InfoSec News

Keeping pace with its rivals in the VDI (virtual desktop interface) market, VMware has updated its desktop virtualization software so that users can now personalize their desktops and stream them over WANs (wide area networks), the company said Monday.
 
VMware CEO Paul Maritz urged customers to think beyond the desktop computer. It is a dead metaphor, he insisted, one ill-suited for today's workforce.
 
Security firms say the Morto worm isn’t a Trojan, but an Internet worm that spreads via Windows Remote Desktop Protocol (RDP).

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

GovInfoSecurity.com

Infosec in a Decentralized Environment
GovInfoSecurity.com
Give a man a fish, you feed him for today, the proverb says. Teach a man to fish; and you feed him for a lifetime. That adage can be applied to information security, as well. And, that's what happening in Ohio, where the state government's centralized ...

 

Johnny Long, charity hacker, announces InfoSec without Borders
Digitaltrends.com
Talking to Mills, Long discussed his newly launched program called InfoSec without Borders which is modeled after its namesake Doctors Without Borders. Both InfoSec without Borders and the Hackers for Charity nonprofit are tasked with providing free IT ...

 

Infosec expert traces and recovers his laptop - stolen in the London riots ...
Infosecurity Magazine
A technical expert with HP-ArcSight says he was able to track and report his Macbook Pro laptop – stolen in last week's London riots - and assist the police in returning the computer. According to Greg Martin, he returned home to his flat in Ealing ...

 

SYS-CON Media (press release) (blog)

F5 Friday: Zero-Day Apache Exploit? Zero-Problem
SYS-CON Media (press release) (blog)
#infosec A recently discovered 0-day Apache exploit is no problem for BIG-IP. Here's a couple of different options using F5 solutions to secure your site against it. It's called “Apache Killer” and it's yet another example of exploiting not a ...

 
Snow Leopard may be getting support for iCloud, one runner shows his appreciation for Steve Jobs by thinking...different, and this wedding came complete with iPad support. The remainders for Monday, August 29, 2011 are full of pomp and circumstance.
 
Even though Hewlett-Packard is considering spinning off or selling its Personal Systems Group, it's still business as usual for one of its larger customers, the U.S. Air Force.
 
Digital rights groups ask the U.S. FCC to rule against BART's decision to shut down mobile phone service during a planned protest.
 
The three wireless carriers in the Isis mobile-payment joint venture are investing more than $100 million into the project, according to a published report.
 
Hackers have obtained a digital certificate good for any Google website from a Dutch certificate provider, a security researcher said today.
 
The start of the trial in Oracle's lawsuit against Google over alleged Java copyright and patent violations in the Android mobile OS could be delayed, according to a judge's ruling issued Monday in U.S. District Court for the Northern District of California.
 
Three weeks after launching a bug bounty program that pays Web hackers cash for finding flaws with its website, Facebook said it has paid out more than $40,000 in rewards.
 
Microsoft Windows TCP/IP ICMP CVE-2011-1871 Remote Denial Of Service Vulnerability
 
Oracle Sun Solaris CVE-2011-2287 Remote Vulnerability
 
DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal
 
Updated figures released by federal officials on Monday showed 6,500 cell towers and sites were damaged or disrupted as a result of Hurricane Irene.
 
Dell's unveiling of a cloud infrastructure today comes five years to the month after Amazon announced its Elastic Compute Cloud beta, which may well have been the first service to call itself a cloud.
 
The challenge to port Google's Android OS to Hewlett-Packard's now-defunct TouchPad has been met, with a developer demonstrating an alpha version of the OS working on the tablet.
 
Mozilla Firefox and Thunderbird CVE-2011-2991 JavaScript Memory-Corruption Vulnerabiility
 
Mozilla Firefox and Thunderbird CVE-2011-2989 WebGL Memory-Corruption Vulnerabiility
 
Mozilla Firefox/SeaMonkey CVE-2011-2990 Information Disclosure and Security Bypass Vulnerabilities
 
Mozilla Firefox/SeaMonkey CVE-2011-2993 Security Bypass Vulnerability
 
LifeSize Room Vulnerabilities
 
Multimedia Creative (prodotto.php?id) Remote SQL injection Vulnerability
 
Datriks Solutions (prodotto.php?id) (dettaglio_socio.php?id) Remote SQL injection Vulnerability
 
Marketing & Development (prodotto.php?cat) Remote SQL injection Vulnerability
 
Microsoft on Monday said it will "ribbonize" the file manager in next year's Windows 8, adding Explorer to the short list of integrated applications that already sport the interface in Windows 7.
 
A Georgia Tech professor envisions greater reliance on device-to-device communications using typical consumer phones after a disaster.
 
Canonical's Ubuntu may frequently dominate the headlines in the Linux world, but the fact remains that it's just one of many popular desktop distributions of the free and open source operating system.
 
[Foreground Security 2011-001]: Casper Suite (JSS 8.1) Cross-Site Scripting
 
phpWebSite (publisher) Remote SQL injection Vulnerability
 
Microsoft Remote Desktop Protocol CVE-2011-1968 Denial of Service Vulnerability
 
JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities
 
Facebook has decided to shut down its Deals feature after testing it for several months with big name brands like Gap, Starbucks, Macy's, JCPenney and American Eagle Outfitters.
 
Adobe Flash Player CVE-2011-0619 Remote Memory Corruption Vulnerability
 
Oracle Sun CVE-2011-2291 Local Solaris Vulnerability
 
Adobe Flash Player CVE-2011-0623 Remote Buffer Overflow Vulnerability
 
The price of DDR3 memory used in laptops, desktops and servers will drop over the next two months as memory companies try to clear out excess inventory in a slowing PC market, IHS iSuppli said on Monday.
 
While most businesses back up data and records as potential disasters approach, the American Red Cross has a communications and information systems infrastructure built to bring key data into areas ravaged by storms like Hurricane Irene.
 
Cisco announced that it has acquired privately held Versly, a maker of collaboration software for Microsoft Office applications.
 
RETIRED: F-Secure BlackList Local Privilege Escalation Vulnerability
 
Communications networks took a hit from Hurricane Irene, as 1,400 cell towers and cell sites were damaged or disrupted -- mainly in Virginia, New Jersey, New York and North Carolina, the FCC said Monday.
 
A new Windows worm is working its way through company networks by taking advantage of weak passwords, security researchers said over the weekend.
 
I recently read an intriguing Harvard Business Review blog post, The Three Ps of Online Indulgence, by Alexandra Samuel. This guidance begins with the topic of well-known adults displaying split personalities online. While their public activities follow socially accepted norms, their darker "shadow selves" behave very differently. Samuel's witty analysis artfully exposes the online hypocrisy of certain family-values politicians and the now-famous tweets of Congressman Anthony Weiner.
 
Name: Ron Gill
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Economic problems in the U.S. are likely to lead to cuts in IT budgets, of up to 10% in some cases, according to a report released Monday by Offshore Insights, a research and advisory firm in Pune, India.
 
Dell will launch its first cloud infrastructure service later this year through a partnership with VMware, continuing its push to move beyond PCs and into higher-margin software and services.
 
The Transaction Processing Performance Council should add an additional metric for availability to its set of database performance benchmarks, Microsoft researchers plan to argue at the upcoming TPC conference, being held this week in Seattle.
 
Augmenting its line of software to support cloud deployments, VMware has created a package for running the Postgres database in a virtualized environment, the company announced Monday.
 
DVD X Player PLF File Buffer Overflow Vulnerability
 
Squid Proxy Gopher To HTML Remote Buffer Overflow Vulnerability
 
At next week's Internationale Funkaustellung (IFA) in Berlin, smartphone makers are expected to push the boundaries of the device's screen sizes, while also launching tablets and trying to accelerate the momentum for 3D-capable products.
 
Samsung has updated its Samsung Galaxy S II smartphone and the Galaxy Tab 8.9 tablet, increasing processor speeds and adding the ability to connect to LTE (Long-Term Evolution) networks operating on three different frequency bands used in Europe.
 
Statically typed Java language pushed as alternative to JRuby and Groovy for building mobile Android apps
 
The rise of cloud computing and mobility could elevate the open source OS to a level of unprecedented dominance
 
China has long been a major hotspot for software piracy. Efforts to track unlicensed software use, however, are giving companies a chance to find the offenders and turn them into customers. Or in some cases, targets for lawsuits.
 
iPads and other tablets are making their way into the warehouse, bringing unprecedented mobility and real-time data visibility to industrial applications.
 
Silver Peak today announced free downloadable software that performs the same data acceleration functions as its enterprise-class product, but only for data replication between two sites and not multiple applications.
 
Apple's board of directors last Friday moved to lock in new CEO Tim Cook through mid-2021 by awarding him 1 million shares of the company's stock.
 
These 10 tech leaders have the vision, and they've shown that they have the drive -- but do they have what it takes to spearhead the next big thing in tech?
 

Posted by InfoSec News on Aug 29

http://www.thenorthwestern.com/article/20110827/OSH0101/108270302/Computers-Living-Healthy-Clinic-compromised-due-virus

The Oshkosh Northwestern
Aug. 27, 2011

The names and other confidential information of about 3,000 clients of
the Living Healthy Clinic were exposed as a result of a computer
security breach In July.

The clinic, operated by the University of Wisconsin-Oshkosh College of
Nursing provides health services for uninsured...
 

Posted by InfoSec News on Aug 29

Forwarded from: Attila Bartfai <attila.bartfai (at) hacktivity.com>

World of Ethical Hackers Revs Up -- Hacktivity 2011

On September 17-18, 2011, Hacktivity, the largest hacker conference in
Central and Eastern Europe will be held again, this time at Millenáris.
The two-day conference will have a real festival mood, presentations,
workshops, games, the European finals of the Global CyberLympics,
hardware hacking, a party in the...
 

Posted by InfoSec News on Aug 29

http://www.informationweek.com/news/security/vulnerabilities/231600265

By Mathew J. Schwartz
InformationWeek
August 26, 2011

At least four models of insulin pumps sold by Medtronic are vulnerable
to being wirelessly hacked. In particular, an attacker could remotely
disable the pumps or manipulate every setting, including the insulin
dosage that's automatically delivered--every three minutes--to the user.

That was the report given by...
 

Posted by InfoSec News on Aug 29

http://www.networkworld.com/news/2011/082611-china-yanks-video-that-leaked-250168.html

By Robert McMillan
IDG News Service
August 26, 2011

The state-run China Central Television network has yanked a video that
inadvertently included a short clip of a cyber-attack tool targeting
Falun Gong websites.

Posted in mid-July, the video was a documentary entitled "The Internet
storm is coming!" Eleven minutes into the show, without...
 

Posted by InfoSec News on Aug 29

http://www.darkreading.com/authentication/167901072/security/attacks-breaches/231600301/researchers-uncover-the-email-that-led-to-the-rsa-hack.html

By Tim Wilson
Dark Reading
Aug 26, 2011

Experts as F-Secure's research lab say they have discovered the original
infected email that led to the breach of RSA's SecureID token
technology.

In a blog published today, the researchers outlined their methods for
finding the email, and...
 

Posted by InfoSec News on Aug 29

http://www.theregister.co.uk/2011/08/26/mac_osx_lion_security_hole/

By Dan Goodin in San Francisco
The Register
26th August 2011

Apple's latest version of Mac OS X is creating serious security risks
for businesses that use it to interact with a popular form of
centralized networks.

People logging in to Macs running OS X 10.7, aka Lion, can access
restricted resources using any password they want when the machines use
a popular...
 

Posted by InfoSec News on Aug 29

http://news.techworld.com/security/3299592/nations-with-low-malware-rates-have-better-isps-microsoft-research-finds/

By John E Dunn
Techworld
26 August 11

Countries with good national security teams (CERTs) and diligent ISPs
show consistently lower rates of malware infection than those states
that adopt a less paternalistic approach to security, a new analysis by
Microsoft researchers has suggested.

According to statistics drawn from the...
 

Posted by InfoSec News on Aug 29

========================================================================

The Secunia Weekly Advisory Summary
2011-08-18 - 2011-08-25

This week: 35 advisories

========================================================================

Table of Contents:

1.....................................................Word From Secunia...
 
Free MP3 CD Ripper '.wav' File Buffer Overflow Vulnerability
 
Internet Storm Center Infocon Status