Share |

InfoSec News


GovInfoSecurity.com

Why DHS, Not White House, Took Lead on RSA Breach Response
GovInfoSecurity.com
Last week, at a House Homeland Security Committee hearing on protecting government and key IT infrastructures, the chief government witness to testify was Reitinger, a role he often plays, and not Schmidt (see Experts Question Infosec Readiness). ...

and more »
 
Analysts believe early adopters will pay a premium price for 3D smartphones, mainly to use them for gaming and viewing of other video content.
 
Lockheed Martin unveiled a new spacecraft this week that was originally meant to ferry astronauts to the moon but may first be used as an emergency escape vehicle for the International Space Station.
 
A proposed agreement drafted by Google, authors and publishers to settle their yearslong copyright litigation has been rejected, a major setback to Google's ambitious plans to build a massive marketplace and library for digital books.
 
A lot has changed in the browser universe since Firefox 3.0 launched in June 2008. Google Chrome burst onto the scene, and has undergone frequent updates since then. Microsoft released IE 8 and IE 9. Safari advanced from version 3 then to version 5 now.
 
Symantec LiveUpdate Administrator Management GUI HTML Injection Vulnerability
 
[security bulletin] HPSBMA02647 SSRT100383 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Insecure SNMP Configuration
 
Apple HFS+ Information Disclosure Vulnerability
 
ZDI-11-109: (Pwn2Own) Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability
 
Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Fame for individual accomplishments is fleeting, but the benefits of team efforts build and last.
 
Brocade this week unveiled software for its application acceleration switches that enables them to function as gateways between existing IPv4 networks and new ones built on IPv6.
 
The industry appears deeply fractured over the best approach to data center networks, with some vendors backing the IETF's TRILL, some backing the IEEE's SPB, others offering proprietary protocols and still others advocating a combination of approaches.
 
Fourth-generation Long-Term Evolution (LTE) cell technology will be a boon for machine-to-machine (M2M) technology, providing the bandwidth needed to help us realize the promise of everything becoming connected. The trick will be figuring out where and how to use 4G to complement existing 2G and 3G M2M networks, many of which are performing just fine.
 
Over the years, there have been several ways--either with third-party utilities or AppleScripts--to select a bunch of files in the Finder and then collect them all in a new folder. But these solutions have come and gone with the fortunes of developers and the changes in OS X. And there's always been a wrinkle: No matter what kind of tool you've used, it's always been hard to apply these tools or scripts to files in certain restricted folders, such as the Trash. A couple of OS X Hints readers came up with an AppleScript that both does the job of collecting files and solves the restricted-folder problem.
 
Four U.S. senators called on Apple to yank iPhone and iPad apps that help drunken drivers evade police, saying the programs are "harmful to public safety."
 
Companies with operations in Japan are repairing factories and accounting for employees as recovery continues in the aftermath of a devastating March 11 earthquake and tsunami that struck the country's eastern coast.
 
A proposed agreement drafted by Google, authors and publishers to settle their yearslong copyright litigation has been rejected, a major setback to Google's ambitious plans to build a massive marketplace and library for digital books.
 
After months of chatter, Amazon's Appstore for Android is live and ready for download. But are two app stores better than one? Let's do a quick comparison with the Android Market to see if the Amazon Appstore is worth an install.
 
The Acer Aspire One 522 (model BZ897) delivers a good, classic netbook for a very reasonable price ($330 as of March 18, 2011). Petite and slim with a handsome 10.1-inch widescreen LED-backlit display, a 250GB hard drive, an integrated 1.3-megapixel webcam, and a multitouch touchpad, this portable does a solid job with multimedia and boasts pretty good battery life: nearly 7 hours in our tests using the provided 6-cell battery.
 
NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability
 
ZDI-11-108: Mac OS X Compact Font Format Decoder Remote Code Execution Vulnerability
 
The LG Electronics G-Slate tablet will be available from T-Mobile for $529 with a two-year contract, the carrier said.
 
Microsoft is adding capabilities to System Center for both cloud and local deployments
 
Google won a civil lawsuit in Germany lodged by a woman who contended its roving camera cars that shoot photographs for Street View violated her privacy.
 
RIM and Best Buy announced Tuesday that the PlayBook tablet will be available at the retailer on April 19.
 
Microsoft Visual Basic for Applications Text Parsing Stack Buffer Overflow Vulnerability
 
Apple Mobile Safari for iOS 4.2.1 Unspecified Remote Code Execution Vulnerability
 

PHS Maxitech awarded eco finalist
Materials Handling World Magazine
"We are completely security conscious and wipe all data to a HMG Infosec 5 Standard. This has become even more important since the Information Commissioner's Office (ICO) was granted the ability to impose fines of up to £500000 for serious breaches of ...

and more »
 

GovInfoSecurity.com

Feds Employ Equivalent of 79K IT Security Professionals
GovInfoSecurity.com
... SANS Institute Research Director Alan Paller as hunters and toolmakers: experts who have deep knowledge and can, for instance, look inside an iPhone and know where to find its vulnerabilities (see Hunters and Toolmakers: Seeking Infosec Wizards). ...

 
HBGary's chief technology officer describes his research on Anonymous and why the group is making the insider threat problem more dire.
 
More than 1 million Firefox 4 browser were downloaded during the first three hours of availability, a pace that would beat Microsoft's claim that 2.4 million copies of IE9 were downloaded the first day it was available last week.
 
IBM has purchased Tririga to round out its Smarter Buildings portfolio.
 
NGS00016 Technical Advisory: Immunity Debugger Buffer Overflow
 
NGS00014 Technical Advisory: Cisco IPSec VPN Implementation Group Name Enumeration
 
NGS00052 Patch Notification: Apple Mac OS X Image RAW Multiple Buffer Overflows
 
NGS00057 Patch Notification: Apple Mac OS X ImageIO Integer Overflow
 
Samsung today expanded its Galaxy Tab line with a new model with an 8.9-inch screen.
 
Apple on Monday issued patches for 56 Snow Leopard bugs, most of which can be exploited to hijack user machines.
 
Sprint CEO Dan Hesse said Tuesday that the proposed $39 billion AT&T takeover of T-Mobile USA would "stifle innovation and put too much power in the hands of just two carriers."
 
Re: Vulnerabilities in some SCADA server softwares
 
Re: Vulnerabilities in some SCADA server softwares
 
Putting customers aside for once, let's talk about your users who log in and work with CRM systems daily. Are you making any of these three big mistakes while managing user identities?
 
Amazon has opened the Appstore for Android, providing another option for app shopping to U.S. users of smartphones with Google's operating system.
 
Google took a slap at Microsoft on Tuesday, saying the software giant's patent lawsuit against bookseller Barnes & Noble's Android-based e-reader stifles innovation.
 
All U.S. cell phones will have a common USB interface by the start of 2012, CTIA Chairman Dan Hesse told a CTIA audience Tuesday.
 
It’s spring again, and with the new season comes the age-old ritual of cleaning out things you ignored for most of the year. Far be it from me to suggest that you clean out your basement, garage, or attic, but I would be remiss if I didn’t recommend you take a closer look at the crusty corners of your Mac. Last year, Chris Breen shared valuable Tips for a tidier Mac—all of which are worth revisiting. But I also want to draw your attention to a half-dozen digital dust bunnies that you might not have considered:
 
Sony plans to temporarily suspend production at five factories in Japan because of problems obtaining raw materials and components following the March 11 earthquake and tsunami disaster, it said Tuesday.
 
T-Mobile maintained its business-as-usual by unveiling several products at CTIA in Orlando.
 

Data security in demand, pays well
Kansas City Star
With increasingly frequent reports of big companies such as Google, DuPont, GE, and Johnson & Johnson being targeted by hackers, the "infosec" career field is growing "as fast as online computing is expanding," said Weaver, 33. ...

and more »
 

Data security in demand, pays well
News & Observer
With increasingly frequent reports of big companies such as Google, DuPont, GE, and Johnson & Johnson being targeted by hackers, the "infosec" career field is growing "as fast as online computing is expanding," said Weaver, 33. ...

and more »
 
Apple Monday issued patches for 56 Snow Leopard bugs, most of which can be exploited to hijack user machines.
 
Dell on Tuesday is set to announce low-power PowerEdge servers that can quickly band together to execute transactions more efficiently than traditional servers, which use faster, but more power-hungry chips.
 
Apple sued Amazon.com on Friday, claiming rights to the name App Store, which Amazon tagged on its new application store.
 
AMD on Monday continued shuffling its senior executive ranks, appointing former Hewlett-Packard executive Mike Wolfe as its chief information officer.
 
The sad demise of readily available, cheap USB sticks with a switch to flip the device to be read only has caused some problems when dealing with suspicious machines, especial when Im off duty and I hear the dreaded words Oow, youre in IT could you have a look at my computer quickly?



Back in the good old days, I could pick them up at nearly all my favourite shops and the vendors gave them away by the bucket load, but alas, they seem to have all but disappeared.



CD/DVD or Blu-ray disks are great, but lugging around a harden CD case really does clash with some of my outfits and doesnt always send out the right message, particularly at: romantic diners, standing at a checkouts or trying to order drinks at a bar. This is where a small USB key, fitting neatly in to a pocket, helps me blend in with the rest of humanly almost seamlessly. Almost.
The standard read/write USB keys fall prey to being infected and compromised the very second they are insert in to a machine, which, as we know is a bad thing.



Stuck with this dilemma, I stumbled upon a neat solution Secure Digital (SD) Memory Cards.

they can reach up to a whooping 32GB, are only slightly more expensive than similar size USB drives and are common place (I can find them in the petrol stations, corner stores and on aeroplanes). Now add in a small SD reader, around the size of a normal USB drive, and this is perfect for incident response on an untrusted system in a pinch or when a full response kit isnt viable.



With the size of SD memory cards, it means I can have my favourite recovery [1], incident handling and fun at -someone elses - party [2] boot images each on their own SD card, hidden in a wallet, jacket lapel or hat band for ease of use. Producing them, seeming out of thin air, to fix a broken or infected machine amazes and astounds plus get brownie points at unexpected moments in life.



Another option for the uncluttered, nattily dressed Incident-Handler-around-towns toolkit.



As always, if you have any better suggestions, insights or tips please feel free to comment.



[1] BartPE - http://www.nu2.nu/pebuilder/

[2] Backtrack - http://www.backtrack-linux.org/downloads/
Chris Mohan --- Internet Storm Center Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, March 13, 2011: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, March 13, 2011
61 Incidents Added.
======================================================================== [...]
 
InfoSec News: Natalie Portman joins list of compromised celebs: http://www.smh.com.au/lifestyle/people/natalie-portman-joins-list-of-compromised-celebs-20110322-1c4bt.html
The Sydney Morning Herald March 22, 2011
Natalie Portman has been named among a growing list of stars who have allegedly been targeted by a ring of internet hackers. [...]
 
InfoSec News: Leader of Hacker Gang Sentenced to 9 Years For Hospital Malware: http://www.wired.com/threatlevel/2011/03/ghostexodus-2/
By Kevin Poulsen Threat Level Wired.com March 18, 2011
The former leader of an anarchistic hacking group called the Electronik Tribulation Army was sentenced Thursday to 9 years and 2 months in [...]
 
InfoSec News: S. Korea to tighten security of gov't computer networks against DDoS attack: http://english.yonhapnews.co.kr/national/2011/03/22/16/0301000000AEN20110322003200315F.HTML
2011/03/22
SEOUL, March 22 (Yonhap) -- Security of the state Internet network being used by central and local administrations will be beefed up, the home affairs ministry said Tuesday, after the country came under a massive cyber attack, known as the distributed denial-of-service (DDoS) attack, early this month.
The Ministry of Public Administration and Security said it will put intranets of city, county and ward offices as well as the state Internet network under the protection of the government's computer system to automatically shut off abnormally heavy traffic and provide security against DDoS attacks.
The government will also build a computer system for sharing information on malignant codes in cooperation with civilian experts, Kim Nam-seok, the first vice home affairs minister, said during a forum with chief computer security officers here.
Hiring 60 more computer security officials for central and local governments and providing them short-term domestic and overseas trainings this year were also part of the countermeasures.
[...]
 
InfoSec News: Why DHS, Not White House, Took Lead on RSA Breach Response: http://www.govinfosecurity.com/articles.php?art_id=3454
By Eric Chabrow Executive Editor GovInfoSecurity.com March 21, 2011
Pondering government cybersecurity leadership, first thoughts might go to the White House and the office of Cybersecurity Coordinator Howard Schmidt. [...]
 
InfoSec News: New Workshop: USENIX FOCI '11 Call for Papers Now Available: Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>
On behalf of the first USENIX Workshop on Free and Open Communications on the Internet (FOCI '11) program committee, we invite you to submit short position papers or work-in-progress reports on policies or [...]
 
InfoSec News: Man charged with hiring pump-and-dump spam botnet: http://www.computerworld.com/s/article/9214884/Man_charged_with_hiring_pump_and_dump_spam_botnet
By Robert McMillan IDG News Service March 21, 2011
A Texas man was charged Monday by the U.S. Department of Justice with helping to inflate the prices of penny stock companies by promoting them [...]
 
InfoSec News: Dozens of exploits released for popular SCADA programs: http://www.theregister.co.uk/2011/03/22/scada_exploits_released/
By Dan Goodin in San Francisco The Register 22nd March 2011
The security of software used to control hardware at nuclear plants, gas refineries and other industrial settings is coming under renewed [...]
 
The iPad notwithstanding, business is booming for e-paper-based e-readers. More vibrant colors, faster screen-response times and flexible displays are on the way.
 
WikiLeaks’ Julian Assange criticizes India’s Prime Minister who doubted veracity of leaked diplomatic cables
 
A former high school senior from Orange County, California, has pleaded guilty to charges that he installed spyware on school computers in order to boost his grades.
 
webERP 'InputSerialItemsFile.php' Arbitrary File Upload Vulnerability
 

Posted by InfoSec News on Mar 21

http://www.theregister.co.uk/2011/03/22/scada_exploits_released/

By Dan Goodin in San Francisco
The Register
22nd March 2011

The security of software used to control hardware at nuclear plants, gas
refineries and other industrial settings is coming under renewed
scrutiny as researchers released attack code exploiting dozens of
serious vulnerabilities in widely used programs.

The flaws, which reside in programs sold by Siemens, Iconics,...
 

Posted by InfoSec News on Mar 21

http://www.wired.com/threatlevel/2011/03/ghostexodus-2/

By Kevin Poulsen
Threat Level
Wired.com
March 18, 2011

The former leader of an anarchistic hacking group called the Electronik
Tribulation Army was sentenced Thursday to 9 years and 2 months in
prison for installing malware on computers at a Texas hospital.

Jesse William McGraw, aka “GhostExodus,” was also ordered to pay $31,881
in restitution and serve three years of supervised...
 

Posted by InfoSec News on Mar 21

http://english.yonhapnews.co.kr/national/2011/03/22/16/0301000000AEN20110322003200315F.HTML

2011/03/22

SEOUL, March 22 (Yonhap) -- Security of the state Internet network being
used by central and local administrations will be beefed up, the home
affairs ministry said Tuesday, after the country came under a massive
cyber attack, known as the distributed denial-of-service (DDoS) attack,
early this month.

The Ministry of Public Administration...
 

Posted by InfoSec News on Mar 21

http://www.govinfosecurity.com/articles.php?art_id=3454

By Eric Chabrow
Executive Editor
GovInfoSecurity.com
March 21, 2011

Pondering government cybersecurity leadership, first thoughts might go
to the White House and the office of Cybersecurity Coordinator Howard
Schmidt. But the voice of IT security in the Obama administration often
seems to be the Department of Homeland Security, not the White House.
And, the government's face on...
 

Posted by InfoSec News on Mar 21

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, March 13, 2011

61 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported
data loss incidents world-wide. The Open Security Foundation asks for
contributions of new incidents and new data for...
 

Posted by InfoSec News on Mar 21

http://www.smh.com.au/lifestyle/people/natalie-portman-joins-list-of-compromised-celebs-20110322-1c4bt.html

The Sydney Morning Herald
March 22, 2011

Natalie Portman has been named among a growing list of stars who have
allegedly been targeted by a ring of internet hackers.

The Black Swan actress, Glee star Dianna Agron and Olympic athletes
Lindsey Vonn and Carly Patterson are said to be among more than 100
celebrities and public figures who...
 

Posted by InfoSec News on Mar 21

Forwarded from: Lionel Garth Jones <lgj (at) usenix.org>

On behalf of the first USENIX Workshop on Free and Open Communications
on the Internet (FOCI '11) program committee, we invite you to submit
short position papers or work-in-progress reports on policies or
technologies to detect or circumvent practices that inhibit free and
open communications on the Internet.

Please submit all papers by May 1, 2011, at 11:59 p.m. PDT.

FOCI '11...
 

Posted by InfoSec News on Mar 21

http://www.computerworld.com/s/article/9214884/Man_charged_with_hiring_pump_and_dump_spam_botnet

By Robert McMillan
IDG News Service
March 21, 2011

A Texas man was charged Monday by the U.S. Department of Justice with
helping to inflate the prices of penny stock companies by promoting them
with a spam-spewing botnet of hacked computers.

Christopher Rad, of Cedar Park, Texas, faces a maximum sentence of five
years in prison and a $250,000...
 


Internet Storm Center Infocon Status