Hackin9
Facebook is retooling its famous "hackathon" all-night coding workshops to give engineers more time to conceive new products, hopefully with a focus on mobile.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Apple, Samsung and Microsoft take divergent paths to selling their smartphones via TV commercials. The winning approach: Focus on your own unique features, and resist potshots at the competition.
 
With software-defined networking the control of the network is pried out of the data handling devices and centralized on a controller that uses a common protocol, OpenFlow, to direct the switches on the southbound side. That much has been established. But what of the oft-mentioned northbound APIs that will let applications tell the controller what they need from the network? What kind of progress is the Open Networking Foundation making on that front? Network World Editor in Chief John Dix put the question to Robert Sherwood, CTO of Big Switch Networks and head of the ONF's Architecture and Framework Working Group, which is responsible for multiple things, including the creation of these northbound APIs.
 
Google Chrome Prior to 26.0.1410.43 CVE-2013-0922 Unspecified Security Vulnerability
 
Intel hasn't signaled a change in strategy with the appointment of Brian Krzanich to CEO, but it is likely that the company will take steps to outrun its foundry competition by opening its industry-leading manufacturing facilities to more third parties.
 
A German auctioneer will put a working Apple-1 computer on the block later this month, and expects the handmade computer to fetch between $261,000 and $392,000 at Thursday's exchange rate.
 
A former portfolio manager at the now defunct Diamondback Capital Management has been sentenced to 54 months in prison for crimes related to a multimillion dollar insider trading scheme involving computer maker Dell and hardware maker Nvidia.
 
Salesforce.com's upcoming Summer '13 release of its cloud-based CRM software will feature a slew of enhancements to the Chatter social collaboration tool as well as many improvements that are the result of customer suggestions, according to a set of official release notes.
 
Researchers at Harvard University's School of Engineering and Applied Sciences have developed an insect-like robot that achieves flight by flapping a pair of tiny wings.
 
A spokesman for the U.S. Army Corps of Engineers today downplayed the significance of a recent incident of unauthorized access to a database containing potentially sensitive information on thousands of high hazard dams across the country.
 
With Intel's new CEO ready to step up next month to lead the world's largest chip maker, industry analysts don't expect to see any big change in strategy.
 
Facebook

If you've ever forgotten an important password, Facebook has an innovative solution for you. On Thursday, engineers with the social network rolled out a new(ish) feature that helps users regain control of an account after being locked out of it.

The concept behind Trusted Contacts is the same idea behind giving a trusted friend or neighbor a copy of your house key. If you lose yours, you can always count of one of them to help you get back inside. The Facebook feature actually requires the help of multiple separate trusted friends designated in advance. If a user forgets her password or is otherwise locked out of an account, she can request that Facebook send different one-time security codes to up to five friends. Once the user supplies three of the security codes sent, Facebook will reset the account password.

"So your trusted contacts can be sure it's you trying to access your account, it's best to talk to them over the phone or in person," a Facebook blog post published Thursday advises. "Someone else can impersonate you through e-mail, chat, or text messages, or hack and read your messages."

Read 3 remaining paragraphs | Comments

 
A survey released by WhiteHat Security finds that website vulnerabilities have decreased steadily in recent years, though problems persist.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Oracle Retail Central Office CVE-2013-2397 SQL Injection Vulnerability
 
Oracle Retail Integration Bus CVE-2013-1525 Directory Traversal Vulnerability
 
ESA-2013-035: EMC Avamar Client Improper Certificate Validation Vulnerability
 
ESA-2013-028: EMC NetWorker Elevation of Privilege Vulnerability
 
ESA-2013-034: EMC Avamar Improper Authorization vulnerability
 

--

John Bambenek

bambenek \at\ gmail /dot/ com

Bambenek Consulting

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Windows RT tablets grabbed just 0.4% of the tablet market in the first quarter, a dismal result that led some tech experts to urge Microsoft to scrap the platform that's in its six-month infancy.
 
Apple may delay the release of OS X 10.9 because it's pulled engineers from the team to help in a final push on the next version of iOS, according to online reports.
 
[SECURITY] [DSA 2664-1] stunnel4 security update
 
NGS00415 Patch Notification: Oracle 11g TNS listener remote Null Pointer Dereference (pre-auth)
 
Google Chrome CVE-2013-0926 Unspecified Security Vulnerability
 
Google Chrome CVE-2013-0925 Information Disclosure Vulnerability
 
Google Chrome Prior to 26.0.1410.43 CVE-2013-0923 Unspecified Security Vulnerability
 
NGS00416 Patch Notification: Oracle 11g TNS listener remote Invalid Pointer Read (pre-auth)
 
NGS00422 Patch Notification: Oracle Retail Integration Bus Manager Directory Traversal
 
NGS00423 Patch Notification: Oracle Retail Invoice Manager SQL Injection
 
WordPress Plugin: Advanced XML Reader v0.3.4 XXE Vulnerability
 
Even just opening an email could allow spyware to run on computers with Notes. An update from IBM will stop Java and JavaScript from being executed
    


 
Google Chrome CVE-2013-0916 Use-After-Free Memory Corruption Vulnerability
 
Mozilla Firefox and Thunderbird CVE-2013-0799 Local Privilege Escalation Vulnerability
 
Eric Bangeman

Reputation.com, a service that helps people and companies manage negative search results, has suffered a security breach that has exposed user names, e-mail and physical addresses, and in some cases, password data.

In an e-mail sent to users on Tuesday, officials with the Redwood City, California-based company said the passwords were "highly encrypted ('salted' and 'hashed')," a highly vague description that can mean different things to different people. "Although it was highly unlikely that these passwords could ever be decrypted, we immediately changed the password of every user to prevent any possible unauthorized account access," the e-mail added unconvincingly.

It's unfortunate that companies make such assurances, because they may give users a false sense of security. As Ars has been reporting for nine months, gains in cracking techniques means the average password has never been weaker, allowing attackers to decipher even long passwords with numbers, letters, and symbols in them. Even Ars' own Nate Anderson—a self-described newbie to password cracking—was able to crack more than 45 percent of a 17,000-hash list using software and dictionaries he downloaded online.

Read 5 remaining paragraphs | Comments

 

QinetiQ, a UK-based defense contractor, has its fingers all over some of the US Defense Department's most sensitive systems. The company's subsidiaries provide robots, diagnostic systems, intelligence systems for satellites, drones, and even "cyber-security" to the US Department of Defense. The parent company, which was created as a privatized spinoff of the British Defense Evaluation and Research Agency—what was the UK's equivalent of the US Defense Advanced Research Projects Agency—is often cited as the inspiration for James Bond's "Q."

But for at least three years, QinetiQ was apparently unintentionally supplying its expertise to another customer: China. In multiple operations, hackers tied to the People's Liberation Army have had the run of QinetiQ's networks, stealing sensitive data from them and even using them to launch attacks on the systems of government agencies and other defense contractors. Emails uncovered by the hack of security firm HBGary revealed that Chinese hackers had the run of the company's networks starting in 2007.

Bloomberg's Michael Riley and Ben Elgin report that in one effort that lasted for over three years, "Comment Crew"—the group tied to the recent hacking of the New York Times and other news organizations, plus a host of attacks on other defense contractors and technology businesses—managed to gain access to "most if not all of the company's research." The company was notified on multiple occasions by government agencies of ongoing breaches, starting with a report from the Naval Criminal Investigative Service in December of 2007 that "a large quantity of sensitive information" was being stolen from two computers at the company's US subsidiary, QinetiQ North America (QNA). A month later, NASA informed QNA that one of the company's computers was being used in a cyberattack on its network.

Read 1 remaining paragraphs | Comments

 
IBM Lotus Notes CVE-2013-0127 Arbitrary Code Execution Vulnerability
 
IBM Lotus Notes CVE-2013-0538 Arbitrary Code Execution Vulnerability
 
Intel announced that Brian Krzanich will be the company's next CEO, succeeding Paul Otellini. Krzanich, who has been chief operating officer and senior vice president, of the company, was widely considered one of three top candidates for the job.
 
Citrix added instant messaging to its Podio enterprise collaboration product so that corporate workers can engage in one-to-one and group text chats while they work on tasks and projects.
 
Almost all contractors involved in the manufacture of US army defence and attack equipment have reportedly been spied on by Chinese hackers. This could have profoundly decreased the value of the F-22 Raptor fighter jet
    


 
Oracle Java SE CVE-2012-4305 JavaFX Remote Security Vulnerability
 
Intel announced Thursday that Brian Krzanich will be the company's next CEO, succeeding Paul Otellini. Krzanich, who has been chief operating officer and senior vice president, of the company, was widely considered one of three top candidates for the job. He was promoted to senior vice president on Nov. 20, the same day Otellini's retirement was announced.
 
Just because you're not actively looking for a job is no reason to neglect your resume. In a fluctuating market the rug can be pulled out from under even the most skilled IT pros, so it's always good to be prepared.
 
Salesforce.com next month will begin shipping its Communities application, designed to let companies build external-facing social sites for interacting with their customers and partners.
 
Dish Network chairman Charlie Ergen said Wednesday that his is an American company, and the modernization of the Sprint Nextel network will have to be done from the U.S. with operations control in the country, and English speaking staff.
 
D-Link has published beta patches for vulnerabilities in the firmware of many of its IP surveillance cameras, which could allow a hacker to intercept a video stream.
 
Armed with a contract to build chips for Sony's PlayStation 4 gaming console, Advanced Micro Devices has now officially established a custom-chip business unit in an effort to break away from its heavy reliance on the slumping PC market.
 
Yahoo has acquired Astrid, a to-do list and personal assistant mobile app, and the developers behind it for an undisclosed sum.
 
The Dutch government today presented a draft bill that aims to give law enforcement the power to hack into computer systems -- including those located in foreign countires -- to do research, gather and copy evidence or block access to certain data.
 
Semiconductor company MediaTek wants to improve the performance of low-cost Android-based smartphones with its latest system-on-a-chip, the MT6572.
 
Drupal Filebrowser Module Cross Site Scripting Vulnerability
 
Oracle Sun Products Suite CVE-2012-0570 Local Security Vulnerability
 
NASA engineers have brought a long-running Mars rover out of stand-by mode after the robot ran into trouble last month.
 
Two vulnerabilities have been found in McAfee's ePolicy Orchestrator which allow for remote code execution or path traversal on the server. The company has updates and hotfixes for the flaws
    


 
Oracle Sun Products Suite CVE-2013-0403 Local Security Vulnerability
 
Oracle Sun Products Suite CVE-2012-0568 Local Security Vulnerability
 
Oracle Sun Products Suite CVE-2013-0412 Local Security Vulnerability
 
Even most of those hit hardest by Superstorm Sandy are hardening their facilities instead of moving them entirely. In the storm-prone South, however, it's a different story.
 
Apple's record-setting $17 billion bond offer this week stood in stark contrast to the company's darkest days, when in 1996 its millions in notes were rated as junk because investors wondered if the company would survive a thrashing by Microsoft
 
Oracle Java SE CVE-2012-1543 Remote Code Execution Vulnerabilities
 

Posted by InfoSec News on May 02

http://www.informationweek.com/security/attacks/us-labor-dept-website-hacked-serves-malw/240153984

By Mathew J. Schwartz
InformationWeek.com
May 01, 2013

The U.S. Department of Labor website was hacked Tuesday evening to
launch drive-by attacks at visitors' Web browsers.

That warning was sounded Wednesday morning by Jaime Blasco, director of
AlientVault Labs, as well as Anup Ghosh, CEO of Invincea, both of whom
reported that the...
 

Posted by InfoSec News on May 02

http://www.bloomberg.com/news/2013-05-01/china-cyberspies-outwit-u-s-stealing-military-secrets.html

By Michael Riley & Ben Elgin
Bloomberg.com
May 1, 2013

Among defense contractors, QinetiQ North America (QQ/) is known for
spy-world connections and an eye- popping product line. Its
contributions to national security include secret satellites, drones,
and software used by U.S. special forces in Afghanistan and the Middle
East.

Former...
 

Posted by InfoSec News on May 02

http://www.insurancejournal.com/news/west/2013/05/01/290357.htm

Insurance Journal Online
May 1, 2013

A 2012 security breach that exposed the personal information of 780,000
Utah residents to hackers could cost as much as $406 million, a new
study finds.

The Salt Lake Tribune reported in the aftermath of the breach, the state
already has spent about $9 million on security audits, upgrades and
credit monitoring for victims.

Consumers will...
 

Posted by InfoSec News on May 02

http://www.afr.com/p/technology/cyber_warfare_boost_in_defence_plan_C0dHl7uBqupo3Jaqhj6OtL

By John Kerin
Australian Financial Review
01 MAY 2013

The Gillard government will commit to bolstering Australia’s cyber
warfare defences in a long-awaited defence white paper to be announced
on Friday.

The white paper comes after the US has fingered China over a string of
attacks on US business and defence interests.

In Australia Prime Minister...
 

Posted by InfoSec News on May 02

http://freebeacon.com/the-cyber-dam-breaks/

By Bill Gertz
The Washington Free Beacon
May 1, 2013

U.S. intelligence agencies traced a recent cyber intrusion into a
sensitive infrastructure database to the Chinese government or military
cyber warriors, according to U.S. officials.

The compromise of the U.S. Army Corps of Engineers’ National Inventory
of Dams (NID) is raising new concerns that China is preparing to conduct
a future cyber...
 
Internet Storm Center Infocon Status