Share |

InfoSec News

Hoping to ease customers' migration to the cloud, NetApp has released a reference architecture for deploying its storage systems as part of a Microsoft Hyper-V cloud system.
Comcast is expanding its services to medium-sized businesses by introducing metro Ethernet connections at up to 10-Gigabit speed, launching Monday in more than 20 U.S. cities.
When Facebook built its first company-owned data center in Prineville, Oregon, designing and managing the facility was only part of the challenge. In a blog post Monday, the company explained how it had to stress-test its entire software infrastructure by commandeering a giant cluster of production servers on the other side of the country.
After hackers knocked its PlayStation Network offline for nearly a month, Sony is now trying to make amends by giving customers free video games.
Mambo 'com_docman' Component Multiple SQL Injection Vulnerabilities
EMC NetWorker 'librpc.dll' Spoofing Vulnerability
[USN-1132-1] apturl vulnerability
ZDI-11-168: Multiple Vendor librpc.dll Remote Information Disclosure Vulnerability
VMware adds to its portfolio of security services with Shavlik’s SaaS-based configuration and patch management software.

Add to digg Add to StumbleUpon Add to Add to Google
Microsoft has incorporated more Facebook data into its Bing search results, increasing the competition around social search with Google, whose level of access to Facebook data is not as deep.
Microsoft has incorporated more Facebook data into its Bing search results, increasing the competition around social search with Google, whose level of access to Facebook data is not as deep.
Boston-based Bay Cove Human Services is a non-profit organization that offers assistance and service to 4,000 people and families in Massachusetts. CIO Hilary Croach has several technology challenges to contend with. For starters, the agency has its hands in a number of service areas, including helping individuals with developmental disabilities, mental illness, drug and alcohol addiction, and those who need support with aging. With about 140 locations around Eastern Massachusetts, Bay Cove's employees and IT operations are scattered.
The U.S. White House pushes for privacy and security in a new cybersecurity strategy.
Sony has hit a few glitches as it pushes the reset button on its hacked gaming networks; apparently it's not easy to reset 102 million passwords.
A federal jury has ordered SAP to pay Versata Software damages of $345 million in connection with a patent infringement lawsuit.
[ MDVSA-2011:089 ] mplayer
PR10-15: Multiple XSS flaws within Mitel's AWC (Mitel Audio and Web Conferencing)
Vulnerable and completely outdated 3rd party ZIP code in FastStone image viewer
Seagate today announced a battery-powered wireless drive for mobile devices such as the iPad.
Samsung's latest Android phone, the Infuse 4G, offers a large, bright display and great performance. Too bad it uses AT&T's quirky network.
FFmpeg libavcodec 'flicvideo.c' Heap Based Buffer Overflow Vulnerability
[ MDVSA-2011:088 ] mplayer
WebTech Conference 2011 Call for Papers
Media in Spot CMS 'page' Parameter Local File Include Vulnerability
Scammers are trying to trick Windows users into paying to fix bogus hard drive errors that have apparently erased important files, a researcher said today.
Microsoft kicked off its annual TechEd conference Monday much the way it did last year's, heavily touting cloud computing as a more efficient way for businesses to run IT operations. This year, however, company executives provided more details about how organizations can actually use cloud computing day-to-day.
SanDisk today announced an agreement to purchase enterprise-class SSD-maker Pliant for $327 million.
NSENSE-2011-002: Novell eDirectory/Netware LDAP-SSL daemon
[ MDVSA-2011:087 ] vino
Linux Kernel 2.6.38 Remote NULL Pointer Dereference
DC4420 - London DEFCON - May meet - Tuesday 24th May 2011
In this part, Nick Selby and Dave Henderson discuss the importance of utility in the world of law enforcement.
VMware will acquire Shavlik Technologies, a company that develops traditional and cloud-based management products for small and medium-sized businesses, helping them to manage, monitor and secure both physical and virtual environments.
Thanks to university researchers and a metal robotic exoskeleton, a paralyzed student at UC Berkeley was able to walk across the stage to receive his diploma over the weekend.
Hewlett-Packard considered using Intel's Thunderbolt interconnect in new desktop PCs announced Monday, but is sticking with USB 3.0 because of wider support, a company official said.
[SECURITY] [DSA 2237-1] apr security update
ESA-2011-016: EMC SourceOne ASP.NET application tracing information disclosure vulnerability
[ MDVSA-2011:084 ] apr
[Annoucement] ClubHack Magazine - Call for Articles

An attacker rented space on Amazon’s EC2 service to wage cyber attacks on Sony Corp., according to a report.

Sony restarted its PlayStation Network and Qriocity services over the weekend and investigators have reportedly traced the attack to servers hosted on Amazon’s EC2 service.

Sony’s computer forensics team, which is investigating a massive data breach of its systems, believes the intruder rented space on Amazon’s cloud-based hosting service under a bogus name, according to a report from Bloomberg citing an anonymous source close to the investigation.

The attacker used the service as a platform to wield several attacks that crippled Sony Corp., and affected more than 100 million users of its gaming services. The breach is believed to be the largest data breach in the U.S. since the massive data breach at Heartland Payment Systems in 2009.

On Saturday, Sony partially restarted its PlayStation Network and Qriocity services, which were shut down since April 20, while the forensics team investigated the scope of the massive Sony breach.

The initial Sony breach exposed sensitive data on about 77 million Sony users. The company then discovered an outdated database from 2007, which included more than 12,000 non-U.S. credit and debit card numbers and 10,700 debit cards of users in Austria, Germany, the Netherlands and Spain.

The company has created the position of chief information security officer and implemented a number of steps to bolster security.

In a message to customers, the company said it added automated software monitoring and configuration management and bolstered encryption of passwords and other sensitive data. The company is also adding network security, boosting the number of firewalls and improving their effectiveness by ensuring they are configured properly. The company also said it added network monitoring technology that has the ability to detect software intrusions and network anomalies that could be suspicious activity.

Add to digg Add to StumbleUpon Add to Add to Google
Nokia will abandon its Ovi mobile services brand as it prepares to sell smartphones based on Microsoft's Windows Phone software.
NASA's space shuttle Endeavour lifted off this morning on its final space flight.
Vino Framebuffer Request Processing Multiple Remote Denial of Service Vulnerabilities
Imperva SecureSphere SQL Query Filter Security Bypass Vulnerability
SAP is preparing to release a major revamp of its software for EPM (enterprise performance management), a subset of BI (business intelligence) that focuses on areas such as budgeting, planning and compliance, the company announced Monday in conjunction with the annual Sapphire conference in Orlando.
SAP and Dell are expanding their relationship in the areas of cloud computing and in-memory databases, the companies will announce on Monday during the Sapphire conference in Orlando.
Research in Motion said it has recalled an estimated 1,000 PlayBook tablets, indicating a small number had reached customers who were unable to properly load software at setup.
Microsoft reminded users on Monday that it will stop supporting Windows Vista Service Pack 1 on July 12.

(IP) Identity Theft in Cloud Computing Environments
SYS-CON Media (press release) (blog)
#devops #infosec Shared resources do benefit organizations, there's no arguing about that. But when resources forming the basis of identity are trusted and then inadvertently shared, you may find your (IP) identity misappropriated. ...

Mozilla plans to push 12 million users of the aged Firefox 3.5 to a newer version next month by taking the unprecedented step of automatically upgrading their browser.
From using 'free cooling' to relying on DC power, four tech giants give their best advice to fellow data center managers.
Two brothers have pleaded guilty to reduced charges in connection with a federal H-1B fraud case brought by the U.S. government.
Millions of PlayStation users are once again able to shoot, fight and race their way through online worlds after Sony resumed online gaming service late Saturday and Sunday in many major markets.
Thousands of Turks protested Sunday both online and on the streets against new Internet controls proposed by the Turkish government.
Apple's next iPhone will pack the company's newest A5 processor, but the additional horsepower won't be a major upgrade motivator unless Apple pulls some high-powered apps from its own pocket, an iPhone expert said.
After repairing problems that derailed space shuttle Endeavour's first launch attempt, NASA is prepping for a Monday morning lift-off.
Apple's iOS and Mac app stores have popularized the concept, but Microsoft, Google, and others are now adopting it
Mojolicious CVE-2010-4803 HMAC-MD5 Checksums Unspecified Vulnerability
Tor Multiple Denial of Service Vulnerabilities
Tor Unspecified Buffer Overflow, Denial of Service and Information Disclosure Vulnerabilities

Posted by InfoSec News on May 15

By Brendan Gallagher
The Telegraph
13 May 2011

An angry David Millar insists "heads should roll" within cycling's
governing body (UCI) after a list it drew up to estimate the 'doping
risk' or potential of each rider at last year's Tour de France was...

Posted by InfoSec News on May 15

Times Colonist
May 14, 2011

Details of the cyberattack that choked thousands of websites hosted by are now in the hands of the RCMP.

Mark Morley, who owns with brother Steve Morley, said
Friday he has reported the attack to West Shore RCMP.

An email Thursday afternoon to the Internet service provider claimed
responsibility for the...

Posted by InfoSec News on May 15

By Tracy Kitten
Managing Editor
Bank Info Security
May 13, 2011

Card issuers were quick to link incidents of debit and credit fraud to
the Michaels retail chain, experts say - a sign that strong transaction
monitoring and behavioral analytics are the best ways to curb growing
card-fraud schemes.

The Michaels card breach is now believed to have affected stores in 20
states. The mode...

Posted by InfoSec News on May 15

By Martyn Williams
IDG News Service
May 14, 2011

Sony will begin a phased resumption of its PlayStation Network and
Qriocity services on Sunday, more than three weeks after a cyber attack
that resulted in the loss of personal information on more than 100
million customers.

The two services will initially be available for users in North America...

Posted by InfoSec News on May 15

By Mathew J. Schwartz
May 13, 2011

The volume of attacks that target the Android mobile operating system
has increased by 400% since the summer of 2010. Also in that timeframe,
one in 20 enterprise mobile devices has gone missing.

Those two findings come from the "Mobile Malicious Threats" report
released Tuesday by Juniper Networks, which sells networking hardware...

Posted by InfoSec News on May 15

Bangkok Post

Japanese game developer Square Enix Holdings said email addresses of
25,000 customers as well as resumes of 250 job applicants were leaked
after a hacker attack against its European subsidiary.

Hackers accessed the website, managed by London-based
Square Enix Ltd, as well as other product sites,...

Posted by InfoSec News on May 15

By Ryan Singel
Threat Level
May 13, 2011

Dropbox, the wildly popular online storage system, deceived users about
the security and encryption of its services, putting it at a competitive
advantage, according to an FTC complaint filed Thursday by a prominent
security researcher.

The FTC complaint charges Dropbox (.pdf) with telling users that their
files were totally encrypted...

Internet Storm Center Infocon Status