Hackin9
AMD's high-performance FX desktop processors were on ice recently, but the product line is getting a new lease of life by going into laptops for the first time.
 
Thin-and-light laptops have so far had to compromise on graphics to extend battery life, but Advanced Micro Devices wants to change that with its new laptop processors called Kaveri.
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Intel took its flash storage for data centers into the fast lane on Tuesday with SSDs that use PCI Express and an emerging host controller interface that could make such components easier to adopt.
 

ZDNet

Encryption canary or insecure app? TrueCrypt warning says use Microsoft's ...
Network World (blog)
I've long suspected that a government was behind TrueCrypt," stated Jake Williams, SANS Instructor and Principle at Rendition InfoSec. "The code base is hugely complicated with lots of dependencies and is anything but easy to build, particularly for ...
TrueCrypt Shut Down; What to Use Now to Encrypt Your DataPC Magazine
TrueCrypt is Dead, Long Live BitLockerWindows IT Pro
Open Source Crypto TrueCrypt Disappears With Suspicious Cloud Of MysteryForbes
Register
all 115 news articles »
 
Encryption is like a relationship -- both parties need to be on the same page for it to work. And Microsoft and Comcast are apparently not on Google's page.
 

Developers at Google have released an experimental tool—for Gmail and other Web-based services—that's designed to streamline the highly cumbersome task of sending and receiving strongly encrypted e-mail.

On Tuesday, the company unveiled highly unstable "alpha" code that in theory allows people to use the Google Chrome browser to generate encryption keys, encrypt e-mails sent to others, and decrypt received e-mails. Dubbed End-to-End, the Chrome extension also allows Chrome users to digitally sign and verify digital signatures of e-mails sent through Gmail and other services. The code implements a fully compliant version of the OpenPGP standard, which is widely regarded as providing virtually uncrackable encryption when carried out correctly.

As Ars documented last year, the problem with just about every e-mail encryption software available today is they require much more time and effort than sending plain-text mail. Microsoft's Outlook application, for instance, frequently crashes when working with the open-source GnuPG encryption suite. Some Outlook users, including this reporter, also experience problems when receiving encrypted e-mail from Mac users, since the encrypted messages are included in an attachment, rather in the body. End-to-End is intended to ease such burdens.

Read 6 remaining paragraphs | Comments

 
Who is that stranger in your social media photo? A click on the face reveals the name in seconds, almost as soon as you can identify your best friend. While that handy app is not quite ready for your smart phone, researchers are racing ...
 
The National Institute of Standards and Technology (NIST) has published a second public draft of Supply Chain Risk Management Practices for Federal Information Management Systems and Organizations* for public comment. The new version ...
 
The recent effort to disrupt the Gameover Zeus botnet includes plans for Internet service providers to notify victims, but some security researchers think ISPs should play an even bigger role in the future by actively quarantining infected computers identified on their networks.
 
The skies have brightened slightly since March for the beleaguered PC, with sales now likely to fall by just 6 percent this year, according to research company IDC.
 
Microsoft has added photo management features to OneDrive as it fights cloud storage rivals Dropbox, Apple, Google and Box for consumers and business customers by lowering prices and increasing capabilities.
 
Google today promoted the 64-bit Windows version of Chrome to a pair of preview channels, and promised that the browser is more stable and faster than its 32-bit sibling.
 
The California State Senate has killed a bill that would have required California retailers to implement the Europay MasterCard Visa smartcard (EMV) standard that's seen as far safer than magnetic stripe technology used today.
 
Apple yesterday countered Microsoft's vision of the future, where multiple devices collapse into one, with a recognition that compromises and multiple devices are not only the reality, but could be lucrative.
 
Instagram has added a suite of new effects to its app in a move to win over users who might otherwise turn to alternative software for photo editing tools.
 
LinuxSecurity.com: Updated libtasn1 packages that fix three security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate [More...]
 
LinuxSecurity.com: Updated gnutls packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated kernel packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated squid packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Moderate [More...]
 
LinuxSecurity.com: GnuTLS could be made to crash or run programs if it connected to amalicious server.
 
LinuxSecurity.com: Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
 
IBM DB2 and DB2 Connect CVE-2013-6717 Remote Denial of Service Vulnerability
 
OS X Yosemite, iOS 8, Swift. What do you think Apple's most exciting announcement was from the WWDC keynote?
 
As it preps Oracle Enterprise Manager to run private clouds, Oracle has released an update to the management software that offers the ability for organizations to offer production-ready databases as a service.
 
 

In many cases using Wireshark to do a network forensics is a very difficult task especially if you need to extract files from a pcap file.  

Using tools such as RSA Netwitness Investigator can make network forensics much easier. RSA Netwitness Investigator is available as freeware.

Installation:

1-Go to http://www.emc.com/security/security-analytics/security-analytics.htm#!freeware to obtain the latest version of RSA Netwitness Investigator.  

2-Launch NwInvestigatorSetup.exe

3- Read the license agreement and accept it (if you wish).

4- Choose users

5-Choose the Install location and click install.

Once you finished your installation you have to register  freeware user account. You have to activate your version before you can use it.

Usage:

1-Create New local collection


2-Enter the new collection name:


3-Select the collection


4-Select Import Packets from Collection menu and select the pcap file that you would like to investigate


 5-Select Navigate Collection From Collection Menu

6-Now you should have something similar to this screen :


As you can see everything is clear and can browse it by Service Type (protocol) ,hostname ,source IP ….. etc.

Let say for example you want to explore the name of the exe files that contained in the pcap file you do that by clicking on extension->exe and you will see all the exe files in the pcap file and you will see all the details of the file such as where it’s come from (IP Address and hostname ) and how it’s come (protocol) .


(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Google is trying to take some of the geek out of Google Glass by adding a little designer chic.
 
Apple's new iOS 8 will support Wi-Fi calling when the version launches in the fall, and T-Mobile US was quick to say it will support the feature on its customers' iPhones.
 

A recently discovered bug in the GnuTLS cryptographic code library puts users of Linux and hundreds of other open source packages at risk of surreptitious malware attacks until they incorporate a fix developers quietly pushed out late last week.

Maliciously configured servers can exploit the bug by sending malformed data to devices as they establish encrypted HTTPS connections. Devices that rely on an unpatched version of GnuTLS can then be remotely hijacked by malicious code of the attacker's choosing, security researchers who examined the fix warned. The bug wasn't patched until Friday, with the release of GnuTLS versions 3.1.25, 3.2.15, and 3.3.4. While the patch has been available for three days, it will protect people only when the GnuTLS-dependent software they use has incorporated it. With literally hundreds of packages dependent on the library multiple operating systems dependent on the library, that may take time.

"A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake," an entry posted Monday on the Red Hat Bug Tracker explained. "A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or possibly execute arbitrary code."

Read 3 remaining paragraphs | Comments

 
Mozilla Firefox and SeaMonkey CVE-2014-1522 Out of Bounds Memory Corruption Vulnerability
 
Bowing to pressure from customers and competitors, SAP will provide a series of recently released, next-generation user interface technologies at no extra charge.
 
You don't have to spend a lot to get a lot. Google AdWords users and experts share hands-on advice on how you can improve the ROI on your AdWords campaigns.
 
Samsung has signed a patent deal with InterDigital, a week before the U.S. International Trade Commission could have decided to ban the import of several Samsung phones into the U.S.
 
SAP is taking a big step into SaaS with Simple Finance, a set of applications based on its in-memory Hana Enterprise Cloud platform.
 
OpenStack Neutron CVE-2014-0056 Unauthorized Access Vulnerability
 
iScan Online Mobile 2.0.1 iOS - Command Inject Vulnerability
 
Bluetooth Photo-File Share v2.1 iOS - Multiple Web Vulnerabilities
 
Bowing to pressure from customers and competitors, SAP will provide a series of recently released, next-generation user interface technologies at no extra charge.
 
In the current business climate, networking is at the nexus of technology, the customer, and true innovation, and it's about time you put your heart and soul into it. In short, it's time to get on board with social or get left behind.
 
AllReader v1.0 iOS - Multiple Web Vulnerabilities
 
TigerCom My Assistant v1.1 iOS - File Include Vulnerability
 
Privacy Pro v1.2 HZ iOS - File Include Web Vulnerability
 
Files Desk Pro v1.4 iOS - File Include Web Vulnerability
 
The clinical data warehouse used to represent what was wrong with healthcare IT: An incomplete data source that was siloed to boot. But Texas Children's Hospital has turned its data warehouse into a valuable tool for clinical and operational analytics.
 
Unify, a joint venture between Siemens and the Gores Group, will cut 50% of its staff and refocus its product roster away from hardware, following a shift in the overall unified communications market toward software and cloud services.
 
NG WifiTransfer Pro 1.1 - File Include Vulnerability
 
LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues
 
CVE-2013-6825 DCMTK Root Privilege escalation
 
A serious vulnerability that could be exploited to crash TLS clients and potentially execute malicious code on underlying systems was patched in the popular GnuTLS cryptographic library.
 
ESA-2014-032: RSA® Adaptive Authentication (Hosted) DOM Cross-Site Scripting Vulnerability
 
[FD] CVE-2013-6876 s3dvt Root shell
 
CVE-2014-1226 s3dvt Root shell (still)
 
The future of speedy paper-thin tablets running Intel's Broadwell chips seems promising, after we tested the first-ever prototype shown by the chip maker.
 
Intel wants to deliver more performance to tablets while curbing power consumption, and has launched a new Core M line of processors to meet those needs.
 
Intel is shipping a new Core i7 chip for gamers that runs at 4.4GHz -- and can be overclocked to 5GHz.
 
The White House plan to cut carbon dioxide pollution by 30% seeks to meet its goals, in part, through efficiency improvements. This could put further pressure on data centers to improve efficiency, many of which are powering servers that are doing very little work or none at all.
 
[slackware-security] mariadb (SSA:2014-152-01)
 
[SECURITY] [DSA 2944-1] gnutls26 security update
 
[SECURITY] [DSA 2943-1] php5 security update
 
[SECURITY] [DSA 2942-1] typo3-src security update
 
Google is bringing its Chromebooks to nine more countries around the world, and it's heralding their arrival with a flourish of verse.
 
Apple's "Continuity" initiative is all about using the right device for the right task at the right moment and shifting between those devices seamlessly. Columnist Ryan Faas explains.
 
Apple may have had a lot to dish out Monday to developers, but that didn't stop CEO Tim Cook from taking time to talk a little smack about rivals Microsoft and Google.
 
Trend Micro is warning of a phishing campaign touting a 'Heartbleed removal' tool, a nonsensical product that is actually malicious software.
 
With up to 550MB/s throughput SanDisk's Extreme Pro SSD promises a gaming/video rendering experience that never stutters or pauses.
 

Posted by InfoSec News on Jun 03

http://www.csoonline.com/article/2304654/hacktivism/american-express-issues-alert-after-anonymous-dumps-cardholder-data.html

By Steve Ragan
CSO
June 2, 2014

In a letter to the California Attorney General's Office (OAG), American
Express says that 76,608 people in the state will get a breach
notification letter after some of their data was published by Anonymous
Ukraine earlier this year.

In March, Anonymous Ukraine released more than 7...
 

Posted by InfoSec News on Jun 03

http://www.bankinfosecurity.com/interviews/keeping-up-cybersecurity-framework-i-2329

By Eric Chabrow
Bank Info Security
May 30, 2014

The folks at PricewaterhouseCoopers, after surveying 500 U.S. business,
law enforcement and government executives, conclude that the vast majority
of cybersecurity programs fall very short of the federal government's
cybersecurity framework goals.

And that observation comes as some critics gripe that the...
 

Posted by InfoSec News on Jun 03

http://arstechnica.com/security/2014/06/meet-cupid-the-heartbleed-attack-spawns-evil-wi-fi-networks/

By Dan Goodin
Ars Technica
June 2, 2014

It just got easier to exploit the catastrophic Heartbleed vulnerability
against wireless networks and the devices that connect to them thanks to
the release last week of open source code that streamlines the process of
plucking passwords, e-mail addresses, and other sensitive information from...
 

Posted by InfoSec News on Jun 03

http://www.darkreading.com/operations/flash-poll-the-hunt-for-cyber-talent-/a/d-id/1269272

By Marilyn Cohodas
Dark Reading
5/30/2014

Our latest flash poll paints a nuanced picture of how the security skills
shortage is playing out in hiring strategies for the SOC. For the Dark
Reading security community the Chinese curse, "May you live in interesting
times," has never been more true, at least when it comes to staffing.

According...
 

Posted by InfoSec News on Jun 03

http://krebsonsecurity.com/2014/06/operation-tovar-targets-gameover-zeus-botnet-cryptolocker-scourge/

By Brian Krebs
Krebs on Security
June 2, 2014

The U.S. Justice Department is expected to announce today an international
law enforcement operation to seize control over the Gameover ZeuS botnet,
a sprawling network of hacked Microsoft Windows computers that currently
infects an estimated 500,000 to 1 million compromised systems globally....
 
Internet Storm Center Infocon Status