Hackin9
IcedTea-Web CVE-2013-4349 Heap Based Buffer Overflow Vulnerability
 
Multiple HP LaserJet Printers CVE-2013-4828 PDF Encryption Weakness
 
Multiple HP LaserJet Printers CVE-2013-4829 Unspecified Local Information Disclosure Vulnerability
 

The practicality of the Cyber Kill Chain approach to security
CSO
October 04, 2013 — If you're one of those folks who read a lot of InfoSec news, you've no doubt heard a lot of mention of the effectiveness of a Cyber Kill Chain approach to security. If you managed to miss the hubbub, you may be wondering if that's ...

 

Der Bankenkenner Bruno Schnarwiler neu bei der Swiss Infosec AG
SOaktuell.ch
Mit der Verpflichtung des eidg. dipl. Wirtschaftsinformatikers Bruno Schnarwiler setzt die Swiss Infosec AG die weitere Spezialisierung in ihren Reihen fort. Schnarwiler hat sich im Bankensektor als Leiter Sicherheit und Leiter Operationelle Risiken ...
Swiss Infosec holt Risk-Manager einer Bankinside-channels.ch

all 2 news articles »
 
The U.S. National Security Agency has repeatedly tried to compromise Tor, the government-funded online anonymity tool, but has had little success, according to a new report in the U.K.'s Guardian.
 
The tech sector appears to be going about business as usual in the face of the U.S. federal government shutdown, but some industry insiders are nervous about a long-term stoppage or, even worse, the possibility of a debt default if a political compromise on the budget is not reached.
 
Apple and Samsung Electronics will return to a Silicon Valley federal court on Nov. 12 for a retrial of their billion-dollar 2012 patent battle, and Apple marketing chief Phil Schiller may come back to testify.
 
HTC's net loss of $101 million for the third quarter as reported Thursday might not sound all that traumatic, but in today's fiercely competitive smartphone market it could signal the beginning of the end for the phone maker.
 
The U.S. government shutdown has taken some government Web sites offline, including data.gov. But the nation's most powerful supercomputers continue to operate -- for now, at least.
 

The National Security Agency and its UK counterpart have made repeated and determined attempts to identify people using the Tor anonymity service, but the fundamental security remains intact, as top-secret documents published on Friday revealed.

The classified memos and training manuals—which were leaked by former NSA contractor Edward Snowden and reported by The Guardian, show that the NSA and the UK-based Government Communications Headquarters (GCHQ) are able to bypass Tor protections, but only against select targets and often with considerable effort. Indeed, one presentation slide grudgingly hailed Tor as "the king of high-secure, low-latency Internet anonymity." Another, titled "Tor Stinks," lamented: "We will never be able to de-anonymize all Tor users all the time."

Enter EgotisticalGiraffe

The documents go on to reveal a panoply of covert technologies with names like FoxAcid, Quantum, Stormbrew, Fairview, and Turbulence. The goal of some is to exploit software bugs in the Firefox browser and other software applications used by individual Tor users. Another program uses Tor servers operated by the NSA to redirect user requests or spot patterns in Internet traffic that enters or exits the Tor network. NSA and GCHQ agents also discussed efforts to "shape" or influence future developments of the Tor software and network.

Read 7 remaining paragraphs | Comments


    






 
Apple yesterday appealed a decision by a federal judge who ruled the Cupertino, Calif. company must be monitored by a watchdog for two years after conspiring to fix e-book prices.
 
The U.S. National Security Agency has repeatedly tried to compromise Tor, the government-funded online anonymity tool, but has had little success, according to a new report in the U.K.'s Guardian.
 
Amazon's plans for a set-top media box likely center around having a device it can use to sell myriad retail products and services the company already offers.
 
As a tropical storm and possible hurricane bears down on the Gulf Coast of the U.S., the National Weather Service's website was churning out weather alerts Friday, despite a partial U.S. government shutdown that has affected citizens' access to other online resources.
 
LinuxSecurity.com: The Module-Signature module for Perl has insufficient path checks, allowing a remote attacker to execute arbitrary Perl code.
 
LinuxSecurity.com: A vulnerability has been discovered and corrected in proftpd: Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication [More...]
 
Most security information event management systems can identify threats, but they can't remove them. All this does is put a bull's eye on a CIO's back. McAfee's new Enterprise Security Manager takes that next step and shows enterprises how to respond to those threats.
 
The developers of WHMCS, a popular client management, billing and support application for Web hosting providers, released emergency security updates Thursday to patch a critical vulnerability that was publicly disclosed.
 
McAfee Managed Agent 'FrameworkService.exe' Remote Denial of Service Vulnerability
 
Chip makers like Broadcom and Renesas Electronics are ramping up in-car entertainment with faster processors and networks for wireless HD movies and navigation, aiming to keep drivers informed and passengers entertained.
 
Samsung Electronics forecast strong growth in revenue and profit in the third quarter as the company rolled out new models of its smartphones and tablets, including products for emerging markets.
 

Re: Why is Skype buying GroupMe? Are they mad?

by louis vuitton outlet store

Securing a bracelet with one hand with the help of common household tape.Putting a bracelet on with one hand can be a tricky proposition, even for those with nimble fingers. The task becomes an even greater challenge if someone has arthritic hands, a tight-fitting chain, or depth perception issues. While there are a number of commercially-produced products on the market that serve as single hand bracelet-securing aids, there are ways to put on a bracelet with one hand using some creative hand manipulation and common household tape. louis vuitton outlet store
 
Apple late Thursday released a final version of OS X Mavericks to developers, hinting that the upgrade will go public during the week of Oct. 21
 
Print this articleJewelry clasps fasten necklaces and bracelets so that they remain in place on the wearer. There are a few different types of clasps, some of which work better at securing jewelry than others. Jewelry makers choose clasps not only based on their function, but also on how they work visually with their jewelry pieces. Some clasps are easier to open and close than others, but those that are easy to handle may not be as secure, making it easy for your necklace or bracelet to slip off. mulberry sale
 
F5 BIG-IP APM Access Policy Logon Page Clickjacking Vulnerability
 
F5 BIG-IP APM Access Policy Logout Page Cross Site Scripting Vulnerability
 
As Twitter plans to launch its initial public offering amid financial losses and in the wake of Facebook's tumultuous IPO, the company needs to reassure potentially nervous investors.
 
SEC Consult SA-20131004-0 :: SQL injection vulnerability in Zabbix
 
Social startup Snapchat may be batting out of its league if it plans to take on social behemoth Facebook.
 
Samsung's lawyers may have provided their clients access to highly confidential information such as Apple's patent licensing agreements with Nokia, Ericsson, Sharp and Philips, according to a court document.
 
The U.S. has brought criminal charges against 13 persons, said to be members of the hacker group Anonymous, for their alleged participation in cyberattacks as part of a campaign called Operation Payback.
 
Microsoft's board of directors reduced outgoing CEO Steve Ballmer's bonus for the 2013 fiscal year, citing poor performance of Windows 8 and the $900 million Surface RT write-off, according to a filing with the U.S. Securities and Exchange Commission.
 
Wireshark CVE-2013-4074 Denial of Service Vulnerability
 
Wireshark CVE-2013-4082 Heap Buffer Overflow Vulnerability
 

Posted by InfoSec News on Oct 04

http://www.cbronline.com/news/tech/software/malware/silent-circles-cyber-security-and-privacy-issues-around-the-world

By Claire Vanner
Computer Business Review
03 October 2013

Mike Janke, CEO of Silent Circle, talks about his work with the Tibetan
government, law firms in Thailand and human rights groups in Sudan.

As CEO of a global expert in encrypted communications, Mike Janke has his
fair share of cyber security stories from around the...
 

Posted by InfoSec News on Oct 04

http://www.cbsnews.com/8301-250_162-57605564/obamacare-marketplaces-raise-data-security-concerns/

By STEPHANIE CONDON
CBS NEWS
October 2, 2013

Minnesota insurance broker Jim Koester was looking for information about
assisting with Obamacare implementation; instead, what landed in his inbox
last month was a document filled with the names, Social Security numbers
and other pieces of personal information belonging to his fellow
Minnesotans....
 

Posted by InfoSec News on Oct 04

http://www.batemanbanter.com/2013/10/defcon-survey-hackers-want-more-crypto-less-nsa/

By Elinor Mills
Bateman Banter
October 1, 2013

Hackers are an interesting bunch and somewhat predictable, if I may be so
bold as to generalize. Before Defcon this summer, I asked all the hackers
I know to participate in a survey about their opinions on a variety of
security industry-related topics, and I asked them to spread the word
through social...
 

Posted by InfoSec News on Oct 04

http://www.washingtontimes.com/news/2013/oct/3/cyber-mass-shooter-poses-future-threat-computer-se/

By Shaun Waterman
The Washington Times
October 3, 2013

The fastest-growing cyber threat is from a kind of digital mass shooter, a
deranged or outraged hacker able to obtain cyberweapons currently available
only to nation-states and organized crime, a former senior U.S. intelligence
official said Thursday.

“They’re just mad, they’re mad...
 

Posted by InfoSec News on Oct 04

http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/

By Brian Krebs
Krebs on Security
October 3, 2013

Adobe Systems Inc. is expected to announce today that hackers broke into
its network and stole source code for an as-yet undetermined number of
software titles, including its ColdFusion Web application platform, and
possibly its Acrobat family of products. The company said hackers also
accessed nearly three...
 
Internet Storm Center Infocon Status