InfoSec News

Twitter's update to its homepage, that stresses community and multimedia content, is a welcome change to the staid site. Of course, when you impose order and elegance to Twitter's current lackluster homepage, you're going to get more kudos than questions. Still, you'll be hard pressed to find a dissonant voice in the chorus of opinion about the redesign of world's favorite micro-blogging site.
 
The Pentagon has reopened an investigation involving more than 250 Department of Defense employees who are alleged to have subscribed to child pornography sites using their government e-mail IDs and physical military addresses.
 
Apple patched a critical vulnerability in QuickTime on Wednesday that was reported to the company by a bug bounty program months ago.
 
-- John Bambenek bambenek at gmail /dot/ com (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
There's only about 100 shopping days until Christmas and Gibbs has a toy you'll want
 
Consumer Reports bashed Apple's plan to ditch its automatic free case program for iPhone 4 owners, saying the move was 'not acceptable' because it put the burden on customers.
 
IBM is acquiring OpenPages, a privately held company that makes risk management software. Terms of the deal were not disclosed.
 
The National Security Agency wants to use commercially-built security products and the latest virtualization software. But the slow pace of getting products certified through NSA channels and the lightening fast pace of change in the IT industry is causing national-security heartburn.
 

Red Hat tops list of hottest IT security certifications
NetworkWorld.com
Infosec certifications have been gaining popularity since 2005, when the Defense Department issued a directive known as 8570 that requires military ...

and more »
 
Microsoft today released the first public beta of Internet Explorer 9, its latest effort to reclaim the ground it has lost to rivals Mozilla, Google and others.
 
Smartphone maker HTC unveiled two new Android-based phones, along with an updated version of its own user interface, HTC Sense, and a new online service called HTCSense.com, to let users manage their phones from a computer.
 
Intel CTO Justin Rattner described the next generation of computers, which he dubbed context-aware, during a keynote address today at the Intel Developers Forum in San Francisco.
 
Usrn asked the Desktops forum how to get rid of files that refuse to be deleted.
 
Twitter cofounder Jack Dorsey is smart enough to know that he's been lucky. DEMO Fall coverage.
 
When asked what the greatest risks his company expects to face in 2010, the CEO of a major U.S. airline began to list items such as energy pricing, labor challenges and terrorism. IT security, let alone the application security subcategory, did not make the list. Is this a common theme across today's businesses? Or, is it just that organizations just don't speak of IT and security risk using IT and security lingo?
 
The new beta of Microsoft's Internet Explorer 9 browser is dramatically faster and sleeker, and adds some nice new features.
 
The new beta of Microsoft's Internet Explorer 9 browser is dramatically faster and sleeker, and it has some nice new features.
 

Forbes (blog)

Gartner Analyst Says Tech's Security Shopping Spree “Not A Real Trend”
Forbes (blog)
The wave of acquisitions that's lifted the infosec industry over the last month may be more foam and spray than tsunami. ...

and more »
 
A critical printer sharing vulnerability is related to the Stuxnet malware, which was discovered targeting industrial control systems and other enterprises.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Microsoft - Malware - Control system - Business - Security
 
A couple weeks ago, Google took the wraps off Priority Inbox, a clever Gmail feature that helps separate the message wheat from the message chaff.
 
Microsoft's claim that IE9 will offer better hardware acceleration than Firefox or Chrome has raised the hackles of officials at Mozilla and Google.
 
A Google engineer was fired for violating the company's privacy rules, Google said Wednesday, responding to a report that the engineer had improperly accessed the accounts of several teenagers.
 
In a sign of SAP's stepped-up attention to the business analytics market, the company released a set of real-time analytics products on Tuesday that are customized for use in various industry sectors and for various business functions.
 
The IT industry shed employees last year at a much faster pace than they are now hiring them, but at least the industry is hiring.
 
To successfully incorporate the iPad into the enterprise, IT must consider security, and the scope and the scale of the application.
 
Data deduplication appliances from FalconStor, NetApp, and Spectra Logic provide excellent data reduction for production storage, disk-based backups, and virtual tape
 
InfoSec News: What U.S. Cyber Command Must Do: http://www.ndu.edu/press/what-US-cyber-command-must-do.html
By Wesley R. Andrues Joint Force Quarterly Issue 59 - October 2010
Wesley R. Andrues is the Plans and Readiness Division Chief for the U.S. Army Global Network Operations Center.
In June 2009, the Secretary of Defense announced the creation of U.S. Cyber Command (USCYBERCOM), a new subunified command to be led by the director of the National Security Agency (NSA). While the press colored the announcement with Big Brother undertones and hints of civil liberties surrendered, the real story lies in the intriguing legal landscape of USCYBERCOM and what it could mean for the security, efficiency, and economy of the military's networks. The Department of Defense (DOD), the largest single consumer of Federal information technology dollars, has struggled for decades to bring a singular voice and management process to its communications infrastructure. Although this is not the stated intent of the new command, USCYBERCOM must ultimately reconcile its role in information technology "ownership" and draw clear operational boundaries if it is to administer cyber security through unified standards and procedures.
As USCYBERCOM now has its first commander and begins shaping its core functions, fundamental changes in the legal landscape must occur in parallel with the new organizational structure if the command hopes to effect a "comprehensive approach to Cyberspace Operations."1 In short, it must go beyond cosmetic organizational change and set to work on a campaign that genuinely reduces interdepartmental friction, repairs ailing processes, and truly empowers it to meet its mission, both specified and implied.
Step One: Establish Priorities
To compel its components to organize confidently and appropriately, USCYBERCOM must provide solid, intuitive operational imperatives and priorities. What tangible problem does the command seek to solve, and how does the formation of this single entity contribute to the integrity of DOD networks? One of the main impediments to answering this question is the lack of any meaningful cyberspace doctrine, or at least a serious consideration of how cyberspace operations differs from the closely related computer network operations, which is itself a key component of information operations. How does the emerging rubric of cyber now fit against the broad operational backdrop of information operations as a whole? This is an elemental question that demands top-down clarification if USCYBERCOM expects to contain its mission space and lead decisively. The question must be answered: Is it about securing the network itself, or achieving military effects through the targeted application of information in all its forms? To call it both takes a middle road that complicates the identity of this new command and makes task organization exceedingly difficult.
It is not that DOD has failed to invest intellectual capital toward defining cyberspace. On the contrary, a good deal of self-examination is under way across all the Services, yet precious little substance has emerged signifying a strong, novel environmental foundation. To its credit, the Joint Staff devoted significant effort toward articulating broad cyberspace priorities in its National Military Strategy for Cyberspace Operations (2006). The basic premise echoed the notion that the United States must secure freedom of action in a "contested domain" and deny the same to its adversaries, yet its ambitious goal of achieving "military strategic superiority in cyberspace" glosses over the vast complexity of such an all-consuming endstate.
[...]
 
InfoSec News: Google Confirms That It Fired Engineer For Breaking Internal Privacy Policies: http://techcrunch.com/2010/09/14/google-engineer-spying-fired/
By Jason Kincaid TechCrunch September 14, 2010
Earlier today Gawker published an alarming report detailing the exploits of a former Google engineer who allegedly used his internal clearances [...]
 
InfoSec News: BC Lotteries kept minister in the dark about PlayNow security breach: http://www.vancouversun.com/Lotteries+kept+minister+dark+about+PlayNow+security+breach/3523910/story.html
By Chat Skelton Vancouver Sun September 14, 2010
BC Lotteries CEO Michael Graydon failed to immediately inform the government about the July 15 security breach at its online casino, [...]
 
InfoSec News: Who Is a Big Fan of ArcSight? The CIA: http://blogs.wsj.com/venturecapital/2010/09/14/who-is-a-big-fan-of-arcsight-the-cia/
By Michael Corkery Venture Capital Dispatch The Wall Street Journal September 14, 2010
How good is ArcSight’s security software?
Well, good enough for the Central Intelligence Agency. [...]
 
InfoSec News: Siemens: Stuxnet worm hit industrial systems: http://www.csoonline.com/article/614064/siemens-stuxnet-worm-hit-industrial-systems
By Robert McMillan IDG News Service September 14, 2010
A sophisticated worm designed to steal industrial secrets and disrupt operations has infected at least 14 plants, according to Siemens. [...]
 
InfoSec News: Advice to Security Pros: Learn Chinese: http://www.bankinfosecurity.com/articles.php?art_id=2914
By Upasana Gupta Contributing Editor Bank Info Security September 14, 2010
Stephen Northcutt, CEO of SANS Technology Institute, has a piece of advice for up and coming security professionals. "Learn Chinese; you are going to need it. [...]
 
InfoSec News: Sienna Miller set to sue 'News of the World' over phone hacking: http://www.independent.co.uk/news/media/press/sienna-miller-set-to-sue-news-of-the-world-over-phone-hacking-2079555.html
By Ian Burrell Media Editor The Independent 15 September 2010
The actress Sienna Miller is poised to become the latest litigant to [...]
 

1st INTERPOL Information Security Conference Opens in HK
CRIENGLISH.com
The 1st INTERPOL Information Security Conference entitled "Global Cooperation Today for InfoSec Risks Tomorrow" opened Wednesday at Hong Kong Police ...
First INTERPOL Information Security Conference held in Hong Kong7thSpace Interactive (press release)
INTERPOL organises information security conference, prevent and detect high ...Frontier India - News, Analysis, Opinion
INTERPOL Info Security Conference Comes to HKCRIENGLISH.com

all 15 news articles »
 

Posted by InfoSec News on Sep 14

http://techcrunch.com/2010/09/14/google-engineer-spying-fired/

By Jason Kincaid
TechCrunch
September 14, 2010

Earlier today Gawker published an alarming report detailing the exploits
of a former Google engineer who allegedly used his internal clearances
to access private Gmail and GTalk accounts so that he could spy on and
harass people, including four minors. The article repeatedly points out
how much sensitive data the public has...
 

Posted by InfoSec News on Sep 14

http://www.vancouversun.com/Lotteries+kept+minister+dark+about+PlayNow+security+breach/3523910/story.html

By Chat Skelton
Vancouver Sun
September 14, 2010

BC Lotteries CEO Michael Graydon failed to immediately inform the
government about the July 15 security breach at its online casino,
PlayNow, according to internal BCLC documents obtained by The Vancouver
Sun.

The lottery corporation has been criticized for initially telling the
public...
 

Posted by InfoSec News on Sep 14

http://blogs.wsj.com/venturecapital/2010/09/14/who-is-a-big-fan-of-arcsight-the-cia/

By Michael Corkery
Venture Capital Dispatch
The Wall Street Journal
September 14, 2010

How good is ArcSight’s security software?

Well, good enough for the Central Intelligence Agency.

ArcSight is the latest technology company that has attracted a billion
dollar-plus offer from Hewlett Packard.

One of the early investors in ArcSight was In-Q-Tel, the...
 

Posted by InfoSec News on Sep 14

http://www.csoonline.com/article/614064/siemens-stuxnet-worm-hit-industrial-systems

By Robert McMillan
IDG News Service
September 14, 2010

A sophisticated worm designed to steal industrial secrets and disrupt
operations has infected at least 14 plants, according to Siemens.

Called Stuxnet, the worm was discovered in July when researchers at
VirusBlokAda found it on computers in Iran. It is one of the most
sophisticated and unusual pieces of...
 

Posted by InfoSec News on Sep 14

http://www.bankinfosecurity.com/articles.php?art_id=2914

By Upasana Gupta
Contributing Editor
Bank Info Security
September 14, 2010

Stephen Northcutt, CEO of SANS Technology Institute, has a piece of
advice for up and coming security professionals. "Learn Chinese; you are
going to need it."

Further, Northcutt advises, "Learn and live by the security axiom:
protection is ideal, but detection is a must."

In an exclusive...
 

Posted by InfoSec News on Sep 14

http://www.independent.co.uk/news/media/press/sienna-miller-set-to-sue-news-of-the-world-over-phone-hacking-2079555.html

By Ian Burrell
Media Editor
The Independent
15 September 2010

The actress Sienna Miller is poised to become the latest litigant to
join a growing queue of high-profile figures seeking damages from the
publishers of the News of the World newspaper over the illegal hacking
of voicemail messages.

It also emerged last night...
 

Posted by InfoSec News on Sep 14

http://www.ndu.edu/press/what-US-cyber-command-must-do.html

By Wesley R. Andrues
Joint Force Quarterly
Issue 59 - October 2010

Wesley R. Andrues is the Plans and Readiness Division Chief for the U.S.
Army Global Network Operations Center.

In June 2009, the Secretary of Defense announced the creation of U.S.
Cyber Command (USCYBERCOM), a new subunified command to be led by the
director of the National Security Agency (NSA). While the press...
 
Brocade is preparing to release what it calls the first unified network management application for configuration, monitoring, managing and reporting across IP and Fibre Channel storage-area networks all through a single user interface.
 
In an effort to refresh the Twitter.com site and pull users back in from third-party platforms -- and take a swipe at Facebook -- Twitter launched a significant site redesign on Tuesday.
 

Internet Storm Center Infocon Status