InfoSec News

An investor in Clearwire has stepped up its fight to get a better price for the mobile operator, but Clearwire's alternatives to a Sprint Nextel buyout may be limited due to the nature of its spectrum and its business.
Symantec has confirmed the existence of the targeted Trojan it calls Batchwiper.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
You read it in Computerworld Hong Kong: the Hong Kong Police have launched a Cyber Security Center to provide round-the-clock services. The HKP made an investment of HK$9 million in hardware and software for the new facility.
Computerworld Hong Kong (CWHK): Are we actually any more secure today than we were five years ago?
Your small business or fan Facebook page is probably fine just the way it is. But it could be a whole lot better. That's the idea behind Heyo Social, a nifty Web-based tool that allows you to add a whole lot of content to your Facebook fan or small business pages.
People accuse Kim Dotcom of many things, both good and bad and not always without merit. However whatever your views of his exploits, one thing you can't take away from the eccentric German -- and now Kiwi adoptee -- is the fact that he has completely redefined the word "Dotcom". Sure there was all that interweb stuff too, but let's focus on the superficial first.
Nearly one year after beginning to orbit the moon and helping scientists learn more about the internal structure andcomposition of the moon, NASA's twin spacecraft, named Ebb and Flow, crashed into the moon late Monday afternoon -- just as planned.
The FBI is examining a broken hard drive found in Adam Lanzas room, searching for evidence about whom he was communicating with and how he was using the computer before Friday's shooting rampage at a Connecticut school.
Blue Coat said Crossbeam gives it a platform for its software and also helps bolster its network optimization strategy in high-end data centers.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Apple today said it has sold 2 million iPhone 5 smartphones in China since Friday, setting an opening weekend sales record for the country.
The National Rifle Association is dealing with the double-edge sword of social media by taking down its Facebook page and going silent on Twitter in the wake of the tragic elementary school shooting in Newtown, Conn.
PHP Address Book 'group' Parameter Cross Site Scripting Vulnerability
The end of each year sparks an occasion for rumination on the past, as well as a longing gaze into the future. We shined up our crystal ball, rubbed our chin for a while, and sought opinions from industry analysts on what the future holds for the enterprise software market.
The creators of Carberp, a banking Trojan program used exclusively in Russian-speaking countries, have started to sell an improved version of the malware together with custom scripts that would allow cybercriminals to target U.S. online banking customers, according to researchers from Russian security firm Group-IB.
Adopting cloud-based services raises concerns and questions about data security, according to the Sophos 2013 Threat Report.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
IPv6 Neighbor Discovery security (new documents)

Reader Josh reports that while downloading the latest version of Java 6 (version 37) from Oracles website he received a reminder from Oracle that Java 6 will reach end of life in February 2013. After February 2013 security updates will only be available to customer who purchase extended support contracts. If you havent already done so, now is a good time to mark your calendars for this upgrade. More details are available here:


Mark Baggett
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Symantec Endpoint Protection Manager CVE-2012-4348 Remote Code Execution Vulnerability
Symantec Network Access Control CVE-2012-4349 Local Privilege Escalation Vulnerability
TWiki Multiple Security Vulnerabilities
Hundreds and hundreds of products are released for the Mac each year. A few products truly stand out as impressive examples of quality, value, and innovation. These are the products that we recognize with an Editors' Choice Award.
Cisco arrived late to the 802.11ac party, but its Linksys EA6500 (it's hard to say the entire name--the Linksys Video Pro AC1750 Smart Wi-Fi Router EA6500--in a single breath) is a very solid, easy-to-use dual-band router with one unique, gee-whiz feature.
A Microsoft-commissioned report published last week said companies can save tens of thousands of dollars in support and development costs by standardizing on one browser.
While Gartner Inc. now says that global semiconductor revenue has dipped 3% this year, the market is expected rebound in 2013.
[ MDVSA-2012:180 ] perl-CGI
[SECURITY] [DSA 2589-1] tiff security update
[SECURITY] [DSA 2588-1] icedove security update

Following the tragic events in Newtown Connecticut last week several new domain names related to those events have been registered. I have little doubt that many of these site are owned by charitable and caring individuals or organizations who want to assist families in their time of need. Other sites may belong to political organizations who will attempt to further their side of an argument as a result of this tragedy. Still other sites will undoubtedly belong to scammers who will capitalize on peoples desire to help by establishing fake charities. I spent a few hours going through many of the newly registered domains. So far most of the sites are still under construction with very little to look at. I expect that will change over the next few days. If any readers receive spam related to the tragedy please let us know.


Mark Baggett
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
After more than five years with the National and ANZ banks in ICT-related roles, Victor Vae'au decided, in 2007, to "round out" his career with some public-service experience. He applied for an applications development post in the NZ Defence Force and was told of an opportunity as operations manager.
We are awash in passwords, and as the number of Web services increases, things are only going to get worse. Trying to manage all these individual passwords is a major problem for enterprise security. Many end users cope by re-using their passwords, which exposes all sorts of security holes.
Sprint would spend $2.2 billion to take complete ownership of Clearwire, a move that will help it expand its network capacity.
Windows Phone 7.8 is available on Nokia's new Lumia 510, but the company still won't say when existing phones will get the update.
A new piece of malware that deletes entire partitions and user files from infected computers has been found in Iran, according to an alert issued Sunday by Maher, Iran's Computer Emergency Response Team Coordination Center.
Danish company The Eye Tribe is leading a new project that will make it possible to control smartphones and tablets using eye movements.
Softbank will soon offer a new satellite phone for use in earthquakes and other natural disasters.
Xen 'HVMOP_set_mem_access' Local Denial of Service Vulnerability
With the bulk of the IT budgets in place for 2013, it is a good time to reflect on how the budget process has morphed over the years to accommodate shifts in technology and evolving corporate demands and priorities.
The latest update to Java SE 7 brings enhanced security options for running Java applications within a browser, including finer controls for unsigned applets and blocking of attempts to request older insecure versions of Java

MATE mate-settings-daemon CVE-2012-5560 Local Security Bypass Vulnerability

ISSA chapter meeting on government infosec initiatives and threats
SC Magazine UK
An ISSA UK chapter meeting was held in early December in London and in attendance was Fujitsu's James Gosnold. Opening the event, Lord Toby Harris discussed 'How insecure is the UK?' and articulated a message about the ever increasing cyber threat ...

In the wake of the tragic school shooting in Newtown, Conn, police warned that they will prosecute anyone purposefully posting false information related to the incident on social networks.
The flaw allowed copies of Windows 8 to be run without a valid licence using a Media Center key. Microsoft has now closed the loophole

A critical problem has been discovered in a kernel memory device on Samsung's Android phones and tablets using its own Exynos 4 processor. The problem enables full read-write access to memory, granting hackers root access
Even though technology is playing an increasingly important role in the U.S. economy, IT wages remain persistently flat, analysts say. Insider (registration required)
Neither federal and state law nor the courts have come close to catching up with the privacy implications of so much of our data existing in a realm beyond our complete control.
The iconic 'gold watch' career path, in which people stay with the same employers for their entire working lives, has become anachronistic, says Thornton A. May. Today, the most important skill is the ability to acquire new skills. Insider (registration required)
Tech staffers are migrating into new roles -- frequently with non-IT job titles -- throughout the enterprise, working on an array of projects that require tech savvy in addition to business and process knowledge, management skills and more. Where you land all depends on your proficiency with one of today's most indispensable career navigation tools -- your own customized career strategy.
James T. Wilkes, chair of the Appalachian State University computer science department, mixes what he's learned about IT with his other professions: farming and beekeeping. For example, he created a Web application that helps beekeepers manage their hives. Insider (registration required)
Microsoft's recent increase in the price of its user client-access licenses (CAL) is a 'lose-lose' deal for enterprise customers but will likely yield a major revenue boost for the vendor.
Your competitive advantage in the labor market will come from your interest in, and aptitude for, creating good experiences for the people you work with, says columnist Paul Glen.
IT workers know that soft skills are key to career advancement, but such skills are difficult to quantify. Here's how to revamp your resume to make your talents shine.
Four IT workers who recently found new jobs describe their hard-won success and offer a view from the street. Insider (registration required)
Solid-state drive pricing has dropped about 30% this year, reaching what researchers call the magic price point of $1-per-gigabyte of capacity, according to information from IHS iSupply and Dynamite Data
A member of the xda-developers forum has discovered a problem with the memory addressing on devices using Samsung's Exynos 4 processor that gives hackers root access. It also allows attackers full rein over them

JW Player HTML Injection And Content Spoofing Vulnerability
The demand for iPhone 5s is amazing and the dangers of overseas grey markets appear to have got a Chinese woman from Massachusetts tasered. Really.
A report surfaced recently contending that BlackBerry OS 10 will include a list of 106 prohibited passwords designed to prevent the clueless from choosing the likes of 123456, blackberry, or the ever-popular "password" as their password.
A suspected fault in how Samsung Electronics has implemented the Android's kernel in several of its devices could allow a malicious application to gain total control over the device.
Internet Storm Center Infocon Status