Share |

InfoSec News

The InfoSec Conundrum. Keep Playing Until You Lose.
SYS-CON Media (press release) (blog)
It is not generally considered if you will get compromised, we approach InfoSec like you will fail, the only questions are “when?” and “did you do enough to try and stop it?” That just is not a viable way to run a business over the long-term. ...

Sony didn't show up for last week's Capitol Hill hearing on its massive data breach, thought to have affected more than 100 million video gamers. But that didn't stop Representative Mary Bono Mack from laying into the company, along with Epsilon, a marketing company that experienced a similar breach just weeks before.
When Apple released new iMacs in early May, the company also made available new build-to-order (BTO) options in addition to the standard-configuration models. Macworld Lab tested two iMacs with BTO processor upgrades that offer faster speeds and more processing power, and the results show that the additional cost for the upgrades are worth it--if you run software that takes advantage of the technology.
A computer glitch at the U.S. Department of State means there's some bad news for thousands of people who thought they'd been selected in this year's green card visa lottery, which gives a select few a bump to the front of the immigration line.
One administrative law judge of the U.S. International Trade Commission has ruled that Kodak did not infringe Apple patents in its cameras, possibly setting the stage for dismissal of a complaint by Apple.
LimeWire's agreement to pay $105 million to settle piracy claims is seen as a victory for the recording industry, but experts say it will do little to stop music piracy.
Samsung's new Droid Charge offers a superb display, a large battery and Verizon's fast 4G LTE network for a cool $300.
Microsoft offered some details about outages that have plagued its hosted e-mail customers in the Americas over the past week.
The Droid Charge smartphone from Verizon Wireless will go on sale Saturday morning, 16 days after it was first slated to hit store shelves.
Samsung has begun production of its 20-nanometer DDR 2.0 NAND flash chip technology, which offers twice the capacity over its current chip and vastly better performance.
Facebook may not have bought Skype, but the social networking company may still reap the benefits.
IBM is attempting to lure Oracle database and middleware customers to "move up" to its own software with a new series of enticements, the company said.
Though Cisco had disappointing earnings news this week, the Microsoft deal to buy Skype, an Intel dividend and solid financials from Symantec helped keep confidence in IT high.
The United States and the European Union have agreed to work together to ensure that domain naming on the Internet remains in the hands of independent private-sector stakeholders, but have demanded reforms.
Consumers may love that Google's Chromebooks will automatically deliver security updates, but company administrators will resist it tooth and nail, experts said today.
IBM is attempting to lure Oracle database and middleware customers to "move up" to its own software with a new series of enticements, the company said.
A proposed bill, PROTECT IP, is just the old COICA in disguise. It must not pass!
The creative lighting, strange sounds and odd look of the project attracted large crowds at the Computer Human Interaction conference. Called the Humanaquarium, the large plexiglass box housed two musicians whose performance could be controlled by audience interaction.
Microsoft's partnerships with RIM, Nokia and Yahoo (and acquisition of Skype) underscore the need to form alliances against Google or Apple in certain markets.
IBM Runtimes for Java Technology Class File Parsing Denial Of Service Vulnerability
If Value Engineering is the identification of different implementation strategies to achieve the business goal, the ultimate in value engineering is to identify requirements that don't need to be done in the first place. Although security and access control would seem to be a poor candidate for this kind of requirements elimination, in many situations the technical solutions are so clumsy and expensive that there's almost no ROI.
Here's a nice little bedtime story, taken from the corporate history books.
May 13, 2011: Microsoft buys Skype, Google goes for the hype
New partners Microsoft and Nokia have joined forces, hoping to invalidate Apple's trademark registration for the terms APP STORE and APPSTORE in Europe, according to a statement issued by Microsoft.
LimeWire has agreed to pay record labels US$105 million to settle a lawsuit alleging that the file-sharing service allowed its users to infringe copyright, the Recording Industry Association of America announced late Thursday.
Adobe Flash Player CVE-2011-0626 Remote Buffer Overflow Vulnerability
Adobe Flash Player CVE-2011-0625 Remote Buffer Overflow Vulnerability
Adobe Flash Player CVE-2011-0624 Remote Buffer Overflow Vulnerability
Adobe Flash Player CVE-2011-0618 Remote Integer Overflow Vulnerability
Yahoo said that Chinese e-commerce giant Alibaba Group transferred ownership of its online payment service Alipay without its knowledge or approval, a sign of continuing tension between the two companies.
These new laptops from HP and Lenovo are meant for business travelers who need reliable, durable and up-to-date technology.
Facebook's surreptitious public relations campaign against Google shows how intense the competition has become between the two companies -- and what lengths Facebook will go to in the fight.
A set of cybersecurity proposals, submitted to Congress on Thursday by the Obama administration, contained little that was new or unexpected.
Rambus on Thursday said it has agreed to acquire Cryptography Research for $342.5 million in cash and stock.
Adobe Audition '.ses' (CVE-2011-0614) Buffer Overflow Vulnerability
Tablets based on Intel's first dedicated tablet processor may not be a monster hit among consumers like Apple's iPad, but they could find adoption in enterprises, analysts said this week.
Flash Tag Cloud And MT-Cumulus Plugin 'tagcloud' Parameter Cross-Site Scripting Vulnerability

Posted by InfoSec News on May 13

By Richard N. Velotta
Vegas Inc.
12 May 2011

As repositories of the personal information and financial records of
hundreds of thousands of guests enrolled in loyalty programs, Las Vegas
resorts are an obvious target for terrorists seeking to finance their
destructive plots, a security expert told a tourism safety conference


Posted by InfoSec News on May 13

By Paul McDougall
May 12, 2011

Companies need to accept that employees will spend at least part of
their day on social networks like Facebook, Twitter, and Linked In, and
need to adopt strategies and policies to manage and secure such activity
rather than attempting to outlaw it, an expert who spoke Thursday at the
Interop IT Conference and Expo in Las Vegas...

Posted by InfoSec News on May 13

By Dan Goodin in San Francisco
The Register
12th May 2011

The FBI has finally come clean on the real reason it doesn't want to
name phone and internet service providers that participate in a sweeping
surveillance program that taps international communications without a
warrant: Customers would get mad and dump or sue the providers.

This rare piece of honesty came in a recently...

Posted by InfoSec News on May 13

By Tracy Kitten
Managing Editor
Bank Info Security
May 12, 2011

The Michaels debit breach is much bigger than the company initially

Michael Stores initially reported that a scheme, in which point-of-sale
pads customers use to key in their personal identification numbers, was
isolated to Chicago, but on Tuesday the arts and crafts supplies
retailer issued a statement that...

Posted by InfoSec News on May 13


The Secunia Weekly Advisory Summary
2011-05-06 - 2011-05-13

This week: 152 advisories

Table of Contents:

1.....................................................Word From...

Posted by InfoSec News on May 13

By Cahal Milmo and Martin Hickman
The Independent
13 May 2011

Sienna Miller should be forced to accept damages of £100,000 in her
phone hacking claim against the News of the World because the stories
published about her private life were "not that hurtful", a lawyer for
the Sunday newspaper said...
DreamBox Multiple DM500 Products Directory Traversal Vulnerability

Internet Storm Center Infocon Status