InfoSec News

A little more than a year after slamming two spacecraft into a crater on the moon, NASA scientists are reporting that they've found not only some water but possibly enough to sustain human explorers.
 

GE privacy chief to women: Shed old rules for career success
NetworkWorld.com
Kelly suggests changing that and bringing more diversity to infosec means women need to reconsider how they themselves are approaching their jobs, ...

and more »
 
Sometimes you just need a second PC, and the Asus K72DR may just fit the bill. Asus' budget desktop replacement unit ships with a Blu-ray drive and decent audio performance, making this a great second PC, allowing your kids to watch a movie of their own while you're curled up in front of your HDTV.
 
If you're looking for a solid media notebook that's small (though not terribly lightweight) and quick, the Asus N82Jv is a pretty good bet. The N82Jv features a snappy 2.4GHz Intel Core i5 450M processor (with turbo boost up to 2.66GHz), a 500GB hard drive, an Nvidia GeForce GT 335M graphics card (plus integrated graphics with Intel HD Graphics), and runs the 64-bit version of Windows 7 Home Premium.
 
Adobe warned Thursday of a critical bug in its Shockwave Player that affects both Windows and Macintosh PCs.
 
A mysterious object, a tiny PC and a cool mouse caught Mark Gibbs' attention this week.
 
Flash drives are virus magnets. This is a generally accepted truth, but today I learned it firsthand.
 
The Mac App Store has the potential to breathe new life into the Mac platform. With Mac marketshare rising and there being a growing number of developers with skill in Objective-C from the iOS side of things, the time is definitely right for a centralized, and familiar-looking app delivery model for the Mac. However, since Apple released the Mac App Store guidelines similar to those for iOS, there has been a fair bit of criticism going around. Here are some of the criticisms I've seen and why they're wrong (or at the very least probably shortsighted).
 
FreeType Compact Font Format (CFF) Multiple Stack Based Buffer Overflow Vulnerabilities
 
ISC BIND 9 Remote Dynamic Update Message Denial of Service Vulnerability
 

GE chief privacy leader: Women need to shed old rules for career success
CSO
Kelly suggests changing that and bringing more diversity to infosec means women need to reconsider how they themselves are approaching their jobs, ...

 
Mobile data traffic in the U.S. will be 35 times higher in 2014 than it was in 2009, leading to a massive wireless spectrum shortage if the government fails to make more available, the U.S. Federal Communications Commission said in a paper released Thursday.
 
Apple's decision to open an App Store for the Mac will disrupt the traditional software distribution channel, experts said today, but questions remain unanswered, ranging from pricing to lockouts.
 
Google is still evaluating applications for its Google Fiber high-speed broadband project, but one community is now on track to get a test version of the network.
 
Dell is developing a tablet with a 10-inch screen that will be released next year as it tries to expand its presence in the handheld market, the company said.
 
NASA CTO Chris kemp said he hopes that increased use of cloud computing can let NASA concentrate on building space networks rather than internal IT systems.
 
Complete coverage of Apple's next generation desktop operating system and new features such as Mac App Store, and FaceTime for the Mac.
 
Re: Security-Assessment.com Advisory: Oracle JRE - java.net.URLConnection class - Same-of-Origin (SOP) Policy Bypass
 
Adobe Shockwave Player rcsL Chunk EAX Register Memory Corruption Vulnerability
 
Some website developers and Amazon sellers say they're losing significant sales after Amazon made a change to its Product Advertising API.
 
Apple announced a slew of new and upcoming products during Wednesday's "Back to the Mac" event. But while these are all great additions to the Mac ecosystem, I think the Mac App Store, available for Snow Leopard within the next 90 days, will turn out to be the biggest news for the typical Mac user.
 
Think those young workers, fresh out of college, all shiny and idealistic are driving the use of social networking at your company? Well, think again.
 
IBM is moving its hardware manufacturing operations in Dublin to China, resulting in the loss of 190 jobs.
 
Nokia is changing the way it updates smartphones based on the latest version of Symbian. Instead of receiving big upgrades, the products will be upgraded on a more continual, incremental basis, Nokia said on Thursday.
 
Red Hat asks if organizations still need the Spring framework with Java EE 6 in place
 
Apple announced a slew of new and upcoming products during Wednesday's "Back to the Mac" event. But while these are all great additions to the Mac ecosystem, I think the Mac App Store, available for Snow Leopard within the next 90 days, will turn out to be the biggest news for the typical Mac user.
 
4G World attendees saw multiple displays of WiMax and LTE infrasructure gear, but weren't offered the chance to view upcoming smartphones and other end-user devices for the next generation wireless networks.
 
On the eve of the first anniversary of Windows 7's launch, Microsoft said the operating system has exceeded its expectations.
 
Libpurple MSN Protocol Custom Emoticons Remote Denial of Service Vulnerability
 
Verizon Wireless and its partners will release new LTE devices for businesses and consumers in the first quarter of 2011 to take advantage of faster wireless speeds, including portable two-way videoconferencing gear that can be used by repairmen in the field to shorten repair times, a Verizon official said.
 
IBM said Thursday it has purchased financial governance software maker Clarity Systems. Terms were not disclosed.
 
AT&T on Thursday reported revenue of $31.6 billion for the third quarter, up 2.8% from the third quarter of 2009, with mobile data revenue and mobile subscriber gains from the iPhone driving the growth.
 
Apple introduced new slimmer, lighter -- and even one sub-$1,000 -- MacBook Air laptops on Wednesday. Macworld takes hands-on look at the new 11- and 13-in. MacBook Air models.
 
Pidgin 'libpurple' Multiple Denial of Service Vulnerabilities
 
Micro CMS Persistent XSS Vulnerability.
 
Pecio CMS XSS Vulnerability
 
The Juice Pack boost and reserve quickly recharges the iPhone and iPod; the Link Wireless A/V Extender you extend a computer's display to a TV.
 
Wiccle Web Builder CMS and iWiccle CMS Community Builder Multiple XSS Vulnerabilities
 
[security bulletin] HPSBMA02592 SSRT100300 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows Running Adobe Flash, Remote Execution of Arbitrary Code, Denial of Service (DoS), Unauthorized Modification
 
Sun Java Runtime Environment Unpack200 JAR Unpacking Utility Integer Overflow Vulnerability
 
[SecurityArchitect-009]: Microsoft Windows Mobile Double Free Vulnerability
 
[ MDVSA-2010:208 ] pidgin
 
IBM is selling professional services, hosted security event and log management technology and a hosted vulnerability management service.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Nokia will start shipping its first product based on the MeeGo operating system in 2011, new CEO Stephen Elop confirmed.
 
Nokia reported growing sales and profit for the third quarter. The company also announced a reorganization that will see 1,800 employees lose their jobs as the company tries to catch up with Apple's iPhone and Google's Android.
 
Lenovo plans on releasing a tablet PC as well as its IdeaPad U1 -- a hybrid computer that can function as both a laptop and tablet -- to the worldwide market during the first half of 2011, the company's senior business director, Xiong Wen, said.
 
It takes about an hour to lure the stray dog into a steel cage with food. During that time, Sean McCormack, a co-founder of the Society for Prevention of Cruelty to Animals in Taiwan, sits taking pictures and video with his HTC smartphone.
 
I was a bit skeptical of storage-tiering program TierOne ($10, buy-only), and you'll see why later. But first, what's this storage tiering that I speak of? It's simply moving frequently accessed operating system or data files from a slower drive to a faster one, and accessing them from there. The strategy is employed extensively in large data centers to increase performance without breaking the bank by using small amounts of faster, more expensive storage with larger amounts of cheaper, slower storage. TierOne aims to do the same thing at the single PC level.
 
The Georgia Tech Information Security Center Emerging Cyber Threats Report outlines the increasing sophistication of botnets, mobile attacks and related cybersecurity issues.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Sony is considering employing Google's Android operating system in more consumer electronics devices, shortly after launching its first televisions using the software.
 
Testing and ease of use are focuses of separate cloud-based efforts
 
South Korea has begun blocking domestic access to a recently launched website operated by North Korea's state news agency.
 
Three iPad owners who sued Apple last summer because their tablets overheated have added Apple's own television and Web commercials to their ammunition, court documents show.
 
Close to 250,000 German households have requested that Google scrub their homes from its Street View imagery program as the company nears launching the service in Germany amid continuing privacy concerns.
 
Among other announcements at its 'Back to the Mac' event, Apple offered a sneak peek at Mac OS X 10.7 'Lion,' which borrows a number of features from the iPad. Is that a good thing? Perhaps, says columnist Ryan Faas.
 
When Beija-Flor Jeans started outgrowing its Intuit QuickBooks software last year, the company started looking around for something more robust to help mange its growing accounting, CRM and inventory management needs.
 
The first phones using WP7 are out. We take an in-depth look at the new OS and how it performs on the Samsung Focus and the HTC Surround.
 
U.S. government agencies will soon be able to use infrastructure-as-a-service offerings from companies including AT&T, Amazon Web Services and Verizon.
 
libguestfs Disk Format Specifier Information Disclosure Vulnerability
 
InfoSec News: Nuclear Station Suffers USB Data Breach: http://www.eweekeurope.co.uk/news/nuclear-station-suffers-data-breach-from-lost-usb-stick-10731
By Tom Jowitt eWEEK Europe UK October 19, 2010
The data breach threat posed by USB sticks has once again been exposed after nuclear processing company Sellafield began an investigation into [...]
 
InfoSec News: Gene Simmons battles Anonymous group after new DDoS attacks: http://news.techworld.com/security/3244964/gene-simmons-battles-anonymous-group-after-new-ddos-attacks/
By John E Dunn Techworld 20 October 10
Kiss bassist Gene Simmons has started an unwise war of words with the shadowy anti-copyright group believed to be behind a recent spate of [...]
 
InfoSec News: Army cyber unit guards computer networks: http://fcw.com/articles/2010/10/20/cyber-defense-army-cyber-command.aspx
By Henry Kenyon FCW.com Oct 20, 2010
The Army launched the Army Cyber Command (ARCYBER), the service's component of the U.S. Cyber Command, this month, centralizing existing [...]
 
InfoSec News: Man pleads guilty to using hack, pump-and-dump botnet: http://www.computerworld.com/s/article/9192120/Man_pleads_guilty_to_using_hack_pump_and_dump_botnet
By Robert McMillan IDG News Service October 20, 2010
A Chandler, Ariz., man has pleaded guilty to charges related to his role in a pump-and-dump scam that inflated penny stock prices via spam and [...]
 
InfoSec News: PCI: Smaller Merchants Threatened: http://www.bankinfosecurity.com/articles.php?art_id=3019
By Linda McGlasson Managing Editor Bank Info Security October 19, 2010
The Payment Card Industry's Security Standards Council may be doing a good job helping lock down larger retailers, but the smaller "Mom and [...]
 
InfoSec News: Pentagon Will Help Homeland Security Department Fight Domestic Cyberattacks: http://www.nytimes.com/2010/10/21/us/21cyber.html
By Thom Shanker The New York Times October 20, 2010
WASHINGTON -- The Obama administration has adopted new procedures for using the Defense Department’s vast array of cyberwarfare capabilities in case of an attack on vital computer networks inside the United States, delicately navigating historic rules that restrict military action on American soil.
The system would mirror that used when the military is called on in natural disasters like hurricanes or wildfires. A presidential order dispatches the military forces, working under the control of the Federal Emergency Management Agency.
Under the new rules, the president would approve the use of the military’s expertise in computer-network warfare, and the Department of Homeland Security would direct the work.
Officials involved in drafting the rules said the goal was to ensure a rapid response to a cyberthreat while balancing concerns that civil liberties might be at risk should the military take over such domestic operations.
[...]
 
Oracle Java SE and Java for Business CVE-2010-3553 Remote Swing Vulnerability
 
Oracle Java SE and Java for Business CVE-2010-3549 HTTP Response Splitting Vulnerability
 
Fat Player '.wav' File Remote Stack Buffer Overflow Vulnerability
 

Posted by InfoSec News on Oct 20

http://www.nytimes.com/2010/10/21/us/21cyber.html

By Thom Shanker
The New York Times
October 20, 2010

WASHINGTON -- The Obama administration has adopted new procedures for
using the Defense Department’s vast array of cyberwarfare capabilities
in case of an attack on vital computer networks inside the United
States, delicately navigating historic rules that restrict military
action on American soil.

The system would mirror that used when...
 

Posted by InfoSec News on Oct 20

http://www.eweekeurope.co.uk/news/nuclear-station-suffers-data-breach-from-lost-usb-stick-10731

By Tom Jowitt
eWEEK Europe UK
October 19, 2010

The data breach threat posed by USB sticks has once again been exposed
after nuclear processing company Sellafield began an investigation into
the loss of a USB device, said to contain information about its business
operations.

The USB device was found in a hotel room at the Ennerdale Country House...
 

Posted by InfoSec News on Oct 20

http://news.techworld.com/security/3244964/gene-simmons-battles-anonymous-group-after-new-ddos-attacks/

By John E Dunn
Techworld
20 October 10

Kiss bassist Gene Simmons has started an unwise war of words with the
shadowy anti-copyright group believed to be behind a recent spate of
DDoS attacks on industry organisations.

During the high-profile attacks a fortnight ago, Simmons’ personal
website and that of a record company he runs were...
 

Posted by InfoSec News on Oct 20

http://fcw.com/articles/2010/10/20/cyber-defense-army-cyber-command.aspx

By Henry Kenyon
FCW.com
Oct 20, 2010

The Army launched the Army Cyber Command (ARCYBER), the service's
component of the U.S. Cyber Command, this month, centralizing existing
resources in the Army's efforts to protect its global computer networks.

The new command brings a number of the Army's cyber resources under one
roof. That will ensure that the service’s policy,...
 

Posted by InfoSec News on Oct 20

http://www.computerworld.com/s/article/9192120/Man_pleads_guilty_to_using_hack_pump_and_dump_botnet

By Robert McMillan
IDG News Service
October 20, 2010

A Chandler, Ariz., man has pleaded guilty to charges related to his role
in a pump-and-dump scam that inflated penny stock prices via spam and
hacked computers.

James Bragg, 41, faces five years in prison and a $250,000 fine for
orchestrating the hacking and spamming portions of the...
 

Posted by InfoSec News on Oct 20

http://www.bankinfosecurity.com/articles.php?art_id=3019

By Linda McGlasson
Managing Editor
Bank Info Security
October 19, 2010

The Payment Card Industry's Security Standards Council may be doing a
good job helping lock down larger retailers, but the smaller "Mom and
Pop" merchants are becoming the new targets of cyber criminals, says a
PCI expert.

A recent report on PCI compliance by Verizon Business shows some
unsettling...
 

SYS-CON Media (press release) (blog)

Authorization is the New Black for Infosec
SYS-CON Media (press release) (blog)
Then infosec professionals can assist in developing the incremental tactics necessary to implement such a plan. Just as a truly dynamic data center takes ...

 


Internet Storm Center Infocon Status