InfoSec News

Google grew its revenue and profits in the second quarter, but while revenue topped Wall Street's expectations, profits fell short.
 
A well-known cryptographic attack could be used by hackers to log into Web applications used by millions of users, according to two security experts who plan to discuss the issue at an upcoming security conference.
 
Advanced Micro Devices on Thursday reported a net loss during the second quarter of fiscal 2010, breaking a streak of two consecutive quarters of profitability.
 
The U.S. Federal Communications Commission took the first step toward reworking a $400 million-a-year program to subsidize telecommunications services to rural health-care facilities, with the new emphasis on broadband.
 
Google grew its revenue and profits in the second quarter, but while revenue topped Wall Street's expectations, profits fell short.
 
Amazon and IBM are the "cloud champions" but Microsoft, Google, Cisco, Red Hat and VMware and right behind them.
 
On the eve of Apple's surprise iPhone 4 press conference on Friday, that it announced less than 24 hours ago, the company has released iOS 4.0.1. The update brings one single change to the iPhone 4, 3GS, and 3G.
 
Complaints and theories about the iPhone 4 reception problems are coming from what seems like every pundit and consumer in the country, and now a senator is getting in on the action.
 
A majority of consumers want to interact with companies over social networks like Facebook and Twitter, but only 30% of businesses are prepared for it, according to a survey.
 
Efforts by the U.S. government to better identify cyberattackers will likely lead to violations of Internet users' privacy and anonymity, and technological means to attribute the source of the attacks may be inaccurate, privacy and cybersecurity experts said Thursday.
 
Droid X, which may be the toughest smartphone yet to effectively challenge the iPhone, went on sale at 12:01 a.m. today, starting with customers lined up outside a Columbia, Md., Verizon Wireless store.
 
Facing mounting public relations troubles over the iPhone 4, Apple must act swiftly to quell customer complaints about poor reception by giving away free cases, crisis communication experts say.
 
Danw12321 asked the Answer Line forum if it's okay to work while Windows Update is updating Windows.
 
In the past, we've told you about ways to make more room in Safari's bookmark bar, by using folders, shorter names, and special symbols. MacOSXHints.com reader nathanator11 has another way to deal with bookmark overload: Assigning custom keyboard shortcuts to some of them, which can then be hidden away, leaving room for others:
 
IBM sees a profitable future in IT-driven health care and pledges to spend $100 million in medical technology research
 
The race for the No. 2 spot among PC vendors may be too close to call, with analyst firms disagreeing over whether Dell lagged behind rival Acer during the second quarter.
 

Laptop Theft: Is Your SMB Prepared?
IT Business Edge (blog)
As you can imagine, my interested was piqued when I read about a story on Infosec Island contributed by security analyst Robert Siciliano, aptly titled "My ...

 
Apple has called a press conference for tomorrow, presumably to address the antenna and reception problems experienced by some iPhone 4 users. Analysts give their best guesses as to what Apple will say.
 
Apple has released the beta version of iOS 4.1 to developers just days before the company's anticipated iPhone 4 press conference. Apple has moved quickly to get the update out to iPhone users to address the iPhone 4's well-publicized signal reception issues.
 
A Black Hat 2010 presentation on the hacking community in China was canceled at the request of the Taiwanese government.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Presented By:
Twitter and Ads. Keeping Ads Out of Your Timeline
  Today, Twitter announced that it no longer allows 3rd parties to place ads in the Twitter timeline. This means that publishers, bloggers and brands of all sizes that have been posting paid tweets need to review their posting practices…
dlvr.it >> Read more

Ads by Pheedo


China - Republic of China - Asia - Black Hat - Travel and Tourism
 
A U.K. music royalty collection society has suggested charging ISPs for pirated content traded on their networks, as the organization claims piracy will worsen with faster broadband speeds.
 
I am seeing a large amount of spam hit our network that has been successful at fooling our spam filter.The

emails contain .zip and .html extensions with various file names. The subject also varies. Some subjects

that I have seen are:
Your Funds Will Be Transferred

From Jan RIchter (name varies)

Newest Products

Latest Software



The zip file is being analyzed to determine what payload may be involved.You may want to remind your email

users to refrain from opening any attachments that they weren't expecting to receive.
UPDATE: We have received some information from one of our readers that the zip file that he received contained

a multiple exploit-kit downloader. He indicated that there are over 120,000 successful downloads of the exe file.

They have discovered that IPaddress 173. 204. 119 . 122 is where the file appears to be hosted at and is being

updated with new binaries consistently. The downloader appears to grab a few files with random file names and

have been observed connecting too imagehut4 .cn, allxt .com, hitinto .com. Jason indicates that all files appear

to run fully under Windows VMWARE and are resistant to detection by many of the common threat programs.



Many thanks to Jason for supplying us with the information.
We also have received a report of emails that are hitting which tell the recipient that they letter cannot be opened

due to low screen resolution. It says that they need to open the attached zip file for the message. Again the filename

for the zip file varies. Thanks to Jason R for this information.


Deb Hale Long Lines, LLC (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A new payment card security initiative launched by Visa Inc. Wednesday could eliminate the need for retailers and other organizations to store full, 16-digit credit and debit card numbers on their systems.
 
Apple has invited several journalists, including one from Macworld, to its Cupertino campus on Friday for a "press conference about iPhone 4." Presumably the company will use the event to publicly address the controversy swirling around the device, most notably reports of antenna interference issues.
 
Alcatel-Lucent was trying to improve communication among its employees. Starting slowly, the company now has more than 19,000 employees connected via enterprise social networking tools.
 
A talk on China's military cyber-attack capabilities has been pulled from the Black Hat security conference schedule following pressure from Taiwanese and Chinese agencies.
 
InfoSec News: Call for Papers - Black Hat Abu Dhabi 2010: Forwarded from: "The Dark Tangent" <dtangent (at) defcon.org>
Hey all you ISN readers, here is a CFP for you who like such things!
Call for Papers - Black Hat Abu Dhabi 2010
WHERE and WHEN:
Launched under the Patronage of His Highness Sheikh Mohammed bin Zayed [...]
 
InfoSec News: Case of stolen laptops reads like Hollywood script: http://www.tampabay.com/news/publicsafety/crime/case-of-stolen-laptops-reads-like-hollywood-script/1108909http://www.tampabay.com/news/publicsafety/crime/case-of-stolen-laptops-reads-like-hollywood-script/1108909
By Dong-Phuong Nguyen Times Staff Writer St. [...]
 
InfoSec News: Bluetooth at heart of gas station credit-card scam: http://www.itworldcanada.com/news/bluetooth-at-heart-of-gas-station-credit-card-scam/141087
By Ellen Messmer Network World Canada 13 July 2010
Thieves are stealing credit-card numbers through skimmers they secretly installed inside pumps at gas stations in the U.S. [...]
 
InfoSec News: Two Major Breaches Caused By Loss Of Physical Media: http://www.darkreading.com/security/privacy/showArticle.jhtml?articleID=225800186
By Tim Wilson DarkReading July 14, 2010
Online attacks might be getting more sophisticated every day, but two incidents last week are reminding the industry that the loss of physical [...]
 
InfoSec News: Navy tightens cybersecurity training rules: http://fcw.com/articles/2010/07/14/navy-cybersecurity-information-assurance-directive.aspx
By Amber Corrin FCW.com July 14, 2010
The Navy secretary has issued a directive calling on the service to establish policy and implement new training to better arm its [...]
 
InfoSec News: Trojan attacks credit cards of 15 US banks: http://news.techworld.com/security/3232010/trojan-attacks-credit-cards-of-15-us-banks/
By John E Dunn Techworld 14 July 10
The Zeus/Zbot banking Trojan is reported to be attacking the Verified by Visa and MasterCard SecureCode verification systems introduced in recent [...]
 
InfoSec News: Former MI6 worker pleads guilty over official secrets: http://www.guardian.co.uk/world/2010/jul/14/mi6-worker-daniel-houghton-guilty
By Haroon Siddique and agencies guardian.co.uk 14 July 2010
A former British spy who tried to sell top secret files to foreign agents admitted two offences under the Official Secrets act today. [...]
 
InfoSec News: Cyber war against CFU: http://www.thezimbabwean.co.uk/index.php?option=com_content&view=article&id=32580:cyber-war-against-cfu&catid=31:weekday-top-stories&Itemid=30
By Correspondent The Zimbabwean 14 July 2010
HARARE -- A new "cyber war" has been declared against Zimbabwe's [...]
 
CIOs' communication skills have come a long way since the days of data processing. But they continue to make many communication mistakes that hamper their effectiveness on the job or hinder their relationships with staff and other executives.
 

Posted by InfoSec News on Jul 15

Forwarded from: "The Dark Tangent" <dtangent (at) defcon.org>

Hey all you ISN readers, here is a CFP for you who like such things!

Call for Papers - Black Hat Abu Dhabi 2010

WHERE and WHEN:

Launched under the Patronage of His Highness Sheikh Mohammed bin Zayed
Al Nahyan, Black Hat Abu Dhabi will take place on 8th to 11th November
2010 at Emirates Palace. Black Hat has partnered with the UAE Telecoms
Regulatory Authority to...
 

Posted by InfoSec News on Jul 15

http://www.tampabay.com/news/publicsafety/crime/case-of-stolen-laptops-reads-like-hollywood-script/1108909http://www.tampabay.com/news/publicsafety/crime/case-of-stolen-laptops-reads-like-hollywood-script/1108909

By Dong-Phuong Nguyen
Times Staff Writer
St. Petersburg Times
July 15, 2010

TAMPA -- The ping of a cell phone, the surveillance image of a car near
an abandoned warehouse, an e-mail address attached to a SunPass
transponder....
 

Posted by InfoSec News on Jul 15

http://www.itworldcanada.com/news/bluetooth-at-heart-of-gas-station-credit-card-scam/141087

By Ellen Messmer
Network World Canada
13 July 2010

Thieves are stealing credit-card numbers through skimmers they secretly
installed inside pumps at gas stations in the U.S., using Bluetooth
wireless to transmit stolen card numbers, says law enforcement
investigating the incidents.

"We've sent detectives out to every gas station within a mile...
 

Posted by InfoSec News on Jul 15

http://www.darkreading.com/security/privacy/showArticle.jhtml?articleID=225800186

By Tim Wilson
DarkReading
July 14, 2010

Online attacks might be getting more sophisticated every day, but two
incidents last week are reminding the industry that the loss of physical
storage media is still among the most common causes of data breaches.

AMR, the parent company of American Airlines, is in the process of
notifying some 79,000 current and former...
 

Posted by InfoSec News on Jul 15

http://fcw.com/articles/2010/07/14/navy-cybersecurity-information-assurance-directive.aspx

By Amber Corrin
FCW.com
July 14, 2010

The Navy secretary has issued a directive calling on the service to
establish policy and implement new training to better arm its
information assurance workforce for cybersecurity challenges, according
to a release from Rob Carey, the Navy Department's chief information
officer

Because "cyberspace and...
 

Posted by InfoSec News on Jul 15

http://news.techworld.com/security/3232010/trojan-attacks-credit-cards-of-15-us-banks/

By John E Dunn
Techworld
14 July 10

The Zeus/Zbot banking Trojan is reported to be attacking the Verified by
Visa and MasterCard SecureCode verification systems introduced in recent
years to stop old-style card not present (CNP) fraud.

Security company Trusteer, which has carved out a speciality in
reporting on Zeus/Zbot bank Trojan activity, does not...
 

Posted by InfoSec News on Jul 15

http://www.guardian.co.uk/world/2010/jul/14/mi6-worker-daniel-houghton-guilty

By Haroon Siddique and agencies
guardian.co.uk
14 July 2010

A former British spy who tried to sell top secret files to foreign
agents admitted two offences under the Official Secrets act today.

Daniel Houghton, who worked for MI6 between September 2007 and last May,
was arrested in a Scotland Yard sting at a central London hotel in March
after offering to sell...
 

Posted by InfoSec News on Jul 15

http://www.thezimbabwean.co.uk/index.php?option=com_content&view=article&id=32580:cyber-war-against-cfu&catid=31:weekday-top-stories&Itemid=30

By Correspondent
The Zimbabwean
14 July 2010

HARARE -- A new "cyber war" has been declared against Zimbabwe's
beleaguered white farmers after hackers attacked and disabled the
Commercial Farmers Union (CFU) website this week.

A hacker, calling himself Shadow D3v1L,...
 

SYS-CON Media (press release) (blog)

Out, Damn'd Bot! Out, I Say!
SYS-CON Media (press release) (blog)
One of the ways in which a bot can end up in your datacenter wreaking havoc and driving your infosec and ops teams insane is through web application ...

 

Internet Storm Center Infocon Status