InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Two U.S. senators on Monday urged the U.S. Federal Trade Commission to investigate Google for possible antitrust violations.
Got a big music collection fenced in on your PC or Mac? Let it out to play on the Amazon Cloud Music Player, which lets you enjoy your music collection on any PC or Mac connected to the Internet, or on any Android device. You'll first upload your music files using desktop program Amazon MP3 Uploader for Amazon Cloud Music Player. After that is done, you go to Amazon Cloud Music Player on the Web, and listen to your music there, or if you have an Android device, use the music player app.
AT&T has scrapped its plans to purchase rival mobile carrier T-Mobile USA in the face of opposition from two U.S. agencies.
The U.S. International Trade Commission will block the importation of some HTC products starting next April 19 after it found that the company infringed Apple patents.
Buoyed by strong subscription revenue, open-source software company Red Hat reported on Monday strong net income and revenue gains for the third quarter of its fiscal year 2012.
AT&T has scrapped its plans to purchase rival mobile carrier T-Mobile USA in the face of opposition from two U.S. agencies.
Adobe Shockwave Player CVE-2011-2127 Remote Memory Corruption Vulnerability
[SECURITY] [DSA 2367-1] asterisk security update
Although Apple will sell an increasing number of MacBook Airs over the next two years, its share of the light-and-thin notebook market will fall as computer makers crank out Windows-powered competitors, an analyst said.
You didn't really think Google was going to let Amazon hog all the Android tablet glory, did you?
Slides of our "Hacking IPv6 Networks" training at DEEPSEC 2011
Five major Blu-ray and memory manufactures are collaborating to create a new security protocol to protect hi-def content that will be available across multiple consumer platforms, including smartphones and tablets.
As part of an initiative to expand its online course offerings, the Massachusetts Institute of Technology plans to release as open source the software it will use to manage student online learning, the institution announced Monday.
IBM, HP and Microsoft led the list of companies that failed to patch vulnerabilities within six months of being notified by the world's biggest bug bounty program, according to HP TippingPoint's Zero-Day Initiative (ZDI).
Syhunt: Time-Based Blind NoSQL Injection
[SECURITY] [DSA 2366-1] mediawiki security update
SEC Consult SA-20111219-1 :: Multiple vulnerabilities in WhatsApp


Public-Private Group Would Promote Best Infosec Practices
Ten Republicans and one Democrat have sponsored a House bill that's aimed to protect the nation's critical infrastructure, including the financial services systems, healthcare, electric grid and water facilities. The legislation also would establish ...

and more »
How do you share your photos? When I was a kid, "photo sharing" often meant sitting in a photo booth and then giving away the picture strip that it produced. (See how to make a modern, digital version by reading "Turn Your Digital Pictures into a Photo Strip.") Of course, these days, the easiest way to share photos is by posting them online at a photo sharing site.
SEC Consult SA-20111219-0 :: Client-side remote arbitrary file upload in SecCommerce SecSigner Java Applet
[ MDVSA-2011:191 ] libarchive
IFIP NTMS'2012 - Deadline Extended to 12 January 2012
[SECURITY] [DSA 2365-1] dtc security update
----------- Guy Bruneau
IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Re: WordPress flash-album-gallery Plugin 'flagshow.php' Cross Site Scripting Vulnerability
The FCC should investigate Verizon Wireless for allegedly blocking Google Wallet on a new smartphone available to the carrier's customers, a law professor has said.
Intuit CEO Brad Smith has deftly steered what was once only a shrink-wrap software company into the cloud and mobile worlds and has led a re-engineering of Intuit's IT organization into a customer-focused, driver of innovation and value. Insider (registration required)
-- Name: Dylan Smith, co-founder and CFO
appRain CMF v0.1.5 - Multiple Web Vulnerabilities
[Suspected Spam] Content Papst CMS v2011.2 - Multiple Web Vulnerabilities
Re: <BASE> tag used for hijacking external resources (XSS)
Some businesses that rely on Amazon Web Services to run Web applications are starting to realize that they can save money or get better performance by building their own internal clouds -- and Nimbula is hoping to help them out.
silly PoCs continue: X-Frame-Options give you less than expected
VUPEN Security Research - Microsoft Windows Time Behaviour Remote Use-after-free Vulnerability (MS11-090)
Across the U.S., research and technology parks are playing a role in job creation and driving economic growth. These business incubators for emerging companies, typically in the science, healthcare and technology fields, are often affiliated with universities, which are prime sources for new ideas and fresh talent in need of a place to grow.
MAGIX Movie Edit Pro MX Plus ($100) offers many of the high-precision controls of Adobe's pro video editing software, Premiere CS5, in a significantly more user-friendly interface.
While additional IT privileges are part of IT management, recent incidents and a number of surveys show many organizations don't do what's necessary to ensure such access isn't abused
The technology of ePublishing and eBook readers—and the market for their content—is swiftly accelerating, and reports indicate that ebooks for mobile devices are already in high demand. If you are a publisher who wants to get in on the action, QuarkXPress 9.1 is a great option for creating content for this medium.
Domain Technologie Control Multiple Vulnerabilities
X.Org X Server X wrapper Local Security Bypass Vulnerability
Japanese game developer Square Enix said Monday that no private data was stolen when a server for a fan site was hacked last week, and it plans to reopen the site to users by the end of the year.
WikiLeaks founder Julian Assange has been granted permission to take his fight against extradition to Sweden to the U.K.'s Supreme Court.
It is hard to put your finger on any one thing that sums up developments in the world of IT this year, but a speaker at one of Network World's recent IT Roadmap conferences had an interesting analogy that seems apt.
As Flash gives way to open technologies, Adobe is retooling to support the new developer reality
There's a big push in the House of Representatives to get Congress to allow advanced degree graduates in science, technology, engineering and math to automatically get green cards.
We've assembled some of the most pressing questions -- and answers -- about Microsoft's new auto-upgrade plan for the Internet Explorer 8 browser.
In today's work environment, IT jobs are increasingly found outside the IT department, embedded in other business functions, with the employee working alongside technology-savvy business colleagues.
IBM is deploying technology that allows meat suppliers to track a single pig all the way from farm animal to pork chop.
If its $3.4 billion bid to buy SuccessFactors is successful, SAP could finally stabilize its cloud computing strategy, which has so far been mostly ineffectual.
Forget phone numbers and email addresses; the era of the Internet 'handle' is emerging.
Chipita America has become almost serverless over the past six years by moving its ERP, EDI and BI systems, Office and Exchange applications and file servers to the cloud. (Insider, registration required.)
As IT employment numbers near 2008's all-time high, Sen. Grassley blocks Senate action on the Fairness for High-Skilled Immigrants Act.
Scot Finnie offers his predictions of developments we're likely to see in IT in the coming year.
Verizon Wireless has agreed to pay SpectrumCo $3.6 billion for mobile spectrum licenses covering 259 million U.S. residents.
IDC expects Windows 8 upgrades on desktops and laptops to be scarce, saying Microsoft's upcoming operating system will be 'largely irrelevant' to users of traditional PCs.
Hadoop creator Doug Cutting says he expects the surge in interest in the big-data storage and analytics framework to continue.
Three congressional aides recently lost their jobs in part because they are worthless layabouts who drink on the job, but also because they are but the latest to forget that Twitter lives on the Internet and tweets - especially those badmouthing your boss -- are visible to one and all.
The launch of a Lenovo-backed video game system for China is being delayed again in order to make improvements to the product, according to a spokesman with the company developing the console.
Gibbs ponders the year that just shot past ...
British Telecommunications has filed a civil suit in a Delaware court alleging that some Google products and services including Android, and its search, music, map, and location-based advertising infringe on one or more of six of its patents.
Internet Storm Center Infocon Status