InfoSec News

OpenSSL ECDSA Timing Attack Local Information Disclosure Vulnerability
Oracle considered buying Palm and BlackBerry maker Research In Motion as part of an aborted effort to build its own smartphone, Oracle CEO Larry Ellison said in court Tuesday.
The first smartphone with an Intel chip will become available in India this week from mobile device maker Lava International, ending a long wait for the chip maker to enter the smartphone market.
Facebook added a "Listen' button Tuesday to the pages of music artists on the social network.
Intel said on Tuesday that it would announce its first Core processors based on the Ivy Bridge microarchitecture next week, and the first chips won't be for ultrabooks, but will be quad-core parts for high-end desktops and laptops.
Oracle Solaris CVE-2012-1684 Local Vulnerability
Oracle GlassFish Enterprise Server CVE-2012-0551 Remote Vulnerability
Oracle Solaris CVE-2012-1681 Local Vulnerability
Oracle FLEXCUBE Universal Banking CVE-2012-0567 Remote Vulnerability
Oracle FLEXCUBE Universal Banking CVE-2012-0546 Remote Vulnerability
Oracle FLEXCUBE Direct Banking CVE-2012-1707 Remote Vulnerability
Identifying people by acquiring pictures of their eyes is becoming easier, according to a new report* from the National Institute of Standards and Technology (NIST). NIST researchers evaluated the performance of iris recognition software ...
The National Institute of Standards and Technology (NIST) is co-hosting the fifth annual Safeguarding Health Information: Building Assurance through HIPAA Security conference on June 6 and 7, 2012, at the Ronald Reagan Building and ...
The National Institute of Standards and Technology (NIST) has announced proposed changes to a standard that specifies how to implement digital signatures, which can be used to ensure the integrity of electronic documents, such as wills ...
Intel's latest concept for an Ultrabook-tablet hybrid is beautiful, but it's not cheap.
Maybe it's because I don't like change, or maybe it's because I hate it when software developers assume that everyone can figure out their cryptic icons, but I wasn't a fan of Gmail's recent makeover.
Yahoo reported Tuesday that its first-quarter profit came to US$286 million, up 28 percent from the same quarter last year, but the company's total revenue revealed much more modest gains.
Intel on Tuesday reported its first-quarter earning results for fiscal 2012, with profit dropping on a slowdown in PC and server chip sales.
Oracle considered buying Palm and BlackBerry maker Research In Motion as part of an aborted effort to build its own smartphone, Oracle CEO Larry Ellison said in court Tuesday.
Apple and Samsung Electronics have agreed to attend a settlement conference in an ongoing patent lawsuit between the two companies, according to court documents.
It's been a busy 2012 on the Hill. As legislators and policymakers grapple with an array of issues central to the policy agendas of companies in the technology industry, CIO.com takes stock of how Washington has moved on intellectual property, cybersecurity, privacy and spectrum in the first quarter of 2012.
Microsoft has just unveiled the most practical use of augmented reality (AR) technology to date, at least for globetrotters.
Oracle Database Server CVE-2012-0520 Remote Enterprise Manager Base Platform Vulnerability
Oracle Supply Chain Products Suite CVE-2012-0549 Remote Oracle AutoVue Office Vulnerability
Oracle Database Server CVE-2012-0534 Remote RDBMS Core Vulnerability
Twitter on Tuesday unveiled a proposed patent assignment framework that seeks to give employees who create works more protection over how their inventions are used.
Start-up hVault announced that it plans to begin shipping a holographic disc library later this year that will enable companies to store petabytes of data for at least 50 years without any degradation.
Inspired by the success of the open-source software movement, a group of technology enthusiasts is looking to unite the fragmented open-source hardware community in an effort to promote hardware innovation.
Roberto Saracco isn't buying carriers' claims that they need to put caps on their LTE services due to excessive traffic causing massive engineering challenges.
Linux Kernel CVE-2012-1090 CIFS 'umount' Local Denial of Service Vulnerability
The Android OS version of Google's Chrome browser is now available in a host of new languages and has gained several new features, but it remains in beta testing and is afflicted with a variety of bugs.
An expensive and long-troubled software program for California's pension system that went live last year has stumbled out of the gate, with some areas of service dealing with significant backlogs, according to a report released by officials at the California Public Employees' Retirement System.
Apple's stock rebounded today from a several-day slump, gaining $29.57 to $609.70 by the market's close, up 5.1% from its Tuesday opening price.
An outage that prevented millions of users from accessing Gmail on Tuesday has been resolved, according to Google.
[security bulletin] HPSBOV02762 SSRT100825 rev.1 - HP Secure Web Server (SWS) for OpenVMS running CSWS_JAVA, Remote Denial of Service (DoS), Unauthorized Access, Privilege Escalation, Unauthorized Disclosure of Information, Unauthorized Modification
[security bulletin] HPSBOV02763 SSRT100826 rev.1 - HP Secure Web Server (SWS) for OpenVMS running PHP, Remote Denial of Service (DoS), Unauthorized Access, Privilege escalation, Unauthorized Disclosure of Information, Unauthorized Modification
[security bulletin] HPSBMU02764 SSRT100827 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Cross Site Request Forgery (CSRF), Denial of Service (DoS), Execution of Arbitrary Code, Other Vulnerabilities
Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability
Hackers are ramping up their attacks against Tibetan activists and are using increasingly sophisticated techniques to deliver malware, according to researchers from security firms FireEye and Trend Micro.
Microsoft today gave its newest server software a name -- Windows Server 2012 -- and said it would release the operating system this year.
It wasn't that long ago that storing images meant a shoebox under your bed, and sorting/filing them meant a choice between sticky pages or sticky photo corners in a paper album. Casual photography has changed the way we treat our images, but one thing hasn't changed: we still need to be able to find the shot we want. MAGIX Photo Manager MX Deluxe includes tools to do just that.
A brouhaha is shaping up: Apple and book publishers square off against Amazon and the DOJ over the price of an e-book. Who's right? CIO.com's Tom Kaneshige looks back to a Whiz Kid from the '90s for answers.
Re: Mathematica8.0.4 on Linux /tmp/MathLink vulnerability
Fwd: PHP Gift Registry 1.5.5 SQL Injection
Privacy groups and lawmakers are calling for a new and broader investigation into Google and its privacy practices after the U.S. Federal Communications Commission announced that it had found no evidence that the company broke eavesdropping laws.
Verizon Wireless will expand its faster 4G LTE network to 27 new cities on Thursday, bringing the total to 230 metro areas nationwide and reaching two-thirds of the U.S. population.
Google built Android using parts of Java that didn't require a license and it had the full support of Sun Microsystems in doing so, a lawyer for Google said in court Tuesday.

#SOURCEBoston: LobbyCon in full swing
CSO (blog)
It's a chance for people from the far-flung corners of the infosec world to meet face-to-face and catch up. At SOURCE Boston, the scene is playing out in the main lobby of the Marriott Courtyard on Tremont Street. I've already had the pleasure of ...

and more »
Windows 8 on ARM, now dubbed Windows RT by Microsoft, will include Word, Excel, PowerPoint, and OneNote applications -- a move that could be used to entice Windows tablet buyers.
As global semiconductor revenue hit $306.8 billion in 2011, Intel grabbed its biggest bite of the chip market to date.
Developers submitting apps to the Amazon Appstore for Android should consider obfuscating their code if they are concerned about their applications being reverse engineered, the company said in a blog post on Tuesday.
More than two-thirds of technology insiders believe that paying with smartphones will overtake cash and credit card payments by 2020, according to a survey released Tuesday by the Pew Internet and American Life Project and Elon University School of Communications.
PC World tested 3G and 4G wireless data transfer speeds at multiple locations in 13 major cities. Here's the lowdown on which carriers offer the best speeds and coverage.
Toshiba said Tuesday it will purchase IBM's retail point-of-sale (POS) business for $850 million, with the Japanese company taking over the hardware business while IBM shifts its focus to back-end software solutions.
Feel like you're missing nearby friends or nearby fun? Ban.jo, a free iPhone/iPod touch app, is designed to fix that problem.
Puppet Labs has equipped its namesake open-source configuration management software with the ability to control OpenStack cloud deployments, the company plans to announce on Tuesday.

ValidEdge Launches Portable Malware Intelligence System at Infosec
CisionWire (press release)
London, UK 17th April 2012 – ValidEdge, the leading malware analysis solutions company, is to formally unveil the MISbook, a full malware intelligence system on a laptop computer, at Infosec, London, April 24-26 on Stand G78.

Microsoft said it will sell just three Windows 8 editions for Intel PCs, half as many as the company pushed in 2009 for Windows 7.
With IT integral to the business, an increasing number of companies are hiring CIOs who didn't rise through the ranks. Is that a good thing? Insider (registration required)
The alleged ringleader of an online marketplace for illegal drugs was arrested Monday in Lelystad, Netherlands, capping two days of arrests and the indictment of eight men on federal drug trafficking and money laundering charges.
A survey of 1,000 U.S. consumers shows that many now use social networks to discover healthcare information and then turn to those same sites to voice their opinions about their own experiences.
Oracle decided on an aggressive strategy against Hewlett-Packard's Itanium servers after sales of competing Sun's Sparc servers had been in a free fall, and Oracle's executives stated internally that the company's 2010 acquisition of Sun Microsystems was a mistake, HP said in a filing in its dispute with Oracle over the porting of its software to the Itanium platform.
HTC on Monday announced the first of a new series of lower-end smartphones designed specifically for China, as the company expands its handset offerings in a key market.
Twitter has acquired the team at Hotspots.io, a social media analytics company, according to a notice on the Hotspots.io website.
The number of coding mistakes on websites continues to fall but companies are slow to fix issues that could be exploited by hackers working with improved attack tools, a security expert said.

Posted by InfoSec News on Apr 17


By Dan Goodin
ars technica
April 16, 2012

An Ohio man has been charged with hacking into two websites controlled
by law enforcement groups after he posted Twitter messages boasting of
the intrusions, which were carried out under the banner of "CabinCr3w,"
an offshoot of the Anonymous hacking collective.


Posted by InfoSec News on Apr 16


By Jon Gold
Network World
April 16, 2012

Enterprise IT departments can look to the new COBIT 5 framework for
governance and management best practices, according to ISACA, a global
nonprofit IT industry group.

Along with improvements in risk management, businesses should find it
easier to derive the most value from their IT investments through the
use of COBIT 5. The...

Posted by InfoSec News on Apr 16


By Taylor Armerding
April 16, 2012

Cybercriminals are not the only ones looking to make money from health
data breaches.

In California, where a unique state law provides for damages of $1,000
per person per violation of the Confidentiality of Medical Information
Act of 1981 (CMIA), plaintiff law firms are lining up to file privacy
data breach...

Posted by InfoSec News on Apr 16


By Dan Tynan
April 16, 2012

Dirty IT jobs don't always look so dirty at first glance.

Dressing up like Tom Cruise in "Mission: Impossible" and breaking into a
secured facility sounds like a blast -- until you're trapped for two
hours in the freezing rain waiting to be rescued. Think writing sexy
games would be fun? Imagine poring over...

Posted by InfoSec News on Apr 16


By Kim Zetter
Threat Level
April 16, 2012

Eight suspects in the United States and elsewhere have been arrested and
indicted for their involvement in an online drug market accessible only
through the TOR anonymizing network that sold LSD, ecstasy, marijuana
and other drugs to some 3,000 customers in 34 countries.

Six of the eight suspects reportedly involved in...
Internet Storm Center Infocon Status