Share |

InfoSec News

Microsoft's next version of the Windows operating system, dubbed Windows 8, will debut in 2012, company CEO Steve Ballmer said Monday.
 
Make your Windows 7 PC a window into the future--without compromising its actual function--with these science fiction themepacks. Whether you want cyberpunk or Cylons, dreamscapes or dystopias, Time Lords or tyrannical computers, you can immerse yourself in these images and sounds. We've combed through decades of sci-fi favorites from the silver screen and the small screen for these Windows 7 themes, and we've even tossed in a few fonts that sparked our imaginations. Each of these downloads is free.
 
HP Insight Diagnostics Online Edition 'search.php' CVE-2010-4111 Cross Site Scripting Vulnerability
 
HP Insight Management Agents 'hmanics.snmp.php' Full Path Information Disclosure Vulnerability
 
The Asus U36JC ultraportable laptop ($1000) has lots of tangible benefits: good power from its second-generation Core i5 processor, lots of ports, and features like a quick start mode that lets you browse the Web before you boot into Windows. Where the U36JC falls down is in the intangibles: Utilities with cryptic explanations and a poorly designed touchpad.
 
Xerox Corp., whose CEO Ursula Burns is advising President Obama on exports, last week told its product engineering employees that it is in outsourcing talks with India-based IT services firm HCL Technologies.
 
As midyear approaches, Oracle has made only two small acquisitions. This is out of character for a vendor that has made buying other companies a core growth strategy, doing as many as 13 deals each year since 2005, for a total of roughly 70 since then.
 
Adobe Flash Player CVE-2011-0620 Remote Memory Corruption Vulnerability
 
HP System Management Homepage (SMH) URI Redirection Vulnerability
 
HP SNMP Agents and Insight Management Agents Multiple Unspecified Security Vulnerabilities
 
Adobe Flash Player ActionScript Virtual Machine CVE-2011-0618 Remote Integer Overflow Vulnerability
 
Rackspace hopes to make using virtual desktops easier by hosting Citrix XenDesktop and XenApp, it announced on Monday.
 
Lowe's Companies said Monday that it plans to fill up to 300 IT jobs, including 150 new positions.
 
The HP Pavilion g6 is exactly what you'd expect for its starting price of $450: bland. While there's absolutely nothing exciting about this machine, it does what it's supposed to do, and does it well: The chassis is simple yet sturdy, the keyboard and trackpad are well-designed, and the performance is just around average. This is a straightforward, solid all-purpose laptop for a good price.
 
Jive Software has acquired OffiSync, whose technology links Microsoft desktop applications with cloud-based enterprise social collaboration suites.
 
Apple says its license for Lodsys patents covering in-app purchases applies to all iOS app makers. The response came in a letter sent Monday to Lodsys and its CEO Mark Small. Lodsys had recently sent letters of its own to various independent iOS developers, threatening legal action over alleged patent violations.
 
T-Mobile USA implemented four new smartphone data pricing plans that force users down from fast 4G speeds to much slower 2G speeds if they exceed a set amount of data usage and don't opt for a more expensive plan.
 
The explosion at a Chinese factory last week will affect production of Apple's iPad 2, but won't affect Apple's bottom line, a Wall Street analyst said today.
 
Hackers have broken into Sony systems in Greece, marking the fourth time in a month that systems run by the company have been compromised.
 
Twitter CTO Greg Pass has left the company last week and there's no move afoot to replace him.
 
The browser address bar isn't going anywhere, an add-on developer and former contributor to Firefox said today.
 
Google's eBooks electronic bookstore now contains about 3 million free titles, up from 2 million when it was launched in December.
 
Three-quarters of IT leaders at financial services firms plan to increase IT spending over the next 12 months and 55% expect to shift more capital expenses to managed services, according to a Bloomberg survey.
 
Montclair State University is suing Oracle over an allegedly botched ERP software project, saying a series of missteps and delays could ultimately cost the school $20 million more than originally planned, according to a complaint filed last week in U.S. District Court for the District of New Jersey.
 
Ruby 'BigDecimal' Class Integer Truncation Remote Code Execution Vulnerability
 

The Tech Herald

Seven security incidents in two months - Sony's nightmare grows
The Tech Herald
Recently, security firm SecurEnvoy sent The Tech Herald an interesting press release based on research at InfoSec Europe. In it, Steve Watts, the co-founder of SecurEnvoy, called Sony inept, when speaking about how they addressed the two largest data ...

and more »
 
One the heels of Intel's new "Sandy Bridge" chips, here are six questions you should ask yourself about microprocessing power when shopping for a new computer.
 
Verizon Wireless released a new video today reminding customers about Verizon's $5-a-month Usage Control service, which can help parents and others control voice, text and data usage per line.
 
Managing mobile devices entails a level of complexity unheard of in the traditional enterprise world of Windows desktops. MDM software needs to control devices from multiple manufacturers, running different versions of as many as five operating systems, tied to carrier networks with their own particular constraints.
 
Tablet PCs will dominate the massive Computex trade show in Taipei next week, where top brands and obscure white-box makers will show new models of the popular devices, including some that run on Intel's new Oak Trail mobile processor.
 
Indian outsourcer Satyam Computer Services went into loss again in the quarter ended March 31, after the company took a charge to settle a class-action lawsuit in the U.S., the company said Monday.
 
Software AG has entered into an agreement to acquire Terracotta, which will allow the software vendor to develop more advanced cloud services and increase the performance and scalability of its business software management tools using Terracotta's in-memory technology for Java, it said.
 
MAGIX Music Maker '.mmm' File Processing Buffer Overflow Vulnerability
 
Members of the Falun Gong group claim Cisco knew that Internet technology it supplied to China would be used to crack down on the religious movement in the country, according to a lawsuit filed last week.
 
Sony expects the hack of the PlayStation Network and will cost it $170 million this financial year, it said Monday.
 
Trustwave WebDefend Enterprise Multiple Information Disclosure Vulnerabilities
 
The SNIA has developed a specification that allows users to test solid-state drives from any vendor for their performance.
 
Google took another step toward the enterprise with the unveiling of the Chrome OS-based Chromebook netbook PC.
 
A combination of factors is going to cause Windows to lose its stranglehold on the business desktop.
 
U.S. oversight of Microsoft ended May 12, closing a landmark antitrust case that began in 1998.
 
Mozilla has shipped the beta of the Firefox 5 browser as it moves to a more frequent release schedule.
 
A few answers help clarify what the MacDefender scareware plague really means for Mac users and administrators
 
Whether you choose either or both, the differences in the two platforms and app stores are pronounced
 
'Whaling' is a growing security threat that uses personalized phishing techniques to get your most sensitive data and access to your key networks
 
Sepaton today announced a new remote office backup appliance that replicates data back to a central data center.
 
The recent Interop show in Las Vegas was awash with big ideas and the latest and greatest technologies, a healthy sign that IT is alive and well and the industry is brimming with innovation.
 
Multiple vBulletin Products 'Search Multiple Content Types' SQL Injection Vulnerability
 
InfoSec News: Michaels Breach: Who's Liable?: http://www.bankinfosecurity.com/articles.php?art_id=3668
By Tracy Kitten Managing Editor Bank Info Security May 22, 2011
A Chicago consumer affected by the Michaels card breach has filed a federal lawsuit against the crafts retailer, claiming it should have [...]
 
InfoSec News: ACM CCS'11: Call for Tutorials: Forwarded from: ACM CCS 2011 <acmccs2011 (at) gmail.com>
CCS'11 Tutorial submissions http://www.sigsac.org/ccs/CCS2011/cfp.shtml
CALL FOR TUTORIALS Tutorial submissions: Proposals for long (3-hour) and short (1.5-hour) tutorials on research topics of current and emerging interest should be [...]
 
InfoSec News: ORNL may add security role: http://www.knoxnews.com/news/2011/may/21/ornl-may-add-security-role/
By Frank Munger Knoxville News Sentinel May 21, 2011
OAK RIDGE - Oak Ridge National Laboratory has become America's hub for scientific supercomputing, hosting the Department of Energy's top [...]
 
InfoSec News: Video Captures Bradley Manning With Hacker Pals at Time of First Leaks: http://www.wired.com/threatlevel/2011/05/bradley-manning-in-boston/
By Kim Zetter Threat Level Wired.com May 20, 2011
In January 2010 when Army intelligence analyst Bradley Manning was allegedly contemplating leaking thousands of classified documents to [...]
 
InfoSec News: Small firms learn size doesn't matter to hackers: http://www.latimes.com/business/la-fi-smallbiz-security-20110523,0,5494792.story
By Cyndia Zwahlen Los Angeles Times May 23, 2011
It took all of three minutes for the hacker to break into the small accounting firm's computer system.
The virtual open window into the system turned out to be a computer equipped with outdated software. It provided access to the office network and the hacker was able to get files that included private financial information.
"That was a shock," said Lynne Leavitt, a partner at the four-person Los Angeles firm, Brakensiek Leavitt Pleger. "I thought we had good security. I thought we were safe."
Luckily, it was just a test. The hacker had been employed by a security company to test the accountants' digital defenses. As a result, the firm put in new software and adopted new security procedures.
Cyber security is not just for big businesses. "That's one of the myths we come across — 'I am too small,'" said Stan Stahl, head of a Los Angeles cyber-security company Citadel Information Group Inc. and president of the Los Angeles chapter of the Information Systems Security Assn., a trade group.
[...]
 

Posted by InfoSec News on May 23

http://www.knoxnews.com/news/2011/may/21/ornl-may-add-security-role/

By Frank Munger
Knoxville News Sentinel
May 21, 2011

OAK RIDGE - Oak Ridge National Laboratory has become America's hub for
scientific supercomputing, hosting the Department of Energy's top
supercomputer (Jaguar) as well as the top-rated machines of the National
Science Foundation (Kraken) and the National Oceanic and Atmospheric
Administration (Gaea, Mother...
 

Posted by InfoSec News on May 23

http://www.wired.com/threatlevel/2011/05/bradley-manning-in-boston/

By Kim Zetter
Threat Level
Wired.com
May 20, 2011

In January 2010 when Army intelligence analyst Bradley Manning was
allegedly contemplating leaking thousands of classified documents to
WikiLeaks, he visited friends in Boston, who brought him to a party at
Boston University’s BUILDS hacker space.

Frontline, which is airing a documentary about Manning and WikiLeaks on...
 

Posted by InfoSec News on May 23

http://www.latimes.com/business/la-fi-smallbiz-security-20110523,0,5494792.story

By Cyndia Zwahlen
Los Angeles Times
May 23, 2011

It took all of three minutes for the hacker to break into the small
accounting firm's computer system.

The virtual open window into the system turned out to be a computer
equipped with outdated software. It provided access to the office
network and the hacker was able to get files that included private...
 

Posted by InfoSec News on May 23

http://www.bankinfosecurity.com/articles.php?art_id=3668

By Tracy Kitten
Managing Editor
Bank Info Security
May 22, 2011

A Chicago consumer affected by the Michaels card breach has filed a
federal lawsuit against the crafts retailer, claiming it should have
better protected customers' cards from breach and compromise.

Brandi F. Ramundo had more than $1,300 withdrawn from her checking
account, after reportedly making a debit purchase...
 

Posted by InfoSec News on May 23

Forwarded from: ACM CCS 2011 <acmccs2011 (at) gmail.com>

CCS'11 Tutorial submissions
http://www.sigsac.org/ccs/CCS2011/cfp.shtml

CALL FOR TUTORIALS
Tutorial submissions: Proposals for long (3-hour) and short (1.5-hour)
tutorials on research topics of current and emerging interest should be
submitted to ccstutorial (at) gmail.com by June 10, 2011.

Tutorial proposals must clearly identify the intended audience and any
prerequisite...
 
If you're in the market for endpoint protection, Check Point's new R80 Unified Endpoint Security Management product shows promise.
 
One of the largest mobile device managers is Wavelink — but their strength has been in hand-held scanners, WiFi industrial devices, and the mobile non-phone marketplace.
 
Mobile devices used included a Blackberry Bold 9780 (Blackberry v. 6.0.0.4xx), a Blackberry Curve 9330 (Blackberry 5.0xxx), a Palm Pre (WebOS 1.4.5), an Apple iPhone 3GS (iOS 4.2.1), an Apple iPad (iOS 4.3.1), Motorola Droid 2 (Android 2.2), a T-Mobile G1 (Android 2.2 with Cyanogen mod 6.1) and a Motorola Xoom tablet (Android 3/Honeycomb). The Droid 2 and G1 were rooted, and we alternately jail-broke the iPhone and restored it.
 
An editor at Salon recently wrote an excruciatingly candid account of her having been snookered by an Internet scam.
 
Network World has conducted multiple tests of cloud-based services over the past year, and our overarching conclusion is that shifting compute processes to the cloud can help companies save money and become more flexible.
 
FCKeditor 'CurrentFolder' Parameter Arbitrary File Upload Vulnerability
 


Internet Storm Center Infocon Status