InfoSec News

From open printer ports to sloppy Web code, here are some leaks you should deal with ASAP -- and suggestions for how to do so.
Taiwanese smartphone maker HTC joined a number of rivals in launching new handsets with Microsoft's new Windows Phone 7 OS on Monday, a feat HTC's CEO says came together very fast.
Research In Motion (RIM) will likely gain more time to run its BlackBerry service in India as it negotiates with the government on giving access to data on its networks to law enforcement agencies.

Learning from stux, and connecting more dots in infosec
SYS-CON Media (press release) (blog)
So everyone has been fully focused on Stuxnet – trying to figure out (again) what 0-days were involved, how were networks crossed, which command-and-control ...

Symantec today announced the latest version of its storage management software, Veritas Operations Manager 3.1 and Storage Foundation High Availability 5.1, which allow admins to automatically allocate tiers of storage for applications based on the importance of data.
Microsoft does not have immediate plans to port the Windows Phone 7 mobile OS to tablets, a company official said on Monday.
Is this year turning out to be even worse for getting hacked than last year? That's what a survey of 350 IT and network professionals indicate, with large companies in particular reporting this to be worse than last in terms of suffering at least one network intrusion of their user machines, office network or servers.
-- Rick Wanner - rwanner at isc dot sans dot org - - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Infosec Evolution Mimics Immune System
Having their various components interact with each other, Schneck says, the evolving infosec tools are having intelligence built in to recognize abnormal ...

and more »
In a landmark moment for Microsoft, Microsoft CEO Steve Ballmer launched Windows Phone 7 on Monday and announced nine new phones and partnerships with wireless carriers.
The company best known for its search engine announced this past weekend that its engineers are working on developing technology for cars that can drive themselves.
The rivals have pledged to cooperate on OpenJDK for open source Java and to enhance the Java Community Process.
(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Microsoft and AT&T introduced three new WP7 smartphones today. Samsung's Focus seems to show the most promise.
Think you and your friends are well connected digitally? If you're in the United States, you might want to think again.
Take a tour of the hardware and software of five Windows Phone 7 models to be released in the U.S. this November.
Take a tour of the hardware and software of five Windows Phone 7 models to be released in the U.S. this November.
Some third-party developers have been unhappy with Microsoft for complicating the ways they can port apps from Windows Mobile to the new Windows Phone 7. But not Fandango.
Nokia has started shipping the C7, its second smartphone based on the Symbian 3 operating system, it said Monday.
Full coverage of Microsoft's new Windows Phone 7 mobile operating system and devices, from Computerword, the IDG News Service and our sister publications.
Database security is rife with pitfalls, according to 430 Oracle database administrators surveyed by the Independent Oracle Users Group.
Hewlett-Packard intends to trim 1,300 jobs in the U.K. as part of a "hell-bent" effort to "butcher" the country's high-tech work force, union officials said Monday.
Welcome to Day 11 of Cyber Security Awareness Month. Today we would like your advice on protecting your teens' browsing experience.

As a parent of a teen and a tween, this is a topic I have had to become opinionated about and have presented to parent groups on occasion. While there is certainly a lot of overlap with the risks to pre-teens, the increased autonomy of teens can amplify the risks.

What sort of things are teens interested in on the Internet:

Websites and searches about their idols
Virtual worlds
Instant messaging
Social networking
File-sharing and peer-to-peer Applications

and the risks they can encounter:

Objectionable Content
Career limiting moves - what gets posted on the Internet stays on the Internet

In my opinion the last of these, career limiting moves, is by far the biggest risk to the long term success of your teen. This is the concept that what gets posted on the Internet stays on the Internet, and in a competitive career environment increasingly companies are using publicly available information available through social networking sites to aid in hiring decisions. Questionable activities posted on social networking sites could have an impact on your teen's ability to get that dream job many years down the road.

If you have been following the previous days of the ISC's CSAM you are already aware of the wide range of technical, and non-technical controls that are available to you to help protect your family. I would argue that the most useful control is education, both for you and your teen.
With teens come at least a bit of rebellion. If your home defenses prevent your teen from accessing something they want to access they will find someplace where they can access it, most likely a friends place or a library. You can only protect them so much, so you need to provide them with the knowledge to understand the risks and hopefully protect themselves. For that reason the biggest defense you have is education. You need to educate yourself on what your teen is interested in and educate your teen so they can understand the risks and warning signs of trouble.
In order to be educated yourself you need to:

start now. The gap between what you know and what your teen knows is already huge and it is not going to get any smaller.
communicate with your teen and become familiar with what your teen is interested on the Internet.
join the sites, including social networking sites that your teen frequents.
become your child's friend on these sites.
be aware of who your teen has friended on these sites.
talk to your teen about what information they should and shouldn't reveal.

Something else to remember is that with the increasing availability of apps for mobile devices, their Internet experience may not be limited to the family computer.
Now that I have rambled on, it is your turn to tell our readers, what techniques, technical or non-technical you use to help protect your teens on the Internet.
As usual your advise is welcome through our comment tool below or through the contact page.

-- Rick Wanner - rwanner at isc dot sans dot org - - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Microsoft announced the Windows Phone 7 OS for handheld devices today, taking a step forward in the company's efforts to strengthen its position in the still-growing smartphone market. CEO Steve Ballmer unveiled the first phones to run the OS, and named the network operators that will distribute them.
Taiwanese smartphone maker HTC will soon launch the HTC HD7, a handset with a 4.3-inch touchscreen that uses Microsoft's new Windows Phone 7 operating system.
Two years ago, HTC delivered the first smartphone to use Google's Android mobile phone software, the G1. On Monday, the Taiwanese company unveiled five smartphones with Microsoft's new Windows Phone 7 operating system and these phones will be available in North America, Europe and the Asia-Pacific by late October.
Samsung Electronics became the second mobile phone maker after rival LG Electronics to leak a new Windows Phone 7 smartphone, the Omia 7, model GT-I8700.
LG has announced its first cell phone based on Windows Phone 7, Microsoft's new handset operating system.
India plans to develop a new computer operating system, with an eye to enhancing the security of its computer systems, a government spokesman said on Monday.

Internet Storm Center Infocon Status