Share |

InfoSec News

Long before the nuclear disaster in Japan started to unfold, scientists in the U.S. began trying to gain a more precise and realistic picture of what would happen if a similar accident occurred in this country.
Google has acquired an Irish company for technology that will allow YouTube to automatically improve the quality of videos stored on the site.
Carrying around and using the Fujitsu Lifebook T580 illustrates everything that's right, and wrong, with the Windows Tablet PC model.
cgit 'convert_query_hexchar()' Remote Denial of Service Vulnerability
MIT Kerberos KDC 'do_as_req.c' Double Free Memory Corruption Vulnerability
Most U.S. residents would be happy to get a few thousand dollars back from the Internal Revenue Service at tax time. But a snafu in some Intuit software recently resulted in a number of Ohio residents receiving letters indicating that eye-popping sums were en route -- in one reported case, a cool $200 million.
Facebook is bucking the trend toward server virtualization and is interested in microservers for inexpensive growth and quick failover, the company's lab director said Tuesday.
Adobe ColdFusion (CVE-2011-0580) Multiple Cross Site Scripting Vulnerabilities
[USN-1088-1] Kerberos vulnerability
The National Federation of the Blind claims that Google Apps lacks required features for the blind and wants the federal government to investigate whether schools that adopt the e-mail and collaboration suite run afoul of civil rights laws.
MITKRB5-SA-2011-003 [CVE-2011-0284] KDC double-free when PKINIT enabled
In a strategy briefing to the investors, McAfee president Dave DeWalt outlined the company's vision to bake security into silicon and probe deeper into embedded devices and mobile platforms.

Add to digg Add to StumbleUpon Add to Add to Google
Apple's iPad 2 is in extremely short supply, with shipping delays from Apple's online store now standing at four to five weeks and customers at several prominent retail stores going away empty-handed today.
Oracle is making a fresh run at Microsoft's SQL Server, claiming on Tuesday that its open-source MySQL database offers up to 90 percent cost savings over SQL Server along with blazing performance on Windows.
University of Illinois engineers have developed a form of ultra-low-power digital memory could someday provide consumers with hand-held devices that go without recharging for weeks or even months.
Intel on Tuesday said it will use assets acquired from McAfee to provide cloud security services to protect the growing number of mobile devices that face malware and cyberattack threats.
Or my Android phone, or my Galaxy Tab, or my Xbox 360 and Kinect ... wait a second!
While Verizon Wireless will keep its unlimited data plan with the HTC ThunderBolt, its first LTE smartphone, some kind of usage-based pricing plan is expected this year.
We got our hands on the two hottest products in the tablet computing market -- the Motorola Xoom and the iPad 2 and put them to the test. This was a 15-round heavyweight fight and in the end, the Xoom stood toe to toe with the reigning champ, iPad 2.
Microsoft touts it new Internet Explorer 9 browser as the best for Windows because rivals "dilute" their energies on other operating systems. Rhetoric aside, IE9 is the first to tap hardware for a speed boost. Will you give IE9 a try?
Foxit Reader JavaScript API Arbitrary File Creation or Overwrite Vulnerability
[SECURITY] [DSA 2192-1] chromium-browser security update
[RT-SA-2011-002] SugarCRM list privilege restriction bypass
[RT-SA-2011-001] nostromo nhttpd directory traversal leading to arbitrary command execution
Google will start letting Apps administrators delay the delivery of upgrades to their domains to give them a chance to prepare themselves and their users for interface or functionality changes.
HealthNet is notifying some 1.9 million customers that personal and health data may have been contained on drives that were found missing from a data center in California.
OCZ has signed an agreement to buy SSD controller maker Indilinx for $32 million.
There's no stopping change, but you can influence and lead it by continuously improving your organization's awareness.
What did uber-geek Kyle Wiens of iFixit find when he pried off the iPad 2's glass? "We've never seen so much glue inside of something before. " Wiens shares insights and predictions with
A Ponemon Institute survey of more than 500 auditors finds most prefer data encryption over tokenization to protect sensitive data.

Add to digg Add to StumbleUpon Add to Add to Google
Oracle is making a fresh run at Microsoft's SQL Server, claiming on Tuesday that its open-source MySQL database offers up to 90 percent cost savings over SQL Server along with blazing performance on Windows.
LibTIFF 'td_stripbytecount' NULL Pointer Dereference Remote Denial of Service Vulnerability
LibTIFF Multiple Remote Code Execution Vulnerabilities
LibTIFF Multiple Remote Denial of Service Vulnerabilities
LibTIFF 'tiff' File Memory Corruption Vulnerability
ESA-2011-009: RSA, The Security Division of EMC, announces a fix for potential security vulnerability in RSA Access Manager Server
ESA-2011-007: EMC Avamar sensitive information disclosure vulnerability
ESA-2011-006: EMC Avamar privilege escalation vulnerability
The first LTE phone from Verizon Wireless, HTC's Android 2.2-based ThunderBolt, will be available Thursday for $249.99 with a two-year agreement, the carrier and HTC confirmed Tuesday.
Amazon Web Services has added networking features to its Virtual Private Cloud offering, allowing users to build private or Internet-accessible data centers in the cloud.
As it celebrates five years in business, Twitter has revealed that it took more than 3 years for users to send the first 1 billion 'tweets,' a feat now accomplished every week.
HTB22887: XSS vulnerability in LotusCMS
HTB22886: XSRF (CSRF) in LotusCMS
HTB22885: XSS vulnerability in LotusCMS
HTB22884: XSS vulnerability in LotusCMS
Performance and security enhancements of Internet Explorer 9 make the browser upgrade worth one's consideration. If you need to rollback to the installation of IE 9 for whatever reason, you shouldn't have any issues. I tested the IE 9 uninstall process to revert a Windows 7 system to when it had Internet Explorer 8 installed.
You can uninstall Internet Explorer 9 by using the Uninstall a program applet in Control Panel. Then, select View installed updates.

Then, select Windows Internet Explorer 9 from the list and click Uninstall. After the removal process, Windows will probably prompt you to reboot.

After the reboot, you should have Internet Explorer 8 back in its full glory.

-- Lenny Zeltser
Lenny Zeltser leads a security consulting team and teaches how toanalyzeandcombatmalware. He is activeon Twitterand writes a dailysecurity blog.
(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
[SECURITY] CVE-2011-1088 Apache Tomcat security constraint bypass
[USN-1079-2] OpenJDK 6 vulnerabilities
[USN-1085-2] tiff regression
VMSA-2011-0005 VMware vCenter Orchestrator remote code execution vulnerability
A small-business NAS with Big Iron roots, Netgear's ReadyNAS is full-featured and flexible, with options for SOHO users up through enterprise workgroups
The original iPad really worked best when in a case, but as Steve Jobs lamented in launching the iPad 2, most iPads have had their beautiful design—toiled over by Apple’s finest aesthetes!—cloaked by cases made of fabric or leather. And cases don’t just hide that pretty iPad—they also add thickness and weight.
The Apple iPad 2 has arrived, and the big question is, how does it stack up against the competition? To provide an answer, I've been testing the iPad 2 next to the Motorola Xoom and the Samsung Galaxy Tab.
HTC's ThunderBolt, the first smartphone to operate on Verizon Wireless's LTE network, will launch Thursday, according to a document from Verizon received by the online retailer Wirefly.
Ruby on Rails 'X-Forwarded-For' HTTP Header Injection Vulnerability
Prices of widely used chips, including NAND flash memory and DRAM, have both risen sharply since the 9.0-magnitude earthquake struck and hurled tsunami waves at the northeastern part of Japan.
Hewlett-Packard CEO Leo Apotheker is taking cloud computing to the forefront of HP's strategy, a move that reshapes how the company will serve its consumer and enterprise customers.
Microsoft launched Internet Explorer 9 late Monday, claiming that it's the best browser for Windows because rivals "dilute" their energies on other operating systems.
Seagate today announced five product upgrades that include two enterprise-class solid-state drives and three internal hard-disk drives.
The tactile feedback provided by haptic technology is poised to go beyond mere vibrations to mimic movement, textures and more.
This four-part series looks at emerging screen technologies poised for growth this year and beyond. We'll soon see more-responsive touch screens with brighter colors, higher contrast ratios and much lower power consumption -- and cool new shapes as well.
WebKit Style Handling Memory Corruption Vulnerability
Oracle Java SE and Java for Business CVE-2010-4448 Remote Java Runtime Environment Vulnerability

Internet Storm Center Infocon Status