InfoSec News

Yahoo's second-quarter revenue was $1.6 billion, coming in on the low end of the company's expectations and falling short of analyst predictions.
 
More information at http://www.mozilla.com/en-US/firefox/3.6.7/releasenotes.
-- Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
CIO sits down for five minutes with Mark Cohen, CIO for online store DealsDirect.com.au, to discuss the projects he's working on, his take on the big issues affecting CIOs and his favourite tech-gaget.
 
The Internet has been abuzz with rumors and conjecture about why blogging Web site Blogetery.com and its reported 70,000 bloggers went dark last week.
 
Windows 7 supports a multitouch interface out of the box, and a number of laptops have shipped with touch-enabled LCD screens. For the most part, multitouch has been useful only with Windows 7-specific applications or with third-party apps designed for the Windows 7 touch interface. Once you've played with the bundled Microsoft Touch applications, their novelty starts to wear off.
 
The recurrent technical problems that have affected Twitter for the past seven weeks have also taken a toll on developers of external applications built for the microblogging service.
 
VMware on Tuesday reported a 48% jump in revenue for the second quarter, a greater increase than expected, and raised its outlook for the full year on strong demand for its virtualization software.
 
Apple reported revenue of $15.7 billion for the quarter that ended June 27, up from $9.7 billion in revenue for the same quarter last year.
 
Between 14 million and 24 million U.S. residents don't have access to broadband service, and deployment isn't happening fast enough, a report from the U.S. Federal Communications Commission concluded.
 
Yahoo's second-quarter revenue was $1.6 billion, coming in on the low end of the company's expectations and falling short of analyst predictions.
 
Hewlett Packard is seeking to trademark the name "PalmPad" for computer hardware and mobile devices, providing a solid indication that a tablet computer based on HP's purchase of Palm and its WebOS is under development.
 
SAP said Tuesday that the European Commission has approved its pending acquisition of Sybase.
 
According to the arguments presented by Handler Lenny when the Infocon level was increased, we believe that the purpose of increasing the awareness on this vulnerability has been fulfilled, so we are falling back to green level. This does not imply that the threat is over.
If we see a major attack arise using this vulnerability, we will let you know and if it is bad enough we will raise infocon again.
Update: There is an interesting article from Didier Stevens about how to mitigate LNK exploitation with software restriction policies. Read it at http://blog.didierstevens.com/2010/07/20/mitigating-lnk-exploitation-with-srp/.
-- Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander| http://manuel.santander.name| msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Think Facebook and productivity don't go together? Facebook time does not always equal wasted time. These four Facebook apps help you streamline and simplify your browsing, share documents with Facebook contacts and more.
 
IT is an integral part of all organizations and we understand firsthand that people who work in IT are a unique, diverse community of individuals who do great work on the job, but also leave time for individual hobbies and pursuits. We thought it would be fun to take a look at your interests on a broader scale, so we recently surveyed 500 IT professionals to find out more.
 
Analyst firm Gartner has formed a new advocacy council around the issue of IT maintenance contracts and issued a "code of conduct" it wants vendors to follow, actions that could further intensify an already hot topic.
 
Google has given a major overhaul to the layout of its Images search engine's results page and introduced a new advertising format specific for this service.
 
Microsoft may have a tough time fixing the recently discovered Windows shortcut vulnerability, a security researcher said today.
 
An open source foundation partially funded by the U.S. Department of Homeland Security unveiled an open source engine it said improves on past technologies built to detect and prevent network intrusions.
 
For all those who like truecrypt, version 7.0 is out there. Some of the new features are:

Hardware-accelerated AES
Now it is possible to configure TrueCrypt container on a USB flash drive to mount the drive automatically whenever you insert the USB flash drive into the USB port. This is cool.
Partition/device-hosted volumes can now be created on drives that use a sector size of 4096, 2048, or 1024 bytes (Windows, Linux).
Favorite Volumes Organizer this means that now you can organize your mounted device upon logon to system as read only or removable medium
The Favorites menu now contains a list of your non-system favorite volumes. When you select a volume from the list, you are asked for its password (and/or keyfiles) (unless it is cached) and if it is correct, the volume is mounted. (Windows)



More information at Truecrypt website.

-- Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander| http://manuel.santander.name| msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
IBM CEO Samuel J. Palmisano has concentrated power in the hands of fewer managers, including putting one person in charge of both software and hardware products, in an executive reshuffle announced in an internal memo.
 
An investment company has hired Nokia Siemens Networks to build a hybrid 4G-satellite mobile network, called LightSquared, across the U.S. to go live next year.
 
This reviewer found a lot to like in the Dell Streak smartphone when using it for multimedia and data. But, it's lacking as a phone and the overall user experience was lackluster.
 
Arm and Taiwan Semiconductor Manufacturing Company announced a partnership to enable the design of smaller chips for devices like smartphones and tablets, the companies said on Tuesday.
 
On-demand BI vendor Birst is offering the option of concurrent user pricing, a licensing model few BI providers use because it can limit the amount of money they make compared to typical "named user" pricing.
 
iPhone owners may grouse about AT&T's service, but the "halo effect" of Apple's smartphone significantly boosts the U.S. carrier's customer satisfaction levels, not just its revenue, an analyst said today.
 

Security BSides Announces 2010 Speaker Line-Up & Hot Talks at BSides Las Vegas
Earthtimes (press release)
These events are all about expanding the spectrum of infosec discussions and encouraging participants to give voice, creation and refinement to the 'next ...

and more »
 
Google Apps administrators can now set different usage policies for groups within their organization's domains, a feature that many IT departments have requested Google add to this hosted collaboration and communication suite.
 
IBM CEO Samuel J. Palmisano has concentrated power in the hands of fewer managers, including putting one person in charge of both software and hardware products, in an executive reshuffle announced in an internal memo.
 
Wikileaks has turned back on its system that allows whistleblowers to securely submit documents to the site after it was down for maintenance, according to the organization's blog.
 
AT&T today unveiled three new hosted applications targeted at both business and government users.
 
That suggests that more app stores with stringent guidelines are in our future.
 
This dot version is more enterprise-friendly than Android 2.0, but few devices run it now.
 
Adobe today announced that it will harden the next version of its popular Reader PDF viewer, a frequent target of attacks, by adding "sandboxing" technology to the software.
 
Spammers target specific industries based in rural states, according to Symantec Corp.'s MessageLabs Intelligence.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Symantec - MessageLabs - Spam - Alabama - Email
 
Third-party firm hired by the hospital to destroy its backup data can't confirm it carried out its services, leaving 800,000 people at risk to identity theft.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Backup - Identity theft - Data - Theft - Crime
 

World's Fastest Malware Analysis Appliance From ValidEdge Coming to Black Hat ...
Marketwire (press release)
Black Hat also produces a regular webcast series of live web events focusing on the infosec space year long. The third Thursday of every month, ...

and more »
 
Live CDs, DVDs or USB drives let you run Linux without actually installing it. Here are five reasons why you should.
 
After releasing its own handset to compete with Apple's iPhone, Lenovo looks like it may be preparing to take on the iPad. The Chinese company plans on releasing its own tablet PC at the end of the year.
 
Oracle may be Java's new proprietor, but SpringSource, Apache, and Eclipse are driving the development agenda too
 
Japan's Sharp plans to enter the increasingly competitive e-book reader market later this year with a device that can read a new e-publishing file format of its own.
 
Predictions for the Kindle's death at the hands of the iPad appear to have been premature as Amazon on Monday reported strong growth in sales of its popular e-reader after dropping the price to $189.
 
Struggling to keep up with newer and more inventive rivals, number one phone maker Nokia is looking for a new CEO, according to a report in the Wall Street Journal on Monday.
 
More and more companies are setting IT budgets that lean toward spending money on cloud-based services rather than making capital investments in on-site systems.
 
While Facebook is expected to announce this week that it has grabbed its 500 millionth user, a new study shows that not everyone is so happy with the social networking site.
 
Apple is reporting new version of iTunes (9.2.1), which address CVE-2010-1777: A buffer overflow exists in the handling of itpc: URLs, which might lead to application termination or arbitrary code execution.
More information at http://support.apple.com/kb/HT4263.
This affects version 9 of iTunes, and only on the Windows platform.
-- Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander| http://manuel.santander.name| msantand at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
InfoSec News: SANS Raises Infocon Alert To Yellow In Light Of New Windows 'Shortcut' Attack Threat: http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=226000012
By Kelly Jackson Higgins DarkReading July 19, 2010
A zero-day flaw being used in targeted attacks against organizations worldwide -- most notably on SCADA systems -- has security experts [...]
 
InfoSec News: Prosecutor: Accused Mass. spy stole $100m in secrets for China: http://www.boston.com/news/local/breaking_news/2010/07/accused_spy_fro.html
By Jonathan Saltzman and Martin Finucane Globe Staff Boston.com July 19, 2010
WORCESTER -- A federal judge in Worcester is pondering whether to grant bail to a 45-year-old Westborough man who, in a highly unusual case, is accused of economic espionage for allegedly sending trade secrets about insecticides to China.
Kexue Huang faces a dozen counts of economic espionage to benefit a foreign government or instrumentality, as well as five counts of interstate or foreign transport of stolen property.
Assistant US Attorney Scott Garland said only six or seven people had ever been charged with the crime. He said the value of the information that Huang allegedly passed on exceeded $100 million.
The allegations mainly concern the period from January 2003 to February 2008, when Huang worked at Dow Chemical in Indiana. Huang allegedly conveyed the information to Hunan Normal University, prosecutors said today at a bail hearing in federal court in Worcester.
Further details about the case were unavailable. The indictment against Huang, handed up by a grand jury in Indiana, remains sealed.
[...]
 
InfoSec News: Coventry man says passport service 'breached security': http://www.bbc.co.uk/news/uk-england-coventry-warwickshire-10683577
BBC News 19 July 2010
Concerns have been raised about data confidentiality at the passport office after a Coventry man was sent two strangers' birth certificates.
Craig Corbett from Cheylesmore said his replacement passport also contained certificates belonging to a mother and daughter from Peterborough.
He said that when he rang to report the breach the Identity & Passport Service (IPS) blamed it on a computer error.
A spokesman for the Home Office which runs the IPS said it would investigate.
[...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, July 11, 2010: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, July 11, 2010
9 Incidents Added.
======================================================================== [...]
 
InfoSec News: Which products top the list of security concerns?: http://gcn.com/articles/2010/07/19/adobe-reader-and-microsoft-ie-top-security-concerns.aspx
By Kurt Mackie GCN.com July 19, 2010
The majority of Internet security threats come from unpatched vulnerabilities in Adobe Acrobat/Reader and Microsoft's Internet [...]
 
InfoSec News: Black Hat talk to reveal analysis of hacker fingerprints: http://www.networkworld.com/news/2010/071910-black-hat-fingerprint.html
By Tim Greene Network World July 19, 2010
Looking deeper within malware yields fingerprints of the hackers who write the code, and that could result in signatures that have a longer [...]
 

Posted by InfoSec News on Jul 19

http://www.boston.com/news/local/breaking_news/2010/07/accused_spy_fro.html

By Jonathan Saltzman and Martin Finucane
Globe Staff
Boston.com
July 19, 2010

WORCESTER -- A federal judge in Worcester is pondering whether to grant
bail to a 45-year-old Westborough man who, in a highly unusual case, is
accused of economic espionage for allegedly sending trade secrets about
insecticides to China.

Kexue Huang faces a dozen counts of economic...
 

Posted by InfoSec News on Jul 19

http://www.bbc.co.uk/news/uk-england-coventry-warwickshire-10683577

BBC News
19 July 2010

Concerns have been raised about data confidentiality at the passport
office after a Coventry man was sent two strangers' birth certificates.

Craig Corbett from Cheylesmore said his replacement passport also
contained certificates belonging to a mother and daughter from
Peterborough.

He said that when he rang to report the breach the Identity &...
 

Posted by InfoSec News on Jul 19

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, July 11, 2010

9 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide. The Open
Security Foundation asks for contributions of new incidents and new data for...
 

Posted by InfoSec News on Jul 19

http://gcn.com/articles/2010/07/19/adobe-reader-and-microsoft-ie-top-security-concerns.aspx

By Kurt Mackie
GCN.com
July 19, 2010

The majority of Internet security threats come from unpatched
vulnerabilities in Adobe Acrobat/Reader and Microsoft's Internet
Explorer browser, according to an industry study.

Those two programs topped a list of the "15 most observed
vulnerabilities" on the Web, according to M86 Security's...
 

Posted by InfoSec News on Jul 19

http://www.networkworld.com/news/2010/071910-black-hat-fingerprint.html

By Tim Greene
Network World
July 19, 2010

Looking deeper within malware yields fingerprints of the hackers who
write the code, and that could result in signatures that have a longer
lifetime than current intrusion-detection schemes, Black Hat 2010
attendees will be told next week.

Analysis of the binaries of malware executables also reveals
characteristics about the...
 

Posted by InfoSec News on Jul 19

http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=226000012

By Kelly Jackson Higgins
DarkReading
July 19, 2010

A zero-day flaw being used in targeted attacks against organizations
worldwide -- most notably on SCADA systems -- has security experts
worried that the threat could spread further. Concerns about additional
attacks using the so-called "LNK" vulnerability in Windows machines...
 

Internet Storm Center Infocon Status