InfoSec News

Revenues from Windows plummeted 30% last quarter compared to the same period the year before, Microsoft said on Thursday.
 
PDF files are a very mixed blessing. They're excellent for distributing good-looking documents with all the layout and text properties you want. But they're problematic as well, especially if you need to extract text from them, or to edit PDF documents. There's simply no easy way to do either. Solid Converter PDF ($80, 15-day free trial), offers an excellent solution to the problem. It takes PDF files, and converts them to Word documents--and does a superb job of it.
 
What is a wireless subscriber? And what is a wireless customer? The difference is important when it comes to the two largest U.S. wireless carriers.
 
The Internet Systems Consortium, the makers of the open source DHCP server, indicated the DHCPv6 service may crash after processing a DHCPv6 decline message. This vulnerability has been assigned CVE 2011-0413 and affect version 4.0.x-4.2.x and maybe remotely exploitable.
Note: This DoS only affects DHCPv6 servers and there is currently no workaround.


[1] https://lists.isc.org/pipermail/isc-os-security/2011-January/000000.html
[2] http://www.kb.cert.org/vuls/id/686084
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Qualcomm later this year will start shipping test units of its next-generation tablet and smartphone chip, which will be faster and more power-efficient than existing chips and have an LTE modem.
 
Intel has eased the migration to a single network infrastructure throughout data centers by introducing Open FCOE, a free software stack for Fibre Channel Over Ethernet.
 
Despite the popularity of consumer desktop video like Skype and FaceTime, information workers in North America and Europe have little interest in using the technology on the job, according to Forrester Research.
 
AT&T said today it had 95.5 million wireless subscribers at the end of 2010.
 
Debian chm2pdf Insecure Temporary File Creation Vulnerability
 
Microsoft reported $19.95 billion in revenue for the quarter ending Dec. 31, a record second-quarter high for the company.
 
HTB22796: Path disclousure in DBHcms
 
After hitting an all-time high in the third quarter of 2010, click fraud incidents dropped last quarter, although the practice still rendered almost one in five cost-per-click (CPC) ads useless for the marketers that paid for them.
 
An Arizona Republican Congressman has introduced legislation aiming to keep top foreign graduates of U.S. universities in the country.
 
Pango Font Parsing 'pangoft2-render.c' Heap Corruption Vulnerability
 
HTB22797: Path disclousure in BLOG:CMS
 
Apple and News Corp. will launch the latter's The Daily iPad-only newspaper next week in New York, according to invitations sent to members of the press.
 
Oracle's recent move to switch Sun Microsystems documentation to Oracle support infrastructure has some users up in arms, since the original links redirect to a general table of contents.
 
If you're looking for a good, basic 4.3-inch GPS device from Magellan, the RoadMate 2035 could be a good choice. With a list price of $160 (down to a $95 street price as of December 22, 2010), the 2035 is the least expensive 4.3-inch navigator in Magellan's current lineup. Like all of the RoadMate models, the 2035 features lifetime subscription-free, advertising-supported live traffic alerts. But its omissions might have you looking elsewhere.
 
Low usage and Java prioritization lead to the elimination of Rails backing, a move that did not come as a surprise to the Rails founder
 
People who use Gmail with the Chrome browser can now be notified via desktop pop-up alerts whenever they receive a new e-mail or chat message.
 
Two participants in a so-called "scareware" scheme settle a complaint from the U.S. Federal Trade Commission.
 
Prices continue to tumble even as more features are added to many GPS navigation devices, and it's not difficult to find a full-featured GPS unit with a 4.3-inch screen for under $150. Yet for many consumers, especially the first-time navigation device buyer, the huge feature set found in even modestly priced devices can be a bit intimidating.
 
Re: Remote Code Execution in ICQ 7
 
HTB22795: Path disclosure in Hycus CMS
 
[USN-1052-1] OpenJDK vulnerability
 
Symantec Intel Alert Management System Message Handling Multiple Code Execution Vulnerabilities
 
Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability
 

Career networking strategies: Alternatives to infosec certification
SearchSecurity.com
Infosec pros want to know how people can find out enough about them to want to hire them. This is ultimately a marketing issue. ...

 
One of the biggest security threats out there doesn't come from malicious hackers or online identity thieves. It actually comes from you, the innocent PC user and your out-of-date software. But you can put an end to that threat with the free Secunia Personal Software Inspector (PSI), which identifies and helps patch the problematic programs you may be running.
 
To spur Android app purchases and help application developers, Google will introduce a range of new features around its online Android Market, including an in-app payment option and expanded carrier billing.
 
The Mio Moov R403 ($130, price as of December 22, 2010) offers value and solid navigation. Mio is owned by Mitac, which also owns Magellan; and at one time Mio was in the top five for GPS market share. Today, you'll find that Mio products are marketed exclusively through RadioShack, and the R403 is the leading model there.
 
Microsoft has sued a former director of business development in state court, accusing him of stealing nearly $460,000 from the company and trying to make off with another $1.5 million before his scheme was uncovered
 
ocrodjvu Insecure Temporary File Creation Vulnerability
 
Symantec Intel Alert Management System (CVE-2010-0110) Buffer Overflow Vulnerabilities
 
Is the state of the economy hitting older IT workers harder than younger ones? Who's to blame for products that are eventually outmoded?
 
As 2010 progressed, a shift in data-storing methods began to take shape. With 15 petabytes of new data being created every day, and the volume of data continuing to grow, the ability to simply store data in a secure and easily-accessible manner presents a challenge for IT departments and vendors.
 
IBM's LotusLive on-demand collaboration suite is getting a boost via integration with SugarCRM and Ariba's Discovery Service supplier database, the companies announced.
 
AT&T CEO expects a "rocky" few months after Verizon starts selling the Apple iPhone, but added that he's "fairly confident" the company will continue to grow.
 
AT&T reports a revenue increase of 2.1% for the fourth quarter of 2010.
 
A new Oracle data warehouse will be marketed to banks, financial institutions
 
The Oracle Financial Services Data Warehouse will be marketed to banks and financial institutions.
 
ISC DHCP Server DHCPv6 Decline Message Denial of Service Vulnerability
 
ActiveWeb Professional Arbitrary File Upload Vulnerability
 
The upstream provider serving hosting provider Volgahost shut down uploads from its servers, effectively cutting off botnet command and control servers from giving any orders.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

Howard Schmidt Seeks Private-Sector Support
GovInfoSecurity.com (blog)
... and Schmidt - liberally sprinkled their speeches with references to the public-private partnerships (see The Government's Infosec "Conspirators"). ...

and more »
 
The Oracle Financial Services Data Warehouse will be marketed to banks and financial institutions.
 
[security bulletin] HPSBMA02626 SSRT100301 rev.1 - HP OpenView Storage Data Protector, Remote Denial of Service (DoS)
 
[USN-1051-1] HPLIP vulnerability
 
The TippingPoint Zero-Day Initiative (ZDI) program fixed 300 vulnerabilities in 2010, triple the number of flaws repaired in 2009.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Nokia reported an increase in sales for the fourth quarter, but profit declined as the company continues to struggle in the high-end smartphone segment.
 
AT&T CEO expects a "rocky" few months after Verizon starts selling the Apple iPhone, but added that he's "fairly confident" the company will continue to grow.
 
Oracle has added more than 350 PeopleSoft customers in the past year, even as it prepares to launch the next-generation Fusion Applications.
 
AT&T said it had 95.5 million wireless subscribers at the end of 2010, putting it ahead of Verizon Wireless, which reported earlier this week that it had 94.1 million.
 
InfoSec News: Proposed Nonprofit Would Bridge Law Enforcement, Enterprise Security Worlds: http://www.darkreading.com/smb-security/167901073/security/news/229100238/proposed-nonprofit-would-bridge-law-enforcement-enterprise-security-worlds.html
By Kelly Jackson Higgins Darkreading Jan 25, 2011
Organizations rarely report breaches to law enforcement, but a new [...]
 
InfoSec News: Site of AT&T-iPad hackers is hacked: http://news.cnet.com/8301-27080_3-20029734-245.html
By Elinor Mills InSecurity Complex CNet News January 26, 2011
The Web site of the hacker group whose members were charged with computer crimes after they exposed a hole in AT&T's site for iPad customers last year was hacked today. [...]
 
InfoSec News: Is retaliation the answer to cyber attacks?: Forwarded from: Bill Scherr IV <bschnzl (at) cotse.net> Cc: jericho (at) attrition.org
Is it really that simple?
There is much that can be done on your own systems to collect data, and alter appearances. Analyzing that data, while keeping the upper hand, takes skill and luck. [...]
 
InfoSec News: Bruyere health centre reports data breach: http://www.cbc.ca/canada/ottawa/story/2011/01/25/ottawa-bruyere-data-breach.html
CBC News January 25, 2011
Patients at Bruyere Family Medicine Centre in Ottawa are being warned that some of their personal information may have been on two computers that were recently stolen. [...]
 
InfoSec News: Phone hacking: the next turn of the screw: http://www.independent.co.uk/news/uk/crime/phone-hacking-the-next-turn-of-the-screw-2195607.html
By Cahal Milmo and Oliver Wright independent.co.uk 27 January 2011
Rupert Murdoch's News International yesterday conceded that the phone-hacking scandal went to the heart of Britain's top-selling [...]
 
InfoSec News: Hackers didn't retrieve data in Defense pharmacy website attack: http://www.nextgov.com/nextgov/ng_20110125_5321.php
By Bob Brewin NextGov 01/25/2011
No data has been siphoned off the Defense Department PharmacoEconomic Center website and domain as the result of a hacker attack reported by a security firm last week, a Military Health System spokesman said. [...]
 
InfoSec News: US cyberwar firing range to demo by July: http://www.theregister.co.uk/2011/01/26/cyber_range_demo_date_set/
By Lewis Page The Register 26th January 2011
DARPA has announced that its planned "National Cyber Range" – an artificial, sealed-off internet inhabited by simulated nodes, computers, [...]
 
UK police arrested three teenagers and two other people on Thursday for allegedly taking part in a series of denial-of-service attacks against major websites earlier this year as part of the loosely affiliated group called 'Anonymous.'
 
While using cloud-based applications solves some problems for IT administrators, it also creates new ones, including how to handle user identity management.
 
A report from Akamai Technologies shows that hackers appear to be increasingly using the Telnet remote access protocol to attack corporate servers over mobile networks.
 
TSMC, the world's biggest semiconductor foundry, said on Thursday it expects to expand capacity by 20% this year due to rising demand for PCs and mobile devices.
 
Tseng Chien-lin turned down an offer from the Taiwan offices of Yahoo to take a job with a barely known Internet startup involved in the design of a social application centered on dining out.
 
We've had a few reports (thank you all) that Opera has been updated to 11.01 and fixes several security issues.
Full details are available here

Christopher Carboni - Handler On Duty (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
AT&T's TerreStar Genus mobile phone will keep you connected via cell or satellite anywhere in the U.S.
 
The U.S. government has been stepping up its use of smart cards to help lock down its computer networks, but hackers have found ways around them.
 
A Washington court has issued a temporary restraining order prohibiting a former Microsoft manager from taking a new job at Salesforce.com.
 
The Egyptian governments move to shut down access to Twitter in the country indicates how powerful social media can be as a protest tool.
 
XPDF 'Gfx::getPos()' (CVE-2010-3702) Unitialized Pointer Dereference Vulnerability
 
Unemployment rates for older IT workers increased during the recession faster than they did for younger employees, according to new government labor data obtained by Computerworld.
 
President Barack Obama's State of the Union address was so technology-focused that it buoyed expectations that U.S. investment in IT, particularly supercomputing, will survive his plan to freeze domestic spending for five years.
 

Posted by InfoSec News on Jan 27

http://www.cbc.ca/canada/ottawa/story/2011/01/25/ottawa-bruyere-data-breach.html

CBC News
January 25, 2011

Patients at Bruyere Family Medicine Centre in Ottawa are being warned
that some of their personal information may have been on two computers
that were recently stolen.

Bruyere Continuing Care said in a statement that neither of the
computers contained any medical information, but said data for patients
seen at the clinic between 1971...
 

Posted by InfoSec News on Jan 27

http://www.nextgov.com/nextgov/ng_20110125_5321.php

By Bob Brewin
NextGov
01/25/2011

No data has been siphoned off the Defense Department PharmacoEconomic
Center website and domain as the result of a hacker attack reported by a
security firm last week, a Military Health System spokesman said.

Austin Camacho, a spokesman for the TRICARE Management Activity, part of
MHS, said in an e-mail that the PharmacoEconomic Center website has been...
 

Posted by InfoSec News on Jan 27

http://www.theregister.co.uk/2011/01/26/cyber_range_demo_date_set/

By Lewis Page
The Register
26th January 2011

DARPA has announced that its planned "National Cyber Range" – an
artificial, sealed-off internet inhabited by simulated nodes, computers,
sysadmins, users etc in which the USA can test-fire cyber weapons and
practice cyber combat – is to reach demonstration status by July this
year.

Lockheed Martin, working on the...
 

Posted by InfoSec News on Jan 27

http://www.independent.co.uk/news/uk/crime/phone-hacking-the-next-turn-of-the-screw-2195607.html

By Cahal Milmo and Oliver Wright
independent.co.uk
27 January 2011

Rupert Murdoch's News International yesterday conceded that the
phone-hacking scandal went to the heart of Britain's top-selling
newspaper, announcing that it had sacked a senior editor at the News of
the World and passed to police what investigators described as...
 

Posted by InfoSec News on Jan 27

http://www.darkreading.com/smb-security/167901073/security/news/229100238/proposed-nonprofit-would-bridge-law-enforcement-enterprise-security-worlds.html

By Kelly Jackson Higgins
Darkreading
Jan 25, 2011

Organizations rarely report breaches to law enforcement, but a new
grassroots effort exploring the creation of a nonprofit to bridge the
gap between law enforcement and security professionals hopes to change
that.

Alerting law enforcement...
 

Posted by InfoSec News on Jan 27

http://news.cnet.com/8301-27080_3-20029734-245.html

By Elinor Mills
InSecurity Complex
CNet News
January 26, 2011

The Web site of the hacker group whose members were charged with
computer crimes after they exposed a hole in AT&T's site for iPad
customers last year was hacked today.

For at least a few hours an obscenity-laden message on the Goatse
Security site said: "I have taken the liberty of exposing your gaping
hole...As you...
 

Posted by InfoSec News on Jan 27

Forwarded from: Bill Scherr IV <bschnzl (at) cotse.net>
Cc: jericho (at) attrition.org

Is it really that simple?

There is much that can be done on your own systems to collect data, and
alter appearances. Analyzing that data, while keeping the upper hand,
takes skill and luck. It will never happen if active technical
countermeasures are lumped into the "hacking back" pile.

Any engagement with the attacker will travel thru...
 


Internet Storm Center Infocon Status