Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Storage technologies much faster than NAND flash aren't expected to reach most smartphones and data centers for years, but preparations are already underway in order to make the most of them when they arrive.
 
Audience is dead, says Eric Solomon, head of brand strategy at Google and YouTube. The notion of an audience in today's hyperactive, hyperlinked world just doesn't fit anymore, he tells attendees at last week's [a]list Summit.
 
Companies have embarked on a gradual but massive adoption of "Internet of things" (IoT) technology, investing in sensors to collect data, which is then wirelessly sent for further analysis or alerts, according to a survey.
 
When it comes to speeding up Web traffic over the Internet, sometimes too much of a good thing may not be such a good thing at all.
 
WordPress MF Gig Calendar Plugin CVE-2012-4242 Cross Site Scripting Vulnerability
 
Chinese authorities publicly warned Microsoft not to hinder the ongoing antitrust probe into the company's practices in the People's Republic.
 
Premier 100 IT Leader Karen Sullivan also answers questions on the value of undergraduate degrees and MBAs.
 
Symantec Endpoint Protection Local Client ADC Buffer Overflow Vulnerability
 
As NASA's robotic rover, Curiosity, approaches its second year on Mars, it's also approaching its first good look at its ultimate destination.
 
One seemingly unshakeable truth about the online world since it began is this: The Internet never forgets. Once you post anything online, it is recoverable forever -- the claims of former IRS official Lois Lerner about "lost" emails notwithstanding. Even promises of photos disappearing after a few seconds have been shown to be bogus.
 
Hewlett-Packard has fired back at a former Autonomy executive who is attempting to block the settlement of a number of shareholder lawsuits filed over HP's disastrous acquisition of the infrastructure software vendor.
 
Microsoft lost money on its Surface tablets throughout its just-concluded 2014 fiscal year, adding hundreds of millions of dollars in red ink.
 
The hack of credit-card-processing terminals at PF Chang's hit 33 of the company's locations across the U.S. and continued for around eight months, the company said Monday.
 
Hewlett-Packard has fired back at a former Autonomy executive who is attempting to block the settlement of a number of shareholder lawsuits filed over HP's disastrous acquisition of the infrastructure software vendor.
 
Expectations for the success of ARM servers are diminishing as processors and product releases get delayed, a top Dell executive said.
 
Microsoft has expanded the availability of its cloud CRM software into 17 additional countries in a move sure to step up its rivalry with Salesforce.com.
 
A new malware program called Poweliks attempts to evade detection and analysis by running entirely from the system registry without creating files on disk, security researchers warn.
 
A report to be released at Black Hat this week will reveal which vehicles are more susceptible to hackers.
 
Exim CVE-2014-2972 Local Privilege Escalation Vulnerability
 
 
The Amazon Fire, which finally arrived on July 27, has been nothing but controversial.
 
Even though iPhone revenue dwarfs the Mac, Apple's computer line remains important because its average selling price has held steady for four years.
 
Every year the numbers and the types of devices security professionals find themselves having to secure from attacks keep growing, and there's certainly no sign of that letting up at Black Hat 2014 this year.
 

Ponemon: Infosec pros focusing more on protecting info than technology
FierceEnterpriseCommunications
Ponemon: Infosec pros focusing more on protecting info than technology. Read that headline again, because it's meant to be good news. Governance strategies advise businesses to focus on protecting information and helping people. And it looks like that ...

 
Telehealth stands among the healthcare industry's few technology success stories. It brings virtual care to underserved or remote locations. It gives facilities an opportunity to export expertise or, conversely, outsource costly operations. It cuts costs for healthcare systems as well as patients.
 

A critical vulnerability in all recent versions of Samba could put users on the receiving end of attacks that allow hackers on the same local network to run programs with nearly unfettered administrative privileges.

Samba is an open source implementation of the file-sharing components of Microsoft Windows. Most Linux releases and a wide variety of other operating systems use Samba to handle file-sharing with Windows systems.

The newly discovered bug can be exploited by sending specially manipulated traffic to a vulnerable system. The remote code execution vulnerability resides in Samba's nmbd NetBIOS name service daemon and is the result of the daemon incorrectly handling certain memory operations. The bug was found and fixed by Volker Lendecke, a Samba Team member working for SerNet.

Read 2 remaining paragraphs | Comments

 
Anant Jhingran is no fan of the term 'data scientist.'
 
LinuxSecurity.com: Samba could be made to run programs as an administrator if it receivedspecially crafted network traffic.
 
LinuxSecurity.com: New dhcpcd packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. [More Info...]
 
LinuxSecurity.com: New samba packages are available for Slackware 14.1 and -current to fix a security issue. [More Info...]
 
LinuxSecurity.com: A vulnerability in Zend Framework could allow a remote attacker to inject SQL commands.
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 
FreeDisk v1.01 iOS - Multiple Web Vulnerabilities
 
ownCloud Unencrypted Private Key Exposure
 
The so-called Google tax is a desperate and wrongheaded gambit to save traditional newspapers.
 
Borrowing from public cloud architecture and technologies, the private cloud weaves a new management layer around virtualized data center systems
 
Video WiFi Transfer 1.01 - Directory Traversal Vulnerability
 
[SECURITY] [DSA 2996-1] icedove security update
 
[SECURITY] [DSA 2995-1] lzo2 security update
 
[slackware-security] dhcpcd (SSA:2014-213-02)
 
Dropcam, the popular video monitoring camera, bills itself as "super simple security." But a pair of researchers plan to show at the Defcon hacking conference later this week how having a Dropcam could get a lot more complicated.
 
Cisco Systems said attackers could disrupt or intercept traffic in many of its networking products unless a new security update is applied to the software they run.
 
Mozilla's website for developers leaked email addresses and encrypted passwords of registered users for about a month due to a database error, the organization said Friday.
 
The cultural changes involved with running a business on hard data and predictive analytics can't be underestimated. Here's what works and what doesn't work when making the cultural shift from traditional top-down decision-making to more competitive and higher-value methods of running a business based on hard data and analytics.
 
In another sign of worry for Samsung Electronics, the Korean tech giant has lost its ranking as China's top smartphone vendor, after holding onto the position for two straight years, according to research firm Canalys.
 

Posted by InfoSec News on Aug 04

Forwarded from: "Jackie Blanco" <jackie (at) sdiwc.info>

The International Conference on Information Security and Cyber Forensics
(InfoSec2014)

Universiti Sultan Zainal Abidin (UniSZA), Kuala Terengganu, Malaysia
October 8-10, 2014 | infosec (at) sdiwc.net
http://sdiwc.net/conferences/2014/infosec2014/

All registered papers will be included in SDIWC Digital Library....
 

Posted by InfoSec News on Aug 04

http://www.theregister.co.uk/2014/08/04/your_fitness_tracker_is_a_snitch_says_symantec/

By Richard Chirgwin
The Register
4 Aug 2014

If you're the kind of person whose gadgets auto-tweet your exercise, sex
or sleep habits – all vanguard applications of the odiously-named
“quantified self” movement – you can be tracked, identified and hacked,
according to Symantec.

In this post, the security outfit explains that the age-old...
 

Posted by InfoSec News on Aug 04

http://www.koreaherald.com/view.php?ud=20140803000316

By Song Sang-ho
Korea Herald
2014-08-03

In South Korea, one of the world’s most wired nations, there are many
cybersavvy youngsters, or “gray-hat hackers,” who flirt with the idea of
breaking into computer networks of firms or state entities. Most have no
grasp of the illegality of their activities.

These hackers could become cybersecurity specialists, called “white-hat”...
 
Internet Storm Center Infocon Status