Hackin9

InfoSec News


Mimecast channel growth gathers pace with new partnerships
SYS-CON Media (press release) (blog)
These include Infosec Technologies, Security Partnerships, and LIMA Networks. Mimecast's ability to tailor and structure bespoke proposals to meet the needs of each partner was the deciding factor for many of its new resellers. Mimecast has also penned ...

and more »
 

25 suspected Anonymous hackers arrested in international sweep
Los Angeles Times
"There are future operations planned in the way of everything from campaign finance reform, to elections, to infosec [information security] and much, much more, stay tuned," an Anonymous activist told the CNET technology news website in an interview ...

and more »
 

CIO

RSA Conference 2012: Stress and Burnout in Infosec Careers
CIO
But finding support and information on dealing with info sec career burnout is difficult because resources and knowledge are scant. By Joan Goodchild Career stress and burnout is as common among information security professionals as it is among ...

and more »
 
Microsoft is developing a connector that will allow Excel users to download and analyze output from Hadoop, potentially opening the open-source data processing platform to a much wider audience.
 
ABB Products Robot Communications Runtime 'RobNetScanHost.exe' Buffer Overflow Vulnerability
 
A major revision of a Federal Information Security Management Act (FISMA) publication released today by the National Institute of Standards and Technology (NIST) adds guidance for combating new information security threats and ...
 
An updated roadmap for the Smart Grid is now available from the National Institute of Standards and Technology (NIST), which recently finished reviewing and incorporating public comments into the NIST Framework and Roadmap for Smart Grid ...
 
Having changed the underlying architecture of JavaFX, Oracle is discontinuing older versions of this platform for building RIAs (Rich Internet Applications). As a result, applications based on JavaFX 1.2 and JavaFX 1.3 will need to be updated to run on JavaFX 2.0 by the end of this year.
 
The U.S. government has published to the Federal Register the second of three sets of 'meaningful use' rules for electronic medical records.
 
Businesses in Kansas City, have some big ideas for Google's new fiber network, although they still don't know if they'll be able to use it once it goes online.
 
Digital rights group Public Knowledge has launched a campaign to reform U.S. copyright laws and make them more friendly to the Internet, in the eyes of the group.
 
Apple would be making a 'brilliant' move if it decided to give away OS X Mountain Lion to Mac users as a free upgrade, an analyst said today.
 
The growth in worldwide server shipments was slower than expected during the fourth quarter due to a shortage in the supply of hard drives, and the trend will continue into the first quarter this year, Gartner said in a study released on Thursday.
 
WebCalendar 'location' Variable Cross Site Scripting Vulnerability
 
[SECURITY] [DSA 2420-1] openjdk-6 security update
 
[ MDVSA-2012:025 ] samba
 

RSA Conference 2012: Stress and burnout in infosec careers
MIS Asia
But finding support and information on dealing with info sec career burnout is difficult because resources and knowledge are scant. "If you do a Google search for info sec burnout, you'll find nothing," said KC Yerrid, an information security and ...

 
Identity theft was the top complaint filed by U.S. residents to the Federal Trade Commission in 2011, with Internet-related fraud also a top concern, the agency said.
 
Cisco Systems on Tuesday announced its take on the reshaping of mobile networks that is emerging at this week's Mobile World Congress, saying it can build a Wi-Fi infrastructure spanning all the way from the access point to the core network.
 
Google once considered issuing its own currency, to be called Google Bucks, company Chairman Eric Schmidt said on stage at the Mobile World Congress Tuesday.
 
Apple today issued invitations to the media for an event next Wednesday, March 7, where it's expected to launch the next iPad.
 
Social engineering attacks security at its weakest link: People. Preying on employees' best intentions, social engineers gain unauthorized access to systems and information.
 
To help its partners generate more cloud business, IBM has introduced new training, tools and a financial incentive package at its PartnerWorld conference, being held this week in New Orleans.
 
Micron Technology has bought out Intel's stake in two wafer factories that are part of a NAND joint venture between the two companies in a move they said will expand the supply of flash memory.
 
Mobile payment technologies may be slow to spread, at least in the U.S., as polls show Americans are suspicious of NFC technology for security reasons, analysts note.
 
At Mobile World Congress this week, Cisco unveiled products designed to provide cellular-like roaming among Wi-Fi hotspots, and disclosed deployments among several wireless service providers.
 
The Miami Dolphins teamed with IBM to deploy a cloud-based analytics system that helps stadium staff to be proactive about potentially disruptive events, such as parking bottlenecks, concession stand inventory shortages, and inclement weather.
 
Ericsson has joined OpenStack as part of its plan to serve operators that want to become cloud computing providers, the company said on Tuesday.
 
In what could be a sign of hesitation by some IT executives to store sensitive data in the cloud, Harris Corp. has pulled out of its off-premise remote hosting business because of lack of adoption from customers.
 
PostgreSQL Multiple Security Vulnerabilities
 
Executives from three wireless carriers offered testimony Tuesday showing how an explosion of both wireless users and devices is forcing them to expand their networks even though doing so might not lead to an equivalent increase in revenue.
 
Intel is selling its two NAND flash manufacturing facilities to Micron as part of an expansion to an already existing partnership between the two firms.
 
Mobile carriers'embrace of Wi-Fi is one of the sub-themes of Mobile World Congress, and the flavor of Wi-Fi that's generating buzz here is 802.11ac, which promises to boost handset throughput to over 300Mbps.
 
The sme hacker who today leaked 12,000+ accounts from vista.pl has also hit a polish forum and when we say hit we mean hit... the attack was on Gram24.pl which is a forum for movies, games, photos etc and a total amount of breached accounts from the forums database's is 236, 351.


 
The targets seem to be all Polish websites and the hackers are said to be from Poland as well. So far they have hit Vista.pl and dumped well over 12000 user accounts from the software information and download portal.


 
Reliable Windows 7 Exploitation: A Case Study
 
ImgPals Photo Host Version 1.0 Admin Account Disactivation
 

Wikileaks and Stratfor make the case for more data encryption
ComputerworldUK (blog)
The value of this breach for the larger InfoSec community is that it underscores the need for more ubiquitous data encryption. In my recent report Killing Data, I postulate that the future default data state will encrypted. Wikileaks/Stratfor just puts ...

and more »
 
IBM has laid off just over 1,000 employees so far this week and more layoffs may be possible, according to an employee organization.
 
The iTunes Store is the most popular retail outlet in the United States for buying music, and has become a digital bazar, selling everything from TV shows and movies to ebooks and audiobooks.
 
Ericsson took a step to simplify carrier mobile networks on Tuesday, during a Mobile World Congress show where infrastructure is getting more complex.
 
[ MDVSA-2012:023-1 ] libvpx
 
[ MDVSA-2012:022-1 ] mozilla
 
Re: [Full-disclosure] pidgin OTR information leakage
 
Re: [Full-disclosure] pidgin OTR information leakage
 

RSA 2012: Security Engineers Seek Prophecy in Mick Jagger, Aretha Franklin
ReadWriteWeb
Hopefully Aretha Franklin received a cut of the royalties when one soloist, breaking from script, sang her original lyrics instead of the ones inscribed on the big-screen closed caption: "INFOSEC, find out what it means to me." Though today's theme is ...

and more »
 

Stress, burnout in information security workers raises red flag
InfoWorld
But finding support and information on dealing with info sec career burnout is difficult because resources and knowledge are scant. "If you do a Google search for info sec burnout, you'll find nothing," said KC Yerrid, an information security and ...

 
Big smartphone vendors such as High Tech Computer (HTC) and LG Electronics are trying to get their mojo back after some challenging times, and they hope to do so by putting quad-core processors and big, high-definition screens in the products on show at Mobile World Congress.
 
Verizon Wireless today announced it will sell the the Samsung Galaxy Tab 7.7 exclusively starting Thursday for $499.99 with a two-year agreement for the carrier's 4G LTE network.
 
Mozilla managed to avoid using any parts of Android in the development of its Boot-to-Gecko mobile Web project.
 
ManageEngine, the IT management software arm of Zoho, is adding iOS devices to those supported in its Desktop Central management service.
 
Suse has updated its enterprise Linux distribution, using a recent version of the Linux kernel to support the advanced management capabilities in freshly released servers from Hewlett-Packard and Dell.
 
Re: [oss-security] Case YVS Image Gallery
 
Re: [Full-disclosure] pidgin OTR information leakage
 
Big data does not automatically mean big security improvements. If not handled with care and expertise, it could mean the opposite. That will be the focus of a panel discussion at the RSA Conference in San Francisco today at 3:50 p.m. in room 301.
 
The rising tide of cyber threats has caused the FBI to change how it operates, FBI Director Robert Mueller will tell RSA Conference attendees Thursday.
 
Verizon Wireless today announced it will sell the the Samsung Galaxy Tab 7.7 exclusively starting Thursday, March 1, for $499.99 with a two-year agreement for the carrier's 4G LTE network.
 
The recently renamed Small Cell Forum gathered several vendors at Mobile World Congress on Tuesday to spotlight advances they are announcing this week in smaller mobile-network gear.
 
Research In Motion said that "thousands" of Android apps are already in the Android player launched one week ago as part of the PlayBook OS 2.0 update.
 

SAN FRANCISCO - The Cloud Security Alliance Summit at the RSA Conference 2012 got off to an entertaining start Monday with a keynote from an unlikely entertainer: Mike McConnell, former NSA and national intelligence director. McConnell had the crowd laughing with stories of his grandchildren and old times with Colin Powell, but he segued into a serious message: The country isn’t doing enough to address the threat of economic cyberespionage.

t-size: 12pt;font-family: "Times New Roman","serif&quot&quot&quot">The U.S. is the “most digitally dependent nation” and its competitive advantage is its innovation, creativity, research and development, he said. “That information is regularly being taken from us,” added McConnell, who is now vice chairman at Booz Allen Hamilton.

McConnell didn’t point fingers at any country, but said some nation states make it a policy to conduct economic espionage and capture intellectual capital. “We are moving very slowly to address these threats. …We don’t have a cyberdefense capability on a global scale,” he said.

The country needs to establish a policy for what the NSA can do to protect the nation in cyberspace, he said. “The industry is going to have to accept some level of regulation.”

“The economics of cloud computing are compelling,” McConnell said. “It will happen. We need to address privacy, business interests and the national security dimension.”

Other highlights from the CSA Summit:

The CSA announced an “innovation initiative” to help speed development of cloud security by identifying key issues related to security that block the adoption of next-generation IT, documenting guiding principles that IT innovators should address, and incubating IT solutions that align with CSA principles.

Interestingly, the initiative includes not only a working group within CSA, but a for-profit entity that will work with innovators. Innovators don’t have to use CSA assistance in developing their technology, but can have a CSA working group assess its value.

The CSA also is starting a research project into SLAs and is looking for volunteers. The goal is to develop standards around SLAs – something no doubt many cloud users would appreciate.



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Presented By:
Cisco Webcast: Third-Generation Fabric Computing
  Leading experts and Cisco customers will share how to realize the full potential of your data center infrastructure. Learn how new Cisco UCS innovations extend the capabilities of the unified data center.
Register Now

Ads by Pheedo

 
Isis announced this week that Chase, Capital One and BarclayCard will enable their credit, debit and prepaid cards for the Isis Mobile Wallet that's expected to launch in mid-year.
 
Google on Monday withdrew as a sponsor of next month's Pwn2Own hacking contest, and will instead put as much as $1 million up for grabs if researchers can exploit Chrome.
 

Mimecast channel growth gathers pace with new partnerships
RealWire (press release)
These include Infosec Technologies, Security Partnerships, and LIMA Networks. Mimecast's ability to tailor and structure bespoke proposals to meet the needs of each partner was the deciding factor for many of its new resellers. Mimecast has also penned ...

and more »
 
Motorola's laptop dock for Android smartphones has terrible hardware -- and faces a new generation of post-PC competition
 
Microsoft has warned customers that their financial data such as credit card information may have been compromised by hackers who attacked the company's online store in India earlier this month.
 
Malware authors are increasingly adopting flexible domain generation algorithms in order to evade detection and prevent their botnets from being shut down by security researchers or law enforcement agencies.
 

Stress and burnout in infosec careers
ITworld.com
But finding support and information on dealing with info sec career burnout is difficult because resources and knowledge are scant. "If you do a Google search for info sec burnout, you'll find nothing," said KC Yerrid, an information security and ...

and more »
 
At the RSA Conference Tuesday, Symantec announced general availability of its O3 cloud-based single sign-on (SSO) and authentication service, which adheres to a concept company CEO Enrique Salem outlined exactly a year ago at RSA 2011. Symantec also provided detail on future capabilities the O3 cloud service will have for data-loss prevention and encryption.
 
Yahoo is threatening action unless Facebook licenses some of its technologies, as other web and technology companies are said to have done.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
In the too good to pass up on category we find an article by Iain Thomson in El Reg regarding a survey of stress levels among IT security staff. Iain reports on Jack Daniel's (founder of the Security B-Sides conference) well attended presentation at RSA this morning. The article and the findings speak for themselves, but I had to share one quote with apologies in advance to any CSOs in the readership to whom this may be applicable. Josh Corman, regarding some of the stress-causing factors for security professionals indicated that management is likely part of the problem and suggested the following:
As an experiment, explain to your children what it is you're trying to explain to your chief security officer. If they get it and he doesn't, then the problem isn't with you.
For the record, I haven't encountered this personally in more than five years (I count myself among the lucky). That said, I have a few friends in the consulting industry who have a much higher ratio of minion to CSO contact than most and have absolute horror stories to share. So let's hear a few, ye who count yourselves as those on the ragged edge of burnout and cynicism. A few ground rules, and they are absolute: no bad language, no personal or business names, no false statements or exaggeration. As Sgt. Joe Friday said, Just the facts, ma'am. The comments form is open...
Russ McRee @holisticinfosec
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
IBM researchers have established three new records for reducing the error rates in elementary computations and retaining the integrity of quantum mechanical properties in quantum bits (qubits).
 
Texas Memory Systems announced an upgrade to its RamSan operating system and a new NAND flash array that incorporates 40Gbps InfiniBand, along with Fibre Channel ports, but at a price of about half that of its predecessor.
 
Mauritania Hacker team has claimed to of hacked the bank of israel in a video that has been posted on our facebook wall. In the video they show what appears to be hundreds of account holders and all their information.


 
Internet Storm Center Infocon Status