InfoSec News

IBM researchers have made a breakthrough in using pulses of light to accelerate data transfer between chips, something they say could boost the performance of supercomputers by more than a thousand times.
 
Comcast and Level 3 on Tuesday stepped up their war of words over a content delivery dispute as the U.S. Federal Communications Commission also entered the fray.
 

The Guardian

Bradley Manning, in his own words: 'This belongs in the public domain'
The Guardian
... and culturally (2:13:02 pm) Manning: perfect example of how not to do INFOSEC (2:14:21 pm) Manning: listened and lip-synced to Lady Gaga's Telephone ...

and more »
 
Splashtop on Tuesday released a new version of its instant-on OS that is based on the Chromium browser and could shorten PC boot times to just a few seconds.
 
MIT Kerberos Checksum AD-SIGNEDPATH and AD-KDC-ISSUED Security Bypass Vulnerability
 
MIT Kerberos 5 1.7.x Checksum Multiple Remote Security Bypass Vulnerabilities
 
MIT Kerberos 5 1.3.x Checksum Multiple Remote Security Bypass Vulnerabilities
 
KDE KGet Security Bypass and Directory Traversal Vulnerabilities
 
BugTracker.NET SQL Injection and Cross Site Scripting Vulnerabilities
 
The Linux Foundation's annual report on who writes the Linux kernel shows growing interest from the mobile handset industry.
 
Ransomware is making a comeback, plaguing users with extortion demands of up to $120 to return documents or drives to their control, security experts said today.
 
Apple has asked PhotoFast, a licensed accessory partner, to discontinue production of a 256GB SSD upgrade kit for the MacBook Air laptop.
 
Windows Phone 7 (WP7) smartphones have been on sale for more than three weeks in the U.S. and seem to be producing little buzz and only so-so sales.
 
From courtroom trials to executive shake-ups, 2010 was quite a year for the ERP marketplace. But 2011 has even more drama in store: Here's our analysis of the key problems, players and products.
 
Over the past few days you've learned what Windows Explorer is, where to find it, and how to tweak its layout. Today, let's look at an option that makes Windows Explorer a little easier to navigate.
 
The European Commission's announcement that it has launched an antitrust investigation against Google could spur further inquiries into Google's search practices, industry analysts said.
 
We all want the newest, shiniest toys, but do we really need them?
 
If you've ever paid attention to the market share statistics for desktop operating systems you probably know that Linux is most frequently pegged at about one percent.
 
Apple's iPad is challenging Amazon's Kindle for the lead in the U.S. e-reader market, a retail research firm said today.
 
Following the Cablegate release, and with news the next target for full exposure is a major U.S. Bank, we ask: Is WikiLeaks a hero of democracy or data theft villain?
 
WikiLeaks will soon release internal documents from a major U.S.-based bank, its founder told Forbes.com.
 
WikiLeaks, the focus of attention since it released a quarter-million U.S. diplomatic cables two days ago, is again under a denial-of-service (DoS) attack, Internet researchers said today.
 
The Electronic Frontier Foundation and a Web site owner vow to fight domain name seizures by two U.S. government agencies trying to fight copyright infringement.
 
Sony, Nikon and SanDisk have developed a new specification for CompactFlash memory cards that promises photographers the ability to continuously shoot high-quality RAW images.
 
Multiple Canon Digital Cameras HMAC Unauthorized Access Vulnerability
 
MITKRB5-SA-2010-007 Multiple checksum handling vulnerabilities [CVE-2010-1324 CVE-2010-1323 CVE-2010-4020 CVE-2010-4021]
 
In an interview with Computerworld, Tom Rizzo, senior director of Microsoft Online Services, talked about the company moving its popular Office apps into the cloud, as well its competition with main rival Google.
 
Startup Navajo Systems is targeting Salesforce.com customers who face regulatory hurdles involving data privacy and cloud computing with a new service it calls Virtual Private SaaS.
 
Oracle Java SE and Java for Business CVE-2010-3567 Remote 2D Vulnerability
 
Gettysburg: Scourge of War isn't a real-time strategy game for the masses. It has a perfectly functional interface, but you'd never call it "slick." It's more study-intensive than the comparably simplistic Total War real-time strategy games but yields commensurately higher returns. It tackles the mother of all Civil War battles with aplomb and occasionally startling historical verisimilitude, offering control of blues and grays from army scale down to regimental level. It's wargaming without apologies, designed by hardcore history buffs for hardcore history gamers.
 
[USN-1024-1] OpenJDK vulnerability
 
Sony, Nikon and SanDisk have developed a new specification for CompactFlash memory cards that promises photographers the ability to continuously shoot high-quality RAW images.
 
A group led by former Pirate Bay spokesman Peter Sunde is forming to develop a peer-to-peer-based alternative to today's ICANN-controlled DNS system, according to a blog posted on Tuesday.
 
Dell has announced an ultraportable laptop with a new technology from Intel that sucks in outside air to keep the system quieter and cooler.
 
Linux Kernel Econet Protocol Multiple Local Vulnerabilities
 
Verizon Wireless is scheduled to disclose details tomorrow of its plan to launch a LTE 4G wireless network in 38 U.S. cities.
 
[eVuln.com] Multiple XSS inj in Wernhart Guestbook
 
[ MDVSA-2010:244 ] phpmyadmin
 
Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities
 
VMSA-2010-0017 VMware ESX third party update for Service Console kernel
 
The shift to mobile devices is pushing security vendors into retooling their traditional signature technologies, according to Sophos's security strategist, James Lyne..

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Poppler Multiple Denial of Service and Memory Corruption Vulnerabilities
 
Quagga bgpd Null Pointer Deference Denial Of Service Vulnerability
 
Quagga bgpd Route-Refresh Message Stack Buffer Overflow Vulnerability
 
We received a report this morning (Thanks Rob) asking if we've heard about any other problems with Google's reputation server. Apparently starting this morning at ~8:30 EST, Firefox started reporting a number of clean sites as attack sites.
Since Firefox gets this reputation information from Google, Rob writes in asking if we've heard any other reports.
So let's hear from you. Any other strange activity?

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The European Commission is investigating allegations that Google abused its dominant position in online search to promote its other services, such as price comparators, the commission announced today.
 
Logicworks is launching a public cloud offering that can be linked to its managed hosting service.
 
Xen 'fixup_page_fault()' Denial of Service Vulnerability
 
Winamp Prior to 5.6 Multiple Vulnerabilities
 
Today VMWare released a Security Advisory at this URL:
http://lists.vmware.com/pipermail/security-announce/2010/000111.html
It's an update forVMware ESX 4.1 without patch ESX410-201011001.
Here's the problem description right off of their website:


a. Service Console OS update for COS kernel package.

This patch updates the Service Console kernel to fix a stack
pointer underflow issue in the 32-bit compatibility layer.

Exploitation of this issue could allow a local user to gain
additional privileges.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2010-3081 to this issue.

So if you are running this software in your enterprise, you'll want to take a look at this one. Thanks to VMWare for this one.
-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
China has blocked Internet access to WikiLeaks' release of more than 250,000 U.S. Department of State cables, with its Foreign Ministry saying that it does not want to see any disturbance in China-U.S. relations.
 
The European Commission is investigating allegations that Google abused its dominant position in online search to promote its other services, such as price comparators, the commission announced today.
 
Iran on Monday apparently confirmed that the Stuxnet worm disrupted the country's uranium enrichment efforts, but one of the researchers who has dug deepest into the malware wasn't ready to call it a done deal.
 
Apache Archiva Cross Site Request Forgery Vulnerability
 
When Apple finally rolled out iOS 4.2 last week, AirPlay, AirPrint and iPad-focused changes got most of the attention. But the mobile OS includes a slew of incremental improvements and new user accessibility features that make it a worthwhile upgrade.
 
China has unveiled a sleek, ultramodern-appearing design for its new supercomputing center that may be seen as reflecting the country's broader supercomputing ambitions.
 
Joomla Store Directory 'id' Parameter SQL Injection Vulnerability
 
eSyndiCat Directory Software Multiple Cross Site Scripting Vulnerabilities
 
Joomla Competitions Component Multiple SQL Injection and HTML Injection Vulnerabilities
 
InfoSec News: Nuclear scientist killed in Tehran was Iran's top Stuxnet expert: http://www.debka.com/article/20406/
DEBKAfile Special Report November 29, 2010
Exclusive from debkafile's intelligence sources:
Prof. Majid Shahriari, who died when his car was attacked in North Tehran Monday, Nov. 29, headed the team Iran established for combating [...]
 
InfoSec News: Report: Iran confirms Stuxnet hit centrifuges: http://www.computerworld.com/s/article/9198441/Report_Iran_confirms_Stuxnet_hit_centrifuges
By Robert McMillan IDG News Service November 29, 2010
The Stuxnet worm hit centrifuges used to enrich uranium at Iran's nuclear sites, the Reuters news agency quoted Iran's President Mahmoud [...]
 
InfoSec News: Android Vulnerable To Data Theft Exploit: http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=228400108
By Mathew J. Schwartz InformationWeek November 29, 2010
Google is working to patch a new data-stealing vulnerability that affects all versions of the Android operating system. [...]
 
InfoSec News: [Dataloss Weekly Summary] Week of Sunday, November 21, 2010: ========================================================================
Open Security Foundation - DataLossDB Weekly Summary Week of Sunday, November 21, 2010
5 Incidents Added.
======================================================================== [...]
 
InfoSec News: Cyberattack Against WikiLeaks Was Weak: http://www.wired.com/threatlevel/2010/11/wikileaks-attack/
By Kevin Poulsen Threat Level Wired.com November 29, 2010
In the first test of WikiLeaks’ resiliency since a staff rebellion earlier this year, the organization recovered within hours from a [...]
 

Posted by InfoSec News on Nov 29

http://www.computerworld.com/s/article/9198441/Report_Iran_confirms_Stuxnet_hit_centrifuges

By Robert McMillan
IDG News Service
November 29, 2010

The Stuxnet worm hit centrifuges used to enrich uranium at Iran's
nuclear sites, the Reuters news agency quoted Iran's President Mahmoud
Ahmadinejad as saying Monday.

According to the report, Ahmadinejad said that enemies of Iran
"succeeded in creating problems for a limited number of our...
 

Posted by InfoSec News on Nov 29

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=228400108

By Mathew J. Schwartz
InformationWeek
November 29, 2010

Google is working to patch a new data-stealing vulnerability that
affects all versions of the Android operating system.

The vulnerability was discovered by security researcher Thomas Cannon.
"While doing an application security assessment one evening I found a
general vulnerability...
 

Posted by InfoSec News on Nov 29

========================================================================

Open Security Foundation - DataLossDB Weekly Summary
Week of Sunday, November 21, 2010

5 Incidents Added.

========================================================================

DataLossDB is a research project aimed at documenting known and reported
data loss incidents world-wide. The Open Security Foundation asks for
contributions of new incidents and new data for...
 

Posted by InfoSec News on Nov 29

http://www.wired.com/threatlevel/2010/11/wikileaks-attack/

By Kevin Poulsen
Threat Level
Wired.com
November 29, 2010

In the first test of WikiLeaks’ resiliency since a staff rebellion
earlier this year, the organization recovered within hours from a
distributed denial-of-service attack during its rollout of leaked State
Department cables Sunday. But experts who monitored the disruptive
traffic say the attack was relatively modest in...
 

Posted by InfoSec News on Nov 29

http://www.debka.com/article/20406/

DEBKAfile Special Report
November 29, 2010

Exclusive from debkafile's intelligence sources:

Prof. Majid Shahriari, who died when his car was attacked in North
Tehran Monday, Nov. 29, headed the team Iran established for combating
the Stuxnet virus rampaging through its nuclear and military networks.
His wife was injured. The scientist's death deals a major blow to Iran's
herculean efforts to purge its...
 


Internet Storm Center Infocon Status