InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Google will open an online store where it will market and sell tablets directly to consumers, with some of the devices potentially being co-branded with Google's name, the Wall Street Journal reported Thursday.
Revenue and sales continue to shrink at Research In Motion as the company struggles to stay relevant before it launches a new smartphone platform.
A Fair Labor Association investigation reveals compensation issues, health and safety risks in a widespread survey


Who Decides How to Allot Infosec Funds?
... the Information Security Forum investigates, clarifies and resolves key issues in information security and risk management, by developing best practice methodologies, processes and solutions. Who Decides How to Allot Infosec Funds ?

Revenue and sales continue to shrink at Research In Motion as the company struggles to stay relevant before it launches a new smartphone platform.
Windows 8 Consumer Preview offers a new look at Microsoft's upcoming interface for both computers and tablets. Can Windows 8 work well in both environments?
Recent online privacy proposals by the U.S. White House and Federal Trade Commission could lead to new regulations that stifle innovation on the Internet, some lawmakers and other critics said Thursday.
Dell plans to introduce new smartphone models in the U.S. later this year, the company said on Thursday.
A Fair Labor Association investigation reveals compensation issues, health and safety risks in a widespread survey
Google yesterday patched nine vulnerabilities in Chrome and boosted the speed and reach of the browser's hardware acceleration with the launch of version 18.
EBay has tapped David Marcus to replace Scott Thompson as president of PayPal effective April 2, the company announced Thursday.
A method that anyone can use to hijack a massive multipurpose botnet called Sality was described in detail on a public mailing list on Tuesday.
Adobe released a bulletin addressing critical flaws in Flash Player and rolled out a silent automatic update feature in Flash 11.2

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google

Proposed EU Law Wants To Criminalize Possession of Hacking Tools
By criminalizing the possession of hacking tools, the proposed law could also hinder the efforts of white and grey hats working on the legal side of the infosec industry. Cyber security expert Mikko Hyppönen, Chief Research Officer at F-Secure in ...

and more »
AOL decommissioned almost 10,000 servers and saved itself US$5 million along the way to winning a contest that highlights the cost of running inefficient or underutilized IT equipment.
[waraxe-2012-SA#081] - Multiple Vulnerabilities in Coppermine 1.5.18
U.S. officials Thursday said that offshoring will hurt the growth of programming jobs in in this decade, though expansion of health care IT and mobile networks will increase demand for software developers, technical support and system analysts.
The controversy over Apple's iPad 3 not working on Australian LTE networks may be just one signal of problems ahead for international LTE roaming.
Security researchers from four different organizations last week brought down a botnet by turning a supposed strength of the criminals' spamming network into a fatal weakness.
For today only, Amazon's Kindle Fire is cheaper than ever, with refurbished models on sale for $139.
Research In Motion has sent a letter to a standards group complaining about Apple's tactics in the battle over the upcoming nano-SIM standard, joining Nokia in trying to shed doubt over Apple's efforts.
Oracle has acquired ClearTrial, which offers cloud-based applications that help companies run clinical trials of new drugs. Terms of the deal, which is expected to close in the first half of this year, were not disclosed.
Adobe Flash Player APSB12-07 Multiple Memory Corruption Vulnerabilities
John D'Ambrosia, Chief Ethernet Evangelist in the CTO Office at Dell (he came onboard when Dell bought Force10), is a founder of the Ethernet Alliance and currently serving as its chairman. Network World Editor in Chief John Dix recently caught up with D'Ambrosia for an update on the Alliance and Ethernet advances. Insider (registration required)
Six U.S. government agencies will spend more than $200 million to help the government better organize and analyze large volumes of digital data, in a new "big data" research and development effort announced by President Barack Obama's administration Thursday.
Amazon Web Services today announced that genomic information of 1,700 individuals has been placed in its public cloud and can be accessed by anyone in the world.
About half of the mobile phones used in the U.S. are smartphones, according to a Nielsen survey.
IrfanView JPEG-2000 Plugin Remote Stack Based Buffer Overflow Vulnerability
For Gregg Leach, CFO of aircraft overhaul and repair business Able Engineering, the need to involve the IT department on major projects was never questioned. "I've got more background in IT than I do in finance," said the finance chief, whose previous work experience included serving as the CIO of a health care company, and IT positions with finance components.
Security researchers have encountered new email-based targeted attacks that exploit a vulnerability in Microsoft Office to install a remote access Trojan horse program on Mac OS systems.
Cross-site scripting vulnerability in Invision Power Board version 3.2.3
[ MDVSA-2012:044 ] cvs
[ MDVSA-2012:043 ] nginx
If you fall for a social engineer's trickery, it's embarrassing.
NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Any logged-in user can bypass controls to reset passwords of other administrators
NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Arbitrary file download is possible with a crafted URL when logged in as any user
NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked
NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI
NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens
[SECURITY] [DSA 2444-1] tryton-server security update
OWASP AppSec Research EU CFP/CFT

New Cloud based Policy Management Software incorporating mobile user access ...
PR Web (press release)
Metacompliance launch new Cloud based Policy Management Software incorporating mobile user access showcased at InfoSec 2012. Demonstrations will take place at their stand H30. At InfoSec 2012, Metacompliance will be launching MyCompliance®, ...

and more »
Yahoo websites worldwide will comply with visitors' "do not track" preferences starting later this year, Yahoo announced Wednesday.
ESingles has been relentlessly mocked, both by LulzSec Reborn and others who have compared the stolen data with what's on the site.
Corporate IT executives and analysts offer advice on dealing with the increased worker use of social networks for business purposes.

This week I was researching the current state of the SIEM market, and I was pleasantly surprised to see the progress that has been made in many SIEM products. 


If you’d asked me about SIEM products a few years ago, I would have said they were irritable, accident-prone giants. They took up a lot of time and money as administrators struggled to customize their policies and clean up the messes made from too many false positives.


But this week I found out the giants have grown up and calmed down.  Administrators say the interfaces and wizards are a lot easier to use, and automated threat responses have become more reliable, doing the job they were meant to do.


They’ve scaled down, too. SMBs are finally able to take advantage of SIEM functions with lower-priced products (albeit with lower capacity, too). Other SMBs are getting their SIEM benefits through managed services. 


Of course, there’s still plenty of room for improvement. Jessica Ireland, an analyst at Info-Tech Research Group, says vendors are working to integrate SIEM with GRC and security infrastructure products. If they succeed, they will go a long way toward helping us react to threats ever faster and more precisely.


I hope SIEM vendors will proceed with caution and not let SIEM platforms get out of hand again by trying to do too much. I’d hate to see those cumbersome giants come back.


Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
Amazon Web Services has upgraded the Linux image that runs in its cloud to include newer versions of Tomcat, MySQL and Python, while at the same time allowing enterprises to stay on older versions, the company said in a blog post on Wednesday.
A South African inventor has claimed in a U.S. federal court that Apple's iTunes and Sony's PlayStation Network infringe a patent relating to a "data vending system" issued to him in 2004.
A leading rights advocacy group this week called on Congress to add civil liberties protections to a recently passed law that opens U.S. airspace to unmanned aerial vehicles.
Motorola refused Microsoft's offer of a $300 million bond to postpone enforcement of potential German injunctions against Microsoft products that use the H.264 video codec, which if granted could exclude Microsoft from the German market, according to court documents filed on Wednesday.
Digital tape media will turn 60 in May, and while tape sales are on the decline, new open file specifications like LTFS and new markets could revive tape for the long term.

Posted by InfoSec News on Mar 29


The Wall Street Journal
March 28, 2012

WASHINGTON -- The Federal Bureau of Investigation's top cyber cop
offered a grim appraisal of the nation's efforts to keep computer
hackers from plundering corporate data networks: "We're not winning," he

Shawn Henry, who is preparing to leave the FBI after more than two...

Posted by InfoSec News on Mar 29


By Benjamin A Shobert
Asia Times Online
March 29, 2012

Monday's Congressional United States-China Economic and Security Review
Commission (USCC) again turned its attention to what is becoming an
increasing focal point for it: China's cyber-security practices.

Jason Healey, the director of the Cyber-Statecraft Initiative for the
Atlantic Council, reflected both the frustration and...

Posted by InfoSec News on Mar 29


By John E Dunn
28 March 2012

Individuals convicted of a wide range of hacking offences in the EU will
face a minimum of 2 years in prison anywhere in the 27-nation bloc under
new proposals accepted by an influential European Parliament committee.

The Civil Liberties Committee voted 50 in favour, 1 against with only 2
abstentions to...

Posted by InfoSec News on Mar 29


By Taylor Armerding
March 28, 2012

Will the hacker group Anonymous make good on its threat to take down the
Internet Saturday? Probably not. But it could slow it down, according to
a number of security experts. And it may depend in part on how unified
Anonymous is about the attack -- there are some indications of divisions
within the group....

Posted by InfoSec News on Mar 29


28 March 2012

Ex-convict in charge of national ID cards

Security at the head office of the National Identification Authority
(NIA) in Accra has been seriously breached, as Today can categorically
state that all the secured components that can be used to mould national
identification cards have been put under the direct care and control of
an ex-convict who was...
Apple CEO Tim Cook met with a top Chinese official on Tuesday, who called on foreign companies to pay more attention to the care of their workers in the country, according to state-run media.
Internet Storm Center Infocon Status