InfoSec News

OCZ today announced its latest version of the Deneva enterprise-class SSD, which is customizable for equipment manufacturers and comes with SandForce's latest controller.
We're about to reach the limits of Verizon Wireless's limited-time offer of unlimited data, reports the Wall Street Journal's AllThingsD. The website reports that the wireless carrier plans to introduce tiered pricing next month for new smartphone customers -- including those buying Apple's iPhone 4.
Dell's Inspiron 17R desktop replacement laptop is a study in clean, simple design. It's also highly configurable and supports many of the latest technologies such as USB 3.0 and Intel's Wireless Display (WiDi). And as you might guess from the 17R designation, a large (17.3-inch), 1600-by-900-pixel display is part of the package.
Mobile broadband startup LightSquared proposed an alternative network plan on Monday in which it would use different frequencies to prevent interference with GPS.
Attacks against RSA and defense contractors could be from smaller groups, not state sponsored terrorism, warns former DHS Secretary Michael Chertoff.

Add to digg Add to StumbleUpon Add to Add to Google
Google may owe Oracle nearly as much money in damages as Oracle paid to buy all of Sun Microsystems, says Oracle's paid expert in the companies' Java intellectual property dispute.
Researchers at the PlanetLab global research network have developed a potential replacement for the widely used Unix sudo tool, called Vsys, that will offer administrators far greater control over what end users can and can't access.

The legacy of LulzSec
SC Magazine US
The question on some people's minds is: What impact do these "hacktivist" groups have on infosec as a whole? There are two scenarios that may play out, as I see it. 1). The first is Anonymous, LulzSec and whichever groups follow -- and we know there ...

and more »
While NFC (near-field communication) gradually emerges to turn mobile phones into payment devices, Silicon Valley startup Naratte is introducing a system it claims can do roughly the same thing without adding a chip to the handset.
HP's Vertica database can now support MapReduce-like functionality, according to the company.
A supercomputer in Japan has ended China's brief stay atop the list, while the U.S.-built computers took five of the top 10 spots and more than half of the full list.
I've been watching a challenge grow on the horizon. It comes up over and over again in conversations with security and technology executives alike, and if it hasn't hit your organization yet...well, let's just say that it probably has and you're just missing it. It's the broad issue of mobility and the consumerization of IT. Simply put, it's all those fun little devices that your employees are bringing to you and saying "support me."
Apple store representatives today said that while Genius Bar technicians won't install Lion for customers, Mac owners can use a store's Internet connection to download the 4GB upgrade.
U.S. federal officials on Monday announced the indictments of a New Jersey couple for "a massive and elaborate scheme" to defraud New York in connection with the city's CityTime software project.
Linux Kernel 'iriap.c' Multiple Remote Buffer Overflow Vulnerabilities


Taking the human factor out of phishing prevention
Likewise, one-time passwords don't protect against man-in-the-middle attacks--as Gurudatt Shenoy points out on the InfoSec Island site--but sending a one-time code to a mobile phone or other device via SMS will stymie most phishing attempts. ...

and more »
Researchers in Germany have found abundant security problems within Amazon's cloud-computing services due to its customers either ignoring or forgetting published security tips.
A day after a pair of hacker groups promised to step up their attacks against government Web sites, one of them claimed to have knocked the U.K.'s Serious Organised Crime Agency (SOCA) offline.
The National Security Agency, America's high-tech spy agency which also plays a key role in approving hardware and software for use by the Department of Defense, wants to be able to outfit military personnel with commercial smartphones and tablets -- but based on a NSA security design.
RETIRED: Cisco IOS SNMP Message Processing Remote Denial of Service Vulnerability
[SECURITY] [DSA 2265-1] perl security update
The Federal Communications Commission will look at ways to attack illegal phone charges, the agency's chairman said.
SAP's HANA (high performance analytic appliance) in-memory computing engine went into general availability on Monday, giving the vendor a flashy new weapon against the likes of Oracle's Exadata data-processing machine and others in a highly competitive market.
Cloud computing could help boost the use of high-performance computing (HPC) among small and medium-size businesses, but there are hurdles that have to be overcome before that can happen, IDC said Monday during a presentation at the International Supercomputing Conference in Germany.
Microsoft has received clearance from U.S. antitrust regulators for its proposed purchase of Internet telephony company Skype.
Researchers detected a drive-by attack contained in malicious code hosted on a compromised restaurant website.

Add to digg Add to StumbleUpon Add to Add to Google
Apple has spelled out how education and corporate customers can upgrade Macs to Lion next month.
Google's Street View got off to a bad start in Bangalore, with the city police objecting to the collection of data by Google's cars.
If you work in an office, you can close your door to let others know that you are too busy to be disturbed. Wouldn't it be nice if you could send the same signal via email? Now you can, with, a free cloud-based service that lets others know where your email load stands so they can wait to contact you.
We all worry that there's some lurking security problem in our servers. We do what we can, patching, following best practices, keeping up-to-date with training and news. But wouldn't it be great to have an automated tool to check our work? That's the promise of vulnerability analyzers: products that detect problems in configuration, applications, and patches.
The multitudes have spoken: They love the Apple iPad, they want more tablets, and they want them in the office. Here's what to expect.
Nibbleblog Multiple SQL Injection Vulnerabilities
Perfect PDF products distributed with vulnerable MSVC++ libraries
[SECURITY] [DSA 2264-1] linux-2.6 security update
Mobile Wi-Fi clients are surging on wireless LANs. The growth is forcing IT groups to adapt to a new, more dynamic RF environment and rethink WLAN design.

Posted by alerts on Jun 20

Just a quick note, I think we've, well... I nudged Brian Martin with
to look over the Mailman settings and he found a few things I missed the first
time around, changing the mime setting so there's no more replies in 48 point
red BOLD type to unsubscribe, not to mention to stopping everyone's replies to
the list. So if you're in the mood to thank Brian, (I know I am!) please check

Posted by alerts on Jun 20


The Secunia Weekly Advisory Summary
2011-06-09 - 2011-06-16

This week: 45 advisories

Table of Contents:

1.....................................................Word From Secunia...

Posted by alerts on Jun 20

By Tim Greene
Network World
June 17, 2011

A model of the Internet where the Pentagon can practice cyberwar games
-- complete with software that mimics human behavior under varying
military threat levels -- is due to be up and running by this time next
year, according to a published report.

Called the National Cyber Range, the computer network mimics the
architecture of...
Joomla! Calc Builder Component 'id' Parameter SQL Injection Vulnerability
Chinese telecommunications equipment manufacturer Huawei unveiled a 7-inch tablet running version 3.2 of Google's Android mobile OS on Monday.
Silicon Graphics International hopes by 2018 to build supercomputers 500 times faster than the most powerful today, using specially designed accelerator chips made by Intel, SGI's chief technology officer said.
Eight Skype executives have departed the company following Microsoft's $8.5 billion buyout in May, a Skype spokeswoman confirmed on Monday.
DATAC RealWin SCADA Server Multiple Remote Buffer Overflow Vulnerabilities
Wing FTP Server 'ssh public key' Authentication Security Bypass Vulnerability
Hackers are aggressively exploiting a just-patched Flash vulnerability "on a fairly large scale," according to a Shadowserver Foundation researcher.
There's "the cloud" and then there's Windows Azure.
We controlled our Microsoft-supplied Azure account from our laptops (MacBook Pros, sometimes running Window 7 VMs) and through our NOC resources (numerous Dell, Tyan, and HP servers; 10GB Extreme Switch, Compellent SAN, 100mbp/s connection hosted at
Gibbs reviews feedback from his “Curse you users” column.
Digital Enterprise platform integrates LiveCycle business process suite with CQ Web content management technology
The Northrop Grumman Cybersecurity Research Consortium is focused on improving mobile and cloud security and on reducing the cost of recovery from cyberattacks.
Electronics retailer Crutchfield has seen a 34% increase in converting shoppers to buyers on its mobile website since implementing PayPal Mobile Express Checkout last December.
Which organizations excel in key employment categories?
These top-rated IT workplaces combine choice benefits with hot technologies and on-target training. Our 18th annual report highlights the employers firing on all cylinders.
Hewlett-Packard carried its feud with Oracle to the floor of its user group conference this month by clearly encouraging migrations from Oracle to Microsoft software on HP hardware.
Analysts are split on how big of a gamble Microsoft has made by making significant changes to the interface of its flagship Windows operating system software.
One thing that project team leaders have in common is that none of them is terribly concerned about their relationship with the others.
The western half of North Carolina has become a magnet for giant data centers. Apple and Google have already built major data centers there, and Facebook has one under construction.
NYSE Euronext announced that it's planning to offer a cloud service that will provide on-demand computing resources to Wall Street broker-dealers.
What's the key to job satisfaction for IT employees at Best Places?

UK's first and largest combined information security conference and training ...
Prfire (press release)
Infosec professionals working within the public sector and government agencies will benefit from a reduced ticket price of £195 by contacting the organisers directly. 44Con training 30th"31st with the conference running 1st " 2nd September, 2011. ...

Linux Kernel 'inet_diag_bc_audit()' Local Denial of Service Vulnerability
A Japanese computer has taken first place on the Top 500 supercomputer list, ending China's reign at the top after just six months. At 8.16 petaflops (quadrillion floating-point calculations per second), the K computer is more powerful than the next five systems combined.
Joomla! 'com_team' Component SQL Injection Vulnerability
Helium Music Manager DLL Loading Arbitrary Code Execution Vulnerability
We developed a test methodology and evaluation criteria in six main areas, including results reporting, product controls and manageability, scan results, vulnerability workflow features, interoperability, and updates and protocol support.
Maybe Apple is simply paying a price for trying to hog all the lowercase letter i's.
The board of directors of the Internet Corporation for Assigned Names and Numbers (ICANN) has approved an increase in the number of Internet domain name endings, known as generic top-level domains (gTLDs), from the current 22.
Compliance is a natural extension of a vulnerability analysis tool. Normal vulnerability scanning includes searching for unpatched systems, unprotected directories, and other errors in configuration.
Web scanning is different from vulnerability scanning because it looks for bugs in the Web apps themselves, rather than the software installed on the Web server. For example, all of the vulnerability scanners told us about an old embedded system on our network vulnerable to a cross-site scripting attack because of an old version of PHP. That's just normal vulnerability scanning, and depending on your Web applications and Web server settings may turn out a lot of false positives. But actually finding an exploitable script on a Web site requires a more intense search, coming in from the outside, and a more specialized type of scanner.
Internet Storm Center Infocon Status