InfoSec News

The U.S. is building two 20-petaflop supercomputers, many times more powerful than anything operating today, including Chinas new supercomputer, the Tianhe-1A, which is expected to be officially crowned next week as the worlds fastest system.
 
Apple Mac OS X CoreText (CVE-2010-1837) Memory Corruption Vulnerability
 
We have received serveral reports indicating that www.register.com is experience DNS issues.They posted on their site:We are currently experiencing technical difficulties on our hosting platform. We are actively working to resolve these issues and restore service to normal as soon as possible. [1]
[1] http://www.register.com
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet companies are engaged in an escalating landgrab of world-war proportions, involved in vicious battles over many fronts, and the outcomes will have far-reaching consequences for years to come.
 
Cloud computing is a lot like the weather: Everybody talks about it, but nobody does anything about it. Just 9.3% of companies say they'll be using platform or infrastructure as a service (P/IaaS) offerings by the end of the year. And a paltry 4.5% have definite plans to use cloud services in 2011 or 2012.
 
The Oracle-SAP trial ended its second week with some tense exchanges over how much SAP should pay in damages for the software theft committed by its TomorrowNow subsidiary.
 
Apple Mac OS X CFNetwork (CVE-2010-1834) Security Vulnerability
 
Apple AppKit String Containing Bidirectional Text Buffer Overflow Vulnerability
 
Linux Kernel Block Layer Local Denial of Service Vulnerabilities
 
Apple Mac OS X AFP Server Directory Traversal Vulnerability
 
Apple Mac OS X AFP Server NULL Pointer Dereference Denial of Service Vulnerability
 
News reports suggesting U.S. President Barack Obama's administration is planning to appoint a new privacy watchdog and push for new privacy laws met with mixed reaction Friday, with some critics questioning whether new laws are needed.
 
We used to go weeks -- months even -- with no news about Java, but that seems to be changing since Oracle bought Sun Microsystems and took over licensing control of the language, which sparked heat this week from the Apache Software Foundation. Oracle also brought star-power to the witness stand this week as CEO Larry Ellison testified in its intellectual-property theft case against SAP.
 
KaiBB 'staff/index.php' SQL Injection and HTML Injection Vulnerabilities
 
The path to a promised affordable mobile service that will span the farthest reaches of North America begins late Sunday night on the steppes of Kazakhstan.
 
Apple Mac OS X Printing NULL Pointer Dereference Denial of Service Vulnerability
 
[ MDVSA-2010:231 ] poppler
 
[ MDVSA-2010:230 ] poppler
 

GovInfoSecurity.com

Davis: No Lame-Duck Vote on Infosec
GovInfoSecurity.com
Tom Davis, the last Republican to chair the House committee with primary cybersecurity oversight, says he doesn't expect any quick action on significant IT ...

 
The former college student who guessed his way into Sarah Palin's Yahoo e-mail account during the 2008 U.S. presidential election was sentenced to a year and a day in prison Friday, according to published reports.
 
Hey Facebook fans, rumor has it you may be getting e-mail addresses ending with "@facebook.com" as early as Monday. It's a thought that likely has privacy advocates cringing as even more user data would fall under the control of the world's largest social network.
 
LANDesk Management Gateway 'DRIVES' Parameter Remote Command Execution Vulnerability
 
It's time to start your Software Update engines, as Apple on Friday released iTunes 10.1.
 
The former college student who guessed his way into Sarah Palin's Yahoo e-mail account during the 2008 U.S. presidential election was sentenced to a year and a day in prison Friday, according to published reports.
 
Re: D-Link DIR-300 authentication bypass
 
[ MDVSA-2010:227 ] proftpd
 
Adobe Flash Player and AIR Image Processing Use After Free Remote Code Execution Vulnerability
 
Apple QuickTime Sorenson 3 Encoded Movie File Memory Corruption Vulnerability
 
For those of you who are fans of the various challenges, the Honeynet Project has released challenge 6 in their 2010 forensics series.
PDF format is the de-facto standard in exchanging documents online. Such popularity, however, has also attracted cyber criminals in spreading malware to unsuspecting users. The ability to generate malicious pdf files to distribute malware is functionality that has been built into many exploit kits. As users are less cautious opening PDF files, the malicious PDF file has become quite a successful attack vector. [1]
[1] http://honeynet.org/challenges/2010_6_malicious_pdf
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The Obama administration is reportedly considering plans to step up policing of Internet privacy issues and to establish a new position to direct the effort.
 
[ MDVSA-2010:229 ] kdegraphics
 
[ MDVSA-2010:228 ] xpdf
 
[USN-1017-1] MySQL vulnerabilities
 
Secunia Research: QuickTime Sorenson Video 3 Array-Indexing Vulnerability
 
Do you still go to Twitter.com every time you want to tweet something? That, my friends, is one colossal waste of time (not to mention a hassle).
 
Apple QuickTime JP2 Image Uninitialized Memory Remote Code Execution Vulnerability
 
Emerging business analytics needs are exposing limitations in traditional database management technologies and fueling the growth of highly specialized analytics platforms, according to a report by two leading industry analysts.
 
Apple said Friday it would join Oracle's OpenJDK and contribute "most of the key components, tools and technology required for a Java SE 7 implementation on Mac OS X."
 
The European Union is giving $21.4 million for a research project that will explore new technologies around cloud computing, including data mobility and secure access control.
 
AT&T Mobility notified its subscribers that they might be entitled to benefits from a proposed class-action settlement over alleged improper charging of Internet taxes.
 

Systems Architect - Bristol
The Engineer
... CIS components and transversal issues, particularly Information Assurance and Accreditation as defined by Her Majesty`s Government Infosec Standards. ...

 
Microsoft doesn't want to admit it, but a Gartner analyst says the vendor's decision to offer Windows Server instances in the Azure cloud is opening a new competitive front against partner hosting companies.
 
If you want to develop smartphone applications, you should first figure out how you're going to get paid. We look into the market for mobile apps.
 
Japan's NEC has developed an Android-based tablet computer and will begin shipping it in Japan this month.
 
A group of cloud providers blamed traditional hardware and software companies for their role in discouraging cloud adoption, pointing fingers at Oracle's Mark Hurd, who spoke earlier at the FireGlobal conference in Seattle.
 
Later this month, the high-brow Christie's auction house will try to get $242,400 for an aged Apple computer.
 
InfoSec News: Pan-Euro cyber security exercise 'too focused' on DDoS: http://www.theregister.co.uk/2010/11/11/cyber_europe_cyberwar_exercise/
By John Leyden The Register 11th November 2010
Organisers are hailing the first pan-European cyber security exercise as a successful ’cyber stress test’ of key internet infrastructure systems. [...]
 
InfoSec News: Searching For News Is Riskier Than Searching For Porn, Study Says: http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=228200790
By Tim Wilson DarkReading Nov 11, 2010
Which search is more likely to yield malware: a child's research for a school current events project or a male's search for nude photos of Paris Hilton? [...]
 
InfoSec News: Secunia Weekly Summary - Issue: 2010-45: ========================================================================
The Secunia Weekly Advisory Summary 2010-11-04 - 2010-11-11
This week: 81 advisories [...]
 
InfoSec News: Defense Committee Staffers' E-mails Hacked: http://english.chosun.com/site/data/html_dir/2010/11/12/2010111200414.html
The Chosunilbo November 12, 2010
The National Intelligence Service is investigating hacker attacks on the e-mail accounts of an assistant to Grand National Party Rep. Won Yoo-chul, who chairs the National Assembly Defense Committee, and a Democratic Party staffer of the committee. The NIS believes the attacks were launched by China-based North Korean hackers.
According to a committee staffer, the NIS has told National Assembly offices it is keeping close watch on some IP addresses in China since recent hacker attacks were carried out through one of them which is on a blacklist.
The NIS is investigating whether the hacked e-mails contained any national secrets. In the run-up to the G20 Seoul Summit there have been a series of attacks by North Korean hackers on computers of South Korean officials, including a Cheong Wa Dae staffer, an intelligence officer said.
[...]
 
InfoSec News: [HITB-Announce] HITB Magazine #5 Call for Articles: Forwarded from: Hafez Kamal <aphesz (at) hackinthebox.org>
Good Day!
As you already know, we have released 4 issues in 2010 and gained a lot of experiences working on them. For 2011, we have some great plans for our readers. Our main focus for next year is to publish more high [...]
 
InfoSec News: NATO clause V could deter cyberattack, says defence minister: http://news.techworld.com/security/3248209/nato-clause-v-could-deter-cyberattack-says-defence-minister/
By John E Dunn Techworld 10 November 10
Cyberattacks should be subject to the same laws, treaties and international conventions as in the physical world, UK defence minister [...]
 
InfoSec News: Did Malware Take the Banks Down?: http://www.bankinfosecurity.com/podcasts.php?podcastID=837
By Tracy Kitten Managing Editor Bank Info Security November 10, 2010
Malware is likely to blame for the so-called "computer glitch" that over the weekend took down a handful of the country's largest banks' ATMs and online banking sites. [...]
 
InfoSec News: Get hacked and spill the beans, anonymously: http://news.cnet.com/8301-27080_3-20022451-245.html
By Elinor Mills InSecurity Complex CNet News November 11, 2010
A new Web site could help turn security breach guesswork into science.
Database breaches, social engineering attacks, and hacking incidents [...]
 
Mono 'loader.c' Library Loading Local Privilege Escalation Vulnerability
 
ASPilot Pilot Cart Multiple Vulnerabilities
 
Visual MP3 Splitter & Joiner Multiple Buffer Overflow Vulnerabilities
 
Adersoft VbsEdit '.vbs' File Denial Of Service Vulnerability
 

Posted by InfoSec News on Nov 12

Forwarded from: Hafez Kamal <aphesz (at) hackinthebox.org>

Good Day!

As you already know, we have released 4 issues in 2010 and gained a lot
of experiences working on them. For 2011, we have some great plans for
our readers. Our main focus for next year is to publish more high
quality articles and for that reason, we are now announcing a Call for
Articles. =)

TOPICS

Topics of interest include, but are not limited to the following:...
 

Posted by InfoSec News on Nov 12

http://news.techworld.com/security/3248209/nato-clause-v-could-deter-cyberattack-says-defence-minister/

By John E Dunn
Techworld
10 November 10

Cyberattacks should be subject to the same laws, treaties and
international conventions as in the physical world, UK defence minister
Nick Harvey has said in a Chatham House speech which laid down an
important new marker in government attitudes.

Harvey’s speech sounds a warning that as far as the...
 

Posted by InfoSec News on Nov 12

http://www.bankinfosecurity.com/podcasts.php?podcastID=837

By Tracy Kitten
Managing Editor
Bank Info Security
November 10, 2010

Malware is likely to blame for the so-called "computer glitch" that over
the weekend took down a handful of the country's largest banks' ATMs and
online banking sites.

The nation's three largest banks and a handful of others were derailed
over the weekend when their ATM and online banking channels were...
 

Posted by InfoSec News on Nov 12

http://news.cnet.com/8301-27080_3-20022451-245.html

By Elinor Mills
InSecurity Complex
CNet News
November 11, 2010

A new Web site could help turn security breach guesswork into science.

Database breaches, social engineering attacks, and hacking incidents
happen at companies every day, but very few end up being reported
publicly. That's because organizations fear--and rightly so--damage to
their reputation, public humiliation, and loss of...
 

Posted by InfoSec News on Nov 12

http://www.theregister.co.uk/2010/11/11/cyber_europe_cyberwar_exercise/

By John Leyden
The Register
11th November 2010

Organisers are hailing the first pan-European cyber security exercise as
a successful ’cyber stress test’ of key internet infrastructure systems.

Cyber Europe 2010 brought together 150 information experts from 70
public bodies in 22 countries around Europe on 4 November to run an
exercise in involving 320 simulated...
 

Posted by InfoSec News on Nov 12

http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=228200790

By Tim Wilson
DarkReading
Nov 11, 2010

Which search is more likely to yield malware: a child's research for a
school current events project or a male's search for nude photos of
Paris Hilton? The answer may surprise you.

According to the newly-published Websense 2010 Threat Report, a Web
search that seeks breaking trends and current news may lead to poisoned...
 

Posted by InfoSec News on Nov 12

========================================================================

The Secunia Weekly Advisory Summary
2010-11-04 - 2010-11-11

This week: 81 advisories

========================================================================
Table of Contents:

1.....................................................Word From...
 

Posted by InfoSec News on Nov 12

http://english.chosun.com/site/data/html_dir/2010/11/12/2010111200414.html

The Chosunilbo
November 12, 2010

The National Intelligence Service is investigating hacker attacks on the
e-mail accounts of an assistant to Grand National Party Rep. Won
Yoo-chul, who chairs the National Assembly Defense Committee, and a
Democratic Party staffer of the committee. The NIS believes the attacks
were launched by China-based North Korean hackers....
 
Banshee 'LD_LIBRARY_PATH' Multiple Local Privilege Escalation Vulnerabilities
 
Linux Kernel 'l2tp_ip_sendmsg()' and 'pppol2tp_sendmsg()' Denial of Service Vulnerability
 
IBM said today that it will lead a research effort with 15 European partners to develop an object-based cloud storage architecture, which it said will improve global delivery data and storage services across.
 


Internet Storm Center Infocon Status