InfoSec News

Best Practices: Enterprise Digital Rights Management
We preach the concept of moving toward a data-centric security model and being flexible with technology, yet many infosec pros fail to address a big, glaring gap that's staring us in the face: how data is used, stored and transferred once it gets past ...

The australian government normally doesnt come under fire from many hackers in comparasion to other website but today D157UR83D crew, the same crew who hacked harvard yesterday has release a bunch of australian government websites that have been hacked and makes threats that more australian government websites are to come in the near future.

When it comes to security in the cloud, organizations are confident in their cloud providers, but also and reluctant to expose certain types of data and applications, according to IT industry association CompTIA. Security vendors maintain the problem is one of visibility and control, and each has a solution.
The U.S. International Trade Commission on Friday issued a final determination that Apple doesn't infringe certain HTC patents.
LightSquared's primary investor, Philip Falcone, is exploring possible lawsuits against the FCC and the GPS industry in the wake of the FCC's rejection of the carrier's plan for a 4G cellular network, sources familiar with the company's planning confirmed on Friday.
Google wants a third damages report by an Oracle expert in the companies' lawsuit over the Android mobile OS to be thrown out, arguing that it is "riddled with fatal errors," according to a filing made Friday in U.S. District Court for the Northern District of California.
A panel previewing the 2012 RSA Conference said gaining visibility into an enterprise?s partners and other third-party services has become a serious challenge.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Apple could price an 8-in. iPad as low as $299, an IHS iSuppli analyst said today, as part of a strategy to 'crush' the competition.
The operators of file-sharing site Megaupload are facing new charges, after the U.S. Department of Justice has filed a superseding indictment charging the nine defendants with additional counts of criminal copyright infringement and wire fraud.
The U.S. Congress has passed legislation that will allow the U.S. Federal Communications Commission to set aside a piece of unlicensed spectrum before new mobile spectrum auctions, despite opposition from some lawmakers who wanted all the available spectrum to be auctioned.
A grad student caught Google with its hand in the cookies jar.
Oracle has decided to give up on one of the patent claims it brought against Google in its lawsuit over alleged Java intellectual property violations in the Android mobile OS.
Google's alleged circumvention of do-not-track controls on Apple's Safari browser could lead to big fines from the U.S. Federal Trade Commission if the agency determines Google has violated a privacy settlement the company agreed to in March, some privacy advocates said Friday.
The pressure is on HTC and LG Electronics to show they can compete with Apple and Samsung Electronics in the smartphone market by showing off impressive products at Mobile World Congress, which starts in Barcelona later this month.
The U.S. Air Force is planning to buy as many as 18,000 tablet computers to serve as 'electronic flight bags,' that will replace the paper manuals and documents that air crews use today.
Researchers at MIT have developed a wirelessly controlled and programmable microchip that can be implanted into the human body to deliver medicine
HP Printers and Digital Senders Remote Firmware Update Security Bypass Vulnerability
Cloud computing is too often reductively branded as an economic calculus that would trade a CapEx model for an OpEx model. But it's a little more complicated than that. Bernard Golden explains what we talk about when we talk about cloud computing.
RETIRED: HP Printers and HP Digital Sender Firmware Update Remote Code Execution Vulnerability
[ MDVSA-2012:021 ] java-1.6.0-openjdk
Both Firefox and Chrome have release updates this week. Firefox has released 10.2 and Chrome is up to 17.0.963.56. Firefox has released a couple of updates in quick succession with an impressive list of bugs being fixed. Check out this list :http://www.mozilla.org/en-US/firefox/10.0/releasenotes/buglist.html Consider doing an update soon.
Release Notes:http://www.mozilla.org/en-US/firefox/10.0.2/releasenotes/
Release Notes:http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Microsoft today used the latest privacy flap involving Google to again blast its rival's behavior.
Google's alleged circumvention of do-not-track controls on Apple's Safari browser could lead to big fines from the U.S. Federal Trade Commission if the agency determines Google has violated a privacy settlement the company agreed to in March, some privacy advocates said Friday.
Twitter this week finally wrapped up the rollout of a Twitter.com redesign first announced in December.
Acer is upgrading all of its Iconia Tab tablets to Google's latest Android 4.0 OS, with updates due to be completed by the end of April, the company said on Friday.
An SAP-based human resources software system implemented last year by Kentucky's government suffered from a series of "material weaknesses" that could result in significant financial misstatements, according to a report released this week by the state's auditor.
Multiple Cisco Nexus Devices IP Stack Remote Denial of Service Vulnerability
PHP 5.2.x Remote Code Execution Vulnerability
Some of the worst consequences of terrorism come not from the real dangers that terrorism poses but in our efforts to defend ourselves from something that is incredibly hard to define and predict.
[security bulletin] HPSBPI02728 SSRT100692 rev.4 - Certain HP Printers and HP Digital Senders, Remote Firmware Update Enabled by Default
IETF I-D: Security and Interoperability Implications of Oversized IPv6 Header Chains
Re: Fwd: 0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977)
0-DAY XSS of cforms II is now fixed after a year and four months (was Re: cforms WordPress Plugin Cross Site Scripting Vulnerability - CVE-2010-3977)

Valve lets off some Steam about online gaming data breach
Infosecurity Magazine
Data loss prevention: the term that fills marketing managers with joy, and infosec managers with dread. Preventing a data leak may be the top priority for the IT security team, but is DLP technology mature, and cost effective enough, to be the answer?

and more »
With the federal government climbing on board with the cloud revolution, the important questions for service and application providers turn to issues surrounding security, architecture.
The Wall Street Journal has charged that Google, along with a number of other advertising agencies, have planted code on millions of iPhones that allows the companies to track user behavior.
Tech companies, coming off a strong earnings season, were big winners Thursday as markets rose to multiyear highs on reports of a strengthening economy.
Bad performance can be blamed on flash memory rather than CPU or network bandwidth, a team of researchers have found.
Samsung's latest device, the Galaxy Note, offers a bright 5.3-in. display and a digital pen, making it an interesting cross between a tablet and a smartphone.
There always seems to be a lot of backlash and fuss going around the Internet about how much personal information is shared between my social networks and other sites or services. It occurred to me, though: what if the opposite happened, and rather than too much data being shared you went to visit Facebook or Twitter and all of your data was gone?
Much like the recent Stratfor attacks they have also used the free social media service facebook to announce a public statement about the hack which in turn also confirms what anonymous has claimed to do.

Adobe Flash Player CVE-2012-0754 Remote Memory Corruption Vulnerability
Novell GroupWise Messenger Client '.nmx' File Stack-Based Buffer Overflow Vulnerability
Twitter has tied with American Express to offer its merchants and card members early access to an online advertising platform for small businesses.
Apple's opponent in an ongoing dispute for the iPad trademark in China previously tried to "exploit the situation" by demanding the U.S. tech giant pay $10 million for the trademark, a Hong Kong judge ruled last June.
Mac OS X Mountain Lion will offer users a new security model that by default lets users install only programs downloaded from the Mac App Store or those digitally signed by a registered developer.
TeamGreyHat have become victims to part of there own game and there website .teamgreyhat.com has been hacked by 3xp1r3 Cyber Army and at time of publish was still defaced. Its not uncommon to see hackers attacking each other, infct it happens more often then not and often it sparks or is part of a on going saga that often never gets resolved.

Today, well just now the hacktivist group anonymous has released a statement and mirror and data from yet another government website, this time being a ftc.gov subdomain business.ftc.gov which when checked appears to be offline for now.

Horde Groupware Source Packages Backdoor Vulnerability
Oracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability
ButorWiki 'service' Parameter Cross Site Scripting Vulnerability

Posted by InfoSec News on Feb 17


By John P. Mello Jr.
Feb 16, 2012

Google is working on a new password manager for its Chrome browser that
would also automatically create strong passwords for users.

The new manager is currently in the design phase, but Google has
described the process by which it would work.

When a user visits a page that Chrome thinks is asking to set up an...
Bishop's Stortford, a small market based town in UK has become victim to hackers who have breached the server and left a load of accounts and server info on pastebin for the world to see.


Posted by InfoSec News on Feb 17


By Gavriel Queenann
Arutz Sheva

Israel's Bank Hapoalim reported an attempted cyber-attack from Iran on
their systems on Thursday. Bank officials said the attack was foiled by
extant security measures and that the hackers failed in their mission.

Meanwhile, Yisrael Hayom reported that The Bank of Israel convened an
emergency meeting last night with representatives from...

Posted by InfoSec News on Feb 17


By Kelly Jackson Higgins
Dark Reading
Feb 16, 2012

If you were wondering how safe your medical records are at your doctor's
office, then this might make you sick: Ninety-one percent of small
healthcare practices in North America say they have suffered a data
breach in the past 12 months.


Posted by InfoSec News on Feb 17


By Mathew J. Schwartz
February 16, 2012

The websites of the Nasdaq and BATS stock exchanges, together with the
Chicago Board Options Exchange (CBOE), were offline earlier this week
after a hacktivist group with apparent Anonymous ties targeted them with
distributed denial of service (DDoS) attacks. But while customers were
intermittently unable to use some of the...

Posted by InfoSec News on Feb 17


By Ellen Messmer
Network World
February 16, 2012

After having its flagship RSA crypto system called flawed this week by
prominent researchers in a paper they made available online, EMC's RSA
security division struck back by saying the paper's results don't
indicate a fundamental flaw in the RSA algorithm but more likely a
problem with implementing it....

Posted by InfoSec News on Feb 17


By John E Dunn
16 February 2012

Security vendor Blue Coat Systems is once again a private company after
the company’s shareholders confirmed a December takeover that values the
company at $1.3 billion (£830 million).

The acquisition by private equity company Thoma Bravo brings full circle
over a decade of quoted existence after Blue...

Posted by InfoSec News on Feb 17


The Secunia Weekly Advisory Summary
2012-02-09 - 2012-02-16

This week: 70 advisories

Table of Contents:

1.....................................................Word From Secunia...
The attack is apart of the on going cyber war between Bangladeshi hackers and Indian hackers and the on going real life war between the boarders which is seeing people killed.

The company Loongson which is was a private/public start up also creates other technoglys to go with the cpus they produce. The hack has resulted in data being leaked from the chinese company.

A 15yo hacker who is part of D157UR83D crew has successfully hacked and obtained data from one of america's biggest and most well known university's, Harvard. now its not the first time we have seen harvard hacked but this proves that no matter who you are or how big you are hackers of all ages will come after you if your systems are exploitable.

XnView Multiple Memory Corruption Vulnerabilities
A trademark dispute in China over the iPad could spill over into U.S courts, after a little-known Chinese company threatened on Friday to sue Apple in the U.S. for among other things allegedly setting up a "fake company" to purchase the rights to the trademark.
Jenkins Multiple HTML Injection Vulnerabilities

Analysing the cyber scam that tried to fool an infosec professional's wife
Infosecurity Magazine
PandaLabs' 2011 report puts facts and figures to what really happened last year: rising malware, cyber-activism, cyberwarfare, increasing mobile malware, more attacks on social networks and the “first large-scale attack on Mac”.

and more »
WampServer 'lang' Parameter Cross Site Scripting Vulnerability
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Internet Storm Center Infocon Status