InfoSec News


Inside the Convoluted Plot to Bring Down WikiLeaks
Wired News (blog)
As CEO of the government-focused infosec company HBGary Federal, Barr had to bring in big clients — and quickly — as the startup business hemorrhaged cash ...

and more »
 

Low Intensity Conflicts - Virtual Small Arms Proliferation
CSO (blog)
In a 2003 report (Small Arms Survey) at least 1134 companies in 98 countries worldwide were involved in some ...

 
After hearing lots of talk about the new 4G phone from Samsung, I finally got some hands on time with the Galaxy S 4G here in Barcelona, Spain, where the 2011 Mobile World Congress is in progress.
 
If you have seen any of the video of its preliminary bouts on "Jeopardy!" you know that IBM's Watson computer is pretty amazing. One of the main reasons, it turns out, is that IBM enlisted the intelligence of eight of the country's top universities to make sure Watson has superb question answering ability.
 
Intel started shipping the six-core Core i7-990X Extreme Edition processor on Monday, calling it the fastest Intel desktop processor ever.
 
Florian Yanez, manager of technical systems for Helzberg Diamonds, explains how tokenization helped the company solve data storage and PCI DSS challenges.
 
QEMU KVM VNC Password Security Bypass Vulnerability
 
Global spending on mobile infrastructure has been falling for the past two years despite rising demand for network capacity, but investment will rebound this year, according to a forecast by Dell'Oro Group.
 
Venture capital firm Kleiner Perkins Caufield & Byers has taken a small stake in Facebook, according to the Wall Street Journal.
 
Kognitio claims to have found a way to eliminate data warehouses through the use of virtual data cubes
 
Yahoo has gone a long way toward further dispelling the uncertainty around its BOSS search developer program with the establishment last week of a fee structure for it and with the pledge to upgrade its functionality in the coming months, analysts said.
 
In March, Facebook will upgrade all pages to look more like personal profiles, while giving administrators new tools for maintaining their pages. Here's a preview.
 
Google CEO Eric Schmidt is scheduled to speak at Mobile World Congress in Barcelona at about 11:45 a.m. ET on Tuesday.
 
Sometime this year the world will run out of Internet addresses doled out under the old-style IPv4 protocol, and while the 128 bit addresses in IPv6 will allow for essentially an unlimited number of addresses, the upgrade path is a tricky one.
 
A new industry group has proposed a standard that would use storage on a mobile device to preemptively download content in order to alleviate network bottlenecks and the resulting rebuffering issues.
 
Today's existing state-of-the art wireless LAN can achieve 300 Mbps using 802.11n with two spatial streams. Future developments will deliver three- and four-stream speeds of up to 600 Mbps. But the 802.11 working group has set its sights on a more ambitious milestone: 1 Gbps throughput.
 
Art of defence has formed a community to develop an open source Web application firewall, contributing its own dWAF code as a starting point.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

Flip On Over To B-Sides
InformationWeek (blog)
... and community-driven," says Dave Shackleford, consultant and frequent presenter at infosec conferences. Even if you're not in San Francisco this week, ...

and more »
 
The $80 Nizmos Angle is a leather iPad case that combines high-quality materials with a whole lot of adjustability.
 
Nizmos' $80 Contour is essentially a leather version of Apple's own iPad Case. The leather Nizmos uses is soft and gorgeous, and available in black, brown, or tan. You insert an iPad into the case by sliding it into the side of a leather frame, which leaves all ports and connectors accessible. However, the leather frame is thick enough that it can be a bit distracting, since it surrounds the iPad screen at all times--Apple's case has the advantage here because it's made of much thinner material.
 
Portenzo's $125 Alano iPad Case looks much like the company's Notebook Style iPad Case or its competitor, the Dodocase. But while those cases are book-like in their construction, complete with stiff, book-binding covers, the Alano is all leather. That's right--it's a four-millimeter-thick sheet of leather wrapped into the shape of an iPad case and attached to a bamboo iPad frame. It's the same sturdy frame as on the Portenzo Notebook Style case, and you can still hold the whole thing together with an elastic strap. It's like an all-leather Moleskine for the iPad.
 
At a glance, Portenzo's $60 Notebook Style iPad Case is a dead ringer for the Dodocase, my previous favorite folio-style iPad case. It's got the same delightfully analog, Moleskine-style exterior, complete with an elastic band to hold it closed. Flip open the faux-leather cover, and be prepared for gasps from people when they see that there's an iPad inside, neatly tucked into a bamboo frame. The case's sturdy materials make it feel like a well-made hardback book.
 
With the barrage of data traffic hitting corporate and mobile networks from Wi-Fi-enabled smartphones, iPads and other bandwidth-hungry devices, enterprises and carriers must contend with data volumes that often exceed network capacity and a crowded RF spectrum that is impossible to navigate.
 
It's hard to see Booq's $50 Boa Folio for iPad as anything but a misfire. It's probably quite durable, since it's made out of the kind of thick, rough material I'd expect to find in a bag. But as a folio case for the iPad, this material seems awfully unwelcoming.
 
The $70 US+U Swivel Pro is an attractive, faux-leather case with several unique features. The tri-fold design adds bulk, but you also get a corner pocket for storing full-size (8.5- by 11-inch) documents. On the inside front cover is a hand strap that rotates a full 360 degrees--when the case is open, you slide your hand through the strap, allowing you to hold the iPad at any angle.
 
Is it a bag or an iPad folio case? It's both! The $60 Crucial Case from Chima Design manages to be both a floor wax and a dessert topping. Made of black, ballistic nylon, the case definitely feels more like a bag than the leather-clad cases that populate most of the iPad folio-case category.
 
Moshi's $55 Concerti is an interesting case that takes a hybrid approach to the folio genre: a soft, microfiber exterior--grey, beige, or dark purple--wrapped around a silicone frame. Placing an iPad in the silicone frame is easy and holds the device securely while allowing access to all its ports and connectors. The microfiber exterior is a nice, classy-yet-casual alternative to all the leather iPad folios out there. The case comes with a clip-on, microfiber strap if you're looking to accessorize.
 
Stuxnet infected its first target just 12 hours after hackers finished the worm, an indication that the malware scored an almost instant bulls-eye, a Symantec researcher said today.
 
[SECURITY] [DSA 2161-2] OpenJDK security update
 
[ MDVSA-2011:027 ] openoffice.org
 
Echoworx previewed its mobile encryption platform, promising support for all major smartphone operating systems as well as future tablets.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Popular mobile games such as Angry Birds and Monkey Jump are being illegally copied and repackaged with code designed to steal personal information or perform other malicious functions, according to a study due to be released soon from Lookout Mobile Security.
 
Apple is working on a line of smaller, less-expensive iPhones, a move one analyst said the company "would be stupid not to" pursue.
 
Django Multiple Remote Vulnerabilities
 
Adobe Flash Player CVE-2011-0608 Remote Memory Corruption Vulnerability
 
Adobe Flash Player CVE-2011-0607 Remote Memory Corruption Vulnerability
 
Commtouch calls its new All-In-One security client a "triple play" of messaging security, Web security and antivirus.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

Ars Technica

Spy games: Inside the convoluted plot to bring down WikiLeaks
Ars Technica
As CEO of the government-focused infosec company HBGary Federal, Barr had to bring in big clients—and quickly—as the startup business hemorrhaged cash. ...

and more »
 
Improve enterprise performance by using these Ruby on Rails caching techniques.
 
Twitter is working with operators in the Middle East to make it easier for users to send Twitter messages using SMS (Short Message Service) short codes, after blockages in countries such as Tunisia and Egypt, said CEO Dick Costolo.
 
Hewlett-Packard announced Monday it plans to buy data warehousing and analytics vendor Vertica for an undisclosed sum.
 
[SECURITY] [DSA 2162-1] openssl security update
 
Hyleos ChemView ActiveX Control Multiple Buffer Overflow Vulnerabilities
 
Wireshark '.pcap' File Memory Corruption Vulnerability
 
[SECURITY] [DSA 2163-1] python-django security update
 
A major Windows Phone 7 update later this year will add Internet Explorer 9 (IE9), more third-party multitasking, Twitter and Skydrive cloud computing functions, Microsoft CEO Steve Ballmer told Mobile World Congress attendees.
 
Samsung Galaxy S II versus Galaxy S
 
While the 802.11i -- or WPA2 -- wireless security standard does a fine job of authenticating users to the corporate network and encrypting both authentication and user data over the air, many of the latest wireless security threats aren't specifically related to authentication.
 
Seagate announced that it has sold more than a million SEDs through six manufacturers, and that its family of Cheetah, Constellation and Savvio SEDs and the Momentus SED have secured FIPS 140-2 certification.
 
Smartphone users download billions of applications each year, and while the apps add greatly to phone functionality, the risks of buggy or malicious code threatens the user and also the integrity of networks.
 
Horde Products Local File Include and Cross Site Scripting Vulnerabilities
 
One of the most interesting things we encounter when my consulting company works with clients is their reaction to the infrastructure architectures of cloud providers. When we explain that they achieve robustness by keeping multiple copies of data on commodity hardware, rather than the traditional model of investing in expensive hardware to improve device robustness, we observe a visceral shudder in people.
 
A federal judge has tossed a class-action lawsuit that claimed Apple's iPad overheats when used outdoors in warm weather or in direct sunlight, according to court documents.
 
An emerging class of so-called data center infrastructure management tools are becoming available from a variety of vendors as CIOs increasingly seek technology that provides a complete view of their data center infrastructure.
 
Lumension announced the Endpoint Intelligence Center to protect endpoint computers from threats, malware and third-party software vulnerabilities.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Samsung SDS and SAP have created BI (business intelligence) software for Android mobile devices, the companies announced Monday in conjunction with Mobile World Congress in Barcelona.
 
Ankit wants to email browser bookmarks for access on any computer.
 
Intel said its Medfield chip, designed for low-end smartphones, is in production and will ship later this year.
 
Advanced Micro Devices' upcoming Opteron server processors based on the new Bulldozer architecture will be available in the third quarter.
 
Intel put on a brave face Monday at Mobile World Congress in Barcelona, insisting that it and other companies maintain strong support for MeeGo, the open source software platform that Nokia last week said it would abandon in favor of Microsoft's Windows Phone 7.
 
[ MDVSA-2011:026 ] phpmyadmin
 
[SECURITY] [DSA 2161-1] OpenJDK security update
 
While Apple dismisses the value of the Flash Player for its smartphones and tablets, the makers of Flash at Adobe Systems are pounding their chests about its promise.
 
Dell introduced a server that can accommodate up to 96 CPU cores -- a big boost in the computational power provided by its hardware.
 
Hewlett-Packard announced Monday it plans to buy data warehousing and analytics vendor Vertica for an undisclosed sum.
 
VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
 
[SECURITY] [DSA 2160-1] tomcat6 security update
 
ASPR #2011-02-11-1: Remote Binary Planting in Adobe Reader
 
ASPR #2011-02-11-2: Remote Binary Planting in Adobe Flash Player
 
Lumension announced its an early adopter program for companies to try its Intelligent Whitelisting product for endpoint security.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

Placing in Context Infosec Skills Gap
GovInfoSecurity.com
Attracting and retaining IT security professionals may be the No. 1 staffing challenge states face, but the numbers alone unveiled in a recent National ...

 
The London Stock Exchange has issued final confirmation that at 8am today it will launch a new matching engine based on Novell SUSE Linux technology, following successful last-step setup procedures on Saturday.
 
Skate is the latest addition to ZTE's portfolio of low-cost smartphones. It has a 4.3-inch screen and runs Android version 2.3, the company announced at Mobile World Congress on Monday.
 
Research In Motion announced plans for two new versions of its PlayBook tablet at the World Mobile Congress, although it hasn't even begun selling the two models it has already announced.
 
The W3C sets a timeline for finishing the hotly debated HTML5 standard
 
Ruckus Wireless has developed a gateway that offers a first step toward a time when smartphone users will automatically roam onto Wi-Fi networks to use data services.
 
Developers interested in coding projects for public cloud services have a new avenue to find work in the form of CloudSpokes, a community marketplace announced Monday by Appirio.
 
Hoping to make Android more attractive to security-minded CIOs, Samsung has added encryption and integrated Cisco's AnyConnect VPN client on its latest smartphone, the Galaxy S II, it said on Sunday at the Mobile World Congress.
 
RSA Conference product announcements will focus on everything from iPhone/iPad security to Windows 7 exploit security and the latest in Unified Threat Management.
 
Motorola Mobility said it has bought 3LM, a company that develops enterprise security and device management products for Android devices.
 
Cisco Systems will make a three-pronged attack at Mobile World Congress this week on what it sees as an impending flood of mobile data, especially video, by extending its current product lines with tools for better content delivery.
 
Mobile network operators and their equipment suppliers are working hard to make telephony over data-oriented LTE (Long-Term Evolution) mobile networks a reality, with the number of demos at Mobile World Congress a sign they are getting closer.
 
Once the domain of sleek but underpowered devices, today's ultrathin Windows notebooks add a healthy dose of substance to their style.
 
In this interview, Netezza CEO Jim Baum talks about what the data warehousing company's acquisition by IBM means for enterprises and he discusses trends that are driving the market and shaping the company's products.
 

Infosec professionals must keep skills up to date
ComputerWeekly.com
There is a clear gap in skills needed to protect organisations, a study has revealed. The information security community admits it needs better training in ...

and more »
 
Scientists at the University of California released a report showing that as of 2007, the world had stored 295 exabytes of data, and that data storage has grown 23% annually since 1986.
 
Fujitsu's ScanSnap S1100 is a lightweight mobile scanner that saves your documents to a number of applications, including Evernote and Google Docs.
 
Dev vs. ops, staff vs. management -- here's how to rise above the friendly fire and turn IT unrest into productivity
 

Matt Moynahan, CEO, Veracode
Infosecurity Magazine
Matt Moynahan isn't your average infosec CEO. He is younger than the average CEO (he was recognized as one of the '40 Under 40' top leaders in Greater ...

 

Posted by InfoSec News on Feb 14

http://www.wired.com/threatlevel/2011/02/stuxnet-five-main-target/

By Kim Zetter
Threat Level
Wired.com
February 11, 2011

Attackers behind the Stuxnet computer worm focused on targeting five
organizations in Iran that they believed would get them to their final
target in that country, according to a new report from security
researchers.

The five organizations, believed to be the first that were infected with
the worm, were targeted in...
 

Posted by InfoSec News on Feb 14

Forwarded from: Richard Forno <rforno (at) infowarrior.org>

As Marc Maiffret correctly noted in his EEye blog post last night, funny
how these cyberwarfare threats always tend to show up around the RSA
conference......

Scary Night Dragons Fall from Sky
http://blog.eeye.com/general/scary-night-dragons-fall-from-sky

-- rick

___________________________________________________________
Tegatai Managed Colocation: Four Provider...
 

Posted by InfoSec News on Feb 14

http://www.bankinfosecurity.com/articles.php?art_id=3342

By Tracy Kitten
Managing Editor
Bank Info Security
February 11, 2011

Could real-time forensics have helped uncover the NASDAQ breach sooner?

It's unclear how long cyberhackers breached and prowled NASDAQ's network
and systems. According to NASDAQ, the investigation continues. In a
statement posted to the company's website, NASDAQ says, it "was honoring
the U.S. Government's...
 

Posted by InfoSec News on Feb 14

http://abcnews.go.com/News/cia-director-leon-panetta-warns-cyber-pearl-harbor/story?id=12888905

[CIA Director John Deutch warned yesterday that hackers could launch
"electronic Pearl Harbor" cyber attacks on vital U.S. information
systems. June 26th 1996 - http://nydn.us/hzEXtm - WK]

By Jason Ryan
ABC News
Feb. 11, 2011

Top U.S. intelligence officials have raised concerns about the growing
vulnerability the United States faces...
 

Posted by InfoSec News on Feb 14

http://www.chinadaily.com.cn/china/2011-02/12/content_11989991.htm

By Zhou Wa
China Daily
2011-02-12

BEIJING - Chinese experts called for more attention to be given to
China's cyber security studies on Friday to prevent the nation from
falling victim to international hacking attacks.

"China should improve its independent innovation abilities in Internet
security, with regard to both technology and management," said Yuan
Peng,...
 
Apache Tomcat HTML Manager Interface HTML Injection Vulnerability
 
Apache Tomcat SecurityManager Security Bypass Vulnerability
 


Internet Storm Center Infocon Status