InfoSec News

Looking ahead to growing demand for bandwidth to feed large companies and computing clouds, Verizon Communications announced steps on Friday to increase the speed of the links its enterprise customers can buy and to make its network connections more resilient.
Facebook said on Friday that it intends to make further changes to its privacy policy in order to respond to an audit by the Irish government, but privacy advocates saw the move as an inadequate attempt to quell privacy concerns prior to Facebook's planned initial public offering.
Experts suggest patience when dealing with this month?s round of Microsoft updates.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Samsung's Galaxy Tab 2 10.1 is set to go on sale at retailers nationwide Sunday for $399.99, furthering the variety of tablet sizes from the vendor.
Adobe has told users of its Creative Suite, which includes the company's premier products like Photoshop and Illustrator, to spend $375 to upgrade if they want patches for eight critical vulnerabilities.
Microsoft's move to boost Bing's social networking feaures could finally give it an opportunity to truly take on Google's dominant search engine, analysts say.
iHome's $200 iW2 AirPlay speaker system is the company's follow-up to the iW1 ( Macworld rated 3 out of 5 mice ), and it's currently the entry-level AirPlay receiver to beat.
For more than 30 years, Gartner has dominated the IT analyst market. CIO.com columnist Rob Enderle sees Ombud, a new analyst firm focusing on social CRM and pulling member profiles from LinkedIn, as a viable challenge to a firm founded before there were even PCs.
The U.K. website of Amnesty International, a human rights watchdog organization, was compromised by hackers, who used it to infect visitors with a remote access Trojan horse program known as Gh0st RAT.
Attendees at the Conference on Human Factors in Computer Systems (CHI) this week saw a device that looks something like a lamp shade and houses a projector and camera, designed to let a worker share a physical desktop with another, allowing the two to collaborate on a project in ways not otherwise possible.
Microsoft will reportedly kick off a Windows 8 upgrade program for buyers of Windows 7 PCs in early June.
Amazon Web Services users can now start receiving billing alerts that help them continuously monitor their cloud costs, the company said on Thursday.
SAP has certified its Business All-in-One ERP application for cloud-based deployments on Amazon Web Services, the companies announced Friday.
AT&T has recently been in talks to buy Leap Wireless, a carrier operating in 35 states with 6 million customers, according to Reuters.
A range of tech vendors including Cisco Systems, Silicon Graphics International, BMC Software and CA Technologies this week reported quarterly earnings that had some solid numbers, but a cautious outlook for the rest of the year is spooking market watchers.
eZ Publish 'ezjscore' Module Cross Site Scripting Vulnerability
Galette 'picture.php' SQL Injection Vulnerability
SPIP Multiple Unspecified Cross Site Scripting Vulnerabilities
The ISC Links page at https://isc.sans.edu/links.html is a categorized list of information links. You can get to the page by the top-right menu and choosing Tools-Links. The list lets you vote a link up or down and there's even a form to suggest new links! Results are not updated realtime. Voting and URL addition is subject to approval.
Link List - https://isc.sans.edu/links.html#list

Links are listed down by most-to-least votes
Categories:Internet Status, Malware Information, Security Dashboards, Security Blogs, Vendor Security Advisories
Vote in favor or against a link
You may vote as many times as you wish, but only one vote per URL will count.

Add a new Site - https://isc.sans.edu/links.html#add

You must be logged in to submit links
Category: Choose an appropriate category for you link
URL:Paste in the url you wish to submit
Site Name: Enter a name for the URLyou are submitting
Click Submit to suggest the link for the page

Some hints:

Submit URLs that point to home pages / main pages, not to specific articles.
The page should be related to infosec, internet status or any of the other categories
If you submit a blog: It needs to have a few posts first.
We try to avoid linking directly to sites providing exploits.
Please let us know if we should add categories to the list.

Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form

Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center - https://isc.sans.edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
While Facebook executives talk to the country's top investors about its 900 million users and its powerful global reach, analysts say they need to explain how they're going to fix one glaring problem -- mobile.
Linux Kernel Hugepages CVE-2012-2133 Local Denial of Service Vulnerability
RETIRED: Apple Mac OS X Security Update 2012-002 Multiple Security Vulnerabilities
Backgammon is a board game that is perfectly suited to iOS devices. The shape of the board fits the iPhone and iPad, and the gameplay--rolling dice and moving pieces--is greatly simplified when you tap to perform these tasks. Over the past few months, I've tried out a number of backgammon apps, and two stand out: Backgammon NJ (available for the iPad in a separate version called Backgammon NJ HD), and FaceMe Backgammon.
Ruby on Rails Multple Cross Site Scripting Vulnerabilities

'Apocalypse Now' meets #infosec
CSO (blog)
Being a pop culture junkie, I often find myself comparing the fictional world with the real-life world of information security. If I wrote about plumbing, I suppose I would find myself comparing some movie or musical piece to that.


Quocirca's Report from Infosecurity Europe 2012
Computing (blog)
April 24 to 26 was Infosecurity Europe (InfoSec) at Earl's Court, the biggest such trade show in Europe, and the following week was the Eskenzi PR annual IT Security Analysts Conference and CISO Forum (a gathering of chief information security officers ...

Samsung Electronics Friday announced the Samsung Omnia M, a Windows Phone with a 4-inch Super AMOLED display that will first become available in Europe.
Samsung Electronics may challenge the validity of Apple's intellectual property claims before the Regional Court in Mannheim, Germany, rules on whether the company has infringed them, the court said on Friday. It is the second time in two weeks that the Mannheim court has decided to wait for a validity verdict from the Federal Patent Court before ruling on an infringement case.
Twitter has acquired RestEngine, a two-and-half-year-old company that has helped social app publishers send emails based on a user's social graph, RestEngine said on Thursday.
t2'12: Call for Papers 2012 (Helsinki / Finland)
Nearly one in three smartphones sold in Japan last fiscal year was an iPhone, pushing Apple's sales far ahead of main rival Samsung in the country, according to data published by a local research firm.
When you buy a smartphone, what kind of camera are you really getting? We explain the technology of camera phones, what's available today and what's on the horizon.
U.S. Senator Al Franken has in a letter asked the Department of Justice for information on its practices in requesting location information from wireless carriers.
Two issues exposed financial data and Social Security numbers for 350,000 people, although it is thought the information has not been abused, the University of North Carolina at Charlotte said.
Megaupload filed a motion in federal court on Thursday asking to delay a civil suit filed against the file-sharing site while it prepares a defense for its criminal case.
Two wrongs don't make a right, Mozilla's chief counsel said Thursday when asked why his company hasn't lambasted Apple, as it did Microsoft, for blocking rival browsers from its mobile operating system.
Mozilla Firefox/Thunderbird/Seamonkey CVE-2012-0471 Cross Site Scripting Vulnerability
ESA-2012-019: EMC Documentum Information Rights Management Multiple Vulnerabilities
Adobe Photoshop CS5.1 U3D.8BI Library Collada Asset Elements Stack Based Buffer Overflow Vulnerability
[SECURITY] [DSA 2469-1] linux-2.6 security update
[ MDVSA-2012:072 ] roundcubemail

Posted by InfoSec News on May 11


By Shane Harris
May 10, 2012

Here's the first thing you need to know about a reported "cyber attack"
against natural gas pipeline operators that was revealed last week: It
wasn't actually an attack--not on the pipelines anyway, which is how it
has been portrayed in some news...

Posted by InfoSec News on May 11

Forwarded from: cfp (at) ruxcon.org.au

_________/_ _ _ _\________
\ / _______\ \__/_ _ _ _ _ _/_________/_
_/ __/_______/ \\ __/ __________/ _/___
_\ \__ / _ / \___ ___________ __\______ \__ /
//____ /________\\ /_\ _ /_\ _/ / _/ /
/____________\ \________/ /____/_____...

Posted by InfoSec News on May 11


By Gilbert P. Felongco
Gulf News
May 10, 2012

Manila: The government technology arm has warned foreign as well as
Philippine based hackers against vandalising Internet websites as it
further cautioned that such actions could only serve to ramp up the
conflict to more destructive proportions.

The Department of...

Posted by InfoSec News on May 11


The Secunia Weekly Advisory Summary
2012-05-03 - 2012-05-10

This week: 24 advisories

Table of Contents:

1.....................................................Word From Secunia...

Posted by InfoSec News on May 11


By Kelly Jackson Higgins
Dark Reading
May 10, 2012

A new top-level domain (TLD) in the works for the Internet will bake
security in from the outset: The .secure domain will require fully
encrypted HTTPS sessions and a comprehensive vetting process for
websites and their operators. If the new domain takes off,...
Adobe Photoshop 'U3D.B8I' Library Remote Buffer Overflow Vulnerability
Internet Storm Center Infocon Status