InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Imagine the longest, most complex government form you've ever had to fill out and you start to have an idea what jurors will face as they begin to consider their verdict in the patent infringement case between Apple and Samsung.
NASA has decided to take a much deeper look inside Mars to try to figure out why the Red Planet evolved so differently from Earth.
Extending its line of identity management software, Quest Software has released an application to help administrators more easily control who accesses documents on the corporate network.
APPLE-SA-2012-08-20-1 Apple Remote Desktop 3.6.1
Using DNA as the medium, Harvard researchers were able to store 1000 times more information into double helices than had previously been achieved, according to a paper published last week in Science.
SAP is suing insurer Swiss Re International, claiming that the company has refused to pay its share of an $80 million settlement with Waste Management, which had brought suit against SAP in 2008 over a troubled software project.
Smartphone and tablet users prefer using Wi-Fi over cellular connections, and consider Wi-Fi cheaper, faster, easier to use, more reliable and, even, slightly more secure than cellular.
A U.S. District Court judge today threw out a lawsuit filed against Infosys brought by former employee Jay Palmer.
Contrary to most reports, Apple is not yet the most valuable company of all time, according to calculations made by the Columbia Journalism Review.
Samsung's Galaxy Note 10.1 is all about the S Pen -- but is a standout stylus enough to make up for an otherwise middling tablet?
Microsoft has ditched the 30-day grace period, a trademark of Windows 7, in the retail copies of Windows 8, mandating that users provide a product key during setup.
NGS00241 Patch Notification: SysAid Helpdesk blind SQL injection
A U.S. District Court judge today threw out a lawsuit filed against Infosys brought by former employee Jay Palmer.
Harvard University researchers have developed a squishy robot that can disguise itself or change its color to stand out from its background.
The man accused of breaking into the home of late Apple CEO Steve Jobs appeared in a California court on Monday morning but did not enter a plea.
Projectbook is a new note-taking and task management application for the iPad from Theory.io. (See Macworld's recent story on Projectbook for a thorough description of the app.) I've been using the iPad offering since its recent release and, with each feature I evaluate, I keep finding myself drawing comparisons to Evernote. This isn't surprising given the nature of the app. However, since Evernote is a mature application with a robust developer community while Projectbook is a newly-released app from a small (though yet highly qualified) development shop, it really isn't a fair comparison. But I won't let that stop mea|
NGS00242 Patch Notification: SysAid Helpdesk stored XSS
NGS00208 Patch Notification: Moodle CMS stored XSS
NGS00330 Patch Notification: Squiz CMS Directory Traversal
[ MDVSA-2012:140 ] mono
The judge who oversaw Oracle's lawsuit against Google said Monday that the search giant "has failed to comply" with an Aug. 7 order to provide the names of parties whose commentary on the suit may have been influenced by money.
[SECURITY] [DSA 2531-1] xen security update

We have heard a couple of cases regarding problems caused my faulty antivirus signature files.Most recend that has a worldwide impact was the Microsoft Antivirus treating code from google webpage as virus. In 2010, Mcafee deployed DAT 5958 which identified svchost.exe as a virus, deleting it an causing loose of network access. In April 2011, Mcafee deployed DAT 6329, which caused disruption in SAP telephone connectivity functionality as it recognized spsgui.exe with virus. Also deployed DAT 6682, which caused system crash in GroupShield Exchange (MSME), GroupShield Domino, and McAfee Email Gateway.

Yesterday, we received report from reader John stating that computers with DAT 6807 installed got conectivity problems. Today Mcafee confirmed this to be a problem if you are using VSE 8.8.x and have DAT 6807 or 6808 installed. Their recommendation is to go straight to DAT6809.

Other antivirus programs like AVG also deploys faulty updates. Since these events are becoming a worrying trend, should we implement test procedures inside our organizations as we do with other updates like the ones deployed by Microsoft with Windows Update? Implementing a faulty update has a high risk to the organization and its solution consumes considerable time and substantial resources. I am considering implementing such procedure for my company.

Do you think it's necessary to implement such procedure in your company? Let us know!
Manuel Humberto Santander Pelez

SANS Internet Storm Center - Handler



e-mail:msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
With Office 2013, Microsoft sets the bar high. The reworked suite of applications runs on a range of devices, including new Windows tablets; it has a new look, which is fast and fluid, yet has familiar commands; it responds to touch and stylus, as well as keyboard and mouse; and everything's cloud-connected.
Google could sell between six million and eight million of its $199 Nexus 7 tablets by year's end, according to a new estimate.
RIPE NCC has reallocated two IP address blocks that were in quarantine because they were being used by a the DNSChanger malware. That could be a problem for the new owners - and for any computers that might still be infected

iMessage, the Apple messaging technology that the company has urged customers use to avoid an SMS spoofing bug, remains under a patent litigation cloud, with a trial slated for November.
Mono 'HttpForbiddenHandler.cs' Cross-Site Scripting Vulnerability
Amazon Web Services has made it possible to roll out Python-based applications using Elastic Beanstalk, which aims to make it easier to deploy and manage applications in its cloud, the company said on Sunday.
McAfee is expanding its mobile security software for Android tablets and smartphones, as it sees an increase in threats targeting Android devices, the Intel subsidiary announced on Monday.
In many ways, the emergence of social media is a replay of the e-discovery challenges posed by email in the 1990s. This time, though, we have that precedent to learn from.
Sony, which makes the camera modules used in the latest smartphones from Apple and Samsung, said Monday it will begin sales of a new image chip that is nearly half the size of current models.
Hastymail2 'Subject' Field Multiple HTML Injection Vulnerabilities

Channel Pro

Webroot to pull email service 12 months ahead of time
Channel Pro
We have been working closely with Webroot and other business partners to ensure our customers migrate to an alternate provider with minimal commercial and technical impact,” Pete Sherwood, managing director of Infosec Technologies told Cloud Pro.
Webroot resellers turn to iCritical following revised end of life announcementChannel EMEA
iCritical bails out Webroot resellersChannelBiz

all 4 news articles »

Registrations for second Sophos Linux Forensics challenge close this week
SC Magazine UK
The infosec company is set to launch its second Linux challenge on Monday 27th August that will test contestants' skills in identifying security issues on a Linux system. As well as detecting a series of attacks against the server, competitors will be ...

NASA's Mars rover Curiosity successfully tested its laser on Sunday, blasting a fist-size Martian rock and analyzing its makeup.
Sony, which makes the camera modules used in the latest smartphones from Apple and Samsung, said Monday it will begin sales of a new image chip that is nearly half the size of current models.
Apple's new top-of-the-line 15-in. MacBook Pro, with its ground-breaking Retina display, is drool-worthy, says columnist Richard Hoffman. But it comes with a cost: There are no user-replaceable parts whatsoever.
Start-up SimpliVity is the latest vendor to emerge from the development stage with an all-in-one array that performs all the functions of a complete IT stack with the addition of deduplication and data replication. More companies and products are preparing similar launches.
A recently patched Flash exploit popped up in the wild, security researchers published an in-depth analysis of Apple's FileVault2 encryption software, a blogger used free time on Amazon EC2 to crack WPA keys, JFK airport's security failed, and controversial chat encryption

A developer of open source Mac applications is pulling his media player from the Mac App Store because of sandboxing restrictions that limit which files the application can open without explicit permission

Google Chrome Prior to 21 Multiple Security Vulnerabilities
Xen CVE-2012-3433 Denial of Service Vulnerability
Xen HVM Guest User Mode MMIO Emulation Local Denial of Service Vulnerability
PostgreSQL 'xml_parse()' Function Arbitrary File Access Vulnerability
India has asked Internet service providers to block certain websites and restricted users from sending bulk SMSes for two weeks after threatening content caused panic across the country, official sources said.

Bill Doyle Joins Jericho Systems Corporation as Information Assurance Architect
EON: Enhanced Online News (press release)
DALLAS--(BUSINESS WIRE)--Jericho Systems Corporation, a leading provider of Attribute-Based Access Control (ABAC) technology to the Department of Defense (DoD) and U.S. federal agency communities, today announced that William (“Bill”) D. Doyle ...

Internet Storm Center Infocon Status