InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A Google executive refuted recent comments from Microsoft CEO Steve Ballmer, who said Microsoft wins enterprise cloud contracts 98 percent of the time when up against the search giant.
IBM Lotus Domino Remote Console Authentication Bypass Vulnerability
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Researchers at Columbia University have discovered a vulnerability in HP?s LaserJet printers that could allow attackers to gain complete remote control.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
The U.S. House of Representatives has approved a bill that will help workers from India and China get employment-based green cards over the next few years.
Several members of the U.S. House of Representatives Judiciary Committee voiced support Wednesday for legislation that would allow states to collect sales tax on Internet purchases.
30 Days With the Cloud: Day 16
Spotify on Wednesday launched a development platform designed to let third parties create applications that integrate with its popular digital music-streaming service.
Reader Curt Forsyth is yet another person flummoxed by iTunes Match. He writes:
Netflix designed its cloud architecture so that it has the option to move to an Amazon Web Services competitor, but doesn't expect a real competitor to emerge for a few years, a Netflix executive said on Wednesday.
Security looks at operational risk, but most big companies have officers called risk managers who actually buy insurance policies for the company. What's on their minds? If you run a security operation, you should know, because your work and their work are intertwined. Insider (free registration required)
The hackers behind the Duqu botnet have shut down their snooping operation, according to Moscow-based Kaspersky Lab.
Walgreens and Cisco are working together to provide Cisco employees and their family members with remote doctor's check-ups via video conferencing and other Web 2.0 tools.
Samsung on Wednesday said it has started shipping test units of its latest dual-core mobile chip based on ARM's new Cortex-A15 processor design, which could boost the performance of applications and graphics on smartphones and tablets.
Cloud computing consulting firm GlobalOne Wednesday released the first of three CRM packages that aim to help financial services firms and banks transition to cloud computing with Salesforce.com.
With Lenovo surging in the PC maker market, Hewlett-Packard (HP) is facing a serious challenge to its long-standing first-place position.
CodeIgniter 'CI_Security' Class 'xss_clean()' Filter Security Bypass Vulnerability
Google is rolling out a fix to a volume fluctuation problem in the Galaxy Nexus smartphone's. The fix is due to reach current customers by next week.
Heroku pairs rapid application deployment with a wealth of developer tools, but is light on manageability. Insider (free registration required)
CCMPlayer '.m3u' File Remote Stack Buffer Overflow Vulnerability
[SECURITY] [DSA 2354-1] cups security update
Pro-choice advocates have accused Apple's new Siri voice-activated assistant of refusing to locate family planning or abortion clinics, and have kicked off a petition urging Apple to update Siri.
Engine Yard offers fine-grained control over all aspects of the environment, at the cost of speed and ease. Insider (free registration required)
Storage vendor STEC announced a high-performance drive that has three times the endurance capability of previous generation MLC-based solid state drives.
Puma simplified its cloud strategy and saved money by consolidating from using four cloud vendors down to just one. Here's what they did and why they did it. Insider (free registration required)
Box is making headlines in cloud-based storage once again. It has enhanced the features of the Box for Android app, and it is teaming up with LG to provide 50GB of free cloud-based storage for all LG Android mobile devices.
Hastymail2 'ajax.php' Cross Site Scripting Vulnerability
HP Network Node Manager i Multiple Cross Site Scripting Vulnerabilities
CoDeSys Multiple Remote Denial of Service Vulnerabilities
It's been demonstrated that the average listener can tolerate exactly 27 days of holiday-themed music per year. At the same time, very few of us are willing to pungle up the dough necessary to obtain 648 hours of eggnog- and reindeer-themed tunes. Thanks to Pandora--the ad-supported streaming music service--there's no need to. Construct your Pandora stations correctly and you can fill your home with holiday music for nothing more than the occasional Geico commercial.
Michael Friedenberg, President and CEO of CIO magazine, weighs in with his top ten predictions for what will impact the IT-business landscape in 2012.
Consumers took advantage of Cyber Monday deals, racking up $1.25 billion worth of online purchases on the first business day of the week following Thanksgiving.
Wordpress 1-jquery-photo-gallery-slideshow-flash plugin Cross-Site Scripting Vulnerabilities
WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities
While the Adobe Flash replacement packages browser data more efficiently, HTML 5 security issues present holes that could be targeted by attackers.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability
Wordpress flash-album-gallery plugin Cross-Site Scripting Vulnerabilities
CanSecWest 2012 Mar 7-9; 2nd call for papers, closes next week, Monday.Dec 5 2011
Temperatures in Phoenix, Arizona -- one of the most arid places in the U.S. -- routinely exceed 100 degrees Fahrenheit (38 degrees Celsius). That's about the opposite of the typical cool-weather environments companies often choose to build data centers.
Start-up Agari debuts today with cloud-based e-mail security services aimed at allowing enterprises and e-commerce companies to identify and block fake and spoofed e-mail exploiting their legitimate business domain names to conduct scams and phishing attacks.
Adobe Systems has acquired Efficient Frontier in order to boost its abilities to power advertising campaigns that use social networks and search engines to reach consumers, the company said on Wednesday.
Salesforce.com on Wednesday rolled out the Radian6 Social Marketing Cloud, a new set of services that builds on its core CRM (customer relationship management) software.
Moving on down the list of things I normally do on my PC that I now need a cloud-based equivalent for, next is keeping track of my finances. I have been using Intuit’s Quicken in some way shape or form for over a decade, but for 30 Days With the Cloud I am going to transition to Mint.com.
Global cloud computing traffic will grow 12-fold from now to 2015, according to a newly released survey from Cisco.

Rapid7 Partners With Spire Solutions to Expand its Reach in Middle East Region
Sacramento Bee
Spire Solutions is a specialist IT security distributor that offers Information Security solutions and services across the Middle East region through its extensive network of reselling partners, System Integrators, Infosec consultants and MSP's/MSSP's. ...

and more »
MobileIron hopes to help businesses prepare for what it believes will be an onslaught of Android phones in 2012 with an updated version of its mobile device management software.
Acer expects to meet its target of shipping 250,000 to 300,000 ultrabooks in the fourth quarter, it said Wednesday, after struggling with declining PC sales this past year.
HTC has won a case in the U.S. that alleged the Taiwanese smartphone maker had infringed on several digital camera patents controlled by FlashPoint Technology.
So you're at the company Christmas party, and you've drank too much. The next day, an unflattering photo is on Facebook, but you don't know it since you haven't been tagged.
Amazon told a Massachusetts congressman that the Silk browser in its Kindle Fire tablet doesn't pose a privacy threat to consumers, but the lawmaker wasn't ready to give the online retailer a pass.
Now that it's settled with the FTC over privacy concerns, Facebook has a chance to correct course, analysts say.
Engine Yard provides the most extensive control over the application environment, while Heroku makes life easier for developers
Unified communications isn't easy or cheap, but for companies that want to differentiate their customer service, it's becoming a must-have. Insider (registration required)
Apple is seeking to stop Samsung Electronics from selling the modified Galaxy Tab 10.1 that it released in Germany in an effort to dodge an earlier injunction obtained by Apple, a spokesman for the company said.

Posted by InfoSec News on Nov 30

Forwarded from: Dragos Ruiu <dr (at) kyx.net>

So after a dozen years or so organizing conferences, you get the urge to
pull levers and try experimenting with things. So this year I sent out
the CanSecWest CFP only over Twitter, and G+ publicly. Just curious as
to the adoption and information dispersion rate, and some estimate of
the attention these newer channels are getting.

So after this experiment I hear about people having...

Posted by InfoSec News on Nov 30


By Greg Weston
CBC News
Nov 29, 2011

A leading cyber-crime expert says foreign hackers who launched a massive
attack on Canadian government computers last fall also broke into the
data systems of prominent Bay Street law firms and other companies to
get insider information on an attempted $38-billion corporate takeover.

Daniel Tobok, whose international...

Posted by InfoSec News on Nov 30


By Jaikumar Vijayan
November 29, 2011

Millions of Hewlett Packard Co.'s LaserJet printers contain a security
weakness that could allow attackers to take control of the systems,
steal data from them and issue commands that could cause the devices to
overheat and catch fire, according to two researchers from Columbia...

Posted by InfoSec News on Nov 30


By Fahmida Y. Rashid

It's getting harder and harder to tell the fake antivirus apart from the
real software as cyber-criminals improve the look and feel of the
scareware programs.

Developers of fake antivirus software are getting better at copying the
look and feel of legitimate antivirus products to...

Posted by InfoSec News on Nov 30


By Eric Chabrow
Executive Editor
November 30, 2011

The lack of government-wide definitions for information security
occupations means the agencies with the largest IT budgets don't know
how many cybersecurity experts they employ.

That's one finding in a Government Accountability Office report released
Tuesday that details how eight surveyed agencies have...

Posted by InfoSec News on Nov 30


By Tom Spears
Postmedia News
November 28, 2011

OTTAWA -- An Ottawa physicist has developed a way to generate random
numbers, the key to encrypting data in ways that hackers can't figure

Ben Sussman builds quantum technologies at the National Research
Council. He's tapping into the fact that at the tiny (or...

Posted by InfoSec News on Nov 30


By Dan Goodin in San Francisco
The Register
30th November 2011

An Android app developer has published what he says is conclusive proof
that millions of smartphones are secretly monitoring the key presses,
geographic locations, and received messages of its users.

In a YouTube video posted on Monday, Trevor Eckhart showed how software
from a Silicon Valley company known as Carrier...
Internet Storm Center Infocon Status