InfoSec News

Security devices used in transportation, packaging and even in accounting for nuclear materials are very vulnerable to attack, two security researchers are warned on Tuesday at the Black Hat security conference.
 
Adobe Systems, Google, Microsoft and others are deploying applications that use sandboxing technology to defend against potential attacks, but savvy hackers know how to bypass it.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
The government's case against two men charged with hacking into AT&T's website to steal e-mail addresses from about 120,000 iPad users got a boost last year when a confidential source handed over 150 pages of chat logs between the two and other members of their hacking group.
 
For the second quarter running, Apple said on Tuesday that it had set Mac, iPhone and iPad sales records.
 
CRM vendor RightNow has agreed to buy Q-go.com, a vendor of natural language-based search software, for US$34 million in cash, the companies announced Tuesday.
 
IBM said on Tuesday that net income for the fourth quarter ended Dec. 31 rose 9 percent to $5.3 billion year-over-year, helped by strong performance in growth markets as well as software sales. Revenues for the quarter were $29 billion, a 7 percent increase.
 
Apple executives answered questions about the company's products and the state of the Korean technology market Tuesday, but they offered no insight into the most pressing issue before the world's most valuable technology company: Is Steve Jobs coming back?
 
Oracle Sun Solaris CVE-2010-3586 Local Security Vulnerability
 
Oracle Sun Java System Portal Server CVE-2010-4431 Local Security Vulnerability
 
Oracle Database Vault CVE-2010-4421 Remote Security Vulnerability
 
Oracle Spatial CVE-2010-3590 Remote Security Vulnerability
 
Oracle Solaris CVE-2010-4459 Local Vulnerability
 
Oracle Transportation Manager CVE-2010-4432 Remote Security Vulnerability
 
The newly released tool helps developers identify whether newly installed applications change the attack surface of Microsoft Windows.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Apple on Tuesday reported record revenue for the first quarter, reaching $26.74 billion, driven by sales in iPhones, Macs and iPads.
 
Additional details have emerged regarding the more than 800 patents Novell is selling to the Microsoft-led consortium CPTN Holdings for $450 million, about two months after the deal was first announced.
 
Attack Surface Analyzer security development lifecycle verification tool offered along with consulting services for secure development
 
The Stuxnet worm and techniques for mounting offensive cyberattacks are among the subjects being debated at this week's Black Hat conference in Arlington, Va.
 
IBM said Tuesday that net income for the fourth quarter ended Dec. 31 rose 9% to $5.3 billion, helped by strong performance in growth markets as well as software sales.
 
As I write this, the IETF has been around for 25 years and a few hours.
 
The director of U.S. ICE defends the recent seizure of more than 80 domain names of Web sites accused of copyright infringement.
 
[USN-1044-1] D-Bus vulnerability
 
EMC announced a revamp of its entire product line, dropping its midrange Clariion SAN and Celerra NAS systems for a new combined VNX array that offers both file and block-level storage through a number of data transport protocols.
 
Apple's iPad tablet helped the new 'media tablet' business grow by 45% in the third 2010 quarter; emerging Android devices will help sales double in 2011, IDC says.
 
The U.S. House of Representatives will move quickly to kill net neutrality rules from the Federal Communications Commission, a lawmaker says.
 
Clearwire's board of directors has elected John Stanton as chairman of the company, replacing Craig McCaw, a Clearwire founder who resigned last month.
 

Unhackable data in a box of bacteria: Future of InfoSec?
Computerworld (blog)
Students at Hong Kong's Chinese University may be onto a type of memory media that could be a truly secure way to store data -- text, images, music, ...

 
Tim Cook, Apple's current chief operating officer, will be named the company's CEO sometime this year, an analyst predicted today.
 
BetMore Site Suite 'bid' Parameter SQL Injection Vulnerability
 
Sprint Nextel will add a $10 per month Premium Data add-on charge to all newly activated smartphones beginning on Jan. 30.
 
AST-2011-001: Stack buffer overflow in SIP channel driver
 

Unhackable data in a box of bacteria stored in a frig: Future of InfoSec?
Computerworld (blog)
Students at Hong Kong's Chinese University may be onto a type of computer memory media that could be a truly secure way to store data -- text, images, ...

 
Facebook has disabled a new capability it introduced several days ago that let users share their cell phone numbers and physical addresses with developers of applications they use on the site and with publishers of Web sites they've linked their accounts to.
 
The U.S. District Court of New Jersey files criminal charges against alleged attackers of AT&T-accessible iPads
 
Is software as a service (SaaS) office safe? We get this question a lot and the SaaS office most often asked about is Google Apps for Business and Microsoft Office. This security concern reflects in our research numbers: Fewer than 18% of organizations are planning to deploy SaaS office but nearly twice as many companies are evaluating.
 
A-PDF All to MP3 Converter '.wav' File Remote Buffer Overflow Vulnerability
 
Microsoft is still burdened with a bad reputation among users for security, although figures show its products are more secure than most on a person's computer, according to new data from the Danish security vendor Secunia.
 
Internap is offering a new public cloud storage service that it built using software from OpenStack, the open-source cloud software project kicked off last year by Rackspace and NASA.
 
Avira Premium Security Suite 'avipbb.sys' Local Privilege Escalation Vulnerability
 
Geeklog Forum Plugin Unspecified HTML Injection Vulnerability
 
Flaming laptops, nosy mothers, and server racks sent tumbling down stairs -- seven more real-world tales of IT brain fail
 
The U.S. Centers for Disease Control reported preliminary data from two surveys conducted in 2009 and 2010 that show electronic health records are sill not being used by the vast majority of the country's physicians.
 
What if your most valuable employee suddenly became the enemy within? Here's how three companies coped with IT's worst nightmare -- a seemingly good worker gone bad.
 
InfoSec News: Julius Baer Whistleblower To Expose 2, 000 High Net Worth Tax Evaders To The World: http://www.zerohedge.com/article/julius-baer-whistleblower-expose-2000-high-net-worth-tax-evaders-world
By Tyler Durden Zero Hedge 01/15/2011
Two years ago when the US bailed out UBS and Switzerland from a brief but potentially terminal liquidity crisis, it succeeded in extracting a [...]
 
InfoSec News: White House Tour Cybersecurity: Send In Your SSN - Via Unencrypted, Unprotected Email!: http://lauren.vortex.com/archive/000799.html
By Lauren Weinstein January 13, 2011
Greetings. Before the U.S. government proceeds at all with their controversial and risky Trusted Identities in Cyberspace Internet ID scheme, perhaps they should demonstrate their ability to follow for [...]
 
InfoSec News: UK cyber challenge aims to fill IT talent shortage: http://www.networkworld.com/news/2011/011711-uk-cyber-challenge-aims-to.html
By Jeremy Kirk IDG News Service January 17, 2011
Paul Laverack of London is an actor, but he's considering a possible career change -- to computer security.
It's a somewhat unlikely career transition, but is one of the many examples of how a country-wide competition designed to spur interest in computer security, the U.K. Cyber Security Challenge, is already working as intended.
Launched last year, the challenge is a series of competitions that anyone can enter, in fields ranging from digital forensics to network security. More than 4,000 people registered to be part of the program, including Laverack, who won one of the competitions, the DC3 Digital Forensics Challenge.
Laverack, who lives in East London, has never been employed in IT and has a degree in psychology. For the forensics challenge, he completed a series of increasingly difficult tasks from doing rudimentary file analysis to recovering the partition of a hard drive. As part of the prize, he will get to attend a week-long security academy hosted by the security vendor Detica that is usually for the company's new recruits.
[...]
 
InfoSec News: [Infowarrior] - Results: "Rename The DMZ!" Contest: Forwarded from: Richard Forno <rforno (at) infowarrior.org>
Here are selected comments from the 'Rename The DMZ!' contest I announced the other day. No clear winner, but lots of snark. --- rick
< -- >
DMZ --- It is a fantastic name - an inherently flawed architecture that [...]
 
InfoSec News: BlackBerry announces answer to India security fear: http://news.smh.com.au/breaking-news-technology/blackberry-announces-answer-to-india-security-fear-20110113-19px8.html
By Ammu Kannampilly smh.com.au January 13, 2011
The Canadian maker of BlackBerry said Thursday it had found a way out of an ongoing standoff in India over allowing security agencies access to the smartphone's encrypted messaging service.
However, the solution did not include providing access to corporate e-mail services, Research In Motion (RIM) said in a statement.
India had given RIM until January 31 to come up with a solution that would permit its intelligence agencies to monitor encrypted data -- amid concerns in New Delhi that militants may use the services to plan and carry out attacks.
In its statement, RIM said its revised access capability "meets the standard required by the government of India for all consumer messaging services".
[...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, January 9, 2011: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, January 9, 2011
2 Incidents Added.
======================================================================== [...]
 
InfoSec News: Report: ZDNet's Danchev Hospitalized?: http://threatpost.com/en_us/blogs/report-zdnets-danchev-hospitalized-011711
By Paul Roberts ThreatPost January 17, 2011
The mystery surrounding noted security researcher and blogger Dancho Danchev continued on Monday, after reports from Bulgaria suggested that [...]
 

Posted by InfoSec News on Jan 18

http://news.smh.com.au/breaking-news-technology/blackberry-announces-answer-to-india-security-fear-20110113-19px8.html

By Ammu Kannampilly
smh.com.au
January 13, 2011

The Canadian maker of BlackBerry said Thursday it had found a way out of
an ongoing standoff in India over allowing security agencies access to
the smartphone's encrypted messaging service.

However, the solution did not include providing access to corporate
e-mail services,...
 

Posted by InfoSec News on Jan 18

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, January 9, 2011

2 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported
data loss incidents world-wide. The Open Security Foundation asks for
contributions of new incidents and new data for...
 

Posted by InfoSec News on Jan 18

http://www.zerohedge.com/article/julius-baer-whistleblower-expose-2000-high-net-worth-tax-evaders-world

By Tyler Durden
Zero Hedge
01/15/2011

Two years ago when the US bailed out UBS and Switzerland from a brief
but potentially terminal liquidity crisis, it succeeded in extracting a
historic pound of flesh: it forced UBS to declassify thousands of bank
accounts of US tax evaders which was the first nail in the centuries-old
concept of...
 

Posted by InfoSec News on Jan 18

http://lauren.vortex.com/archive/000799.html

By Lauren Weinstein
January 13, 2011

Greetings. Before the U.S. government proceeds at all with their
controversial and risky Trusted Identities in Cyberspace Internet ID
scheme, perhaps they should demonstrate their ability to follow for
themselves the most basic of Internet security procedures.

Very large numbers of persons tour the White House every year. All
prospective tour guests 14 years...
 

Posted by InfoSec News on Jan 18

http://www.networkworld.com/news/2011/011711-uk-cyber-challenge-aims-to.html

By Jeremy Kirk
IDG News Service
January 17, 2011

Paul Laverack of London is an actor, but he's considering a possible
career change -- to computer security.

It's a somewhat unlikely career transition, but is one of the many
examples of how a country-wide competition designed to spur interest in
computer security, the U.K. Cyber Security Challenge, is already...
 

Posted by InfoSec News on Jan 18

Forwarded from: Richard Forno <rforno (at) infowarrior.org>

Here are selected comments from the 'Rename The DMZ!' contest I
announced the other day. No clear winner, but lots of snark. --- rick

< -- >

DMZ --- It is a fantastic name - an inherently flawed architecture that
is incredibly expensive and does not work in the real world. Single best
representative concept in the business

< -- >

Point of Cyberspatial...
 

Posted by InfoSec News on Jan 17

http://threatpost.com/en_us/blogs/report-zdnets-danchev-hospitalized-011711

By Paul Roberts
ThreatPost
January 17, 2011

The mystery surrounding noted security researcher and blogger Dancho
Danchev continued on Monday, after reports from Bulgaria suggested that
Danchev may be confined to a hospital in the country.

The unconfirmed report comes by way of Dnevnik.org, a Bulgarian online
publication, which cites two unnamed sources as confirming...
 
EMC announced upgrades to its line of Data Domain deduplication arrays, doubling performance, as well as a new online data archive deduplication device.
 


Internet Storm Center Infocon Status