Hackin9
No one will ever hack this phone. Just trust us.
QSAlpha

Do you want a phone that secures all of your data and communications, and can't be hacked by even the savviest of criminals and governments? Of course you do. But if you're a realist, you'd probably say that while strong security can be achieved with discipline, perfect security doesn't exist.

Yet, perfect security was the promise of a company called QSAlpha when it recently sent me an e-mail titled "Un-hackable Superphone to be Unveiled via Kickstarter." QSAlpha is seeking $2.1 million to build a phone it dubs the Quasar IV. Pledges starting at $395 would reserve backers a phone estimated for an April 2014 delivery.

A draft of the Kickstarter page and an accompanying video shared with Ars calls it the "world's most secure smartphone," featuring "unprecedented security with a military-grade encryption." Those kinds of claims—coupled with a lack of technical detail—make security experts who reviewed the Kickstarter page suspicious.

Read 27 remaining paragraphs | Comments


    






 
LinuxSecurity.com: Anton Kortunov reported a heap corruption in ImageMagick, a program collection and library for converting and manipulating image files. Crafted GIF files could cause ImageMagick to crash, potentially leading to arbitrary code execution. [More...]
 
LinuxSecurity.com: Several vulnerabilities have been discovered in libmodplug, a library for mod music based on ModPlug, that might allow arbitrary code execution when processing specially-crafted ABC files through applications using the library, such as media players. [More...]
 
LinuxSecurity.com: An updated rubygems package that fixes two security issues is now available for Red Hat OpenShift Enterprise 1.2.2. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: An updated haproxy package that fixes one security issue is now available for Red Hat OpenShift Enterprise 1.2.2. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: Updated openstack-cinder packages that fix two security issues are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: Updated ruby193-v8 packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having low [More...]
 
LinuxSecurity.com: Updated openstack-swift packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: An updated python-glanceclient package that fixes one security issue is now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: Updated openstack-nova packages that fix multiple security issues and various bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: An updated spice-server package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Intel is taking another run at the market for low-power, high-density servers with its new "Avoton" chip, which was launched Wednesday and will do battle with an expected upcoming wave of ARM-based processors.
 
The competition between Microsoft's Windows Azure and Amazon Web Services (AWS) has moved to the caching layer: Both companies updated their caching services this week.
 
An optical interconnect introduced by Intel on Wednesday may someday slim down cabling throughout data centers if the company can get enough vendors to mass-produce it.
 
The passwords most people choose could be stronger, but providers need to make it easier to create really strong passphrases. And when will we be able to leave passwords behind and use alternative authentication methods instead?
 
Oracle E-Business Suite CVE-2013-3749 Remote Password Disclosure Vulnerability
 
Qualcomm Wednesday unveiled a smartwatch it says will have a low-power Mirasol display and be compatible with Android mobile devices.
 
Searching through Twitter's archive of tweets can be frustrating -- they are sorted on the site by Twitter's own algorithms, and older tweets tend to get buried. Google? Forget it. Topsy, an analytics company, wants to do it better.
 
Hundreds of people had private moments broadcast publicly over the Internet through security cameras they bought from a vendor that got in hot water with the U.S. Federal Trade Commission.
 
Google is ramping up plans to open an app store focused solely on Google Glass, the computerized eyeglasses expected to launch in 2014.
 
Early reaction to Samsung's new Galaxy Gear smartwatch, announced Wednesday in Berlin, was decidedly downbeat if not downright negative.
 

Some users of Kim Dotcom's Mega storage system are in a lather about a new browser extension that extracts their master encryption key from computer memory and displays it in a window. While the recently unveiled MEGApwn bookmarklet works as advertised, the general weakness it highlights is common across a variety of similar services, including Apple's iCloud. As such, the uproar in response to the hyperbolically named MEGApwn is largely an overreaction.

More about that in a moment. First, a quick description of the software itself. MEGApwn is a bookmarklet containing JavaScript commands that extend a browser's capabilities. When imported into a compatible browser, it plucks any Mega master encryption keys that may be stored in memory and displays them to the user. The takeaway according to creator Michael Koziarski: it's not as hard as many people think for a criminal hacker or a government agency armed with a secret or not-so-secret demand to gain complete access to the plaintext files stored in the cloud service.

"Any warrant or subpoena issued to Mega for your files simply has to ask for your master key, which Mega can retrieve, and prohibit Mega from telling you about it," Koziarski's webpage warned. He went on to cite a case from 2007 in which encrypted e-mail provider Hushmail turned over 12-CDs-worth of e-mails from three account users named in a Canadian court order that targeted illegal steroids distribution. According to Wired, the evidence was most likely decrypted by exploiting a vulnerability that allowed operators to log the users' plain-text password when they accessed the service.

Read 8 remaining paragraphs | Comments


    






 
After several months of speculation and a few weeks of hype, the first smartwatch from the world's number one smartphone maker was launched on Wednesday at the IFA electronics show in Berlin.
 
There are few consumer electronics products as hyped at present as so-called smartwatches.
 
Two Romanian men were sentenced Wednesday to serve prison sentences for remotely hacking into hundreds of U.S. merchants' computers and stealing payment card data, the U.S. Department of Justice said.
 
Microsoft is preparing to roll out a new version of its Dynamics NAV ERP software that includes a key feature for cloud-based deployments as well as tighter integration with Office.
 
Samsung Electronics' Galaxy Note 3 has faster processors, a bigger screen with better resolution, and more RAM than its predecessor, yet it is thinner and lighter.
 
Asustek on Wednesday announced new tablets with different screen sizes, adding new 6-inch and 7-inch models to its Fonepad lineup and also two new 8- and 10-inch Memo Pad tablets.
 
As tech behemoths Google and Microsoft try to win over public-sector CIOs with their cloud-based productivity suites, government agencies eye cost savings and an increase in productivity and collaboration.
 
It's the IFA electronics show in Berlin so that means it's time for Samsung to launch a new Note, one of its large-screened smartphones.
 
Samsung's Galaxy Gear is here, launched on Wednesday at Germany's IFA electronics show.
 
The Apache Cassandra NoSQL distributed data store continues to accumulate features that mimic traditional databases, with the newly released version 2 of the open source software offering triggers, lightweight transactions and an updated query language similar to SQL.
 
Sony is hoping the world's smartphone users place a premium on photography and perhaps have a problem keeping their phones dry.
 
The Korean press reports that a fire in Hynix's fabrication plants 1 and 2 in China may put DRAM shipments on hold for the foreseeable future. Hynix is responsible for about 30% of the world's DRAM production.
 
Microsoft's Xbox One will become available on Nov. 22 and the company has made the game console faster by cranking up the clock speeds of the CPU and graphics processor.
 
Linux Kernel '/net/core/scm.c' nsproxy Local Privilege Escalation Vulnerability
 
Panasonic on Wednesday announced the company's first 4K TV, which allows users to play content from a USB drive or the Internet, and briefly showed its Windows 8-based, 20-inch 4K tablet.
 
Sub-$200 smartphones and robust sales of smartphones in emerging countries are driving a rebound in the worldwide mobile phone market this year, IDC said Wednesday.
 
The Korean press reports that a huge explosion and fire in Hynix's fabrication plants 1 and 2 in China may put DRAM shipments on hold for the foreseeable future. Hynix is responsible for about 30% of the world's DRAM production.
 
Gartner just published its updated Infrastructure as a Service Magic Quadrant, and it's extremely sobering news for the cloud service provider industry.
 
Version 2.0 of the HDMI specification offers a significant increase in bandwidth to support new features such as 4K (2160p), which has four times the clarity of 1080p resolution.
 
Imagemagick 'gif.c' Memory Corruption Vulnerability
 
EU privacy hawks and U.S. cloud providers have seen their near-term outlooks swing following the former NSA contractor's disclosures.
 
Apache Struts CVE-2013-2248 Multiple Open Redirection Vulnerabilities
 

InfoSec Skills Launches Strategic Partnership with Wisdom Education Group in ...
PR.com (press release)
InfoSec Skills has announced a new strategic partnership with the Wisdom Education Group, based in the United Arab Emirates (UAE), to deliver accredited Information Security training into the region. This is the first initiative of its kind and one ...

 
SEC Consult SA-20130904-0 :: GroupLink everything HelpDesk - undocumented password reset/admin takeover and XSS vulnerabilities
 
Call for Paper/Event - nullcon Goa 2014
 
Samsung Knox smartphones will include mobile security software from Lookout to protect business users from mobile threats, the San Francisco company said Tuesday.
 
A security researcher said Facebook will award him $12,500 for finding a flaw that lets anyone remove photos from another person's profile.
 
Cisco's Internet of Everything router could be a converged multiservice/transport platform the company believes is ready to launch soon.
 
Silent Circle, a company specializing in encrypted communications, released a messaging application for Android devices on Wednesday that encrypts and securely erases messages and files.
 
Supermicro IPMI Web Interface Multiple Stack-Based Buffer Overflow Vulnerabilities
 
Supermicro IPMI Web Interface Unspecified Remote Privilege Escalation Vulnerability
 
Supermicro IPMI Web Interface Unspecified Remote Arbitrary Shell Command Injection
 
The U.S. isn't doing a good job keeping secrets. Think Edward Snowden. But demand for trustworthy IT professionals is strong, especially if they want to work for Amazon Web Services.
 
The last of JR Raphael's three-part how-to series includes advanced tips and tricks to help you take your Google+ experience to the next level.
 
EMC's VNX hybrid storage line is now built for flash first, with revamped software that can take full advantage of multicore processors, producing what the company calls a major boost in performance.
 
Apple is holding perhaps its first ever media event in China on Sept. 11, signaling that the U.S. company is paying greater attention to the nation's thriving tech market.
 

Posted by InfoSec News on Sep 04

http://www.nytimes.com/2013/09/01/opinion/sunday/squirrel-power.html

By JON MOOALLEM
The New York Times
August 31, 2013

SOME say the world will end in fire. Some say ice. Some say coordinated
kamikaze attacks on the power grid by squirrels.

At least, some have been saying that to me, when they find out I’ve spent
the summer keeping track of power outages caused by squirrels.

Power outages caused by squirrels are a new hobby of mine, a...
 

Posted by InfoSec News on Sep 04

http://www.defenseone.com/technology/2013/08/why-us-should-use-cyber-weapons-against-syria/69776/

By Jason Healey
Defense One
August 30, 2013

If the Obama administration does conduct military strikes against Syria,
as seems likely, it should use military cyber weapons at the earliest
possible moment to show the upside of military cyber power. Though this is
risky, as it puts the focus on the U.S. militarization of cyberspace, it
is likely...
 

Posted by InfoSec News on Sep 04

http://arstechnica.com/gadgets/2013/09/balky-carriers-and-slow-oems-step-aside-google-is-defragging-android/

By Ron Amadeo
Ars Technica
Sept 2 2013

Android 4.3 was released to Nexus devices a little over a month ago, but,
as is usual with Android updates, it's taking much longer to roll out the
general public. Right now, a little over six percent of Android users have
the latest version. And if you pay attention to the various Android...
 

Posted by InfoSec News on Sep 04

Forwarded from: Christoforos Ntantogian <dadoyan (at) unipi.gr>

************************* Call for participation***********************
***********************************************************************

EUROPKI 2013: 10th European Workshop on Public Key Infrastructures, Services
and Applications

September 12th-13th September 2013, RHUL, Egham, UK. In conjunction with
ESORICS 2013

URL: https://www.nics.uma.es/EuroPKI2013/...
 

Posted by InfoSec News on Sep 04

http://en.apa.az/news/198820

APA Economics
04 September 2013

Baku. Aqshin Rafigoglu - APA-Economics. International hacker group
"Anonymous" announced about successful hacking of Azerbaijani "Azerenergy"
OJSC.

As a result of it 80 important documents, including financial statements
and other X files appeared in the public domain. The representatives of
"Anonymous" posted links to archive files with a total of 7...
 
[PSA-2013-0903-1] Apple Safari Heap Buffer Overflow
 
[SECURITY] [DSA 2750-1] imagemagick security update
 
Internet Storm Center Infocon Status