InfoSec News

Researchers have sussed out how to use the spin of an electron to hold information.
 
Hackers have broken into the website of the New York tour company CitySights NY and stolen about 110,000 bank card numbers.
 
The U.S. Securities and Exchange Commission has opened an information investigation into the circumstances surrounding Mark Hurd's departure from Hewlett-Packard, The Wall Street Journal reported Monday.
 
Adobe joins a select few IT firms who generate a billion dollars of cash each fiscal quarter
 
Two Democratic commissioners say they will vote for a net neutrality proposal before the FCC.
 
Lawson Software said it is buying human-resources software vendor Enwisen for $70 million, expanding its presence in that market. The deal is expected to close by Dec. 31.
 
Linux Kernel Multiple 'kvm/x86.c' Local Information Disclosure Vulnerabilities
 
WebM libvpx Unspecified Memory Corruption Vulnerability
 
In early 2000 -- ages ago in Internet time -- some of the biggest names in e-commerce were brought to their knees by a brief but massive assault from a set of powerful computers hijacked by a glory-seeking young hacker. The assailant in that case, known online as Mafiaboy, was a high school student from a middle-class suburban area of Canada who was quickly arrested after bragging about his role in the attacks.
 
AT&T isn’t about to sit back and let Verizon become the undisputed king of 4G LTE networks.
 
When a photo of Facebook CEO Mark Zuckerberg meeting with the head of China's largest search engine hit the Internet, speculation began to run wild.
 
Microsoft has introduced its Dryad technology for big data management.
 
Tuesday's vote at the FCC on Net neutrality rules may not be the end of the debate.
 
Microsoft CEO Steve Ballmer's ranking as a chief executive plunged 65 places this year, while Apple CEO Steve Jobs climbed 31 spots, according to a "wealth creation" index released today.
 
An at-scale botnet emulation helps a team of researchers in Canada and France learn more about how armies of zombie computers operate.
 
Hitachi has announced its highest capacity 2.5-in laptop drive, which comes with up to 500GB of capacity and exceeds competitor's products in areal density by almost 100Gbit per square inch.
 
Oracle is being sued by drug-safety software vendor DrugLogic over alleged patent violations, according to a complaint filed Dec. 17 in U.S. District Court for the Northern District of California.
 
Apple Safari WebKit 'alink' Property Memory Leak Remote Denial of Service Vulnerability
 
Microsoft last week killed an anti-piracy service that checked whether customers were running legal copies of Office, saying that the program had 'served its purpose.'
 
Microsoft Office TIFF Image Converter (CVE-2010-3947) Heap Based Buffer Overflow Vulnerability
 
Microsoft Office TIFF Image Converter (CVE-2010-3950) Memory Corruption Vulnerability
 
Microsoft Office TIFF Image Converter (CVE-2010-3949) Buffer Overflow Vulnerability
 
Microsoft Office PICT Image Converter (CVE-2010-3946) Integer Overflow Vulnerability
 
I just snapped a super-cute photo of my wife wearing a Santa cap, which she wanted to use as her new Facebook profile picture.
 
Secunia Research: RealPlayer "cook" Arbitrary Free Vulnerability
 
Secunia Research: RealPlayer AAC Spectral Data Parsing Vulnerability
 
Secunia Research: RealPlayer "cook" Uninitialised Memory Vulnerability
 
Secunia Research: SAP Crystal Reports Print ActiveX Control Buffer Overflow
 
The IT job of tomorrow will likely focus on social networking, cloud computing and strategic use of smartphones and tablets.
 
If you're thinking about operating a private cloud, you'll need management software to help create a virtualized pool of compute resources, provide access to end users, and handle security, resource allocation, tracking and billing.
 
Nokia, Microsoft and the operator-led Wholesale Applications Community have been added to the App Planet developer conference roster, which will take place during Mobile World Congress, the GSM Association said.
 
OpenBSD CARP Hash Vulnerability
 
Default SSL Keys in Multiple Routers
 
[SECURITY] [DSA 2134-1] Upcoming changes in advisory format
 
We were wrong -- so far -- that Carol Bartz would be ousted as Yahoo CEO by the end of this year, but we were right that Apple's tablet, whose name wasn't known at the end of last year, would be huge. OK, so that second one was probably a given, but not all of our 2010 predictions were so easy. We think the same is true with our 2011 predictions.
 
MyBB 'member.php' and 'newreply.php' Multiple Cross Site Scripting Vulnerabilities
 
Last week on December 14, Microsoft released an update (KB2412171) for Microsoft Outlook 2007, and several of our readers wrote in indicating it caused problems with Outlook after applying the update. On December 16, Microsoft removed the update from Microsoft Update. Microsoft identified 3 issues with this updated. If you are experiencing similar issues with the patch like those listed in this Microsoft Blog and you are using Windows XP, Vista and 7, Microsoft listed the steps to remove the patch here. [1]
[1] http://blogs.msdn.com/b/outlook/archive/2010/12/17/issues-with-the-recent-update-for-outlook-2007.aspx
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Cisco's cloud strategy encompasses pretty much everything under the sun save one - actual cloud services.
 
Gawker Media's CTO has outlined a series of security changes designed to shore up the company's IT operations following an attack last week that compromised up to 1.4 million accounts.
 
MH Products PayPal Shop Digital 'ItemID' Parameter SQL Injection Vulnerability
 
Intel will make a big splash at the CES trade show Jan. 6 showing its Atom chips running inside tablet computers and netbooks. But how well it can compete for the smartphone market, which is dominated by the ARM architecture, remains to be seen.
 
The key to a bright future in a technical career is to be a good writer. Here's why.
 
Microsoft applied for a U.S. patent covering a tactile, shape-shifting touchscreen that could replace mobile keypads.
 
The Green Grid consortium -- creator of a widely used energy-efficiency metric -- is rolling out new metrics for carbon emissions and water usage by data centers.
 
The GSA will need to tread carefully to avoid the difficulties faced by the city of Los Angeles when implementing Google's cloud-based e-mail system, an analyst says.
 
Security gaps could make businesses vulnerable to the same types of unauthorized disclosures plaguing the U.S. Department of State.
 
The first rule in deploying a security incident and event management tool: Don't make assumptions.
 
Building and managing a private cloud isn't easy, a veteran IT analyst says. You'll need a fully virtualized infrastructure, plus new management tools to provide fast, self-service provisioning of computer resources.
 
Albuquerque Public Schools CIO Tom Ryan talks about the role technology can play in individualized learning available 24/7 to teachers as well as students, their families, guardians and mentors.
 
CompTIA's CEO discusses the job outlook; and a study finds Gen Y'ers aren't the heaviest users of collaborative technology in the workplace.
 
Ecava IntegraXor Remote Stack-based Buffer Overflow Vulnerability
 
Linux Kernel 'drivers/acpi/debugfs.c' Local Privilege Escalation Vulnerability
 
Adobe Photoshop DLL Loading Arbitrary Code Execution Vulnerability
 
Nimbula's founders developed the Amazon EC2 public cloud system, and are now working on Nimbula Director, which aims to partition internal cloud resources by authentication, along the lines of how EC2 works.
 
The machines used included two Dell 1950s (one has 16GB RAM, other has 8GB, both have eight cpu cores), one HP DL585 G5 (32GB RAM, 16 cpu cores), one HP DL580 G5 (32GB RAM, 16 cpu cores), Dell Optiplex 740 (three-core AMD, 4GB RAM).
 
Gibbs has a festive play for you …
 
As we close out 2010 and welcome 2011 it is clear we're at an interesting juncture in IT, with new opportunities stretching out before us. The key will be what we make of the opportunities and how we position our efforts to capitalize on them.
 


Internet Storm Center Infocon Status