Share |

InfoSec News

[USN-1069-1] Mailman vulnerabilities
 
Vanilla Forums 2.0.17.1 ~ 2.0.17.5 <= Cross Site Scripting Vulnerability
 
[USN-1068-1] Aptdaemon vulnerability
 
Re: Domino Sametime Multiple Reflected Cross-Site Scripting
 
Oracle Passlogix v-GO Self-Service Password Reset Unauthorized Access Vulnerability
 
Dotproject Cross Site Scripting and Multiple SQL Injection Vulnerabilities
 
WordPress Z-Vote Plugin 'zvote' Parameter SQL Injection Vulnerability
 
Attackers are using malware samples that researchers have never seen before -- and will never see again -- to successfully steal data from unsuspecting organizations, governments and individuals.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
A survey by certification firm (ISC)2 found a need for IT security professionals to improve application development processes and expertise to weigh cloud computing risks.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
In an interview at RSA Conference 2011, Larry Whiteside Jr., CISO of the Visiting Nurse Service of New York, outlines some of the successes and the pitfalls of deploying data leakage protection software for the first time.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Security researchers at Trusteer warn that a new Trojan uses session ID tokens to keep banking sessions open long after customers think they have logged off.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Phishing's not going away any time soon, but clear communication and cooperation between organizations sending emails to their customers and the webmail providers that filter those emails can help cut down on the number of phishing attempts that hit inboxes, said a panel at RSA Conference 2011.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
In this video from the RSA exhibitor show floor, they share their views of the state of the threat landscape, the evolution of the RSA conference and the kinds of security vendor technologies that appeal to them.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Bridging the chasm between information security and utility infrastructure teams is the only way to solve smart grid security issues. Fortunately, NERC CIP compliance is forcing change.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Transparency is essential for security and compliance when working with cloud services providers, RSA panelists say.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
A panel at RSA 2011 explains the organization and methodology behind targeted persistent attacks and what organizations can do to detect and respond to APT.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
In this interview conducted at RSA Conference 2011, Gary McGraw, chief technology officer at Cigital Inc., a software security and quality consulting firm, explains how more organizations are embracing software development processes to improve the code they are producing.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

SAN FRANCISCO — When HP announced last September its intent to acquire SIM leaders ArcSight, it was a pretty startling $1.5B deal. Not only had another security company fallen off the map into the hands of a tech giant, but interesting questions started to arise about how HP would make ArcSight fit into its overall IT service and application management strategy. ArcSight wasn’t the only security company in HP’s crosshairs; Fortify had already been scooped in August to go along with the acquisition of TippingPoint as part of the Nov. 2009 3Com deal.

This under-construction security ecosystem being put together by HP is starting to take shape, and now executive VP of HP software and solutions Bill Veghte is spreading the word. Shortly before his keynote today at RSA Conference 2011, Vegthte explained how HP wants to build a platform that combines data sets from IT operations and security to provide security managers with more business context to help them make  decisions. Leveraging the ArcSight platform with service and application management views provided by HP OpenView, he says, will build a risk platform CISOs can use to enhance their mission.

The question, however, becomes twofold: Is HP slowly shifting security responsibilities away from the CISO by moving operations and security data into the same bucket; and as SIMs are historically complex tools that require significant human capital investments to adequately implement and analyze, how does adding more data to that equation not exponentially increase that complexity?

Veghte fights that notion, adding that ArcSight’s ability to handle tens of millions of events and its ubiquity with large enterprise and government installations helps lessen the complexity issue. “This has to be about security first. We see this as an opportunity to enable the CISO to make better risk decisions with more context,” he said. “If you’re a large financial services organization, and you’re seeing a performance degradation in a trading application, is it a hardware failure, a load issue, or are you under attack? If we can aggregate all of that data, put it in context, and visualize it, that’s an enormous opportunity.”



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
With Snort 2.9 came the introduction of the Data Acquisition (DAQ) library to replace direct calls to PCAP functions.DAQ supports PCAP, AFPACKET, NFQ, IPQ, IPFW, and DUMP which is used for testing.[1]
After I upgraded from 2.8.6 to 2.9.0.2 (current version is 2.9.0.4), my Snort rules and in particular my Snort rule to detect Windows binary download (sid:15306) no longer detected Windows binary download via a browser. It was also affecting my Snort statistics that were constantly showing a small amount of packet loss.
In order to fix these various issues, I discovered after multiple tests that starting Snort in IDS mode with --daq afpacket and --daq-var buffer_size_mb=256 (default is 128MB and DAQ afpacket is recommended with an inline configuration) and my events were reporting correctly and the packet loss went away. If no options are specified, the default DAQ in Snort is PCAP DAQ and operates as it always did. Using the AFPACKET DAQ for me provided much better performance on various links (10 to more than 100 MB).
To find out which DAQ modules are already compiled in Snort, execute the following Snort command:
snort --daq-list
Available DAQ modules:

pcap(v3): readback live multi unpriv

ipq(v4): live inline multi

ipfw(v2): live inline multi unpriv

dump(v1): readback live inline multi unpriv

afpacket(v4): live inline multi unpriv
[1] http://vrt-blog.snort.org/2010/08/snort-29-essentials-daq.html
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

SAN FRANCISCO — While it may not be a security pro’s worst nightmare, it certainly wouldn’t be considered a pleasant dream. In 2009, David Compton, system administrator for Aspire of Western New York, a non-profit that serves people with developmental disabilities at over 50 group homes and field locations, got a call from someone in the finance department. The employee’s machine was slow and refused to load certain applications.

When Compton went to check out the computer, he said the first thing he noticed was that “the antivirus was disabled. Then I realized I couldn’t boot the computer into safe mode. That’s when I knew we had a problem.”

At an RSA Conference 2011 session entitled, “Aspire to a Network Free of Malicious Programs,” Compton explained that was the start of an episode during which he and his crew of “two and a half” security pros were “running around, cleaning up machines” for the next 110 hours. In the end, Compton had to “rebuild five servers, and about 50 workstations” to get rid of what turned out to be the nefarious Sality virus.

Nine months later, a rogue antivirus outbreak hit the organization, affecting more workstations, not only at the main location where the malware was believed to have penetrated the network first, but also at many of the various field offices and group homes as well. To top it off, the antivirus Aspire was using at the time wasn’t picking up the infections. Compton would “scan a machine that I knew was infected, and [the antivirus] would say, ‘Nope, it’s clean.’”

One of the most difficult aspects of the malware recovery process lied in the clientele Aspire serves. According to Compton, it was hard to explain security principles to a variety of computer users at 44 group homes who, in many cases, were just learning what computers were and how to use them, making the organization particularly susceptible to recurring infections.

What Compton thought was a problem specific to his organization, however, he later learned was systemic. He related that, over the course of the clean-up process, he discovered that many other computers for non-profit organizations were experiencing similar rates of infection, due, at least in part, to the overall strain on resources that the non-profits faced.

We were “using freeware to protect against malware,” he said.

Largely as a result of the turmoil, however, Compton was able to convince Aspire managers that investing in a commercial-grade endpoint security product was essential. After the infections, Compton said, everyone at the company was “very unsatisfied with the current endpoint security” posture.



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
We will be moving some servers to a new datacenter tomorrow (Wednesday Feb 23rd). As a result, you may not receive the daily summary e-mail for your DShield submissions tomorrow. We will work to keep the outage to the reports as brief as possible. The web site, and report submissions will not be affected.
Thanks.
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Unless youve been living under a stone for last couple of weeks, you will have heard about the HBGary Federal hack. Seeing everything published about this probably makes every security professional think for at least a second, 'Could this happen to me too?'.
As most details about how the attack was carried have been published already (for example, see http://arstechnica.com/tech-policy/news/2011/02/anonymous-speaks-the-inside-story-of-the-hbgary-hack.ars) we can now look at all exploited vulnerabilities.
SQL injection on a public web site
Im sure anyone who has done at least a little bit about security of web applications have heard about SQL injection. SQL injection vulnerabilities (or general injection vulnerabilities) are at the #1 place of OWASP top ten vulnerabilities for 2010.
A lot of web applications are vulnerable to SQL injection so one must be very careful when picking a web application for your web site. HBGary unfortunately had a vulnerable web application which allowed attackers to retrieve information directly from the back-end database this information included MD5 hashes of passwords of users, that had access to the administration web interface.
Ill get back to MD5 later, lets focus on the web application for now. Successfully cracking one of the passwords would allow attackers to modify the web page (since it was a CMS). While this is bad (especially given it was a security company), it is still not as bad as what happened next.
According to the information that posted, the SQL injection in the application was really simple I wouldnt be surprised if the attackers used a powerful tool such as sqlmap, which should be able to exploit this.
Using same (weak) password for multiple applications
This turned out to be a major issue. After the attackers cracked the password, they (logically) tried it on all other applications/sites. Turns out that the same password was valid for e-mail other applications, such as Twitter and Linkedin.
Since we all depend on e-mail for daily communication, it is obvious how the attackers took over the initiative at this point they were able to read HBGarys CEOs e-mails and even send e-mail purporting to be him.
After carefully checking individuals that he was sending e-mails to, the attackers used social engineering to attack a system administrator of another system (rootkit.com) an obvious weak spot since he/she holds all the keys to the kingdom.
It was this social engineering attack which impressed me the most (given the SQL injection was really simple) the attackers sent a carefully crafted e-mail, asking the administrator to open SSH on a weird port and set the root password to something he knows (he allegedly being Greg Hoglund).
Could this happen in your company? I hope not all of us - while doing various consulting gigs, such as ISO 27001 and similar, always stress, that all changes must be approved and documented. However, when another person, or even a CEO asks an administrator to do something, ignoring all processes, would he/she that? Something to think about.
When the administrator opened SSH and changed the password, it was game over. The attackers had full access to the system and they downloaded e-mail backups and all other things weve been reading about over the last couple of weeks.
So what can we learn from this hack?
A lot of things that we already preach (or should be preaching):

Do not use same passwords for multiple applications/sites. A lot of free, good utilities, such as Password Safe exist that will allow you to automatically generate strong passwords and store them in an encrypted key chain.
No matter the size of your company, you should have change management processes that require all changes to be approved by appropriate personnel. While a CEO can request to open a port on the firewall, a security person in charge should approve any such request. If you dont have multiple roles for this then make sure that appropriate authentication is in place i.e. verifying such critical requests through other channels.
You should regularly test your web applications not only external, but also internal. While this does not guarantee that you will identify and eliminate all security vulnerabilities, it will certainly raise the overall security.
Encrypt your backups and think twice if you need all those e-mails at one place. Gmail is certainly attractive for storing years of e-mails and searching through them quickly, but imagine what would happen if someone gets access to all your e-mail.
While were on encryption encrypt sensitive e-mails too - it may seem a nuisance, but it could save the day. PGP Encryption is not difficult to use, there are downsides, of course, so you should balance between usability and security.
If you are a web-application developer, and have a need to store (hashed) user passwords remember that algorithms such as MD5 were built for speed! By using todays GPUs, it is possible to crack hundreds of millions of MD5 passwords per second. Remember to use passwords salts to make rainbow tables useless (otherwise its usually a matter of seconds before a password is cracked).

Finally on storing hashed passwords, try to use multiple algorithms to store passwords something like - sha1(sha1(sha1(password))) will be unnoticeable for the end user, but will make rainbow tables useless and increase the time needed to crack a password (and increase the likelihood an attacker will have to make a custom cracking module for their purpose).

And thanks to Sauj for fixing my grammar :)
Update:fixed some errors - Ididn't try to go over what happened in every detail, Iwanted us to think about vulnerabilities that have been exploited here.
--

Bojan

INFIGO IS (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Python 3.2 has been released, with a plethora of newness. Check out the 'Whats New In Python 3.2' page: http://docs.python.org/dev/whatsnew/3.2.html or from their release announcement: Python 3.2 is a continuation of the efforts to improve and stabilize the Python 3.x line. Since the final release of Python 2.7, the 2.x line will only receive bugfixes, and new features are developed for 3.x only. at http://www.python.org/download/releases/3.2/
Cheers,

Adrien de Beaupr

Intru-shun.ca Inc. (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Winamp have confirmed in a post to their own forums that email addresses used for the forums have been compromised. Users are recommended to change their passwords as a precautionary measure, and advised that the level of spam they receive may go up. Forum users may have also received an email from Winamp advising them of the compromise. The advisory is here: http://forums.winamp.com/showthread.php?t=327374. Thanks Evan for letting us know.
Cheers,

Adrien de Beaupr

Intru-shun.ca Inc. (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
In a forum Kaspersky users discussed being unable to update their anti-virus product. The posting entitled 'Problem with the bases, Cannot update databases with 2011' is here: http://forum.kaspersky.com/index.php?showtopic=201405. It appears as though the issue has not yet been fully resolved. Thanks Bill for letting us know.
Cheers,

Adrien de Beaupr

Intru-shun.ca Inc. (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 

GovInfoSecurity.com (blog)

Hunters and Toolmakers: Seeking Infosec Wizards
GovInfoSecurity.com (blog)
This shouldn't be surprising; the GovInfoSecurity.com survey released last week shows that half of the government IT security practitioners polled see insider threats as their greatest vulnerabilities (see Gov't Infosec Pros Question Fed's Security ...

 

InfoSec World Conference & Expo 2011
Help Net Security
With the primary objective of providing education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.

 

TechJournal South

Survey: InfoSec Pros Need New Skills
GovInfoSecurity.com
The information security profession is at a crucial turning point as professionals scramble to develop new skills in the arenas of cloud computing, mobile applications and social media, a new survey shows. The 2011 (ISC)2 Global Information Security ...
RSA 2011: (ISC)² study shows gap between cloud security technology and trainingInfosecurity Magazine (US)

all 52 news articles »
 

GovInfoSecurity.com

Creates Cyber Director with Sway Over Agency Infosec Budgets
GovInfoSecurity.com
A survey by GovInfoSecurity.com of government IT security practitioners released this week (see Gov't Infosec Pros Question Fed's Security Resolve) at the RSA 2011 IT security conference shows that a majority favor granting a White House cybersecurity ...

and more »
 

GovInfoSecurity.com

Gov't Infosec Pros Question Fed's Security Resolve
GovInfoSecurity.com
Government IT security managers and professionals overwhelmingly believe the federal government does not place enough emphasis on cybersecurity, according to the inaugural State of Government Information Security survey, unveiled Thursday by ...

and more »
 

: US worries over Internet 'kill switch' highlights need for contingency ...
TMCnet
Fortunately, help is at hand in the shape of the free educational seminar programs we are planning for the Infosecurity Europe show, which takes place at Earls Court, London 19-21 April 2011 www.infosec.co.uk," she added. For more on President Obama's ...

and more »
 

The Tech Herald

RSAC 2011: Forming a bridge between law enforcement and security
The Tech Herald
With his law enforcement experience and his InfoSec background, he knows the communication gap inside and out. But he is only one man. So his talk at BSides San Francisco centered on getting help from the security community to create a non-profit ...

 

GovInfoSecurity.com

NIST Issues Glossary of Infosec Terms
GovInfoSecurity.com
Do you have a language barrier with the non-technical managers you support? The National Institute of Standards and Technology's latest publication should help in narrowing that communications gap. NIST Thursday issued Interagency Report 7298 Revision ...

 
InfoSec News: Iran's Natanz nuclear facility recovered quickly from Stuxnet cyberattack: http://www.washingtonpost.com/wp-dyn/content/article/2011/02/15/AR2011021506501.html
By Joby Warrick Washington Post Foreign Service February 16, 2011
VIENNA - In an underground chamber near the Iranian city of Natanz, a network of surveillance cameras offers the outside world a rare glimpse [...]
 
InfoSec News: Hillsborough sheriff: McDonald's run tripped up military laptop thieves: http://www.tampabay.com/news/publicsafety/crime/article1151938.ece
By Jessica Vander Velde Times Staff Writer February 17, 2011
TAMPA -- They came with rappel lines, a power saw and wire cutters.
Had they packed food, the thieves who lifted $7.4 million in military [...]
 
InfoSec News: Police probe 'spying' at Swedish airport: http://www.thelocal.se/32084/20110216/
The Local 16 Feb 11
A computer found hidden under a desk at Jonkoping Airport in central Sweden is being analysed by police in a case of suspected industrial espionage, according to airport officials.
Peter Jutterstrom, chair of the airport's board, has said that he believes the case may involve espionage.
"Someone obviously thinks that this airport is very exciting," he told the local Jonkopings-Posten newspaper on Wednesday.
The computer, which was connected to Jonkoping Airport's internal network, was discovered by a member of staff a couple of weeks ago, according to the newspaper.
Information collected on the computer, including possibly highly sensitive data, was passed onto another user, according to police, who are now investigating the matter and analysing the computer.
[...]
 
InfoSec News: At security confab, Clinton urges risk, investment: http://news.cnet.com/8301-1009_3-20033579-83.html
By Josh Lowensohn CNet News Security February 18, 2011
SAN FRANCISCO -- Like any great endeavor, information technology does not come without its risks, former President Bill Clinton said this afternoon during a speech at the RSA security conference here.
Clinton stressed that this was especially true given recent events in Egypt, efforts to secure free Internet access around the world, investigations into WikiLeaks, and the fallout from the Stuxnet virus.
"There are no totally risk-free endeavors and advances," Clinton said. "At every step along the way we have to ask ourselves, 'what is it we're really trying to do here?'"
Clinton closed out the weeklong security conference with a talk entitled "Embracing Our Common Humanity," in which he focused on the importance of making sure there is good political policy to back up new technologies, so as not to repeat mistakes made in the past. Part of such an effort also involves looking for evidence to make the right decisions, Clinton said.
[...]
 
InfoSec News: Call For Volunteers: Forwarded from: Research <research (at) tacticalintelligence.org>
We are security researchers looking for volunteers to participate in two projects.
The first is a 6 month study whose ideal participants are sysadmins of internet-facing Linux devices (preferably hobbyist machines running [...]
 
InfoSec News: Funding for cyber security 'a joke,' expert says: http://www.ottawacitizen.com/Funding+cyber+security+joke+expert+says/4306478/story.html
[But "it's a joke," said Chris Davis, CEO of Ottawa Internet security firm 'Defence Intelligence Inc' "One of the things I've always said to corporations is, 'if your budget for food, beverages and entertainment is larger than what you spend on security, then that is a real problem."
Sounds like Mr. Davis is channeling Richard Clarke nearly nine years to day of his RSA Conference 2002 keynote. "If you spend more on coffee than on IT security, then you will be hacked," Clarke said during his keynote address. - http://zd.net/fcWXzx - WK]
By Vito Pilieci Ottawa Citizen February 18, 2011
The federal government has left itself wide open to a cyber attack, like the one announced Thursday, because it still has not taken the threat seriously, say prominent Internet security experts.
Canada recently announced a Cyber Security Strategy that calls for the federal government to spend $90 million over five years to protect the country's secrets.
But "it's a joke," said Chris Davis, chief executive officer of Ottawa Internet security firm Defence Intelligence Inc. "One of the things I've always said to corporations is, 'if your budget for food, beverages and entertainment is larger than what you spend on security, then that is a real problem."
Rafal Rohozinski, chief executive of Ottawa's SecDev Group and best known for his discovery of an international cyber-espionage network in 2009, said the news that hackers broke into computer systems at the Department of Finance and Treasury Board of Canada Secretariat, should be the final wakeup call for Canada to begin taking cyber security seriously.
[...]
 
InfoSec News: ATMs Reprogrammed to Cough Up Extra Cash: http://www.nbcchicago.com/news/local-beat/atm-thefts-116435289.html
By Charlie Wojciehowski NBC Chicago Feb 17, 2011
They were brazen robberies in hotels just off Michigan Avenue. But in most cases, nobody knew they were happening because the thieves weren’t [...]
 
InfoSec News: U.S. patients trust docs, but not e-health records, survey shows: http://www.computerworld.com/s/article/9210061/U.S._patients_trust_docs_but_not_e_health_records_survey_shows
By Lucas Mearian Computerworld February 17, 2011
While Americans trust their physicians to keep their healthcare information private, they don't extend that same trust to computerized [...]
 
InfoSec News: Secunia Weekly Summary - Issue: 2011-07: ========================================================================
The Secunia Weekly Advisory Summary 2011-02-10 - 2011-02-17
This week: 66 advisories [...]
 
InfoSec News: Cyberwar Issues Likely to Be Addressed Only After a Catastrophe: http://www.wired.com/threatlevel/2011/02/cyberwar-issues-likely-to-be-addressed-only-after-a-catastrophe/
By Kim Zetter Threat Level Wired.com February 17, 2011
When it comes to developing cyberwarfare policy, the United States will likely wait for a catastrophic event and then overreact, rather than plan ahead, said former intelligence chief Mike McConnell at the RSA Conference on Wednesday.
McConnell was pessimistic that Congress and the public would get its act together in time to debate and sort out all the questions that need to be answered about what constitutes cyberwar and how the government and private sector should respond when faced with incidents that fit the definition.
McConnell, former director of national intelligence and former director of the National Security Agency, was speaking on a panel that included former Secretary of Homeland Security Michael Chertoff, Bruce Schneier chief technology security officer at BT, and James Lewis, director and senior fellow of the technology and public policy program at the Center for Strategic and International Studies.
When it comes to defining cyberwar, Chertoff and McConnell say espionage and information theft don’t qualify, but destruction of data or systems do. Designating the latter as an act of war, however, would still depend on the scale and genesis of the attack.
[...]
 
InfoSec News: CFP: 6th Workshop on Security and High Performance Computing Systems (SHPCS'11) - EXTENDED DEADLINE FEB. 28: Forwarded from: Yacine Zemali <yacine.zemali (at) ensi-bourges.fr>
[Apologies if you receive multiple copies. Please distribute this call to interested parties.] *** NEW DEADLINE ***
6th Workshop on Security and High Performance Computing Systems [...]
 
InfoSec News: FBI will announce new Net-wiretapping push: http://news.cnet.com/8301-31921_3-20032518-281.html
By Declan McCullagh Privacy, Inc. CNet News February 16, 2011
The FBI is expected to reveal tomorrow that because of the rise of Web-based e-mail and social networks, it's "increasingly unable" to [...]
 
InfoSec News: Cyber attack hits Ottawa; probe focuses on IP addresses from China: http://www.theglobeandmail.com/news/politics/cyber-attack-hits-ottawa-probe-focuses-on-ip-addresses-from-china/article1910769/
By Bill Curry and Colin Freeze OTTAWA and TORONTO Globe and Mail Feb. 16, 2011
A number of federal departments are struggling to deal with an outside [...]
 
InfoSec News: IT Pros Admit to Retaining Security Access at Former Job Sites: Survey: http://www.eweek.com/c/a/Security/IT-Pros-Admit-to-Retaining-Security-Access-at-Former-Job-Sites-Survey-341472/
By Chris Preimesberger eWEEK.com 2011-02-16
SAN FRANCISCO -- Apparently, security involving former IT employees of enterprises has more holes in it than most people think. [...]
 
View more news and analysis from Computerworld.com
 
Hewlett-Packard on Tuesday reported strong profits for its first fiscal quarter of 2011 but the results were dampened by weakness in its PC and services divisions.
 
InfoSec News: Seoul Hotel Break-In Has Makings of a Spy Novel: http://www.nytimes.com/2011/02/22/world/asia/22korea.html
By Mark McDonald The New York Times February 21, 2011
SEOUL, South Korea -- Police officials are investigating a mysterious break-in at the five-star Lotte Hotel, an odd bit of cloak and dagger in [...]
 
InfoSec News: Cyber Espionage in Georgian Businesses: http://finchannel.com/Main_News/Tech/81378_Cyber_Espionage_in_Georgian_Businesses/
By Nino Burjanadze The FINANCIAL 21/02/2011
“The frequency of cyber espionage in the banking sector of Georgia has increased, parallel to the increase in competition,” said Lasha [...]
 
InfoSec News: Flash drives dangerously hard to purge of sensitive data: http://www.theregister.co.uk/2011/02/21/flash_drive_erasing_peril/
By Dan Goodin in San Francisco The Register 21st February 2011
In research that has important findings for banks, businesses and security buffs everywhere, scientists have found that computer files [...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, February 13, 2011: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, February 13, 2011
5 Incidents Added.
======================================================================== [...]
 
Though sometimes positioned as bitter rivals, both protocols are needed for different tasks in global enterprises. Here's why.
 
Taiwan Semiconductor Manufacturing Co. is expanding capacity this year following recent unexpected demand from customers including Apple suppliers, it said Wednesday
 
Apple Computer stands to lose its No. 1 rank in mobile PC sales this year as Hewlett-Packard and even Motorola eat into its market share, research firm DisplaySearch said late Tuesday.
 
Hewlett-Packard on Wednesday announced Intel-based business laptops with features that could make it easier to swap components or fix the PCs.
 
Elan Microelectronics plans to continue its patent lawsuit against Apple over multitouch technology and said a reported $100 million settlement proposal from Apple was untrue.
 
Mobile platform features accommodations for tablets, including 'holographic' UI design, refined multitasking, and support for device administration policies
 
A hacker says that online supporters have pledged enough money to boost his defense against a lawsuit filed against him by Sony.
 
Multimedia capabilities and WebSocket support are among the missing pieces -- and don't expect a standard video codec
 
Businesses are buying technology and lots of it, say some of the major enterprise vendors, including Hewlett-Packard, IBM and Dell. But consumers are holding back. Analysts see multiple forces at play.
 

Posted by InfoSec News on Feb 18

http://www.computerworld.com/s/article/9210061/U.S._patients_trust_docs_but_not_e_health_records_survey_shows

By Lucas Mearian
Computerworld
February 17, 2011

While Americans trust their physicians to keep their healthcare
information private, they don't extend that same trust to computerized
records systems, according to a new survey from CDW.

Thirty-five percent of 1,000 survey respondents indicated they are
worried that their health...
 

Posted by InfoSec News on Feb 18

========================================================================

The Secunia Weekly Advisory Summary
2011-02-10 - 2011-02-17

This week: 66 advisories

========================================================================
Table of Contents:

1.....................................................Word From...
 

Posted by InfoSec News on Feb 18

http://www.wired.com/threatlevel/2011/02/cyberwar-issues-likely-to-be-addressed-only-after-a-catastrophe/

By Kim Zetter
Threat Level
Wired.com
February 17, 2011

When it comes to developing cyberwarfare policy, the United States will
likely wait for a catastrophic event and then overreact, rather than
plan ahead, said former intelligence chief Mike McConnell at the RSA
Conference on Wednesday.

McConnell was pessimistic that Congress and the...
 

Posted by InfoSec News on Feb 16

Forwarded from: Yacine Zemali <yacine.zemali (at) ensi-bourges.fr>

[Apologies if you receive multiple copies. Please distribute this call
to interested parties.]

---------------------------------------------------------------------------
CALL FOR PAPERS

*** NEW DEADLINE ***

6th Workshop on Security and High Performance Computing Systems
(SHPCS 2011)...
 

Posted by InfoSec News on Feb 16

http://news.cnet.com/8301-31921_3-20032518-281.html

By Declan McCullagh
Privacy, Inc.
CNet News
February 16, 2011

The FBI is expected to reveal tomorrow that because of the rise of
Web-based e-mail and social networks, it's "increasingly unable" to
conduct certain types of surveillance that would be possible on cellular
and traditional telephones.

FBI general counsel Valerie Caproni will outline what the bureau is
calling the...
 

Posted by InfoSec News on Feb 16

http://www.theglobeandmail.com/news/politics/cyber-attack-hits-ottawa-probe-focuses-on-ip-addresses-from-china/article1910769/

By Bill Curry and Colin Freeze
OTTAWA and TORONTO
Globe and Mail
Feb. 16, 2011

A number of federal departments are struggling to deal with an outside
cyber attack -- including at the Department of Finance where officials
are busy working on next month’s budget.

According to senior federal officials, an attack that...
 

Posted by InfoSec News on Feb 16

http://www.eweek.com/c/a/Security/IT-Pros-Admit-to-Retaining-Security-Access-at-Former-Job-Sites-Survey-341472/

By Chris Preimesberger
eWEEK.com
2011-02-16

SAN FRANCISCO -- Apparently, security involving former IT employees of
enterprises has more holes in it than most people think.

According to a survey released Feb. 16 that canvassed more than 1,000
employees and 500 IT decision makers in the U.S., 10 percent of IT
professionals admit...
 

Posted by InfoSec News on Feb 21

http://finchannel.com/Main_News/Tech/81378_Cyber_Espionage_in_Georgian_Businesses/

By Nino Burjanadze
The FINANCIAL
21/02/2011

“The frequency of cyber espionage in the banking sector of Georgia has
increased, parallel to the increase in competition,” said Lasha
Pataraia, Director of the Information Security Studies and Analysis
Centre, an NGO working on analyzing cyber security issues in Georgia.
Because of the low salaries in some of...
 

Posted by InfoSec News on Feb 21

http://www.theregister.co.uk/2011/02/21/flash_drive_erasing_peril/

By Dan Goodin in San Francisco
The Register
21st February 2011

In research that has important findings for banks, businesses and
security buffs everywhere, scientists have found that computer files
stored on solid state drives are sometimes impossible to delete using
traditional disk-erasure techniques.

Even when the next-generation storage devices show that files have been...
 

Posted by InfoSec News on Feb 21

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, February 13, 2011

5 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported
data loss incidents world-wide. The Open Security Foundation asks for
contributions of new incidents and new data for...
 

Posted by InfoSec News on Feb 21

http://news.cnet.com/8301-1009_3-20033579-83.html

By Josh Lowensohn
CNet News
Security
February 18, 2011

SAN FRANCISCO -- Like any great endeavor, information technology does
not come without its risks, former President Bill Clinton said this
afternoon during a speech at the RSA security conference here.

Clinton stressed that this was especially true given recent events in
Egypt, efforts to secure free Internet access around the world,...
 

Posted by InfoSec News on Feb 18

Forwarded from: Research <research (at) tacticalintelligence.org>

We are security researchers looking for volunteers to participate in two
projects.

The first is a 6 month study whose ideal participants are sysadmins of
internet-facing Linux devices (preferably hobbyist machines running
services like ftp, stfp, ssh, telnet) who are able to make changes to
service configurations, and can provide us (cleansed) log information on
at least a...
 

Posted by InfoSec News on Feb 18

http://www.ottawacitizen.com/Funding+cyber+security+joke+expert+says/4306478/story.html

[But "it's a joke," said Chris Davis, CEO of Ottawa Internet security
firm 'Defence Intelligence Inc' "One of the things I've always said to
corporations is, 'if your budget for food, beverages and entertainment
is larger than what you spend on security, then that is a real problem."

Sounds like Mr. Davis is channeling Richard Clarke...
 

Posted by InfoSec News on Feb 18

http://www.nbcchicago.com/news/local-beat/atm-thefts-116435289.html

By Charlie Wojciehowski
NBC Chicago
Feb 17, 2011

They were brazen robberies in hotels just off Michigan Avenue. But in
most cases, nobody knew they were happening because the thieves weren’t
targeting guests, they were targeting ATM machines.

Authorities said Thursday that more than $140,000 has been stolen since
December of 2010 from private cash machines installed by...
 

Posted by InfoSec News on Feb 21

http://www.nytimes.com/2011/02/22/world/asia/22korea.html

By Mark McDonald
The New York Times
February 21, 2011

SEOUL, South Korea -- Police officials are investigating a mysterious
break-in at the five-star Lotte Hotel, an odd bit of cloak and dagger in
Room 1961 whose storyline includes bumbling spies caught red-handed,
negotiations for a supersonic jet fighter, a stolen laptop and a
conveniently timed meeting with the president of South...
 


Internet Storm Center Infocon Status