InfoSec News


Read all 'Mark Zuckerberg' posts in Politics and Law
CNET (blog)
I'm an InfoSec professional and I still have to think through what I'm doing. 11:27 am (Comment from reader Jon Pincus): Caroline, excellent point about the ...

and more »
 
What a day! Surely, this is a day that will live in infamy. Not because of the release of iTunes 9.2—that’s solid. Nor is it because Apple managed to sell 600,000 pre-order iPhones despite the fact that, somehow, nobody was actually able to buy them. No, it’s a terrible day because Dan Moren got sick and so he has had to relinquish the controls of the Remains-o-tron to me. Onward:
 
Chicago's DePaul University has introduced what is thought to be the nation's first Masters of Science degree program in the fast-growing field of predictive analytics.
 
The string of outages, malfunctions and bugs that have hobbled Twitter for the past week and a half prompted the company to issue another apology and explanation for its technical woes on Tuesday afternoon.
 
Back in 2007, my company predicted that demand for network bandwidth — specifically IP bandwidth — would exceed capacity in the 2010/2011 timeframe. We arrived at that conclusion by independently modeling network consumption and capacity (and factoring in go-forward changes in both), and we highlighted growth in wireless as a key element in driving demand.
 
The U.S. Federal Communications Commission is scheduled to vote on the first step toward reclassifying broadband as a regulated, common-carrier service, despite objections from many U.S. lawmakers and broadband providers.
 
Address the explosion in mobile devices, IBM announced new software, services and research projects at the opening of new software development lab in Massachusetts.
 
Enterprise 2.0 strategies are becoming more popular among companies today, but there are serious logistical and legal challenges along with the expected benefits of using social collaboration tools.
 
Apple on Tuesday patched 28 vulnerabilities in is Snow Leopard operating system, including two in Adobe's Flash Player.
 
When Apple released a Mac mini that bears an HDMI port on Tuesday, it took mere minutes before people suggested that this new mini was the next-generation Apple TV in disguise. And for some, it may be. We'll take a deeper look as we have more time to test out the new Mac mini, but here's a look at some of areas that separate the two.
 
Everything I've learned about mobile security tells me it's bad to use the consumer-based technology for work. That's where all the bad stuff comes from. That includes devices like the iPhone and iPad.
 
Reader Marvin says that every time he double-clicks a Docx file (Docx is the default file format for Word 2007), it opens in Microsoft Works. How can he remedy this "extreme irritation"?
 
Flash memory array maker Violin Memory said it has purchased the technology assets of high-end NAS vendor Gear6, whose DRAM and flash memory-based appliances improve the scalability of Web applications and content.
 
U.S. lawmakers questioned Wednesday whether the Department of Homeland Security has the authority or resources it needs to protect the nation against cyberattacks.
 
Facing continued pressure from Apple and other smartphone makers, Nokia on Wednesday warned that its second quarter earnings would be lower than expected.
 
With help from IBM, DePaul University will offer nation’s first master's degree in predictive analysis
 
Apple has apologized for yesterday's iPhone 4 ordering mess, and boasted that it and its carrier partners had taken more then 600,000 orders for the new smartphone.
 
Consona has purchased on-demand ERP vendor Compiere, a move that gives it a place at the cloud-computing table.
 
The dream of bolting security onto the Internet's Domain Name System takes one step closer to reality Wednesday as Internet policymakers host a ceremony in Northern Virginia to generate and store the first cryptographic key that will be used to secure the Internet's root zone.
 
Hewlett-Packard plans to use Yahoo's advertising network in a pilot program that will deliver targeted advertisements for content printed with its latest line of Web-connected printers.
 
The string of outages, malfunctions and bugs that have hobbled Twitter for the past week and a half prompted the company to issue another apology and explanation for its technical woes on Tuesday afternoon.
 
At the Enterprise 2.0 Conference in Boston, you'd expect to hear people extolling the benefits of using social media tools at a company, but you might not expect to hear about the dark side.
 
Oracle is being sued by the U.S. government for allegedly overcharging it by millions of dollars, according to documents on file in U.S. District Court for the Eastern District of Virginia.
 
The enterprise version of the Eucalyptus private clouds software can now run the Windows operating system as well as Linux
 
The malicious code downloads and executes an additional piece of malware on a victim's computer. Meanwhile, Sophos' Graham Cluley says the initial exploit disclosure was "irresponsible."

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Sophos - Graham Cluley - Microsoft Windows - Malware - Security
 
Please patch those flash players as soon as possible.



Last week Handler Deb Hale posted a diary speaking to some Adobe proof of concept malware in the wild.

http://isc.sans.edu/diary.html?storyid=8932
Here is the summary from the Adobe Security Bulletin.

http://www.adobe.com/support/security/bulletins/apsb10-14.html

Critical vulnerabilities have been identified in Adobe Flash Player

version 10.0.45.2 and earlier. These vulnerabilities could cause the

application to crash and could potentially allow an attacker to take

control of the affected system.

Adobe recommends users of Adobe Flash Player 10.0.45.2 and earlier

versions update to Adobe Flash Player 10.1.53.64. Adobe recommends users

of Adobe AIR 1.5.3.9130 and earlier versions update to Adobe AIR

2.0.2.12610.
Flash Player 10.1 - Release Notes

http://kb2.adobe.com/cps/838/cpsid_83808.html
US-CERT Technical Cyber Security Alert

http://www.us-cert.gov/cas/techalerts/TA10-159A.html


Thanks goes to Joe D. for supporting the Internet Storm Center and giving us a heads up on this security update.
Kevin Shortt

ISCHandler on Duty
UPDATE: Joe D. followed up with the following note:
once installed, it is identified as version 10.1.53.64.
UPDATE 2: Thanks for the note Deapesh.
It is noteworthy that this Security Update was released by Adobe on June 10, 2010. (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
With video from mobile devices expected to grow,a market for enterprise video applications such as for training and instructional sales videos is emerging, analysts say.
 
As Hewlett-Packard expands its galaxy of devices, from handhelds to large servers and new networking products from its recent acquisition of 3Com, it's increasing the automation and management capabilities of its systems tools at a similar pace.
 
The few blocks of Internet addresses yet to be allocated under the old IPv4 protocol seem to be home to some "hot spots" of unwanted traffic that anyone who gets the addresses would have to pay for, a researcher said.
 
Members of the U.S. International Trade Commission questioned how to measure the effect of copyright and other intellectual property infringement in China, with some witnesses at a hearing saying they doubted the numbers that affected industries have given out.
 
As employee monitoring becomes more commonplace, tech workers wonder: Do they owe their loyalty to their colleagues or the corporation?
 
Despite persistent problems Tuesday with iPhone 4 online ordering, U.S. customers exhausted the supplies Apple and AT&T set aside for delivery June 24.
 

The Tech Herald

Researcher burned at the stake for vulnerability disclosure
The Tech Herald
(IMG:J.Anderson) If ever there was a way to initiate a heated argument in the InfoSec community, it is the topic of Full vs. Responsible Disclosure. ...

and more »
 
InfoSec News: Call for Papers: CPSRT 2010: Forwarded from: George Yee <gmyee (at) sce.carleton.ca>
Apologies if you have already seen this.
CALL FOR PAPERS (For HTML version with clickable links, please visit http://CPSRT.cloudcom.org/)
INTERNATIONAL WORKSHOP ON CLOUD PRIVACY, SECURITY, RISK & TRUST (CPSRT 2010) [...]
 
InfoSec News: Hacker in AT&T-iPad security case arrested on drug charges: http://news.cnet.com/8301-27080_3-20007827-245.html
By Elinor Mills InSecurity Complex CNet News June 15, 2010
A hacker in a group that discovered the AT&T iPad-related flaw was arrested following the execution of an FBI search warrant of his home in Arkansas on Tuesday, authorities told CNET. [...]
 
InfoSec News: Researchers probe net's most blighted darknet: http://www.theregister.co.uk/2010/06/15/most_blighted_darknet/
By Dan Goodin in San Francisco The Register 15th June 2010
Researchers probing a previously unused swath of internet addresses say they've stumbled onto the net's most blighted neighborhoods, with at [...]
 
InfoSec News: Computer hacking: Two senior army officers under scanner: http://sify.com/news/computer-hacking-two-senior-army-officers-under-scanner-news-national-kgpvklijbef.html
Sify News 2010-06-15
Indian probe agencies are looking into the possible role of two senior army officers in a suspected espionage ring, following the hacking of [...]
 
InfoSec News: Hackers exploit Windows XP zero-day, Microsoft confirms: http://www.computerworld.com/s/article/9178084/Hackers_exploit_Windows_XP_zero_day_Microsoft_confirms
By Gregg Keizer Computerworld June 15, 2010
Hackers are now exploiting the zero-day Windows vulnerability that a Google engineer took public last week, Microsoft confirmed today. [...]
 
InfoSec News: SAMA probes bank website hacking: http://www.saudigazette.com.sa/index.cfm?method=home.regcon&contentID=2010061675465
By Abdullah Al-Dani The Saudi Gazette 16 June 2010
JEDDAH - The Saudi Arabian Monetary Agency (SAMA) has launched an investigation into the hacking of Riyad Bank's website Monday morning. [...]
 
InfoSec News: Kaminsky Issues Developer Tool To Kill Injection Bugs: http://www.darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=225700088
By Kelly Jackson Higgins DarkReading June 14, 2010
Renowned security researcher Dan Kaminsky today went public with the launch of a new venture as well as its first deliverable -- a tool for [...]
 

Posted by InfoSec News on Jun 15

Forwarded from: George Yee <gmyee (at) sce.carleton.ca>

Apologies if you have already seen this.

CALL FOR PAPERS (For HTML version with clickable links, please visit
http://CPSRT.cloudcom.org/)

INTERNATIONAL WORKSHOP ON CLOUD PRIVACY, SECURITY, RISK & TRUST (CPSRT 2010)

In conjunction with 2nd IEEE International Conference on Cloud Computing
Technology and Science (CloudCom 2010), November 30 - December 3, 2010
Indiana...
 

Posted by InfoSec News on Jun 15

http://news.cnet.com/8301-27080_3-20007827-245.html

By Elinor Mills
InSecurity Complex
CNet News
June 15, 2010

A hacker in a group that discovered the AT&T iPad-related flaw was
arrested following the execution of an FBI search warrant of his home in
Arkansas on Tuesday, authorities told CNET.

Andrew Auernheimer, 24, was being held in Washington County Detention
Center in Fayetteville, Ark., according to Lt. Anthony Foster of the...
 

Posted by InfoSec News on Jun 15

http://www.theregister.co.uk/2010/06/15/most_blighted_darknet/

By Dan Goodin in San Francisco
The Register
15th June 2010

Researchers probing a previously unused swath of internet addresses say
they've stumbled onto the net's most blighted neighborhoods, with at
least four times as much pollution as any they've ever seen.

The huge chuck of more than 16.7 million addresses had never before been
allocated and yet the so-called darknet was the...
 

Posted by InfoSec News on Jun 15

http://sify.com/news/computer-hacking-two-senior-army-officers-under-scanner-news-national-kgpvklijbef.html

Sify News
2010-06-15

Indian probe agencies are looking into the possible role of two senior
army officers in a suspected espionage ring, following the hacking of
the computer of a major based in the Andamans, sources said Tuesday.

The sources said a joint team of the National Investigation Agency
(NIA), Military Intelligence (MI) and...
 

Posted by InfoSec News on Jun 15

http://www.computerworld.com/s/article/9178084/Hackers_exploit_Windows_XP_zero_day_Microsoft_confirms

By Gregg Keizer
Computerworld
June 15, 2010

Hackers are now exploiting the zero-day Windows vulnerability that a
Google engineer took public last week, Microsoft confirmed today.

Although Microsoft did not share details of the attack, other
researchers filled in the blanks.

A compromised Web site is serving an exploit of the bug in...
 

Posted by InfoSec News on Jun 15

http://www.saudigazette.com.sa/index.cfm?method=home.regcon&contentID=2010061675465

By Abdullah Al-Dani
The Saudi Gazette
16 June 2010

JEDDAH - The Saudi Arabian Monetary Agency (SAMA) has launched an
investigation into the hacking of Riyad Bank's website Monday morning.
SAMA has asked the bank to provide it with a detailed report on the
incident.

An official source at SAMA confirmed that the agency will punish any
bank which is lax in...
 

Posted by InfoSec News on Jun 15

http://www.darkreading.com/database_security/security/app-security/showArticle.jhtml?articleID=225700088

By Kelly Jackson Higgins
DarkReading
June 14, 2010

Renowned security researcher Dan Kaminsky today went public with the
launch of a new venture as well as its first deliverable -- a tool for
application developers that helps prevent pervasive string
injection-type attacks, such as SQL injection and cross-site scripting
(XSS).

Kaminsky...
 
Paterva has released Maltego 3.
Thanks to Joe for giving us a heads up on this release.
http://www.paterva.com/web5/client/download.php#Community

Kevin Shortt
ISCHandler on Duty
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Internet Storm Center Infocon Status