InfoSec News

Google has acquired over 1,000 patents from IBM, as part of its strategy to strengthen its patent portfolio to counter litigation, according to records of the United States Patent and Trademark Office.
While Microsoft is embracing the ARM processor architecture for its next Windows client operating system, Windows 8, the company has no immediate plans to develop an ARM-based version of its next Windows Server, the company executive in charge of Windows Server confirmed Wednesday.
SAP has agreed to pay just over US$20 million to settle a criminal case brought against its TomorrowNow subsidiary.
StrikeForce Technologies, a small vendor of a keystroke encryption technology, is accusing Microsoft of not acting fast enough to fix a browser issue that it says is preventing StrikeForce's technology from working with Internet Explorer 9.
Nothing gets people excited about technology start-ups like freebies, and there were plenty for the taking at Tuesday night’s Web Innovators Group event in Cambridge, Mass. Though having learned lessons from start-ups that have crashed and burned in recent years from perhaps an excess of generosity without a good way to pay for it, this event that packed in hundreds of entrepreneurs and their followers wasn’t without a good dose of common sense about dollars and cents as well.
Windows 8 offers more sophisticated virtualization, better management tools and a design that incorporates mobile computing into the mix.
Oracle Java 'JFileChooser' Security Bypass Vulnerability
Two vulnerabilities exist in Cisco Unified Service Monitor and Cisco

Unified Operations Manager software that could allow an

unauthenticated, remote attacker to execute arbitrary code on

affected servers.

Cisco has released free software updates that address these


There are no workarounds available to mitigate these vulnerabilities.

This advisory is posted at:

Note: CiscoWorks LAN Management Solution is also affected by these

vulnerabilities. A separate advisory for CiscoWorks LAN Management

Solution is available at:
Christopher Carboni - Handler On Duty (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
A new music service that allows members to store their music in the cloud and play it anywhere on any device was launched today by a company called TriPlay.

Windows Phone 7, Day 13: Pros and Cons of People Hub
IDG News Service
I have groups for Family, Tech Geeks, Infosec, PCWorld, and PR people. The group gives me a much shorter list of contacts to scroll through to find who I am looking for. Granted, if I know the person's name it is not really any easier to tap the group ...

and more »
U.S. government agencies are getting better at sharing information about cyberattacks with private companies, but cybercrime shows no signs of slowing down, cybersecurity experts told lawmakers Wednesday.
A destructive attack from cyberspace "is coming, in my opinion. It is a question of time. What we don't know is how far out it is," and whether it will target commercial infrastructure, government networks or mobile platforms Army Gen. Keith Alexander told attendees of the "Maneuvering in Cyberspace" symposium this week.
On Wednesday, Apple released firmware updates for the latest Mac mini and MacBook Pro models to address issues with Lion Internet Recovery and Thunderbolt connectivity.
AT&T set up shop in Silicon Valley on Wednesday with its Foundry Development Center in Palo Alto, a facility where software and hardware developers can get help bringing their inventions to the real world.
Android tablets are losing ground to new entrants, including the much-criticized Research In Motion PlayBook and even the discontinued Hewlett-Packard TouchPad, IDC reported in its second quarter report on tablet and e-book sales.
Intel hopes to boost its business selling chips to phone makers -- now the domain of rival ARM -- through a partnership announced this week with Google to develop future Android OS versions for mobile devices with Intel chips.
A blow-by-blow account of negotiations leading up to Google's acquisition of Motorola indicates that the deal may have been one of necessity rather than opportunity for Google.
Apple's iPad 2 continues to be an overwhelming first choice for both corporate and consumer customers who plan to buy a tablet in the next 90 days, according to recent surveys.
Symantec this week introduced what it calls the Symantec Certificate Intelligence Center, a cloud-based service that works with an on-premises software component to keep track of SSL server certificates used by an organization.
One day after Microsoft launched the first beta of the next generation of its Windows desktop operating system, Windows 8, the company previewed the next version of its server operating system, Windows Server 8.
Apache 'mod_proxy_ftp' Wildcard Characters Cross-Site Scripting Vulnerability
Verizon Wireless will launch its 4G LTE network in 26 more cities Thursday, while expanding LTE service in San Francisco, Indianapolis and Cleveland.
While virtualization allows users to rapidly provision new workloads, it's also pushing demand for storage to new highs, according to data released at the Afcom data center conference in Orlando.
Siemens SIMATIC WinCC Flexible Runtime Advanced Loader Heap Buffer Overflow Vulnerability
CUPS 'gif_read_lzw()' CVE-2011-3170 GIF File Heap Buffer Overflow Vulnerability
For those of you working in a small business with little or no security budget, Russell Eubanks has published a nice paper on implementing the SANS top 20 security controls.
You can check it out here.
Happy reading.
Christopher Carboni - Handler On Duty (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Facebook is extending the scope of its site into Twitter and Google+ territory by making it possible for Facebook members to subscribe to each other's public posts without necessarily having to be approved friends.
VUPEN Security Research - Adobe Acrobat and Reader IFF Processing Heap Overflow Vulnerability
Apache 'mod_isapi' Memory Corruption Vulnerability
Invitation to Register and Participate in the Entretiens Jacques Cartier (EJC) Colloquium on IT Security, Cyber Forensics and Combating Cybercrime
VUPEN Security Research - Adobe Acrobat and Reader BMP Dimensions Heap Overflow Vulnerability
Parallels and VMWare are locked in an arms-race. Both vendors make software that enables you to run Windows on your Mac. They’ve been stuck in a tit-for-tat release cycle for years now: Every twelve months or so, one of them releases a new version of its software with a bunch of whizzy new features. Some days or weeks afterwards, the other one releases its own new version—usually with many of the same new features.
Microsoft Internet Explorer Cross Zone Local Cookie File Access Security Bypass Vulnerability
Microsoft Internet Explorer Style Object Memory Corruption Remote Code Execution Vulnerability
Microsoft Internet Explorer Window Open Race Condition Remote Code Execution Vulnerability
Microsoft Internet Explorer Shift JIS Character Encoding Information Disclosure Vulnerability
Re: Vulnerabilities in trading and SCADA softwares
VUPEN Security Research - Adobe Acrobat and Reader Picture Dimensions Heap Overflow Vulnerability
VUPEN Security Research - Adobe Acrobat and Reader TIFF BitsPerSample Heap Overflow Vulnerability
Multiple vulnerabilities in SiT! Support Incident Tracker
Intel showcases the potential of McAfee's new hardware security technology, but shares few details about its product strategy.

Add to digg Add to StumbleUpon Add to Add to Google
Windows 8 will include a new feature that lets IT administrators provide workers with a portable Windows environment on a USB thumb drive.
The hype around cloud computing is hard to ignore and as each vendor is trying to put the word "cloud" in front of all its products, enterprises are finding it extremely difficult to sift through the noise and really find which products work best specifically for their data center.
Gibbs complains about Apple TV buffering, loves the V-Moda Vibrato Headphones, and is hugely disappointed by the Griffin Beacon
Huawei's 7-inch tablet, which it unveiled in June, will be released in China and several other markets in the Asia-Pacific region in October, according to a company spokeswoman.
Measuresoft ScadaPro Multiple Security Vulnerabilities
Seeker Advisory Sep11: Insecure Redirect in Microsoft SharePoint Portal
[SECURITY] [DSA 2309-1] openssl security update
iDefense Security Advisory 09.13.11: Adobe Reader and Acrobat JPEG Processing Use After Free Vulnerability

Popular P2P file sharing company said its systems were breached Tuesday, enabling an attacker to replace its uTorrent client download with scareware.

BitTorrent Inc., which creates popular P2P file sharing software, said it discovered a breach of its systems Tuesday enabling an attacker to replace a file download of its uTorrent client with a scareware program.

The San Francisco-based company said the breach took place at 7:20 a.m. ET and lasted nearly two hours. Anyone attempting to download the standard Windows version of uTorrent would have instead downloaded a fake antivirus program.

BitTorrent said in its blog that the rogue program is called “Security Shield,” and performs like other rogue antivirus programs, popping up phony virus detection warnings and prompting users for payment to remove the bogus discoveries. The company said it made the discovery and immediately took the affected servers offline. It urged users who may have downloaded software between 7:20 a.m. and 9:10 a.m. ET to scan their machines for malware.

“We take the security of our systems and the safety of our users very seriously,” the company said. “We sincerely apologize to any users who were affected.”

After a security analysis, the company determined that neither nor the BitTorrent Mainline/Chrysalis clients were compromised in the attack.

Add to digg Add to StumbleUpon Add to Add to Google
Users need to understand that social media can be land mines on their career paths. And businesses have an interest in helping educate them about that.
The first download of Windows 8 Developer Preview reveals an operating system with two different interfaces: a traditional desktop and a smartphone-like Metro.
Colasoft Capsa7.2.1 Malformed SNMP Packet Denial of Service
iDefense Security Advisory 09.13.11: Microsoft Excel Record Integer Signedness Vulnerability
iDefense Security Advisory 09.13.11: Microsoft Excel Record Memory Corruption Vulnerability

Dr. Siva Rajagopalan of the Hewlett-Packard / ADARA Networks Team Selected to
Newsday (subscription)
Now in its 11th year and presented by the Nashville Technology Council and Middle Tennessee chapter of Information Systems Security Association, InfoSec 2011 is the Southeast's leading security conference and brings together leading technologists and ...

and more »

IANS Names Former CTO of the Center for Internet Security as Senior Vice
Newsday (subscription)
... security consulting firm Voodoo Security, author of the popular ShackF00 infosec blog, and a leading authority on virtualization security, will join the IANS leadership team as Senior Vice President of Research and Chief Technology Officer (CTO). ...

and more »
Cisco opened a new data center in Research Triangle Park, N.C., with a dual role: application development and disaster recovery for its production data centers in Texas.
An NLRB administrative law judge found that a Buffalo-based nonprofit organization acted illegally when it fired five employees last October for posting work-related comments on Facebook.
We review three of the top free site-building applications -- Drupal, Joomla and WordPress -- to see which has the most tools, offers the best features, and is the easiest to set up.
Google and Motorola Mobility plan to file for pre-closing antitrust clearances for the merger of Motorola with a Google subsidiary in a number of jurisdictions including Canada, China, Israel, Russia, Taiwan and Turkey, in addition to filings in the U.S. and before the European Commission.
Cisco Systems emerged from 150 days of restructuring on Tuesday as an aggressive competitor, laying out some of the problems that led it to make changes, while saying its rivals are in even worse predicaments.
An NLRB administrative Law Judge found that a Buffalo-based non-profit organization acted illegally when it fired five employees last October for posting work-related comments on Facebook.
We review three of the top free site-building applications -- Drupal, Joomla and WordPress -- to see which has the most tools, offers the best features, and is the easiest to set up.
Israeli start-up Anobit on Wednesday is announcing its second generation of SSDs based on consumer NAND flash technology. The company has doubled capacity to 800GB, halved the size of its circuitry and added a SAS connector.
WordPress WP e-Commerce Plugin 'cs1' Parameter SQL Injection Vulnerability
Sony said Wednesday that its PlayStation Vita portable game console will go on sale Dec. 17 in Japan, with 26 game titles and a 3G version that will run on NTT DoCoMo's network.
Internet Storm Center Infocon Status