In last couple of days well known anti-virus companies such as Computer Associates and McAfee released incorrect anti-virus definitions that caused false positive detections on various web sites.

CA's eTrust and InnoculateIT (VET) products had false positive detections on all JavaScript files packed with Dean Edwards JavaScript packer as JS/Snz.A. This caused false positive detection on a large number of legitimate and popular web sites.

McAfee made a similar mistake and had a false positive detection on ESPN's web site as JS/Exploit-BO. McAfee issued an emergency anti-virus definition update (5198) to correct this mistake.

Attackers today commonly use various JavaScript obfuscation and packing methods to evade anti-virus detection. Need for frequent definition release puts pressure on quality assurance processes by anti-virus vendors. Inadequate quality assurance, especially with anti-virus definitions, can cause serious business interruptions.

Infigo IS is pleased to inform you that we have been successfully certified against ISO 9001:2000 standard. Certification audit was performed by SGS (www.sgs.com), the world’s leading certification body.

ISO 9001 certificate is yet another confirmation that Infigo IS manages the quality of it's services and takes care of it's customer satisfaction. Through quality management system we control and improve our business processes, with clear goal to fulfill requirements and expectations of our clients.

Infigo IS has developed a culture of quality where continuous improvement of our people, processes and services becomes a way our company performs.

Our goals are to:

• fulfill needs and expectations of our clients,
• preserve leading position on domestic information security market,
• successfully compete on international information security market,
• further invest in development of the company,
• continually improve quality of our solutions and services,
• maintain excellent working environment,
• make opportunity for employment of young, motivated and educated people.

Annual event Infosek, which is traditionally organized in Nova Gorica, is known as the most important event in the field of information security in Slovenia. This conference is intended for presentation of newest information security trends and solutions in the field of information security.

On this years Infosek conference, which is being held on 22nd and 23rd of November, our experts for information security testing Leon Juranić and Saša Jušić will give lecture titled "Web application security: E-banking in focus".

Presentation will give overview of Web application vulnerabilities with special attention on Internet banking Web applications. Considering the experience Infigo IS has in that field, a demonstration of techniques for discovering and exploiting vulnerabilities of Web application specific for E-banking applications will be also given.

The third Advanced Technology Day conference, organized by Microsoft Croatia is taking place in Zagreb, Hotel International on 25th of October, 2007. This year the conference shall be completely dedicated to various Web technologies and solutions and their practical usage.

All presentations shall be divided in six different sections. Within the “Optimization” section, our specialists for penetration testing services, Leon Juranić and Saša Jušić, shall give lecture titled “Secure Web – exception more than a rule”.

The presentation will give a short overview of the most common Web application security problems, with special attention given to Cross Site Scripting, the most popular Web application vulnerability today. Demonstration of techniques and tools for discovering and exploiting Cross Site Scripting vulnerabilities is also featured in the presentation.

TD Ameritrade Holding said that their database has been hacked and that over 6 million users’ data has been stolen. According to published information, only e-mail addresses have been stolen while other sensitive data, such as SSNs and account numbers remained safe.

Affected TD Ameritrade users already noticed increased number of spam e-mails which is directly related to the stolen information. Individual users confirmed that they received spam to e-mail addresses used exclusively with Ameritrade.

Ameritrade said that they have identified how the information got stolen and that they are actively working with FBI’s on investigation about the incident.