InfoSec News

The Windows attack used by a recently discovered worm is being picked up by other virus writers and will soon become much more widespread, according to security vendor Eset.
 
One of a new business's first steps is to install office tools for day-to-day communications, including a router with wireless access, phone lines, and a file server. The Sutus Business Central 200 combines these devices in a single appliance, simplifying setup and helping you avoid having to configure multiple pieces of unrelated gear individually.
 
It's that whole back-to-school season, which means parents are probably wondering if they have to buy their college-bound kids a brand new PC or they can wring another year out of the old one.
 
IBM's zEnterprise system has an expansive yet still limited role. This "system of systems," as the company calls it, is still operating in a mainframe-centric universe, although a larger one.
 
Stop whining about your faulty iPhone 4. If you're unhappy, take it back and get a refund. How hard is that?
 
An online privacy bill introduced in the U.S. Congress this week received mixed reviews at a subcommittee hearing Thursday, with representatives of two trade groups saying the bill would put unnecessary regulations on the Internet advertising industry.
 
While responsibility remains an imperative, it should be shared between researchers and security and software vendors, Microsoft said. Some security researchers are not impressed.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Microsoft - Security - Vulnerability (computing) - Microsoft Windows - Microsoft Security Essentials
 
Google on Thursday said it will pick up Chrome's release pace by issuing a new version of the browser about every six weeks.
 
Dell will pay US$100 million to resolve an investigation by the U.S. Securities and Exchange Commission into the company's past accounting and financial reporting practices, it said Thursday.
 
Twitter is moving its technical operations infrastructure into a new, custom-built data center in the Salt Lake City area to better handle the microblogging service's recent growth spurt.
 
The release of Office 2010, as well as continued strong sales of Windows 7, helped buoy Microsoft through another quarter of increased revenue and profit, the company announced on Thursday.
 
Facebook has rather quickly made its way to the top of the social networking heap with 500 million users, but analysts suggest that the company will have a much harder time increasing that total to 1 billion.
 
Now that SAP's roughly $6 billion acquisition of Sybase has gained clearance from European regulators, it may not be long before the deal is finalized. With that in mind, users and partners of the companies have much to consider during the next few months, analysts say.
 
A sequence of errors led to Dell's delivery of motherboards with malware and the company is in the process of overhauling its testing process to resolve issues before dispatching hardware to customers, it said on Thursday.
 
Microsoft will not follow the lead of Mozilla and Google in paying researchers for reporting vulnerabilities, a company executive said today.
 
Microsoft has officially divulged names of at least five manufacturers for its coming Windows Phone 7 devices, with Asus recently added to a list of four revealed at the company's Worldwide Partner Conference on July 13.
 
Tablet computers are growing at a fast rate in the U.S. and will generate larger revenues as shipments continue to grow, the Consumer Electronics Association said on Thursday.
 
Removing a dangerous worm that targets industrial systems could disrupt plant operations, Siemens Industry warned customers Thursday.
 
Two U.S. lawmakers have introduced a bill that would overhaul the Universal Service Fund managed by the U.S. Federal Communications Commission, limiting the areas where the fund can provide telephone subsidies while including broadband as a service that can be covered.
 
The magicJack femtocell, a product unveiled to much excitement earlier this year, has not launched as expected during the second quarter, although the company says it will still become available this year.
 
Microsoft today pitched its own proposal for how software makers react to bugs reported by researchers, calling for a name change to describe the process it prefers.
 
OneCommunity, a nonprofit broadband service provider in Cleveland, has joined with Cisco Systems to implement pilot programs to boost the region's quality of life using a network-based, shared services delivery platform.
 
Communication is the most important tool for virtual-team success.
 
More and more online consumers in Europe are inadvertently buying fake goods.
 
The total value of IT outsourcing contracts signed in the second quarter of 2010 is down 30 percent from the first quarter and 23 percent year-over-year, according to outsourcing consultancy TPI.
 
Barnes & Noble has unveiled a new version of its e-reader software that supports devices, such as Droid, that run Android 1.6 or higher.
 
Google this week hiked bounty payments for Chrome bugs to a maximum of $3,133, up almost $2,000 from the previous top dollar payout of $1,337.
 
AT&T reported net income of $4 billion for the second quarter of 2010, up nearly 26 percent from the second quarter of 2009, driven largely by increasing demand for Apple's iPhone and other smartphones, the company said Thursday.
 
Systems used to protect universities from litigation by weeding out and documenting peer-to-peer file sharing use are now being aimed at the enterprise.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Filesharing - Deep packet inspection - Network security - Security - Consultants
 

GovInfoSecurity.com

Infosec Skills Gap Threatens Key IT Systems
GovInfoSecurity.com
America needs another 20000 to 30000 highly skilled cybersecurity experts to secure government systems and the nation's mostly privately owned critical ...
Infosec certification worse than inadequateFederalNewsRadio.com
IT Security Profession: Heal ThyselfGovInfoSecurity.com (blog)
9 Key Cybersecurity Roles for GovernmentGovInfoSecurity.com
CircleID -WTN News
all 12 news articles »
 
CIOs use language, metrics and advocacy to bridge the separation between their departments and the rest of the company
 
Usually when I receive an email that looks like spam, I can just mash my Send to Junk keyboard shortcut and it goes away. But every once in awhile there is a decent looking spam that *might* be real. At first glance it won't have an images or selling viagra, or anything like that in it, and might just look real.
This is where the common sense approach to reading email kicks in. Obviously this post it not for the expert, this is probably more of the occasional user, but maybe someone in between will find it useful.
Here's a spam I received this morning that prompted me to write this diary:
From: Comcast
This is a courtesy reminder that your Comcast Billing Information needs to be verified.
In order to continue using comcast services, click the link below, sign in and and follow the provided steps:


Malicious Link was right here



Regards,

Comcast Billing Department
So, let's look at this and see how easy this is to detect:

I'm not a Comcast customer. So right there, it was easy to detect.
comcast in the second line is not capitalized. A real Comcast email would have capitalized their own companies name.
Usually an email like this (from Comcast corporate) would tend to have all kinds of disclaimers and other nonsense at the bottom of the email.
The link that I removed was not to comcast.com

Now, if we get into the weeds a bit more, we can look at the headers and see where it came from.
It came from a server at a .edu. I don't want to talk about which .edu (but it was in the United States), as I am going to try and get in touch with their security department after I get done writing this Diary.
Even more bad though -- it came from the root account on this server, the headers even indicate what version of Linux this server was running (Ubuntu). Most likely culprit? Probably an SSH scan that compromised the root account.
Make sure you have tight controls over those SSH accounts! And use common sense when reading your email. If it looks like bull, and it smells like bull. Chances are, it's bull.
Hopefully this helped someone.
Oh, the malicious link? Pointed you to a site that collected your usernames and passwords.
-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Motorola has amended a two-year-old industrial spying lawsuit to include competitor Huawei Technologies, which Motorola claims received valuable technology from its own rogue employees.
 
Motorola has amended a two-year-old industrial spying lawsuit to include competitor Huawei Technologies, which Motorola claims received valuable technology from its own rogue employees.
 
Every new IBM mainframe says something about the times we live in, and today's latest mainframe release is no different. Thus, the zEnterprise system has become a cross-platform management system, a sovereign of other systems.
 

Security BSides Announces 2010 Speaker Line-Up & Hot Talks at BSides Las Vegas
PR-USA.net (press release)
These events are all about expanding the spectrum of infosec discussions and encouraging participants to give voice, creation and refinement to the 'next ...

and more »
 
Nokia reported flat sales for the second quarter, with a 40 percent year-on-year drop in earnings. The company is still seeing customers shun its high-end smartphones.
 
Research In Motion has been slowly releasing details of its forthcoming BlackBerry 6 operating system and this week outlined some of the multimedia features.
 
With a multitude of software options and strong support for VMware and Hyper-V, the QNAP NAS appliance can play many roles in a growing small business
 
For a viable archiving strategy, you need to know the regulation landscape -- and the key technologies that will help you comply
 
Facebook founder and CEO Mark Zuckerberg admitted on Wednesday in a interview with Diane Sawyer the company had made mistakes on privacy, and said he's "quite sure" he didnt sign a contract giving a former Web designer ownership of the company.
 
Just days after Colorado officials warned businesses about scammers who are forging corporate identities to commit financial fraud, an official in Georgia said the same has been happening in that state as well.
 
Social networking pages featuring the profile of a fake Navy cyberthreat analyst attracted some 300 friends in the intelligence, military and security communities in an experiment conducted by a security researcher.
 
Apple enthusiast Mitch Wagner spent a few weeks with the iPhone 4 and the HTC EVO 4G in his pockets, and found a lot to like in both. But which did he think is the best?
 
InfoSec News: Profiling and categorizing cybercriminals: Forwarded from: Simon Taplin <simon.taplin (at) gmail.com>
http://blogs.techrepublic.com.com/security/?p=4069
By Deb Shinder IT Security July 19th, 2010
INTRO: This is the first of what I hope will be many monthly columns on the subject of cybercrime. [...]
 
InfoSec News: Dell ships motherboard with malicious code: http://www.zdnet.com/blog/security/dell-ships-motherboard-with-malicious-code/6901
By Ryan Naraine Zero Day ZDNet July 21, 2010
Dell has confirmed that some of its PowerEdge server motherboards were shipped to customers with malware code on the embedded server management firmware. [...]
 
InfoSec News: New 'Kraken' GSM-cracking software is released: http://www.computerworld.com/s/article/9179529/New_Kraken_GSM_cracking_software_is_released
By Robert McMillan IDG News Service July 21, 2010
The (Global System for Mobile Communications) technology used by the majority of the world's mobile phones will get some scrutiny at next [...]
 
InfoSec News: Computer expert remains jailed in G20 case: http://www.thestar.com/news/gta/crime/article/837834--computer-expert-remains-jailed-in-g20-case
By Jesse McLean Staff Reporter Toronto Star July 20, 2010
A computer security expert arrested three weeks ago on G20 summit charges has been refused bail after days of hearings. [...]
 
InfoSec News: Hacker Gary McKinnon may serve part of any jail term in UK, says Cameron: http://news.scotsman.com/news/Hacker-Gary-McKinnon-may-serve.6433004.jp
By Christopher Mackie The Scotsman 22 July 2010
COMPUTER hacker Gary McKinnon may be allowed to spend part of any prison sentence imposed by a United States court in a British jail, after David [...]
 

Posted by InfoSec News on Jul 21

Forwarded from: Simon Taplin <simon.taplin (at) gmail.com>

http://blogs.techrepublic.com.com/security/?p=4069

By Deb Shinder
IT Security
July 19th, 2010

INTRO: This is the first of what I hope will be many monthly columns on
the subject of cybercrime. As a former police officer and criminal
justice instructor and a current IT professional, I love writing about
this subject because it allows me to combine the knowledge from both...
 

Posted by InfoSec News on Jul 21

http://www.zdnet.com/blog/security/dell-ships-motherboard-with-malicious-code/6901

By Ryan Naraine
Zero Day
ZDNet
July 21, 2010

Dell has confirmed that some of its PowerEdge server motherboards were
shipped to customers with malware code on the embedded server management
firmware.

The infected motherboard was found on replacement Dell PowerEdge R410
rack servers, according to a post on a Dell support forum.

A Dell representative...
 

Posted by InfoSec News on Jul 21

http://www.computerworld.com/s/article/9179529/New_Kraken_GSM_cracking_software_is_released

By Robert McMillan
IDG News Service
July 21, 2010

The (Global System for Mobile Communications) technology used by the
majority of the world's mobile phones will get some scrutiny at next
week's Black Hat security conference, and what the security researchers
there have to say isn't pretty.

On Friday, an open source effort to develop GSM-cracking...
 

Posted by InfoSec News on Jul 21

http://www.thestar.com/news/gta/crime/article/837834--computer-expert-remains-jailed-in-g20-case

By Jesse McLean
Staff Reporter
Toronto Star
July 20, 2010

A computer security expert arrested three weeks ago on G20 summit
charges has been refused bail after days of hearings.

Justice of the Peace Mary Anne Ross-Hendricks ruled shortly before 11
a.m. that Byron Sonne, 37, must remain in jail.

The details discussed in the bail hearings are...
 

Posted by InfoSec News on Jul 21

http://news.scotsman.com/news/Hacker-Gary-McKinnon-may-serve.6433004.jp

By Christopher Mackie
The Scotsman
22 July 2010

COMPUTER hacker Gary McKinnon may be allowed to spend part of any prison
sentence imposed by a United States court in a British jail, after David
Cameron revealed it was one of a range of options being discussed by
diplomats on both sides of the Atlantic.

The Prime Minister said UK officials had been in talks with the US...
 
The GSM technology used by the majority of the world's mobile phones will get some scrutiny at next week's Black Hat security conference, and what the security researchers there have to say isn't pretty.
 
Can security, often seen as obvious and ugly, actually be stylish and suitable for a building? Architect Rick Reeder gives us a tour of a property he designed with artful security as the goal
 

Internet Storm Center Infocon Status