InfoSec News

HP just announced that it will stop selling WebOS devices (phones and TouchPad), and may spin off the rest of its PSG (Personal Systems Group) into a separate company. Or sell it some to other company. Or...well, it seems that HP doesn't really have a firm idea of what to do with the PSG--the division responsible for desktop and laptop PCs--except that it doesn't want to keep it around anymore.
After half a day of frenzied speculation from the IT industry, Hewlett-Packard has confirmed that it is acquiring information management software vendor Autonomy, for $42.11 per share, or about $10.3 billion.

Internet Explorer bests all in infosec browser battle
CRN Australia
Microsoft's Internet Explorer 9 is the best browser for preventing the execution of web-based malware, according to a NSS Labs test. Windows Internet Explorer 9, Google Chrome 12, Mozilla Firefox 4, ...

and more »
The race to build faster automated trading systems is likely exacerbate volatility in the stock market, and spreading fear to shareholders that may otherwise hold onto stock.
McAfee’s report on Operation Shady RAT, a five-year hacker attack against a broad swath of industries, is facing renewed criticism, this time from the head of the Kaspersky Lab, Eugene Kaspersky, a man also known as the "Virus Pope."
When the world's largest PC maker admits it might sell off its massive PC manufacturing business, it means "they see the writing on the wall," as one analyst put it.
After pulling the plug on its webOS phones and tablet computers Thursday, Hewlett Packard said it expected to be less profitable than expected during its current fiscal quarter, which ends Oct. 31.
HP's sale or spin-off of its PC business will put pressure on Microsoft to "hit the ball out of the park" with Windows 8, an analyst said today.
HP on Thursday said it will discontinue operations for webOS devices, specifically the TouchPad tablets and smartphones and confirmed it is exploring the possible spin-off or sale of its Personal Systems Group, which dominates the global PC market.
Hewlett-Packard (HP) said Thursday that it is shuttering its webOS device business, specifically the TouchPad tablets it announced earlier this year and its webOS smartphones.
Adobe Flash Media Server Memory Corruption Remote Denial of Service Vulnerability

Description of Anonymous' foolishness right on the mark
CSO (blog)
My friend Rafal Los picks apart the tactics of Anonymous -- and does a pretty good job of capturing the movement's foolishness -- in a post on Infosec Island. I've questioned the methods of Anonymous several times in this blog. ...

HP is reportedly set to announce that it will spin off its PC business and purchase analytics software vendor Autonomy for $10 billion -- moves that will allow it to focus on the higher-margin enterprise business revolving around software, services and servers.
Gibbs has been busy building a Web platform for Community Emergency Response Teams.
Multiple Check Point SSL VPN On-Demand Applications Remote Code Execution Vulnerability
Mozilla Firefox/Thunderbird CVE-2011-2980 Remote Arbitrary Code Execution Vulnerability
The Wall Street Journal reported today that Hewlett-Packard will spin off its global PC business.
Researchers have discovered a way to break the widely used Advanced Encryption Standard (AES), the encryption algorithm used to secure most all online transactions and wireless communications.
IBM engineer Mark Dean, who helped design the first personal computer, recently proclaimed that the PC was dead. Also of note: Google this week said it would buy Motorola Mobility, not a PC maker. Are you ready to trade in your desktop or laptop for a tablet or smartphone? Has the PC outlived its usefulness?
AT&T confirmed today that it will dump its $10 per month texting plan next week.
ZABBIX 'backurl' Parameter Cross Site Scripting Vulnerability
Oracle Sun Solaris CVE-2011-2298 Remote Security Vulnerability
ESA-2011-025: Multiple buffer overflow vulnerabilities in EMC AutoStart

Rob VandenBrink
Metafore (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Microsoft has begun talking about Windows 8 in general terms, reprising a blog-based strategy that it used in the year-long run-up to Windows 7.
The Linux Foundation and FOSSBazzaar on Wednesday released a new specification to ease the pain of license compliance for open source software. The Software Package Data Exchange (SPDX) is a data exchange specification that tracks license information in a standardized way and allows it to travel across the software supply chain.
Oracle Sun Solaris CVE-2011-2289 Local Vulnerability
Oracle Sun Solaris CVE-2011-2258 Local Security Vulnerability
Microsoft .NET Framework 'System.Net.Sockets' Namespace Security Bypass Vulnerability
Honeywell ScanServer ActiveX Control Use-After-Free Remote Code Execution Vulnerability
RoundCube Webmail '_mbox' Parameter Cross Site Scripting Vulnerability
ASPR #2011-08-18-1: Remote Binary Planting in Mozilla Firefox
ASPR #2011-08-18-2: Remote Binary Planting in Mozilla Thunderbird
Elgg 1.7.10 <= | Multiple Vulnerabilities
Nokia's promised Symbian Anna software update is ready and downloads will be available Thursday, the company said in a blog post.
In its case against Samsung Electronics in the Netherlands, Apple is demanding an extensive ban on all Galaxy series smartphones and tablets, including a complete recall of stock by European distributors and resellers.
[ MDVSA-2011:128 ] dhcp
ToorCon 13 Call For Papers
Microsoft has a team of engineers hard at work on an app store for Windows 8, the next iteration of the company's operating system due out in 2012. The revelation comes via a recent blog post by Steven Sinofsy, Microsoft's president of Windows and Windows Live, in the company's newly launched Building Windows 8 blog. Sinofsky on Wednesday included in his latest blog post a list of all the engineering teams working on Windows 8.
Free Help Desk Multiple Unspecified Security Vulnerabilities
Google issued a new study detailing how it is becoming more difficult to identify malicious websites and attacks, with antivirus software proving to be an ineffective defense against new ones.
Comcast has added Michigan to its list of states - including Pennsylvania, California, Colorado, Illinois and Florida -- where the cable ISP is offering services that support the next-generation Internet standard known as IPv6.
Lenovo reported strong earnings for the quarter ended June 30, with the company's net profits nearly doubling year-over-year.
IBM has created prototype chips that could mimic brain-like functionality, which the company said is an "unprecedented" step forward in creating intelligent computers that collect, process and understand data quickly.
These free desktop gadgets help you keep an eye on system resources, networking, component status, battery level and more in an at-a-glance format.
Linux Kernel 'perf' Utility Local Privilege Escalation Vulnerability
Ruby on Rails Multiple Vulnerabilities

Posted by InfoSec News on Aug 17

By Eli Lake
The Washington Times
August 16, 2011

A U.S. supercomputer laboratory engaged in classified military research
concluded a recent deal involving Chinese-made components that is
raising concerns in Congress about potential electronic espionage.

The concerns are based on a contract reached this summer between a
computer-technology firm and the...

Posted by InfoSec News on Aug 17

By Elizabeth Montalbano
August 17, 2011

A Department of Defense (DOD) program that shares cyber-threat
information with defense contractors and their network providers has
already stopped "hundreds of intrusions" in its 90-day pilot phase, the
deputy secretary of defense said this week.

The DOD soon plans to expand its Defense Industrial Base (DIB)...

Posted by InfoSec News on Aug 17

By Eric Chabrow
Executive Editor
August 10, 2011

Eugene Spafford thinks America needs the cybersecurity equivalent of an
agriculture extension service to help educate citizens on IT security.

Spafford, executive director of Purdue University's Center for Education
and Research in Information Assurance and Security, doesn't claim he
conceived the idea,...

Posted by InfoSec News on Aug 17

Forwarded from: Robert Carleton <rbc (at)>

By Demian Bulwa, Vivian Ho
Chronicle Staff Writers
San Francisco Chronicle
August 17, 2011

(08-17) 19:05 PDT OAKLAND -- Hackers carried out a second cyber-attack
against BART Wednesday, breaching the website of the union that
represents the agency's rank-and-file police and releasing a roster of

Posted by InfoSec News on Aug 17

By Dan Goodin in San Francisco
The Register
17th August 2011

Computer scientists have developed an Android app that logs keystrokes
using a smartphone's sensors to measure the locations a user taps on the
touch screen.

TouchLogger, as their demo app is dubbed, allowed its creators at the
University of California at Davis to demonstrate a vulnerability in
smartphones and...
Internet Storm Center Infocon Status