InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Steven Sinofsky leaves Redmond weeks after Windows 8's launch, but the Metro UI chief takes his place
Steven Sinofsky, the executive in charge of Microsoft's Windows 8 operating system and the driving force behind its new OS, is leaving the company, Microsoft announced late Monday.
Microsoft and Motorola Mobility will face off in court on Tuesday for the start of a patent trial that could help establish how royalty rates are calculated for standards-essential patents.
As the rhetoric heats up over cyberwar -- including warnings that attacks on the U.S. are imminent and alarms that the U.S. has escalated the risk via malware attacks on Iran's nuclear program -- the rules of engagement are missing in action.
Anyone who finds it hard to believe that the average U.S. mobile subscriber sent 696 text messages per month in the second quarter of this year may be relieved to know that this figure fell to 678 per month in the third quarter.
Microsoft will shine the spotlight this week on SharePoint's new 2013 version at a conference devoted to the popular collaboration server, but recently-acquired Yammer may grab substantial attention.
Anti-virus pioneer John McAfee is reportedly wanted for murder in Belize after allegedly gunning down a U.S. citizen in San Pedro Town on Sunday.
Web users and people shopping online during the upcoming holiday season should watch out for a new crop of scams, some of them targeting users of mobile devices, cybersecurity vendor McAfee warned.

Consumer tablets and smartphones in BYOD to double
Being proactive is key for securing mobile devices in a BYOD program, as InfoSec Island said the first two steps a company must take is to encrypt all data that will be moving between devices, and for the company to always have a plan for what to do ...

Acer has started shipping the C7 Chromebook netbook starting at US$199 with Google's Chrome OS and Intel's Celeron processor.
Everspin said it was shipping samples of the industry's the first Spin-Torque Magnetoresistive RAM (ST-MRAM), a new type of non-volatile, high performance and ultra-low latency memory.
With SaaS (software as a service) having become a preferred deployment model for new software purchases, customers should be entitled to a clear-cut set of rights and expectations from vendors, a report from analyst firm Constellation Research argues.
Apple today revised the backorder status of the iPhone 5, saying that new orders would ship in '2-3 weeks,' a week less than the earlier '3-4 weeks' that had plagued the smartphone for almost two months.
EMC CEO Joe Tucci on Monday called for CEOs to put pressure on U.S. politicians to strike a budget deal, saying that the direction of the domestic and global economy depends on it.
The recent cyberattack that infected Israeli police computers with malware was likely part of a year-long cyberespionage operation with targets in Israel and the Palestinian territories, according to security researchers from antivirus vendor Norman.
Microsoft will release a preview of Internet Explorer 10 for Windows 7 on Tuesday, according to a report from a Chinese website, citing the company's head of IE marketing.
FFmpeg Multiple Unspecified Vulnerabilities
VLC Media Player 'SHAddToRecentDocs()' Function Denial of Service Vulnerability
Zoner Photo Studio Stack Buffer Overflow Vulnerability

Last week, my wife got an automated call from a bank with only a local presence that her debit card was deactivated. The call went to her cell phone. She wasnt a customer of that bank so it was easy for her to discard the call (I am a customer with my commercial accounts). It seems they simply wardialed every phone number with the right area code and three digit exchange in the area of that bank.

Looking to correlate data, the attack isnt new or particularly novel, but curious if it has been seen this month in other areas of the United States. Please drop a line with some details if so.

It goes without saying, if someone calls you asking for personal information, ask for a call back number and/or tell them you will call the customer service number in the phone book.



John Bambenek

bambenek \at\ gmail /dot/ com

Bambenek Consulting
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
BananaDance Wiki b2.2 - Multiple Web Vulnerabilities
Microsoft will shine the spotlight this week on SharePoint's new 2013 version at a conference devoted to the popular collaboration server, but recently-acquired Yammer may grab substantial attention.
Study from vulnerability management firm Positive Technologies Security contends that 39% of systems in the U.S. and Europe are vulnerable to attack.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
[SECURITY] [DSA 2573-1] radsecproxy security update
Research In Motion today set Jan. 30 for the launch of BlackBerry 10, when it will also unveil its first two smartphones on the OS.
If you don't know, you need a better connection to your company's risk managers, who measure risk by what can be insured and what it costs to do so. While the measurement of operational risks is still a bit of a puzzle for CSOs, risk managers have used TCOR for ages.
Deploying the enterprise mode of Wi-Fi Protected Access (WPA2) with 802.1X authentication provides great Wi-Fi security, but complicates the client configuration and connection process. In bring-your-own-device (BYOD) environments, this can cause user frustration and a spike in help desk calls. The solution is to deploy an automated configuration process so users can easily connect their devices without invention from IT staff.
If you value your data--whether it's some perfect photos you took last weekend, your entire music collection on iTunes, or your draft of the next great American novel--you must stay on top of regular system backup. One of the easiest ways of doing so is to use OS X's built-in backup program, Time Machine. Time Machine works with your Mac and an external drive to save important documents, photos, and system files regularly. Apart from keeping spares of every file, Time Machine maintains a record of how your system looked on any given day, so you can easily put everything back the way it was if something goes wrong.
Oracle Java SE CVE-2012-1720 Remote Java Runtime Environment Vulnerability
The U.S. Department of Energy Oak Ridge National Laboratory's newly installed Titan system, a Cray XK7, has been anointed as the world's fastest supercomputer in the newly released 40th edition of the Top500 compilation of the world's fastest supercomputers.
Research In Motion will launch BlackBerry 10 and the two first smartphones based on the operating system on Jan. 30, the company said on Monday.
Swedish authorities now suspects Pirate Bay co-founder Gottfrid Svartholm Warg of serious fraud and another data intrusion in addition to the alleged hacking of IT company Logica that led to his arrest, public prosecutor Henrik Olin said Monday.
Ruby 1.9.3 patch level 327 has been released to correct a problem that could be exploited by an attacker to cause a denial-of-service. The recent 2.0.0 preview release is also vulnerable

Tech writer Brian Nadel lasted 10 days without municipal power in the wake of superstorm Sandy. Here's how he kept heat, lights and computers going and what he'll do differently next time.
cgit 'syntax-highlighting.sh' Remote Command Injection Vulnerability
Intel hopes to deliver performance and power-efficiency breakthroughs to servers with the new Xeon Phi family of processors, the first model of which is now shipping to customers, the company said on Monday.
Nvidia and Advanced Micro Devices on Monday announced high-performance graphics chips for supercomputers.
The same day it won a $368 million verdict in a patent infringement case against Apple, VirnetX filed a new lawsuit, alleging that the iPad Mini and iPhone 5 violate the same patents, according to court documents.
Analysts say HTC still faces an uphill battle to rebuild its smartphone business amid heated competition, despite reaching a deal with Apple to settle their patent disputes.
Microsoft will probably tie Office apps for the iPhone and iPad to its Office 365 'rental' subscription plans to prevent the mobile apps from cannibalizing sales and to skirt the 'Apple tax,' analysts said today.
It has been a rough stretch for Itanium. HP and its customers were startled after Oracle abruptly announced its intent to discontinue software development on HP's Itanium servers. But neither HP nor Intel has backed away from Itanium, and last week's announcements appear to affirm that.
The Centers for Medicare & Medicaid Services has dispensed more than $7.7B in reimbursement payments to physicians and hospitals deploying electronic health records.
Are you doing too much typing in your daily Linux work? Find it difficult to remember complex commands? You'll want to use Linux aliases. Find out how they work and see some useful examples.

Posted by InfoSec News on Nov 11


By Thor Olavsrud
November 08, 2012

Big data promises to help organizations better understand their
businesses, their customers and their environments to a degree that you
could previously have only imagined.

The potential is enormous—as businesses transform into data-driven
machines, the data held by your enterprise is likely to become the key
to your competitive...

Posted by InfoSec News on Nov 11


Dark Reading
Nov 09, 2012

A distributed system of monitoring groups of computers using the same
operating-system configuration can detect the changes wrought by
rootkits following infection, a group of security researchers from the
University of California at Santa Barbara reported in a recent...

Posted by InfoSec News on Nov 11


By Jeremy Kirk
IDG News Service
November 11, 2012

The U.N.'s civil aviation body will recommend creating a cybersecurity
task force at a meeting next week in Canada, as new technologies
introduced into aviation systems are increasing the risk of

The International Civil Aviation Organization (ICAO) said a task force
is needed due...

Posted by InfoSec News on Nov 11


By Iain Thomson in San Francisco
The Register
9th November 2012

Updated -- Cisco appears to be rather annoyed that one of its staff has
been leaking memos to the press, and its vice president of global labs
(and former CIA operative) Michael Quinn has sent a chilling email to
staff warning he will hunt down the culprit.

"The person or persons whom felt it was cool or correct to...

Posted by InfoSec News on Nov 11


By Karen Friar
November 11, 2012

A hacker has posted purported data on more than 600 Amazon UK customers
online, but the retailer has said the information does not come from
their systems.

The data, posted on Saturday to Pastebin, was presented by a hacker
named Darwinaire as proof that he or she broke into the online
retailer's systems....
Internet Storm Center Infocon Status