InfoSec News

Apple has released a security update to its Mac OS X operating system, fixing a number of critical security issues in the software.
 
When the ITU-T IPv6 Group gets together in Geneva next week, one of the things they should discuss is the need for their very existence.
 
Officials in Marin County, Calif., decided to replace the county's ailing SAP ERP (enterprise resource planning) system, an option that would cost less than trying to fix widespread problems with the software.
 
Bing is now fully fueling Yahoo search results in the U.S. and Canada, Yahoo and Microsoft said.
 
The Vyatta open-source network operating system has been certified for IPv6, which is likely to become a key capability as the number of Internet addresses available under the current version of IP diminishes.
 
Less than 24 hours after Microsoft said it couldn't patch Windows to fix a systemic problem, attack code appeared Tuesday to exploit the company's software.
 
Facebook has blocked a marijuana legalization campaign from displaying the image of a pot leaf in ads on the social-networking giant's site.
 
With location-based services such as Facebook's Places come many misconceptions about risks. Here's a look at what's true and false regarding location-based technology.
 
Huawei Technologies plans to launch the U8150, which is based on Android version 2.2, at the Internationale Funkaustellung (IFA) consumer electronics show, the company said via e-mail.
 
Spam messages touting fictional tales of celebrity deaths are prompting users to open attachments that are adding their machines to the Zeus botnet.
 
Thanks to some severely poor planning, my trip to Japan last week ended up being one more day than I had expected. And so my friend and I found ourselves stranded in Nagoya, a city in the center of Japan, without a hotel or our Japanese-speaking travel companions.
 
CRM systems are where the data about customer relationships are supposed to live, and they typically provide a report-writing system as well as dozens of canned reports. But reports are incredibly vulnerable to GIGO, and they immediately expose data quality problems. Let's look at issues that limit the validity and credibility of any reports in your CRM system.
 
Dell on Tuesday dived into the highly competitive smartphone market, releasing the Aero in the U.S.
 
Major upgrade to the open source Web development framework features Merb influences that enable performance improvements
 
More than 40% of the world's spam is coming from a single network of computers that computer security experts continue to battle, according to new statistics from Symantec's MessageLabs' division.
 
Sprint's Virgin Mobile announced on Tuesday an overhaul of its Broadband2Go mobile broadband service. The carrier plans to offer a new contract-free, unlimited mobile broadband plan for $40 per month, and Virgin Mobile will also phase out most of its current tiered mobile data plans.
 
Smaller and power-efficient laptops with Advanced Micro Devices' upcoming Fusion hybrid chips will reach shelves "early next year," company officials said on Tuesday.
 
In this interview, Ryan Berg, a senior architect of security research for IBM discusses why some companies lack direction when it comes to secure software development.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

IBM - Software development - Chief executive officer - Security - Companies
 
Nokia's Symbian-based 5250 phone is its cheapest touchscreen smartphone yet at $145, but to get the price that low, Nokia had to ditch some of the features of its predecessor.
 
For the second time in less than a week a Facebook account created by a North Korea-linked Web site has been deleted by the social networking site.
 
Advanced Micro Devices on Tuesday shared details about its next-generation chip architecture code-named Bulldozer, which will form the basis for its upcoming 16-core server processors.
 
Federal agents found more than US$150,000 in cash when they searched the house of Apple manager Paul Devine earlier this month, prosecutors said in court Monday.
 
AMD officials Tuesday said that its new Fusion chips will be running smaller and more efficient laptops by early next year.
 
Oracle CEO Larry Ellison will take the JavaOne stage next month to talk about the company's Java vision and strategy
 
Virtualization is just the beginning of a private cloud. To reap the full benefits, you'll need automation and resource orchestration and other tools, not to mention a whole new attitude about how to 'do' IT.
 
Neglected by Oracle, the OpenSolaris operating system has now lost its external governing body
 
InfoSec News: United Nations Website Contains SQL Injection Flaws Three Years After Hack, Researcher Says: http://www.darkreading.com/vulnerability_management/security/vulnerabilities/showArticle.jhtml?articleID=226900111
By Kelly Jackson Higgins DarkReading Aug 23, 2010
Three years after the United Nations' website was defaced by activist hackers using a SQL injection attack, the site still contains multiple instances of these vulnerabilities.
Security researcher Robert Graham, CEO of Errata Security, did his now-annual checkup on the UN site and found that while the UN had removed the bug that was exploited in the August 2007 attack, the site is still rife with multiple SQL injection vulnerabilities.
In the 2007 defacement, attackers replaced then-Secretary General Ban Ki-Moon's speeches with some of their own calling for "peace forever" and "no war." The attackers exploited a SQL injection bug.
"In what's become a yearly blogpost, the UN still has not fixed the SQL injection problems that led to their website being hacked back in 2007," Graham blogged today. "For example, if you click on 'print this article', then use that URL instead, the SQL injection still works."
[...]
5B
 
InfoSec News: Scrutiny for Chinese Telecom Bid: http://www.nytimes.com/2010/08/23/business/global/23telecom.html
By David Barboza The New York Times August 22, 2010
SHANGHAI -- Warning about a potential threat to national security, eight Republican lawmakers have asked the Obama administration to scrutinize a [...]
 
InfoSec News: Researcher Arrested in India After Disclosing Problems With Voting Machines: http://www.wired.com/threatlevel/2010/08/researcher-arrested-in-india
By Kim Zetter Threat Level Wired.com August 23, 2010
A security researcher in India has been arrested after he refused to provide authorities with the name of a person who supplied him with an [...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, August 15, 2010: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, August 15, 2010
24 Incidents Added.
======================================================================== [...]
 
InfoSec News: How Your Business Can Avoid Being Collateral Damage In A Cyber War: http://www.csoonline.com/article/604663/how-your-business-can-avoid-being-collateral-damage-in-a-cyber-war
By Richard Power CSO August 23, 2010
All around the world, governments declare they are gearing up for cyber war. I know, I know, to anyone who has been at this for any significant [...]
 

Posted by InfoSec News on Aug 24

http://www.darkreading.com/vulnerability_management/security/vulnerabilities/showArticle.jhtml?articleID=226900111

By Kelly Jackson Higgins
DarkReading
Aug 23, 2010

Three years after the United Nations' website was defaced by activist
hackers using a SQL injection attack, the site still contains multiple
instances of these vulnerabilities.

Security researcher Robert Graham, CEO of Errata Security, did his
now-annual checkup on the UN site...
 

Posted by InfoSec News on Aug 24

http://www.nytimes.com/2010/08/23/business/global/23telecom.html

By David Barboza
The New York Times
August 22, 2010

SHANGHAI -- Warning about a potential threat to national security, eight
Republican lawmakers have asked the Obama administration to scrutinize a
bid by one of the biggest corporations in China to supply
telecommunications equipment to Sprint Nextel in the United States.

In a letter sent last week to top administration...
 

Posted by InfoSec News on Aug 24

http://www.wired.com/threatlevel/2010/08/researcher-arrested-in-india

By Kim Zetter
Threat Level
Wired.com
August 23, 2010

A security researcher in India has been arrested after he refused to
provide authorities with the name of a person who supplied him with an
electronic voting machine that was used to discover vulnerabilities in
the system. The researcher had used the machine to demonstrate how
someone could hack voting systems to...
 

Posted by InfoSec News on Aug 24

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, August 15, 2010

24 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported data loss incidents world-wide. The Open
Security Foundation asks for contributions of new incidents and new data for...
 

Posted by InfoSec News on Aug 24

http://www.csoonline.com/article/604663/how-your-business-can-avoid-being-collateral-damage-in-a-cyber-war

By Richard Power
CSO
August 23, 2010

All around the world, governments declare they are gearing up for cyber
war. I know, I know, to anyone who has been at this for any significant
length of time, many of the news stories we are reading today could
have, or should have, been written a decade ago, or more. The term
"Cyber war"...
 
Intel, Nokia and Finland's University of Oulu are developing a research center to create software for 3D and virtual reality experiences for use on mobile devices.
 

SYS-CON Media (press release) (blog)

Just in Case. Bring Alternate Plans to the Cloud Party
SYS-CON Media (press release) (blog)
If you are in a country with one set of infosec laws, and your cloud provider stores your data in a different country, what exactly does that mean to you? ...

 
IBM is developing a new deep-sleep mode for its Power processors that will allow them to draw almost no power when they are idle, an IBM engineer said at the Hot Chips conference on Monday.
 
Federal agents found more than $150,000 in cash when they searched the house of Apple manager Paul Devine, who has been charged with taking kickbacks from Apple suppliers.
 
Microsoft responded to reports of potential zero-day attacks against a large number of Windows apps by publishing a tool to block known exploits.
 

Internet Storm Center Infocon Status