InfoSec News

SYS-CON Media (press release) (blog)

The Cost of Ignoring 'Non-Human' Visitors
SYS-CON Media (press release) (blog)
By Lori MacVittie #infosec There is a real cost associated with how far you allow non-human traffic to penetrate the data center – and it's not just in soft security risks. A factor often ignored by those performing contact analysis costs is technology ...

and more »
Oracle and Google will hold another round of settlement talks as the trial date nears in their high-stakes court battle over Google's alleged misuse of Java in Android.
The maps on smartphones and tablets soon may extend into buildings, but consumers and service providers won't use indoor maps the same as outdoor, participants in the location-based services business said on Wednesday.
Some of the largest IT companies in India and the U.S. are complaining to President Obama that it has become increasingly difficult to get work visas for their employees -- and they want him to take action.
Hewlett-Packard, Oracle and Apple sparked some of the biggest corporate financial news of the week, highlighting sector trends as IT edges toward what could be its best first quarter on the markets since the dot-com bust in 2000, despite some turbulence during the past few days.
Atheme IRC Services 'mycertfp_delete()' Function Security Bypass Vulnerability
A week after the launch of the new iPad, the device now accounts for about 1 in 15 Apple tablets accessing the Internet, a mobile ad network said today.
Memorial Sloan-Kettering Cancer Center has brought IBM's Watson supercomputer onboard to help it diagnose and treat cancer patients, just a few months after Watson was hired by Cedars-Sinai for the same purpose.
Oracle co-President Mark Hurd is scheduled to reveal new details about the vendor's BI (business intelligence) and analytics strategy, including new applications aimed at SAP customers, during an event on April 4.
Responding to user demand, Microsoft now allows projects using its CodePlex open source code repository to use the increasingly popular Git version-control system built by Linux creator Linus Torvalds.
Asetek this week revived the promise of bringing liquid cooling to laptops, which the company is pitching as an alternative to noisy fans.
SAS Institute this week unveiled new technology designed to allow a broad swath of enterprise users to do advanced analytics on massive volumes of data.
file Composite Document File Format Denial of Service Vulnerability
[ MDVSA-2012:037 ] cyrus-imapd
[ MDVSA-2012:036 ] libsoup
[ MDVSA-2012:035 ] file
Last week here in Gearhead I discussed my ongoing saga of trying to get decent IP DSL service from AT&T U-Verse.
FreePBX Multiple Cross Site Scripting and Remote Command Execution Vulnerabilities
[ MDVSA-2012:034 ] libzip
[ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256
[SECURITY] [DSA 2438-1] raptor security update
'phpMoneyBooks' Local File Inclusion (CVE-2012-1669)
Microsoft's recent campaigns touting Internet Explorer 9 have moved IE's quality perception needle for U.S. adults, according to BrandIndex, a brand quality measurement company.
According to a published report, federal regulators are looking into whether trading firms that use computer systems to perform sub-second trades have an unfair advantage over other investors.
struts2 xsltResult Local code execution vulnerability
Facebook on Friday warned employers about trying to gain inappropriate access to Facebook accounts to check out private information about potential employees, citing possible legal liability.
European Union regulators have warned Germany that it must implement the controversial Data Retention Directive within one month or face legal action and possible fines.
Northrop Grumman Corporation has become victims to the on going cyber war that anonymous hackers are taking out on the worlds governments and intelligence agencies alike.

LTE phone shipments will grow tenfold to reach 67 million units in 2012, making it a breakout year for the 4G technology, Strategy Analytics said on Friday.
Security experts throw cold water on growing reports of Android security threats. The threat is real but over-hyped, they say.
Employees who heavily insult their employers on social networks can be fired because messages on social media are at least semi public and can be easily replicated throughout the internet, a judge in the Netherlands ruled this week.
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Australian police have sadly announced plans to start what is commonly known as "wardriving", driving around in a vehicle that's got equipment decked out to grab and log the details and location of any wireless hotspots.

The report which has been put together from data obtained from many government agency's including the Australian Federal Police, Irish Reporting & Information security service (IRIssCeRT), United states secret service (Usss) and many others has returned results that amount over 174 million compromised records being logged as breached in just 2011 alone.


Hacktivism: dangerous new social conscience
Hacktivism is growing fast as a means to challenge authority, and there's little that can be done to stop it, says Infosec. Hacktivism – hacking into an organisation's site and data to make a point – is on the rise, says Bevan Lane, Director at Infosec ...

A T-Mobile call center consolidation will cost 1,900 people their jobs, as the company works through a restructuring following the failure of AT&T's proposed acquisition of the smaller operator.
Late last year china faced one of the biggest leaks of information to date with its Software developer network being hacked and millions of Chinese peoples user accounts was leaked online.

libzip Multiple Buffer Overflow Vulnerabilities

Hacktivism: dangerous new social conscience - Security Summit 2012 Press Office
ITWeb (press release)
Hacktivism is growing fast as a means to challenge authority, and there's little that can be done to stop it, says Infosec. Hacktivism – hacking into an organisation's site and data to make a point – is on the rise, says Bevan Lane, Director at Infosec ...

A further 700 websites have been hacked and defaced in one of the biggest mass defacements so far that have been carried out in the name of Freedom for palestine.

When data center and facility managers meet with the CIO about new equipment, the conversations are rarely easy. The equipment they seek is often expensive, in the six- or seven-figure range, and justifying the expense can be challenging.
The new iPad's LTE option, which enables access to fast 4G networks, means customers can use up an entire month's worth of data in a couple of hours. Bandwidth-versus-cost poses a dilemma for carriers, too.
Foxconn's contract handset manufacturing arm returned to a net profit in 2011, after the company streamlined its operations during the year to better manage production costs.
U.S. Cellular joined the ranks of U.S. carriers with commercial LTE service on Thursday, launching the Samsung Galaxy Tab 10.1 as its first LTE-capable device.

Posted by InfoSec News on Mar 23


By Camille Tuutti
March 22, 2012

The federal government might not be in a mad march to migrate its most
sensitive data to the cloud, but as standards become more cemented and
processes ironed out, more agencies will move into the space perceived “as a
little bit risky at the moment,” according to the predictions of a General
Service Administration...

Posted by InfoSec News on Mar 23


By Zhao Wen

The man suspected of hacking into China's largest website for programmers and
leaking personal information of over 6 million users last December has been
detained on charges of illegal acquisition of computer data, the Beijing News
reported today.

The suspect surnamed Zeng...

Posted by InfoSec News on Mar 23


The Secunia Weekly Advisory Summary
2012-03-15 - 2012-03-22

This week: 139 advisories

Table of Contents:

1.....................................................Word From Secunia...

Hacktivism: dangerous new social conscience
Mail & Guardian Online
Hacktivism is growing fast as a means to challenge authority, and there's little that can be done to stop it, says Infosec. Hacktivism – hacking into an organisation's site and data to make a point – is on the rise, says Bevan Lane, Director at Infosec ...


Cloud outages are always big news -  and for good reason, because they usually affect many people. Last month’s Microsoft Azure outage was no exception. But at least Microsoft appears to be trying to learn from its mistakes.

nt released detailed findings of its root cause analysis of the Azure outage earlier this month, and said it would to use lessons learned from the incident to improve its cloud service. The analysis, posted by Azure engineering team leader Bill Laing, provides a detailed description of the Leap Day bug that triggered the Feb. 28 outage. The analysis was prefaced by an apology and an offer of service credits to customers, and included a description of the steps Microsoft is taking to improve its engineering, operations and communication in the wake of the outage.

“Rest assured that we are already hard at work using our learnings to improve Windows Azure,” Laing said.

Microsoft’s plans include improved testing to detect time-related bugs, strengthening its Azure dashboard, and improved customer communication during an incident.

Kyle Hilgendorf, principal research analyst at Gartner, said he was impressed with the level of detail in Microsoft’s analysis.

“I encourage all current and prospective Azure customers to read and digest the Azure RCA [root cause analysis],” he wrote in a blog post.  “There is significant insight and knowledge around how Azure is architected, much more so than customers have received in the past.”

The 33% service credit offered by Microsoft, he added, is becoming a de facto standard for cloud outages. “Customers appreciate this offer as it benefits both customers and providers alike from having to deal with SLA claims and the administrative overhead involved,” he said.

In a previous blog post, Hilgendorf summarized Azure customers concerns after the outage. Customers told him Microsoft’s communication during the outage was lacking; the company needed to be more transparent, and they were looking into options for protecting themselves against future outages.

So while Microsoft is applying lessons learned from the Azure outage, it appears Azure customers got a harsh reminder of the need to plan for service disruption. At last year’s Gartner Catalyst Conference, Richard Jones, managing vice president for cloud and data center strategies at Gartner, advised attendees to prepare for cloud failure by planning for resilience into their cloud infrastructure and services. Experts have also said organizations need to plan for outages in their cloud contracts.

“Cloud outages are a sad and unfortunate event,” Hilgendorf wrote. “However, if we learn from them, build better services, increase transparency, and guide towards better application design, then we can make something great out of something bad.”

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Hacktivism: dangerous new social conscience
Hacktivism is growing fast as a means to challenge authority, and there's little that can be done to stop it, says Infosec. Hacktivism – hacking into an organisation's site and data to make a point – is on the rise, says Bevan Lane, Director at Infosec ...

and more »
A Malaysian Mazda dealer who is part of the main mazda motor group has been hacked and left defaced.

Internet Storm Center Infocon Status