InfoSec News

While the vendors have released patches, SecureWorks researchers told Black Hat 2010 attendees that many enterprises place too much trust in their security systems and fail to check them for basic vulnerabilities.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

SecureWorks - Security - Cisco Systems - Black Hat - McAfee
 
Barnaby Jack hit the jackpot at Black Hat on Wednesday. Twice.
 
I'm a big fan of working at offsite locations--meaning my local Wi-Fi-equipped coffee shop. In fact, I'll often spend the afternoon hunkered down at Panera Bread, iced tea in one hand and a French Toast bagel in the other. (It's bad form to set up shop without buying something.)
 
Sprint Nextel announced its first overall net subscriber growth in three years today, a welcome sign to many analysts, who still worry about the carrier over the long-term.
 
Cisco, NetApp and VMware said they have certified their products to create a single, end-to-end Fibre Channel over Ethernet network that can handle virtual server traffic as well as high-speed data storage transport.
 
Mark Gibbs explores Scratch and StarLogo, programming systems implements the metaphor for Google's forthcoming App Inventor
 
The lead UI designer for Office 2011 for the Mac touted the software's new Ribbon interface today in a video MIcrosoft released to pump up enthusiasm the upcoming suite.
 
Targeted, persistent attacks are supported by a great deal of automation and new functionality that is having little difficulty bypassing traditional security defenses and forensic investigations, two researchers revealed at the Black Hat Briefings.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Network security - Security - Black Hat Briefings - Consultants - General and Freelance
 
Wednesday's DHS keynote included the tried-and-true plea for greater public-private partnership to secure cyberspace, yet served to challenge those who think securing the Internet is a lost cause.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

United States Department of Homeland Security - Cyberspace - Black Hat - Business - Security
 
 
Researchers and developers -- and hackers -- can dramatically slash the time it takes to root out exploitable security vulnerabilities by using an open-source toolkit created at UC Berkeley, noted bug hunter Charlie Miller said today at Black Hat.
 
The U.S. Department of Homeland Security sent its highest-ranking official ever to speak at the Black Hat conference this week, and its Deputy Secretary Jane Holl Lute ended up fielding a few tough questions from skeptical computer security professionals in attendance.
 
Dell on Wednesday beefed up its security offerings with new hardware and services, which could help the company engage more customers in long-term services deals.
 
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
According to this announcement:

http://secunia.com/advisories/40780/

The problem is that passwords may in certain cases be logged to /var/log/messages while running GNOME Display Manager in debug mode (disabled by default)



This was originally reported on 02-15-2009 here:

https://bugzilla.gnome.org/show_bug.cgi?id=571846

A patch was issued the same day. A supported patch was issued 05-14-2010.



The secunia advisory did not have many details.

The sunblog link provided did not have very much information.

http://blogs.sun.com/security/entry/cve_2010_2387_password_disclosure



The CVE is reserved and not available yet.

The rest of the information is apparently in the Customer Are.



Does this mean we can count on a no public disclosure policy for SUN products now that Oracle owns them?













(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
In its settlement agreement with the HHS over alleged HIPAA violations, the pharmacy chain will pay $1 million and must establish procedures for disposing of protected health information (PHI).

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Health Insurance Portability and Accountability Act - Rite Aid - Health - Protected health information - Pharmacy
 
Slovenian police have arrested the suspected creator of the Mariposa botnet, which is estimated to have infected as many as 12 million computers.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Botnet - Police - Slovenia - Law Enforcement - Mariposa
 
IBM this week brought out a new low end deduplication array that starts at about $50,000, half the price of its predecessor offering.
 
Barely 24 hours before a researcher was set to dive deeper into a Safari bug at the Black Hat security conference, Apple today fixed that flaw and 14 others.
 
A new pack of open source tools aims to commoditize the social networking experience
 
In an interview at Black Hat 2010, the software giant said it doesn't see the need to join Mozilla and Google in paying security researchers who discover bugs in its products. It also announced a new mitigation toolkit and a partnership with Adobe.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Microsoft - Google - Adobe Systems - Vulnerability - Black Hat
 
Editors discuss the 2010 Black Hat hacker conference. Is it still the "wild west" of security? Also, Caleb Sima of Armorize on the cancellation of his firm's China cyberwar talk.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Black Hat - Hacking - Security - Conventions - China
 
Earthbru asked the Windows forum how to stop accidental zooming in Firefox. I cover intentional zooming, as well.
 
Adobe and Microsoft are now working together to give security companies a direct line into their bug-fixing efforts.
 
Delayed upgrade to the open source Web development framework features Merb influences in areas such as speed and plug-in capabilities
 
CRM software has established a significant foothold on Google's Apps Marketplace since its launch in March, according to an official blog post this week.
 
New technologies emerge all the time, but only a handful change everything that follows in their wake. And they're not always the first of their kind.
 
Editors discuss this year's Black Hat hacker conference. Is it still the "wild west" of security? Also, Caleb Sima of Armorize on the cancellation of his firm's China cyberwar talk.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Black Hat - Hacking - Security - Conventions - China
 
The company's highly anticipated report, which this year combines Secret Service data to analyze nearly 900 individual data breach cases, shows an increase in breaches by insiders, while overall breaches may be on the decline due to market saturation of stolen data.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

United States Secret Service - Data breach - Verizon - United States - Secret Service
 
Political infighting doomed Microsoft's Kin, but Google's Android was developed without drama.
 
Check fraud is an old-fashioned kind of crime, but a criminal ring with ties to Russia is using modern cybercrime techniques, including botnets, online databases of financial information and check imaging archives, to run a highly automated, multi-million-dollar counterfeit-check operation.
 
Slovenian police will hold a press conference on Friday to discuss the arrest of three men in connection the massive Mariposa botnet that was disabled late last year.
 
Research In Motion opened its first BlackBerry retail store in China on Wednesday, with the hope of boosting the smartphone's presence in the mainland market.
 
Google this week issued patches for five vulnerabilities in the Chrome browser, including three rated 'high.'
 
Innovative tools from AppDynamics and New Relic make it easier than ever to monitor the performance of complex websites
 
Today's security suites all offer reasonable protection from malware. But how well do they work for day-to-day users? We look at nine of them.
 
Adobe Systems has agreed to buy Web software maker Day Software Holding in a deal worth $240 million, the company said in a statement Wednesday.
 
China's goal to become a technology giant is being helped by government policies that may force businesses to transfer their technical know-how for access to China's market, a new report finds.
 
Ten years ago, storage capacity utilization rates hovered around 25%. Now, even after massive SAN adoption and the arrival of thin provisioning technology, most IT shops still waste as much as 60% of their storage capacity.
 
It's one of the best things about the Defcon hacking conference, and one of its most closely guarded secrets: the programmable badge that's handed out to show attendees every year.
 
Panasonic unveiled its first two consumer camcorders capable of recording video in 3D on Wednesday in Tokyo.
 
Panasonic unveiled its first two consumer camcorders capable of recording video in 3D on Wednesday in Tokyo.
 
Amazon.com is sold out of the US$189 version of its popular Kindle e-readers, and the company did not say when new stock will come in.
 
E Ink Holdings, the company that makes the screens for Amazon.com's Kindle, said it is dedicated to increasing capacity to meet the requirements of the market, after Amazon revealed that its US$189 Kindle had sold out.
 

Internet Storm Center Infocon Status