InfoSec News

Business Insider

The Navy SEAL 'Kill House' Trains For A Special Kind Of War
Business Insider
... Events · About BI · Events · BI Intelligence · Military & Defense Home · Troops · Hardware · INFOSEC · The Smoke Pit · After Action Report · Hive · Contributors ...

A federal court in California has blocked the sale of Samsung's Galaxy Tab 10.1 tablet in the U.S. in a patent dispute between Apple and Samsung.
Lawyers for Hewlett-Packard and Oracle argued opposite views of independent software vendors' obligations to hardware makers on Tuesday in the closing arguments of a lawsuit over Oracle's decision to stop porting its products to HP's Itanium platform.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
In early April, A$800 vanished from my account, the result of a late-night withdrawal from a cash machine in a Sydney neighborhood I'd never been to before.
A total of 24 people from 13 countries, including 11 from the United States, were arrested on Tuesday on charges related to the theft and misuse of credit card data, bank account information and other financial data.
Through a new plug-in, Splunk has extended the capabilities of its namesake machine data search engine so it can mine operational information about Microsoft Active Directory deployments.
OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
Half of all adults in the U.S. now use a cell phone to access the Internet and they are turning increasingly to the gadgets as their primary method of going online, according to the results of a survey published on Tuesday.
A team of cryptographic researchers claim to have developed an attack method that can be used to recover secret keys in an acceptable time frame from cryptographic devices like smart cards, hardware security modules and USB security tokens.
Like the athletes themselves, the official website of the London 2012 Olympics gets only one chance to reach peak performance under intense pressure. To meet that demand, the site has been load tested to handle a million unique visitors per hour. Read what else CIO.com columnist Bernard Golden learned from his conversation with the operations consultant behind the site.
Shipment of the XO-3 tablet has been delayed as One Laptop Per Child finalizes the design and seeks partners to make the product, said the non-profit organization's founder and chairman Nicholas Negroponte on Tuesday.
Re: Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy
RETIRED: MyBB 'announcements.php' SQL Injection Vulnerability
If the starting price of the expected Google Nexus 7 is $199, Google could be spending $130 to $210 for materials and manufacturing costs for each device, according to a preliminary estimate from IHS iSuppli.
University towns in rural areas will get more super Wi-Fi broadband service under a new effort announced Tuesday by a consortium of higher education associations, public interest groups and tech companies.
Cisco announced shifting roles among its top executives, culminating in the departure of its chief strategy officer.
Hewlett-Packard has identified a high rate of logic board failures in its popular Pavilion line of desktop PCs, and has offered customers a one-year warranty extension to cover possible repairs, Computerworld has learned.
Facebook users today expressed outrage over what they saw as a unilateral move by the company to replace the email addresses displayed on their timelines with Facebook.com addresses.
Links SSL Certificate Verification Security Weakness
Re: The history of a -probably- 13 years old Oracle bug: TNS Poison

TSA: A legacy in ashes
CSO (blog)
A couple friends in the infosec community made some spot-on comments about this latest bit of abuse. Lori MacVittie, senior technical marketing manager for F5 ...

and more »
Google may be using Nvidia's new Kai reference design in its highly anticipated Nexus 7 tablet, a move that would bolster the tablet's reported low starting price of $199 without much of a Google subsidy. The Kai design is intended to keep down the costs of materials.
The U.S. Federal Trade Commission has filed a lawsuit against hotel operator Wyndham Worldwide and three of its subsidiaries after three data breaches at Wyndham hotels in less than two years, the agency announced Tuesday.
HP Business Service Management CVE-2012-2561 Remote Code Execution Vulnerability
[security bulletin] HPSBMU02792 SSRT100820 rev.2 - HP Business Service Management (BSM), Remote Unauthorized Disclosure of Information, Unauthorized Modification, Denial of Service (DoS)
[CVE-2012-0694] SugarCRM CE <= 6.3.1 "unserialize()" PHP Code Execution
While Microsoft has regularly touted the improvements in Internet Explorer 10 on Windows 8, the company has said next to nothing about the browser and Windows 7, the operating system that powers 44% of all Windows PCs.
Deduplicating backup appliances have become very popular, but choosing the right one means looking beyond deduplication. Insider (registration required)
Facebook has quickly pulled a feature it launched Sunday that allowed mobile users of the social network to find fellow members who may be nearby.
Cybercriminals attempted to steal at least $75 million from high-balance business and consumer bank accounts by using sophisticated fraud automation techniques that can bypass two-factor authentication, according to a report released bu two security vendors.
Cisco's Linksys brand of home wireless networking routers joined other vendors in coming out with 802.11ac equipment, as well as enabling a cloud-based platform for configuration and control of its "Smart Wi-Fi Routers."
Re: The history of a -probably- 13 years old Oracle bug: TNS Poison
SEC Consult SA-20120626-0 :: Zend Framework - Local file disclosure via XXE injection

Three Use Cases for Splunk
Smart Data Collective
Jeff Bollinger is an infosec investigator on the Cisco Computer Security Incident Response Team (CSIRT), which provides enterprise-wide security monitoring ...

and more »
The Flame malware, believed to be a joint U.S.-Israeli project, shows stark differences between the tactics used by China and those used by the West.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Cactusoft Parodia 'ag_id' Parameter SQL Injection Vulnerability
[slackware-security] freetype (SSA:2012-176-01)
[ MDVSA-2012:100 ] rsyslog
hashdays 2012 - Call for Papers (#days CFP)
[SECURITY] [DSA 2502-1] python-crypto security update
Mosh Remote Denial of Service Vulnerability
[SECURITY] [DSA 2501-1] xen security update
[SECURITY] [DSA 2500-1] mantis security update

Paydiant's Cloud Mobile Wallet Earns appSecure Certification
MarketWatch (press release)
Areas of focus include computer and mobile forensics, mobile app security, enterprise security, infosec and penetration testing, and forensics training. As the ...

and more »
The challenge in making a mobile game that's tied into a movie release is producing something that has staying power long after the film has departed your local cineplex for a Netflix queue near you. And Disney Mobile has a pretty good track record in that regard: From Pixar creations to superheroes to Muppets, Disney's mobile arm has done a pretty solid job at producing movie-themed apps that still enjoy some staying power long after the closing credits have faded to black.
We've posted benchmark results and a full review of the 2012 MacBook Airs, but the work in the lab has not stopped. Apple usually offers optional upgrades that allow you to tailor a standard-configuration system to best suit your individual needs. Macworld Lab ran performance benchmarks on two MacBook Air build-to-order (BTO) models, and the results show that while both custom systems were faster than the high-end stock MacBook Airs, the upgrades to the 11-inch gives a bigger performance bang for the buck.
The main focus of a cloud computing contract is on vendor responsibilities, but it's appropriate to consider what the client remains responsible for.
SlimPDF Reader Multiple Remote Code Execution Vulnerabilities

Business Insider

If You're An American Taxpayer — These Are Your Most Recent ...
Business Insider
... Events · About BI · Events · BI Intelligence · Military & Defense Home · Troops · Hardware · INFOSEC · The Smoke Pit · After Action Report · Hive · Contributors ...

The Wi-Fi Alliance has begun certifying products that simplify access to hotspots and roaming between different mobile service operators; providers and equipment vendors are expected to test these products in the fourth quarter, the Wireless Broadband Alliance said on Tuesday.
The U.S. International Trade Commission extended by a week the deadline to decide whether to review an earlier determination against Microsoft's Xbox in a patent dispute with Motorola Mobility.
Over two days in March 2010, nearly $466,000 disappeared from the accounts of Village View Escrow, a small business in California that holds funds for real estate transactions.
CliQr Technologies, a startup backed by Google Ventures, unveiled a service called CloudCenter designed to allow organizations to move applications across different cloud providers with a minimum amount of work.
Apple will boost the frequency of security updates in OS X Mountain Lion and automatically install required patches for users, steps that bring it into line with Microsoft's practices.
Japan's two main airlines will begin providing Wi-Fi on some international flights, with Japan Airlines to begin offering services next month.
When you're adopting cloud software, you need to think about features and functions, of course, as well as the costs involved. But process changes and user training can be even bigger factors. Insider (registration required)
At least one CIO has already done away with email and Office. Insider (registration required)

Special Training Offer from SANS vLive for IT Professionals ...
Sacramento Bee
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, newsletters and it operates the Internet's early ...

and more »
MacVTap Device Driver Local Stack Buffer Overflow Vulnerability

Morris James LLP | Poor, Deactivated Stuxnet
Linex Legal (press release) (registration)
Not only is this worm and its siblings, Duqu and Flame, fascinating, the information security (infosec) issues have implications for data authenticity. I'll explore ...

and more »
Internet Storm Center Infocon Status