InfoSec News

Four executives at publicly traded technology companies have been arrested on charges they sold inside information about their employers, sometimes for hundreds of thousands of dollars.
Research In Motion may have high hopes for its PlayBook tablet but it looks like the device will not go on sale until the end of the first quarter, according to comments from executives during RIM's earnings call Thursday.
RETIRED: Real Networks RealPlayer Multiple Remote Vulnerabilities
IPsec-Tools Prior to 0.7.2 Multiple Remote Denial Of Service Vulnerabilities
Net-SNMP GETBULK Remote Denial of Service Vulnerability
Apple wants Gibbs to use Windows, a BT keyboard, and protecting your iPad
Android phones are remarkable devices, and essentially are full-blown computers that fit in your hand. In lots of ways, they work well with your PC--but not in all ways. One of the biggest issues is Android's handling of bookmarks and browser information. Your Android browser doesn't talk to your PC browser, and vice versa. If you find a Web page on your PC that you want to save as a bookmark, it won't be saved to your Android browser. Chrome to Phone is a nifty, free workaround.
Oracle's net income for the quarter ended Nov. 30 rose 28% to $1.9 billion compared to the same period last year, buoyed by strong software license sales and an improving hardware business, the company said Thursday. Revenue was $8.6 billion, a 47% jump.
WebGL API offers hardware-accelerated graphics without the need for additional software
Microsoft Windows 'Win32k.sys' Cursor Linking Local Privilege Escalation Vulnerability
Microsoft Windows CVE-2010-3941 'Win32k.sys' Double Free Local Privilege Escalation Vulnerability
Microsoft Windows CVE-2010-3944 'Win32k.sys' Local Privilege Escalation Vulnerability
This past year has been a doozy in the security world. We kicked off the year by discovering operation Aurora, saw the first national-industrial sabotage attack with Stuxnet and are closing the year with Wikileaks about to become a constitutional crisis between the First amendment and a 1917 espionage law. Reality has well and truly become weirder than fiction.
Opera Software today released version 11 of its flagship desktop browser, adding a new tab manager and support for extensions.
Two weeks after it debuted a sandbox to isolate Adobe's Flash Player plug-in, Google today pushed the security enhancement to the more reliable beta channel of its Chrome browser.
Microsoft Windows Kernel NDProxy Local Privilege Escalation Vulnerability
The end of the year is the perfect time to review how your career has played out during the past 12 months and refine future goals. In this tip, infosec career experts Lee Kushner and Mike Murray explain the best questions to ask.

Add to digg Add to StumbleUpon Add to Add to Google
By the end of this year, companies will have spent 15% more on enterprise social software than in 2009, a growth rate expected to carry over into next year, according to Gartner.
Google has updated its Maps for Android application, giving it more GPS navigation features than mobile offerings from Apple and Microsoft.

Reviewing your information security career path plan for the New Year
As December rolls around, the workload tends to lessen for many infosec pros. We find extra time as so many people are on vacation, or we may even take ...

So 10G Ethernet is now taking off - 10G accounts for roughly 25% of the overall $18 billion Ethernet switching market and the growth trajectory is only up from there.
What do IT security practitioners expect to be major cloud security issues in 2011? Here are five things to watch for.
The "Bring Your Own PC" trend has expanded to become Bring Your Own Device as end users walk smartphones, tablets and some IT management headaches into the enterprise. Here's a guide to five key BYOD issues, to help you plan wisely and head off trouble.
The World Wide Web consortium offers suggestions to developers for making Web-based mobile apps easy to use, and easy on the network.
The U.S. Department of Commerce recommends a new privacy bill of rights and an enforceable privacy code of conduct for online firms.
Apple, Oracle and EMC are involved with CPTN Holdings LLC, the Microsoft-led consortium that is purchasing 882 patents from Novell for $450 million, according to a Dec. 9 posting on the Web site of German antitrust authority Bundeskartellamt, or Federal Cartel Office.
PR10-06: Cross-domain redirect on PGP Universal Web Messenger
Some lists might have ten or as many as fifteen. I only have seven. Mind you, this isn't a "seven worst," "most offensive," or even "mediocre" list. Think of these as decent, and in some cases pretty fantastic games, but hobbled by unmissable lazy design and QA issues most reviews overlooked.
Apple today announced that it would open its Mac App Store on Jan. 6, 2011, beating its self-imposed deadline by several weeks.
Oracle Java SE and Java for Business CVE-2010-3556 Remote 2D Vulnerability
[security bulletin] HPSBUX02451 SSRT090137 rev.4 - HP-UX Running BIND, Remote Denial of Service (DoS)
[security bulletin] HPSBUX02351 SSRT080058 rev.6 - HP-UX Running BIND, Remote DNS Cache Poisoning
Call for Paper @ Swiss Cyber Storm 3
A41202813 asked the Answer Line forum if there's any way to make Google default to its "I'm Feeling Lucky" option.
Michael Gartenberg assesses Google's operating system.
Microsoft Publisher Array Index Memory Corruption Remote Code Execution Vulnerability
Microsoft Publisher Size Value Heap Memory Corruption Remote Code Execution Vulnerability
Microsoft Publisher (CVE-2010-3954) Memory Corruption Remote Code Execution Vulnerability
SAP has agreed to acquire Cundus. which makes software that handles extensible business reporting language requirements.
Amazon Web Services has announced a new feature called VM Import, which allows IT departments to move virtual machine images from their internal data centers to the cloud.
A leading open standards organization has welcomed the European Union's new rules on industry cooperation, adopted by the European Commission on Tuesday.
[ MDVSA-2010:256 ] git
[security bulletin] HPSBMA02617 SSRT100338 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Remote Cross SIte Scripting (XSS)
[security bulletin] HPSBMA02545 SSRT100139 rev.1 - HP Power Manager (HPPM) Running on Linux and Windows, Remote Execution of Arbitrary Code
Re: D-Link DIR-300 authentication bypass
The new Core Insight pen testing suite can lay out the history of testing campaigns and the relative threat level of an enterprise's systems.

Add to digg Add to StumbleUpon Add to Add to Google
London's High Court ruled Thursday that WikiLeaks founder Julian Assange can be freed if he posts £240,000 (US$384,000) in bail, rejecting prosecutors' appeal that he be imprisoned pending a January extradition hearing, according to the BBC.
Google recognizes the legitimate investigative needs of law enforcement agencies across the world, including in India, and will respond to valid requests for information that are received in accordance with applicable laws, the company said Thursday.
LG Electronics unveiled the Optimus 2X, a smartphone based on Android and Nvidia's dual-core Tegra2 processor, which provides 1080p HD video playback and recording.
While President Barack Obama met Wednesday with the CEOs of some of America's largest companies to discuss ideas for expanding the economy and creating jobs, a Chinese outsourcing firm was raising cash to help it expand in the U.S. market.

Internet Storm Center Infocon Status