InfoSec News


Messaging Architects Publishes New White Paper on "UK Email Retention Policies ...
TMCnet
... organisations in the data security space; he is director of the Cyber Security Challenge UK, and a member of the InfoSec RSA Conference advisory boards. ...

and more »
 
Yahoo is denying reports that the company is in the midst of a 20% reduction of its workforce.
 
I have been playing with the date command for a while in various Unix shell scripts and found the following date options quite useful.
Setting Unix system date and time

November 13, 06:30 a.m., 2010 do the following: date 111306302010

Unix epoch time to regular time

date d @1289524456 will provide a result of Thu Nov 11 20:14:16 EST 2010

Unix date to epoch time

date +%s -d 2010-11-03 will provide a result of 1288756800

Unix epoch time to print only the time Fri Sep 10 10:00:01 EDT 2010

date -d @1288310401 +%k:%M will provide a result of 20:00 hours

Print yesterday's date (today - 1) in the Year-Month-Day format

date --date -1 days +%Y-%m-%d will produce a result of 2010-11-10

Print last month's date (today - 1 month) in the Year-Month-Day format

date --date -1 month +%Y-%m-%d will produce a result of 2010-10-11

You can also check the Unix man pages to display other time/date combination. If you know other date tricks you would like to share, you can send them via our contact page and I will added them to this diary.
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Some people speculated that Mark Hurd joined Oracle to get back at his former employer, Hewlett-Packard, but on Thursday he described other reasons for taking the job.
 
Back in September, we mentioned that Acer was planning to update its TimelineX series by cramming an Intel Core i7 processor into an 11.6-inch ultraportable laptop. Well, the company succeeded. The Acer Aspire TimelineX 1830T-68U118 packs a ton of processing power into a netbook-size package, and still manages to include a full-size keyboard.
 
Best methods for navigating the POS security standard minefield
 
Third parties, not Google, would be liable for any Java copyright violations in the Android mobile OS, according to a filing the vendor made Wednesday in U.S. District Court for the Northern District of California.
 
Three men have been arrested on phishing charges after local police got a tip that somebody was sending boxes filled with computer equipment to abandoned houses in Lake Charles, La.
 
Apple iOS and Mac OS X URI Stack Based Buffer Overflow Vulnerability
 
Expat XML Parsing Remote Denial of Service Vulnerability
 
The Fake Anti-Virus guys are currently peddling their goodsvia alarming messages posted on Skype chat. Messages look like this:
Thursday, November 11, 2010

[1:59:08 PM EDT] Online Support: WINDOWS REQUIRES IMMEDIATE ATTENTION

URGENT SYSTEM SCAN NOTIFICATION ! PLEASE READ CAREFULLY !!
hxxp://www. updatevr. com/
For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser !
I added the spaces to the URLto keep you from clicking - visit at your own risk. The site redirects a couple times, and then offers the usualfake AV for only 19.95. Thanks to ISCreader John for the sample.
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Riverbed is launching two new products that can make cloud services faster by accelerating traffic and also more economical by reducing corporate data center and storage costs.
 
If you find yourself using Facebook to send out work-related emails to coworkers, you're not alone.
 
The industry that often lags in infosecurity is setting the pace in providing business intelligence
 
A lot of people in Washington, D.C., talk about the cost of the digital divide, but the Internet Innovation Alliance has assigned an actual number to the value of a broadband subscription: about $7,700 a year.
 
Verizon Business plans to set up a 100-Gigabit Ethernet link between Paris and Frankfurt on its European backbone network.
 
Expat UTF-8 Character XML Parsing Remote Denial of Service Vulnerability
 
Dell on Thursday acknowledged that some of its recently shipped Venue Pro smartphones have issues relating to Wi-Fi connectivity and mislabeled batteries, and is offering customers replacements.
 
A purported AT&T document posted on a tech news Web site says the carrier will start selling the Galaxy Tab tablet on Nov. 21 for $650 without a service contract.
 
With the release of Firefox 4 Beta 7, Mozilla returned to near the top spot in browser performance rankings.
 
Amazon.com may be one of the largest online retailers in the world, but it apparently doesn't want to risk the ire of people who use the world's top social networks.
 
Windows Phone 7 smartphones have only been on sale for four days through two wireless carriers in the U.S. and already Microsoft is saying 'initial supplies are tight.'
 
Todd Miller Sudo 'secure path' Security Bypass Vulnerability
 
Oracle may have raised the price of an entry-level support contract for its MySQL database, but customers are going to get a lot more than they did from former owner Sun Microsystems, according to an official blog post Wednesday.
 
Google has released Refine 2.0, a tool that it acquired when it purchased Freebase Gridworks
 
Linux Kernel 'net/core/filter.c' Local Information Disclosure Vulnerability
 
RockMelt is the latest attempt to combine Web browsing with social networking. Still in beta, it succeeds -- to a point.
 
Google is denying Oracle's allegation that it directly copied lines of Oracle's Java code for its Android mobile OS, according to a court filing made Wednesday in U.S. District Court for the Northern District of California.
 
The Samsung Galaxy Tab is the first Android tablet that has what it takes to challenge Apple's dominant iPad.
 
Samsung Electronics and LG Display have developed prototype flexible displays that can be gently bent while continuing to show images. The displays are the latest in a line of research projects from major display makers that point to growing interest in screens that can be bent, curved or flexed.
 
Malware writers see Java as a soft target because enterprises are not keeping it patched.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
The Samsung Galaxy Tab ($399 with a two-year contract on T-Mobile as of November 11, 2010) is the first Android tablet that has what it takes to challenge Apple's dominant iPad. Available from five domestic wireless carriers--AT&T, Sprint, T-Mobile, U.S. Cellular, and Verizon--the Galaxy Tab's hardware is similar across providers. The big differences lie in service pricing, whether the carrier takes advantage of the Tab's mobile-hotspot capability, and whether the device has a SIM-card slot (CDMA-based Sprint and Verizon units lack this feature). Overall, you can expect the Tab models to be similar in use, with minor differences in which apps are installed from the get-go.
 
The reviews are in and the Samsung Galaxy Tab one-panel slate is a hit, mostly. Reviewers don't appear to be bothered by the Galaxy Tab's diminutive size compared to the iPad, no matter what Apple CEO Steve Jobs says. And most see the Galaxy Tab as a credible competitor to the iPad. Will the Galaxy Tab win over your heart? Will Samsung sell one million Galaxy Tabs before the end of the year, or will the electronics maker be forced to come out with a 10-inch Galaxy Tab in the near future?
 
Malcolm Byrne asked me how to configure Windows Explorer to open to a specified folder each time.
 
QtWeb Browser Buffer Overflow Vulnerability
 

Skills deficit leaving IT security jobs unfilled
Siliconrepublic.com
“Despite the recession, a lot of infosec roles are not being filled due to lack of talent,” said Brian Honan, head of IRISSCERT, the Irish Reporting and ...

 
Salesforce.com does not plan to spread its wings to offer its large customer base other applications besides its CRM applications, a company executive said.
 
Apple this week patched a record 134 Mac OS X vulnerabilities, easily topping the previous record of fixing 90 flaws in March.
 
Wireless charging systems used to require a chunky receiver case on your smartphone. A new kit for the iPhone 4 still uses a receiver case but cuts the bulk considerably.
 
Internet giants Google and Facebook have been having a war of words this week over user data portability.
 
InfoSec News: Who's Inside the New U.S. Cyber Command?: http://spectrum.ieee.org/tech-talk/at-work/tech-careers/whos-inside-the-new-us-cyber-command
By David Kushner IEEE Spectrum November 08, 2010
Last Wednesday, the Department of Defense finally announced that the "U.S. Cyber Command has achieved full operational capability. [...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, October 31, 2010: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, October 31, 2010
6 Incidents Added.
======================================================================== [...]
 
InfoSec News: NSA: Our Development Methods Are in the Open Now: http://threatpost.com/en_us/blogs/nsa-our-development-methods-are-open-now-111010
By Dennis Fisher threatpost November 10, 2010
WASHINGTON -- Despite its reputation for secrecy and technical expertise, the National Security Agency doesn't have a set of secret [...]
 
InfoSec News: Computer Virus Leads to $20 Million Scam Targeting Pianist Composer: http://www.wired.com/threatlevel/2010/11/pianist-composer-bilked/
By Kim Zetter Threat Level Wired.com November 9, 2010
A noted classical pianist, composer and Latin music producer found himself drawn into an elaborate years-long extortion scheme that cost [...]
 
InfoSec News: THOTCON 0x2 - Chicago's Hacking Conference - Speakers/Talks/Tickets: Forwarded from: c7five <c7five (at) thotcon.org> THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a small venue hacking conference based in Chicago IL, USA. This is a non-pr ofit, non-commercial event looking to provide the best conference possible on a very limited budget. [...]
 
InfoSec News: China to issue unified rules on sentencing for cyber attack crimes: http://news.xinhuanet.com/english2010/china/2010-11/10/c_13600869.htm
Editor: Mu Xuequan English.news.cn 2010-11-10
BEIJING, Nov. 10 (Xinhua)-- China will issue new judicial rules governing sentencing standards for cyber attack crimes by the end of [...]
 
InfoSec News: Prankster broadcasts message to WSU students: http://news.cnet.com/8301-27080_3-20022460-245.html
By Elinor Mills InSecurity Complex CNet News November 10, 2010
Washington State University police are trying to find out who hijacked the school's computer system on Friday and broadcast on classroom video [...]
 
InfoSec News: Hacker attacks Royal Navy website: http://www.independent.co.uk/news/uk/politics/hacker-attacks-royal-navy-website-2128489.html
The Independent 8 November 2010
The Royal Navy Website has been taken offline after it was "compromised" by a hacker, the Ministry of Defence said today. [...]
 
Mozilla Firefox SeaMonkey and Thunderbird DLL Loading Arbitrary Code Execution Vulnerability
 
The market for microprocessors, the chips that act as calculating engines inside PCs, servers, laptops and other gadgets, slowed during the third quarter as consumer demand slackened, market researcher IDC said Thursday.
 

Posted by InfoSec News on Nov 10

http://news.cnet.com/8301-27080_3-20022460-245.html

By Elinor Mills
InSecurity Complex
CNet News
November 10, 2010

Washington State University police are trying to find out who hijacked
the school's computer system on Friday and broadcast on classroom video
screens throughout the day a bizarre rant by someone wearing a "V for
Vendetta" costume.

The hacker took over the large video screens in 34 classrooms in two
buildings on the...
 

Posted by InfoSec News on Nov 10

http://www.independent.co.uk/news/uk/politics/hacker-attacks-royal-navy-website-2128489.html

The Independent
8 November 2010

The Royal Navy Website has been taken offline after it was "compromised"
by a hacker, the Ministry of Defence said today.

A Navy spokesman said no "malicious damage" had been caused by the cyber
attack, which was now being investigated by security teams.

A hacker operating under the name TinKode...
 

Posted by InfoSec News on Nov 10

http://spectrum.ieee.org/tech-talk/at-work/tech-careers/whos-inside-the-new-us-cyber-command

By David Kushner
IEEE Spectrum
November 08, 2010

Last Wednesday, the Department of Defense finally announced that the
"U.S. Cyber Command has achieved full operational capability." The
Cyber Command will be "responsible for directing activities to operate
and defend DoD networks," the release stated.

While we've heard a lot...
 

Posted by InfoSec News on Nov 10

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, October 31, 2010

6 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported
data loss incidents world-wide. The Open Security Foundation asks for
contributions of new incidents and new data for...
 

Posted by InfoSec News on Nov 10

http://threatpost.com/en_us/blogs/nsa-our-development-methods-are-open-now-111010

By Dennis Fisher
threatpost
November 10, 2010

WASHINGTON -- Despite its reputation for secrecy and technical
expertise, the National Security Agency doesn't have a set of secret
coding practices or testing methods that magically make their
applications and systems bulletproof. In fact, one of the agency's top
technical experts said that virtually all of the...
 

Posted by InfoSec News on Nov 10

http://www.wired.com/threatlevel/2010/11/pianist-composer-bilked/

By Kim Zetter
Threat Level
Wired.com
November 9, 2010

A noted classical pianist, composer and Latin music producer found
himself drawn into an elaborate years-long extortion scheme that cost
him between $6 and $20 million after he brought his laptop into a
computer repairman to help rid it of a virus.

The alleged fraudsters, a computer repairman and his girlfriend in...
 

Posted by InfoSec News on Nov 10

Forwarded from: c7five <c7five (at) thotcon.org>

----------
*** BEGIN THOTCON TRANSMISSION

THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is
a small venue hacking conference based in Chicago IL, USA. This is a non-pr
ofit, non-commercial event looking to provide the best conference possible
on a very limited budget.

THOTCON 0x1 was held on Friday, April 23rd, 2010.

THOTCON 0x2 will be limited to 10 main talks and...
 

Posted by InfoSec News on Nov 10

http://news.xinhuanet.com/english2010/china/2010-11/10/c_13600869.htm

Editor: Mu Xuequan
English.news.cn
2010-11-10

BEIJING, Nov. 10 (Xinhua)-- China will issue new judicial rules
governing sentencing standards for cyber attack crimes by the end of
this year, an official of the Ministry of Public Security (MPS) told
Xinhua Wednesday.

China has become a major victim of online crimes such as hacker attacks,
with eight out of every ten...
 


Internet Storm Center Infocon Status