InfoSec News

InfoSec, Structural Engineering, And The Security Architecture Playbook
CSO (blog)
Last year the country of Japan suffered a devastating disaster of unspeakable proportions. A massive earthquake on the eastern coast of the country triggered a deadly tsunami that caused the flooding of the Fukushima nuclear power plant. Three dominos ...

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Last month I explained how to shut down Windows 8, an option you wouldn't expect to require step-by-step instruction. And yet.
Mixing business and personal email accounts has serious drawbacks, as well as consequences on IT teams managing data integrity.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Tandberg Data, Imation and Fujifilm have announced separately that they are shipping the new LTO-6 tape drive technology offering up to 1.4TB per hour throughput.
A security researcher claims that he found 23 vulnerabilities in industrial control software from several vendors after a different security company last week showcased vulnerabilities in applications from some of the same manufacturers, but chose not to report them.
Theresa Caragol,VP, Global Channels, Extreme Networks, has revamped the company's channel approach.
Google Chrome Prior to 23.0.1271.91 Multiple Security Vulnerabilities

Tis the season of online shopping with more of your shopping online than ever before. As the old saying goes, On the Internet, nobody knows youre a dog (*), how do your users know that they are buying from a safe vendor? In timely news, the US Federal Government shut down 132 fake online shopping sites for selling counterfeit goods. Our own Dr. Johannes wrote this piece in Forbes today with 7 safe steps to stay safe shopping online today:

Stick to Sellers you Know

Dont Trust Customer Reviews Blindly

Be Careful with Phishing

Watch Your Credit Card Statement Carefully

Be a Cautious Seller

Be Careful When and How to Meet a Craigslist Seller

Dont Buy Stolen Property

Read the whole thing for more explicit details and share with your users. Some things for the more technically inclined to be aware of. Many fake online shopping sites come with malware, particularly those that arrive via spam. And, of course, with SEO, blind google searches could land you on a bad site instead of a good one. Is there something we missed? Use the contact form and chime in!


John Bambenek

bambenek \at\ gmail /dot/ com

Bambenek Consulting

* -

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A year after NASA's Mars rover Curiosity blasted off on its 352-million-mile journey to the Red Planet, the nuclear-powered super rover has discovered evidence of ancient water flows and is studying the planet's atmosphere and surface.
The Oxford Dictionary app exposes software pirates by auto-posting tweets in their names. Sometimes wrongly so

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4205 Cross-Site Request Forgery Vulnerability
Mozilla Firefox, SeaMonkey, and Thunderbird CVE-2012-4201 Cross Site Scripting Vulnerability
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-4202 Buffer Overflow Vulnerability
Forescout NAC (Network Access Control) multiple vulnerabilities
Dell's new XPS 12 convertible is one of the first Windows 8 computer to work both as an ultrabook and a tablet. But despite a nice design and great display, it may not succeed.
Online sales for Black Friday topped $1 billion for the first time, according to online tracker comScore.
[DC-2012-11-002] DefenseCode ThunderScan ASP.Net C# Advisory: BugTracker.Net Multiple Security Vulnerabilities
ESA-2012-054: RSA ® Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerabilities
Cyberknight asked the Hard Drives, NAS Drives, Storage forum if a new flash drive should be formatted in FAT32 or NTFS.
Reader Richard Patterson finds his way blocked when trying to launch a favorite application. He writes:
Apple iPhones and Android smartphones will replace BlackBerry as the top smartphones used by workers around the world in 2012, IDC said in an updated forecast.
A reported deal between Google and ICOA hasn't taken place, according to ICOA.
More American adults use their smartphones and other cell phones to take pictures and to send texts than to download apps or to do any online banking, according to a new Pew Research survey.
A phishing email currently circulating in Germany sees the scammers adopting a quite audacious approach: they are asking bank customers to upload a photo of their TAN list

Xen QEMU VNC Server Arbitrary Information Disclosure Vulnerability
Weak passwords may be enabling attackers to hack the DNS records of some Go Daddy hosted websites to spread ransomware.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
The story has been removed from computerworld.com after it was automatically posted by the IDG News Service. We have subsequently learned that the story is false.
Sprint announced it has activated faster LTE wireless service in 11 more cities and counties, reaching a total of 43 markets.
ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities
Google is paying US$400 million to acquire Wi-Fi access provider ICOA, which owns or operates over 1,500 wireless hotspots and hot zones in the U.S.
The antitrust suit that the Justice Department filed against Microsoft in the 1990s left the company distracted and unable to plan for the future. Could the same thing be in store for Google?
Microsoft's Windows 8 may be lagging far behind Windows 7 in its usage uptake, but it's easily topping the low bar set by Windows Vista, according to data from Web metric firm Net Applications.
The combination smartphone-tablet Samsung Galaxy Note II has proven more popular than analysts had expected.
VUPEN Security Research - Mozilla Firefox "DocumentViewerImpl" Class Remote Use-After-Free Vulnerability
Nokia continues to expand its line-up of advanced feature phones with the Asha 205, with a dedicated Facebook button allowing users to more easily access the social networking site.
[oCERT-2012-001] multiple implementations denial-of-service via MurmurHash algorithm collision
The EU is working on a cyber security strategy for Europe. A draft law will define the responsibilities of internet service providers, telecommunications companies and data centre operators in case of attacks on networks or cloud infrastructures

Drupal ShareThis Module Cross Site Scripting Vulnerability
Apple is seeking to add six Samsung products in a patent infringement lawsuit between the electronic giants scheduled to start in U.S. District Court for the Northern District of California in March 2014.
Hewlett-Packard said in a letter to the U.S. Securities and Exchange Commission that it had determined that its products were procured from a partner that was not informed that their ultimate destination was Syria.
Smartphone and mobile processor manufacturers plan to roll out virtualization technology in 2013 that will allow an employee's personal phone to be used securely in work environments by enabling two separate user interfaces.
Samsung Electronics announced new measures to keep its suppliers in China compliant with labor laws after it completed a round of audits that found problems relating to overtime and the way penalties were carried out.
Skype has been battling wily adversaries who are abusing the Internet calling application to direct people to scam websites, but the Microsoft-owned service says the sham calls are decreasing.
Microsoft will end support for Windows XP on April 8, 2014, when it will issue a final security update for the 11-year-old operating system.

Small Business News from Gaebler.com

Is BYOD Really Cheaper?
Government Technology (blog)
My sense at the moment is that it's costing us more because of the extra burden on the helpdesk, and the cost of software to manage the devices,' he told the InfoSec conference in London. 'I also think you've got to factor in that if it all goes wrong ...
BYOD risks after implementation cannot be ignoredCenterBeam

all 9 news articles »
Apple QuickTime CVE-2012-3752 Multiple Buffer Overflow Vulnerabilities
Internet Storm Center Infocon Status