InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Mengniu Website Hacked as Toxin Milk Fuels Anger29 Dec 2011
Business China
A message was posted on Mengniu's website by a hacker named Simple International Infosec Team saying that “Mengniu once made the Chinese strong and proud, but it's now doing harm to its people, and it's our obligation to wake everybody up, ...

and more »
Perl 'rmdir()' Local Race Condition Privilege Escalation Vulnerability
The increase in smartphones and other mobile devices has fueled demand for IT security pros with mobile app security and networking skills, say several cybersecurity career experts.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
WordPress WP Symposium Arbitrary File Upload Vulnerabilities
Activations of new iOS and Android devices soared on Christmas Day, jumping by 142% over the same day last year, a Web metrics company said.
Online spending so far this holiday season in the U.S. was 15% higher than last year, rising to $35.3 billion, according to figures released Wednesday by comScore.
SAP's US$3.4 billion acquisition of SuccessFactors has passed an important regulatory step, with the U.S. Federal Trade Commission deciding on Friday to grant early termination of the waiting period required by the Hart-Scott-Rodino Antitrust Improvements Act, SAP announced Wednesday.
Computer Associates ARCserve D2D and ARCserve Backup Arbitrary Code Execution Vulnerability
Hitachi JP1/ServerConductor/DeploymentManager Directory Traversal Vulnerability
WiFi Protected Setup PIN Brute Force Authentication Bypass Vulnerability
FreeBSD 'telnetd' Daemon Remote Buffer Overflow Vulnerability
Microsoft ASP.NET Hashes Denial Of Service Vulnerability
China is in the midst of an unprecedented data center construction boom that's providing business opportunities for U.S. companies and could see China emerge with one of the most advanced computing infrastructures in the world.

A new vulnerability advisory by security firm n-runs [1] describes how hash tables in PHP5,Java,ASP.NET and others can be attacked with deliberate collisions in the hash function, leading to a denial of service (DoS) on the web server in question. Microsoft have already responded with an advisory [2] of their own, other vendors are likely to follow.

Updated 2300UTC: MSFT published additional information [3]on how to detect and mitigate an attack.

[1] http://www.nruns.com/_downloads/advisory28122011.pdf

[2] http://technet.microsoft.com/en-us/security/advisory/2659883


(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
IT pros share their real-life, on-the-job stories. Here's a look at memorable ones from the last year
Intel on Wednesday started shipping the latest Atom chips for netbooks, an important step to sustain growth of the low-cost PCs in the wake of the tablet onslaught.
Next year, if all goes according to plan, Red Hat will become the first open source software company to generate more than $1 billion a year in revenue. It will be a watershed moment for the open source community, who have long seen their approach of community-based development as a viable, even superior, alternative to traditional notions of how software should be written.
China on Tuesday began offering its own satellite navigation system to users, as an effort to move away from the nation's reliance on the U.S.-built NAVSTAR GPS network.
In an interview with Computerworld, organizational psychologist Billie Blair explains how IT managers and their staffs are different from the rest of us.

ST Electronics (Info-Security) to Exhibit at 2012 International CES, booth ...
MarketWatch (press release)
Complementing our myriad of products and solutions offering, STEE-InfoSec also provides security solution integration services and security consultancy for the deployment of enterprise infosecurity infrastructure and infosecurity for system-of-systems. ...

and more »

Posted by InfoSec News on Dec 28


By Amber Corrin
Dec 23, 2011

A team of faculty from National Defense University’s iCollege has
received recognition for exceptional achievement for helping conduct a
virtualized cyber defense workshop that yielded global collaboration on
critical cyber defense issues.

Receiving honors from the Office of the Secretary of Defense (Network

Posted by InfoSec News on Dec 28


By Guy Adams
The Independent
28 December 2011

It never rains but it pours for clients of Stratfor, the US security
firm whose website was compromised at the weekend by members of the
anarchic computer-hacking group Anonymous.

Victims of the attack, mostly employees of major companies or agencies
which use Stratfor's services,...

Posted by InfoSec News on Dec 28


By Neil Versel
December 27, 2011

Many health insurers will need to upgrade their IT infrastructure in the
next few years to meet coming mandates and respond to healthcare reform
efforts, but cost and short timetables could be significant obstacles, a
new survey reveals.

In a survey of 106 leaders from healthcare payers, 35% of respondents
listed cost or...

Posted by InfoSec News on Dec 28


By Lucian Constantin
IDG News Service
December 26, 2011

The security industry expects the number of cyber-espionage attacks to
increase in 2012 and the malware used for this purpose to become
increasingly sophisticated.

In the past two years there has been a surge in the number of
malware-based attacks that resulted in...

Posted by InfoSec News on Dec 28


By Robert Lemos
Contributing Editor
Dark Reading
Dec 27, 2011

In June, a security researcher searching for passwords files on the
Internet stuck gold: A database file of 300,000 users of Groupon
subsidiary Sosasta had inadvertently been placed on a publicly
accessible online server. The company quickly...
Internet Storm Center Infocon Status