Posted by InfoSec News on Jun 12

As you have probably noticed, postings to InfoSec News have been rather
infrequent in the last few months, and the reason is relatively
straightforward, I have been happily employed for the last six months with
Evident.io. Subsequently after staring at a laptop for 8-10+ hours a day,
staring at it for another couple to find all the security news everyone
craves is some nights pretty tiring.

I am in the process of bringing on a few interns...

Posted by InfoSec News on Jun 12


11 June 2015

The House of Representatives passed a new cybersecurity bill – the
Protecting Cyber Networks Act (PCNA) – to allow file sharing between
government intelligence agencies and private companies and raise the
overall awareness of hacking.

This is just the latest chapter in what is fast becoming a key narrative
within the US, where...

Posted by InfoSec News on Jun 12


By Gregg Keizer
June 11, 2015

Eugene Kaspersky, the Russian whose namesake company acknowledged that it
had been infected with top-tier malware, struggled during a press
conference to come up with reasons why the hackers targeted his firm.

After all, antivirus makers like Kaspersky Lab should be...

The next time you look up the Wikipedia entry on the Zimbabwean dollar, it will be a lot harder for someone to snoop on you.

The Wikimedia Foundation announced that starting Friday, it has begun “the process of implementing HTTPS by default to encrypt all Wikimedia traffic.”

It will also use HTTP Strict Transport Security (HSTS) “to protect against efforts to ‘break’ HTTPS and intercept traffic.”

Read 2 remaining paragraphs | Comments



Q&A: Quentyn Taylor, Director Of Information Security, Canon Europe, Middle ...
The security paradigm is evolving on an almost daily basis, and for InfoSec professionals, staying one step ahead is a game of cat and mouse. Quentyn Taylor is director of information security for Canon Europe, Middle East, and Africa. He believes that ...


Posted by InfoSec News on Jun 12


June 12, 2015

The Wednesday's cyber attack on the website of the Lithuanian Armed Forces
Joint Staff was plotted for at least two weeks, with requests sent from
Iran, among other countries, says Rimantas Černiauskas, director of the
National Cyber Security Centre.

"We see large amounts of interesting information. We see...

Microsoft has started classifying most versions of the Ask Toolbar as unwanted software and has updated its malware programs to automatically remove them.

The move drew applause from security and support professionals because the Ask Toolbar has long been a source of performance problems that can sometimes be hard to correct. Making the toolbar more vexing is its ability to sneak its way on to computers when end users aren't paying attention. Oracle's Java software framework, for instance, has long installed it automatically unless users remember to uncheck a hard-to-see box during updates. Even after unchecking the box during one update, the box would be checked during subsequent updates, requiring end users to remain vigilant each time they installed frequent security fixes for Java.

In a recent addition to Microsoft's Malware Protection Center, the company said all but the most recent version of the Ask Toolbar will be classified as unwanted software. As a result, Windows Defender, Microsoft Security Essentials, and Microsoft Security Scanner will automatically remove it when detected.

Read 2 remaining paragraphs | Comments


Posted by InfoSec News on Jun 12


By Andrada Fiscutean
Central European Processing
ZDNet News
June 11, 2015

Ukraine's recent history has been dramatic, with border changes, riots,
the occupation of government buildings, and bloodshed. Behind all this, a
quiet conflict, free of gunfire but equally hard-fought, has been taking
place in the online world....

Posted by InfoSec News on Jun 12


By Ben Rossi
Information Age
12 June 2015

New data has revealed that 96% of UK corporations have seen hackers
successfully penetrate their IT systems in an attempt to steal, change or
make public important data.

Whilst many firms are actively engaged in policies to safeguard against
cybercrime, 9.1% of UK firms have not acted to...

Posted by InfoSec News on Jun 12


By Sean Gallagher
Ars Technica
June 11, 2015

As officials of the Obama administration announced that millions of
sensitive records associated with current and past federal employees and
contractors had been exposed by a long-running infiltration of the
networks and systems of the Office of Personnel Management on June 4, they...


Q&A: Quentyn Taylor, Director Of Information Security, Canon Europe, Middle ...
The security paradigm is evolving on an almost daily basis, and for InfoSec professionals, staying one step ahead is a game of cat and mouse. Quentyn Taylor is director of information security for Canon Europe, Middle East, and Africa. He believes that ...


By now, any sentient IT person knows the perils of open Wi-Fi. Those free connections in cafes and hotels don't encrypt network traffic, so others on the network can read your traffic and possibly hijack your sessions. But one of the main solutions to this problem has a hole in it that isn't widely appreciated.

Large sites like Twitter and Google have adopted SSL broadly in order to protect users on such networks. But for broader protection, many people use a virtual private network (VPN). Most people, if they use a VPN at all, use a corporate one. But there are public services as well, such as F-Secure's Freedome and Privax's HideMyAss. Your device connects with the VPN service's servers and establishes an encrypted tunnel for all your Internet traffic from the device to their servers. The service then proxies all your traffic to and from its destination.

It's a better solution than relying on SSL from websites for a number of reasons: with a VPN, all of the traffic from your device is encrypted, whether the site you are visiting has SSL or not. Even if the Wi-Fi access point to which you are connected is malicious, it can't see the traffic. Any party that is in a position to monitor your traffic can't even see the addresses and URLs of the sites with which you are communicating, something they can do with SSL over open Wi-Fi.

Read 14 remaining paragraphs | Comments


We put a lot of trust in big companies, so when they let us down it can have serious consequences.

I recently went shopping for a new computer. I wanted a low-end laptop for light work, and the HP Stream seemed like a good deal. That deal was made even sweeter when Best Buy offered to sell me a returned one for almost 20 percent off. The salesman assured me that it was in like-new condition and that they would honor all warranties. Sold.

I always get a little thrill opening a new gadget. The computer looked like it had never been touched and all the paperwork was still in sealed bags. There was even a slip of paper in the box with the ID of the tech who cleaned and certified the unit.

Read 29 remaining paragraphs | Comments

FreeBSD Security Advisory FreeBSD-SA-15:10.openssl
[SYSS-2015-020] ZENWorks Mobile Management - Cross-Site Scripting
ZCMS SQL Injection & Persistent XSS
[slackware-security] php (SSA:2015-162-02)
Internet Storm Center Infocon Status