InfoSec News

[SECURITY] [DSA 2166-1] chromium-browser security update
 
While security pros should be concerned with the decreasing efficacy of signature-based antivirus, employee threats should warrant increasing attention.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
At RSA Conference 2011, a Town Hall-style meeting of government cybersecurity officials, including cybersecurity coordinator Howard Schmidt, pressed for continued public-private sector cooperation, increased information security awareness training and online trust initiatives.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
A new vulnerability has been discovered exploiting SMBcomponent of Windows. The attack involves sending of malformed Browser Election requests leading the heap overflow within the mrxsmb.dll driver.The vulnerability is known to be able to cause DoSand fully control of vulnerable machines. Proof of concept code for DoShad been released. There are reports that this exploit only work on local network segment (this hasn't been verified).
The general practice of block port 138, 139 and 445 should be observed especially with this 0-day.
More information on this exploit
http://www.vupen.com/english/advisories/2011/0394

(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Signature-based antivirus not quite dead
SearchSecurity.com
SAN FRANCISCO -- It's unmistakable: Infosec pros have long heard the death rattle of signature-based antivirus (AV). With the amount of malware currently in circulation -- and rising exponentially by the day ...

 
InfoSec News: Security Costs SMBs 16 Days Per Month: http://www.informationweek.com/news/smb/security/showArticle.jhtml?articleID=229216088
By Kevin Casey InformationWeek February 10, 2011
IT pros at small and midsize businesses (SMBs) spend 127 hours every month managing their on-premises security infrastructure, according to a [...]
 
InfoSec News: Hackers Build Android Encryption Apps For Egypt: http://blogs.forbes.com/andygreenberg/2011/02/10/hackers-build-android-encryption-apps-for-egypt/
By Andy Greenberg The Firewall Forbes.com Feb. 10 2011
Cellphones may be helping to connect and organize the pro-democracy protesters massing in the streets of Cairo and Alexandria. [...]
 
InfoSec News: Secunia Weekly Summary - Issue: 2011-06: ========================================================================
The Secunia Weekly Advisory Summary 2011-02-03 - 2011-02-10
This week: 81 advisories [...]
 
InfoSec News: Cyber warfare threat to America cannot be 'overstated', top U.S. intelligence chief warns Congress: http://www.dailymail.co.uk/news/article-1355596/Al-Qaeda-Cyber-warfare-threat-overstated-warns-US-intelligence-chief.html
By Daily Mail Reporter 10th February 2011
America's top intelligence chief warned Congress today that the cyber warfare facing the U.S. is increasing in scope and scale. [...]
 
InfoSec News: EVT/WOTE '11 Call for Papers Now Available: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>
On behalf of the 2011 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (EVT/WOTE '11) program committee, we are inviting you to submit your original research on important problems in all aspects of electronic voting. [...]
 
InfoSec News: Cyber warfare threat to America cannot be 'overstated', top U.S. intelligence chief warns Congress: Forwarded from: Richard Forno <rforno (at) infowarrior.org>
As Marc Maiffret correctly noted in his EEye blog post last night, funny how these cyberwarfare threats always tend to show up around the RSA conference......
Scary Night Dragons Fall from Sky http://blog.eeye. [...]
 
InfoSec News: NASDAQ Breach: Lesson for Banks: http://www.bankinfosecurity.com/articles.php?art_id=3342
By Tracy Kitten Managing Editor Bank Info Security February 11, 2011
Could real-time forensics have helped uncover the NASDAQ breach sooner?
It's unclear how long cyberhackers breached and prowled NASDAQ's network and systems. [...]
 
InfoSec News: Low security awareness found across IT: http://www.computerworld.com/s/article/9208890/Low_security_awareness_found_across_IT_
By Jaikumar Vijayan Computerworld February 10, 2011
A broad spectrum of IT people, including those close to security functions, appear to have little awareness of key security issues [...]
 
InfoSec News: Anonymous hack showed password re-use becoming endemic: http://www.theregister.co.uk/2011/02/10/password_re_use_study/
By John Leyden The Register 10th February 2011
Computer scientists have discovered that password re-use is far more prevalent than previously thought after comparing a sample of matched [...]
 
InfoSec News: CFP: 7th International Workshop on Security and Trust Management (STM'11): Forwarded from: "M. Carmen Fernandez Gago" <mcgago (at) lcc.uma.es>
Call for Papers
7th International Workshop on SECURITY and TRUST MANAGEMENT (STM'11) Copenhagen, Denamrk 27-28 June 2011 http://www.isac.uma.es/stm11
in conjunction with IFIPTM 2011 [...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, February 6, 2011: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, February 6, 2011
21 Incidents Added.
======================================================================== [...]
 
InfoSec News: NSW Ambulance Service recovers from computer virus: http://www.smh.com.au/technology/security/nsw-ambulance-service-recovers-from-computer-virus-20110214-1ate0.html
By Ben Grubb The Sydney Morning Herald February 14, 2011
Computers which coordinate NSW's ambulances all finally returned to normal Monday afternoon after a virus forced staff to shut them down for more than 24 hours.
One source who used to work closely with the Computer Aided Dispatch System (CAD) system told this website that the ambulance service was "very protective of it when I worked there" and that the virus likely infiltrated the network via an infected USB as the network was a "physically isolated network" with "no internet connection of any kind".
"The only way a virus could get onto it would be via physical access – someone with the virus on a USB key," the source said. "It's probably just someone [who] has plugged in an infected USB and it's infected a few Windows PCs in the office."
Those claims were put to the NSW Ambulance Service but it declined to comment on them.
[...]
 
InfoSec News: CIA Director Leon Panetta Warns of Possible Cyber-Pearl Harbor: http://abcnews.go.com/News/cia-director-leon-panetta-warns-cyber-pearl-harbor/story?id=12888905
[CIA Director John Deutch warned yesterday that hackers could launch "electronic Pearl Harbor" cyber attacks on vital U.S. information systems. June 26th 1996 - http://nydn.us/hzEXtm - WK] [...]
 
InfoSec News: Experts: China must raise level of cyber security: http://www.chinadaily.com.cn/china/2011-02/12/content_11989991.htm
By Zhou Wa China Daily 2011-02-12
BEIJING - Chinese experts called for more attention to be given to China's cyber security studies on Friday to prevent the nation from falling victim to international hacking attacks. [...]
 
InfoSec News: Report: Stuxnet Hit 5 Gateway Targets on Its Way to Iranian Plant: http://www.wired.com/threatlevel/2011/02/stuxnet-five-main-target/
By Kim Zetter Threat Level Wired.com February 11, 2011
Attackers behind the Stuxnet computer worm focused on targeting five organizations in Iran that they believed would get them to their final [...]
 
InfoSec News: SyScan'11 Singapore Call For Paper and [email protected]: Forwarded from: Thomas Lim <thomas (at) syscan.org>
http://www.syscan.org/index.php/sg
The CFP for SyScan'11 will close on 28th February 2011. please send in our submission quickly.
All selected speakers for SyScan'11 Singapore will enjoy the following benefits:
1. [...]
 
InfoSec News: Cyber Security 'Expert' Is Felon, Accused Plagiarist, Uncertified Hacker: Forwarded from: security curmudgeon <jericho (at) attrition.org>
: http://www.cbsatlanta.com/news/26862410/detail.html : : By Jeff Chirico : CBS Atlanta Investigative Reporter : February 14, 2011 : : ATLANTA -- CBS Atlanta is asking Tough Questions about the credentials [...]
 
InfoSec News: Israeli security chief celebrates Stuxnet cyber attack: http://www.telegraph.co.uk/technology/news/8326274/Israeli-security-chief-celebrates-Stuxnet-cyber-attack.html
By Christopher Williams Technology Correspondent Telegraph.co.uk 16 Feb 2011
The video of Lieutenant General Gabi Ashkenazi's operational successes [...]
 
InfoSec News: HBGary Execs Run For Cover As Hacking Scandal Escalates: http://blogs.forbes.com/andygreenberg/2011/02/15/hbgary-execs-run-for-cover-as-hacking-scandal-escalates/
By Andy Greenberg The Firewall Forbes.com Feb. 15, 2011
Rarely in the history of the cybersecurity industry has a company become so toxic so quickly as HBGary Federal. [...]
 
InfoSec News: Pentagon Deputy: What if al-Qaeda Got Stuxnet?: http://www.wired.com/dangerroom/2011/02/pentagon-deputy-what-if-al-qaeda-got-stuxnet/
By Spencer Ackerman Danger Room Wired.com February 15, 2011
Points for imagination here: at the RSA information-security conference in San Francisco, Deputy Defense Secretary William Lynn worried aloud [...]
 
InfoSec News: Obama seeks big boost in cybersecurity spending: http://www.computerworld.com/s/article/9209461/Obama_seeks_big_boost_in_cybersecurity_spending
By Patrick Thibodeau Computerworld February 15, 2011
WASHINGTON -- The White House is proposing a big increase in cybersecurity research and development in next year's budget to improve, [...]
 
InfoSec News: Man pockets $8m running computer fraud ring: http://www.theregister.co.uk/2011/02/16/computer_fraud_plea/
By Dan Goodin in San Francisco The Register 16th February 2011
A New Hampshire man has admitted pocketing almost $8 million in a scheme that infected people's computers with software that forced their modems [...]
 
InfoSec News: CFP: 3rd Workshop on Intelligent Security - Security and Artificial Intelligence (SecArt-11): Forwarded from: Yacine Zemali <yacine.zemali (at) ensi-bourges.fr>
[Apologies if you receive multiple copies. Please distribute this call to interested parties.] 3rd Workshop on Intelligent Security Security and Artificial Intelligence (SecArt-11) [...]
 
InfoSec News: Cyber Security 'Expert' Is Felon, Accused Plagiarist, Uncertified Hacker: http://www.cbsatlanta.com/news/26862410/detail.html
By Jeff Chirico CBS Atlanta Investigative Reporter February 14, 2011
ATLANTA -- CBS Atlanta is asking Tough Questions about the credentials of the self-proclaimed "world's No. 1 hacker." Gregory D. [...]
 
InfoSec News: CIA Director Leon Panetta Warns of Possible Cyber-Pearl Harbor: Forwarded from: Richard Forno <rforno (at) infowarrior.org>
First off: this is the same Leon Panetta who told a Congressional committee last week that his official estimate that Mubarak would step down on DayX was based on "media reports." (http://www.washingtonpost. [...]
 
Stanford University researchers have found a way to double the capacity of wireless networks, while at the same time making them more reliable and efficient.
 
[SECURITY] CVE-2011-0533: Apache Archiva cross-site scripting vulnerability
 
[USN-1065-1] shadow vulnerability
 
[SECURITY] [DSA 2165-1] ffmpeg-debian security update
 
Gain Windows Domain Admin Privileges - Online Challenge
 
Gemalto's Protivia Mobile One Time Password application provides two-factor authentication for users on iPhones, BlackBerrys and some Windows smartphones.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
nuBridges announced its Tokenization as a Service (TaaS) cloud-based data tokenization service, and promised customers ownership of their data even if they cancel the service.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Dan Kaminsky and other experts involved in DNSSEC deployments, during an RSA Conference 2011 session, urged enterprises to consider rolling out support for the new Internet protocol.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Do you own a smartphone, a netbook, a tablet PC, a digital camera, an MP3 player? Or an iPod Touch, a laptop, a handheld gaming console, and/or a Kindle or other type of e-reader?
 
Cisco has launched an architectural framework designed to enhance users' experiences across mobile and wireless networks.
 
SRA has launched One Vault Messenger, which is a short message service (SMS) encryption product for BlackBerry mobile devices.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
At Mobile World Congress Monday Microsoft CEO Steve Ballmer announced that the company will be pushing new features to Windows Phone 7 users including access to SkyDrive, multitasking and a new HTML5 browser.
 
When Intel CEO Paul Otellini received a call from Nokia chief Stephen Elop about Nokia's move to Microsoft, he used a word that Yahoo CEO Carol Bartz "has often used."
 
Google's growing influence in the mobile industry is clearly proving worrisome to some device makers and operators, a few of whom put up a united front against the search giant during a round table at Mobile World Congress in Barcelona on Wednesday.
 
Some people may yet debate the value of femtocells, but the tide has turned: in 2010, the number of femtocells around the world exceeded the number of macrocells, according to the Femto Forum.
 
Chinese handset manufacturer ZTE plans to launch its first smartphone in the U.S. this year, a move that follows the company's latest success in securing a bigger hold of the mobile phone market.
 
In a move that underscores the importance of both mobile devices and video in staying connected within enterprises, Logitech is extending its LifeSize video streaming system to iPads, iPhones and iPods.
 
CA Technologies said its cloud-authentication service now features advanced controls to let customers more effectively control who gets into corporate applications.
 
Acknowledging that security technologies can't possibly prevent every cyberattack, several vendors at the RSA Conference advised companies to just assume that their systems will be breached at some point.
 
Don't have the budget for a large software or hardware buildout? Take a page from these five IT start-ups that focus on cloud and mobile delivery to speed deployment, reduce infrastructure costs and ease management headaches.
 
Dueling open source alternatives to Microsoft Office match word processors, spreadsheets, and much more; which one should you choose?
 

Posted by InfoSec News on Feb 16

http://www.theregister.co.uk/2011/02/16/computer_fraud_plea/

By Dan Goodin in San Francisco
The Register
16th February 2011

A New Hampshire man has admitted pocketing almost $8 million in a scheme
that infected people's computers with software that forced their modems
to surreptitiously dial premium phone numbers.

Asu Pala, 37, pleaded guilty to one count of conspiracy to commit
computer fraud and five counts of failing to filed a US...
 

Posted by InfoSec News on Feb 16

Forwarded from: security curmudgeon <jericho (at) attrition.org>

: http://www.cbsatlanta.com/news/26862410/detail.html
:
: By Jeff Chirico
: CBS Atlanta Investigative Reporter
: February 14, 2011
:
: ATLANTA -- CBS Atlanta is asking Tough Questions about the credentials
: of the self-proclaimed "world's No. 1 hacker." Gregory D. Evans, of
: Atlanta, has appeared on numerous national and local news programs to
: speak about...
 

Posted by InfoSec News on Feb 16

http://www.telegraph.co.uk/technology/news/8326274/Israeli-security-chief-celebrates-Stuxnet-cyber-attack.html

By Christopher Williams
Technology Correspondent
Telegraph.co.uk
16 Feb 2011

The video of Lieutenant General Gabi Ashkenazi's operational successes
included references to Stuxnet, a computer virus that disrupted the
Natanz nuclear enrichment site last year, Ha'aretz reported.

Although Israel has not officially accepted...
 

Posted by InfoSec News on Feb 16

http://blogs.forbes.com/andygreenberg/2011/02/15/hbgary-execs-run-for-cover-as-hacking-scandal-escalates/

By Andy Greenberg
The Firewall
Forbes.com
Feb. 15, 2011

Rarely in the history of the cybersecurity industry has a company become
so toxic so quickly as HBGary Federal. Over the last week, many of the
firm’s closest partners and largest clients have cut ties with the
Sacramento startup. And now it’s cancelled all public appearances...
 

Posted by InfoSec News on Feb 16

http://www.wired.com/dangerroom/2011/02/pentagon-deputy-what-if-al-qaeda-got-stuxnet/

By Spencer Ackerman
Danger Room
Wired.com
February 15, 2011

Points for imagination here: at the RSA information-security conference
in San Francisco, Deputy Defense Secretary William Lynn worried aloud
about a terrorist group getting ahold of a malware tool like Stuxnet.

Sure, al-Qaeda hasn’t launched any cyberattacks so far. Nor have its
operatives...
 

Posted by InfoSec News on Feb 16

http://www.computerworld.com/s/article/9209461/Obama_seeks_big_boost_in_cybersecurity_spending

By Patrick Thibodeau
Computerworld
February 15, 2011

WASHINGTON -- The White House is proposing a big increase in
cybersecurity research and development in next year's budget to improve,
in part, its ability to reduce the risk of insider threats and ensure
the safety of control systems such as those used at power plants.

In detailing their 2012...
 

Posted by InfoSec News on Feb 16

Forwarded from: Thomas Lim <thomas (at) syscan.org>

http://www.syscan.org/index.php/sg

The CFP for SyScan'11 will close on 28th February 2011. please send in our
submission quickly.

All selected speakers for SyScan'11 Singapore will enjoy the following benefits:

1. $1000 Singapore Dollars reimbursement for air-ticket

2. 3 nights of hotel accommodation at conference hotel

3. Breakfast, lunch and Dinner during conference

4. Networking...
 
IBM Rational Build Forge 'fullcontrol/' Cross Site Scripting Vulnerability
 
BACnet OPC Client Buffer Overflow Vulnerability
 
Maian Media Component for Joomla! 'cat' Parameter SQL Injection Vulnerability
 
The California security company that is at the center of a controversy over a plan to discredit WikiLeaks and its supporters abruptly pulled itself out of the RSA security conference in San Francisco this week, citing security concerns.
 
Real Estate Single 'resulttype.asp' SQL Injection Vulnerability
 
Multi Agent System 'city.asp' SQL Injection Vulnerability
 
DIGITAL GOODS SELLER (DGS) 'd' Parameter SQL Injection Vulnerability
 
Skeletonz Name and Comment Fields HTML Injection Vulnerabilities
 
Dell on Tuesday reported a 177% year-over-year increase in net income for its fourth fiscal quarter of 2011, driven by growth in enterprise server and PC sales.
 
Oracle Java SE and Java for Business NTLM Credentials Information Disclosure Vulnerability
 
Oracle Java 'Applet2ClassLoader' Class Unsigned Applet Remote Code Execution Vulnerability
 
A prominent encryption expert at the annual cryptographer's panel at RSA Conference 2011 said poorly implemented encryption deployments are being stymied by employee errors.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

In the face of heightened cyberthreats, the Pentagon is pursuing a multi-pronged defense strategy that includes a reliance on private sector participation, William J. Lynn, III, U.S. Deputy Secretary of Defense, said in a keynote Tuesday at RSA Conference 2011.

“To this point, the disruptive attacks we’ve seen are relatively unsophisticated in nature. In the future, more capable adversaries could potentially immobilize networks on a wide scale for much longer time,” he said.

It’s not impossible to imagine attacks on military networks or critical infrastructure that could cause severe economic damage or even loss of life, Lynn said.  The nation must prepare for the likelihood that a cyberattack will be part of a conventional attack, he said. Al-Qaida hasn’t yet launched a cyberattack but it has vowed to, he adds.

nd at an important junction of development of cyberthreats… most malicious actors haven’t laid their hands on the most harmful capabilities. But this situation won’t last forever,” he said. “We need to develop stronger defenses before this occurs. We have a window of opportunity to gird our networks against more serious threats.”

For the past two years, the Defense Department has deployed specialized defenses to defend military networks, officially recognizing cyberspace as a domain of warfare, he said. The Pentagon’s cyberstrategy relies on “active defenses” — a more dynamic approach that Lynn described as operating at network speed and using sensors to stop malicious code before it executes.

The military is also working to build collective defenses with its allies to cooperatively monitor networks for cyberdefense, he said. But a major part of the strategy is working with the private sector through information sharing and working with key technology companies to improve cybersecurity, he said. To that end, the Defense Department announced a expanded IT exchange program that Lynn said will allow for exchange of IT and security personnel between government and industry.

It also is adding half a billion dollars in funding for research into cloud computing, encryption and virtualization technologies, Lynn said.

“Over the long term, we must develop technology that reverses the advantage of those seeking to steal our secrets and cause us harm. … The challenge we face today in cybersecurity — it’s global in scope and requires government working closely with industry.”



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Not sure if you have seen our latest pet project - HTTP Headers. This is ISC's effort to track HTTPresponse headers by major sites on the Internet. Our main goal at this point is to monitor the use of security related headers. However, we are collecting all headers in part to monitor changes over time in the way administrators configure web servers.
Browsers have been somewhat ignored in the past when it came to web application defense. In part, because an application can't count on the user using any particular browser (or any browser for that matter). However, attacks on the other hand increasingly use the browser as an offensive tool to reflect attacks via cross site scripting, cross site request forging or click jacking. In all these attacks the browser is playing a major role.
The different attention to browsers is understandable. An attacker can be perfectly happy if an attack only works for a small percent of the population. If only users with Internet Explorer 6 on Windows XP are affected: Still a successful attack. For the defender on the other hand, the picture is different: If a particular browser protection is only enabled in 90% of browsers: One out of 10 visitors will still be affected by the attack.
This changes however if one is willing to accept browser defenses as an added defensive layer instead of a replacement for good application security. In addition, standards are emerging to make it easier for browser to provide meaningful protection. But none of this will work if it is not used.
We periodically reach out to the sites listed in the Alexa Top sites and track the HTTPheaders returned by the web servers. We intend to track the changes over time and see how security related HTTPheaders are used in real-world sites.
Some of the preliminary findings are as follows,

Only very few sites use the X-FRAME-OPTIONS header. This is a reliable way to deal with Clickjacking attacks in newer browsers, but it will also block framing of web sites by friendly sites. The option allows for very little adjustment as it is currently implemented.
X-XSS-Protection is used rarely by top sites (about 450 of the top sites). This is a IE 8+supported header to enable/disable XSSprotection feature on the browser. Only a few sites out of the hundreds turn off XSSprotection by setting the value of this header to 0. Vast majority of the sites using this header enable the protect by setting value to 1 and mode=block, which makes the page blocked from the browser instead of browser sanitizing the content of the page.
Set-Cookie2 is only used by two sites that we query. This is a largely ignored way of setting cookie, as specified in RFC2965.
X-Hacker caught our eyes. This is actually a job ad from the guys who developed Wordpress blogging software.

If you spot any interesting security related headers on our list and want to share with us. Please write in using the ISCcontact form. (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Hundreds of thousands of KWh are being consumed by the use of memory components in servers today. By adopting more energy-efficient components in optimized server architectures, such as lower voltage DRAMs and advanced solid-state drives (SSDs), data centers can drastically reduce power consumption and associated energy costs.
 
Juniper Networks has begun unifying products from its acquisition of Altor Networks, combining vGW Virtual gateway with SRS Series Services Gateway for virtual machine security.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Oracle Java SE and Java for Business Java Runtime Environment Remote Code Execution Vulnerability
 
Researchers and analysts say IBM's Jeopardy-playing Watson supercomputer could mark the start of a period of significant advances in artificial intelligence research.
 
Asus' ultrathin U41JF is designed to be both powerful and portable, with a chassis around one inch thick and a Nvidia graphics card. Unfortunately, the entire notebook looks cheap, despite obvious attempts to make it look otherwise. This notebook has all the right parts, from the brushed-aluminum cover to the chiclet-style keyboard and fancy graphics card (though no Sandy Bridge processor or Blu-ray drive), but it's still very obviously a budget machine.
 
Since his appointment as Yahoo's CTO last June, Raymie Stata has been on an intense ride. He is part of the executive team charged with building Yahoo's technology strategy and spurring innovation to drive growth and attract more users to the site. Stata has been with Yahoo since 2004 and was previously its chief architect. Other members of the team include Chief Scientist Prabhakar Raghavan and Stata's boss, Chief Product Officer Blake Irving, both of whom report to CEO Carol Bartz.
 
Oracle Java SE and Java for Business CVE-2010-4475 Remote Java Runtime Environment Vulnerability
 
Oracle Java SE and Java for Business CVE-2010-4465 Remote Java Runtime Environment Vulnerability
 
Oracle Java SE and Java for Business Java Runtime Environment CVE-2010-4454 Remote Vulnerability
 
Oracle Java SE and Java for Business CVE-2010-4463 Remote Java Runtime Environment Vulnerability
 
Solera Networks has updated its OS network forensics platform, adding reporting of malware threats, new application classification and tools to give more visibility into the network.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
IBM continues to roll out new components for the zEnterprise 196, the mainframe it released last summer.
 
Dell on Tuesday reported a 177% year-over-year increase in net income for its fourth fiscal quarter of 2011, driven by growth in enterprise server and PC sales.
 
OpenSSL OCSP Stapling 'ClientHello' Handshake Message Parsing Security Vulnerability
 
Zscaler launched its mobile device security service to provide continuity of each user's security policy across a variety of devices including iPhones, iPads and Android devices.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Fidelis Security Systems and CloudShield Technologies Inc. have entered into an agreement to offer Fidelis' data breach prevention solutions on CloudShields bladecenter.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Lieberman has announced a new version of Enterprise Random Password Manager that integrates with ArcSight ESM, RSA enVision and Q1 Labs QRadar.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
A security researcher yesterday disclosed a new unpatched bug in Windows that some experts believe could be used to remotely hijack a PC.
 
Should ISPs be the ones who keep hacked PCs off the Internet? Microsoft's chief security executive used to think so, but now he's had a change of heart.
 
At the kickoff of IBM's PartnerWorld conference, IBM announces new incentives for partners.
 
As businesses increasingly adopt tablets, Intel wants to bring those devices under control by implementing remote management and security capabilities in hardware and software, the company said this week.
 
Hardware and software fraud pose serious threats according to a supply chain expert who says the lack of security is flooding the market for fraudulent devices and parts.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Microsoft Vice President of Trustworthy Computing Scott Charney at the RSA Conference 2011 discussed Collective Defense, Microsoft's proposed Internet health check system for consumer computers, and how it should be implemented not by governments and ISPs, but by enterprises.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Kingston Digital has added the Data Traveler 4000 (DT4000) and Data Traveler Vault—Privacy Managed (DTVPM) to its line of portable device security products.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Oracle has released a new update for Java environment, it contains fixes for security issues. Time to get your Java environment up to date again.
The details on this update can be found athttp://blogs.oracle.com/security/2011/02/february_2011_java_se_and_java.html
Happy Java Patching! (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Nokia and Microsoft announced ahead of the Mobile World Congress trade show that Nokia would ditch its current mobile operating systems and use Windows Phone. Will you buy a Nokia running Windows Phone 7?
 
Tembria Server Monitor Weak Cryptographic Password Storage Vulnerability
 
Tembria Server Monitor Multiple Cross-site Scripting (XSS) Vulnerabilities
 
Identity Finder has added to its line of data loss prevention products with Identify Finder 5.0 for Windows and Mac operating systems, plus a new Identity Finder DLP console.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Voltage announced SecureMail v4 to make email security management easier for the user, including support for Microsoft Exchange and BlackBerry devices.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
RSA, a division of EMC, has announced Cloud Trust Authority to address cloud computing security issues. It includes features from VMware and RSA's own GRC platform.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
John Donovan, AT&T's chief technology officer, is making what he calls 'creepy' and 'spooky' -- but ultimately good -- predictions for wireless computing and communications in the cloud in 2020.
 
In a keynote address at the RSA Security Conference here, RSA chief Art Coviello struck an optimistic tone about the future of security in cloud computing environments.
 
A new industry group has proposed a standard that would use storage on a mobile device to preemptively download content in order to alleviate network bottlenecks and the resulting rebuffering issues.
 
Data center centralization and consolidation. Cloud computing. Latency-sensitive (real-time and interactive) applications such as VoIP, videoconferencing and virtual desktop infrastructures (VDI). Business continuity and disaster recovery. These enterprise trends are among those driving the need for a WAN access layer that is scalable, reliable and cost-effective.
 
In order view 3D without glasses, LG used applied parallax barrier technology, which puts a series of slits on the front of the LCD screen that block light. That ensures a users left and right eye see different images.
 
Samsung refreshed its lineup of tablets and smartphones at Mobile World Congress in Barcelona this week.
 
Apple today unveiled the details of its App Store subscription plan, and confirmed that it will demand its usual 30% from publishers who sell content within their apps.
 
Google CEO Eric Schmidt took to the stage at Mobile World Congress in Barcelona Tuesday to talk up the Android OS for tablets and phones, in addition to giving nods to Chrome, search and YouTube.
 
Internet censorship hurts the governments that use it, Secretary of State Hillary Clinton said in a speech at George Washington University on Tuesday.
 
Sony Ericsson officially debuted the Xperia Play smartphone at Mobile World Congress in Barcelona Sunday. It combines a traditional mobile phone with a portable gaming console
 
Aircrack-ng EAPOL Packet Processing Buffer Overflow Vulnerability
 
[ MDVSA-2011:028 ] openssl
 
ValidEdge unveiled its Network Malware Security system, designed to stop unknown zero-day malware and single-target malware attacks.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
LynuxWorks demonstrated its enterprise platform for secure virtualization running on multiple devices and using ValidEdge Network Malware Security (NMS) LynxSecure.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

SAN FRANCISCO — It’s pretty tough to get a cynical, often paranoid, group of people to rise in unison in approval. It’s pretty tough, however, not to extend a standing ovation to cryptography and security pioneers Ron Rivest, Adi Shamir and Len Adleman, the R, S and A in RSA Security. The trio that developed the algorithm at the heart of a company and the security industry were honored this morning at RSA Conference 2011 with the RSA Lifetime Achievement Awards.

Rivest, Shamir and Adleman stood while conference founder and the award’s namesake Jim Bidzos rattled off an endless list of accomplishments and contributions to the security industry aside from the RSA algorithm. The announcement was preceded by a 20-minute video on the making of the RSA cryptosystem and included poignant memories and comments from friends, family and colleagues of all three men, in addition to their insights.

We have indeed been fortunate to stand on the shoulders of giants,” said RSA executive chairman Art Coviello.

The Rivest, Shamir, Adelman paper of 1977 “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems” is the foundation for security in ecommerce; more than one billion digital certificates are validated daily in support of transactions carried over SSL, Bidzos said.

Rivest has been a professor at MIT for 35 years was one of the developers of the MD hash functions, as well as the RC4 algorithm. He is currently focusing his efforts on machine learning and electronic voting research and policy development. Shamir wrote the seminal paper “How to Share a Secret” and received the Pope’s Piux XI gold medal. The three current deans of Israel’s top technology institutes were Shamir students–at the same time. Adleman, meanwhile, is also an MIT professor known for breaking the Knapsack cryptosystem, as well as for the creation of DNA computing.



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
HTB22823: SQL Injection in Seo Panel
 
HTB22824: SQL Injection in Seo Panel
 
HTB22826: Multiple XSS vulnerabilities in Wikipad
 
HTB22830: Multiple XSS vulnerabilities in Gollos
 
Networking giant Cisco Systems is realigning its enterprise security strategy with a new emphasis on contextual security that seeks to protect emerging technology like the iPad.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
WhiteHat announced the Sentinel PreLaunch (PL) service to detect website vulnerabilities and verify them with WhiteHat's Threat Research Center.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 


Internet Storm Center Infocon Status