InfoSec News

After a two-month trial, Novell's US$1.3 billion antitrust lawsuit against Microsoft ended on Friday in a hung jury, according to a spokesman for Microsoft who was at the court.
Seagate and Western Digital are cutting back on hard drive warranties, in some instances from five years to one, in order to save money or redirect it to product development.
Cox Communications plans to sell wireless spectrum licenses covering 28 million U.S. residents to Verizon Wireless for $315 million, becoming the latest cable operator to join with Verizon for mobile services.
Sprint, the biggest user of Carrier IQ's software, said it has disabled use of the tool in response to customer concerns.
Python 'PySys_SetArgv' Remote Command Execution Vulnerability
The U.S. House of Representatives Judiciary Committee has postponed further debate on the controversial Stop Online Piracy Act (SOPA) until after Congress' holiday break.
Dell has confirmed that it has ceased production of its Inspiron Mini netbook computer, in effect ending its pursuit of the receding netbook market, at least for consumer sales.
Samsung Electronics filed four additional patent claims against Apple on Friday in a German court while also going to trial over three other patents that the Korean company alleges are infringed by Apple.
Kiwi Multiple Remote Code Execution, HTML Injection and Local File Inclusion Vulnerabilities
Fork CMS Multiple Cross Site Scripting Vulnerabilities
HP Application Lifestyle Management 'GetInstalledPackages' Local Privilege Escalation Vulnerability

Is Lieberman's Swan Song The Impossible Dream?
GovInfoSecurity.com (blog)
The Senate favors a catch-all package, and Senate Majority Leader Harry Reid said he will schedule floor time for that chamber to debate comprehensive cybersecurity legislation early next year (see Senate to Take Up Infosec Bill in Early 2012). ...

and more »
Zynga's initial public offering Friday, a raft of acquisition announcements this week from IBM, Salesforce and others, and some upbeat reports on the chip and hardware sector are putting a positive spin on year-end news for the tech sector.
Retailers are going out of their way this year to integrate holiday season sales efforts with social networking sites to boost bottom line profits. Insider (registration required)
EMC has tied its fortunes to the future of cloud computing and is working hard to change the hearts and minds of IT executives so they will embrace the same vision, according to the firm's chief marketing officer.
Reports that Iranian electronic warfare experts may have succeeded in intercepting and capturing a sophisticated U.S. spy drone were received with skepticism by security analysts.
Microsoft Active Directory CVE-2011-3406 Buffer Overflow Vulnerability
Microsoft Windows CSRSS CVE-2011-3408 Local Privilege Escalation Vulnerability
Microsoft Windows Kernel CVE-2011-2018 Local Privilege Escalation Vulnerability
Adobe Flash Player CVE-2011-2459 Remote Memory Corruption Vulnerability
Re: <BASE> tag used for hijacking external resources (XSS)
[ MDVSA-2011:189 ] jasper
[security bulletin] HPSBUX02729 SSRT100687 rev.2 - HP-UX Running BIND, Remote Denial of Service (DoS)
A creative scheme that charges people via SMS for what should be a free copy of Adobe Systems' Flash player is apparently undergoing a test run on a Russian social network, according to security vendor Bitdefender.
The plethora of spectrum bands used for LTE (Long-Term Evolution) will result in more expensive devices, and also make the ability to roam globally using the technology less likely, according to industry organisation GSM Association's research arm Wireless Intelligence.
[security bulletin] HPSBUX02719 SSRT100658 rev.3 - HP-UX Running BIND, Remote Denial of Service (DoS)
<BASE> tag used for hijacking external resources (XSS)
John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Holiday music and eggnog have this in common--they should be wrapped in the proper season. Break them out during a mid-summer celebration only if you want to immediately poop the party. Fortunately, you can ensure that your holiday music is played at the right time--and in the right way--during the holidays. The avenue for doing so is iTunes's smart playlists.
Beijing authorities are requiring users of China's Twitter-like microblogging services to register with their real name identities, a move that could scare off the websites' users, according to one analyst.
John Bambenek
bambenek \at\ gmail /dot/ com
Bambenek Consulting (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A U.S. judge in Maryland dismissed on Thursday a criminal case against a person who was charged with stalking a religious leader on Twitter, upholding "a tradition of protecting anonymous speech, particularly anonymous political or religious speech".
Apple is experiencing problems with its iTunes Store and iCloud services, with many Twitter users reporting that they are unable to log in using their Apple ID to download apps.
Can a brainwave-sensing headband help you sleep better? Zeo Mobile tracks your sleep patterns and provides sound advice.
Documents filed in response to a U.S. lawmaker's request show that Sprint is by far the biggest user of Carrier IQ's software, with more than 26 million handsets featuring the controversial mobile tracking tool.
The U.S. spy drone that was recently captured and displayed by Iranian authorities may have been tricked into landing in that country after being electronically ambushed.
Some cloud computing vendors outsource parts of their services to subcontractors, who may in turn outsource to others. Here's how to know who has your company's data and how secure it really is. Insider (registration required)
Internet Storm Center Infocon Status