InfoSec News

QuickTime 7.6.7 is now available and address CVE-2010-1799.The update is available for Windows 7, Vista, XP SP2 or later. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. The update can be downloaded here.
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org
Comprehensive Packet Analysis en franais Qubec le 5 nov 2010 (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Hewlett-Packard's board of directors has been hit with a shareholder lawsuit alleging mismanagement and breach of fiduciary duties following last week's abrupt departure of Chairman and CEO Mark Hurd.
 
Problems with a recently installed ERP system have partly forced automotive wheel maker Superior Industries International to hold off filing its second-quarter results, according to a company statement and U.S. Securities & Exchange Commission filing.
 
Smartphones are on the verge of becoming more powerful, with chip makers readying dual-core chips that could accelerate multimedia and application performance on handheld devices.
 
HP definitely plans to be in the tablet business, but questions remain about whether it will create different hardware for each of the tablet operating systems it's expected to use.
 
Android was the top operating system in smartphone sales in the U.S. in the second quarter, with BlackBerry maker Research In Motion finishing second and Apple's iOS in third, a Gartner analyst said.
 
Five left-leaning groups that want the federal government to create formal network neutrality rules are organizing a rally Friday to protest a recent proposal by Google and Verizon Communications.
 
A firm that received a $200 million settlement from MIcrosoft in May filed similar patent infringement charges against Apple Wednesday, claiming that the iPhone and iPad illegally use its technology.
 
Voice commands on the Android platform were expanded beyond a simple Google search to allow new commands, such as sending a text message or an e-mail.
 
While LTE starts rolling out from major U.S. carriers in 2011, the WiMax Forum is hoping to have the so-called WiMax 2 standard up and ready to go by the start of 2012.
 
N.C. State University has signed up IBM to help its technology transfer office speed up the process of matching university research projects with potential investors and industry partners.
 
Details have emerged about Intel's upcoming Medfield chip platform for smartphones, which is due out in 2011 and will succeed the company's existing Moorestown platform, which was originally announced in May.
 
KenB backed up an Outlook Express folder to a flash drive. He asked the Web Browsing and Email forum how to recover the messages inside it.
 
In an emergency would you dial 911 or would you turn to Twitter and Facebook for help? You might be surprised by the results of a new Red Cross survey.
 
OK, so, from a commercial standpoint, the Power Mac G4 Cube flopped. But was it a flop from a design standpoint? After all, only five years after the Cube's release--and four years after it was ignominiously yanked from the product line--Apple unveiled the Mac mini. That desktop carried on some of the design philosophies of the Cube, becoming a well-respected success.
 
When it comes to love-it-or-hate-it products out of Cupertino, few offerings can match the Power Mac G4 Cube for getting people to choose sides. Even a decade after its debut--Steve Jobs unveiled the Cube at the July 2000 Macworld Expo in New York and the desktop shipped a month later--the Cube still stirs passionate debate between its detractors and defenders.
 
Google yesterday shifted Chrome 6 into beta, a move that puts the browser one step closer to a stable release.
 
The PCI Security Standards Council issued a high-level summary document reflecting nine proposed changes to the standard.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Payment Card Industry Data Security Standard - Security - Policy - Document Management - Services
 
A Microsoft security expert asserts that Windows 7 is every bit a secure as Unix and says Vista helped paved the way.
 
Twitter has launched its Tweet Button, whose goal is to simplify the sharing of Web links on Twitter both for Web publishers and for end users.
 
Premier Election Solutions has agreed to pay $470,000 in cash, as well as offer free equipment and discounts to settle a lawsuit over dropped votes in Ohio's 2008 primary elections.
 
India will ask service providers in the country to ensure that some BlackBerry services are made accessible to its law enforcement agencies by Aug. 31, or face a block of these services.
 
Samsung Epic 4G will debut Aug. 31 for $250 after rebate and with a Sprint Nextel two-year agreement, the carrier announced.
 
Facebook has implemented some changes to enhance the experience of browsing through photos, one of the most popular activities on the social networking site, to which people have uploaded tens of billions of images.
 
If your business manages personal information about health or finances, a security breach can cost millions. HITECH and other regulations not only apply fines, but they require disclosure and notification of those affected. In some cases, companies must pay for free credit reports too. These costs can range from $80 to $200 per compromised record. The problem for many companies is the sheer volume of information that can be compromised in a single breach. If you lose 5,000, 50,000 or 500,000 records, the math may mean bankruptcy. Fortunately, you can now get insurance to cover these risks.
 
The tools on the market have a long way to go, but progress is being made in this nascent market.
 
A shortage of CRM talent in the current economy? Who'd a thunk it.
 
German data protection officials are keeping close watch on Google as the company prepares to launch an online tool that lets people block images from appearing on its Street View photo mapping Web application.
 

IT security pros mentor each other for career growth
ComputerworldUK
Read more A programme started in March called InfoSec Mentors has already paired more than 100 mentors and mentees who share their expertise on technology ...

and more »
 

Explosion of data driving information security industry
Infosecurity Magazine
In ArcSight's Silicon Valley office, Rick Caccia, the infosec firm's vice president of product marketing, tells Infosecurity's editor, Eleanor Dallaway, ...

and more »
 
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft engineers have determined that a new Windows kernel zero-day vulnerability cannot be exploited remotely.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Microsoft - Windows - Zero day attack - Microsoft Windows - Windows XP
 
Microsoft engineers determined that a new Windows kernel zero-day vulnerability cannot be exploited remotely.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Microsoft - Windows - Zero day attack - Microsoft Windows - Windows XP
 
As worldwide smartphone sales grew by 50% during the second quarter, Android was the big winner, as it became the third largest operating system with sales passing 10 million units for the first time, according to research firm Gartner.
 
Minutes after Apple issued a security update, the maker of a 10-day-old jailbreak exploit released code that others could put to use hijacking iPhones, iPod Touches and iPads.
 
The Payment Card Industry Data Security Standard 2.0 will be out at the beginning of September. The standard governs how businesses must guard sensitive cardholder information on their networks.
 
Shanda Literature, one of China's largest online publishers, released a new e-reader called Bambook this week, making it available to a select number of customers.
 
Forget cyberattacks, natural disasters and hardware failures -- the biggest threat to your data center may well be human error.
 
The new BlackBerry doesn't try to be an iPhone, but does work better with touch
 
InfoWorld's networking primer walks you through the fundamentals, from the right switches to the right network monitoring techniques
 
Micron is now shipping its first enterprise-class SSD, the P300, which sports read/write speeds of up to 360MB/sec and 275MB/sec, respectively, and is rated to handle 1.9TB of data per day for five years.
 
The Open Compliance Program announced by the Linux Foundation on Tuesday is a response to the surging growth in the use of open-source technologies within enterprises, and by makers of consumer electronic and mobile devices, analysts say.
 
RIM's new BlackBerry Torch adds a variety of snazzy new smartphone features while remaining true to its heritage.
 
InfoSec News: RIM to hand over security codes to Saudis: http://www.v3.co.uk/v3/news/2267989/rim-hand-security-codes-saudi
By Dan Worth V3.co.uk 11 Aug 2010
RIM has agreed to provide authorities in Saudi Arabia with security codes that will enable them to read encrypted text messages on the BlackBerry Messenger service. [...]
 
InfoSec News: US government fails to secure its websites: http://www.theinquirer.net/inquirer/news/1727426/us-government-fails-secure-websites
By Lawrence Latif The Inquirer Aug 11 2010
GUARDIAN OF THE AMERICAN PEOPLE the Department of Homeland Security (DHS) is seemingly unable to set up a secure website correctly. [...]
 
InfoSec News: Alleged Carder ‘BadB’ Busted in France — Watch His Cartoon: http://www.wired.com/threatlevel/2010/08/badb/
By Kim Zetter Threat Level Wired.com August 11, 2010
An alleged old-timer in the international carding community and one of the top sellers of stolen bank card data has been arrested in France, and faces extradition to the United States on an indictment unsealed Wednesday in Washington, D.C.
Vladislav Anatolievich Horohorin, 27, aka BadB, holds dual-citizenship in Ukraine and Israel and was one of the earliest members of CarderPlanet, a first of its kind Russian-language carding forum that was launched around 2002 by a group of East Europeans. CarderPlanet was shuttered in 2004, and BadB had more recently been selling his stolen goods at carder.su and on his own websites, dumps.name and badb.biz, where he promoted his product in lighthearted Flash cartoons like the one above.
Authorities say the network created by Horohorin and other CarderPlanet veterans is linked to “nearly every major intrusion of financial information reported to the international law enforcement community.”
According to the indictment, Horohorin bragged online that he was one of the biggest sellers of “dumps” (account and other data stored on a bank card’s magnetic stripe) and had been a card seller for about eight years. Undercover agents from the U.S. Secret Service negotiated purchases of stolen data from him and worked with French authorities to arrest him.
[...]
 
InfoSec News: Record Patch Tuesday: Where to Begin: http://www.pcworld.com/businesscenter/article/203005/record_patch_tuesday_where_to_begin.html
By Tony Bradley PC World August 10, 2010
Microsoft unleashed a record number of security bulletins for a single month -- 14 security bulletins addressing 34 different vulnerabilities. [...]
 
InfoSec News: SMS-Based Trojan Targeting Android Smartphones: http://www.informationweek.com/news/hardware/handheld/showArticle.jhtml?articleID=226600359
By Eric Zeman InformationWeek August 10, 2010
According to Kapersky Lab, it has discovered the first known Trojan to be specifically targeted at Android smartphones. [...]
 

Posted by InfoSec News on Aug 12

http://www.v3.co.uk/v3/news/2267989/rim-hand-security-codes-saudi

By Dan Worth
V3.co.uk
11 Aug 2010

RIM has agreed to provide authorities in Saudi Arabia with security
codes that will enable them to read encrypted text messages on the
BlackBerry Messenger service.

A Reuters report cited an unnamed source present at the ongoing
discussions between RIM and the Saudi authorities as the basis for the
claims, which represent an about-face by...
 

Posted by InfoSec News on Aug 12

http://www.theinquirer.net/inquirer/news/1727426/us-government-fails-secure-websites

By Lawrence Latif
The Inquirer
Aug 11 2010

GUARDIAN OF THE AMERICAN PEOPLE the Department of Homeland Security
(DHS) is seemingly unable to set up a secure website correctly.

The website for the high profile cabinet department that is supposed to
protect the US from terrorists and has a reported budget of $52 billion
throws up errors when users try to...
 

Posted by InfoSec News on Aug 12

http://www.wired.com/threatlevel/2010/08/badb/

By Kim Zetter
Threat Level
Wired.com
August 11, 2010

An alleged old-timer in the international carding community and one of
the top sellers of stolen bank card data has been arrested in France,
and faces extradition to the United States on an indictment unsealed
Wednesday in Washington, D.C.

Vladislav Anatolievich Horohorin, 27, aka BadB, holds dual-citizenship
in Ukraine and Israel and was...
 

Posted by InfoSec News on Aug 12

http://www.pcworld.com/businesscenter/article/203005/record_patch_tuesday_where_to_begin.html

By Tony Bradley
PC World
August 10, 2010

Microsoft unleashed a record number of security bulletins for a single
month -- 14 security bulletins addressing 34 different vulnerabilities.
IT admins need to understand the risks and prioritize the patches to
ensure they aren't overwhelmed by the sheer volume of the patch
avalanche.

Microsoft outlined in...
 

Posted by InfoSec News on Aug 12

http://www.informationweek.com/news/hardware/handheld/showArticle.jhtml?articleID=226600359

By Eric Zeman
InformationWeek
August 10, 2010

According to Kapersky Lab, it has discovered the first known Trojan to
be specifically targeted at Android smartphones. Kapersky classifies the
"malicious program" as a Trojan-SMS, which attacks users where it hurts
the most: their wallet.

The Trojan disguises itself as a media player...
 
Cisco Systems revenue and profit both grew significantly in the company's fiscal fourth quarter that ended in July, the company announced on Wednesday.
 
Facebook is scrambling to fix a bug in its Website that could be misused by spammers to harvest user names and photographs.
 

Internet Storm Center Infocon Status