InfoSec News

I/o Data Centers hopes to leapfrog the competition by developing what it claims will be a new, more integrated type of containerized data center, the company said on Friday.
 
Just in time for the back-to-school season, Dell has released its new R series of Inspiron all-purpose laptops. Though the stylish silver accents are the first thing you'll notice, the Inspiron R series is more than just a cosmetic upgrade. The Inspiron 14R may have fewer configuration options than the Inspiron 14 and may carry a higher starting price, but its improved hardware and refined design more than make up for the difference.
 
So my dad was griping that his Acer Aspire 9300 laptop takes forever to boot. I inspected it for spyware, excessive startup programs, and the other usual suspects, but everything checked out.
 
Xiotech has announced new storage analysis software, along with two new versions of its enterprise-class storage array and storage management software aimed at virtual desktop environments with its ability to expand on the fly.
 
Google on Friday said it acquired Metaweb, a company that maintains a database of information that it offers to website operators wishing to aggregate content about specific topics on their sites.
 

GovInfoSecurity.com

GovInfoSecurity.com Week in Review for Saturday, July 17, 2010
GovInfoSecurity.com
A look back at a House hearing on cyber attribution, a senior Homeland Security infosec adviser on authentication and the thoughts of the departing Navy CIO ...
Navy CIO Robert Carey: 'The corporation needs help in cybercom, That's why I'm ...ExecutiveBiz (blog)

all 2 news articles »
 
To all the companies out there who've been trying to use social media: You've just been schooled.
 
Nearly two weeks after rolling out a Google News redesign, Google has added a new feature to the page in hopes of placating complainers. The feature lets people opt to view news stories in two columns, unlike the initial redesign that listed all stories in a single long column.
 
Mozilla today announced that its Firefox Home iPhone application has been accepted to the App Store, and is available for downloading.
 
Colorado officials are warning the state's 800,000 or so registered businesses to watch out for scammers who've been forging business identities to make fraudulent purchases from several big-box retailers.
 
Start-up Nimble Storage announced its first product this week, an array that combines SSD and hard disk drives along with special software to create a box that acts as primary, backup storage and performs disaster recovery.
 
Facing heat from customers about iPhone 4 reception and antenna problems, Apple CEO Steve Jobs today said the company plans to give away free cases to address the issue.
 
More than 25,000 people and organizations have filed comments in a U.S. Federal Communications Commission inquiry into whether it should reclassify broadband as a regulated service, with the overwhelming majority appearing to favor such a move.
 
Have a look a what are likely to be the first wave of medically implanted electronics designed to improve and enhance human beings.
 
The T-Mobile version of Samsung's killer Galaxy S line of super Android phones, the Samsung Vibrant, stands apart from its siblings due to the high-quality multimedia apps the carrier has preloaded on the phone.
 
Facing heat from customers about iPhone 4 reception and antenna problems, Apple CEO Steve Jobs today said the company plans to give away free "Bumpers" to address the issue.
 
A surprising percentage of organizations are still running desktops with the XP Service Pack 2 OS, which Microsoft said it would no longer patch.
 
We've received plenty of information over the past couple days about this alleged vulnerability in Windows's lnk file, and it's use against SCADA networks.
http://www.theregister.co.uk/2010/07/16/windows_shortcut_trojan/
http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/
UPDATE: Two of our Handlers have copies of it now on their analyzation systems. Thank you, we will analyze it.
UPDATE 2: We have been notified via our comments that Symantec has definitions for this malware as well now.
-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Mozilla on Thursday boosted bug bounty payments six-fold by increasing the standard cash award to $3,000.
 
Computer maker Dell has proposed a settlement in a long-term investigation by the U.S. Securities and Exchange Commission into the company's accounting and financial reporting practices.
 
The Motorola Droid X is sold out online and in certain parts of the country at retail Verizon and Best Buy stores, despite Verizon Wireless' insistence that it would have plenty of the phones in stock.
 
The White House meeting on cybersecurity issues held on Wednesday appears to have been as much about assessing progress on the Presidents cybersecurity agenda as it was on showing executive office leadership on the issue.
 
Apple's lead antenna expert repeatedly warned that placing the iPhone 4 antenna outside the phone would lead to signal loss and dropped calls, according to a Bloomberg News report.
 
A Black Hat 2010 presentation on the hacking community in China was canceled at the request of the Taiwanese government. A new talk will focus on drive-by attacks.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Presented By:
Twitter and Ads. Keeping Ads Out of Your Timeline
  Today, Twitter announced that it no longer allows 3rd parties to place ads in the Twitter timeline. This means that publishers, bloggers and brands of all sizes that have been posting paid tweets need to review their posting practices…
dlvr.it >> Read more

Ads by Pheedo


China - Republic of China - Asia - Black Hat - Travel and Tourism
 
Advanced Micro Devices on Thursday reported a net loss during the second quarter of fiscal 2010, breaking a streak of two consecutive quarters of profitability.
 
Google grew its revenue and profits in the second quarter, but while revenue topped Wall Street's expectations, profits fell short.
 
A group of organizations led by The Green Grid has recommended a standard way for data centers to measure their Power Usage Effectiveness, aiming to bring consistency to the metric and make it easier for different facilities to compare their results.
 
Advanced Micro Devices is ahead of schedule with its upcoming Fusion chips, which will appear first in netbooks and low-end laptops early next year, but not in tablets, the company said on Thursday.
 
Beginning this fall, the U.S. government will spend $144 million on educational programs at more than 80 U.S. colleges to train an estimated 50,000 workers needed to help with the rollout of electronic medical records.
 
The White House meeting on cybersecurity issues held on Wednesday appears to have been as much about assessing progress on the Presidents cybersecurity agenda as it was on showing executive office leadership on the issue.
 
Wi-Fi service is offered on more than one third of the nation's passenger planes, making it no longer rare to see business travelers, and others, connecting to the Internet in mid-flight.
 
InfoSec News: Hackers clone French Foreign Ministry website: http://www.independent.co.uk/news/world/europe/hackers-clone-french-foreign-ministry-website-2027716.html
By John Lichfield Independent.co.uk 16 July 2010
France yesterday suffered what might be called a bad web day. A pirate internet site, looking for all the world like the official Foreign [...]
 
InfoSec News: Cybersecurity consensus: 'We haven't done enough': http://www.washingtontimes.com/news/2010/jul/14/obama-to-drop-in-at-cybersecurity-review/
By Shaun Waterman The Washington Times July 15, 2010
President Obama on Wednesday briefly dropped by and addressed a meeting at which industry figures were being updated on U.S. [...]
 
InfoSec News: Researchers: Password crack could affect millions: http://www.computerworld.com/s/article/9179224/Researchers_Password_crack_could_affect_millions
By Robert McMillan IDG News Service July 15, 2010
A well-known cryptographic attack could be used by hackers to log into Web applications used by millions of users, according to two security [...]
 
InfoSec News: Internet takes DNSSEC on board: http://news.techworld.com/networking/3232006/internet-takes-dnssec-on-board/
By Maxwell Cooter Techworld 15 July 10
The Internet is set to get a whole lot safer, the security standard DNSSEC is set to be assigned to the Internet's 13 root servers from later today. [...]
 
InfoSec News: Microsoft Employee From Russia Linked To Spy Ring: http://www.informationweek.com/news/software/showArticle.jhtml?articleID=225800184
By Thomas Claburn InformationWeek July 14, 2010
Microsoft has acknowledged that Alexey V. Karetnikov, alleged to have been the 12th member of a group of Russian spies arrested last month, [...]
 
InfoSec News: Black Hat, DefCon and B-Sides: A survival guide: http://www.csoonline.com/article/599313/black-hat-defcon-and-b-sides-a-survival-guide
By Bill Brenner Senior Editor CSO July 13, 2010
I'm sad to say it, but I won't be going to Las Vegas in a couple weeks for Black Hat, DefCon or B-Sides. There's simply too much happening on [...]
 
InfoSec News: ICO faces calls for mandatory data breach reporting: http://www.v3.co.uk/v3/news/2266549/breach-reporting-should
By Dan Worth V3.co.uk 15 Jul 2010
Legal experts have called for the mandatory reporting of all data breaches to the Information Commissioner's Office (ICO), in order to bring more clarity to the amount of data being lost and improve efforts to prevent breaches.
Stewart Room, a partner covering privacy and information at legal firm Field Fisher Waterhouse, said at a roundtable event that mandatory reporting is necessary to stop companies attempting to "bury bad news".
"Many firms we deal with often decide not to report data breaches to the ICO as they are not obliged to report it under law, yet could suffer retrospective punishment despite admitting the loss," he said.
"As such they take a calculated risk that it will not be discovered, and rely on the fallback that, if they were discovered not to have disclosed the breach, they are not actually required to anyway under current law."
[...]
 

Posted by InfoSec News on Jul 15

http://www.independent.co.uk/news/world/europe/hackers-clone-french-foreign-ministry-website-2027716.html

By John Lichfield
Independent.co.uk
16 July 2010

France yesterday suffered what might be called a bad web day. A pirate
internet site, looking for all the world like the official Foreign
Ministry site, began bombarding the world with bogus declarations and
announcements.

At the same time a long-awaited official site, which is supposed...
 

Posted by InfoSec News on Jul 15

http://www.washingtontimes.com/news/2010/jul/14/obama-to-drop-in-at-cybersecurity-review/

By Shaun Waterman
The Washington Times
July 15, 2010

President Obama on Wednesday briefly dropped by and addressed a meeting
at which industry figures were being updated on U.S. cybersecurity
efforts, acknowledging more progress was needed on the issue but blaming
George W. Bush administration efforts as inadequate.

The meeting was led by White House...
 

Posted by InfoSec News on Jul 15

http://www.computerworld.com/s/article/9179224/Researchers_Password_crack_could_affect_millions

By Robert McMillan
IDG News Service
July 15, 2010

A well-known cryptographic attack could be used by hackers to log into
Web applications used by millions of users, according to two security
experts who plan to discuss the issue at an upcoming security
conference.

Researchers Nate Lawson and Taylor Nelson say they've discovered a basic
security...
 

Posted by InfoSec News on Jul 15

http://news.techworld.com/networking/3232006/internet-takes-dnssec-on-board/

By Maxwell Cooter
Techworld
15 July 10

The Internet is set to get a whole lot safer, the security standard
DNSSEC is set to be assigned to the Internet's 13 root servers from
later today.

It makes the end of a long trail; DNSSEC has been some years in its
implementation yet has still failed to penetrate the wider market,
despite the efforts of IETF, the Internet...
 

Posted by InfoSec News on Jul 15

http://www.informationweek.com/news/software/showArticle.jhtml?articleID=225800184

By Thomas Claburn
InformationWeek
July 14, 2010

Microsoft has acknowledged that Alexey V. Karetnikov, alleged to have
been the 12th member of a group of Russian spies arrested last month,
worked for the company at its headquarters in Redmond, Washington.

A company spokesperson confirmed that Karetnikov was employed for nine
months as an entry-level software...
 

Posted by InfoSec News on Jul 15

http://www.csoonline.com/article/599313/black-hat-defcon-and-b-sides-a-survival-guide

By Bill Brenner
Senior Editor
CSO
July 13, 2010

I'm sad to say it, but I won't be going to Las Vegas in a couple weeks
for Black Hat, DefCon or B-Sides. There's simply too much happening on
the home front for me to break away this year.

I'll feel left out, for sure. When my security associates start tweeting
about hanging out in a cigar bar or taking in...
 

Posted by InfoSec News on Jul 15

http://www.v3.co.uk/v3/news/2266549/breach-reporting-should

By Dan Worth
V3.co.uk
15 Jul 2010

Legal experts have called for the mandatory reporting of all data
breaches to the Information Commissioner's Office (ICO), in order to
bring more clarity to the amount of data being lost and improve efforts
to prevent breaches.

Stewart Room, a partner covering privacy and information at legal firm
Field Fisher Waterhouse, said at a roundtable...
 
This is a notification just to let you know that ISC.org has released a new version of BIND, 9.7.1-P2. This reverses a change made in 9.7.1.
The change attempted to correct the behavior of a validating recursive resolver when explicitly queried for records of the type 'RRSIG'. These queries do not occur in normal DNSSEC operation, because RRSIG records are ordinarily returned along with the records they cover. query can be used for manual testing purposes. As a result of the change in 9.7.1, if the cache did not contain any RRSIG records for the name, such a query would trigger an endless loop of recursive queries to the authoritative server.
This patch backs out that change, and this will be fixed in a future release. So, those of you that upgraded to 9.7.1-P1, you'll need to apply this patch.
It can be downloaded from
ftp://ftp.isc.org/isc/bind9/9.7.1-P2/bind-9.7.1-P2.tar.gz
-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Internet Storm Center Infocon Status