InfoSec News

A hacker using the handle @Codeinesec has hacked the NOAA Weather website and now dumped a heap of server related information that lists some of the clients that use the services.

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
As promised @AnonOpsRomania has leaked some data that expose's at least one spy so far and they have made further threats to leak the rest if needed. The rest of the data is said to contain a confirmed 600 spy details and a further couple thousand that have been put on relief.



Obama Budget Promises Stronger Infosec
By Eric Chabrow, February 13, 2012. Credit Eligible President Obama's budget - his election-year plan on how he would spend federal dollars in the fiscal year that begins Oct. 1 - calls for the strengthening of government cybersecurity while reducing ...

and more »
How important is driving cross industry collaboration to enhance logical and cyber security? The Enterprise Cyber Security & Information Assurance Summit is the only meeting uniting senior level representatives from all critical infrastructures facing the same cyber security challenges.

Anonymous hackers have taken a huge step in there fight against governments and they have now started on the chinese government with at least one site so far being hacked and having thousands of accounts leaked.

The decision to migrate company information-technology functions to the cloud or elsewhere is usually broken down as a set of specific cost-benefit calculations. However complicated the weighing of the startup savings and the longer-term returns involved in outsourcing IT, it at least appears to be a rational process.
Calling a thin client a device for power users may seem like an oxymoron, but Hewlett-Packard is giving it a try.
Attackers are finding an easy way into corporate networks often by targeting remote management weaknesses. Poorly configured software can lead to a data security breach.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
The U.S. Department of Justice has approved Google's acquisition of mobile-phone and tablet maker Motorola Mobility for about US$12.5 billion, following the European Commission's approval earlier in the day.
GNU glibc Timezone Parsing Remote Integer Overflow Vulnerability
IBM reversed course on networking in 2010 when it acquired Blade Network Technologies, one of its key network suppliers. Network World Editor in Chief John Dix and Managing Editor Jim Duffy recently caught up with Vikram Mehta, founder of BNT and now vice president of IBM System Networking, for an update on IBM's network visions going forward.
OverlayFS inode Security Checks 'inode.c' Local Security Bypass Vulnerability
U.S. President Barack Obama will request a 2013 federal IT budget of $78.9 billion, a decrease of 0.7% from the government's 2012 budget.
Citrix is shipping a new version of its cloud management software CloudStack that makes it simpler for service providers and large businesses to manage and provision cloud services.
Google announced Sunday that it would add functionality to the YouTube experience on Google TV, including complete channel pages and the ability to browse by channel.
A massive Oracle ERP software project being conducted by the U.S. Air Force continues to experience difficulties, with the defense agency deciding to toss out some completed work as part of a restructuring plan that will be announced soon.
Hewlett-Packard on Monday introduced Gen8, its next generation of servers, which integrate new technologies designed to cut overall maintenance and power costs in data centers while maintaining high server uptimes.
Hewlett-Packard's new x86 server line generation, announced Monday, aims to wring out as much management overhead as possible through automation and improved energy management.
Oracle MySQL CVE-2012-0118 Remote MySQL Server Vulnerability
Oracle MySQL Server CVE-2012-0117 Remote MySQL Server Vulnerability
Hard disk drive supplies will continue to languish due to last year's floods in Thailand and prices will continue to remain high through 2014, according to two different research firms.
With a wireless streaming music device reportedly in the works, Google is working on getting deeper into the home entertainment arena, according to reports.
Mozilla plans to build a 'proof-of-concept' version of Firefox for Windows 8's Metro touch-first interface next quarter, then follow that with more functional editions later in the year.
Oracle MySQL Server CVE-2012-0114 Local Security Vulnerability
Oracle MySQL Server CVE-2012-0112 Remote MySQL Server Vulnerability
Oracle MySQL Server CVE-2012-0490 Remote Security Vulnerability
[SECURITY] [DSA 2408-1] php5 security update
European regulators have given Google the green light to take over Motorola, but concerns linger over how neutral Google will be in licensing its newly acquired patents.
[Editor's note: This article is part of our series of articles on installing and upgrading to Lion.]
Google said it has temporarily disabled the provisioning of its prepaid Google Wallet cards used in some NFC-ready phones.
Apple today said that auditors from a labor rights group have begun inspections at Chinese factories that manufacture its iPad and iPhone.
We need to recapture our focus if we are going to solve the complex problems ahead of us.
Valve has informed users of its Steam online game distribution platform that hackers have probably downloaded encrypted credit card transaction data from a backup database during an intrusion last year.
Mozilla Firefox/Thunderbird/SeaMonkey 'ReadPrototypeBindings()' Memory Corruption Vulnerability
[ MDVSA-2012:018 ] mozilla-thunderbird
[ MDVSA-2012:017 ] firefox

Should we be focusing on vulnerabilities or exploits?
ZDNet (blog)
Which is, incidentally, not only a case with infosec, but the way things work wherever reality is elusive. Let's think about that for a while. Where does the difference between perception and reality come from? As already noted, reality is elusive in ...

Google said it has temporarily disabled the provisioning of its prepaid Google Wallet cards used in some NFC-ready phones.
Freelance writer Susan Perschke recently sat down with Cisco Vice President and Chief Security Officer John N. Stewart for an in-depth discussion of the state of enterprise security. Insider (registration required)
Nimbula is hoping to better serve enterprises with version 2.0 of its operating system, which adds compatibility with VMware's hypervisor and other new features. "
sqlinjection bug in nova cms
[Suspected Spam] eFront Community++ v3.6.10 - SQL Injection Vulnerability
Yahoo! Messenger v11.5 - Buffer Overflow Vulnerability

RSA® Conference 2012 Analyst Teleconference to Address Leading Information ...
In addition to a trend discussion, the analysts will preview the below sessions: -- Pete Lindstrom, Spire Security – “Where Will InfoSec Be in 2020?” -- Andrew Hay, 451 Research – “Mobile Device Security: Is the Enterprise Up for the Challenge?
RSA(R) Conference 2012 Analyst Teleconference to Address Leading Information ...MarketWatch (press release)

all 7 news articles »
Apple has asked a federal court in California for an order enjoining Motorola Mobility from suing the company in other courts for patent infringement in connection with its use of chips from Qualcomm in its products.
Distribution Management Inc. bought F5's Big-IP Gateway to handle WAN optimization, but it turns out the platform solved a string of problems that cropped up when the company deployed VMware virtual desktop infrastructure, too.
Samsung Electronics has launched the Galaxy Tab 2 (7.0), the first of its tablets to ship with Android 4.0 and its own Touchwiz user interface, the company said.
OWASP AppSec USA 2011 Video & Slides Posted
[slackware-security] vsftpd (SSA:2012-041-05)
[slackware-security] proftpd (SSA:2012-041-04)
Semiconductor company MediaTek has launched a package of components that will be used by vendors to build mid-range and entry-level smartphones based on Android 4.0.

RSA(R) Conference 2012 Analyst Teleconference to Address Leading Information ...
MarketWatch (press release)
In addition to a trend discussion, the analysts will preview the below sessions: -- John Kindervag, Forrester - "Managing Advanced Security Problems Using Big Data Analytics" -- Pete Lindstrom, Spire Security - "Where Will InfoSec Be in 2020?

and more »
The attacks have so far left few leaks but the most recent one which is from the Turkish ITCA is set to be fairly big with lots of clients details and information now being published in many places.

Hadoop is coming out of the shadows and into production in enterprise IT shops. But the relative newness of the open-source platform and a shortage of experienced Hadoop talent pose hurdles.
There has just been a new announcement from Romainain Anonymous hackers who are stating they will leak data that contains lots of personal information that will expose the Romainian Spying Agencies.

SECTOR404cl has also added the Constitutional court of chile to there list of attacks today. the website tribunalconstitucional.cl belongs to the chile government and this attack has been label part of #opchilerenace.

Startup Starboard Storage Systems came out of quiet mode with its first product: a storage array that discerns between structured and unstructured data in order to tailor I/O performance. It's also targeted at virtualized server environments.
TD Bank Group deployed IBM collaboration software to help its 85,000 employees collaborate more efficiently. (Insider, registration required.)
New Research In Motion CEO Thorsten Heins has a small window of opportunity to resuscitate the long-stumbling smartphone maker.
The Bank of America tech leader's mandate is to streamline and modernize back-office operations. Insider (registration required)
Ready or not, big data is coming. Here are 5 things IT managers can do today to prepare for the data deluge of tomorrow.
They're bright-eyed and bushy-tailed, but recent tech grads aren't quite ready for the work world, IT managers say. Here are six skills they lack.
Aneesh Chopra, who served for almost three years as the first CTO for the U.S. government, has resigned. It is rumored that he will run for lieutenant governor in Virginia, according to The Washington Post and other sources.
For the third consecutive release of Firefox, Mozilla has pushed users a patch shortly after launching a new version of the browser.
Jargon, data, power -- the first step to IT recovery is recognizing the monkey on your back
A major U.K. telecom provider is reducing travel time, increasing team work and decreasing email dependence by deploying social enterprise collaboration tools.
A news website that crawls for new articles from many sources has become news it self after it was hacked and now 194 accounts have been leaked. The target: myheadlinez.com

National Library of Venezuela has become a target and victim of cyber attacks. sector404CL has claimed to fo hacked the librarys website and dump a small amount of accounts.

One of the biggest dubstep websites has been exposed as being vulnerable to SQLi attacks. The website dubstep.net was exposed by @V0iD_Hacker who has posted the vulnerably on pastebin with the following message.

At first blush, it's another one of those, "Sure, it will happen ... eventually," type of situations. I mean does anyone envision a commercial air fleet without readily available Internet service 20 years down the runway?
Uptime Software is the latest company aiming to help eliminate bill shock for cloud users.
Like the great white in Jaws there's proposed legislation about to strike and it's your liberties that will have a chunk missing
The hack has left the website defaced and all the forums and content is not accessible as well as leaking a fairly huge load of data from the website. The attack comes from @alsa7rx who in the past has leaked many other things.

This attack has come from a hacker using the handle @r00tw0rm and was announced via twitter. The leaked data it self is most likely something NASA could of prevented by responding to the hackers who had contacted NASA about the exploit. As stated by r00tw0rm NASA didnt take it so serious so now they have had a very minor part of the data leaked.

Linux Kernel 'exec()' Local Denial of Service Vulnerability

Posted by InfoSec News on Feb 12


By Aliya Sternstein

Military computers soon will be configured to execute only
administrator-approved software applications in certain areas of a
computer, Pentagon officials told Nextgov. The Defense Department's
unique version of the "application whitelisting" approach focuses on
where downloads are allowed to launch in a system. It is intended to be

Posted by InfoSec News on Feb 12


By Robert Lemos
Contributing Writer
Dark Reading
Feb 10, 2012

Ask security professionals for a list of important metrics, and expect
to get a long list with much debate. Yet information security managers
need a way to keep track of their progress on securing the network while
watching out for potential...

Posted by InfoSec News on Feb 12

Forwarded from: Simon Taplin <simon (at) simontaplin.net>


The New York Times
February 10, 2012

SAN FRANCISCO -- When Kenneth G. Lieberthal, a China expert at the
Brookings Institution, travels to that country, he follows a routine
that seems straight from a spy film.

He leaves...

Posted by InfoSec News on Feb 12


By Philip Sherwell
The Telegraph
11 Feb 2012

The shadowy cyber hacking group Anonymous, which has organised a series
of strikes on high-profile websites, appeared to claim credit for the
latest incident in online messages.

It was impossible to access the www.cia.gov home page on Friday evening

Posted by InfoSec News on Feb 12


By PoliceOne Staff
February 10, 2012

BOSTON -- As their website went back online Thursday after being hacked
last week, Boston Police posted a YouTube video of wry comments from
officers poking fun at the mishap.

Set to the same song hacker cohort 'Anonymous' put on the site in the
meantime - Time obtained a mirror page...
Internet Storm Center Infocon Status