InfoSec News

A USB drive loaded with malware was used to compromise sensitive military networks in 2008, according to U.S Deputy Defense Secretary William Lynn.
 
Responding to complaints from users, Facebook is promising to revamp its instant-messaging Chat feature, which has become one of the social-networking site's most popular.
 
Craigslist is back in the hot seat over the Adult Services category on its popular classified advertising site.
 
Apple will stick to its practice of revamping its iPod line next week, but other moves, including possible tweaks to its Apple TV box, will likely be minor, a Wall Street analyst said.
 
A USB drive loaded with malware was used to compromise sensitive military networks in 2008, according to U.S Deputy Defense Secretary William Lynn.
 
Demand for Windows and Linux servers is increasing at a rapid pace, at the expense of Unix servers and other non-x86 machines, according to IDC.
 
The Social Security Administration says it will announce in September a new contract award for data networking services following Qwest's successful, but secretive, legal protest of the original awards to Verizon and AT&T.
 
Some of the world's most popular Windows programs are vulnerable to attacks that exploit a bug in the way they load critical code libraries, according to sites tracking attack code.
 
Gmail users have been reporting in droves that the Google webmail service is resending messages to their recipients, turning these users into accidental spammers who are unintentionally annoying friends, acquaintances and business contacts.
 
Apple has issued invitations to a press event in San Francisco on Sept. 1 at which the company is expected to launch new products.
 
As graphics chips and CPUs become more capable, laptops start to offer gaming experiences that may not be quite as robust as dedicated desktop gaming PCs - but they can come close. AVADirect's Clevo W860CU tries to walk the line between the massive gaming laptops that are really luggable desktop systems and the thin and light units with discrete GPUs that can't quite deliver robust frame rates in games.
 
Red Hat has submitted its Deltacloud could platform to the Distributed Management Task Force as a candidate for standardization.
 
Motorola appears ready to do more development on top of Android with its acquisition of 280 North, a company that develops Web applications.
 
Pedro Bueno (pbueno /%%/ isc. sans. org) Twitter: http://twitter.com/besecure (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Google announced Wednesday it is offering the ability to make phone calls over the Internet via its popular Gmail service.
 
EMC today announced several upgrades to its Clariion and Celerra storage devices and said it is shipping its Unisphere management software.
 
There is still a way for Oracle to calm down people concerned about the fate of the Java programming language under the vendor's stewardship, according to James Gosling, known as the "father" of Java.
 
LG Display is developing a new generation of color and flexible e-paper that may go into future products such as e-readers or tablets.
 
Pedro Bueno (pbueno /%%/ isc. sans. org) Twitter: http://twitter.com/besecure (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft's Russian Web site today revealed details about the new Internet Explorer 9 user interface, touting new features such as quick-release tabs and a Chrome-like address/search bar.
 
Dent repair company Carmedic says using a digital pen and paper system has vastly reduced the time for processing invoices and has cut down on handwriting errors and lost paperwork.
 
Nobody likes to get picked on. But is it sometimes necessary to snap people out of their apathetic approach to security?
 
Wondering what to download for your smartphone? Start with this collection of the best productivity tools, utilities, and games. Here are our picks for the best multiplatform apps. To see our top choices for apps exclusive to Android, BlackBerry, or iPhone, read the other articles in this package.
 
Seeking the best productivity tools, utilities, and games for your iPhone? Here's our selection of the best apps exclusive to Apple handsets. To see multiplatform apps and titles made just for Android or BlackBerry, read the other articles in this package.
 
The popular browser component had 20 holes, 18 considered critical, enabling an attacker to execute code remotely, gain access to files and take control of a victim's computer.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Adobe Shockwave - Programming - Adobe Systems - Adobe - Shockwave Player
 
Wondering what to download for your smartphone? Trying to find high-quality apps among the many thousands available can be a challenge, no matter what phone you own. Start with this collection of the best productivity tools, utilities, reference apps, media helpers, timesavers, and games.
 
Eucalyptus updates its open source cloud platform to version 2.0
 
San Jose-based Viralheat this week announced plans to provide companies with some of the data it collects from social networks about businesses, products and brands.
 
3PAR will open discussions with Hewlett-Packard following that company's unsolicited $1.6 billion cash bid for the data storage maker, which exceeded an earlier bid from Dell.
 

Intense School Achieves Notable Milestone in Acquisition Integration
PR Web (press release)
InfoSec Institute today announces that one-thousand (1000) students have now completed an Intense School Training Course or Boot Camp since Intense School ...

 
Adobe Systems patched 20 security vulnerabilities in its Shockwave Player on Tuesday. Most of the flaws could allow an attacker to run their own code on an affected computer.
 
Citrix's next version of XenDesktop will automatically encrypt corporate data on employee-owned laptops and include a bare-metal client hypervisor.
 
Just days after making its updated version of App World available to all, Research In Motion acquired Cellmania, a company that offers back-end infrastructure for application stores.
 
Visa this week added new best practices for makers of payment applications and those using them.
 
San Jose-based Viralheat this week announced plans to provide companies with some of the data it collects from social networks about businesses, products and brands.
 
Mozilla has launched the fourth Firefox 4 beta, just a few weeks before Microsoft is slated to unveil Internet Explorer 9.
 
From monitoring their kids' Facebook accounts to always taking a seat facing the door, chief security officers from the likes of MasterCard, ADP and Juniper Networks take precaution to a whole new level.
 

GovInfoSecurity.com

Infosec Seen as Rider to Defense Bill
GovInfoSecurity.com
The Senate is considering attaching cybersecurity legislation to a key defense authorization bill as a way to assure passage this year of the measure to ...

 
InfoSec News: Defense official discloses cyberattack: http://www.washingtonpost.com/wp-dyn/content/article/2010/08/24/AR2010082406154.html
By Ellen Nakashima The Washington Post August 24, 2010
Now it is official: The most significant breach of U.S. military computers was caused by a flash drive inserted into a U.S. [...]
 
InfoSec News: Was Cyberwarfare the Cause of the Flash Crash?: http://www.advancedtrading.com/blog/archives/2010/08/was_cyberwarefa.html
By Ivy Schmerken Advanced Trading Aug 24, 2010
The clues to the causes of the mysterious May 6 flash crash are evidently buried in the trading data. Yesterday the New York Times [...]
 
InfoSec News: Windows DLL bug hits dozens of apps: http://news.cnet.com/8301-27080_3-20014625-245.html
By Elinor Mills InSecurity Complex CNet News August 24, 2010
A flaw in the way Windows handles DLL (dynamic-link library) and related files likely affects hundreds of applications and has already been used [...]
 
InfoSec News: The pros and cons of government cybersecurity work: http://gcn.com/articles/2010/08/23/cybereye-cybersecurity-jobs.aspx
By William Jackson GCN.com Aug 23, 2010
Cybersecurity is a growth industry, with rapidly increasing demand for qualified professionals in government and industry and a growing number of schools offering courses and degrees. [...]
 
InfoSec News: Cyber security ignorance: http://joongangdaily.joins.com/article/view.asp?aid=2924915
JoongAng Daily August 21, 2010
Leaked military information is becoming a common occurrence here in large part because of a lack of security awareness among defense officials, despite the increasing severity of cyber attacks at the hands of North Korean hackers.
Some senior defense officials have lost sensitive and classified information after transferring files to USB drives - even though the military prohibits the use of such technology to store data because it can easily be stolen.
Strong disciplinary measures are needed to ratchet up security awareness among defense officials.
According to a Defense Security Command report to the National Assembly, the number of military officials punished for violating security codes and leaking - both intentionally and accidentally - confidential military information has been increasing sharply every year. The number was 510 in 2005 and rose to 879 in 2006, 965 in 2007, 1,164 in 2008, 1,512 in 2009 and 886 through the first six months of this year.
There have been some serious cases this year as well. The computers of 13 soldiers stationed at one particular base were hacked from January to March, exposing 1,715 files.
[...]
5B
 
InfoSec News: FSA fine Zurich UK over data security breach: http://www.metro.co.uk/money/838932-fsa-fine-zurich-uk-over-data-security-breach
By Ben Evans Metro.co.uk 24th August, 2010
Zurich UK suffered the £2.28million fine after losing a disk containing the details of 46,000 customers.
In certain cases, customers bank and credit card details were amongst the lost data on the disk. Details of people’s insured assets were also believed to be on the disk.
FSA director of enforcement and financial crime, Margaret Cole, commented, “"It [Zurich UK] failed to oversee the outsourcing arrangement effectively and did not have full control over the data being processed by Zurich SA.
“Zurich UK let its customers down badly.”
The FSA have taken a firm stance, believing Zurich’s negligence could have resulted in dire financial repercussions for its customers.
[...]
 
InfoSec News: Apple Mac Security Update Plugs 13 Vulnerabilities: http://www.eweek.com/c/a/Security/Apple-Mac-Security-Update-Plugs-13-Vulnerabilities-718935/
By Brian Prince eWEEK.com 2010-08-24
Apple released a security update for Mac OS X that patches 13 vulnerabilities.
The release fixes issues in several components, including CoreGraphics [...]
 
InfoSec News: Rustock botnet ditches encryption to ramp spam: http://news.techworld.com/security/3236787/rustock-botnet-ditches-encryption-to-ramp-spam/
By John E Dunn Techworld 24 August 2010
The Rustock mega-botnet appears to have ditched the experimental use of TLS (transport layer security) to obscure its activity, Symantec has reported. [...]
 
Worldwide server sales posted their biggest jump since 2003 during the second quarter as Hewlett-Packard outsold rival IBM to take the top spot among server vendors, IDC said Tuesday.
 

Posted by InfoSec News on Aug 24

http://www.washingtonpost.com/wp-dyn/content/article/2010/08/24/AR2010082406154.html

By Ellen Nakashima
The Washington Post
August 24, 2010

Now it is official: The most significant breach of U.S. military
computers was caused by a flash drive inserted into a U.S. military
laptop on a post in the Middle East in 2008.

In an article to be published Wednesday discussing the Pentagon's
cyberstrategy, Deputy Defense Secretary William J. Lynn III...
 

Posted by InfoSec News on Aug 24

http://www.advancedtrading.com/blog/archives/2010/08/was_cyberwarefa.html

By Ivy Schmerken
Advanced Trading
Aug 24, 2010

The clues to the causes of the mysterious May 6 flash crash are
evidently buried in the trading data. Yesterday the New York Times
reported that a small, obscure data analysis company, Nanex, located
outside of Chicago, has discovered strange patterns in the stock trading
data, which it calls crop circles. [See the NYT...
 

Posted by InfoSec News on Aug 24

http://news.cnet.com/8301-27080_3-20014625-245.html

By Elinor Mills
InSecurity Complex
CNet News
August 24, 2010

A flaw in the way Windows handles DLL (dynamic-link library) and related
files likely affects hundreds of applications and has already been used
in malicious attacks in the wild, a security researcher said on Tuesday.

Microsoft acknowledged in an advisory on Monday a type of attack
mechanism known as DLL preloading, or binary...
 

Posted by InfoSec News on Aug 24

http://gcn.com/articles/2010/08/23/cybereye-cybersecurity-jobs.aspx

By William Jackson
GCN.com
Aug 23, 2010

Cybersecurity is a growth industry, with rapidly increasing demand for
qualified professionals in government and industry and a growing number
of schools offering courses and degrees. But a couple of security
bloggers warn that cybersecurity jobs in large enterprises, especially
government, are likely to be frustrating.

Mike...
 

Posted by InfoSec News on Aug 24

http://joongangdaily.joins.com/article/view.asp?aid=2924915

JoongAng Daily
August 21, 2010

Leaked military information is becoming a common occurrence here in
large part because of a lack of security awareness among defense
officials, despite the increasing severity of cyber attacks at the hands
of North Korean hackers.

Some senior defense officials have lost sensitive and classified
information after transferring files to USB drives -...
 

Posted by InfoSec News on Aug 24

http://www.metro.co.uk/money/838932-fsa-fine-zurich-uk-over-data-security-breach

By Ben Evans
Metro.co.uk
24th August, 2010

Zurich UK suffered the £2.28million fine after losing a disk containing
the details of 46,000 customers.

In certain cases, customers bank and credit card details were amongst
the lost data on the disk. Details of people’s insured assets were also
believed to be on the disk.

FSA director of enforcement and...
 

Posted by InfoSec News on Aug 24

http://www.eweek.com/c/a/Security/Apple-Mac-Security-Update-Plugs-13-Vulnerabilities-718935/

By Brian Prince
eWEEK.com
2010-08-24

Apple released a security update for Mac OS X that patches 13
vulnerabilities.

The release fixes issues in several components, including CoreGraphics
and Apple Type Services. Several of the vulnerabilities are buffer
overflows, and can be exploited to execute arbitrary code.

According to the Apple advisory, the...
 

Posted by InfoSec News on Aug 24

http://news.techworld.com/security/3236787/rustock-botnet-ditches-encryption-to-ramp-spam/

By John E Dunn
Techworld
24 August 2010

The Rustock mega-botnet appears to have ditched the experimental use of
TLS (transport layer security) to obscure its activity, Symantec has
reported.

Rustock’s use of TLS is now averages between 0.1 and 0.2 percent of all
spam, peaking at 0.5 percent, a tiny fraction of the levels seen in
March when it...
 

Internet Storm Center Infocon Status