Hackin9

InfoSec News

Tor Directory Remote Information Disclosure Vulnerability Bridge Enumeration Weaknesses
 
----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
You didn't realize that Apple is changing its design philosophy, overhauling its entire product line and doing a massive redesign for the iPhone 5, which may actually already exist and is only waiting for decent LTE chips.
 
Linux Kernel 'xfs_readlink()' Local Privilege Escalation Vulnerability
 
Seven ISVs have formed a consortium to integrate their Google Apps add-on products and offer discounted bundles, outside of Google's control.
 
More U.S. smartphone users turned to Android in the third quarter, accounting for nearly 44.8% of some 87 million users, ComScore reported Friday.
 
Supporters of a controversial copyright protection bill recently introduced in the U.S. House of Representatives are firing back after several digital rights groups have suggested the legislation could lead to law enforcement officials targeting sites like YouTube and Twitter.
 
Microsoft has released a Fix-it tool to allow Windows users to manually patch their systems to thwart the Duqu Trojan: Microsoft Security Advisory (2639658).
 
Researchers at the MIT Media Lab's Fluid Interfaces Group are prototyping new, novel and more natural ways for people to interact with computers and access and store information. Their innovations have been designed to improve and enrich our personal and professional lives, making it easier to create, communicate, collaborate and even cook. Here are 10 inventions that enhance human-computer interactions, improve the in-store shopping experience, and even help us kick bad habits
 
Has your email or username been snatched by hackers and posted to the Internet? You can find the answer to that question at a new online service called Pwnedlist.
 
Siri may be the most prominent feature on the iPhone 4S, but in truth it's only partly "on" your phone, as a network-related outage this past Thursday demonstrated. iPhone 4S users were cut off from their virtual assistant, their queries answered only by messages that Siri could not make a network connection.
 
Ever been in an argumentative mood? Well, last week we were, with editors here coming up with 33 red-hot arguments, such as open source vs. proprietary, or which browser is better.
 
AT&T pushed back the expected date of its proposed $39 billion merger with T-Mobile until the first half of 2012.
 
[ MDVSA-2011:167 ] gimp
 
[SECURITY] [DSA 2334-1] mahara security update
 

Hacker Group "Anonymous" Could Take Down Facebook Tomorrow, November 5th
Web Trends
Anyone with any sort of InfoSec knowledge is aware of how easy it is to scan ports until you find one that can be compromised. From there it's nothing more than choosing your weapon of choice. Even by you posting here, your IP address is most likely ...

and more »
 
Intel and MIPS Technologies expect the next version of Google's mobile operating system, Android 4.0, to soon run on tablets and smartphones based on their processors.
 
The latest Google Chrome beta supports multiple sign-ins, allowing several users to have their own apps, bookmarks and settings in the browser. This is ideal for people who don't want to create multiple OS profiles, or for people with separate accounts for business and personal use.
 
Charting the differences
 
On any given day, reader Stephen works with several different files in several different programs. His hassle is having to restart these programs and reload these documents every time he boots his PC:
 
Ever been in an argumentative mood? Well, last week we were, with editors here coming up with 33 red-hot arguments, such as open source vs. proprietary, or which browser is better.
 
Joomla! 'com_searchlog' Component 'search' Parameter SQL Injection Vulnerability
 
Smart ASP Survey SQL Injection and Cross Site Scripting Vulnerabilities
 
GoAhead WebServer Multiple HTML Injection Vulnerabilities
 
DJ-ArtGallery Component for Joomla! Cross-Site Scripting and SQL-Injection Vulnerabilities
 
A new iPad app by Boston Scientific helps doctors educate patients about heart troubles and how to treat them.
 
Groupon's initial public offering Friday is off to a big start, and its valuation is expected to reach $13 billion by day's end.
 
CuteSITE CMS SQL Injection and Cross Site Scripting Vulnerabilities
 
Digital Interchange Calendar 'index.asp' SQL Injection Vulnerability
 
Digital Interchange Document Library 'view_group.asp' SQL Injection Vulnerability
 
Science Fair In A Box 'winners.php' Input Validation Vulnerability
 
Apple's fancy new voice assistant for the iPhone 4S, Siri, went down Wednesday morning and didn't come back up until the evening--and even then, only for some users.
 
RETIRED: Movable Type A-Form Plugins Cross Site Scripting and Unspecified Security Vulnerabilities
 
[security bulletin] HPSBOV02467 SSRT090152 rev.1 - HP TCP/IP Services for OpenVMS Running POP or IMAP, Remote Unauthorized Access
 
[security bulletin] HPSBOV02470 SSRT080123 rev.1 - HP TCP/IP Services for OpenVMS Running SMTP Server, Remote Denial of Service (DoS)
 
Multiple BSD libc/regcomp(3) Multiple Vulnerabilities
 
George Orwell, in his classic vision of the future "Nineteen Eighty-Four," foresaw a totalitarian state filled with devices termed telescreens that were the state's means of monitoring citizens. Today, with our dependence on modern technologies such as PCs and mobile devices, and the widespread availability of crimeware, we've exceeded anything Orwell could ever have imagined. Crimeware is a class of malware that is specifically designed to automate large-scale financial crime. We now carry our own version of Orwell's telescreens with us--termed mobile devices--having cameras, microphones, GPS, and containing all our interactions. Instead of Orwell's vision of a totalitarian state monitoring citizens' lives, we now have a limitless number of individual criminals or hostile states from around the globe capable of using crimeware within our technologies to track our every movement, conversation and action.
 
While organizations continue to embrace cloud-computing platforms, surveys find organizations are concerned about security and their very ability to manage it in the cloud.
 
Using more spectrum and advanced antennas, vendors and operators plan to increase 4G mobile speeds. But the key to increasing speeds as researchers look at future networks, which will someday be dubbed 5G by marketers, is to shorten the distance between users and base stations, and allowing them to automatically be reconfigured.
 
Microsoft on Thursday confirmed that the Windows kernel vulnerability exploited by the Duqu Trojan is within the TrueType parsing engine, the same component it last patched just last month.
 
A hacking group called d33ds broke into the online shop of a rival hacker who sells unauthorized access to high-profile websites and data.
 
Barnes & Noble plans to announce on Monday a $249 Nook Tablet with double the memory and storage of the coming $199 Kindle Fire from Amazon.com, according to documents obtained by Engadget.
 

Cisco Wins National Cybersecurity Innovation Award in Meeting the Need for ...
Sacramento Bee
SANS offers a myriad of free resources to the Infosec community including consensus projects, research reports, newsletters, and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...

and more »
 
Barnes & Noble plans to announce a $249 Nook Tablet on Monday with double the memory and storage of the coming $199 Kindle Fire from Amazon.com, according to documents obtained by Engadget.
 

'Occupy' Movement Threat Level Elevated to 'High' for November 5th Weekend
MarketWatch (press release)
Prior to ListenLogic, Vince was the Co-founder and Chairman of Turntide Inc., an anti-spam technology company, which was acquired by Symantec Corp., co-founder and Principal of InfoSec Labs, an information security company, which was acquired by ...

and more »
 
The European Union’s top regulatory watchdog has launched an investigation into Samsung over its attempts to block Apple products.
 
Microsoft has published code to temporarily blunt attacks against a software vulnerability exploited by Duqu, an advanced piece of malicious software still being closely analyzed by security researchers.
 
Ice Cream Sandwich, the latest version of Android, is likely to ease the fragmentation of the operating system, some device executives said on Thursday.
 
The picture for RIM isn't all dreary, especially outside of North America where RIM's BlackBerry Messenger IM service is popular and young users are drawn to its new smartphones.
 
Does your smartphone support Wi-Fi tethering? Which ones offered by which carriers do? Find out in our comprehensive table.
 
Which smartphones can be used as mobile hotspots? How do you get started and what should you expect? Here's everything you need to know.
 
The Zaggfolio wireless keyboard/case combination offers iPad 2 users the ability to protect their tablets and type comfortably as well.
 
There has been a lot of information published on Duqu over the past few days and it is likely exploiting a vulnerability in a Microsoft Windows component, the Win32k TrueType font parsing engine. Until a patch as been release to fix this vulnerability, the vulnerability cannot be exploited automatically via email unless the user open an attachment sent in an email message. The Microsoft advisory is posted here. US-CERT also posted a critical alert here and Symantec a whitepaper on the subject here.
[1] http://technet.microsoft.com/en-us/security/advisory/2639658

[2] http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf

[3] http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
phpMyAdmin 'simplexml_load_string()' Function Information Disclosure Vulnerability
 
Mozilla and Microsoft said Thursday they are revoking trust in all certificates issued by Digicert, a Malaysian intermediate certificate authority (CA) , after it was found that it had issued 22 certificates with weak 512-bit keys and missing certificate extensions and revocation information.
 
The parent of Apple supplier Foxconn has broken ground on a new R&D (research and development) facility in Taiwan to produce what could be robots that will be used in the company's manufacturing facilities.
 

IBNLive.com

Will 'Anonymous' target Facebook on Nov 5?
IBNLive.com
Some of these so-called whitehat infosec firms are working for authoritarian governments, such as those of Egypt and Syria. Everything you do on Facebook stays on Facebook regardless of your “privacy” settings, and deleting your account is impossible, ...

and more »
 

Posted by InfoSec News on Nov 03

Forwarded from: c7five <c7five (at) thotcon.org>

Greetings:

THOTCON is Chicago's hacking conference.

0x3 will be held at a TOP_SECRET location* on April 27, 2012.

The CFP is now open! 

http://www.thotcon.org/cfp.html

General Admittance tickets go on sale 11.05.11 00:00 CDT.

http://tickets.thotcon.org 

We're also looking for corporate sponsors for our after party.
The cost is 2K USD.

http://www.thotcon.org/sponsors.html...
 

Posted by InfoSec News on Nov 03

http://www.asianage.com/india/cyber-attack-key-n-facility-mysore-684

By S. Raghotham
The Asian Age
Nov 02, 2011

India's lone uranium enrichment facility at Rattehalli, near Mysore, may
become the target of the gravest act of cyberwar against India to date,
attacking no less than its strategic nuclear programme, sources in the
Indian hacker/cyberwarfare community warned.

The sources said computers at the Rattehalli facility,...
 

Posted by InfoSec News on Nov 03

http://www.smh.com.au/technology/security/backpack-bungle-as-defence-aide-allows-spies-to-steal-portable-drive-20111103-1my1t.html

By Dylan Welch
smh.com.au
November 4, 2011

AN aide de camp working for Australia's most senior military officer in
the Middle East had an encrypted classified thumb drive stolen while
travelling through Kuwait last year, in a major security breach for
Defence.

A subsequent investigation found it was likely...
 

Posted by InfoSec News on Nov 03

http://www.wired.co.uk/news/archive/2011-11/02/china-cyberwar

By Duncan Geere
Wired.co.uk
02 November 11

Amidst growing concern over electronic warfare, an Australian academic
has dismissed China's cyber-warfare capabilities as "fairly
rudimentary".

Desmond Ball, a professor in the Strategic and Defence Studies Centre in
Australia's National University argues that the country's offensive
capabilities are actually...
 

Posted by InfoSec News on Nov 03

http://www.forbes.com/sites/richardstiennon/2011/11/03/there-is-no-cyber-war-the-same-way-there-is-no-nuclear-war/

By Richard Stiennon
Forbes.com
11/03/2011

One of the staff at my school (King’s College, London) recently
published a paper that used Clausewitzian definitions of war to declaim
that there has been no cyberwar, cyberwar is not happening now, and
cyberwar is unlikely to occur in the future. Of course it is easy to
prove a...
 

Posted by InfoSec News on Nov 03

========================================================================

The Secunia Weekly Advisory Summary
2011-10-27 - 2011-11-03

This week: 47 advisories

========================================================================
Table of Contents:

1.....................................................Word From Secunia...
 

Posted by InfoSec News on Nov 03

http://www.networkworld.com/news/2011/110311-microsoft-duqu-252736.html

By Julie Bort
Network World
November 03, 2011

The big zero-day exploit on everyone's mind is Duqu, or "son of Stuxnet"
- but researchers don't expect Microsoft to include a patch for it in
next week's Patch Tuesday. Instead, a manual fix could be out as soon as
this week.

"While many dispute the threat imposed by this bug, no one disputes...
 
A full-blown Duqu zero-day patch won?t be ready for the November 2011 Patch Tuesday release, but experts say enterprises should be ready to deploy it quickly.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Internet Storm Center Infocon Status