Hackin9

InfoSec News

Hax.r00t and Saadi hjave been very busy the past few days. In what started with the word of over a thousand sites being defaced has no left yet another load of sites defaced.


 
Career stress and burnout is as common among information security professionals as it is among professionals in other high-stress fields, such as medicine or law. But finding support and information on dealing with info sec career burnout is difficult because resources and knowledge are scant.
 
Michael McConnell, former director of the National Security Agency, urged the audience of 1,200 security experts to do what they can to help build trusted cloud computing systems.
 
Apple's offering free developer IDs to programmers; hackers have found a way to get free ebooks from the iBookstore; and Dell is about to go PC-free. The remainders for Monday, February 27, 2012 are free and clear.
 

RSA Conference 2012: Stress and burnout in infosec careers
Computerworld
But finding support and information on dealing with info sec career burnout is difficult because resources and knowledge are scant. "If you do a Google search for info sec burnout, you'll find nothing," said KC Yerrid, an information security and ...

and more »
 
Cloud technology is emerging as a viable option for companies that want to cut costs, increase agility or augment their own IT resources without building out new infrastructure -- or all of the above. But deciding which type of service is the best fit for your specific needs and ensuring the new cloud offerings play nice with your existing application mix is a challenge, to say the least.
 
Dell this week is throwing its hat into the virtual networking ring with an architecture that initially is long on vision but short on specifics.
 

RSA Conference 2012: Stress and burnout in infosec careers
CSO
But finding support and information on dealing with info sec career burnout is difficult because resources and knowledge are scant. "If you do a Google search for info sec burnout, you'll find nothing," said KC Yerrid, an information security and ...

 
Smartphones with quad-core processors that are able to deliver PC-like performance have finally been announced, but high prices and battery issues could potentially stymie adoption, analysts said on Monday.
 
Effective communications, many would argue, is the key to business. But finding the appropriate technologies to support effective communications can be challenging for IT professionals. Unified communications is a concept that encompasses a variety of technologies, all capable of working together, and, yes, while communication is a human process, technology can enhance and improve it.
 
Many organizations have now gone so far as to dip their toes into the shallow end of cloud computing, and many more are thinking about testing the waters. Other organizations have jumped into the cloud with both feet. But whether you're wading in or fully immersed, properly vetting your cloud service providers is essential.
 
Many organizations have now gone so far as to dip their toes into the shallow end of cloud computing, and many more are thinking about testing the waters. Other organizations have jumped into the cloud with both feet. But whether you're wading in or fully immersed, properly vetting your cloud service providers is essential.
 
Microsoft doesn't plan to webcast Wednesday's launch event for Windows 8 Consumer Preview.
 
One of the advocacy groups that worked to stall the controversial Stop Online Piracy Act in Congress has taken aim at a bill that would require ISPs to retain the Internet Protocol logs of all their customers for a year, in the name of fighting online child pornography.
 
Re: [Full-disclosure] pidgin OTR information leakage
 
Linux Kernel CVE-2012-0810 Local Denial of Service Vulnerability
 
The Pope Benedict XVI is showing his technical savvy by launching his own Twitter account.
 
Seeking to capture a slice of market share in the emerging field of virtual desktop services, NaviSite, a Time Warner Cable managed service provider of cloud-based products has announced its next major endeavor: a desktop as a service (DaaS) offering aimed specifically at enterprise customers.
 
Organizations that look to protect themselves against attacks launched by the Anonymous hacktivist collective should make sure that their Web applications are secure before deploying anti-DDoS (distributed denial-of-service) solutions, says security firm Imperva in a new report.
 
SAP NetWeaver Multiple Input Validation Vulnerabilities
 
Impulsio CMS 'id' Parameter SQL Injection Vulnerability
 
Dolibarr Multiple Directory Traversal Vulnerabilities
 
Danish security company Secunia today released a beta version of its PSI 3.0 utility that automatically downloads updates for Windows programs and plug-ins created by thousands of third-party vendors.
 
It's now likely that Android 5.0 will be rolled out in the fall, according to comments made by Hiroshi Lockheimer, Google's vice president of engineering for mobile, at the at the Mobile World Congress here.
 
Adobe Flash Player CVE-2012-0752 Remote Memory Corruption Vulnerability
 
[SECURITY] [DSA 2419-1] puppet security update
 
Re: [Full-disclosure] pidgin OTR information leakage
 
Recon 2012 - Call For Papers - June 14-16, 2012 - Montreal, Quebec
 
[SECURITY] [DSA 2418-1] postgresql-8.4 security update
 
What if a cloud computing infrastructure could recognize a cyberattack, eliminate it and never stop working while all that is being done? That's what researchers at MIT, with help from the federal government, are investigating the feasibility of.
 
Intel today announced the availability of a cloud-based single sign-on (SSO) authentication and authorization service under a beta program that is expected to become a generally available offering later this spring.
 
A new version of a well-known family of Mac malware exploits vulnerabilities in Java to steal usernames and passwords for online payment, banking and credit card websites.
 
Google is not letting on much about the next version of Android, even though it is rumored to be coming to a smartphone by early summer.
 
Wolf CMS v0.7.5 - Multiple Web Vulnerabilities
 
OSQA CMS v3b - Multiple Persistent Vulnerabilities
 
Socusoft Photo 2 Video v8.05 - Buffer Overflow Vulnerability
 
Get Mobile World Congress news, reviews, analysis and more with complete Computerworld coverage.
 
Enterprise social networking (ESN) software can improve communication and collaboration among employees, but most companies aren't implementing and using these products properly, leading to unmet goals, according to a new study.
 
Dell EqualLogic today unveiled the next generation of its mid-range storage arrays, which use 10GbE ports to create iSCSI storage networks using existing copper or fiber infrastructures.
 
SystemTap DWARF Expression Local Denial of Service Vulnerability
 
[ MDVSA-2012:023 ] libvpx
 
Case YVS Image Gallery
 
FrameJammer DOM based XSS
 
DeepSec "Sector v6" - Call for Papers
 
A new virtualization technique lets users create two separate Android "spaces" on their smartphone or tablet, one for personal use and a kind of walled garden for work use. The beta software, from Cellrox, is being demonstrated this week at Mobile World Congress 2012 in Barcelona, Spain.
 
Everyone needs a Web browser, but with so many different ones available, deciding which one is best for you can be hard. Are you looking for something blazing fast? Or is strong security your top priority? Or do you need lots and lots of add-ons?
 
[SECURITY] [DSA 2414-2] fex regression
 
NGS00237 Patch Notification: Samba Andx request Remote Code Execution
 
Syhunt: Google V8 - Server-Side JS Injection in vulnerable web apps
 
Kongreg8 1.7.3 Mutiple XSS
 
Many PC gamers eagerly await the release of next-generation graphics cards, hoping that the new hardware will boost frame rates and enhance eye candy in the latest games. However, while a graphics card upgrade is almost always a good way to increase game performance or improve image quality, new cards tend to be expensive--and they aren't always necessary.
 
In choosing a browser for your phone, you have to take into account the more tenuous data connection, the smaller screen, and the kinds of tasks that you need or want to do on your handset. Here's a look at some of the most popular Android browsers, to help you decide which one is right for you.
 
WikiLeaks said it planned to release from Monday over 5 million emails from Stratfor Global Intelligence, a provider of geopolitical analysis, whose website was hacked and emails and customer data stolen in December.
 
Fixmo, a company that started out developing tools for the U.S. National Security Agency, is offering a new product that will automatically shut down corporate applications on compromised iOS and Android devices.
 
George Kurtz, former McAfee CTO, now CrowdStrike CEO, says a significant vulnerability exists in Webkit browser that could result in total control of mobile devices.
 
At this year's summit, the CSA announced their latest initiatives, which include examining ways to better secure mobile devices through cloud computing, looking at ways to drive more security innovation, and a concerted push into the Asia-Pacific region.
 
Oracle on Monday announced the general availability of Exalytics, the latest in its family of specialized appliances and a direct competitor to SAP's HANA product.
 
Microsoft said it has found 5 percent of Windows Phone apps that won't work on devices that adhere to the new system requirements the company released for low-end phones.
 

DIARY-US MEETINGS / DAY AHEAD
Reuters
... at AGC West Coast Info Sec Conf 27 Feb 9:00 QUALCOMM at GSM Association Mobile World Congress 27 Feb 21:00 Curis at Citi Global Health Care Conf 27 Feb 21:00 EnergySolutions at JPMorgan Leveraged Finance Conf 27 Feb 21:00 FORTINET at Morgan Stanley ...

and more »
 
Facebook is working with mobile operators to make phone-based payments easier and has launched an effort to standardize HTML5 to help developers write applications for more mobile handsets, its chief technology officer announced on Monday.
 
At the RSA Conference that starts today, HP is introducing a number of products, starting with a risk-management tool for gaining visibility about IT assets, operations, vulnerabilities and threats in order to provide a "risk score" and, if needed, prioritized remediation.
 
Windows Phone users now have access to the Skype Internet calling service.
 
Mobile operators highlighted cooperation with developers and other partners, while emphasizing things only they can do, in a keynote session on the opening day of Mobile World Congress in Barcelona.
 
ZTE continues to push Windows Phone with the launch of the Orbit, a cheaper phone that aims to expand the market for Microsoft's smartphone OS.
 
Asus launched its anticipated PadFone and Transformer Pad tablet line-up at Mobile World Congress on Monday.
 
Mobile operators highlighted cooperation with developers and other partners, while emphasizing things only they can do, in a keynote session on the opening day of Mobile World Congress in Barcelona.
 
ZTE has put quad-core processors in a smartphone, the Era, and a tablet, the PF100, which were among a plethora of new Android-based smartphones and tablets it launched at Mobile World Congress on Monday.
 
Carrier IQ said it hopes that operators, some of which have disabled its software after a privacy uproar late last year, are now realizing how valuable the data its software collects is.
 
This IT leader won over IT staffers, business personnel and executives with an aggressive IT transformation plan that fixed problems and added new functionality.
 

Ethical Hacking and Information Security Training operations begin in South ...
Business Wire India (press release)
These new additions come as a part of Innobuzz's global growth and expansion plan, and within the last two years, Innobuzz has grown from an Indian InfoSec Leader, to a global header, having footprints in more than 20 countries.

and more »
 
In a move that's alarmed some privacy advocates, the FBI has begun scouting for a tool to allow it to gather and mine data from social networks including Facebook and Twitter, as well as from blogs.
 
The idea of employing a chief mobility officer isn't new. But as enterprises scramble to establish mobile strategies, having a CMO could be a key to success, according to Forrester Research.
 
This IT leader decided that rather than investing $7.5 million in additional hardware to tackle a massive big data project, he'd bet on Equifax's engineers to build a new indexing technology.
 
This IT leader left a successful career in the private sector to follow an opportunity to do meaningful work in the Colorado governor's office as state CIO and secretary of technology.
 
This IT leader has moved the USDA from older systems to private and public clouds. Among other things, he shifted 120,000 employees and contractors to Microsoft's email and Office cloud platform.
 
Cisco has been crowing about its rebound, and with good reason. What a difference a year makes.
 
This year is shaping up to be a repeat of 2009, when Microsoft and Apple last faced off with rival operating system upgrades.
 
A massive Oracle ERP project being conducted by the U.S. Air Force is still experiencing difficulties, with the Air Force deciding to toss out some completed work as part of a restructuring plan that will be announced soon.
 
To move from a technical role to management is to abandon one career for another.
 
With the widespread adoption of smartphones and the use of mobile strategies in U.S. presidential campaigns, could there come a day when Americans vote wirelessly?
 
Nokia focused on its low-end phone offerings at Mobile World Congress on Monday, a year after announcing it would try to boost its smartphone sales by giving up its home-grown operating system in favor of Windows Phone.
 

Posted by InfoSec News on Feb 27

http://gcn.com/articles/2012/02/27/cybereye-operating-while-under-attack.aspx

By William Jackson
GCN.com
Feb 24, 2012

I try to be cautious with my use of the term “cyber war.” It is used
much too often to describe any type of unpleasant online activity, and
its misuse confuses our thinking about the very real threats of military
engagement in cyberspace. But there is at least one area in which the
military model of operation can be a...
 
The site Indian Bareilly City Information server and its ten subdomains that range from the accomodation to jobs sites. The defacing has very explicit content and language and can be seen below.


 

Posted by InfoSec News on Feb 27

http://gizmodo.com/5888440/wikileaks-reveals-private-cias-dirty-laundry-updating-live

By Jesus Diaz
Gizmodo.com
Feb 26, 2012

Wikileaks has published five million emails from Stratfor, an
intelligence company based in Texas that, looking at their practices,
appears to be America's very own privately run CIA. According to
Wikileaks, their deals would also include the use of privileged
information to make money in financial markets....
 

Posted by InfoSec News on Feb 27

http://www.theregister.co.uk/2012/02/24/cyber_weapons/

By Anna Leach
The Register
24th February 2012

When it comes to bombs, the more powerful they are, the bigger their
impact. With a cyber-weapon, the opposite is true: the more powerful it
is, the more limited the damage it causes. The deeper a bug can get into
any given system, the less likely it is to trouble anything else.

And that's why cyber-weapons aren't real weapons,...
 

Posted by InfoSec News on Feb 27

http://www.informationweek.com/news/security/intrusion-prevention/232601436

By Mathew J. Schwartz
InformationWeek
February 25, 2012

If there's one IT realm that hasn't been quiet over the past year, it's
information security.

"It's been a crazy year. There've just been so many incidents," said
Hugh Thompson, chief security strategist at People Security. "There've
been so many of these--whatever...
 

Posted by InfoSec News on Feb 27

http://www.theinquirer.net/inquirer/news/2155017/anonymous-hacks-infragard

By Dave Neal
The Inquirer
Feb 24 2012

HACKTIVIST COLLECTIVE Anonymous has attacked the FBI affiliate Infragard
for the second time, this time taking over and defacing the web site of
its Dayton, Ohio chapter.

The hackers took over the web site, changing it totally and replacing
its content with a Youtube video of rapper Coolio performing Gangsta's
Paradise and...
 
Government workers might not be best known for their sense of style, but some Defense Department workers may soon be carrying Prada - the phones, that is.
 
Now you know that your cellphone is causing real harm what will you do?
 
Last week we learned that not even reverence for the memory of Steve Jobs can protect a YouTube video from a copyright-wielding entertainment industry behemoth.
 
Mobile Device Management software got a boost from rivals SAP and Symantec who separately announced improvements to their management tools at Mobile Work Congress.
 
Internet Storm Center Infocon Status