InfoSec News

Flexible screens as thin as a piece of paper may be available for e-readers by early next year thanks to a project from Taiwan's Industrial Technology Research Institute (ITRI) and licensee AU Optronics, one of the world's largest LCD screen makers.
 
A jury has awarded Oracle $1.3 billion in damages in its corporate theft lawsuit against SAP.
 
Michael Friedenberg, president and CEO of IDG Enterprise, offers up what he thinks will be the top ten trends in the IT community in 2011.
 
The CMO is still a ways off your radar screen, says CIO magazine Editor in Chief Maryfran Johnson. With the rise in the influence of social media on your business, it's time to get better acquainted.
 
Two former students at the University of Central Missouri face charges of breaking into university databases and of stealing and attempting to sell personal data on about 90,000 UCM students, faculty, staff and alumni.
 
Former Comverse Technology CEO Kobi Alexander has agreed to forfeit $46 million to help cover shareholder lawsuits against the company he founded.
 
The USITC launches an investigation into a patent complaint filed by Apple against Motorola.
 
Privacy groups file a complaint with the FTC over alleged unfair health marketing practices online.
 
Apple's latest mobile OS, iOS 4.2, is out. Meanwhile, yet another Android version, 2.3 "Gingerbread," is just around the corner,and many more Android phones and tablets are set to roll out. Our question: Can Apple's irregular OS updates and yearly hardware iterations keep pace with Android?
 
Despite early security woes, Diaspora is testing the waters in a limited alpha invite-only release.
 
The Samsung Galaxy Tab ($400 with a two-year contract on Sprint as of November 22, 2010) is the first Android tablet that has what it takes to challenge Apple's dominant iPad. Available from five domestic wireless carriers--AT&T, Sprint, T-Mobile, U.S. Cellular, and Verizon--the Galaxy Tab's hardware is similar across providers. The big differences lie in service pricing, whether the carrier takes advantage of the Tab's mobile-hotspot capability, and whether the device has a SIM-card slot (CDMA-based Sprint and Verizon units lack this feature). Overall, you can expect the Tab models to be similar in use, with minor differences in which apps are installed from the get-go.
 

(ISC)² launches application security advisory board
Infosecurity Magazine (US)
The non-profit infosec certification body, (ISC)², has announced the formation of an international Application Security Advisory Board to address the issue ...

and more »
 
I'm a CIO or CSO of a corporation that has yearly revenues of $1 billion or more. What are the security concerns that I have before I'm willing to deploy my IT infrastructure into a cloud? Let's flesh out the following security issues: What belongs in the cloud? How should sensitive data be protected? How are encryption upgrades addressed? How do I limit access to sensitive data? And how will critical systems metadata (data describing data) be tracked?
 
Acer will release a variety of tablets and new laptops as well, the company announced today.
 
If you spend a lot of time immersed in social networking activity on multiple networks, you may begin to feel the strain as you bounce from Facebook to Twitter to various other destinations. Posting the same thing on each network is a time-consuming bore, but you want to get the word out to all your buddies. Pixelpipe Post & Upload HD can dramatically streamline your online social activity by allowing you to post status updates, photos, video and files simultaneously to more than 90 social networks and online services.
 
Establishing some ground rules for what people mean when they refer to something as a tablet.
 
Lots of applications--including Microsoft Office, Final Cut Express, and Steam--like to create their own User Data folders in your Documents folder. If you like to keep your Documents folder relatively neat, these application folders can quickly clutter it up. Mac OS X Hints reader michelcolman shows us how to hide or move them so they don't get in your way:
 
Acer will release a variety of tablets and new laptops as well, the company announced today.
 
Hewlett-Packard CEO Leo Apotheker could be going on a software shopping spree soon.
 
The Story:
 
Video games are proving effective for both sorting out new hires and training employees.
 
An engineer hired for a job that never materialized was awarded $1.9 million by a Minnesota jury after his employer, Seagate, uprooted him from a job in Dallas and then laid him off nine months later.
 
I'm a CIO or CSO of a corporation that has yearly revenues of $1 billion or more. What are the security concerns that I have before I'm willing to deploy my IT infrastructure into a cloud? Let's flesh out the following security issues: What belongs in the cloud? How should sensitive data be protected? How are encryption upgrades addressed? How do I limit access to sensitive data? And how will critical systems metadata (data describing data) be tracked?
 
Christie's auction house in London today sold an Apple-1 computer for $213,600 to an Italian collector.
 
Microsoft Visual Studio vulnerability
 
ZyXEL P-660R-T1 V2 XSS
 
[eVuln.com] sitename XSS in Hot Links Lite
 
Nearly a year into their tenure as co-CEOs of SAP, Bill McDermott and Jim Hagemann Snabe are saying all the right things and getting good marks from industry analysts--proving that a dual-CEO model is not a recipe for disaster. But the duo still faces significant challenges.
 
Security vendor Sophos says Facebook users can relax and stop warning each other about a supposed computer crashing Christmas tree-themed app disguised as a virus since the whole thing is just a hoax.
 
Apple has finally released the highly-anticipated iOS 4.2. While the attention around iOS 4.2 has been focused on the enhancements and new features -- particularly for the iPad -- the update also fixes more than 80 vulnerabilities in the iPhone, iPod, and iPad.
 
Enterprise software provider SAP is stepping up its security stance as its once-isolated systems become increasingly connected to the Internet, posing new risks as hackers diversify their targets.
 
The nation is in an uproar over full body scanning and pat downs in the airport TSA security lines. Is it a necessary security measure or a violation of our freedom and privacy? Bill Brenner weighs in.
 
WebKit 'Text' Objects Integer Overflow Remote Code Execution Vulnerability
 
The FCC plans on updating 911 emergency centers to accept text messages, picture messages, streaming video and other 21st century technologies, Wired reports. The update, called Next Gen 911, will expand the service's ability to capture important data -- and keep those reporting the crime out of danger.
 
There is light at the end of the tunnel for the estimated 20 million Europeans who cannot get high-quality broadband access. On Friday a new satellite will be launched that will deliver broadband Internet access to consumers and businesses across the European Union.
 
Apple's iOS 4.2 update offers iPhone users a way to find their phones and stream their media. But while handy, most of the new features are rather limited.
 
ESA-2010-019: RSA, The Security Division of EMC, is reissuing this advisory regarding a potential cross-site scripting vulnerability that has been identified in RSAR Adaptive Authentication (On Premise) versions 2.x and 5.7.x. Patch 105162
 
Adobe Reader X uses Microsoft's sandboxing technology to block potentially dangerous processes from executing beyond the confines of the software.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
During a trip to India, President Barack Obama acknowledged that offshoring is part of international trade, and instead of complaining about jobs moving to Bangalore, he offered an optimistic message to India's leaders, emphasizing how trade benefits both countries.
 
So you've decided to buy that special someone on your holiday shopping list a brand-new Mac. Hooray! A new Mac is guaranteed to put a very big smile on your recipient's face.
 
The siloed, business-led SaaS deployments of the 2000s are yielding to greater due diligence, planning, and integration with existing sourcing and IT processes, says Forrester Research. Here are 5 considerations for sourcing professionals trying to get the most from SaaS.
 
The start of the holiday season is ripe with SEO poisoning, third-party attack ads and spam messages touting deals that are too good to be true, according to security experts.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Fostering security awareness is a difficult challenge, but as Senior Site Editor Eric B. Parizo writes, the methods may not be as important as the passion to succeed.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
webApp.secure 'Content-Length' Remote Denial Of Service Vulnerability
 
Research In Motion denied reports in Indian media that it had received information from an Indian government official questioned by police Monday during an investigation into the leaking of information to telecommunications companies.
 
Hooks to SharePoint, BizTalk, and SQL Server could appeal to Microsoft shops if security is improved
 
A Florida woman has pleaded guilty to charges that she helped her employer sell counterfeit computer chips for use by the U.S. military
 
Xion Audio Player '.m3u' File Remote Buffer Overflow Vulnerability
 
Apache Tomcat 'sort' and 'orderBy' Parameters Cross Site Scripting Vulnerabilities
 
Now that iOS 4.2 is out and we've lauded its best features, it's time to take a look at its biggest omissions. Macworld's weigh on on the 10 most-hoped-for features that still aren't here.
 
Apple has finally released iOS 4.2, an update to its mobile OS that refines features already available on the iPhone and rolls those features out to the iPad. Michael deAgonia offers a look at the big changes.
 
Xion Audio Player '.m3u8' File Remote Buffer Overflow Vulnerability
 
InfoSec News: Foreign cyber spies target British defence official: http://www.theregister.co.uk/2010/11/22/mod_spear_phish/
By Chris Williams The Register 22nd November 2010
Foreign spies targeted a senior British defence official in a sophisticated spear phishing operation that aimed to steal military secrets. [...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, November 14, 2010: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, November 14, 2010
9 Incidents Added.
======================================================================== [...]
 
InfoSec News: Chinese National Stole Ford Secrets Worth More Than $50 Million: http://threatpost.com/en_us/blogs/chinese-national-stole-ford-secrets-worth-more-50-million-112210
By Paul Roberts Threat Post November 22, 2010
A ten year veteran of the U.S. automaker Ford Motor Company pleaded guilty in federal court on November 17 to charges that he stole company [...]
 
InfoSec News: Could Stuxnet Mess With North Korea’s New Uranium Plant?: http://www.wired.com/dangerroom/2010/11/could-stuxnet-mess-with-north-koreas-new-uranium-plant/
By Kim Zetter and Spencer Ackerman Danger Room Wired.com November 22, 2010
The Stuxnet worm may have a new target. While security analysts try to figure out whether the now-infamous malware was built to sabotage Iran’s nuclear program, North Korea has unveiled a new uranium enrichment plant that appears to share components with Iran’s facilities. Could Pyongyang’s centrifuges be vulnerable to Stuxnet?
While U.S. officials are trying to figure out how to respond to North Korea’s unveiling of a new uranium enrichment plant, there are clues that a piece of malware believed to have hit Iran’s nuclear efforts could also target the centrifuges Pyongyang’s preparing to spin.
Some of the equipment used by the North Koreans to control their centrifuges — necessary for turning uranium into nuclear-bomb-ready fuel — appear to have come from the same firms that outfitted the Iranian nuclear program, according to David Albright, the president of the Institute for Science and International Security and a long-time watcher of both nuclear programs. “The computer-control equipment North Korea got was the same Iran got,” Albright told Danger Room.
Nearly two months before the Yongbyon revelation, Albright published a study covering the little that’s publicly known about the North’s longstanding and seemingly stalled efforts at enriching its own uranium. (.pdf) Citing unnamed European intelligence officials, Albright wrote that the North Korean control system “is dual use, also used by the petrochemical industry, but was the same as those acquired by Iran to run its centrifuges.”
[...]
 
InfoSec News: EU, US and NATO to work together on cyber defense: http://www.csoonline.com/article/638565/eu-us-and-nato-to-work-together-on-cyber-defense
By Jennifer Baker IDG News Service November 22, 2010
A range of new plans to tackle cyber-crime has been approved by the European Union, the U.S and NATO over the past three days. [...]
 

Posted by InfoSec News on Nov 22

http://www.theregister.co.uk/2010/11/22/mod_spear_phish/

By Chris Williams
The Register
22nd November 2010

Foreign spies targeted a senior British defence official in a
sophisticated spear phishing operation that aimed to steal military
secrets.

The plan was foiled last year when the official became suspicious of an
email she received from a contact she had met at a conference.

The official showed the highly personalised message to...
 

Posted by InfoSec News on Nov 22

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, November 14, 2010

9 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported
data loss incidents world-wide. The Open Security Foundation asks for
contributions of new incidents and new data for...
 

Posted by InfoSec News on Nov 22

http://threatpost.com/en_us/blogs/chinese-national-stole-ford-secrets-worth-more-50-million-112210

By Paul Roberts
Threat Post
November 22, 2010

A ten year veteran of the U.S. automaker Ford Motor Company pleaded
guilty in federal court on November 17 to charges that he stole company
secrets, including design documents, worth more than $50 million and
sharing them with his new employer: the Chinese division of a U.S. rival
of Ford's.

Xiang...
 

Posted by InfoSec News on Nov 22

http://www.wired.com/dangerroom/2010/11/could-stuxnet-mess-with-north-koreas-new-uranium-plant/

By Kim Zetter and Spencer Ackerman
Danger Room
Wired.com
November 22, 2010

The Stuxnet worm may have a new target. While security analysts try to
figure out whether the now-infamous malware was built to sabotage Iran’s
nuclear program, North Korea has unveiled a new uranium enrichment plant
that appears to share components with Iran’s...
 

Posted by InfoSec News on Nov 22

http://www.csoonline.com/article/638565/eu-us-and-nato-to-work-together-on-cyber-defense

By Jennifer Baker
IDG News Service
November 22, 2010

A range of new plans to tackle cyber-crime has been approved by the
European Union, the U.S and NATO over the past three days.

The European Commission announced on Monday its proposals to develop
three systems to raise the level of security for citizens and businesses
in cyberspace.

An E.U....
 


Internet Storm Center Infocon Status