InfoSec News

Consumer Reports magazine said on Wednesday that Apple iPhone 4 owners can eliminate reception problems by enclosing their phones in the "Bumper" case Apple sells.
 
Verizon has announced it is getting into the business of health information exchange by using its cloud storage service offering as the platform for sharing information between healthcare providers, no matter the format used to create and store it.
 
The development of "smart TVs" is also leading, not surprisingly, to the creation of a smart remote as well, thanks to Intel.
 
After struggling for a few months, Microsoft's Bing search engine showed growth in the U.S. in June.
 
Sprint Nextel said subscriber behavior changed after it introduced a 5GB monthly cap on its 3G data plans, and that's part of the reason the carrier is wary about capping data consumption on its 4G WiMax service, a company executive said.
 
The Department of Veterans Affairs has dropped a large portion of its work on a four-year, $500 million project to modernize its financial and asset management systems, citing cost concerns.
 
Expecting sales of NAND flash memory to jump, Toshiba and SanDisk today announced they will jointly build a new NAND flash fabrication facility in Yokkaichi City, Japan.
 
Communities in every U.S. state but three -- Delaware, Florida and South Dakota -- have applied to become test markets for Google's planned high-speed broadband network.
 
Microsoft channel chief Jon Roskill explains Microsoft cloud strategy to partners
 
Frustrated by what they consider poor treatment and lack of interest from Oracle, members of the OpenSolaris Governing Board are essentially delivering an ultimatum to the vendor, asking that it appoint a liaison to the group or the board will be disbanded.
 
Mozilla on Tuesday warned users that a password-stealing add-on slipped into Firefox's extension gallery more than a month ago had been downloaded nearly 2,000 times before it was detected.
 
The MySQL community is mostly neutral or positive about the open-source database's prospects under Oracle's stewardship, according to a newly released study.
 
Kevin Turner, Microsoft's chief operating officer, today compared Apple's iPhone 4 to his own company's problem-plagued Vista operating system.
 
The 12th person detained for allegedly spying for Russia worked as an entry-level software tester at Microsoft for nine months, the company confirmed Wednesday.
 
I came across an article yesterday at secunia.com. Secunia is a leading provider of Vulnerability Intelligence and tracks the evolution

of security threats. They have posted their Half Year Report 2010 which includes some interesting trends and statistics. This

information may be of interest to some of our readers so I thought it might make an interesting diary.


The key highlights of the Secunia Half Year Report 2010 are:

Since 2005, no significant up-, or downward trend in the total number of vulnerabilities in the

more than 29,000 products covered by Secunia Vulnerability Intelligence was observed.

A group of ten vendors, including Microsoft, Apple, Oracle, IBM, Adobe, and Cisco, account on

average for 38 percent of all vulnerabilities disclosed per year.
In the two years from 2007 to 2009, the number of vulnerabilities affecting a typical end-user

PC almost doubled from 220 to 420, and based on the data of the first six months of 2010, the

number is expected to almost double again in 2010 to 760.
During the first six months of 2010, 380 vulnerabilities or 89% of the figures for all of 2009

has already been reached.
A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24

3rd party programs installed than in the 26 Microsoft programs installed. It is expected that

this ratio will increase to 4.4 in 2010.

The report does a good job of discussing the current trends and statistics and highlights what they are seeing for vulnerabilities.
To review thefull report you canseecheck it out athttp://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf.
Deb Hale Long Lines, LLC
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Ivan Ristic of Qualys Inc.'s SSL Labs, is studying thousands of SSL implementations to document configuration errors and protocol issues.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Protocols - SSL-TLS - Black Hat Briefings - Security - Public key infrastructure
 
A California dairy has begun a rollout of more than 200 of Motorola's MC 9500 rugged handhelds to delivery drivers.
 
Microsoft on Tuesday officially retired Windows XP Service Pack 2 (SP2), the company's most significant service pack, several security experts said.
 
At long last, business intelligence is busting out of enterprise databases and desktop PCs and moving into the field, thanks to the ubiquity of smart mobile devices.
 
Groovy and JRuby lead a strong field, with Scala, Fantom, and Jython following behind
 
The hardest thing about artificial intelligence (AI) is keeping your imagination in check. A visit to some robotic displays at an AI conference here opens the mind to incredible possibilities.
 
The meaningful use final rules established by the federal government on Tuesday give more leeway to organizations that want to roll out e-health records over the next five years and take into account that not everyone will take the same path, experts say.
 
InfoSec News: Thieves swipe thousands of laptops from Special Ops contractor in Hillsborough: http://www.tampabay.com/news/publicsafety/crime/thieves-swipe-thousands-of-laptops-from-special-ops-contractor-in/1108521
By Dong-Phuong Nguyen Times Staff Writer St. Petersburg Times July 13, 2010
TAMPA -- The thieves hit on a weekend when no one was around. [...]
 
InfoSec News: Microsoft Patches Critical Vulnerabilities In Windows: http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=225800088
By Tim Wilson DarkReading July 13, 2010
Microsoft today patched four security vulnerabilities in the Windows environment -- three of them considered critical -- and experts say one [...]
 
InfoSec News: Oracle releases 59 patches for security flaws, 28 critical: http://www.computerworld.com/s/article/9179144/Oracle_releases_59_patches_for_security_flaws_28_critical
By Jaikumar Vijayan Computerworld July 13, 2010
Oracle Corp. released a set of 59 patches on Monday to fix security vulnerabilities across its entire range of database, application and [...]
 
InfoSec News: Facebook for hackers shut down in Pakistan: http://www.theregister.co.uk/2010/07/13/pakbugs_crackdown/
By John Leyden The Register 13th July 2010
Five alleged hackers have been arrested by the Pakistani authorities in raids that led to the closure the Pakbugs hacking and carding forum.
The operation, run by Pakistan's Cyber Crime department of Federal Investigation Agency (FIA), followed complaints by "national and multinational organisations" over a series of website defacement and hack attacks. Pakbugs is blamed for running amok across thousands of websites belonging to various governmental and non-governmental organisations in Pakistan and elsewhere, local telecoms blog PakSpider reports.
Police seized computer equipment during the arrests of the five suspects. Others suspects remain at large, including Jawaad Ehsan, thought to live in Riyadh, Saudi Arabia.
A Pakistani government press statement explains that the suspects are thought to have expertise in a range of cybercrime techniques, including botnet management, phishing and carding.
[...]
 
InfoSec News: Hackers claim they can edit students' scores: http://english.people.com.cn/90001/90776/90882/7065613.html
People's Daily Online July 14, 2010
Hackers are claiming online they can break into computer systems belonging to universities and certification institutes and change the scores of students. [...]
 

Posted by InfoSec News on Jul 14

http://www.tampabay.com/news/publicsafety/crime/thieves-swipe-thousands-of-laptops-from-special-ops-contractor-in/1108521

By Dong-Phuong Nguyen
Times Staff Writer
St. Petersburg Times
July 13, 2010

TAMPA -- The thieves hit on a weekend when no one was around.

The target: a military contractor for the super secret Special
Operations Command, the elite commandos who help coordinate the war on
terror.

The intruders entered through the roof,...
 

Posted by InfoSec News on Jul 14

http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=225800088

By Tim Wilson
DarkReading
July 13, 2010

Microsoft today patched four security vulnerabilities in the Windows
environment -- three of them considered critical -- and experts say one
of the flaws is already being exploited.

Researchers have already reported the vulnerability in the Windows Help
and Support Center feature that comes...
 

Posted by InfoSec News on Jul 14

http://www.computerworld.com/s/article/9179144/Oracle_releases_59_patches_for_security_flaws_28_critical

By Jaikumar Vijayan
Computerworld
July 13, 2010

Oracle Corp. released a set of 59 patches on Monday to fix security
vulnerabilities across its entire range of database, application and
middleware products.

The patches include fixes for three critical flaws affecting virtually
every supported version of the company's Database Server...
 

Posted by InfoSec News on Jul 14

http://www.theregister.co.uk/2010/07/13/pakbugs_crackdown/

By John Leyden
The Register
13th July 2010

Five alleged hackers have been arrested by the Pakistani authorities in
raids that led to the closure the Pakbugs hacking and carding forum.

The operation, run by Pakistan's Cyber Crime department of Federal
Investigation Agency (FIA), followed complaints by "national and
multinational organisations" over a series of website...
 

Posted by InfoSec News on Jul 14

http://english.people.com.cn/90001/90776/90882/7065613.html

People's Daily Online
July 14, 2010

Hackers are claiming online they can break into computer systems
belonging to universities and certification institutes and change the
scores of students.

An online search in Chinese of "hackers editing scores" results in
dozens of pages of hits. The hackers say they can change students'
scores for a price - and charge between a few...
 
White House cybersecurity coordinator Howard Schmidt will host a meeting Wednesday to discuss progress and ways to move forward on the cybersecurity agenda outlined by President Barack Obama in May 2009.
 
Microsoft urged Windows users to update their software Tuesday, saying it's now seen more than 25,000 attacks leveraging one of the critical bugs fixed in July's monthly security patches.
 
I'm an avid reader. And the older I get, the harder it becomes for me to remember every book I've read. At the same time, I want to get recommendations from sources other than Amazon: friends, people who share my tastes, etc.
 
Oracle Corp. released 59 patches on Tuesday to fix security vulnerabilities across its entire range of database, application and middleware products.
 
A company called XPRT Ventures has sued eBay for patent infringement, asking the court for $3.8 billion in damages.
 

Internet Storm Center Infocon Status