InfoSec News

Apple will announce that its iTunes store will begin selling music by The Beatles on Tuesday, according to a report by The Wall Street Journal.
 
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Eric Schmidt dismisses any worries about Facebook's new messaging system, saying, "more competition is always good."
 
Micro Express's NBL5100 is a remarkably solid brick of a machine for $1199 (as of November 15, 2010). A matte-black block, this desktop replacement laptop makes a clear statement: You do not care about looks. And that isn't even the "I don't care about looks" deliberateness of ThinkPads. You simply do not care how your laptop looks. Unfortunately, although the NBL5100 has a lot of elements I enjoyed, its operating system holds it back. I can only guess that Micro Express's designers cut a few corners that they shouldn't have.
 
CUPS Web Interface Information Disclosure Vulnerability
 
CUPS Web Interface Unspecified Cross Site Request Forgery Vulnerability
 
CUPS 'texttops' Filter NULL-pointer Dereference Vulnerability
 
The National Telecommunications and Information Administration has identified 115MHz of spectrum that can be made available for commercial mobile broadband services within the next five years.
 
When you surf the Web, your life is an open book. Not only can you be tracked by techniques such as cookies, but even your IP address leaves behind digital tracks that can be used to identify you and invade your privacy. If protecting your privacy is important--and you're willing to pay for it--Anonymizer Universal may buy you some peace of mind. At $80 per year, it's not a decision to make on a whim.
 
Dell on Monday said it will start pushing out Google's Android 2.2 OS to Streak handheld devices, which had been criticized for carrying an old version of the Android OS.
 
The U.S. Congress should focus on extending a research and development tax credit and on passing data breach notification regulations and other cybersecurity legislation during a brief session this month, a large technology trade group recommended.
 
Want to keep your system running smoothly? The more fragmented your hard drive becomes, the harder--and slower--it works. And over time, a hard drive can be mighty fragmented indeed.
 
Hoping to move Java forward, Oracle asks the Apache Foundation to reconsider its position on Java
 
AT&T will start selling the 7-in. Samsung Galaxy Tab for $649.99 on Nov. 21, to become the fourth of the major carriers to offer the device.
 
Various tech Web sites today reported that the HTC Trophy will be Verizon Wireless' first WP7-based smartphone.
 
Microsoft today announced that its Office Web Apps will be integrated with the new Facebook messaging that the latter unveiled early Monday.
 
Cisco Systems on Monday said its Cius tablet, which is targeted at businesses, will become generally available starting in March.
 
Swatting down recent rumors that it's launching an e-mail killer, Facebook today unveiled a new messaging system that will envelope e-mail, instant messages, Facebook messages and SMS.
 
Oracle on Monday released Solaris 11 Express, a version of the Unix operating system that is aimed at developers and also serves as a preview for the upcoming release of Solaris 11 next year.
 
Look out, e-mail? Take a peek at Facebook's new 'modern messaging system.'
 
Verizon Wireless plans to resurrect thousands of retired Microsoft Kin phones as feature phones -- without wireless data capability -- later this year, according to a leaked document on a tech Web site.
 
The U.S. National Telecommunications and Information Administration has identified 115 MHz of wireless spectrum now controlled by the federal government that can be turned over or shared with commercial users for wireless broadband service, the agency said.
 
Microsoft has issued tools that let enterprises block the distribution of Windows 7 Service Pack 1 (SP1) when the upgrade launches next year.
 
Companies are bemoaning a supply chain talent shortage--but is it real? One guru says these companies are lazy, even unwilling to train up current staff.
 
Studying for the exam toward PMP certification requires a tremendous amount of time and diligence. This is not a test you can pass by "cramming" with one overnight study session. I know many project managers who have devoted two hours a day for three months toward studying for the PMP exam. I am one of them.
 
Security experts are split over whether Apple's decision to hand over Java to an Oracle-backed open-source project is a good deal for Mac users.
 
Swatting down recent rumors that it's launching an e-mail killer, Facebook today unveiled a new messaging system that will envelope e-mail, instant messages, Facebook messages and SMS.
 
RETIRED: Apple Mac OS X CoreGraphics PDF Handling Stack Buffer Overflow Vulnerability
 
RETIRED: Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities
 
The U.S. Office of Personnel Management has pushed back the planned launch of a controversial health claims database to Dec. 15.
 
FileCOPA FTP Server Directory Traversal Vulnerability
 
MarketSaz 'fckeditor' Arbitrary File Upload Vulnerability
 
Multiple Fujitsu Interstage Products Information Disclosure Vulnerability
 
Packet Storm - New Site
 
In an effort to expand software compatibility for its upcoming Fusion chips, Advanced Micro Devices on Monday joined rival Intel's efforts to develop the open-source MeeGo OS.
 
EMC said it is buying network-attached storage vendor Isilon Systems for roughly $2.25 billion. Both companies' boards have approved the deal, which is expected to be finalized later this year.
 
EMC is buying network-attached storage vendor Isilon Systems for roughly $2.25 billion. Both companies' boards have approved the deal, which is expected to be finalized later this year.
 
Amazon Web Services (AWS) now allows users of its cloud computing platform to take advantage of the extra power graphics processing units (GPUs) can give. The company hopes the move will attract high-performance computing applications to its service.
 
vBulletin 4.0.8 - Persistent XSS via Profile Customization
 
Saved XSS vulnerability in Internet Explorer
 
Re: D-Link DIR-300 authentication bypass
 
[SECURITY] [DSA 2038-3] New pidgin packages fix regression
 
Indian outsourcer Satyam Computer Services reported that it had returned to profit in the quarters ending June 30 and Sept. 30. Profit for the quarter ending Sept. 30 was lower than in the quarter to June 30, largely because of salary increases.
 
EMC announced Monday it is buying NAS (network-attached storage) vendor Isilon Systems for roughly US$2.25 billion. Both companies' boards have approved the deal, which is expected to be finalized later this year.
 
Is your iPhone suffering from poor battery life, a frozen touchscreen, or an inability to connect to the Internet? You're not alone, and we can help.
 
Google has enhanced its product search engine with new capabilities to find items in physical "brick and mortar" stores and to browse their "offline" inventories.
 
EMC is buying network-attached storage vendor Isilon Systems for roughly $2.25 billion. Both companies' boards have approved the deal, which is expected to be finalized later this year.
 
Multiple Pre Projects Applications Multiple SQL Injection Vulnerabilities
 
EMC announced Monday it is buying NAS (network-attached storage) vendor Isilon Systems for roughly US$2.25 billion. Both companies' boards have approved the deal, which is expected to be finalized later this year.
 
Foxit Reader and Phantom Title Parsing Remote Stack Buffer Overflow Vulnerability
 
Bugzilla Response Splitting and Security Bypass Vulnerabilities
 
A satellite that promises to bring cellular voice and data coverage to remote parts of North America was successfully launched Sunday from the Baikonur Cosmodrome in Kazakhstan.
 
Researchers have uncovered new clues that the Stuxnet worm may have been created to sabotage Iranian attempts to turn uranium into atomic bomb-grade fuel.
 
There are lots of decisions, from buying or building your tools to figuring out how to create your service catalog for end users. Here's what some shops are doing.
 
Bristol 'LD_LIBRARY_PATH' Local Privilege Escalation Vulnerability
 
Pidgin Multiple Denial of Service Vulnerabilities
 
Cisco today unveiled two virtual desktop devices, more efficient virtualization software and more affordable videoconferencing endpoints, building on its line of video collaboration tools and capabilities for companies.
 
Christian Wojner over at CERT.at has announced that their automated malware analysis environment has been updated.
Version 2.1 is now available in beta form, and he commented that:
Lots of cool new features, maximum customization, and easy and free to use.

You can even script the sample-execution itself now - that means no more

boundaries regarding sample-types. Scripts for .exe, .dll, .swf, .pdf,

.js as well as for visiting URLs are already on-board.
Futher details over at CERT.at (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
InfoSec News: Espionage gang sold tank project to foreign services: http://www.sundayszaman.com/sunday/newsDetail_getNewsById.action?newsId=227082
Today's Zaman İstanbul 13 November 2010
Investigators conducting a probe into a gang within the naval forces -- which established a prostitution ring to extract vital state security [...]
 
InfoSec News: MoD battles copycat hackers: http://www.theregister.co.uk/2010/11/12/navy_hack_copycat/
By Chris Williams The Register 12th November 2010
The Ministry of Defence is battling a wave of copycat attacks after a hacker took down the Royal Navy's public website this week.
Simon Kershaw, head of defence security and assurance services, said IT staff have been monitoring many more attempts to penetrate military sites than usual since the hack, which emerged on Monday.
The site remains offline today, replaced by a screenshot and a message saying it is undergoing essential maintenance.
Kershaw, speaking at a cyber security conference in London yesterday, said he had spent much of the week persuading Royal Navy chiefs not to bring the site back online until vulnerabilities are patched and security checks completed.
[...]
 
InfoSec News: NASA OIG: Annual Report, "Federal Information Security Management Act: Fiscal Year 2010 Report from the Office of Inspector General: http://www.spaceref.com/news/viewsr.html?pid=35306
Source: NASA Office of Inspector General Posted Friday, November 12, 2010
Annual Report, "Federal Information Security Management Act: Fiscal Year 2010 Report from the Office of Inspector General" (IG-11-005, November 10, 2010) Full report [1] [...]
 
InfoSec News: California Missile: Chinese Cyberwar or DOD ‘Accident’?: http://deathby1000papercuts.com/2010/11/california-missile-chinese-cyberwar-or-dod-accident/
[It was only a matter of time before the tinfoil hat / peanut-gallery community would add Cyberwar to their paranoid rants, while we now know the mystery 'missile' was really a US Air flight, I still love this explanation of what that was... http://youtu.be/8n2smBKFclU - WK]
November 14, 2010 By LBG1
California missile launch, work of Chinese hackers?
When KCBS aired the news helicopter footage of a mystery missile launch last Monday off the coast of southern California the ‘expert’ most quoted by the press, GlobalSecurities.org Director John Pike. It was Pike’s ‘optical illusion’ which got the most press. Another quote from Pike which got far less press, this statement from Pike during the 36 hour time period the DOD took to come up with the ‘most likely an aircraft’ explanation:
Pike said he didn’t understand why the military had not recognized the contrail of an aircraft. “The Air Force must … understand how contrails are formed,” he said. “Why they can’t get some major out to belabor the obvious, I don’t know.”
The military’s response, 36 hours after the event, an ‘illusion’?
Based on the news reports we’ve read related to the Pentagon and Chinese hackers, the questions of,
If Chinese hackers were responsible for the missile launch, would it have been construed by the DOD as an act of ‘cyberwar’ by China? A cyberwar act which occurred while the President of the United States was overseas in the Far East?
If Chinese hackers were responsible for a U.S. submarine ‘accidentally’ firing a missile, would the DOD admit it to the press, the American public, and, the Chinese government? Our military admitting Chinese military hackers had successfully hacked into the U.S. Dept. of Defense computer and fired one of our missiles?
[...]
 
InfoSec News: British military will spend 650 million GBP on cyber warfare: http://www.theinquirer.net/inquirer/news/1896098/british-military-spend-gbp650-million-cyber-warfare
By Lawrence Latif The Inquirer Nov 12 2010
THE GLORIOUS British military that was chased out of Basra in Iraq and is likely to advance to the rear out of Afghanistan for about the fifth [...]
 

Posted by InfoSec News on Nov 14

http://www.theinquirer.net/inquirer/news/1896098/british-military-spend-gbp650-million-cyber-warfare

By Lawrence Latif
The Inquirer
Nov 12 2010

THE GLORIOUS British military that was chased out of Basra in Iraq and
is likely to advance to the rear out of Afghanistan for about the fifth
time in the last 200 years has apparently decided to spend £650 million
on developing its cyber warfare capabilities.

At least that won't require it to...
 

Posted by InfoSec News on Nov 14

http://www.sundayszaman.com/sunday/newsDetail_getNewsById.action?newsId=227082

Today's Zaman
İstanbul
13 November 2010

Investigators conducting a probe into a gang within the naval forces --
which established a prostitution ring to extract vital state security
information from high-ranking officers and senior bureaucrats through
blackmail to sell to foreign intelligence services -- have found that
vital information on a large number of...
 

Posted by InfoSec News on Nov 14

http://www.theregister.co.uk/2010/11/12/navy_hack_copycat/

By Chris Williams
The Register
12th November 2010

The Ministry of Defence is battling a wave of copycat attacks after a
hacker took down the Royal Navy's public website this week.

Simon Kershaw, head of defence security and assurance services, said IT
staff have been monitoring many more attempts to penetrate military
sites than usual since the hack, which emerged on Monday.

The...
 

Posted by InfoSec News on Nov 14

http://www.spaceref.com/news/viewsr.html?pid=35306

Source: NASA Office of Inspector General
Posted Friday, November 12, 2010

Annual Report, "Federal Information Security Management Act: Fiscal Year
2010 Report from the Office of Inspector General" (IG-11-005, November
10, 2010) Full report [1]

This annual report, submitted as a memorandum from the Inspector General
to the NASA Administrator, provides the Office of Management and...
 

Posted by InfoSec News on Nov 14

http://deathby1000papercuts.com/2010/11/california-missile-chinese-cyberwar-or-dod-accident/

[It was only a matter of time before the tinfoil hat / peanut-gallery
community would add Cyberwar to their paranoid rants, while we now know
the mystery 'missile' was really a US Air flight, I still love this
explanation of what that was... http://youtu.be/8n2smBKFclU - WK]

November 14, 2010
By LBG1

California missile launch, work of Chinese...
 


Internet Storm Center Infocon Status