Share |

InfoSec News

The U.S. Federal Communications Commission on Thursday received a request to transfer T-Mobile's licenses to AT&T, one of the first steps the companies are making in the potentially lengthy approval process of AT&T's proposed acquisition of the smaller operator.
Enterprises cite security as a top reason to shun consumer tools such as Skype, yet few IT organizations are beefing up UC security on enterprise-class devices and endpoints.

Add to digg Add to StumbleUpon Add to Add to Google
At 8.9 inches (diagonal), the T-Mobile G-Slate is the first tablet to hit the middle ground in terms of size, landing firmly between the larger slates that resemble netbooks without keyboards and the smaller models that feel like oversize phones. But the G-Slate (made by LG, and shown by that company as the Optimus Pad) also packs in features not found on other Android 3.0 tablets--including twin cameras for 3D video capture, and three speakers for producing stereo audio no matter how you hold tablet. And with that, the G-Slate ($530 after rebate and with a two-year T-Mobile contract, or $750 without a contract; prices as of April 21, 2011)
A jury in the Eastern District of Texas told Google that it owes Bedrock Computer Technologies $5 million in damages for using versions of Linux that infringe on Bedrock's patents.
Another cloud storage operation shut down last week when startup Cirtas Systems, which developed a controller for storage in the cloud, announced it was leaving the market to regroup.
Man connected to $36.6 million in credit card fraud faces 10 years in prison.
Google has invested in a wind farm in Oklahoma to help offset the environmental impact of its data centers, even as Greenpeace stepped up its criticism of big Internet companies for using "dirty power" that contributes to global warming.
AMD posted gains in both revenue and profit in the first quarter, citing lower prices but higher unit sales of microprocessors compared with a year earlier.
Amazon's Web hosting troubles on Thursday mean a black eye for the company and could raise doubts about the cloud in general, analysts said.
U.S. Department of Defense CIO Teri Takai intends to move the agency's IT in a more mainstream direction to help speed adoption of new technologies, particularly the cloud and mobile.
Adobe on Thursday patched a critical bug in Adobe Reader, its popular PDF viewer, beating its self-imposed deadline by several days.
BlackBerry PlayBook sales hit 50,000 for the first day of sales on April 19, including pre-sales, an analyst at RBC Capital Markets estimated.
Credit card company Visa and clothing retailer Gap are using SMS text messages to deliver updates about promotions and discounts to Gap customers' mobile phones.
Popular websites, including like Quora and Reddit, have been hampered or knocked out today because of server problems in's data center that handles the company's Web hosting services.
Gibbs lists the first five of his top 10 networking tools.
Gibbs knows they (and maybe you) are out to violate his privacy.
Sen. Al Franken (D.-Minn.), who chairs a new privacy panel set up in February, yesterday asked Apple to explain why its iPhones are tracking users' locations.
Verizon Wireless and Samsung announced that the Droid Charge, Verizon's second LTE smartphone, will go on sale April 28 for $299.99 with a two-year agreement.
Be sure you know exactly how much downtime you're likely to experience -- and when.
Popular Web sites, including like Quora and Reddit, have been hampered or knocked out today because of server problems in the's data center that handles the company's Web hosting services.
[ MDVSA-2011:076 ] xrdb
[USN-1120-1] tiff vulnerability
Adobe released important security updates for Adobe Reader X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh OS. The bulletin is posted here.
CVE-2011-0611, is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat, as well as via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.[1]

Affected software:
Adobe Reader X (10.0.1) and earlier versions for Windows

Adobe Reader X (10.0.2) and earlier versions for Macintosh

Adobe Acrobat X (10.0.2) and earlier versions for Windows and Macintosh
NOTE: Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by CVE-2011-0611.

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
iPhone sales at both AT&T and Verizon Wireless have been healthy enough to raise this question: Does the iPhone matter more than the network it runs on?
Several news services are reporting that the son of Eugene Kaspersky, founder of the Moscow-based security firm Kaspersky Labs, has been kidnapped for ransom in Russia.
Secure coding practices are improving at many software vendors, fueled by an increased emphasis on secure coding frameworks, training and new processes.

Add to digg Add to StumbleUpon Add to Add to Google's "Eye on" series examines a security topic each month. In April, the series explores software security and the technologies and methodologies available to reduce vulnerabilities and improve software development processes.

Add to digg Add to StumbleUpon Add to Add to Google
Just a day after security firm Sophos publicly took Facebook to task for lacking important security features, the social network has added some new security elements in what it says is an effort to "make Facebook a more trusted environment."
Novell File Reporter Agent XML Tag Remote Code Execution Vulnerability


Infosec 2011: Where did all the tyre-kickers go?
Exhibitors at Infosec were complaining of lower footfall but lauding the quality of leads as the IT security fair entered its final day. The glitz and glamour of previous years may have been toned down, but all the major names ...

Eric Schmidt took home a pay package worth $313,219 in his final full year as CEO of Google. Now that he's executive chairman, Schmidt is getting a $1.25 million salary, a bonus of as much as $6 million and a $100 million stock package.
Intel and Micron Technology opened a $3 billion factory to make NAND flash memory in Singapore on Thursday, Intel officials said. 2011 CFP
HTB22944: Path disclousure in ZENphoto

Wave to Host InfoSec Europe 2011 Workshop Featuring PricewaterhouseCoopers (press release)
Wave Systems Corp. ( NASDAQ : WAVX) ( will attend InfoSecurity Europe 2011 this week, hosting a workshop that features customer PricewaterhouseCoopers (PwC). The two-hour event will give conference-goers an opportunity to hear firsthand ...

and more »
Epsilon plans to increase security measures following a March 30 data breach.
The business that manages New York City's hospitals consolidates 11 data centers into two facilities, dispensing with two-thirds of their physical servers for a predicted savings of $70 million over 5 years. Consider these four tips.
Nokia reported an increase in sales for the first quarter, but profit declined and the company expects a challenging second quarter as it bears the full brunt of component shortages resulting from the earthquake in Japan.
[security bulletin] HPSBMA02664 SSRT100417 rev.1 - HP Insight Control Performance Management for Windows, Remote Privilege Elevation, Cross Site Request Forgery (CSRF)
HTB22949: Multiple Path disclousure in 4images
CA20110420-01: Security Notice for CA SiteMinder
[security bulletin] HPSBMA02665 SSRT100185 rev.1 - HP Virtual Server Environment for Windows, Remote Privilege Elevation
Microsoft has issued a security patch for Silverlight KB2526954. It fixes six issues. However, the Microsoft link to KB2526954 is still not live. If you have Microsoft update running, it is ready to install. This is rated as important and will auto install.
Direct download
Update 1: Microsoft bulletin is now posted here.

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Infosec 2011 channel roundup
Channel Pro
With one of the busiest stands at the show, distributor VADition crammed six vendors onto its booth including Fortinet, AeroHive, Q1 Labs and recently signed up Exinda, which the disti hopes will challenge Riverbed in ...
Consumerisation of IT looms large on security agendaMicroScope (blog)

all 2 news articles »

Hundreds log into a rogue wireless hotspot at Infosec conference
HUNDREDS OF PEOPLE attending London's Infosec conference logged into a rogue wireless hotspot that could have left them open to attack by hackers. For a couple of hours on days one and two of the conference, insecurity firm ...
Infosecurity Europe: Rogue wireless network snares more than 300 visitors in ...SC Magazine UK

all 3 news articles »
The BlackBerry-tethered tablet can't do very much, and its tethering requirement means few users can actually use it

InfoSec 2011: The big themes
Another year, another InfoSec – that was the phrase heard numerous times at this year's event at Earl's Court. Outside of these somewhat mocking musings, there was plenty of debate this week around the major ...
Infosec: Apple iPhones and iPads are fit for enterprise

all 2 news articles »
While Apple's iPhone is selling well across the globe, China has emerged as its fastest growing market for the device.
President Barack Obama's town hall event live on Facebook on Wednesday thrust social networking into the political milieu just as the run-up to the 2012 elections begins.
The U.S. government has been urging green IT practices in its operations, consolidating data centers and offering telecommuting. Now it wants to go a step further and use its formidable buying power to encourage IT vendors to go green.
Adoption of electronic personal health record systems, such as Google Health, Microsoft HealthVault and Dossia, remains relatively stagnant, mainly because most people haven't been exposed to the services, a new study finds.

Infosec: Apple iPhones and iPads are fit for enterprise use
Information security chiefs have urged their peers to embrace the consumerisation of corporate IT as long as the technology fits, as it can drastically cut costs, improve productivity and even help IT get sign off for other projects. ...


Public Service

InfoSec: ICO warns on security impact of business budget cuts
David Smith, deputy information commissioner, told delegates at this week's InfoSec conference: “Austerity measures can really impact data security. Just because people are hard pressed trying to get through everything does not excuse them from their ...
InfoSec 2011: ICO hits back at critical reportComputing
Budget cuts could damage data securityOntrack Data Recovery
ICO Slaps Oldham School, But Suffers Fresh CriticismeWEEK Europe UK

all 35 news articles »
A German software company known for its Windows utilities is warning customers to be on the alert for malicious e-mail messages after its servers were hacked.
MediaWiki Versions Prior to 1.16.3 Multiple Remote Vulnerabilities
MediaWiki 'profileinfo.php' Cross Site Scripting Vulnerability
MediaWiki CSS Comments Cross Site Scripting Vulnerability
MediaWiki 'api.php' Information Disclosure Vulnerability

Infosec: Anti-spam and anti-virus measures are IT's top concern, finds research
RealWire (press release)
London, UK – 21 April 2011 — Mimecast®, a leading supplier of cloud-based email security, continuity and archiving, has today released research revealing that IT teams are still struggling to protect their businesses from spam email and viruses. ...

and more »

Infosecurity Europe 2011: (ISC)² MD warns to mind the security skills gap
Infosecurity Magazine (US)
The infosec profession continues to grow at an impressive 13.2% annual growth rate, but John Colley, managing director EMEA for (ISC)², noted that “demand is outstripping supply” for security professionals. Colley highlighted findings from the ...

and more »

InfoSec 2011: ICO hits back at critical report
David Smith, deputy commissioner and director of data protection at the ICO, who was talking at security tradeshow Infosec, said he was very unhappy with the report. "The figures quoted are quite inaccurate," said Smith. It appears that the information ...

and more »

Internet Storm Center Infocon Status