InfoSec News

I'm getting a lot of emails asking about articles that ultimately reference this upcoming talk: BEAST: Surprising crypto attack against HTTPS (http://ekoparty.org/2011/juliano-rizzo.php)
I don't have any extra details. Anything that I write now will be unnecessary speculation. their presentation last year on Padded Oracle Attacks (the crypto Oracle, not the database) certainly was.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Oracle Corp. has issued an out-of-brand security alert for its Fusion Middleware and Application Server products that addresses an Apache Web server flaw.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Google officially launched its Google Wallet application late Monday for NFC-ready Sprint Nexus S 4G phone users.
 
For a security industry leader, Tim Williams is a pretty modest guy. As the former head of ASIS International and now as global security director for the $42.5 billion construction equipment manufacturer Caterpillar, Williams has won his share of recognition, which he doesn't take lightly.
 
Google is preparing Android developers for the latest edition of its Android mobile operating platform that will work the same on both tablets and smartphones.
 

GovInfoSecurity.com

News Analysis: Obama's Deficit Plan and IT Security
GovInfoSecurity.com
As evidence, take a look at the government's employment numbers for information security analysts, where the Bureau of Labor Statistics lumps together most of those working in the infosec field. For the first half of 2011 - the latest figures available ...

and more »
 
Google officially launched its Google Wallet application late Monday for NFC-ready Sprint Nexus S 4G phone users.
 
RSLogix Remote Denial of Service Vulnerability
 
Microsoft re-released Microsoft Security Advisory (2607712) regarding fraudulent DigiNotar Root CA. Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store.[1]
The update is available for all supported version of Windows here and via automatic updates.
[1] http://technet.microsoft.com/en-us/security/advisory/2607712

[2] http://support.microsoft.com/kb/2616676

[3] http://blogs.technet.com/b/msrc/archive/2011/09/19/cumulative-non-security-update-protects-from-fraudulent-certificates.aspx
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft re-released an update today for Windows XP to correct a snafu that left users vulnerable to potential "man-in-the-middle" attacks for most of last week.
 
The White House has launched a 'Technology Fellows' program 'to increase the federal government's pool of qualified IT professionals.'
 
If you've read this blog for a while, it's no secret that I believe that one aspect of cloud computing is a dramatic drop in the cost of computing. While many discuss cloud computing's cost advantage in terms of better utilization via resource pooling and rapid elasticity, we believe that there is a more fundamental shift going on as data centers are redesigned to focus on scale, efficiency, and a shift to commodity components.
 
Two stores in Queens, N.Y. have agreed to hand over all counterfeit products to Apple that bear the California company's name or logo, according to court documents.
 
[security bulletin] HPSBMU02705 SSRT100622 rev.1 - HP Business Service Automation (BSA) Essentials, Remote Execution of Arbitrary Code
 
After scientists failed to solve the crystal structure of a retroviral protease, they crowd-sourced the effort through the game Foldit, which deciphered the structure of a key protein in the development of AIDS.
 
After using Motorola's Droid Bionic for a week, our reviewer enjoyed its interface and admired its performance -- but he found its short battery life a real problem.
 
Appcelerator, whose Titanium platform is used to develop cross-platform apps for smartphones and tablets, has opened Open Mobile Marketplace, a store where developers can download modules to expand the functionality of Titanium and more easily add features to their apps, the company said on Monday.
 
Japan's largest defense contractor, Mitsubishi Heavy Industries, today acknowledged that scores of its servers and PCs had been infected with malware, but denied that any confidential information had been stolen.
 
Verizon Wireless will sell an LTE smartphone, the Pantech Breakout, starting Thursday for the breakout price of less than $100 after a rebate.
 
AT&T's new Houston LTE network offers users' high data speeds, but poorer-than-expected network latency, according to Signals Research.
 
Facebook appears to be eyeing new partnerships to integrate music and television with its service in its continuing effort to be a one-stop shop for everything in the social media landscape and conquer growing rival Google+.
 
Google Wallet appears to be live in the field today, based on a photograph of a payment terminal in a coffee shop in San Francisco.
 
VUPEN Security Research - Microsoft Office Excel Formula Record Heap Corruption Vulnerability
 
Cisco TelePresence Multiple Vulnerabilities - SOS-11-010
 
[SECURITY] [DSA 2305-1] vsftpd security update
 
[ MDVSA-2011:134-1 ] rsyslog
 
[ MDVSA-2011:132-1 ] pidgin
 
[ MDVSA-2011:130-1 ] apache
 
HP and Cisco are currently embroiled in a war of words, market share and revenue in Ethernet switching overall, but can HP really put up much of a fight in the data center?
 
There are hundreds of thousands of Android apps, including many that are useful for IT professionals on the job. These apps can help connect to servers, monitor computers, access databases, analyze the airwaves, scan networks, and serve as a reference. Here are 16 of these apps, most of them free.
 
AzeoTech DAQFactory NETB Datagram Parsing Buffer Overflow Vulnerability
 
Seven state attorneys general have joined a U.S. Department of Justice lawsuit attempting to block AT&T's US$39 billion acquisition of rival mobile carrier T-Mobile USA.
 
Microsoft's emphasis on touch cited as new opportunity for developers looking to target tablets in the post-PC era
 
Metro apps for Windows 8 will be available only through Microsoft's own store, and a primer about the download market said Microsoft, like Apple, will get a 30% cut of all sales.
 
Dojo Versions Prior to 1.4.2 Multiple Cross Site Scripting Vulnerabilities
 
WordPress Filedownload Local File Disclosure Vulnerability
 
This is a story of two U.S. government data center projects: One, undertaken by NOAA, met its schedule and budget; the other, an Air Force initiative, was late and cost more than expected.
 
NetArt Media Car Portal Login SQL Injection Vulnerability
 
WordPress Count per Day Plugin 'month' Parameter SQL Injection Vulnerability
 

Posted by InfoSec News on Sep 19

http://www.cnn.com/2011/WORLD/europe/09/16/enigma.machine.auction/index.html

By Eoghan Macguire
CNN
September 17, 2011

(CNN) -- An encoding device synonymous with one of the most remarkable
episodes of World War II espionage will go under the hammer in London
later this month.

A version of the three rotor Enigma machine -- used by the German
military to encrypt messages, the code of which was subsequently cracked
by a team at the legendary...
 

Posted by InfoSec News on Sep 19

Forwarded from: nullcon <nullcon (at) nullcon.net>

Hi All,

We have been working on a lot of stuff lately and here is brief outline of what
we intend to do in 2012.It is going to be a very happening and busy year for
us. As always your contribution and support is what keeps us 'up and running'
and motivated. We are currently revamping the conference website and it should
be up in a few days. Keep an eye on http://nullcon.net...
 

Posted by InfoSec News on Sep 19

http://www.darkreading.com/blog/231601549/0-day-scada-exploits-released-publicly-exposed-servers-at-risk.html

By John H. Sawyer
Dark Reading
Sep 16, 2011

Luigi Auriemma made news back in March 2011 with the release of 34
zero-day (0-day) SCADA vulnerabilities. This week, he's back in the news
with the release of 15 new 0-day advisories, 13 of which affect eight
different SCADA products.

SCADA (supervisory control and data acquisition)...
 

Posted by InfoSec News on Sep 19

http://www.computerworld.com/s/article/9220078/Man_stole_data_from_U.S._service_members_via_P2P

By Robert McMillan
IDG News Service
September 16, 2011

A California man who dug up sensitive information belonging to U.S.
service members on peer-to-peer networks, and then used it to order
iPods, cameras, and even washing machines from an online store, was
sentenced to 75 months in federal prison Thursday.

Rene Quimby, 42, had already pleaded...
 

Posted by InfoSec News on Sep 19

http://www.colombopage.com/archive_11A/Sep18_1316327408CH.php

ColomboPage News Desk
Sri Lanka
Sep 18, 2011

Sri Lanka will hold this year's Cyber Security Week (CSW) in the third
week of October, the Sri Lanka Computer Emergency Readiness Team
(SLCERT) announced.

Cyber Security Week 2011 program features, a one-day conference on
October 19 and two technical workshops on October 20 and 21. The
conference and the two workshops are to be...
 
Internet Storm Center Infocon Status