Hackin9
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The Internet is a distracting place. Cat videos, recipes, and interesting blog posts all conspire to steal our focus and distract us from whatever we've set out to do in the first place. One way you can deal with this constant barrage of brain candy by blocking it out with procrastination-curbing applications such as Cold Turkey. Another possible way is to save all those interesting distractions for later, carrying on with your day secure in the knowledge you'll get to them when the time is right. If that sort of distraction management appeals to you, you're going to like free Web-based service Pocket.
 
There's a maxim in the data center business that you can't manage what you can't measure, and eBay has come up with the mother of all measurement systems for calculating data center efficiency.
 
Schneider Electric Products Multiple Security Vulnerabilities
 
POS virtualization takes Warnaco Asia on a rapid expansion path.Warnaco Asia, the retail distributor for Calvin Klein, took a bold move five years ago--it virtualized the POS system.
 
i-doit CVE-2013-1413 Multiple Cross Site Scripting Vulnerabilities
 
At RSA Conference 2013, experts from the FBI said insider threat detection hinges not on technology, but on a multifaceted 'people-centric' approach.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Some thousand-plus Google users have been subject to FBI security information requests since 2009, the company said Tuesday. The data build on Google's already existing tally of government data requests.
 
To speed development and adoption of electronic health records (EHRs) for pediatrics, a group of experts from industry, academia and government convened by the National Institute of Standards and Technology (NIST) has focused its ...
 
When you hear the term amp"cultural heritage,amp" what springs to mind? The dramas of Tennessee Williams, the paintings of Georgia Oamp'Keeffe? Software from the early 1980s? The National Institute of Standards and Technology (NIST) and ...
 
New legislation in the U.S. Congress would establish a government task force to monitor domestic and overseas policy proposals that could threaten Internet freedom.
 
The U.S. Congress needs to fix skilled immigration programs by encouraging talented immigrants to permanently move to the country, a group of witnesses told a congressional subcommittee.
 
The National Institute of Standards and Technology (NIST) will host the 26th annual conference of the Federal Information Systems Security Educatorsamp' Association (FISSEA) March 19-21, 2013, at its Gaithersburg, Md., ...
 
Three members of the National Institute of Standards and Technologys (NIST) Information Technology Laboratory were named to the 2013 list of the top 100 government, industry and academic leaders in the federal government IT community. ...
 
Microsoft today denied reports that it has halted its anti-Google "Scroogled" campaign, and trumpeted the number of signatures its online petition has accumulated.
 
Dell has released a new software product designed to make solid-state-drive caching on servers more efficient, resulting in improved performance of applications such as databases.
 
After evaluating more than 150 new cloud ventures, here are the top 10 cloud startups. These companies are shaping--or have the potential to shape--how the cloud computing market will evolve.
 
One of the big problems standing in the way of getting anything that remotely resembles a concern among Internet companies for the privacy rights of their customers is that there has been no business reason for any such concern. That may be changing, but don't bet big on the possibility.
 
CRM (customer relationship management) software will be the top priority for additional spending on enterprise applications around the world this year and next, according to newly released data from analyst firm Gartner.
 
At the IBM Pulse conference here this week City of Boston CIO Bill Oates showed off a new city-made app that piqued the interest of attendees like Gary Gilot, an engineer who heads the public works board in South Bend, Ind.
 
The $50 BearExtender Mini is the follow-up to the company's 2010 BearExtender n3. Like its predecessor, the BearExtender Mini's goal is to let you use your Mac from further away from your wireless base station. The new model is half the size of and more powerful than the original n3.
 
PHP Arbitrary File Disclosure and Arbitrary File Write Vulnerabilities
 
RSA's Art Coviello explains why the shortcomings of current mainstream security products are part of what's driving enterprise interest in big data.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Augmented reality and 3D printing are the hottest emerging technologies to watch, according to Tom Soderstrom, chief technology officer for NASA Jet Propulsion Laboratory.
 
Samsung is planning to transform business mobile devices into intrusion-proof data containers for business data, using its end-to-end security solution KNOX


 
libxml XML Entity Name Heap Buffer Overflow Vulnerability
 
RE: [Full-disclosure] Remote system freeze thanks to Kaspersky Internet Security 2013 (SA52053)
 
[PT-2013-17] Arbitrary Files Reading in mnoGoSearch
 
WordPress Count-Per-Day plugin 3.2.5. Type-1 (reflected) Cross Site Scripting (XSS)
 
[SECURITY] [DSA 2638-1] openafs security update
 
European antitrust regulators will reportedly slap Microsoft with a "large fine" Wednesday for failing to live up to a 2009 settlement that requires it to offer Windows users a browser ballot.
 
Off-the-shelf consumer handheld computers are showing up in some of the most precarious of workplaces.
 
Intel has expanded its bring-your-own-device (BYOD) program, which has been a resounding success, providing around 5 million hours of annual productivity gains last year, the company said.
 
IBM executives are working with healthcare systems to perfect supercomputer Watson's ability to diagnose and suggest treatments. And by 2020, Watson could fit on a smartphone.
 
NASA's Mars rover Curiosity is out of safe mode and back on active status after computer trouble had sidelined the vehicle for nearly a week.
 
Is offensive security or 'hacking back' a viable cyberdefense tactic? RSA Conference 2013 experts struggled to define the terms, never mind the role they play.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
At RSA 2013, experts Ed Skoudis and Johannes Ullrich explained how the SANS CyberCity supports offensive forensics and helps prevent kinetic attacks.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
VMware's Horizon Mirage 4.0 allows IT departments to be more flexible when they put together centrally managed desktop images using separated application packages.
 
Oracle has rolled out version X3-2 of its Database Appliance for small and medium-sized businesses that it says delivers up to twice the speed and more than four times as much storage as the first edition, which was launched in 2011.
 
Many accounts exist that aren't associated with individual people, and theyve gotten out of control.
 
Software vendors, academic institutions and government agencies united on Tuesday to tackle European youth unemployment and the IT skills shortage with a new online education platform.
 
After 12 successive quarters of double-digit growth at SAP, co-CEO Jim Hagemann Snabe is now pinning his future hopes on the company's recently acquired Ariba e-commerce network.
 
China signaled it wishes to reduce its dependence on Google's Android OS, alleging that the U.S. company has discriminated against local firms over the use of the mobile operating system.
 
A security hole in sudo has been discovered. By resetting the Unix system time, users can, under certain conditions, execute commands which would otherwise require root privileges


 
Adobe Flash Player and AIR CVE-2012-5276 Buffer Overflow Vulnerability
 
Adobe Flash Player and AIR CVE-2012-5277 Buffer Overflow Vulnerability
 

IPv6 in this part of the planet is not very advanced, as in the deployment isnt. Whilst companies and telcos realise that the end so to speak is nigh for IPv4 uptake is rather slow in AU at least. Telcos are however quickly addressing this and no doubt a number of them are close to enabling IPv6 to your gateway. If they havent already. This brings be to my favourite devices, firewalls.

During a bunch of security reviews over the last year or so we typically spend a little bit of time looking at the IPv6 setups and requirements in the organisations. We certainly found that people quite readily state they have no IPv6 in their environment, however often when they RDP, SSH or otherwise connect to a more recent version of insert your favourite OS here, the connection is most definately IPv6. When you then look at firewall configurations you often find nice looking IPv4 rules to control traffic and a less than ideal default for IPv6 ANY, ANY, ANY permit. So does that mean when your telco enables IPv6 to your gateway, traffic can leave? Potentially yes, it does depend on a number of other factors, but the core of it is that people do not realise they may be leaking. Even if traffic to the internet is restricted, what about other network segments? In a PCI DSS pentest, connectivity via IPv4, nope, nicely segmented. IPv6 please come through, full access.

Another thing to remember with firewalls is that IPv6 is relatively new to them as well. So maybe you need to check out whether your product does support IPv6 and if the answer is yes, to what extent.



What about other devices in the network, your switches and routers. will their current or even latest OS support you IPv6 requirements. Printers, Multifunction devices etc, do they support it. Do they have defaults that really do not help you out from a security perspective.



For today that is what I would like to hear from you. What devices have you come across that have interesting IPv6 defaults. Maybe they dont support it fully. Maybe they just get it wrong. One firewall a few years ago (fixed now) did IPv6 to IPv4 translation a bit diferrently and mangled the IPv4 packets that resulted. So what are your IPv6 watch out for this tips?



Mark
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Apple on Monday patched Java 6 for OS X, following Oracle's lead and quashing a browser plug-in vulnerability that hackers have been exploiting.
 
Seagate announced new models of its 2.5-in. hybrid laptop drives with 40% better performance, as well as its first 3.5-in. desktop hybrid drive.
 
According to Sophos, the USA is once again the number one country when it comes to relaying spam email. Aggregated by continent, Asia leads the group with 36.6% emitted from countries located there


 
RETIRED: Piwigo 'dl' Parameter Directory Traversal Vulnerability
 
Piwigo 'dl' Parameter Directory Traversal Vulnerability
 
Fujitsu promises that although the new business laptops in its Lifebook E Line come in screen sizes from 13.3 inches to 15.6 inches, all will use the same standard components, including the main board, drives for the modular expansion bay, and AC adapters.
 
ID'ing fraud is a good first step, but the power of analytics won't be tapped until agencies can share data more freely. Insider (registration required)
 
Opinions expressed on Twitter differ from public opinion measured by surveys on key political events and policy issues, reflecting that users of the Internet service are demographically very different from the public, according to a study by Pew Research Center.
 
Microsoft has acquired MetricsHub, a startup focused on technology for automating cloud performance management.
 
Twitter will end support for TweetDeck on the iPhone and Android in order to focus solely on browser-based versions for those platforms. And it is also apparently dumping Facebook.
 
Facebook is working to set the record straight following a report suggesting that the site is gaming its News Feed so that people who pay to promote their posts will get more interaction from users than those who don't.
 
A computer problem onboard the Mars rover Curiosity has forced NASA scientists to put the rover into safe mode while they try to bring a backup system online and try to figure out what is wrong with the main computer.
 
Part of what Microsoft hopes customers will understand about Windows Phone 8 smartphones is that they are linked to an ecosystem that includes Excel, PowerPoint and Word.
 
EMC today announced its first purpose-built, all SSD array along new PCIe server flash cards and a new software suite that can offer administrators a single view of all their flash assets across the data center.
 
Oracle was informed of flaws at the start of February but says their fixes missed the update over two weeks later. The fixes were planned for April until FireEye found the same flaws being exploited in the wild


 
Oracle Java SE CVE-2013-1493 Remote Code Execution Vulnerability
 
Nginx 'access.log' Insecure File Permissions Vulnerability
 

Wannabe infosec kiddies put Enigma Bombe machine to the test
Register
GCHQ historians will this month put the team that rebuilt the British code-cracking Bombe machine to the test in a third Enigma Challenge. The Bombe squad will race against time to break Enigma-encoded messages sent by members of the public and ...

 
OpenStack Keystone CVE-2013-0282 Security Bypass Vulnerability
 
Internet Storm Center Infocon Status