Hackin9
Google kicks off its I/O developer conference next Wednesday and if there's one thing that could steal the limelight from Android, Chrome and all the other Google projects, it's Glass.
 
Increasing confidence in the economy and a rising stock market could lay the groundwork for a revival in tech-sector mergers and acquisitions as companies embrace cloud technology and pursue game-changing software, particularly for the mobile market.
 
On Feb. 27th in the middle of the afternoon, a 16-year-old girl was walking through San Francisco's Mission district when she was ordered at gun point to hand over her cellphone. The robbery was one of 10 serious crimes in the city that day, and they all involved cellphones. Three were stolen at gun point, three at knife point and four through brute force.
 
A U.S. appeals court has ruled that an abstract idea is not patentable simply because it is tied to a computer system, signaling what one judge described as the "death" of software and business method patents.
 
Saar Gillai, named head of Hewlett-Packard's cloud operations in January, is on the hot seat.
 
Microsoft today took another shot at rival Google, calling its rival's online application suite, Google Docs, "too big a gamble."
 
Researchers at Virginia Tech have built an autonomous, robotic jellyfish that could someday work as an underwater military spy.
 
Alberto Yusi Lajud Pena, found dead in the Dominican Republic two weeks ago, was the leader of the New York cell of an international gang of cyber thieves that authorities allege stole a staggering $45 million from ATM machines around the world.
 
Mobility has all but eclipsed speed and anything else as the capability garnering the most attention in desktop processors.
 
AT&T launched a new wireless subsidiary called Aio Wireless on Thursday that offers phones like the iPhone 5 with no annual contract.
 
Bing is adding some new social features to its search engine, by letting users comment and "like" their Facebook friends' posts directly on the site.
 
ESA-2013-031: RSA® Authentication Agent Cross-Site Scripting (XSS) Vulnerability
 
[SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited
 
[SECURITY] CVE-2013-2067 Session fixation with FORM authenticator
 
CVE-2013-2071 Request mix-up if AsyncListener method throws RuntimeException
 
US federal authorities have charged eight hackers in connection with a $45m debit card fraud scheme

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 

Both Adobe and Microsoft released pre-anouncements for next week's patch Tuesday.

Microsoft is working on having a patch available for the Internet Explorer 8 0-day vulnerability. [1] There are two critical Internet Explorer patches, one specifically for Internet Explorer 8, and the other one for all current versions. The later (refered to as "Bulletin 1" by Microsoft) is likely the usual roll up patch. 

There are the only two critical bulletins next week. The rest covers "the usual" (Office, Windows, Lynx and Windows Essentials) and is rated important.

Adobe announced only one bulletin for Acrobat and PDF Reader. There is no patch scheduled for Cold Fusion at this point.

[1] http://blogs.technet.com/b/msrc/archive/2013/05/09/advance-notification-service-for-the-may-2013-security-bulletin-release.aspx
[2] http://technet.microsoft.com/en-us/security/bulletin/ms13-may
[3] http://www.adobe.com/support/security/bulletins/apsb13-15.html

 

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Astronauts on board the International Space Station are preparing for a possible spacewalk tomorrow to repair an ammonia leak.
 
Colleges and universities are being encouraged to scrutinize their systems to keep them from being hijacked in DDoS (distributed denial-of-service) attacks.
 
You know you're not in iTunes anymore when the app you're eyeing has a US$1,050 price tag, but SAP is nonetheless expanding its online shopping experience in a bid to entice its customers to purchase enterprise software the way they shop on their smartphones.
 
One of Microsoft's top Windows executives this week said the company remains bullish about Windows RT, but analysts remain suspicious of RT's chances unless Microsoft makes changes.
 
Nokia's is rebooting its U.S. Windows Phone push with the arrival of the low-cost Lumia 521 on T-Mobile and Lumia 928 for Verizon Wireless, but increasing sales to meaningful volumes in the very competitive U.S. market will not be easy.
 
An attacker could manipulate a CSRF hole in the OpenVPN Access Server to take control of the administration interface. An updated version of the software is now available to close the hole
    


 
On The H's radar over the last seven days: Cain & Abel on Windows 8, Google hacked, failed extortionists, untangling the web, OAuth security issues, and vulnerabilities in NetApp and SAP ERP.
    


 
A global-scale fraud ring is thought to have stolen a total of $45 million. Now, the police have busted the ring's New York cell
    
 
OpenStack Keystone Tokens Validation Security Bypass Vulnerability
 
OpenStack Keystone CVE-2013-2006 LDAP Password Information Disclosure Vulnerability
 
JR Raphael compares the specs for Optimus G Pro and Galaxy Note II.
 
The chief of the Google Wallet operation has resigned to pursue new opportunities, another sign of continuing troubles in convincing U.S. smartphone users to adopt mobile wallets using NFC technology.
 
In the last 15 months, Computer Science Corp. CEO Mike Lawrie has handpicked his executive team and streamlined the CSC product line. This is a good start, but if CSC wants to emulate the turnaround efforts of IBM and Apple, the company should look for a formidable CFO and step up its marketing efforts.
 
Investor Carl Icahn and Southeastern Asset Management have made a counter-offer for Dell that would keep the computer company still publicly traded, according to reports.
 
Nokia has announced the long-rumored Lumia 928, which will be an exclusive to Verizon Wireless when it goes on sale next week.
 
Microsoft announces ten security bulletins for next Tuesday to close critical holes in Internet Explorer. Adobe is to update its Reader, Acrobat and ColdFusion products on the same day
    


 
A petition on Change.org demanding that Adobe back away from its subscription-only model for its creativity software, including Photoshop, has collected over 4,400 signatures by late Thursday.
 
A global-scale fraud ring is thought to have stolen a total of $45 million. Now, the police have busted the ring's New York cell
    


 
LibTIFF CVE-2013-1961 Stack Based Buffer Overflow Vulnerability
 
LibTIFF 't2_process_jpeg_strip()' Function Heap-based Buffer Overflow Vulnerability
 
The mobile industry's efforts to convince lawmakers that self-regulation alone is the best way to address growing concerns over privacy-invading mobile applications appears to be running into some headwind.
 
Researchers at Intel and National Taiwan University are developing technology that allows cars to exchange data, a move that could make roads safer and give drivers a street-wise perspective on those around them.
 
NASA ground engineers and astronauts aboard the International Space Station are working together to fix an ammonia leak on the station.
 
MediaElement.js 'file' Parameter Cross Site Scripting Vulnerability
 
Investor Carl Icahn and Southeastern Asset Management have made a counter-offer for Dell that would keep the computer company still publicly traded, according to reports.
 

Posted by InfoSec News on May 10

http://gcn.com/blogs/cybereye/2013/05/is-fear-of-audit-holding-back-real-it-security.aspx

By William Jackson
Cybereye
GCN.com
May 09, 2013

Leo Scanlon, chief information security officer of the National Archives
and Records Administration, has an information security question for
federal CIOs: “Are you satisfied that where you are is good enough? Do
you understand the risk?”

Too often, he says, federal C-level officials do not know if...
 

Posted by InfoSec News on May 10

https://www.networkworld.com/news/2013/051013-the-onion-explains-how-its-269630.html

By Jeremy Kirk
IDG News Service
May 09, 2013

Hackers who commandeered The Onion's Twitter account used simple but
effective phishing attacks to obtain passwords, according to a writeup
by the publisher's technology team.

The Syrian Electronic Army (SEA), a group supporting embattled Syrian
President Bashar al-Assad, has also compromised prominent...
 
A former support employee in Rochester, New York, has pleaded guilty to illegally selling Intuit software through eBay, taking advantage of the software company's policy to supply free replacement disks of its products at the request of customers.
 

Posted by InfoSec News on May 10

http://www.ksl.com/?sid=25106057

By Andrew Adams
KSL.com
May 8th, 2013

OREM -- Not so fast, Snapchat. Those 10-seconds-or-less pictures appear
to have a much longer life, deep inside of smartphones.

Orem-based firm Decipher Forensics said it has derived a method to
extract the supposedly no-longer-viewable images and pass them on to
parents, lawyers and law enforcement.

"The actual app is even saving the picture," said Richard...
 

Posted by InfoSec News on May 10

http://arstechnica.com/security/2013/05/how-hackers-allegedly-stole-unlimited-amounts-of-cash-from-banks-in-just-hours/

By Dan Goodin
Ars Technica
May 9 2013

Federal authorities have accused eight men of participating in
21st-Century Bank heists that netted a whopping $45 million by hacking
into payment systems and eliminating withdrawal limits placed on prepaid
debit cards.

The eight men formed the New York-based cell of an international...
 

Posted by InfoSec News on May 10

http://www.guardian.co.uk/politics/2013/may/09/100-richest-uk-billions-offshore-tax-havens

By Rupert Neate and James Ball
The Guardian
9 May 2013

More than 100 of Britain's richest people have been caught hiding
billions of pounds in secretive offshore havens, sparking an
unprecedented global tax evasion investigation.

George Osborne, the chancellor, warned the alleged tax evaders, and a
further 200 accountants and advisers accused of...
 
LinuxSecurity.com: An updated hypervkvpd package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More...]
 
LinuxSecurity.com: Updated openstack-keystone packages that fix one security issue and various bugs are now available for Red Hat OpenStack Folsom. The Red Hat Security Response Team has rated this update as having low [More...]
 
LinuxSecurity.com: telepathy-idle could be made to expose sensitive information over thenetwork.
 
LinuxSecurity.com: gpsd could be made to crash or possibly run programs if it receivedspecially crafted input.
 
Salesforce.com is to acquire Clipboard, a Web clipping and sharing service, and is closing down the service.
 
Internet Storm Center Infocon Status