InfoSec News

Apple is on the losing end of an initial ruling by the U.S. International Trade Commission in the company’s battle with Motorola.
For a touch-based interface it was awfully hard to get hold of. Microsoft's Windows 8 OS was shown on a handful of prototype ARM-based tablets at this year's CES, but almost no one was allowed to try it out.
The lead sponsor of the U.S. Stop Online Piracy Act, a controversial copyright enforcement bill, will remove a much-debated provision that would require Internet service providers to block their subscribers from accessing foreign websites accused of infringing the copyrights of U.S. companies.
An interview with alliance president Curt Aubley, vice president and chief technology officer, Cyber & NexGen Innovation at Lockheed Martin Information Systems and Global Solutions, about cloud security issues and the alliance's efforts to help secure the cloud. Insider (registration required)
Women may have come a long way in the high-tech field in the last 10 years, but there's still room for growth, according to a group of female tech executives who spoke at CES.
Beverage distributor Major Brands is suing Epicor, alleging the ERP (enterprise resource planning) software vendor failed to deliver a satisfactory system after years of effort and significant cost overruns, and then offered a solution that would force the company to install a new version that hadn't yet been completed, pushing back the original "go-live" date by four years.
Advanced Digital Broadcast Digital Satellite TV Platform Multiple Unspecified Vulnerabilities
Atmail Webmail Multiple HTML Injection Vulnerabilities
Apple was the only top-five computer maker to post shipment gains in the U.S. during the final quarter of 2011, a pair of research firms said this week.
Google has confirmed as true allegations made on Friday by a Kenyan provider of online business listings, Mocality, that Google staffers attempted to undermine its business by lying to its customers and improperly mining its data.
The Internet Systems Consortium is looking for a few more good programmers to bring the next generation of its open source BIND DNS server software to fruition.
Apple today confirmed that explosions last year at Chinese plants of two of its parts suppliers were caused by excessive aluminum dust.
Google has appointed Diane Greene, a co-founder and former CEO of VMware, to its board of directors and audit committee.
Microsoft AntiXSS Library Sanitization Module Security Bypass Vulnerability
MailEnable 'ForgottonPassword.aspx' Cross Site Scripting Vulnerability
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Despite economic uncertainty at home and abroad, enterprises IT budgets grew in 2011, although not by very much. So, what’s on tap for 2012? In this package of stories, Network World and IDG News Service reporters provide a roadmap for the new year.


Fake memo but real code? India-US hacking mystery deepens
Technology blog Infosec Island said on Wednesday it had seen more data obtained by the Lords of Dharmaraja, including dozens of usernames and passwords for compromised US government network accounts. Infosec Island blogger Anthony Freed said the hacker ...
US China Commission Emails HackedDark Reading

all 170 news articles »
Get ready for a perfect storm of earnings news. With tech bellwethers including IBM, Microsoft, Intel and Google set to issue financial reports next week, earnings season will pick up in earnest and judging from recent forecasts and profit warnings, it could be a bumpy ride.
Signs that Apple's sales will continue on a feverish pace continue to accumulate, Brian White of Ticonderoga Securities said today.
A new phishing attack that's spreading through Facebook chat modifies hijacked accounts in order to impersonate the social network's security team.
Security was a big issue in 2011 with more sophisticated and a wider range of threats than ever before wasting even more of everyone's time at a cost of billions of dollars.
Linux Kernel CVE-2011-4348 Remote Denial of Service Vulnerability
ME020567: MailEnable webmail cross-site scripting vulnerability CVE-2012-0389
Atmail Webmail Multiple HTML Injection Vulnerabilities
The U.S. International Trade Commission has launched an investigation of patent infringements alleged by patent acquisition firm Digitude Innovations against a who's who of smartphone and tablet makers.
Oracle is set on Tuesday to release 78 security fixes for vulnerabilities in its database, middleware and applications, according to a preview announcement posted to the company's website this week.
SAP on Friday reported preliminary fourth-quarter results that showed revenue rise 11 percent to $5.7 billion, according to IFRS (International Financial Reporting Standards).
In the past few days a new PDF has surfaced from the DHS that contains a fairly long list of different news, social media, trend tools and search tools that the DHS has suggested its agents use to moniter the on going cyber problems that the world is facing.

We have received some strange DNS traffic sample Type A query that isn't your typical DNS format. The DNS query has some fields that do change are marked with a X (see DNS query pattern). Other format/pattern may exist since the capture was based on a very short capture. We are trying to establish what this traffic maybe doing, whether it is a messed up DNS resolver, some sort of command and control or covert channel.
If you have seen this type of DNS query with this kind of behavior, we would like to hear from you.
DNS Query Pattern
Sample Queries
omchikaaaaerd0000pjaaaabaafaejam: type A, class IN

ibjegdaaaaerd0000pjaaaabaafaejam: type A, class IN

ehjjafaaaaesx0000pjaaaabaafaejam: type A, class IN

dlegnhaaaaern0000pjaaaabaafaejam: type A, class IN

cfdnnoaaaaern0000pjaaaabaafaejam: type A, class IN
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Yesterday ICANN started accepting applications for new generic top-level domains (gTLDs). The world of .com, .gov, .org and 19 other gTLDs will soon be expanded to include all types of words in many different languages. For the first time generic TLDs can include words in non-Latin languages, such as Cyrillic, Chinese or Arabic. [1]
Last month, the US Federal Trade Commission indicated it has concerns with this change, they are concerned that consumer protection safeguard against bad actors that could lead to potential risk of abuse through existing scams such as phishing sites. [2]
Do you see these changes have a potential for concern and abuse or just business as usual?
[1] http://www.icann.org/en/announcements/announcement-11jan12-en.htm

[2] http://www.ftc.gov/os/closings/publicltrs/111216letter-to-icann.pdf

[3] http://newgtlds.icann.org/en/

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-- Adam Swanger, Web Developer (GWEB) Internet Storm Center (http://isc.sans.edu) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Sony showed off its new Xperia Ion smartphone in the middle of its massive booth at CES, drawing attention to its multimedia features and sleek styling.
Ford's first all-electric passenger vehicle, the Focus Electric, features a smartphone app that can help drivers keep track of when the car is being charged remotely.
A variant of the Sykipot Trojan Horse hijacks U.S. Department of Defense (DoD) smart cards in order to access restricted resources.

Startmate reveals its 2012 start-ups
ZDNet Australia
... Tab ran... http://t.co/cmAxq0IA RT @cliffsull: #infosec is out! http://t.co/72mx25xy ▸ Top stories today via @pretorienx @zdnetaustralia @quietb0x @security_rec Government smartcards could be hijacked - ZDNet Australia: Government smartcards could ...


How to manage information security during an innovation void
However, the more disconcerting limiting factor is beyond the direct control of infosec executives: the scarcity of innovation in the information security industry. Wikileaks - fearless whistleblowers or irresponsible nuisances? ...

Nokia has sold 450 wireless and video patents and patent applications to Sisvel International, an Italian patent licensing company.
A Delhi court sent a summons to the headquarters of foreign Internet companies including Google, Facebook, Microsoft, and Yahoo on Friday, in a private case against objectionable content online.

EC-Council to Host Advanced Technical Security Summits in Alexandria and San Jose
PR Web (press release)
Infosec professionals must adapt themselves to this changing threat environment in order to safeguard the information assets of their companies and organizations. The Center of Advanced Security Training (CAST) - the advanced training division of ...

and more »
Cyber insurance can help mitigate damages after a breach, but it's no substitute for top-notch security, IT pros say.
Apple should consider launching its products earlier in China, and expand its online distribution there, if it wants to avoid future displays of customer dissatisfaction like Friday's egg throwing at a Beijing company store, according to analysts.
International Game Technology, a maker of slot machines, has reached a definitive agreement to acquire social games developer Double Down Interactive for $500 million.
The importance of bundling services and software with mobile devices is finally resonating with Android device makers as they compete with Apple.
"When you've got a lot of angry zombies coming at you, you really don't want to have to look away from the screen..."
It's a myth that Android isn't secure and is difficult for IT managers to control, contended a top Motorola Mobile executive in an interview at the Consumer Electronics Show.

Posted by InfoSec News on Jan 13


The New York Times
January 12, 2012

Chinese hackers have deployed a new cyber weapon that is aimed at the
Defense Department, the Department of Homeland Security, the State
Department and potentially a number of other United States government
agencies and businesses, security researchers say.

Researchers at...

Posted by InfoSec News on Jan 13


The Secunia Weekly Advisory Summary
2012-01-05 - 2012-01-12

This week: 65 advisories

Table of Contents:

1.....................................................Word From Secunia...

Posted by InfoSec News on Jan 13


The Register
13th January 2012

The Information Commissioner is proposing to issue its heaviest ever
fine for a breach of UK data protection laws. It proposes fining a
health body after patient records were stolen from a hospital and sold
on eBay.

Brighton and Sussex University Hospitals NHS Trust told Out-Law.com that
hard drives containing patient data had been...

Posted by InfoSec News on Jan 13


By Peter Kuper
January 12, 2012

An innovation void is deepening security's struggle to protect,
according to In-Q-Tel's Peter Kuper. But can the gap be closed by
infosec professionals willing to seize the initiative?

Although predictions for the coming year are a staple of the season, I
will do more than offer an educated guess. I...

Posted by InfoSec News on Jan 13

Forwarded from: Richard Forno <rforno (at) infowarrior.org>

: "We are now in a world in which anonymous judges, jurors and executioners can
: silence whom they want," Friedman said in the video. "This is a new censorship that
: doesn't come openly from governments but from people hiding behind masks."

Zut alors! Friedman's description of things could be applied to the
Internet community's views on how...

Posted by InfoSec News on Jan 13


By Noah Shachtman
Danger Room
January 12, 2012

The Defense Department’s networks, as currently configured, are “not
defensible,” according to the general in charge of protecting those
networks. And if there’s a major electronic attack on this country,
there may not be much he and his men can legally do to stop it in

Gen. Keith Alexander, head of both the...

Posted by InfoSec News on Jan 13


By Aliya Sternstein

A critical part of a fast-track strategy that allows agencies to
digitally borrow each other's cloud security guarantees will not be
available when the operation gets under way this summer, federal
officials told Nextgov.

The mantra of the new effort, called the Federal Risk and Authorization
Management Program, or FedRAMP, is "Do once; use...
Linux Kernel 'FUSE_NOTIFY_INVAL_ENTRY' Message Local Denial of Service Vulnerability

Ballmer opens up on Apple, Skype, Vista
ZDNet Australia
RT @cliffsull: #infosec is out! http://t.co/72mx25xy ▸ Top stories today via @pretorienx @zdnetaustralia @quietb0x @security_rec Government smartcards could be hijacked - ZDNet Australia: Government smartcards could be hijackedZDNet ...

and more »

Samsung Tab 7.7 pops up in Aussie stores
ZDNet Australia
RT @cliffsull: #infosec is out! http://t.co/72mx25xy ▸ Top stories today via @pretorienx @zdnetaustralia @quietb0x @security_rec Government smartcards could be hijacked - ZDNet Australia: Government smartcards could be hijackedZDNet ...

and more »

Google+ and Google search: an SEO play?
ZDNet Australia
RT @cliffsull: #infosec is out! http://t.co/72mx25xy ▸ Top stories today via @pretorienx @zdnetaustralia @quietb0x @security_rec Government smartcards could be hijacked - ZDNet Australia: Government smartcards could be hijackedZDNet ...

and more »
Internet Storm Center Infocon Status