Information Security News
Adobe said it suffered a sustained compromise of its corporate network that allowed hackers to illegally access source code for several of its widely used software applications, as well as password data and other sensitive information belonging to almost 3 million customers.
Adobe dropped the bombshell revelation shortly after KrebsonSecurity reporter Brian Krebs reported that the hack began sometime in mid August and was carried out by the same criminals who breached LexisNexis and other major US data brokers. In the course of investigating the earlier intrusions, Krebs said he happened upon a 40 gigabyte trove of source code, much of it belonging to Adobe. Adobe confirmed its ColdFusion Web application software and its Acrobat document program were among those that were stolen.
The Acrobat software family, which is intimately linked to the nearly ubiquitous Reader application, has long been a favorite target of malware developers looking for ways to sneak their malicious wares onto people's computers. The specter of hackers having full access to the raw source code of those applications is troubling because it could make it easier to identify bugs that can be surreptitiously exploited in drive-by website attacks.
Just hours after it played a supporting role in the takedown of the Silk Road drug empire, the Bitcointalk.org website suffered a hack that exposed users' personal messages, e-mails, and password data.
"To be safe, it is recommended that all Bitcoin Forum users consider any password used on the Bitcoin Forum in 2013 to be insecure," an e-mail sent to registered users stated. "If you used this password on a different site, change it. When the Bitcoin Forum returns, change your password."
User passwords were cryptographically protected using 7,500 rounds of the SHA256crypt hash function, Bitcoin Talk administrator Theymos said in a forum on reddit. That's a significant measure that could add decades or even centuries to the task of cracking passcodes that are at least nine characters and randomly generated. Still, the hack could be damaging to the privacy of users who stored sensitive communications on the site. Bitcoin Talk administrators are in the process of figuring out how the compromise happened and don't plan to restore service until after the security hole is plugged.
by Jon Brodkin
AgileBits today released 1Password 4 on the Mac App Store, a major upgrade to one of the best-known password management applications.
The application has a new design and various features aimed at making it easier to use, such as a menu bar utility. It also brings back Wi-Fi Sync, which lets users sync password data from a Mac to an iOS device without storing their encrypted keychain in Dropbox or iCloud.
AgileBits described security improvements including a new keychain design with 256-bit AES encryption keys and data integrity checks that increase resistance to tampering. The design "forestalls many attacks that haven’t even been dreamt of yet," AgileBits said. 1Password 4 development was helped along by 20,000 beta testers.
Swiss Infosec holt Risk-Manager einer Bank
Das auf Beratung und Ausbildungsangebote im Bereich Informations- und IT-Security spezialisierte Unternehmen Swiss Infosec hat sich auf Anfang Oktober mit dem Wirtschaftsinformatiker Bruno Schnarwiler verstärkt. Vor seinem Wechsel war er 16 Jahre ...
Der Bankenkenner Bruno Schnarwiler neu bei der Swiss Infosec AG
It's unfortunate in the extreme that Microsoft seems to be trying to use UEFI for their own ends. I just hope that the public sees througt the "Windows 8 or nothing" approach being offered by PC manufacturers. It is a great shame that more people don't realise the very considerable advantages in using a safe and efficient operating system such as Linux - it is after all, now even flying on the international space station. Many factors have resulted in a rapid increase in the use of Linux systems by traditional desktop users as well as operators of server systems, including desire for decreased operating system cost, increased security and support for open-source principles] hroughout the World, governments have passed policies moving their systems over to o Linux, including the P R of China. Microsoft must be getting wirried! I can't see any rean need to dump Legacy Bios yet, unless you are uning something which is flakey and insecure!
Posted by InfoSec News on Oct 03http://www.networkworld.com/news/2013/100113-pci-274386.html
Posted by InfoSec News on Oct 03http://www.telegraph.co.uk/news/worldnews/middleeast/iran/10350285/Iranian-cyber-warfare-commander-shot-dead-in-suspected-assassination.html
Posted by InfoSec News on Oct 03http://www.kcrg.com/news/local/UnityPoint-Security-Breach-Puts-Records-of-1800-Patients-at-Risk-226237711.html