InfoSec News

Well, maybe not today, but who among us can't see that as a diary title years from now?
On many occasions, our professional lives can feel heavy with the responsibility of a company's profitability or even livelyhood in the palm of our hand, so I thought it might be nice to end the year on a lighter note.
We've all had moments where something happened or someone said something so absurd that you were left speechless.
Send in your most absurd moments for this past year, or the most amusing diary entry you can imagine for next year and I'll post the best ones.
As a reminder, submissions are confidential so names will be changed to protect the innocent, and the guilty.
Happy New Year everyone and make sure you get an anti virus license for those implants!
Christopher Carboni - Handler On Duty (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Authorities in the U.S. and Germany have raided Internet Service Providers in hopes of tracking down the hackers who launched distributed denial of service (DDoS) attacks against Web sites such as,, and earlier this month.

10 Events Define Bank InfoSec in 2010
It is clear that 2010's events have set the stage for great industry change in 2011. has compiled a list of the year's most noteworthy ...

and more »
Hackers are exploiting a vulnerability in Microsoft Word to plant malware on Windows PCs, Microsoft said.
Abel Avram has posted an interesting analysis of the causes and solutions of the December 22nd Skype outage that affected millions of users.
In short the outage was caused by a bug in the undelivered message code. This bug had been fixed in a subsequent version, but 50% of Skype users were still using the buggy version. With Skype being a peer-to-peer application, and 40% of Skype clients crashing when the undelivered messages attempted delivery, it caused undo strain on the remaining Skype users' machines. thus causing a cascading network failure.
Most interesting are the lessons, which in retrospect seem a little obvious:

One important lesson to be learned is this: many users do not update their software if they dont have to.... Apparently Skype is considering a Google Chrome style invisible update.
Skype deciding to reviewtheir testing processes to determine better ways of detecting and avoiding bugs which could affect the system.
will keep under constant review the capacity of our core systems that support the Skype user base, and continue to invest in both capacity and resilience of these systems. and adequate capacity. Aren't these pretty much the cornerstones of effective IT?
-- Rick Wanner - rwanner at isc dot sans dot org - - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
China may soon ban Skype, the government's official newspaper said today, potentially putting the popular Internet chat and phone service in the same boat as Facebook, Twitter and YouTube.
Traditional enterprise software companies are finding new opportunities to serve customers on iPads, iPhone and other devices.
Apple Mac OS X WLAN Roaming with Disabled MCS Denial of Service Vulnerability
QuickPHP 'index.php' Remote Source Code Disclosure Vulnerability
A California woman whose lawsuit against Microsoft was dismissed earlier this year has again sued the company over "downgrade" rights to the nine-year-old Windows XP, according to federal court documents.
SQL Injection in LightNEasy
Ignition Multiple Local File Include and Remote Code Execution Vulnerabilities
CA ARCserve D2D r15 Web Service Apache Axis2 World Accessible Servlet Code Execution Vulnerability Poc
CSRF (Cross-Site Request Forgery) in Open blog
Path disclousure in ocPortal
Computer Associates ARCserve D2D 'Axis2' Component Default Password Security Bypass Vulnerability
When 2010 began, the software that ran the iPhone and iPod touch was still called 'iPhone OS.' By the end of the year, it had been rechristened iOS and Apple’s mobile operating system found itself on equal footing with its venerable Mac OS X counterpart.
Hackers are aiming for users of Google's Android mobile operating system with a malicious application that harvests personal information and sends it to a remote server.
You don't need superhuman precognition to know what will be big at next week's International Consumer Electronics Show: tablet computers. Companies have been rushing to catch Apple's iPad since it went on sale in April, and at CES 2011 a slew of new tablet computers are expected to be launched.
Yektaweb Academic Web Tools CMS 'browse.php' Cross Site Scripting Vulnerability
2010 was a phenomenal year for Apple, given the successful rollouts of the iPad, the new iPhone 4 and iOS 4, says Ryan Faas. He looks back at the year's hardware highs and lows with an eye on what's coming in 2011.
2010 saw Microsoft make a big grab for the cloud, while big business got serious about building clouds of its own
With Motorola splitting into two companies on Jan. 4, analysts believe the enterprise-focused business will thrive while the new consumer entity that makes Android smartphones will face challenges for some time in an increasingly competitive market.
Skype has updated its free iPhone app, adding the ability to make video calls over 3G mobile networks. The updated app is available for download from Apple's app store, Skype announced Thursday.

Internet Storm Center Infocon Status