Hackin9

InfoSec News

Quantum has partnered with Xerox, which is using two new products for a cloud-based backup service.
 
The writing may finally be on the wall for Hewlett-Packard's storied print division.
 
The dust-up over the term "NoOps" escalated this week, with high-profile IT executives from Netflix and Etsy issuing dueling blog posts about the evolution of IT organizations.
 
Virus Bulletin updated its spam filter test, and found that compared to last year, spam filters are doing worse. Sadly, the detailed results are only for paid subscribers. But Virus Bulletin published a brief summary of the latest result as a teaser [1].
I think this is not all bad news. To understand this, one has to consider that the overall volume of spam has dropped significantly. The take down of some large botnets removed a lot of easy to classify spam off the net, leaving a more diverse spam zoo that is not as easy to classify. So I don't think this trend is as worrying as Virus Bulletin makes it sound.

[1] http://www.virusbtn.com/news/2012/03_18.xml

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Researchers at NC State found that ad libraries used in Android apps access personal information unnecessary for proper functionality.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Apple on Tuesday denied any overheating concerns on the new iPad, saying that the product operates well within its thermal specifications.
 
Recent surveys of mobile app developers found that 66% of them feel Google+ could catch up to Facebook and shows there's been an erosion in developer interest in building apps for Android phones and tablets.
 
An important aspect of any product is how easily someone can use it for its intended purpose, also known as usability. Electronic health records (EHR) that are usable have the potential to improve patient care, which is why the National ...
 
Oracle on Tuesday said third-quarter net income rose 18 percent to $2.5 billion, while revenues grew 3% to $9 billion. However, hardware systems revenues sagged 16% to $869 million.
 
Adoption of broadband service in the U.S. has levelled off since 2009, and the U.S. government and the tech and broadband industries will need to work more closely together to drive up subscriber numbers, according to a new study.
 
Although enterprise social networking (ESN) products that replicate Facebook-like and Twitter-like functionality for workplaces have been around for about five years, Microsoft sees a big opportunity in that market, to which some feel the maker of Windows and Office has been slow to respond.
 
Who needs the cloud when you can have two terabytes of storage in the palm of your hand?
 
A favorite marketing tagline for Alcatel-Lucent Enterprise is "Change the Conversation."
 
Verizon Wireless Tuesday said it will soon push a wireless software update to Samsung's Droid Charge smartphone to fix a number of glitches, including choppy audio, clicking sounds during calls and crashes when the device is placed into a desktop dock.
 
Apple on Tuesday denied any overheating concerns on the new iPad, saying that the product operates well within its thermal specifications.
 
[ MDVSA-2012:032 ] mozilla
 
Analyst says move is important step in addressing the need for mobile application control and document management capabilities.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0462 Memory Corruption Vulnerability
 
Just as voters in Illinois are heading to the polls to cast their votes in the Republican primary today, presidential candidate Mitt Romney spent part of his day in a Google+ hangout.
 
Hewlett-Packard Co. is to combine its PC and printer divisions into a single business unit, a move that will see Vyomesh "VJ" Joshi, the longtime head of HP's printer division, leave the company, according to a report published Tuesday.
 
According to U.S. Bureau of Justice statistics, the rate of nonfatal workplace violence declined by 35 percent from 2002-2009. But, despite the decline, a recent survey conducted for AlliedBarton Security Services found over half of Americans employed outside their homes (52 percent) have witnessed, heard about or have experienced a violent event or an event that can lead to violence at their workplace.
 
The Russian Federal Security Service arrested eight hackers who allegedly stole $4.5 million in the last quarter alone using an online banking Trojan, security analyst firm Group-IB announced Tuesday.
 
Startup ClearStory Data came out of stealth mode Monday and said it will soon launch a sophisticated data analytics service for business users.
 
Hewlett-Packard Co. is to combine its PC and printer divisions into a single business unit, a move that will see Vyomesh "VJ" Joshi, the longtime head of HP's printer division, leave the company, according to a report published Tuesday.
 
Apple is an iconic consumer electronics company with a string of massively successful products, but it could also become the world's largest mobile processor company by the end of the year, according to a study due to be released by In-Stat later this week.
 
The seventh annual Ponemon Cost of Data Breach Report analyzed 49 U.S. companies and found organizations with CISOs and a formal incident response plan helped cut costs.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
There are two main types of cloud synchronization services available today, according to Terri McClure, a market analyst at Enterprise Strategy Group: consumer-focused ones, such as DropBox, and enterprise-focused ones such as Amazon Web Services and Rackspace. Egnyte, a hybrid cloud provider, is looking to bridge the advantages of each with a new offering it released today.
 
Akamai Technologies is extending the reach of its data acceleration services to better address mobile Internet use and the delivery of content from within an enterprise data center to employees or partners in the field.
 
Regarding MS12-020
 
[security bulletin] HPSBMU02752 SSRT100802 rev.1 HP Insight Control Software for Linux (IC-Linux), Remote Execution of Arbitrary Code, Denial of Service (DoS)
 
China's Huawei Technologies, best known as a telecommunication equipment supplier, is making a greater push into the server market as the company faces the challenge of boosting its brand awareness among enterprise customers.
 
Legitimate users of Megaupload's service have learned this lesson the hard way.
 
The French National Commission on Computing and Liberty (CNIL) has fired a salvo of questions at Google about the new privacy policy it introduced at the start of this month.
 
Mobile developers will increasingly use HTML5 in their applications during 2012, but fragmentation will make their life more difficult, according to a joint survey from IDC and cross-platform development vendor Appcelerator.
 
Seagate said it is the first hard-drive maker to achieve the milestone storage density of 1 terabit (1 trillion bits) per square inch on a disk platter. The technology will allow it to create a 60TB hard drive this decade.
 
[MajorSecurity-SA-2012-014]Apple Safari on iOS 5.1 - Adressbar spoofing vulnerability
 
[SECURITY] [DSA 2435-1] gnash security update
 
[SECURITY] [DSA 2434-1] nginx security update
 
Microsoft will wrap up Windows 8 this summer, according to a report by Bloomberg on Monday.
 
There are about a million books about photography on the shelf of your local bookstore. I should know, because mine is one of them. But you don't need to remember a book's worth of tips and tricks to improve your photography; for the highlights, you might want to play with an online camera simulator. And when you get right down to it, there are just a handful of easy things you can do to make a dramatic improvement to your photos.
 
Amazon has agreed to buy Kiva Systems, a company specialized in automated materials handling in warehouses, the online retailer announced on Tuesday.
 
Bowdoin College recently completed a $1 million upgrade to its wireless network that allows more Wi-Fi access for students, including video streaming, and better network management for the IT staff.
 

Infosec human factor solved only by education
Infosecurity Magazine
A talk at the Information Exploitation Conference at the Home Office's Security and Policing Exhibition 2012 today addresses the disconnect between user and professional, and calls for a new standard that focuses on training and awareness.

 
Apple's new iPad arrived Friday and, given the popularity of early sales, will be showing up this week at an office near you.
 
Using a private cloud to handle back-end infrastructure tasks for your mobile workforce is the way to go. To get there, be prepared to make an investment of time and resources.
 
Getting your phone onto Wi-Fi networks may get a lot easier starting in about a year, but it won't necessarily get cheaper.
 

Posted by InfoSec News on Mar 20

http://www.dailymail.co.uk/news/article-2116633/Phone-hacking-FBI-threaten-step-investigation-Rupert-Murdochs-empire.html

By Daily Mail Reporter
18 March 2012

The FBI has vowed to step in if the Met Police 'drop the ball' in its
investigation into illegal activity within the Murdoch empire, it has
been revealed.

The U.S. Bureau already has access to all the evidence handed over by
News Corporation to Scotland Yard and the company...
 

Posted by InfoSec News on Mar 20

http://arstechnica.com/business/news/2012/03/duqu-espionage-malware-authored-by-old-school-developers.ars

By Dan Goodin
March 19, 2012
Ars Technica

A sophisticated piece of espionage malware with ties to the Stuxnet worm
used to disrupt Iran's nuclear program was probably authored by an
experienced team of "old school" professional developers, researchers
from antivirus provider Kaspersky said.

They drew that conclusion after...
 

Posted by InfoSec News on Mar 20

http://www.nextgov.com/nextgov/ng_20120319_2120.php

By Aliya Sternstein
Nextgov
03/19/2012

During the past year, the Internal Revenue Service did not install
critical fixes for software vulnerabilities, allowed unauthorized access
to accounting programs and failed to ensure contractors received
security training, according to the auditors' auditors.

Around tax time in 2007, 2008, 2009, 2010, 2011 and now this year, the
Government...
 

Posted by InfoSec News on Mar 20

http://www.networkworld.com/news/2012/031912-symantec-stolen-key-257407.html

By Ellen Messmer
Network World
March 19, 2012

When Kaspersky Lab last week spotted code-signed Trojan malware dubbed
Mediyes that had been signed with a digital certificate owned by Swiss
firm Conpavi AG and issued by Symantec, it touched off a hunt to
determine the source of the problem.

The answer, says Symantec's website security services (based on the...
 

Posted by InfoSec News on Mar 20

http://www.zdnet.com/blog/security/pwnedlist-alerts-you-when-youve-been-hacked-for-a-price/10943

By Emil Protalinski
Zero Day
ZDNet.com
March 19, 2012

PwnedList is a website launched nine months ago to help users figure out
if their account credentials have been hacked. The service crawls public
sites where hackers post stolen data and then indexes all the login
credentials it finds. As such, if your company or a website you use was
hacked,...
 
Sambreel Holdings and two subsidiary companies that offered advertisement-supported skins for Facebook profile pages filed Monday an antitrust lawsuit against the social networking company in a U.S. federal court, its attorneys said.
 
Advanced Micro Devices on Tuesday is expected to announce new Opteron 3200 series chips for low-end servers, which the company hopes will give it a competitive edge over Intel in the cloud server market.
 
Internet Storm Center Infocon Status