Hackin9

InfoSec News

It’s not anything new that iTunes has been susceptible to hackers from the beginning:  with it’s poorly trained help desk, full credit card accessibility, and Apple’s “[lack of responsibility] for In App purchases;” however, lately Apple has been getting a lot of calls regarding this matter. Accourding to one user I was hacked today for [...]


 
The fight to stop SOPA from ever happening has already taken many targets and been used alot recently. One of the most recent attacks that is aimed at making governments aware that Anonymous is not happy with the SOPA support they show.


 
The nepal government has seen its fair share of attacks over the recent months and these two fit right in with them. A hacker using the handle 1337 has hacked and defaced 2x sites which are subdomains to the main police website nepalpolice.gov.np.


 
Anonymous hackers have taken there sight to CAMIMEX, the mexican chamber of mines and as a result they have no leaked 700mb of data from the website which at time of publishing was displaying internal 500 errors.


 
Crowd-funding website Crowdtilt officially launched on Friday, expanding upon the collective fundraising model pioneered by Kickstarter to enable raising money for any project -- even a beer blitz.
 
ZNC 'bouncedcc' Module Remote Denial of Service Vulnerability
 
Linux Kernel 'journal_unmap_buffer()' Local Denial of Service Vulnerability
 
The Iranian government has severed some citizens' connections to secure websites and services, including Twitter and Google's Gmail, according to reports by Iranians and network experts.
 
Recent market research reports and earnings this week from tech bellwethers including Lenovo and Cisco Systems underscore underlying strength in IT even as the global economy continues to experience significant turbulence.
 
Large portions of the western half of the U.S. do not have access to 3G or faster mobile broadband service, according to a new map released by the U.S. Federal Communications Commission.
 
'Windows on ARM,' or WOA for short, is the new edition of the still-under-construction Windows 8 for traditional PCs. Will it be as successful as iOS and Android?
 
The FDA Friday said it monitored the private email accounts of nine agency whistle-blowers starting in 2010 to determine whether any of them leaked confidential information to the public.
 
Google has begun replacing the chunky, black drop-down menu of services it launched in November as part of an effort to integrate Google+ across its whole platform.
 
Encouraged by the success of its Web and Chromium vulnerability reward programs, Google has decided to expand their scope in order to cover security issues in Chromium OS as well.
 
Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities
 
[ MDVSA-2012:016 ] glpi
 
CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability
 
Kloxo LxCenter Server CP v6.1.10 - Multiple Web Vulnerabilities
 

GovInfoSecurity.com

Chatter Intensifies on Cyber Legislation
GovInfoSecurity.com
... legislative initiative [see White House Unveils Cybersecurity Legislative Agenda] that she contends furnishes the tools needed to execute the government's cybersecurity mission more effectively [see Push on for Comprehensive Infosec Bill].

and more »
 
OnxShop CMS v1.5.0 - Multiple Web Vulnerabilities
 
Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities
 
In an 8,600-word epistle, Microsoft's top Windows executive pulled aside the curtain on the first version of the company's iconic OS that targets tablets. We dig into the details for you.
 
A majority of U.S. social networking users say their fellow users mostly kind, and that the sites make them feel good about themselves.
 

Computerworld

Career advice: The value of certs
Computerworld
I've been a systems administrator for a while, but more and more I'm interested in security (by way of very interesting interactions with our excellent infosec staff). Any ideas on how to move into that area? Take advantage of your information security ...

and more »
 
Cloud computing has gone from being a promising technology to a reality that brings a unique set of challenges along with benefits. To fully leverage the disruptive potential of cloud without getting trapped in a web of integration complexity, CIOs and their IT organizations need to focus on what it means to rethink their business as a collection of services.
 
Computerworld Premier 100 IT Leader Page Petry also has advice on winning a promotion and moving into the security field.
 
A German court has thrown out a Motorola Mobility patent lawsuit against Apple, breaking a recent run of courtroom successes for the company.
 
Google is preparing to launch a long-rumored cloud storage service that tramples a bit on products and services offered by Google partners. A Wall Street Journal report citing "people familiar with the matter" says the new "Drive" service will be launched by Google in the coming weeks or months. What does that mean for other companies that Google works closely with?
 
A new security tool lets enterprise IT groups set access and share policies for employees, including mobile users, who are working with the online Google Apps suite.
 
Facebook is beginning to push out its new Timeline layout to all 850 million user profiles this week. Business pages on Facebook aren't affected (at least not yet), but your company can take advantage of this shift.
 
Japan's largest mobile operator is prepping an elaborate testing center, with hundreds of handsets monitored by streaming web cameras, to help software developers debug their apps on the growing morass of Android devices and software versions.
 
Advocates of Graal project, including Oracle reps, seek dynamic compiler to be used with multiple JVMs
 
Telecommunication equipment maker Alcatel-Lucent reported a profit for the fourth quarter, but revenue fell 12.9% year-on-year as the company continues to face a challenging market, it said Friday.
 
AWS Hash Collision Denial Of Service Vulnerability
 
Real Networks RealPlayer 'VIDOBJ_START_CODE' Remote Code Execution Vulnerability
 
The race to the U.S. presidency is on, and there are mobile apps out there to help keep you informed. We review 6 iOS and Android apps to see how well they do the job.
 

Posted by InfoSec News on Feb 10

http://www.informationweek.com/news/security/attacks/232600497

By Mathew J. Schwartz
InformationWeek
February 09, 2012

How hard is it to launch a distributed denial-of-service (DDoS) attack?

Arguably, the hacktivist collective Anonymous has made launching DDoS
attacks look easy, due to its high-profile DDoS campaigns against
everyone from PayPal and MasterCard to the FBI and Department of
Justice. In addition, Anonymous offered the promise...
 

Posted by InfoSec News on Feb 10

========================================================================

The Secunia Weekly Advisory Summary
2012-02-02 - 2012-02-09

This week: 48 advisories

========================================================================
Table of Contents:

1.....................................................Word From Secunia...
 

Posted by InfoSec News on Feb 10

http://www.suntimes.com/business/10508983-420/ex-motorola-worker-guilty-of-trade-secret-theft-not-espionage.html

By Sandra Guy
Business Reporter
suntimes.com
February 8, 2012

A Chicago federal judge found a former engineer at Motorola Inc. who was
stopped at O’Hare International Airport five years ago with company documents
guilty of stealing trade secrets from Motorola but not guilty of corporate
espionage.

Hanjuan Jin, 41, had waived...
 

Posted by InfoSec News on Feb 10

http://www.chicagotribune.com/business/ct-biz-0210-peacock-20120210,0,4442472.story

By Wailin Wong
Chicago Tribune
February 10, 2012

Chicago jeweler C.D. Peacock has sued a suburban information-technology
consulting firm, alleging that the company's negligence allowed hackers
to access confidential customer financial data.

The lawsuit was filed Wednesday in Cook County Circuit Court. According
to C.D. Peacock's complaint, it hired...
 

Posted by InfoSec News on Feb 10

http://www.nationaljournal.com/tech/groups-warn-of-privacy-concerns-in-cybersecurity-bills-20120209

By Josh Smith
National Journal
February 9, 2012

Some efforts to share more information about cyberthreats could open a
Pandora’s Box of privacy and civil rights concerns, civil liberties
advocates said on Thursday.

As Congress looks to pass wide-ranging cybersecurity legislation this
year, several bills included proposals for increasing the...
 

Posted by InfoSec News on Feb 10

http://www.computerworld.com/s/article/9224136/Microsoft_to_issue_more_critical_patches_next_week_for_Win7_than_XP

By Gregg Keizer
Computerworld
February 9, 2012

Microsoft today said it would deliver nine security updates next week,
four of them critical, to patch 21 vulnerabilities in Windows, Internet
Explorer (IE), Office, .Net and Silverlight.

This year's February Patch Tuesday will feature three fewer updates and
one less patch...
 

Posted by InfoSec News on Feb 10

http://news.cnet.com/8301-1023_3-57374422-93/e-mail-viruses-most-likely-to-appear-in-the-morning/

By Dara Kerr
Digital Media
CNET News
February 9, 2012

Eight in the morning is a good time to grab some coffee, but not to
check your e-mail.

The number of viruses sent out each day peaks between 8 a.m. and 9 a.m.
EST, according to the Global Security Report released by security
research firm Trustwave this week.

"The number of executables...
 
A jury in Texas gave the verdict that two patents of Eolas Technologies that enable Internet browsers to host embedded interactive applications were invalid, in a protracted legal battle which involved top Internet companies like Google and Amazon.com.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status