InfoSec News

After a day when some customers gave up trying to buy a new iPhone 4, both AT&T and Apple continued to have major problems handling online orders Tuesday night.
 
Apple announced a major update to the Mac mini line Tuesday morning, and we were lucky enough to get our hands on one. Here are our first impressions after a few hours of use. (You can also check out our slideshow on the new mini.)
 
T-Mobile USA announced plans to offer free phones to new and existing subscribers of its family plan, which can cost nearly $4,000 a year.
 
Well, seems to be if you order an iPhone 4 you might get access to private information of other ATT customers. The exposed information includes private addresses, phone calls, and bills.
More information at http://gizmodo.com/5564262/apple-iphone-4-order-security-breach-exposes-private-information
-- Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander| http://manuel.santander.name| msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Apple released today an advisory for multiple vulnerabilities discovered in Mac OS X. Impacted programs includes CUPS, Desktop Services, Folder Manager, Help Viewer, iChat, ImageIO, Kerberos, libcurl, Network Autorization, Open Directory, Printer Setup, Printing, Ruby, SMB File Server, Squirrelmail, and Wiki Server. Mac users: please download the Mac OS X Server v10.6.4 Update Mac mini (Mid 2010) at http://support.apple.com/downloads/DL1055/en_US/MacOSXSrvUp10.6.4MacminiMid2010.dmg. Better to patch quickly before an exploit goes outside the wild.
More information for the advisory at http://support.apple.com/kb/HT4188.
-- Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
AT&T's online ordering system for Apple's iPhone 4 was unavailable for several hours Tuesday, but now appears to be back in operation.
 
Voting is a sacred right and an awesome responsibility. My Greek heritage makes me proud of the origin of voting, while my American citizenship makes me a beneficiary of its strongest instantiation. As a security expert, I am deeply suspicious of electronic voting machines, especially those that do not have auditable logs. So it is no surprise to me that the rush to adopt paperless, non-auditable electronic voting machines has subverted trust in the process and outcome of elections. The most recent example comes from the South Carolina primary.
 
The BlackBerry Torch 9800 could well be the name for Research In Motion's upcoming slider smartphone that features both a touch screen and physical keyboard as well as the next BlackBerry operating system.
 
Two home-networking groups have announced new specifications less than a week after the ratification of the G.hn standard for networking over all types of household wires.
 
The malicious code, which spreads via a compromised website, downloads and executes an additional piece of malware on a victim's computer. Meanwhile, Sophos' Graham Cluley says the initial exploit disclosure was "irresponsible."

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Sophos - Graham Cluley - Microsoft Windows - Malware - Security
 
Reader Jack showed us notifications that the vulnerability for Microsoft Windows Help and Support Center is being exploited in the wild. More information for this vulnerability at http://www.microsoft.com/technet/security/advisory/2219475.mspx.
To fix this problem, please visit http://support.microsoft.com/kb/2219475and look for the Enable this fix image. It will download a MSI that unregisters the HCPprotocol as a workaround, because there is currently no patch available.
-- Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org


(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Hackers are now exploiting the zero-day Windows vulnerability that a Google engineer took public last week, Microsoft confirmed today.
 
The continuing economic recovery and growing interest in mobile devices will drive PC shipment growth by 19.8% this year compared to 2009, IDC said.
 
A malicious link in an instant message set the stage for a well-coordinated network infiltration of Google's systems. Subtle clues helped investigators trace the attacker's steps.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Google - Searching - Search Engines - Aurora - Companies
 
As any iPhone or iPad owner with children will attest, touchscreen devices are clearly the future of kid-friendly computing--there's no substitute for the direct interaction between onscreen items and fingertips. But there's still a lot of great kid software out there for the Mac, so until we all replace our Macs with tablets, there are plenty of reasons to set up a computer for the young ones.
 
IBM continues buying spree with purchase of Coremetrics, a marketing analytics provider.
 
Verizon Business is set to announce a cloud-based storage service on Tuesday, leveraging the formidable Verizon Communications global data network as a draw for large enterprises to subscribe.
 
Social networking tools are working their way into the enterprise and company executives need to get out of their way. That's the message today from the Enterprise 2.0 Conference.
 
A malicious link in an instant message set the stage for a well coordinated network infiltration of Google's systems. Subtle clues helped investigators trace the attacker's steps.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Google - Searching - Search Engines - Aurora - Companies
 
GE's Healthcare division announced its first electronic medical record product as a software-as-a-service aimed at small or remote physician practices with a lower-cost, monthly fee model.
 
Vendors are now pushing unified solutions for private clouds, but are these choices right for your enterprise? Forrester Research's James Staten shares four key questions to consider as you compare options.
 

Code Security: Report highlights best practices
ITWorld Canada
The report reflects a growing trend in the infosec community that relies less on bolt-on defenses and more on well-written software code. ...

 
My desktop occasionally fails to shut down properly. It seems to complete Windows' shutdown process, but then just freezes--without actually turning off.
 
Computerworld Premier 100 IT Leader Doug Ross also answers career questions about helping co-workers and coping with a political boss.
 
Philip Reitinger of the Department of Homeland Security, said international coordination on cybersecurity is paramount to avoiding a global crisis.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

United States Department of Homeland Security - Homeland Security Department - United States - Government - Executive Branch
 
Users worry that their investments and assets might be stranded or neglected after their primary vendor is purchased, due to product streamlining, an exodus of expertise, strategic refocus, or all three. What should you do?
 
Oracle buys Sun. HP buys 3Com. SAP buys Sybase. Just when it seemed like consolidation among the big data-center vendors had played itself out, we're off again at full tilt.
 
Twitter announced the addition of Places on twitter.com and mobile.twitter.com, letting users tag their messages with their location, the company said.
 
Users and analysts list various reasons why large IT vendors are back in the merger business after the recession caused a yearlong lull in acquisition plans.
 
As promised, Apple early today began taking pre-orders for its new iPhone 4, although only the black model was immediately available.
 
Web-based editions of Word, Excel, PowerPoint, and OneNote are underwhelming at best
 
While oil continues to gush into the Gulf of Mexico and BP Plc. faces a PR nightmare, the last thing the company needed to do was make matters worse.
 
Japan got an early taste of iPhone 4-fever as hundreds of people line up to place reservations for the new Apple smartphone.
 
IBM will unveil its enterprise mobile software strategy to industry analysts on Wednesday as part of a grand opening of a new software development laboratory in Littleton, Mass.
 
Juniper Networks founder and CTO Pradeep Sindhu details what he looks for in companies seeking backing from his venture capital fund.
 
I live in a country where credit and debit card fraud is pretty high and unfortunately banks have not provided secure means to avoid credit and debitcard cloning. In USA, I have seen OTP devices to access online banking, but credit cards are pretty much the same. I learned that Mastercard will provide credit cards with OTP included. This is great news because will decrease bank fraud a lot.
More information athttp://www.slashgear.com/mastercard-trialling-smart-credit-cards-with-display-keypads-1089351/
-- Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Israeli start-up Anobit Technologies announced its first solid-state drive using multilevel cell NAND, which it said is as reliable as higher-cost single-level cell NAND used in enterprise-class SSDs.
 
A day before Microsoft's Office 2010 goes on sale, some online retailers have discounted the new suite by as much as $40.
 
Judy Novak posted on her blog an excellent article of IDS/IPS evations on TCP, showing a real example when linux runs on the destination host. Check it out at http://www.packetstan.com.
-- Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Internet Storm Center Infocon Status