InfoSec News

HTC, which just announced it would stick with Google and keep running Android on its best phones even though Google just bought one of HTC's main competitors, continues the trend started by Samsung this week of needling Google by doing things that make it easier for people to mess with Android.
IBM’s Secure Open Wireless method could secure public Wi-Fi networks automatically and prevent attackers from snooping and stealing users’ data.

Add to digg Add to StumbleUpon Add to Add to Google
Bugzilla Multiple Security Vulnerabilities
Oracle Sun Solaris CVE-2011-2245 Remote Vulnerability
Google has strengthened the IT administration capabilities of the free, standard version of its Apps hosted communication and collaboration suite, the company said Friday.
Developers enjoyed freedom to explore that the platform provided but knew its sales figures were disappointing
Hewlett-Packard may struggle to attract buyers for its Personal Systems Group (PSG), which might carry too high a price tag in a PC market struggling under the onslaught of tablets, analysts said.
Some older assumptions about security -- such as firewalls are needed for perimeter defense, and we'll all make do with reusable passwords and browser-based SSL connections provide great security -- were once again ripped apart as we heard this week from several individuals who say they simply don't agree.
The Sony DEV-5 and DEV-3 digital binoculars makes you wish you were a bird watcher, an opera enthusiast, or someone in a galaxy far, far away from what you're looking at.
As more businesses transition to largely paperless offices, they’ll likely seek out Mac programs like DevonThink Professional Office, which makes organizing files—and paperless offices—obtainable.
(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
HP's departure from the tablet business does not mean that Apple's iPad will remain the undisputed king, analysts said today.
Six months after laying out his "strategic vision" for HP, CEO Leo Apotheker took the actions to realize it. And abandoned the mobile computing space.
With HP likely spinning off its PC manufacturing business, other major vendors will almost certainly be looking for a bigger piece of the hardware pie.
Against a backdrop of economic uncertainty, acquisitions and earnings news from the world's top PC makers (Hewlett-Packard, Dell and Lenovo), the biggest Internet business (Google), and a major handset maker (Motorola Mobility) marked major realignments in tech this week.
Sunway ForceControl Multiple Heap Based Buffer Overflow Vulnerabilities
Wonderware Archestra ConfigurationAccessComponent Stack Buffer Overflow Vulnerability

Ooma Loses Power to Data Center
According to this infosec Island report, the excessive traffic levels experienced on the corporate website were initially thought to be the result of a denial of service (DoS) attack. In fact, Ooma reported on its corporate blog that its service ...

Considering how hot the tablet market is, HP's decision to stop making tablets came as a surprise. Analysts say the TouchPad just couldn't compete with the iPad and Android-based hardware.
Mozilla Firefox and Thunderbird CVE-2011-2982 Multiple Memory-Corruption Vulnerabilities
Google Chrome Prior to 13.0.782.107 Multiple Security Vulnerabilities
RETIRED: Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2011-29 through -30 Multiple Vulnerabilities
Mozilla yesterday released a beta of Firefox 7, putting the lighter-weight browser in front of a large number of users for the first time.
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2011-2987 Heap Buffer Overflow Vulnerability
Prima posizione (tutti_prodotti.php?id_categoria) Remote SQL injection Vulnerability
Apple has filed inaccurate evidence again in a case against Samsung, this time in the Netherlands, where the company is arguing Samsung's Galaxy S smartphones are too similar to its iPhone 3G.
Mozilla Firefox and Thunderbird CVE-2011-2984 Tab Element Privilege Escalation Vulnerability
Mozilla Firefox/Thunderbird CVE-2011-2981 Privilege Escalation Vulnerability
Mozilla Firefox/Thunderbird CVE-2011-2983 Information Disclosure Vulnerability
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2011-0084 Remote Memory Corruption Vulnerability
Grupo Argentina Web Remote SQL injection Vulnerability
ALTOGRADO (catalogo.php?id_categoria) Remote SQL injection Vulnerability
Needed security projects get the ax. Can layoffs be far behind?
The politically oriented hacking group, Anonymous, has released 1GB of what is says are private e-mails and documents from an executive of a U.S. defense company that sells unmanned aerial vehicles to police and the U.S. military.
NCompress Decompress Buffer Underflow Vulnerability
A consumer advocate in China is considering filing a lawsuit in the U.S. against Apple for allegedly selling refurbished iPhones as new ones after more consumers have complained of their suspicions.
The New York Stock Exchange group (NYSE Euronext) has plugged into a 10 Gigabit Ethernet setup with new server adapters and application acceleration from Solarflare.
AT&T has begun launching localized websites where residents can find out about nearby network improvements -- and get the carrier's pitch for its proposed acquisition of T-Mobile USA.
Microsoft has disabled an online tracking technology that a Stanford University researcher said allowed the company to sneakily track users on -- even after they deleted browser cookies and other identifiers.
Google is providing current weather information and cloud data from around the world on its Google Maps application, by an arrangement with The Weather Channel's and the U.S. Naval Research Laboratory.
U.S. consumers are among the world's most voracious consumers of mobile data, motivated by the country's homegrown technology industry, according to analyst Chetan Sharma.
Hewlett-Packard's announcement on Thursday to stop making tablets and smartphones based on webOS surprised many analysts, who said the company buckled under the pressure of Apple's momentum and growing support for Android.
Retrocomputing fans, take note: You can play MP3 files on an Apple II computer. We follow along as a KansasFest workshop attendee assembles and demos Briel Computers' A2MP3 card.

Posted by InfoSec News on Aug 19

By John P. Mello Jr.
August 18, 2011

McAfee’s report on Operation Shady RAT, a five-year hacker attack
against a broad swath of industries, is facing renewed criticism, this
time from the head of the Kaspersky Lab, Eugene Kaspersky, a man also
known as the "Virus Pope."

The report, from Dmitri Alperovitch, McAfee’s vice president of...

Posted by InfoSec News on Aug 19


The Secunia Weekly Advisory Summary
2011-08-12 - 2011-08-19

This week: 69 advisories

Table of Contents:

1.....................................................Word From Secunia...

Posted by InfoSec News on Aug 19

By Jeffrey Robb
Omaha World Herald
August 19, 2011

Computer hackers broke into MECA's computer and payroll systems last
month and stole $217,000, according to a computer security blogger who
detailed the crime in an online post.

The Metropolitan Entertainment and Convention Authority on Thursday
acknowledged that it was a victim in July of what it called...

Posted by InfoSec News on Aug 19

[Pointed out in the comments is the nugget that Ooma had a very similar
outage in 2009 and what steps they planned to mitigate a future outage
from happening again. Oops... - WK]

By David Chernicoff
Five Nines: The Next Gen Datacenter
August 18, 2011

How many cloud failures have to happen before consumers take notice?

Ooma, a VoIP...

Posted by InfoSec News on Aug 19

By MassDevice staff
August 18, 2011

Reps Anna Eshoo (D-CA) and Ed Markey (D-MA) ask the Government
Accountability Office to look into medical device security in response
to the DefCon report from an insulin pump hacker.

The recent report of an computer security expert who hacked his own
insulin pump got the attention of members of the House...

Posted by InfoSec News on Aug 19

By Trent Nouveau
TG Daily
August 18, 2011

A massive Pastebin dump of domain names and IP addresses appears to be
linked to a Sino-cyber espionage ring.

The data - posted on August 15th by an unknown individual - lists
approximately 850 entries which are allegedly exploited to facilitate
command and control operations.

"My motivation is...

Posted by InfoSec News on Aug 19

By Dan Goodin in San Francisco
The Register
19th August 2011

Cryptographers have discovered a way to break the Advanced Encryption
Standard used to protect everything from top-secret government documents
to online banking transactions.

The technique, which was published in a paper (PDF) presented Wednesday
as part of the Crypto 2011 cryptology conference in Santa Barbara,...

Posted by InfoSec News on Aug 19

By BankInfoSecurity
August 17, 2011

The Federal Deposit Insurance Corp. has fallen victim to yet another
phishing attack, this time through fake e-mails that urge business
owners to click links purporting to provide FDIC information about their
financial institutions.

Fraudulent e-mails are being sent from alert () fdic gov with the subject
line: "FDIC: Your business...
Internet Storm Center Infocon Status