidentally given advertisers and others access to a treasure trove of personal information, according to security researchers.
 
Consumer solid-state drives will have a break-out year in 2012 due to falling prices, which will make SSDs a primary storage option for mainstream users.
 

ComputerWeekly.com (blog)

First-generation firewalls do not cut the mustard
ComputerWeekly.com (blog)
In the wake of the InfoSec information security exhibition in London last month, I think I finally have Part II to my blog written to coincide with the event: Infosec 2011: application ...

 

Posted by InfoSec News on May 11

http://www.computerworld.com/s/article/9216602/Microsoft_downplays_Server_bug_threat_say_researchers

By Gregg Keizer
Computerworld
May 10, 2011

Microsoft is downplaying the threat posed by one of the three bugs the
company patched today, said security researchers.

The update in question, MS11-035, patches a single vulnerability in WINS
(Windows Internet Name Service), a component in every supported edition
of Windows Server, including...
 

Posted by InfoSec News on May 11

Forwarded from: noreply (at) crypto.cs.stonybrook.edu

2012 Network and Distributed System Security Symposium

February 5-8, 2012
Hilton San Diego Resort & Spa
San Diego, California

http://www.isoc.org/tools/conferences/ndss/12

Call for Papers

The Network and Distributed System Security Symposium fosters
information exchange among research scientists and practitioners of
network and distributed system security. The target...
 

Posted by InfoSec News on May 11

http://blogs.forbes.com/beltway/2011/05/09/washingtons-cyberwarfare-boom-loses-its-allure/

By Loren Thompson
Business in The Beltway
Forbes.com
May 9, 2011

As federal spending on national security has leveled off in recent
years, big defense contractors have worked hard to secure a role in one
of the few market segments expected to keep growing: cyberwarfare. It’s
a relatively new field where the terminology hasn’t stabilized yet, but...
 

Posted by InfoSec News on May 11

http://www.koreaherald.com/national/Detail.jsp?newsMLId=20110510000312

By Song Sang-ho
The Korea Herald
2011-05-10

North Korea on Tuesday said that South Korea’s recent announcement
pinpointing it as the culprit for the April 12 cyber attack was a
"fabrication," denying its role in the nation’s worst-ever banking
system crash.

The North’s Defense Ministry spokesperson issued a statement, claiming
that the announcement last...
 

Posted by InfoSec News on May 11

http://www.csoonline.com/article/681893/most-companies-skimp-on-third-party-code-checks-study-finds

By George V. Hulme
CSO
May 10, 2011

Those looking for good news when it comes to healthy software
development hygiene are going to be soundly disappointed by today's
news.

In a study conducted by Forrester Consulting, commissioned by software
security firm Coverity, 336 people involved in software development in
North America and...
 


Internet Storm Center Infocon Status