Hackin9

eWeek

CounterTack Updates Sentinel Endpoint Threat Detection Platform
eWeek
"Defending against advanced persistent threats and protecting our organization and customers from threats like Dark Seoul are our top priorities," Jae Woo Lee, general manager of the managed security service team at SK Infosec, said in a statement.

 
Yahoo has acquired Aviate, a startup that developed a technology to organize the home screen of the user's Android device based on what the user is doing.
 
Sony will launch a laser projector that can turn your living room wall into a giant, 147-inch 4K display with ultra high definition.
 
Yahoo CEO Marissa Mayer got some help from "Saturday Night Live" cast members Tuesday when she took the stage at the International CES to announce a new app called Yahoo News Digest.
 
Sony's new streaming video service, due to launch in the U.S. later this year, isn't intended as a direct competitor to cable television, CEO Kaz Hirai said Tuesday.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Toshiba in the second quarter of this year will start making flash drives for smartphones and tablets that are substantially faster, smaller and more power-efficient than current NAND flash, the company said on Tuesday.
 
Ford CEO Alan Mulally, seeking to end speculation over a possible move to Microsoft, told the Associated Press on Monday that he will not become the software company's next CEO.
 
Convertible laptops are already becoming commonplace in the market, but Toshiba is taking the idea to the extreme with a concept PC that can physically change into five different modes.
 
TV sales are picking up as consumers begin to replace their first flat-screen HDTVs, but don't expect a significant surge in sales of UHD-TVs this year.
 
Sprint will let friends, neighbors or any other group join up for savings on monthly bills under the Sprint Framily Plan, announced Tuesday.
 

More security researchers are pulling out of next month's RSA security conference in protest of recent revelations that the event's namesake, EMC-owned subsidiary RSA, received $10 million to make an NSA-favored random number generator the default setting in its BSAFE crypto tool.

By Tuesday afternoon, there were eight previously scheduled RSA participants who had publicly cancelled their engagements. They included Adam Langley and Chris Palmer, both on various security teams at Google; Chris Soghoian, principal technologist for the American Civil Liberties Union; EFF special counsel Marcia Hoffman; Mozilla Global Privacy and Public Policy Leader Alex Fowler; Josh Thomas, who is listed as "chief breaking officer" at Atredis Partners; and Jeffrey Carr, CEO of security consultancy Taia Global. They joined F-Secure Chief Research Officer Mikko Hypponen, who announced his plans to withdraw two weeks ago.

"I've become convinced that a public stance serves more than self-aggrandizement, so I've pulled out of the Cryptographers Panel at RSA 2014," Langley wrote on Twitter Tuesday. "(I had already decided not to do it, but I pondered for a while whether I should say anything in public)," he wrote in a follow-up tweet.

Read 3 remaining paragraphs | Comments

 
Rounding out its hosting service for millions of users, the GitHub online code repository has added more bandwidth for project home pages and has introduced analytics to summarize the Web traffic each project generates.
 
CIO.com talked to Som Mittal, departing president of India's National Association of Software and Services Companies, about immigration policy and protectionist politics in the U.S., political and economic instability at home, and what the future holds for the Indian IT services industry.
 
More PC makers are bringing Android to desktops as users increasingly turn to the Internet for apps, storage and entertainment.
 
The U.S. House of Representatives is moving toward votes on two bills intended to put a spotlight on the inner workings of HealthCare.gov, the health insurance shopping site recovering from a rocky rollout in late 2013.
 
Recently-installed BlackBerry CEO John Chen is on a mission to restore the ailing company to financial health, largely by restoring faith in BlackBerry among corporate CIO's and other traditional enterprise customers.
 
Two California lawmakers this week introduced a bill that would prohibit state agencies and corporations from providing material support to the National Security Agency.
 
Gartner today said Windows will recover from its two-year slump, with total device shipments running the operating system climbing by nearly 10% in 2014 and almost 18% in 2015.
 
Microsoft has backtracked on a suggested fix it offered repeatedly on its support forum for over two months for users having problems with SkyDrive on Windows 8.1.
 
Are you seeking a job in an IT department that recently drew the ire of the President of the United States? If so, you might be interested in the job of CTO at the Centers for Medicare & Medicaid Services.
 
Over the past few weeks, I've had arguments with friends in the information security echo chamber about whether it was prudent of me to make public comments about the security the beleaguered Healthcare.gov website when I had not actually performed a formal assessment of it. My answer -- that I'd assessed all I needed to reach my conclusions -- failed to satisfy some.
 
Rein it in, report says.

A National Security Agency employee will continue to co-chair an influential group that helps to develop cryptographic standards designed to protect Internet communications, despite calls that he should be removed.

Kevin Igoe, a senior cryptographer with the NSA's Commercial Solutions Center, is one of two co-chairs of the Crypto Forum Research Group (CFRG), which provides cryptographic guidance to working groups that develop widely used standards for the Internet Engineering Task Force (IETF). On Sunday, the chair of the group that oversees appointments to the CFRG rejected a recent call that Igoe be removed in light of recent revelations that the NSA has worked to deliberately weaken international encryption standards.

"Widespread wiretapping by nation-state adversaries is a threat unlike any other in the history of the Internet, but I do not believe that preventing interested people from participating in the IRTF or IETF based solely on their affiliation will help us combat that threat," Lars Eggert, chair of the Internet Research Task Force (IRTF), wrote in an e-mail. The IRTF focuses on long-term research and is responsible for the CFRG and eight other research groups. Meanwhile, the IETF is a parallel organization that focuses on shorter term engineering standards that are crucial for the Internet, such as the Transport Layer Security (TLS) protocol for Web encryption.

Read 8 remaining paragraphs | Comments

 
With all the smartphones on the market, Chinese company ZTE is hoping to set its phones apart by bringing voice-assistant technology to its newest flagship device, the Grand S II.
 
When humans make it to Mars, they'll be following the trail of the robots that preceded them.
 
Car makers such as Audi and GM are integrating LTE wireless technology in their new models, offering customers faster access to the Internet but not much choice since they have both signed deals with AT&T.
 
Banking on its deep expertise in mathematical analysis and visualization, Wolfram Research is extending its set of tools so they can be used by portable device manufacturers to offer richer, more interactive data to their users.
 
RETIRED:Linux Kernel CVE-2013-6405 Memory Leak Multiple Local Information Disclosure Vulnerabilities
 
Ruby Phusion Passenger Gem CVE-2013-2119 Insecure Temporary File Creation Vulnerability
 
Smartwatches and other wearable computing devices are getting plenty of buzz at International CES this year, but it remains to be seen if, and when, the gadgets will achieve broader consumer interest.
 
ProjectForge Multiple HTML Injection and Cross Site Request Forgery Vulnerabilities
 
Apple sold more than $10 billion worth of iOS apps in 2013, the company said today.
 
Social media professionals need to have a specific set of communication and technical skills as well as varied experience if you expect them to be a strategic part of your business in 2014.
 
[SECURITY] [DSA 2837-1] openssl security update
 
SPAMINA EMAIL FIREWALL 3.3.1.1 - Directory Traversal -
 
Synology DiskStation Manager 'imageSelector.cgi' Remote Command Execution Vulnerability
 
Web2ldap Unspecified Cross Site Scripting Vulnerability
 
Codiad 'Project Name' Field Cross Site Scripting Vulnerability
 
Opsview Multiple Security Vulnerabilities
 

CounterTack Unveils Next Generation of Sentinel for Endpoint Threat Detection ...
Marketwired (press release)
"Defending against advanced persistent threats and protecting our organization and customers from threats like Dark Seoul are our top priorities," said Jae Woo Lee, General Manager of the Managed Security Service Team, SK Infosec. "We needed a platform ...

and more »
 
A new Trojan program is targeting users of the popular online role-playing game World of Warcraft and is capable of hijacking accounts even if their owners use two-factor authentication.
 
Oracle is buying Corente, maker of SDN technology for WANs, in a strike against competitors such as Cisco and IBM. Terms of the deal weren't disclosed.
 
This year vendors will ship 1.1 billion devices based on Android, while Windows stages a small comeback and the number of Apple machines, percentage-wise, increases the most, according to estimates from market research company Gartner.
 

Openssl project has announced a new realse of openssl 1.0.01 open source toolkit for SSl/TLS.The new release has fixed several bugs as the following :

Major changes between OpenSSL 1.0.0k and OpenSSL 1.0.0l [6 Jan 2014]

Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]:

Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]:

Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]:

Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:

Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:

Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:

Check for malformed RFC3779 data CVE-2011-4577

For more details :

http://www.openssl.org/news/openssl-1.0.0-notes.html

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
AusCERT2014 Call for Presentations and Tutorials
 
[HITB-Announce] HITB Magazine Issue 10 Out Now
 
Sony added nine more models in three series to its 4K TV range at the International CES show on Monday, promising cheaper offerings but not specifying prices.
 
GlobalFoundries, a contract chip manufacturer that works closely with semiconductor companies, appointed former Motorola Mobility CEO Sanjay Jha as its chief executive Monday.
 
Cisco NX-OS BGP Message Denial of Service Vulnerability
 
Intel hopes a new mini-computer the size of an SD card will drive growth for it in the wearables market.
 
Intel is developing a smart wrist device and showing a host of prototype wearable devices at this week's International CES trade show with the hope to find the next big hit.
 
Intel's CEO, battling to keep the company relevant as computing moves beyond the PC, introduced a new line of wearable computers Monday night, including a connected smartwatch and a pair of earbuds with a built-in heart monitor.
 
Moore's Law created a stable era for technology, and now that era is nearing its end. But it may be a blessing to say goodbye to a rule that has driven the semiconductor industry since the 1960s.
 
If your company doesn't yet have a mobile-specific privacy policy, it's time to get to work.
 
Media reports two weeks ago that Chromebooks had had a successful 2013 drew criticism from analysts, including one whose data sparked the coverage.
 
Linux Kernel 'oz_cdev_write()' Function Local Buffer Overflow Vulnerability
 

In Search Of A Warmer Security Blanket
Forbes
And the scariest of all of them is security. As Dave Piscitello, vice-president of security for ICANN, lamented in My 5 Wishes For Security In 2014, “Year-end security predictions are really hard for InfoSec practitioners, in no small part because so ...

and more »
 
Internet Storm Center Infocon Status