MacRumors user forums have been breached by hackers who may have acquired cryptographically protected passwords belonging to all 860,000 users, one of the top editors of the news website said Tuesday evening.

"In situations like this, it's best to assume that your MacRumors Forum username, e-mail address and (hashed) password is now known," Editorial Director Arnold Kim wrote in a short advisory. He went on to advise users to change their passwords for their MacRumors accounts and any other website accounts that were protected by the same passcode.

The MacRumors intrusion involved "a moderator account being logged into by the hacker who then was able to escalate their privileges with the goals of stealing user login credentials," Kim said. The company is still investigating how the attacker managed to compromise the privileged account.

Read 5 remaining paragraphs | Comments


Oracle has joined the industry consortium HSA Foundation, which is developing standards to make it easier for programmers to take advantage of GPUs and other processor types for faster code execution.

Microsoft is retiring two widely used cryptographic technologies that are growing increasingly vulnerable to attacks that seemed unlikely just a decade ago.

The company's software will stop recognizing the validity of digital certificates that use the SHA1 cryptographic algorithm after 2016, officials said on Tuesday. SHA1 is widely used to underpin secure socket layer (SSL) and transport layer security (TLS) certificates that authenticate websites and encrypt traffic passing between their servers and end users. SHA1-based certificates are also used to digitally verify that specific software applications are legitimate and not imposter programs or programs that have been tampered with to include hidden backdoors.

The move comes as hardware improvements and research breakthroughs have made SHA1 and several other cryptographic hashing algorithms more susceptible to so-called collision attacks. Collisions occur when two distinct plaintext "messages" produce an identical hash or "digest." The security of an algorithm rests on it producing unique hashes for each plaintext string or file. The growing ease of producing collisions makes it possible for attackers to create digital forgeries that completely undermine the security of systems that rely on the weak algorithms.

Read 7 remaining paragraphs | Comments


IBM Cognos Business Intelligence CVE-2013-2978 Access Bypass Vulnerability
Even after its extraordinary rough start last year, Apple Maps was used by nearly six out of every 10 U.S. iPhone owners during September, according to data recently published by metrics firm comScore.
Twitter users will be able to create custom timelines in TweetDeck around conversation on any event or topic on Twitter, the microblogging company said.
AT&T said Tuesday it is not going to charge its wireless customers for calls and texts from the U.S. to the Philippines through Nov. 30 to help with the relief efforts following Typhoon Haiyan.
Google is adding music features for the first time to its wearable computer, Glass.
Microsoft Windows 'icardie.dll' ActiveX Control CVE-2013-3918 Remote Code Execution Vulnerability
In its ongoing efforts to simplify Gmail's inbox management, Google has rolled out more buttons to let people perform common actions without having to open messages.
Facebook locked some users out of their accounts after determining that their log-in credentials were exposed as a result of a security breach at Adobe. The company is asking users who used the same log-in credentials for Adobe's online services and Facebook to verify their identity and change their password.
Salesforce.com's annual Dreamforce conference will kick off next week in San Francisco, and with a reported 120,000 people registered to attend in person and virtually, it will be the cloud software vendor's biggest shindig yet.
Google yesterday released a beta of Chrome 32 that includes an aggressive malware blocking filter it touted two weeks ago and a "noisy tabs" feature.
A survey of contract and freelance IT professionals shows healthcare and 401k plans are the most-missed perks of traditional employment, while there are many things they don't miss at all.
This training takes place in the secure confines of the traing facility and with a friendly partner. This was one of those "Wanna Get Away? At present, game designers are still fine-tuning this feature, working in particular to make sure that everything's balanced between offensive and defensive line. This will help you move past fear and practice saying things, 'despite' self conscious thoughts to the point where you start to speak out more easily. Moving To France With Your ChildrenWhen I heard my neighbours talking about the recent maladie which was over-running the town, I detected a certain disdain in their voices: they blamed the younger generation of parents for this illness to which they were referring. A sturdy bottom can help to make your feel secure while being transported in the carrier. Proponents of government loan guarantees for things like mortgages, nuclear power , college loans, and small businesses tout the worthiness of the projects that are being encouraged. Tiffany Sale
ISC BIND 'localnets' ACL Security Bypass Vulnerability
AT&T said Tuesday it is not going to charge its wireless customers for calls and texts from the U.S. to the Philippines through Nov. 30 to help with the relief efforts following Typhoon Haiyan.
Android grew to 81% of all smartphones shipped globally in the third quarter, while Apple's iPhones slipped to 12.9% compared to 14.4% a year ago, according to IDC.
Web usage in North America by Motorola smartphone users is closing in on HTC for second place behind Samsung, according to Chitika Insights, which samples millions of online ad impressions to reach its conclusions
The mobile world changes fast. Case in point: A year ago thinking that Android devices could be on par with -- and perhaps even overtake -- Apple in the enterprise would have been considered crazy. But the today the race is neck and neck.
The real "party van."

One Sunday late last month, administrators at Orlando, Florida-based TorGuard were in high spirits. They had just successfully rebuffed the latest in a series of increasingly powerful denial-of-service attacks designed to cripple their virtual private networking service. Despite torrents of junk traffic that reached peaks as high as 15Gbps, the admins had neutralized the offensive by locking down the TorGuard servers and then moving them behind the protective services of anti-DoS service CloudFlare.

"This seemed to anger the attackers, however, because on Monday things got a bit more personal," TorGuard administrator Ben Van Pelt told Ars. "Unable to spam, DDoS, hack, or social engineer us, they employed the tactics of the '4chan party van.' Throughout the day our office received multiple unrequested deliveries from local pizza chains, Chinese food, and one large order of sushi. A handful of local electricians and plumbing services were also disappointed to be turned away. To my knowledge no fake calls have been placed to law enforcement yet, however nothing would surprise me at this point."

The two-month-long campaign of harassment and attacks, which Van Pelt suspects was carried out by a competing virtual private networking service, illustrates the lengths some people will go to goad their online adversaries. His experience provides a vivid account of what it’s like to be on the receiving end of a relentless stream of distributed denial-of-service attacks and ultimately what can be done to mitigate them.

Read 14 remaining paragraphs | Comments


The Moto G smartphone expected from Motorola on Wednesday will likely be available outside the U.S., but competing in the increasingly tough mid-range segment globally won't be easy.
Short-distance wireless groups supporting NFC and Bluetooth have agreed to jointly create greater interoperability between the complementary technologies.
LinuxSecurity.com: Several vulnerabilities have been found in SPIP, a website engine for publishing, resulting in cross-site request forgery on logout, cross-site scripting on author page, and PHP injection. [More...]
LinuxSecurity.com: Multiple vulnerabilities have been found in libxml2, allowing remote attackers to execute arbitrary code or cause Denial of Service.
LinuxSecurity.com: Multiple vulnerabilities have been found in GIMP, the worst of which allow execution of arbitrary code.
LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in the Linux kernel: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local [More...]
LinuxSecurity.com: Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library. The CVE IDs mentioned above are just a small portion of the security issues fixed in this update. A full list of the changes is available at [More...]
LinuxSecurity.com: Several security issues were fixed in the kernel.
LinuxSecurity.com: Several security issues were fixed in the kernel.
In extra apt these ways apt visit San Francisco, you can select one of several helicopters. It offers what many consider healthy, I think the security mode, it continues apt deem namely birds eye simply can never contest from the ground There are many tours namely are available and each offers something exciting for adventurers who have decided apt take. jordan retro 3
LinuxSecurity.com: SPICE could be made to crash if it received specially crafted networktraffic.
LinuxSecurity.com: libvirt would allow unintended access privileges.
LinuxSecurity.com: Libav could be made to crash or run programs as your login if it opened aspecially crafted file.
Apple today sprung the Retina iPad Mini on customers, kicking off online sales of the smaller tablet that it introduced last month.
Top IT pros have plenty to be thankful for these days: rising budgets, salaries and job tenures among them. But when it comes to IT management and spending priorities, these IT leaders often don't see eye to eye with their organizations.
strongSwan CVE-2013-6075 Authorization Security Bypass and Denial of Service Vulnerability
Xen CVE-2013-4494 Denial of Service Vulnerability
libvirt 'virt-login-shell' Local Privilege Escalation Vulnerability
strongSwan NULL Pointer Dereference Denial of Service Vulnerability
Advanced Micro Devices aims to bring console-style graphics to PCs with its chips code-named Kaveri, which, after delays, will become available in desktops and laptops starting early next year.
Want your Windows 8 machine to run faster? Of course you do. These tools and techniques can help.
Review Board CVE-2013-4519 Multiple HTML Injection Vulnerabilities
MIT Kerberos 5 'setup_server_realm()' Function CVE-2013-1418 Remote Denial of Service Vulnerability
Linux Kernel 'host.c' Multiple Denial of Service Vulnerabilities
There can be no expectation of privacy in data exposed to the Internet over a peer-to-peer file-sharing network, a federal judge in Vermont ruled in a case involving three men charged with possession of child pornography.
Embarrassment over the revelations about the NSA's domestic activities is a poor reason to prosecute the man who shined the light on them.
Malicious software aimed at stealing online banking credentials surged in the third quarter of this year to a level not seen since 2002, according to a new report from Trend Micro.
SaltStack Salt 'salt/utils/verify.py' CVE-2013-6617 Privilege Escalation Vulnerability
SaltStack Salt CVE-2013-4436 Man in the Middle Spoofing Vulnerability
SaltStack Salt CVE-2013-4437 Insecure Temporary File Handling Vulnerability
Microsoft Internet Explorer Unspecfied Remote Code Execution Vulnerability

Posted by InfoSec News on Nov 12


Staff Writer
The Asahi Shimbum
November 10, 2013

Anti-nuclear citizens groups around Japan were left reeling from a
blizzard of e-mail traffic--more than 2.53 million messages--that had all
the hallmarks of a coordinated cyber-attack.

At least 33 groups were targeted in the campaign carried out from
mid-September to early November.

Experts said there was...

Posted by InfoSec News on Nov 12


By John Little
Blogs of War
November 11, 2013

The Grugq is an world renowned information security researcher with 15
years of industry experience. Grugq started his career at a Fortune 100
company, before transitioning to @stake, where he was forced to resign for
publishing a Phrack article on anti-forensics. Since then the Grugq has
presented on anti-forensics at...

Posted by InfoSec News on Nov 12


By David Gilbert
November 11, 2013

Russian security expert Eugene Kaspersky has also told journalists that
the infamous Stuxnet had infected an unnamed Russian nuclear plant and
that in terms of cyber-espionage "all the data is stolen globally... at
least twice."

Kaspersky revealed that Russian...

Posted by InfoSec News on Nov 12


By David Wroe
National Security
November 11, 2013

Indonesian hackers have crashed the website of Australian intelligence
agency ASIS, according to hackers and cyber experts, dramatically stepping
up the revenge attacks in response to the spying affair.

On Monday afternoon the website of the Australian Secret...

Posted by InfoSec News on Nov 12


By Kim Zetter
Threat Level

British spies hacked into the routers and networks of a Belgian
telecommunications company by tricking telecom engineers into clicking on
malicious LinkedIn and Slashdot pages, according to documents released by
NSA whistleblower Edward Snowden.

Once engineers with Belgacom clicked on the fake pages, malware was
WebSurgery v1.1 released (Web application security testing suite)
Internet Storm Center Infocon Status