InfoSec News

Few systems are more efficient at managing internal data than enterprise resource planning (ERP), but business today happens between companies, and when it comes to managing external information and relationships, ERP falls short. To fill this gap, many organizations are turning to open, hosted platforms that can be more easily accessed and shared.
With most acquisitions, there are winners and losers. Google's buy of Motorola is no different, but in this case, neither of those companies comes out a winner, analysts say. "
Google continues to argue that a damning email in its battle with Oracle shouldn't be shown to jurors because it was confidential and intended to be privileged communication with an attorney.
ax25-tools Local Privilege Escalation Vulnerability
MPlayer SAMI Subtitle File Buffer Overflow Vulnerability
When it comes to enterprise tech support, young employees entering the workforce for the first time seem to be more willing than their older peers to help fix a problem themselves, according to a recent survey commissioned by remote support appliance vendor Bomgar.
Few systems are more efficient at managing internal data than enterprise resource planning (ERP), but business today happens between companies, and when it comes to managing external information and relationships, ERP falls short. To fill this gap, many organizations are turning to open, hosted platforms that can be more easily accessed and shared.
The U.S. Federal Communications Commission is looking into last week's shutdown of mobile phone services on a San Francisco commuter train line.
[Annoucement] ClubHack Magazine - Call for Articles
[ MDVSA-2011:126 ] java-1.6.0-openjdk
GIMP GIF Image Parsing 'LZWReadByte()' Buffer Overflow Vulnerability
Adobe acknowledged that as many as 80 bugs in Flash Player were reported by a Google security engineer as it defended its decision not to spell out details of the vulnerabilities.
Microsoft has made changes to Bing's Shopping search engine that are designed to accelerate and simplify the product-finding process.
NetSaro Enterprise Messenger Server Plaintext Password Storage Vulnerability
Call for Papers: The 6th International Conference for Internet Technology and Secured Transactions (ICITST-2011)!
For years the Enterprise Service Bus (ESB) has been seen as a corporate integration and messaging backbone upon which application architectures are built. However, this concept must evolve to meet the requirements of today's corporate landscape, where IT boundaries are blurring, driven by the need to integrate with partners, cloud and mobile applications.
When it comes to the fast-moving business of trading stocks, bonds and derivatives, the world's financial exchanges are finding an ally in Linux, at least according to one Linux kernel developer working in that industry.
Intel on Monday said it will issue a firmware upgrade within two weeks to fix a bug that causes its SSD 320 solid-state drives to fail, which should resolve months of criticism of the company's slow response to the problem.
With most acquisitions, there are winners and losers. Google's buy of Motorola is no different, but in this case, neither of those companies comes out a winner, analysts say. "
Apache Tomcat CVE-2011-2481 Information Disclosure Vulnerability
NetSaro Enterprise Messenger Server Administration Console Weak Cryptographic Password Storage Vulnerability
The LAD Melbourne Cms Sql Injection Vulnerability
[security bulletin] HPSBMU02695 SSRT100480 rev.2 - HP OpenView Performance Insight, Remote HTML Injection, Unauthorized Access, Cross Site Scripting (XSS)
Ruxcon 2011 Final Call For Papers

ColoHouse Weighs in on Public, Private Cloud Hosting Debate
As the area of infosec continues to draw attention and regulations like HIPAA, SOX, and PCI (News - Alert) impose hardened controls, cloud providers must ensure customers their data is safe against possible breaches.”

Analysts disagreed today over the impact Google's proposed $12.5 billion acquisition of Motorola Mobility will have on the dynamics between Android and Apple's iOS.
An industry standards group has produced a specification for testing solid state drives regardless of the manufacturer, creating a level playing field for determining drive performance.
AMD on Monday announced a FirePro graphics processor for businesses that can deliver Windows desktop sessions to remote client PCs through support for Microsoft's desktop virtualization technology.
Amazon Web Services (AWS) learned a lot of lessons from the outage that affected its Dublin data center, and will now work to improve power redundancy, load balancing and the way it communicates when something goes wrong with its cloud, the company said in a summary of the incident.
Amag Pharmaceuticals, based in Lexington, Mass., has almost eliminated its internal server network, and couldn't be happier about it. That's because the company, with about 240 employees, is now largely riding on cloud services.
If I remember correctly, not long after the original Apple iPhone went on sale The New York Times ran a story indicating surprise that a relatively large number of poorer people were buying the expensive phone. After some pondering, the Times concluded that the cost of the iPhone was actually small when compared to a personal computer and Internet service. The iPhone was a way that people who could not otherwise afford to be on the Internet could get reliable, reasonable speed, access for not much more per month than they were already paying for their current cellphones.
Another Amazon cloud-services outage occurred on Sunday, August 7th in a Dublin, Ireland data center. This one occurred due to a lightning strike that hit a transformer near the Dublin data center. It led to an explosion and fire that knocked out all utility services thereby leading to a total data center outage. Amazon had its only European data center located there.
In a company blog post up early this morning, Google CEO Larry Page lays out the rationale for his software company to pay $12.5 billion for a leading maker of Android-based smartphones and tablets.
Xen DMA Requests IOMMU Denial of Service Vulnerability
Symantec Veritas Enterprise Administrator Service Multiple Buffer Overflow Vulnerabilities
Apple and its lawyers have, perhaps inadvertently, misled the judge of a Düsseldorf court by filing flawed evidence of the similarity between the iPad 2 and Samsung's Galaxy Tab 10.1 tablets based on an inaccurate picture, an investigation by, a Dutch IDG publication, has found.
[SECURITY] [DSA 2294-1] freetype security update
[ MDVSA-2011:125 ] foomatic-filters
[ MDVSA-2011:124 ] phpmyadmin
Lions support for gesturestapping and swiping fingers on a Multi-Touch trackpadisnt entirely new. OS X has supported gestures in some form for several years. Even so, many of us still haven't adopted gestures as a way of interacting with our Macs. Maybe we don't have the right Multi-Touch hardware. Or maybe the mouse-plus-keyboard interface is burned so deeply into our muscle memory, we've seen no reason to switch.
[ MDVSA-2011:123 ] squirrelmail
[ MDVSA-2011:122 ] clamav
VUPEN Security Research - Adobe Flash Player ActionScript FileReference Buffer Overflow (APSB11-21)
VUPEN Security Research - Adobe Shockwave rcsL Record Array Indexing Vulnerability (APSB11-19)

Is InfoSec Ready for Big Data?
"Big data" is the logical outgrowth of increased use of virtualization technology, cloud computing and data center consolidation. What organizations are finding as they centralize resources like storage is that they've produced quite a lot ...

and more »
Google has entered into an agreement to acquire the mobile phone maker Motorola Mobility for about $12.5 billion, the company said Monday.
The hacking collective Anonymous released personal data on Sunday belonging to more than 2,000 public transport customers in the San Francisco area in retaliation for the Bay Area Rapid Transit (BART) system's shutdown of mobile phone service on Thursday night.
Moving and storing data and integrating and testing applications are all costs you need to plan for.
New software from Xsigo Systems is designed to link all the servers in a data center virtually, allowing IT managers to reconfigure virtual machines and other resources without carrying out traditional networking tasks.
Hewlett-Packard has updated its dependency mapping software to help customers figure out which departments are using which systems and applications, to enable chargeback programs and other management tasks.
For two decades, the dominant security model has been location-centric. We instinctively trust insiders and distrust outsiders, so we build security to reflect that: a hard perimeter surrounding a soft inside. The model works best when there's only one connection to the outside, offering a natural choke point for firewall defense.

Posted by InfoSec News on Aug 15

By Grant Gross
IDG News Service
August 12, 2011

The U.S. government will work to develop an "unrivaled" cybersecurity
workforce and broaden the nation's pool of skilled cyberworkers under a
draft cybersecurity education plan released Friday by a U.S. agency.

The goal of the National Initiative for Cybersecurity Education (NICE)
plan, released...

Posted by InfoSec News on Aug 15

By Eric Mack
Digital Media
CNet News
August 14, 2011

Anonymous has apparently made good on a promise to wreak havoc on the
Web site of the Bay Area Rapid Transit System today, although not
exactly as planned.

Earlier, the amorphous collective had threatened to take
offline for six hours today, or twice the amount of time BART managers

Posted by InfoSec News on Aug 15

By Gregg Keizer
August 13, 2011

Months after Google said that Chinese hackers were targeting the Gmail
accounts of senior U.S. government officials, attempts to hijack Gmail
inboxes continue, a researcher said Thursday.

"Once compromises happen and are covered in the news, they do not
disappear and attackers...

Posted by InfoSec News on Aug 15

By Bill Ray
The Register
12th August 2011

Claims that both CDMA and 4G networks were compromised at the recent
Defcon security event in Las Vegas have raised little surprise, but the
vulnerability of handsets is hotly debated.

The claim was made by coderman, a stalwart of security conferences, who
reports that he witnessed an advanced man-in-the-middle attack operating
on both CDMA...

Posted by InfoSec News on Aug 15

VOA News
Aug. 15, 2011

North Korea has denied allegations by South Korea that it engaged in a
computer hacking scheme to steal millions of dollars from online gaming

The North's official Korean Central News Agency said Sunday that the
accusations are an unacceptable provocation meant to smear Pyongyang's
image overseas.

South Korean police recently...

Posted by InfoSec News on Aug 15

Forwarded from: Guofei Gu <smart.gophy (at)>

Apologies for multiple copies of this announcement.

14th International Symposium on Recent Advances in Intrusion Detection

September 20-21, 2011
SRI International, Menlo Park, CA

Call for Participation


For the fourteenth year, the intrusion detection community will converge
Internet Storm Center Infocon Status