InfoSec News

Romanian police arrest alleged hacker in Pentagon, NASA breaches
CSO Magazine
Anthony M. Freed, managing editor of Infosec Island, says that TinKode is known to have taken advantage of several well-known vulnerabilities that many of his targets should have resolved before he exploited them through SQL injections -- a technique ...

and more »
The cloud is everywhere, of course, and business is booming. The market's set to hit $143 billion in 2013, according to H-P. This means huge amount of work is taking place to create new and integrated solutions for enterprise users: Unified Communications, for example, or transformations in accounting practices.
Though would-be mobile carrier LightSquared says it still wants to find a solution to interference with GPS, its options are limited, industry observers said on Wednesday.

Romanian police arrest alleged hacker in Pentagon, NASA breaches
Anthony M. Freed, managing editor of Infosec Island, says that TinKode is known to have taken advantage of several well-known vulnerabilities that many of his targets should have resolved before he exploited them through SQL injections -- a technique ...

and more »
Microsoft will aggressively and broadly integrate Skype across its product portfolio, the company's CFO said on Wednesday, the same day that rival Cisco Systems raised concerns about Microsoft's Skype integration plans.
LightSquared said Wednesday it still wants to find a solution to the GPS interference issue that has probably already doomed the fledgling carrier's plans for a nationwide mobile broadband network.
Adobe Flash Player CVE-2012-0756 Remote Security Bypass Vulnerability
Adobe Flash Player CVE-2012-0755 Remote Security Bypass Vulnerability
Adobe Flash Player CVE-2012-0753 Remote Memory Corruption Vulnerability
The burgeoning tech industry movement around big data is churning up a variety of new applications, but remains an evolving field that faces lingering challenges, judging from an event held Wednesday at a Microsoft research facility in Cambridge, Massachusetts.
You know those times when you want to upload a new photo to, say, Facebook or Pinterest? The typical browser-based upload tool forces you to click through countless folders until you find the one you want. It's a slow and often maddening dance.
NASA engineers updated the software for a robotic Mars rover, correcting a computer glitch more than two months old while the robot hurtled through space on its way to Mars.
WebOS could be an important player in the long run as an open-source mobile OS because Android could become closed with Google's purchase of Motorola Mobility, Hewlett-Packard CEO Meg Whitman said.
The FCC has approved new rules requiring telemarketers that use autodialed or prerecorded telephone calls to sell products to get written approval from customers.
Hewlett-Packard has expanded technology support options for its premium Elite PC customers, who will now be able to select a single tech support person to deal with over the life of a PC, the company said on Wednesday.
Shortly after two Congressmen asked Apple about iPhone and iPad apps that snatch users' contact lists without permission, the company promised to address the issue with a future software update.
Apple is unlikely to pull the trigger on a smaller-sized iPad, experts said today.
Cisco will appeal the European Commission's approval of Microsoft's US$8.5 billion Skype acquisition, saying the agency should demand that the companies support standards for interoperability with other collaboration platforms.
Rackspace expects to soon announce commercial private OpenStack distributions that it will support as part of its Rackspace Cloud: Private Edition set of services.
Zynga has moved most of its users away from Amazon Web Services and onto its private cloud in a move to maximize the reliability and performance of its social games network.
Oracle Java SE CVE-2012-0501 Remote Stack Overflow Vulnerability
The U.S. Securities and Exchange Commission has rejected attempts by three telecom companies to block shareholder votes on whether they should commit to net neutrality principles.
Microsoft Silverlight & .NET Framework Heap Corruption Remote Code Execution Vulnerability
Chip maker Renesas Mobile has launched the MP5232, a processor that will allow vendors to build LTE (Long Term Evolution) smartphones with a price tag between US$150 and $300, the company said on Wednesday.
In which Gibbs is saved by a keyboard ...
TELUS Security Labs VR - Oracle Java Web Start Command Argument Injection Remote Code Execution
[SECURITY] [DSA 2409-1] devscripts security update
Multiple vulnerabilities in LEPTON
Multiple vulnerabilities in 11in1
[ MDVSA-2012:020 ] phpldapadmin
FreePBX Remote Exploit
[CAL-2011-0071]Adobe Shockwave Player Parsing cupt atom heap overflow
[CAL-2011-0055]Adobe Shockwave Player Parsing block_cout memory corruption vulnerability
You can subscribe to ISC content from our XMLFeeds page at isc.sans.edu/xml.html Here we list feeds available for you to subscribe to in your favorite RSSreader.


The Handler Diaries are available in summary and full text. There is also a consolidated news feed which includes recent posts from numerous security feeds.
Audio Feeds


This section provides RSSas well as iTunes feed links for the ISCMonthly Threat Update podcast and the ISCDaily Stormcast

NOTE: This month starts back the posting of an audio version of the Monthly Threat Update webcast!!
Text Feeds


Lists a subset of ISCcontent feeds for ports, IPs and the recommended DShield.org blocklist.
E-mail Alerts


This links to our Pager/E-mail Notifications page which has additional options to get our content pushed to you.
Let us know in the section below of any feeds you think would improve this page or send us any questions or comments in the contact form at https://isc.sans.edu/contact.html

Adam Swanger, Web Developer (GWEB)

Internet Storm Center (http://isc.sans.edu) (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
EMC and VMware are teaming with French IT services company Atos to create a European cloud infrastructure provider, Canopy, the companies announced Wednesday.
Rackspace hopes to make it easier to use its OpenStack private cloud offering by partnering with Redapt, a company that procures, configures and ships servers to customers.
OCZ Technology released a PCIe-based NAND flash card that offers five times the capacity and three times the performance of its previous generation card. The product is aimed at cloud environments by speeding up I/O performance in servers.
Oracle has updated its MySQL Cluster software to make it more appealing to large Web service providers, among other users of large-volume distributed databases.
Enterproid is expanding its dual-persona phone platform to include voice through a new deal with BroadSoft.
Adobe PhoneGap taps basic Web development skills for mobile apps on iOS, Android, BlackBerry, and Windows Phone
Acer reported fourth quarter profit of $2.4 million, a financial turnaround after the company faced back-to-back losses in the previous two quarters.
Android lost smartphone market share for the first time, as Apple had a great fourth quarter buoyed by the launch of the iPhone 4S, according to data from market research company Gartner.
The Global Square, an online global collaboration platform for activists backed by WikiLeaks among others, plans to have a functional prototype by March, its sponsors said.
Ordinary Chinese people are taking sides in the iPad trademark battle between Apple and local display vendor Proview, with some thinking the U.S. tech giant should simply change the name of its iconic tablet.
IT is under pressure to get more agile in its delivery methods and pursue flexible prioritization strategies to work with, not against, the burgeoning needs of business.
An online encryption method widely used to protect banking, email, e-commerce and other sensitive Internet transactions is not as secure as assumed, according to a team cryptanalysts.

RSA® Conference 2012 Analyst Teleconference to Address Leading Information ...
Bradenton Herald
In addition to a trend discussion, the analysts will preview the below sessions: -- Pete Lindstrom, Spire Security – “Where Will InfoSec Be in 2020?” -- Andrew Hay, 451 Research – “Mobile Device Security: Is the Enterprise Up for the Challenge?
RSA(R) Conference 2012 Analyst Teleconference to Address Leading Information ...MarketWatch (press release)

all 7 news articles »
Linux Kernel 'm_stop()' Local Denial of Service Vulnerability

Posted by InfoSec News on Feb 15


By Grant Gross
IDG News Service
February 14, 2012

A bill in the U.S. Senate would require operators of so-called critical
infrastructure networks to adopt cybersecurity practices if evaluations
by the U.S. Department of Homeland Security find their security lacking.

The new bill, introduced Tuesday by four senators, would cover...

Posted by InfoSec News on Feb 15


By Allison Cross
National Post
Feb 14, 2012

The Conservative government revealed legislation on Tuesday that would
increase online surveillance of citizens, as critics and privacy experts
argued the bill would unjustly infringe upon the rights of Canadians and
act as a magnet for data-hungry hackers.

“This is going to be like the Fort Knox...

Posted by InfoSec News on Feb 15


By Andy Greenberg
Forbes Staff

A little over two years ago, well-known hacker and security researcher
Moxie Marlinspike launched an online service that, for a fee of $17,
could crack most wifi networks’ password in less than hour. Apparently
that wasn’t fast enough.

On Tuesday, Marlinspike launched...

Posted by InfoSec News on Feb 15


By Ellen Messmer
Network World
February 14, 2012

While phishing attempts against workplace email accounts drop
precipitously on Christmas and New Year's Day, as might be expected,
such attacks spike dramatically on other holidays, says a report from a
security firm. Why is not clear.

Attackers seem to be hard at work on U.S. holidays, including...

Posted by InfoSec News on Feb 15


By Jerry Brito and Tate Watkins
Threat Level
February 14, 2012

In last month’s State of the Union address, President Obama called on
Congress to pass “legislation that will secure our country from the
growing dangers of cyber threats.” The Hill was way ahead of him, with
over 50 cybersecurity bills introduced this Congress. This week, both
the House and Senate...

Posted by InfoSec News on Feb 15


By Wayne Rash
CSO Online
February 14, 2012

Former Nortel CEO Frank Dunn, now being tried for fraud, was among
several senior company managers who were aware of a long-standing data
breach into Nortel's computers systems, but chose to do nothing.

According to reports in the Wall Street Journal, former Nortel employee
Brian Shields led an...

Posted by InfoSec News on Feb 15


The New York Times
February 14, 2012

SAN FRANCISCO -- A team of European and American mathematicians and
cryptographers have discovered an unexpected weakness in the encryption
system widely used worldwide for online shopping, banking, e-mail and
other Internet services intended to remain private and secure.

The flaw --...
Apple's much speculated iPad 3 has emerged as the latest target in an ongoing trademark dispute in China, after a little-known Chinese firm said on Wednesday it has filed for a customs ban with local authorities to stop the import and export of the tablet.
Oracle Java SE CVE-2012-0503 Remote Java Runtime Environment Vulnerability
Oracle Java SE CVE-2012-0506 Remote Java Runtime Environment Vulnerability
Oracle Java SE CVE-2012-0505 Remote Java Runtime Environment Vulnerability
Adobe Shockwave Player CVE-2012-0758 DIR File Handling Remote Heap Overflow Vulnerability
Adobe Shockwave Player CVE-2012-0759 Remote Memory Corruption Vulnerability
Internet Storm Center Infocon Status