InfoSec News

A Sprint Nextel spokesman said the Galaxy Tab with the Android Froyo operating system is still under development, and suggested that reported problems with running Android apps would be fixed before the device is released this fall.
 
Dell is trying to extend the appeal of its Streak handheld to businesses and add a new dimension to its enterprise hardware, software and services offerings, a company official said this week.
 
Google in the coming months will begin taking a cut from sales on its Apps Marketplace, where external developers currently pocket all revenue from sales of their applications.
 
Diaspora is already running into early criticism over security issues by those who say they have tested the Facebook rival.
 
The death of the PC industry at the hands of Apple's iPad has been greatly exaggerated, analysts said.
 
Salesforce.com CEO Marc Benioff currently has a 90% approval rating from his employees, beating out Oracle CEO Larry Ellison as well as SAP co-CEOs Jim Hagemann Snabe and Bill McDermott, according to figures from careers Web site Glassdoor.com.
 

The Cyberwar Echo Chamber
Nextgov
The rhetoric sounds uncannily familiar to what retired CIA and National Security Agency Director Michael Hayden told infosec professionals at the annual ...

 

INTERPOL: International ID verification system needed
NetworkWorld.com
The conference entitled "Global Co-operation today for InfoSec risks tomorrow," is expected to generate creative solution ideas for the timely prevention ...

and more »
 
Windows Phone 7 devices coming this fall will initially work with GSM carriers such as AT&T and T-Mobile, but will not include carriers of CDMA technology, which include Verizon Wireless and Sprint Nextel.
 
Diaspora was lauded as the next challenger to Facebook before it was even begun. Now, the developer's alpha is out -- how much promise does it show?
 
Mozilla this week updated all versions of Firefox, including the beta of the upcoming Firefox 4, to fix stability problems that crashed the browser.
 
Several of our readers sent us a heads up about a Linux kernel vulnerability which was previously patched, but has

leaked back into the kernel.

The vulnerability exists in the 32-bit compatibility mode of the kernel and upon execution can result in a local root

compromise.



The Heise security team reportedly obtained a root shell on 64-bit Ubuntu 10.04 using this exploit.



The current workaround involves temporarily disabling the execution of 32-bit applications (See Full-Disclosure and the Redhat article below for details)



Reportedly all current Linux kernels are affected (patch is in the works) as well as backported kernels from vendors like Redhat.



References:

@benhawkes (Deserves the credit for discovering this re-emergence. Not linking as exploit code is provided)

http://xorl.wordpress.com/2009/08/07/cve-2007-4573-linux-kernel-ia32-system-call-emulation-vulnerability/

https://bugzilla.redhat.com/show_bug.cgi?id=634457

https://access.redhat.com/kb/docs/DOC-40265

http://www.heise.de/newsticker/meldung/Luecke-im-Linux-Kernel-ermoeglicht-Root-Rechte-1081195.html (German)

Full-Disclosure



Thanks to Jens Hektor and Dave for bringing this to our attention.



Robert

ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
While all four major U.S. carriers will sell the Samsung Galaxy Tab running Froyo this fall, a Google executive already has said it won't work well with Android Market apps.
 
Forrester analyst Khalid Kark said a good information security program starts with a risk assessment.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Information security - Security - Risk assessment - Consultants - General and Freelance
 
Net neutrality doesn't have a middle path and Genachowski needs to "man up".
 
The traditional IT outsourcing industry will be dead in five years, A.T. Kearney's Arjun Sethi predicted in a recent interview with CIO.com. The culprit? Cloud computing services. Sethi's vision of the future of the IT services industry is quite clear, but he's unsure of the specific implications this industry transformation poses to traditional IT outsourcing customers.
 

Infosec technology needs to be more visible to users, says Clearswift CEO
Infosecurity Magazine
In discussing the common belief that infosec software should be invisible to be most effective, Turner proclaims that the exact opposite is true. ...

 
We've heard a lot of chatter about the coming army of Android tablets, but we haven't seen any real contenders posing a challenge to Apple's dominant iPad--until now. Samsung first unveiled the Galaxy Tab at the IFA show in Berlin earlier this month; now, the company has formally introduced the Tab to the U.S. market for all four major wireless carriers (AT&T, Sprint, T-Mobile, and Verizon). And judging from my initial hands-on with a preproduction Samsung Galaxy Tab, this tablet has the chops to compete with the iPad.
 
The U.S. Department of Justice is nearing a settlement with technology vendors including Apple, Google and others over an investigation of their hiring practices, according to a report.
 
Research firm RamzAfzar this week issued a home-brewed patch that appears to fix a critical bug in the popular Adobe Reader software.
 
Samsung on Thursday said it was opening an entertainment store to bring movies and TV shows to its smartphones and upcoming Galaxy Tab tablet.
 
Videoconferencing is often the domain of CEOs and CFOs, but Idaho's Department of Fish and Game uses high-definition (HD) videoconferencing to discuss concerns such as wolf management and salmon runs.
 
InfoSec News: Spycraft, contacts still key in espionage world: Forwarded from: Simon Taplin <simon.taplin (at) gmail.com>
http://www.ioltechnology.co.za/article_page.php?iArticleId=5650147
By Peter Apps Independent Online 16 September 2010
London - Smartphones and e-mail might be revolutionising espionage, but [...]
 

The hottest IT security certifications
ComputerworldUK
Infosec certifications have been gaining popularity since 2005, when the Defense Department issued a directive known as 8570 that requires military ...

 
InfoSec News: Polish hacker gets inside US Military's Defence Logistic Agency website: http://www.techeye.net/security/polish-hacker-gets-inside-us-militarys-defence-logistic-agency-website
By Michal Letowski TechEye 16 Sep 2010
There is one movie every Polish person knows. It's a cult comedy from the 80s called "Miś" - meaning "Teddy Bear". [...]
 
InfoSec News: How I got thrown out of an NSA party: http://www.networkworld.com/news/2010/091610-nsa-party.html
[Last NSA party I was at was pretty boring, it was full of NSA extroverts, they were too busy looking at everyone elses shoes! - WK]
By Ellen Messmer Network World September 16, 2010
ORLANDO - The National Security Agency, America's high-tech spy agency and guru for military information security, is a secretive sort of creature that doesn't like to come out in the daylight, especially to deal with the media. So inviting the tech media, such as myself, to attend the NSA's first-ever "NSA Trusted Computing Conference and Exposition" was not an easy decision.
After all, they were letting some of their more prominent and smart NSA technical personnel out of the confines of places like Ft. Meade, the NSA headquarters, to talk about how much the agency wants to make use of commercial security products and virtualization -- and influence its development so it's good enough for the Top Secret mission-critical needs of the military.
But while the NSA had apparently decided to include the press at this first-ever conference, it was a decision fraught with much hand-wringing. Which leads me to tell you how I got thrown out of an NSA party — a first for me, I might add.
[...]
 
InfoSec News: Social Engineering Report Shows Corporate America At Risk: http://www.darkreading.com/insiderthreat/security/vulnerabilities/showArticle.jhtml?articleID=227400472
By Kelly Jackson Higgins DarkReading Sept 15, 2010
Among the unsettling results in the final report, released today, from the Social Engineering Capture The Flag contest held in August at [...]
 
InfoSec News: Is Stuxnet the 'best' malware ever?: http://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_
By Gregg Keizer Computerworld September 16, 2010
The Stuxnet worm is a "groundbreaking" piece of malware so devious in its use of unpatched vulnerabilities, so sophisticated in its [...]
 
InfoSec News: Group recommends joint NATO-Russia 'cyber' war games: http://www.theregister.co.uk/2010/09/16/nato_russia_war_games/
By Dan Goodin The Register 16th September 2010
The North Atlantic Treaty Organization and Russia should undertake joint information-warfare exercises so the two countries can better protect [...]
 
InfoSec News: Intel CISO: The biggest threat to security is a misperception of risk: http://www.csoonline.com/article/615413/intel-ciso-the-biggest-threat-to-security-is-a-misperception-of-risk
By Joan Goodchild Senior Editor CSO September 16, 2010
What is the most significant vulnerability that information security faces today and in the future? [...]
 
InfoSec News: Secunia Weekly Summary - Issue: 2010-37: ========================================================================
The Secunia Weekly Advisory Summary 2010-09-09 - 2010-09-16
This week: 79 advisories [...]
 

Posted by InfoSec News on Sep 16

http://www.techeye.net/security/polish-hacker-gets-inside-us-militarys-defence-logistic-agency-website

By Michal Letowski
TechEye
16 Sep 2010

There is one movie every Polish person knows. It's a cult comedy from
the 80s called "Miś" - meaning "Teddy Bear". Now, thanks to a hacker
going by a name "Porkythepig", everyone can see it - but not on YouTube
where you would expect it, but on the USA military Defence...
 

Posted by InfoSec News on Sep 16

http://www.networkworld.com/news/2010/091610-nsa-party.html

[Last NSA party I was at was pretty boring, it was full of NSA
extroverts, they were too busy looking at everyone elses shoes! - WK]

By Ellen Messmer
Network World
September 16, 2010

ORLANDO - The National Security Agency, America's high-tech spy agency
and guru for military information security, is a secretive sort of
creature that doesn't like to come out in the daylight,...
 

Posted by InfoSec News on Sep 16

http://www.darkreading.com/insiderthreat/security/vulnerabilities/showArticle.jhtml?articleID=227400472

By Kelly Jackson Higgins
DarkReading
Sept 15, 2010

Among the unsettling results in the final report, released today, from
the Social Engineering Capture The Flag contest held in August at
Defcon: Security companies were just as susceptible to social
engineering as nontechnology firms, Internet Explorer 6 was still in use
at 65 percent of...
 

Posted by InfoSec News on Sep 16

http://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_

By Gregg Keizer
Computerworld
September 16, 2010

The Stuxnet worm is a "groundbreaking" piece of malware so devious in
its use of unpatched vulnerabilities, so sophisticated in its
multipronged approach, that the security researchers who tore it apart
believe it may be the work of state-backed professionals.

"It's amazing, really, the resources...
 

Posted by InfoSec News on Sep 16

http://www.theregister.co.uk/2010/09/16/nato_russia_war_games/

By Dan Goodin
The Register
16th September 2010

The North Atlantic Treaty Organization and Russia should undertake joint
information-warfare exercises so the two countries can better protect
critical digital infrastructure, policy wonks at an international group
said.

The proposal, which was included in a 32-page report released Wednesday
by the EastWest Institute, would help...
 

Posted by InfoSec News on Sep 16

http://www.csoonline.com/article/615413/intel-ciso-the-biggest-threat-to-security-is-a-misperception-of-risk

By Joan Goodchild
Senior Editor
CSO
September 16, 2010

What is the most significant vulnerability that information security
faces today and in the future? According to Malcolm Harkins, CISO of
Intel, the biggest threat facing infosec is the misperception of risk.

Harkins spoke Thursday at the Forrester Security Forum 2010 in Boston...
 

Posted by InfoSec News on Sep 16

========================================================================

The Secunia Weekly Advisory Summary
2010-09-09 - 2010-09-16

This week: 79 advisories

========================================================================
Table of Contents:

1.....................................................Word From...
 

Posted by InfoSec News on Sep 16

Forwarded from: Simon Taplin <simon.taplin (at) gmail.com>

http://www.ioltechnology.co.za/article_page.php?iArticleId=5650147

By Peter Apps
Independent Online
16 September 2010

London - Smartphones and e-mail might be revolutionising espionage, but
old-style personal spycraft is as important as ever when it comes to
protecting - or breaking - state and corporate secrets.

The rise of "state capitalist" economies that may use...
 
Samsung's Galaxy Tab will be sold by T-Mobile, Verizon Wireless, AT&T, and Sprint.
 
Former Hewlett-Packard CEO Mark Hurd made his first public comments on Thursday since taking a job as Oracle co-president, saying the company is poised for major expansion.
 

Intel CISO:Biggest security threat is not understanding risk
NetworkWorld.com
According to Malcolm Harkins, CISO of Intel, the biggest threat facing infosec is the misperception of risk. Harkins spoke Thursday at the Forrester ...

and more »
 

Internet Storm Center Infocon Status