Hackin9

InfoSec News


Help Net Security

InfoSec World 2012 to highlight evolving threats
Help Net Security
At InfoSec World Conference & Expo 2012, information security professionals gather for three days to share their experiences and products and to learn the latest information security trends and techniques. This year's event will take place on April 2-4 ...

 
Anonymous has just released another video this time in the name of OpBahrain in which they state they will waste your servers.


 

Govt seeds Oz infosec council with $150K
ZDNet Australia
The Australian Government has announced that it is backing the establishment of an Australian branch of the Council of Registered Ethical Security Testers (CREST). CREST is a not-for-profit organisation that offers certifications of organisations and ...

and more »
 
follow on facebook


 
Anonymous have released a video that explains the new #OpKONY2012, transcript below.


 
This message is to inform public about Anonymous Turkey regarding hacking of office of prime minister website.


 
Anonymous have announced a message for the American government regarding the Occupy movement.


 
Over the past week or so the Internet has pretty much blown up over the news that a well known hacker who flew under the anonymous flag was working with police on a very close level to arrest and charge other alleged hackers.


 
Microsoft?s March bundle of updates repairs seven vulnerabilities, including a critical Windows flaw.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
We have all seen the question of whether or not our organization needs business continuity software come up many times over the last several years, and it is a question worth seriously considering.
 
For the last few weeks I've been wrestling with my new AT&T U-Verse DSL service and in my last two Gearhead column I discussed my travails after which you might have assumed all would be well, that AT&T would have pulled out all the stops and sorted out my issues. Alas, this week I'm no happier and, apparently, neither are many of you.
 
GNU Gnash Cookie Files Local Information Disclosure Vulnerability
 
Facebook will soon roll out an "Add Interests" menu option that allows its users to subscribe to content feeds by subject area, the company said on Thursday.
 
Microsoft has released as open source a program that helps users link different Windows applications in a single workflow.
 
FreeType Versions Prior to 2.4.9 Multiple Remote Vulnerabilities
 
[SECURITY] [DSA 2428-1] freetype security update
 
The solar storm buffeting the Earth on Thursday isn't as bad as physicists had expected, but there's still a chance it could get worse before it's over.
 
Now that Apple has unveiled the new iPad and is touting what's changed, like the screen, and what hasn't, like the prices, you've got questions. We've got the answers.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

TeleSign Selected as the 2012 InfoSec Global Product Excellence Award Winner ...
SYS-CON Media (press release)
LOS ANGELES, CA -- (Marketwire) -- 03/08/12 -- TeleSign, a market leader in Internet fraud prevention and Intelligent Authentication, today announced that Info Security Products Guide, the industry's leading information security research and advisory ...

 
Eleytt Research ER-03-2012
 

TeleSign Selected as the 2012 InfoSec Global Product Excellence Award Winner ...
Marketwire (press release)
LOS ANGELES, CA--(Marketwire - Mar 8, 2012) - TeleSign, a market leader in Internet fraud prevention and Intelligent Authentication, today announced that Info Security Products Guide, the industry's leading information security research and advisory ...

 
Malware experts from Kaspersky Lab have asked the programming community for help identifying the programming language, compiler or framework that was used to write an important part of the Duqu Trojan, in the hope that it could reveal clues about who created it or why.
 
Apple's new mobile operating system, iOS 5.1, not only includes a number of new features, but also a large list of security relavant patches. Eventually, a link to the patches will be listed on Apple's security update page (http://support.apple.com/kb/HT1222)
iOS fixes the latest passcode lock bypass (CVE-2012-0644). In addition, a number of Safari and Webkit issues are fixed. In addition, code execution issues are fixed in the HFS subsystem (exploitable by mounting a corrupt disk), libresolv, and VPN configuration.
Note that the new Apple TV operating system, as well as the iTunes update add security fixes as well as new features. An update is recommended.

------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Google Chrome Prior to 14.0.835.202 Multiple Security Vulnerabilities
 
SAP Business Objects XI R2 Infoview Multiple XSS
 
Pitrinec MacroToolworks 7.5 - Buffer Overflow Vulnerability
 
Enterasys SecureStack Switch v6.x - Multiple Vulnerabilities
 
Ilient SysAid v8.5.05 - Multiple Web Vulnerabilities
 
Microsoft will deliver what's expected to be a comprehensive update on its plans to bring the Dynamics line of ERP (enterprise resource planning) software to its Azure cloud service during its Convergence conference, which starts March 18 in Houston.
 
Worldwide PC shipments are on track for a small increase, but will remain weak throughout 2012, according to industry analyst firm Gartner.
 
The new iPad's LTE and HD video make a powerful combination, but could end up costing users, or their employers, a bundle.
 
Shaw reviews Xerox Mobile Scanner, by Xerox.
 
The new Apple iPad, which sports a higher-resolution screen, a 1080p HD camera and LTE network capability, will likely entice millions of buyers -- but it could bog down corporate networks and give IT managers headaches.
 
Samba 'etc/mtab' File Appending Local Denial of Service Vulnerability
 
[Suspected Spam] Barracuda WAF 660 v7.6.0.028 - Cross Site Vulnerability
 
APPLE-SA-2012-03-07-3 Apple TV 5.0
 
APPLE-SA-2012-03-07-2 iOS 5.1 Software Update
 
APPLE-SA-2012-03-07-1 iTunes 10.6
 

Changes to the data protection regulations are on the way for the 27 countries of the European Union, and the fallout in Europe serves as a good case study for U.S. governing bodies and businesses who are also playing tug-of-war over compliance regulations.

Businesses in the U.K. are steaming over the DPA proposals. In fact, our U.K. bureau chief, Ron Condon, described the reaction of the Confederation of British Industry (CBI), a lobbying organization representing more than a quarter-million companies, as “hostile.”  Why such a severe reaction to proposed European privacy laws that, according to the European Commission, will save businesses £2.3 billion (about $3.6 billion) per year? 

As part of the new data protection regime, businesses operating in the EU will need to ask consumers for explicit permission to capture the consumer’s data. Businesses fear just asking for permission will make consumers nervous, and nervous consumers can be miserly consumers.

It appears businesses may be right to worry. Consider what happened to the Information Commissioner’s Office in the U.K. when it implemented its own PECR regulation, specifically asking all site visitors for permission to place a cookie on their computer.  According to the BBC, the ICO website normally received 12,000 site visitors per day, but after debuting the cookie request notice, the number of visitors dropped to about 1,400 per day. 

Actually, the number of visitors willing to be tracked dropped. The ICO said only about 10% of its visitors accepted the cookie. The other 90% were probably still there; they may have simply declined to be tracked.

This could have serious repercussions to the way many businesses operate today. Without knowing which pages visitors look at, how long they study a product page, or the order they place products in the online shopping cart, businesses will lose crucial information they need to direct their strategies. Some businesses, I wager, may even go out of business once deprived of customer information.

Where should the line be drawn between visitors who want to be anonymous, and businesses who can’t serve their customers’ needs without fundamental information about who those customers are? 

The ICO holds out hope that, eventually, users won’t be so easily scared off by cookie warnings, but I see this playing out another way.  I got an inkling from an incident at RSA Conference 2012 last week.

A security vendor had a representative standing on Howard Street, flagging down anyone walking by who was wearing an RSA conference badge. In return for handing over a business card, the passerby received a $5.00 Starbucks gift card. Apparently $5.00 is the price this particular vendor was willing to pay for an RSA attendee to share their basic information.

As for me, I’m wondering how many cookies I can buy for $5.00 at Starbucks.  



Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

TeleSign Selected as the 2012 InfoSec Global Product Excellence Award Winner ...
Broadcast Newsroom
LOS ANGELES, CA -- (Marketwire) -- 03/08/12 -- TeleSign, a market leader in Internet fraud prevention and Intelligent Authentication, today announced that Info Security Products Guide, the industry's leading information security research and advisory ...

 
StarDock, a company known for software that customizes Windows has released a free tool that restores the Start button to Microsoft's Windows 8 Consumer Preview.
 
The U.S. Department of Justice has warned Apple and five U.S. book publishers that it is planning to file lawsuits against them for allegedly colluding to fix the prices of e-books, according to a media report.
 
Over the past week or so RedHackers have been in the media alot with a recent police hack that has already seen some emails and other data leaked.


 
Well after much rumors, its true and its been leaked, Anonymous have announced that they have leaked the Full Symantec norton antivirus source code from the 2006 version.


 
[SECURITY] [DSA 2429-1] mysql-5.1 security update
 
At PCWorld, we take the testing of PCs seriously. It is our aim to use reliable, repeatable tests that provide a broad and accurate picture of how well a laptop, desktop, or all-in-one PC performs. We want you to be able to tell immediately whether one computer is faster than another--and more important, whether it is fast enough for your needs.
 
Google's Chrome fell to researchers' exploits Wednesday in both hacking challenges running this week at the CanSecWest security conference.
 
Apple Mac OS X CVE-2011-3453 Integer Overflow Vulnerability
 

TeleSign Selected as the 2012 InfoSec Global Product Excellence Award Winner ...
Broadcast Newsroom
You`ve finally finished your latest video game. Now what? Here`s how to get it out there. Read More It's not a shock that Rihanna and Chris Brown's girlfriend don't like each other, you know after all those rumors that Chris want's to get back with ...

 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Cisco this week expanded its data center portfolio with servers and networking gear to better support virtualization, cloud computing and Big Data.
 
China will likely wait another two or three years to issue 4G licenses for LTE TDD networks, a top government official said, citing the need to build more 4G base stations, and to allow vendors time to develop handsets that can take advantage of the high-speed networks.
 
SQLAlchemy 'limit' and 'offset' Parameters SQL Injection Vulnerabilities
 
Zope 'standard_error_message' Cross-Site Scripting Vulnerability
 
As Apple unveiled its newest iPad on Wednesday, a local firm in China warned suppliers and vendors in the country to stop sales of the tablet or face legal action, in what has become a heated battle over ownership of the iPad trademark.
 
Ray Ozzie, the former chief software architect at Microsoft, has given a few more hints about what his new startup will do.
 
With the unveiling of Apple's latest iPad on Wednesday, PC makers must accelerate efforts to keep the tablet from taking a bigger slice of their business.
 
Jeremy Hammond, one of the five hackers arrested in Tuesday's crackdown on key members of LulzSec and Anonymous, is no stranger to the law.
 
IBM researchers have developed a prototype optical chip that can transfer data at 1Tbps (terabit per second), the equivalent of downloading 500 high-definition movies, using light pulses, the company said Thursday.
 

TeleSign Selected as the 2012 InfoSec Global Product Excellence Award Winner ...
MarketWatch (press release)
LOS ANGELES, CA, Mar 08, 2012 (MARKETWIRE via COMTEX) -- TeleSign, a market leader in Internet fraud prevention and Intelligent Authentication, today announced that Info Security Products Guide, the industry's leading information security research and ...

and more »
 
Given economic realities these days, not every company can justify getting rid of systems that are still working, however shakily. Here are some ways to make legacy hardware more responsive to today's business needs. Insider, registration required.
 

Posted by InfoSec News on Mar 08

http://news.techworld.com/security/3342661/how-anonymous-gatecrashed-fbi-soca-conference-call/

By Jeremy Kirk
Techworld.com
07 March 2012

Court documents released after the stunning roundup of five alleged
members of Anonymous and LulzSec yesterday shed light on one of the
groups' more notable hacking escapades.

A 19-year-old Irish man is accused of hacking two Gmail accounts
belonging to Irish police officers and obtaining dial-in...
 

Posted by InfoSec News on Mar 08

http://www.darkreading.com/database-security/167901020/security/news/232602213/healthcare-security-pros-need-to-speak-the-language-of-finance.html

By Ericka Chickowski
Contributing Editor
Dark Reading
March 07, 2012

As the number of healthcare data breaches continues to snowball,
executives put in charge of safeguarding protected health information
(PHI) can’t keep up with the risks inherent with increased deployment of
electronic health...
 

Posted by InfoSec News on Mar 08

http://www.computerworld.com/s/article/9224976/Rival_hacking_contests_kick_off_today_with_1.1M_at_stake

By Gregg Keizer
Computerworld
March 7, 2012

Two hacking contests kicked off in Canada today, with hundreds of
thousands of dollars in prize money up for grabs.

HP TippingPoint's Pwn2Own and Pwnium, Google's offshoot, both begin
today at CanSecWest, a security conference that runs March 7-9 in
Vancouver, British Columbia.

Just a...
 

Posted by InfoSec News on Mar 08

http://www.nextgov.com/nextgov/ng_20120307_8878.php

By Aliya Sternstein
Nextgov
03/07/2012

The Pentagon has hired outside help to, among other tasks, train Defense
Department cybersecurity professionals on using its networkwide
threat-detector, according to contractors awarded the nearly $190
million job. The program, called the Host Based Security System,
currently is shielding classified and unclassified Defense networks from...
 

Posted by InfoSec News on Mar 08

http://www.cbc.ca/news/canada/british-columbia/story/2012/03/06/bc-stolen-ubc-computer-personal-info.html

CBC News
March 7, 2012

The University of B.C. is reviewing its security procedures after the
theft of a laptop containing personal information on thousands of
students and faculty members.

RCMP retrieved the computer last month, 10 days after it was stolen from
a vehicle in the Metrotown area.

According to information sworn to obtain a...
 
 
Linux Kernel CVE-2011-4347 Unauthorized Access Vulnerability
 
Internet Storm Center Infocon Status