InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Support for IPv6 has grown by almost 20 times in the past year by one measure, but most websites still can't be reached without IPv4, the current Internet Protocol, which is near running out of unclaimed addresses.
Opera Web Browser Information Disclosure Vulnerability
Pidgin 'silc_private_message()' Denial of Service Vulnerability
AT&T on Monday acknowledged an organized attempt to hack information on fewer than 1% of its 100 million wireless customers, but said no accounts were breached.
Aside from email, one of the most known and widely used “cloud” services is data storage. As I continue my 30 Days With the Cloud journey, I have a wide choice of online storage options to choose from. Today I will take a look at some of them, and some of the pros and cons of using cloud storage at all.
On Friday, at 10:25 am Eastern, the Mars Science Laboratory (MSL) mission will rocket into the sky on a 191-foot-tall Atlas V rocket and begin its mission to Mars. NASA is making its final preparations for the first launch opportunity, and tweeters are preparing for a two-day launch tweetup.
AT&T on Monday acknowledged an organized attempt to hack information on as many as 1 million AT&T wireless customer accounts, but the company said no accounts were breached.
Here are some key questions and answers about the Nov. 8 break-in of the control network at an Illinois water utility that resulted in attackers burning out a pump.
Hewlett-Packard continues to struggle with leadership and business changes, reporting on Monday that fourth quarter net earnings dropped 91 percent over last year.
Samsung's Galaxy Nexus, the first smartphone running Android 4.0 (also known as Ice Cream Sandwich) will be available through Canadian wireless carriers starting Dec. 7, while Verizon Wireless still hasn't announced a release date for the device in U.S.
Linux Kernel KSM Local Denial of Service Vulnerability
[SECURITY] [DSA 2351-1] wireshark security update
Re: wordpress Lanoba Social Plugin Xss Vulnerabilities
Three key Lawson Software executives have left the company in recent weeks, just several months following Infor's acquisition of the company and the retirement of CEO Harry Debes.
Antivirus experts disagree with Chris DiBona, Google's open-source programs manager, who recently said that there is no virus problem on the Android platform and that companies selling anti-malware software for mobile operating systems are "charlatans."
A certain design element of the Nook Tablet caught the eye of teardown experts at iFixit: A metal loop at the lower left corner of the metal cover.
Google Chrome Prior to 15.0.874.120 Multiple Security Vulnerabilities
WebKit CSS 'format()' Arguments Memory Corruption Vulnerability
WebKit HTML Image Element Handling Memory Corruption Vulnerability
OWASP Academy Portal - FREE OWASP TOP 10 security challenges with Hacking-Lab
Wordpress adminimize Plugin Vulnerabilities
Wordpress alert-before-your-post Plugin Cross-Site Scripting Vulnerabilities
Oracle is planning to announce the next version of its flagship WebLogic application server during an online event Dec. 1, according to information on the company's website.
TinTin++ and WinTin++ '#chat' Command Multiple Security Vulnerabilities
Google Chrome Out Of Bounds CVE-2011-3900 Remote Code Execution Vulnerability
Re: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
Wordpress advanced-text-widget Plugin Vulnerabilities
Implications of IPv6 on network firewalls
[SECURITY] [DSA 2348-1] systemtap security update
Amazon.com's Kindle Fire tablet will leapfrog most competitive offerings to quickly become number two in the market behind Apple's iPad, according to a survey conducted by ChangeWave Research.
Seagate has been awarded US$525 million in arbitration in connection with a trade secrets case against Western Digital, which said it would challenge the ruling.
[SECURITY] [DSA 2349-1] spip security update
wordpress Lanoba Social Plugin Xss Vulnerabilities
[ GLSA 201111-05 ] Chromium, V8: Multiple vulnerabilities
Support Incident Tracker <= 3.65 (translate.php) Remote Code Execution Vulnerability
Much has been made of prospects for a cyberwar. Many believe we're already in one. So what are security practitioners to do as they plan for 2012?
Delegates from around the world are meeting in France this week to discuss the only international treaty dealing with cybercrime, a treaty that has come under fire from some countries but defended by others as a crucial tool in fighting electronic crime.
-- Name: Jon Engman
Valid tiny-erp <= 1.6 SQL Injection Vulnerability
Blogs manager <= 1.101 SQL Injection Vulnerability
Freelancer calendar <= 1.01 SQL Injection Vulnerability
Of all the suppliers, customers, and other stakeholders with which the typical small business works, never does the list of favorites start with “the bank.”
The number people accessing social networking sites in France, Germany, Italy, Spain and the U.K. using their mobile phone has grown by 44% in the last year, market research company comScore said on Monday.
Most talk about the cloud is focused on the magic ability to access tools, services, and data from virtually anywhere because the cloud is everywhere…except when it’s not. I got to experience that fun first hand today, and it highlights a serious drawback to relying on the cloud.
SPIP 'exec_aide_index_dist()' Function Cross Site Scripting Vulnerability
Apple will overtake Hewlett-Packard as the world's biggest PC vendor by mid-2012 thanks largely to iPad sales, analyst firm Canalys said.
Adobe Acrobat and Reader CVE-2011-2431 Remote Security Bypass Vulnerability

The FUD around SCADA attacks
CSO (blog)
Scot Terban captures the FUD factor quite nicely in a post on Infosec Island. I'm going to take a step back and let Scot do the talking. What follows is a brief excerpt, followed by a link to the full article. The FUD Files: CASE 010110101 Cyber ...

Here at this link is the 2011 version of our technology holiday gift guide, Cool Yule Tools. Once again I think we've outdone ourselves. We've got somewhere between 150 and 170 reviews of different products for the technology and gadget-lover on your holiday gift list. Or you might just like to peruse the pages and online reviews yourself if you are looking for ideas to make your own wish list.
Which of today's newest shipping technologies will triumph over the long haul? Here are our best guesses
EMC today announced its first upgrade to the Atmos Cloud Delivery Platform, adding metering capabilities and support for Linux.
The man who led the design and development of the first microprocessor 40 years ago said at the time he didn't foresee the extent of the digital revolution he was helping to create.
Here are nine negotiating tips for SAP customers who are hammering out deals with the vendor as the Dec. 31 end of its fiscal year approaches. Insider (registration required)
Despite some lingering user concerns about security and technological issues, Hadoop is ready for enterprise use, according to IT executives at the Hadoop World conference in New York earlier this month.
Even aggressive plans can succeed if they are grounded in reality.
The Pakistan Telecommunication Authority has instructed telecommunications operators in the country to filter SMS messages that include words that it considers objectionable, drawing criticism from civil rights groups.
Thin client maker Wyse Technology has acquired Canadian company Trellia to help it manage the growing number of smartphones and tablets used by enterprises, Wyse said on Monday.
It has been referred to as Moore's Flaw: The IT complexity that results from the inexorable innovation driven by Moore's Law.

Posted by InfoSec News on Nov 21


The Jakarta Post

The government should strengthen cyber security and pay closer attention
to the developments of information and communications technology (ICT),
analysts say, as currently governments around the world are exploiting
ICT to strengthen national security and increase political prowess.

Dadan Umar Daihani from the...

Posted by InfoSec News on Nov 21


11/18/2011 - WASHINGTON (AFNS) -- Science Applications International
Corporation is mailing letters to affected military clinic and hospital
patients regarding a data breach involving personally identifiable and
protected health information.

On Sept. 14, SAIC reported the loss of backup tapes containing
electronic health care records used in the military health system to
capture patient data...

Posted by InfoSec News on Nov 21


By Darren Pauli
Nov 21, 2011

No honour among thieves.

You might think the strategies to catch criminals used by gumshoe
detectives and cyber cops are worlds apart, but the investigation into
the hack of Bottle Domains demonstrated that they share a common

Follow the money. Be adaptive. These were but some established police
tactics used by...

Posted by InfoSec News on Nov 21


By Paul Marks
senior technology correspondent
New Scientist
18 November 2011

Full-disc encryption is good at keeping your computer secure. So good,
in fact, that it's got digital CSI teams tearing their hair out.

Computer security engineers, including a member of the US Computer
Emergency Response Team, are complaining in a research paper this week...

Posted by InfoSec News on Nov 21


By Amber Corrin
Nov 18, 2011

For roughly a century, the U.S. military has fought on land, by sea and
in the air. For the most part, the domains have been tangible and the
boundaries defined. Now a new domain is emerging: cyber warfare. And
although online operations overlap the traditional physical arena, the
cyber domain is mostly intangible, with battles waged...
Hewlett-Packard has secretly contracted with Intel to keep making Itanium processors so that HP can maintain the appearance that "a dead microprocessor is still alive", and make money from its locked-in Itanium customer base and take business away from Oracle's Sun servers, Oracle said in a court filing on Friday.
If the results of a recent telephone survey are to be taken at face value - a reasonably big if, in my opinion - roughly half of American adults believe that Facebook, Twitter and their ilk are harmful to the social development of today's young people.
Apple, Steve Jobs, Richard M. Stallman, nerds, and Microsoft ... a heady mixture that Gibbs decides to stir this week
SystemTap 'Staprun' Module Unloading Local Denial of Service Vulnerability
Internet Storm Center Infocon Status