InfoSec News

If you managed to get your hands on Apple's hotly anticipated iPhone 4, the next step may be to purchase a new set of accessories. The iPhone 4 features a new shape and design, preventing the smartphone from fitting into older iPhone docks and cases. It also has new capabilities like video calling, which could take advantage of new wireless networking equipment.
 
It was a week of dueling smartphones in IT news, with the iPhone 4 release and Motorola announcing Droid X. Otherwise, legal news captured headlines with the dismissal of the Viacom copyright infringement lawsuit against YouTube and states saying they'll join together to investigate Google's data gathering from Wi-Fi networks. Some of us, though, are ready to shut off our phones and disconnect for a little vacation time.
 
The White House is seeking comment on a draft plan for establishing a trusted identity system online, with the goal of making Internet transactions more secure and convenient.
 
The U.S. International Trade Commission has launched a formal probe into four patent complaints filed against Apple by computer graphics hardware maker S3 Graphics. S3 wants the ITC to block Apple from importing the iPhone, iPad and other products into the U.S.
 
Microsoft’s Windows Azure and Amazon’s Elastic Compute Cloud tackle are destined to emulate each other over time, Microsoft cloud official Tim O’Brien says.
 
A Rice University research team have combined nanotechnology with an off-the-shelf digital camera to create a system that will help doctors easily distinguish cancerous cells from normal cells in a human being.
 
Motorola's new Droid X smartphone brings solid hardware, a good camera and the Android 2.1 OS to the market.
 
Intel has posted a demonstration of its Linux-based Meego OS for tablet computers via a YouTube video that shows the OS's multitouch support, multitasking and integrated social networking.
 
Salesforce.com has sued Microsoft for patent infringement, making a move in response to an intellectual property suit Redmond filed against the on-demand CRM (customer relationship management) vendor last month.
 
Red Hat CEO Jim Whitehurst sees virtualization software vendor VMware as "our largest competitor."
 
This paper was written by Bert Hayes. Bert Hayes is a security professional at the University of Texas. When Bert originally wrote this paper, he submitted it to me for the SANS Gold process, and I helped push the paper in the right direction, however, while it was an excellent paper and well written, it didn't really meet the criteria we were looking for.
However, I thought Wow, what a great idea, what a great paper. I am sure a lot of organizations will benefit from this.
Of course Bert nor the Internet Storm Center can be held liable for any damage you to do a computer while using this, (just to get that disclaimer out of the way), and it's recommended that if you are going to use the contents of the computer you are doing the investigation on for a prosecution, don't use this. (Changing the state of the data on the drive during a forensic investigation is generally frowned upon.)
But, as I said, this is a great paper and you should definitely download it and give it a read.

http://security.utexas.edu/consensus/How_To_UTIRD2.pdf

Enjoy
-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
According to Mozilla, the following updates are in Thunderbird 3.1:


New Quick Filter toolbar
New Migration Assistant
Saved Files Manager
Several fixes to improve upgrading from Thunderbird 2
Several design improvements and corrections to the interface
Stability, memory, and password handling improvements


So if you use Thunderbird, start your upgrade engine now. Available here. Or if you wan the local language version for our Non-English speaking customers: here.
-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Otto sent this article into us, and while it's not generally security related, I do feel as if it's interesting to the readers and it does relate to computers and automation in general.
Remember when the stock market (DJIA) took a dip on May 6th, 2010? Lost about 600 points? Here is a very interesting write up of the crash with charts:
http://www.nanex.net/20100506/FlashCrashAnalysis_Intro.html
There is also a Complete Text link on the page where you can read the full write up. Interesting stuff.
-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft has updated its rough-edged preview of Internet Explorer 9, adding support for several crucial HTML5 standards and boasting that the browser is faster than ever.
 
Web site operators will be able to register domain names written entirely in Chinese characters, including the final characters to the right of the last dot, in a matter of months.
 
The CISO for the city of Portland, Ore., advises that every enterprise be aware of one must-have secure Web gateway feature before buying.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Portland - United States - Oregon - Metro Areas and Regions - Portland-Vancouver Metro Area
 
The Archos 7 Home Tablet is an inexpensive Android tablet meant for people who want to access (not create) media like video, audio, images, e-mail and Web content, but don't have high performance expectations. Aided by the easy-to-use Android 1.5 operating system, I found that the Archos 7 performed these tasks relatively well, but I had trouble navigating to, and controlling, these applications using the device's touchscreen.
 
Pornography will have its own top-level domain, dot-XXX, the board of the Internet Corporation for Assigned Names and Numbers decided Friday.
 
Intel tried to push back at coverage of a recently published paper that found its Core i7 processors couldn't match the parallel processing performance of an Nvidia GPU, saying its rival took the findings of the paper out of context in a blog post that trumpeted the results.
 

Air Force awards $49 million contract to Rockwell Collins for TTNT and quint ...
Military & Aerospace Electronics
... the TTNT waveform that complies with the Software Communications Architecture (SCA), and National Security Agency (NSA) Unified Infosec Criteria (UIC). ...

 
Reports of call and data signal strength problems in the new iPhone 4 have a basis in fact, a hardware expert said Thursday. Apple later acknowledged the issue.
 
The data center used by The Venetian resort and casino owned by the Sands Corp. is neither glitzy or unusual, but it must perform many out-of-the-ordinary tasks to make sure the unique business runs smoothly.
 
InfoSec News: Accused Hacker Who Balked at 2-Year Prison Deal Now Faces Decades: http://www.wired.com/threatlevel/2010/06/hacker-faces-decades-imprisonment/
By David Kravets Threat Level Wired.com June 24, 2010
An alleged hacker who declined a 2-year plea deal is facing decades behind bars after federal authorities Thursday added multiple charges, [...]
 
InfoSec News: Senate committee approves controversial cybersecurity bill: http://www.computerworld.com/s/article/9178498/Senate_committee_approves_controversial_cybersecurity_bill
By Grant Gross IDG News Service June 24, 2010
A U.S. Senate committee has approved a wide-ranging cybersecurity bill that some critics have suggested would give the U.S. [...]
 
InfoSec News: Anthem Blue Cross Says Security Breach Might Have Affected 230000: http://www.californiahealthline.org/articles/2010/6/24/anthem-blue-cross-says-security-breach-might-have-affected-230000.aspx
California Healthline June 24, 2010
Anthem Blue Cross has sent letters informing 230,000 members that their personal information might have been accessed during a recent security breach of the company's website, the Orange County Register reports.
The breach affected members who had pending insurance applications in an Anthem system that allows users to track the status of their application online.
Anthem spokesperson Cynthia Sanders said the information was accessed briefly, primarily by attorneys seeking information for a class-action lawsuit against the insurer. Sanders said Anthem sent the letters out of "an abundance of caution," adding that it is unclear how many records were viewed.
[...]
 
InfoSec News: A GLANCE AT 35 TALKS THAT WILL BE AT THE NEXT HOPE - MANY MORE TO COME: http://www.2600.com/news/view/article/11974
2600 News 24 Jun 2010
Over the next few weeks leading up to The Next HOPE, we will be highlighting some of the many different talks and panels that will be featured at the conference. In the end, we will have over 100 talks [...]
 
InfoSec News: 2010 ACM Cloud Computing Security (CCSW) - deadline extension to July 6th, 11:59PT: Forwarded from: Radu Sion <noreply (at) moon.crypto.cs.stonybrook.edu>
2010 ACM Cloud Computing Security Workshop (CCSW) at CCS
9 October 2010, Hyatt Regency Chicago http://crypto.cs.stonybrook.edu/ccsw10
Dear Colleagues,
****** As requested by our fans, the CCSW deadline [...]
 

Posted by InfoSec News on Jun 24

http://www.wired.com/threatlevel/2010/06/hacker-faces-decades-imprisonment/

By David Kravets
Threat Level
Wired.com
June 24, 2010

An alleged hacker who declined a 2-year plea deal is facing decades
behind bars after federal authorities Thursday added multiple charges,
including possession and distribution of child pornography.

Barry Ardolf, 45, of Blaine, Minnesota, had rejected a plea deal in
connection to charges accusing him of sending...
 

Posted by InfoSec News on Jun 24

http://www.computerworld.com/s/article/9178498/Senate_committee_approves_controversial_cybersecurity_bill

By Grant Gross
IDG News Service
June 24, 2010

A U.S. Senate committee has approved a wide-ranging cybersecurity bill
that some critics have suggested would give the U.S. president the
authority to shut down parts of the Internet during a cyberattack.

Senator Joe Lieberman and other bill sponsors have refuted the charges
that the...
 

Posted by InfoSec News on Jun 24

http://www.californiahealthline.org/articles/2010/6/24/anthem-blue-cross-says-security-breach-might-have-affected-230000.aspx

California Healthline
June 24, 2010

Anthem Blue Cross has sent letters informing 230,000 members that their
personal information might have been accessed during a recent security
breach of the company's website, the Orange County Register reports.

The breach affected members who had pending insurance applications in...
 

Posted by InfoSec News on Jun 24

http://www.2600.com/news/view/article/11974

2600 News
24 Jun 2010

Over the next few weeks leading up to The Next HOPE, we will be
highlighting some of the many different talks and panels that will be
featured at the conference. In the end, we will have over 100 talks
throughout the three day period from July 16-18 at the Hotel
Pennsylvania in New York City. And the talks are just one part of the
entire weekend of activity.

Here are 35...
 

Posted by InfoSec News on Jun 24

Forwarded from: Radu Sion <noreply (at) moon.crypto.cs.stonybrook.edu>

2010 ACM Cloud Computing Security Workshop (CCSW) at CCS

9 October 2010, Hyatt Regency Chicago
http://crypto.cs.stonybrook.edu/ccsw10

Dear Colleagues,

******
As requested by our fans, the CCSW deadline
has been extended to July 6, 11:59 PT.
******

The paper submission website is at:
http://hotcrp.cylab.cmu.edu/ccsw10/

This year's SPEAKERS...
 
Skeptics who disparage the concept of the so-called private cloud and doubt its relevance should think again, according to research from IDC.
 
Google disclosed in a blog post on Thursday that it remotely removed two applications from Android phones that ran contrary to the terms of the Android Market.
 
Oracle reported fourth-quarter earnings of 46 cents per share on Thursday, a 24% jump over the same period last year. Revenue rose 39 percent to $9.5 billion.
 
Facebook regularly reviews whether to continue using its own data centers or hand off its processing to a cloud service provider, and its operations remain on homegrown infrastructure.
 
A U.S. Senate committee has approved a wide-ranging cybersecurity bill that some critics have suggested would give the U.S. president the authority to shut down parts of the Internet during a cyberattack.
 

Internet Storm Center Infocon Status