InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

ForeScout Sponsors SANS Webcast "Endpoint Visibility, Control and Remediation ...
EIN News (press release)
The webcast presents proven process and technology considerations that InfoSec professionals can put to immediate use. Other topics that will be addressed include: ForeScout enables organizations to accelerate productivity and connectivity by allowing ...

and more »
AT&T plans to extend its dual-personality software for mobile devices, called Toggle, to provide a walled-off and encrypted work environment within PCs and Macs as well as mobile devices.
The research firm says BYOD policy must ban jailbroken devices, specifically iOS and Android. They make it easy for attackers to breach networks.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Twitter is updating its "expanded tweets" feature, giving users more previews, images and videos from a growing list of news outlets.
Running what they believe is the world's largest Hadoop-based collection of data, Facebook engineers have developed a way to circumnavigate a core weakness of the data analysis platform, that of relying on only a single name server to coordinate all operations.
The U.S. Department of Justice has contacted affected companies about potentially anticompetitive behavior of cable companies toward online video services, according to a source close to the matter.
Google may soon bring business-to-business "social ads" to its Google+ social networking platform, according to a recent job listing for a product marketing manager for social ads launch marketing.
iFixit, a popular electronics do-it-yourself website, today gave the new MacBook Pro with the Retina display its worst-possible repair score of just 1 out of a possible 10.
A hitherto unknown hacking group claimed responsibility for a hacking attack on a county school system in Tennessee that may have exposed the names, Social Security numbers and other personal data belonging to about 110,000 people.
Microsoft released an automatic updated for untrusted certificates. A bid sad that we need this, but it does appear to be necessary to have a method to continuously update a bad certificate lists. The goal of the new updater is to allow for updates to the untrusted certificate store in one day or less after a new bad certificate is known.
Key revocation lists and OCSP were designed to notify clients of revoked certificates. However, these protocols haven't shown the scalability necessary to reliably notify clients of invalid certificates.
(thx Alex for pointing this out)

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
U.S. President Barack Obama will sign an executive order Thursday intended to make it less expensive for broadband providers to install lines and equipment on federal lands and also federal roads.
With the Hadoop Summit taking place this week in San Jose, vendors supporting the open-source data-analysis platform are rushing new products to market.
Dell outlined its software strategy on Wednesday, casting the growing business as a secondary, but key, component to the company's enterprise product offerings in the long run.
Two U.S. lawmakers have asked executives at Chinese telecom companies ZTE and Huawei to explain their connection to the Chinese government out of concern that the companies' products represent a risk to U.S. national security.
Geeks are devoted to Truth, with a capital T. The question 'When will it be done?' feels like a request to lie. Insider; registration required)
Microsoft will start feeding users an update to the critical Windows Update service in the next few days, several security experts said today.
The new MacBook Pro and MacBook Air are the only laptops that support both USB 3.0 and Thunderbolt ports for external devices. The performance advantage for peripherals is tremendous.
Experts explain the difference between customer relationship management (CRM) and customer experience management (CXM) and describe how--and why--you need to create a positive customer experience.
Security Advisory - Checkpoint Endpoint Connect VPN - DLL Hijack
[SE-2012-01] Regarding Oracle's Critical Patch Update for Java SE
[CAL-2012-0023]Microsoft IE Developer Toolbar Remote Code Execution Vulnerability
[CAL-2012-0026] Microsfot IE Same ID Property Remote Code Execution Vulnerability


Using Risk to Fund Infosec Projects
Respondents also identified malicious insider threats as being the greatest threat to information security today, followed by concerns about web application vulnerabilities and employee carelessness. Using Risk to Fund Infosec Projects.

and more »

EU data laws are latest threat to cloud
US officials would never assume they had jurisdiction extensive enough to subpoena or arrest foreign nationals on foreign soil on charges a company with no US presence had broken some US infosec law. (The MegaUpload case might blow the curve on that ...

Verizon Wireless botched the launch of its Share Everything voice, texting and data plans by making too many drastic and costly changes at once, analysts said Wednesday.
Apple's music-oriented social network, Ping, will not be in iTunes software's next major release, expected this fall, source tells All Things D.
CVE-2012-1661 - ESRI ArcMap arbitrary code execution via crafted map file.
APPLE-SA-2012-06-12-1 Java for OS X 2012-004 and Java for Mac OS X 10.6 Update 9
ZDI-12-093 : (Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability
[SECURITY] [DSA 2493-1] asterisk security update
The protagonist of the N.O.V.A. series tells his AI sidekick that this time, really, he's through. He's going to quit. But like any good Space Marine, he reloads his rifle and jumps back into the fray anyway. Such a moment fairly well encapsulates the N.O.V.A. series: It's a tired and clichA(c)d sci-fi shooter franchise but hey, why stop now?
An exploit for a recently patched vulnerability that allows potential attackers to obtain administrative access on network appliances from hardware vendor F5 Networks was added to the Metasploit penetration testing framework on Tuesday.
Like OS X itself, iTunes has a good number of hidden settings that affect how the program works and what options are available to you--some of them letting you revert to the behavior and appearance of older versions of iTunes. And as with those hidden OS X settings, accessing iTunes's secret features requires you to either hunt down special shell commands that you run in Terminal or use a third-party utility that presents the settings in an easy-to-use interface.
Dell on Wednesday said it wants to cut US$2 billion in costs over the next three years as the company moves a larger part of the business toward the enterprise to increase profitability.
Many of the LinkedIn emails alerts instructing users on how to reset passwords accessed by hackers were dumped into spam boxes, according to email security vendor Cloudmark.
The new Verizon Wireless Share Everything plan unveiled Tuesday shocked and angered many longtime Verizon customers, including those with unlimited data plans.
Seven companies want news, eight want music or a movie, and seven want love. Four want pizza, but none of them make it. Only two want sex, and one even wants a unicorn.
NetSuite offers extensive ERP, CRM, and other business management functionality to organizations that recognize the value proposition associated with SaaS
Apple has exhausted supplies of its new $2,200 MacBook Pro that sports a high-resolution "Retina" screen, with the company's online store reporting a wait of three to four weeks by Tuesday's end.
Geoff Huston, an Australian researcher whose predictions about IPv4 depletion dates have proven uncannily accurate over the years, is still not certain that IPv6 will get deployed in time to avert an addressing crisis across the Internet.
Hackers might have stolen the personal information of individuals who applied for a merchant account with card payment processor Global Payments.
As company preps Windows OS to run on ARM hardware, it assures developers that their x86/64 experience will translate
SAN DIEGO -- Cisco should have shuttered Cius nine months before it did, CEO John Chambers told reporters at the CiscoLive! conference here this week.
As announced before, ICANN today published a list of all new TLDs organizations applied for [1]. Applications had to be submitted by May 30th. Being included in the list does not yet imply that these TLDs will actually be approved and created. This is just another stop in the lengthy process. I counted 1930 new top level domain, which I think is a manageable number. Many of the TLDs use foreign character sets. For example companies like Volkswagen apply for their brand name in chinese (大众汽车). Some other interesting proposals I spotted:
.search : Multiple applicants (Amazon is the company that sticks out among them). and .secure has two applications, one from Amazon and one from Artemis Internet. Google, using a company namedCharleston Road Registry applied for 101 different TLDs and is the top bidder, Followed by Amazon EU (76) and Top Level Domain Holdings (70). The most contested TLDs are APP (13 applications), INC (11), Home (11) and ART (10).
There is some criticism that ICANN not only published the TLD and the name of the applicants company, but also full contact details including e-mail addresses.


Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Seven companies want news, eight want music or a movie, and seven want love. Four want pizza, but none of them make it. Only two want sex, and one even wants a unicorn.
Advanced Micro Devices on Wednesday said it will integrate an ARM processor with upcoming x86 chips, marrying two rival architectures and ending more than a year of speculation around AMD's plans to use ARM technology.

Posted by InfoSec News on Jun 13


By Hemanth Kashyap
Bangalor Mirror
June 13, 2012

With an MS degree in cyber & computer forensics from London, Kamal was
in demand among tech firms. But a chance telephone intercept by the cops
led to the revelation that he was the kingpin of a gang which cheated
thousands and looted crores of rupees

Palavarma Kamal Kumar...

Posted by InfoSec News on Jun 13


By Richard Chirgwin
The Register
13th June 2012

A vulnerability in F5 kit first announced in February may be in the
wild, with code posted to Github purporting to be an exploit.

The original advisory stated that vulnerable installations of F5’s BigIP
and other systems allowed an attacker to log in as root, because the
vulnerability exposed the device’s SSH private key....

Posted by InfoSec News on Jun 13


By Elinor Mills
June 12, 2012

Credit card processor Global Payments said today that in the course of
investigating the theft of 1.5 million credit card numbers, it has
discovered that hackers may also have stolen consumer data from servers.

"Our ongoing investigation recently revealed potential unauthorized
access to personal...

Posted by InfoSec News on Jun 13


By Taylor Armerding
June 11, 2012

Sharon Nelson thinks a certain amount of Fear, Uncertainty and Doubt
(FUD) is a good thing.

Nelson, an attorney and president of the information security, digital
forensics and IT consulting firm Sensei Enterprises, knows she is taking
something of a contrarian view. Most objective experts in the

Posted by InfoSec News on Jun 13


By Erich Spivey
June 11, 2012

JACKSONVILLE, Fla. -- A headline on UNF's student newspaper last year
asked if they are still vulnerable to hackers. Now, they have an answer.

"They need to step it up. This is ridiculous that this is happening a
second time," hacking victim Joann Pierre said.


ForeScout Sponsors SANS Webcast "Endpoint Visibility, Control and Remediation ...
MarketWatch (press release)
The webcast presents proven process and technology considerations that InfoSec professionals can put to immediate use. Other topics that will be addressed include: About ForeScout Technologies, Inc. ForeScout enables organizations to accelerate ...

and more »
Microsoft patched 26 vulnerabilities, including one in Internet Explorer that's already being exploited. The company also warned customers of a new zero-day attack and quashed yet another instance of a bug that the Duqu intelligence-gathering Trojan leveraged.
Increasingly, IT and legal find themselves facing off over the benefits and risks of cloud computing. Here's how some entities have hammered out a compromise.Insider (registration required)
At its peak during its two-year existence, Kurupt.su -- a website specializing in the trade of stolen credit-card numbers -- had more than 6,000 members who bought and sold pilfered data in an online bazaar dedicated to defrauding consumers.
The coming Windows Phone 8, dubbed Apollo, will integrate Skype voice and video calling, according to screenshots obtained by the NokiaInnovation.com Web site.
Your peers rely on these tools to help run their shops, for everything from real-time server graphing to capacity planning and virtual machine backup.
Internet Storm Center Infocon Status