Hackin9
A federal judge's order on Friday could force the U.S. government to reveal more information about its widespread collection of citizens' phone records.
 
One Wall Street firm found computational success not on the traditional path of enterprise Java, but in an obscure functional programming language called Caml, which offered the perfect tradeoff of concision and readability.
 
Mozilla Netscape Portable Runtime CVE-2014-1545 Out of Bounds Memory Corruption Vulnerability
 
Microsoft Windows 'Windows Shell' Handler Local Privilege Escalation Vulnerability
 
Samsung's Galaxy Tab S tablets lack standout features to wow customers, a sign that innovation is in short supply in a slowing tablet market that is full of look-alikes.
 
In what's become a familiar pattern in recent years, the government in Iraq appears to have ordered major Internet shutdowns over the past few days amid escalating sectarian violence in the country.
 
Engineers, auto makers and U.S. transportation officials who gathered at the White House's SmartAmerica conference this week showed various systems and technologies that may be used to make driving safer and more efficient.
 
The decision by P.F. Chang's China Bistro to switch to manual payment processing after a recent data breach at the restaurant chain is unusual, security experts said this week.
 
Apple will find it difficult to convince headset manufacturers to switch to a Lightning port for audio, an analyst argued today.
 
Microsoft Internet Explorer CVE-2014-1815 Memory Corruption Vulnerability
 
[ MDVSA-2014:124 ] kernel
 
[SECURITY] CVE-2013-2251: Apache Continuum affected by Remote Command Execution
 
Apache 'mod_wsgi' Module CVE-2014-0242 Information Disclosure Vulnerability
 
Apache 'mod_wsgi' Module Local Privilege Escalation Vulnerability
 
The U.S. Federal Communications Commission is looking into complaints from Netflix and some Internet backbone providers that several large broadband providers have been refusing for years to upgrade their backbone connections as a way to slow video traffic that competes with their own services.
 
LinkedIn will have to face a lawsuit that alleges it damaged the image of users by repeatedly sending emails to their contacts inviting them to join the social network.
 
Google confused end users and triggered a spike in support calls to Apps admins with the initial rollout of a security feature for the cloud suite.
 
Amazon bragged that the Mayday tech support button on the Fire HDX tablet has become the most popular way to get tech help, with an average response time of just 9.75 seconds.
 

A lot has been done to secure major Web services and Internet applications, particularly on the PC. But one of the lessons learned from our collaboration with NPR and Pwnie Express was that for every data leak that has been plugged by the major websites, another springs up on mobile. And mobile devices are the ones that face the greatest risk of surveillance and attack—not so much from the National Security Agency, but from companies and criminals looking to track and target individuals on a smaller scale.

Public Wi-Fi has become an integral part of how mobile devices’ apps work. Apple and Google have both configured their mobile services to leverage Wi-Fi networks to improve their location services, and mobile and broadband companies offer public (and unencrypted) Wi-Fi networks to either offload users from their cellular data networks or extend the reach of their wired network services. Comcast, for example, has been expanding its Xfinity broadband networks by turning access points at homes and businesses into public Wi-Fi hotspots for subscriber access.

That’s great for customers’ convenience, but it also opens up a potential vector of attack for anyone who wants to get in the middle of broadband users’ Internet conversations. We demonstrated one potential Wi-Fi threat during our testing—using a rogue wireless access point broadcasting the network ID (SSID) “attwifi” prompted AT&T iPhones and Android devices with default settings to automatically connect to them.

Read 11 remaining paragraphs | Comments

 
LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in the Linux kernel: kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows [More...]
 
LinuxSecurity.com: USN-2232-1 introduced a regression in OpenSSL.
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: json-c could be made to crash or consume CPU if it processed a speciallycrafted JSON document.
 
The carbon copy is yours to keep, madam.
eBay

US restaurant chain P.F. Chang's China Bistro plans to temporarily bring back manual credit card imprinting while it investigates a security breach that allowed hackers to steal customer payment card data from multiple stores.

The old-school manual system has already been spotted by people affiliated with Sans, a computer security training institute. Readers may remember the system from decades ago, when eight-track tapes and, later, Betamax video, were still the rage. P.F. Chang's servers will be retaining carbon copies of the transactions, according to KrebsOnSecurity reporter Brian Krebs, who first reported the breach three days ago after finding that thousands of newly stolen credit and debit cards for sale in underground forums were all used at the chain.

"At P.F. Chang's, the safety and security of our guests' payment information is a top priority," a statement posted on the chain's website stated. "Therefore, we have moved to a manual credit card imprinting system for all P.F. Chang's China Bistro branded restaurants located in the continental United States. This ensures our guests can still use their credit and debit cards safely in our restaurants as our investigation continues."

Read 3 remaining paragraphs | Comments

 
More than a billion people will tune in to watch the final match of World Cup 2014. But before then, even more will share their highs and lows on social media. (And if Twitter and Facebook can't turn you into a futbol fan, maybe a Brazilian supermodel can.)
 
Online travel site Priceline is adding restaurant bookings to its menu of offerings with the US$2.6 billion all-cash acquisition of OpenTable. The deal has been approved by the boards of both companies and is expected to close in the third quarter.
 
Microsoft has been forced to start using its global stock of IPv4 addresses to keep its Azure cloud service afloat in the U.S., highlighting the growing importance of making the shift to IP version 6.
 
Officials at the National Institute of Standards and Technology (NIST) have announced plans to establish two new research Centers of Excellence to work with academia and industry on issues in forensic science and disaster resilience.Need ...
 
iPhone buyers who finance full-priced smartphones are more likely to pick the most expensive iPhone 5S than U.S. consumers who go the subsidized-purchase route, analysts said.
 
Many industry leaders over the years have developed technology to drive data center innovation. However, CIO.com columnist Rob Enderle writes that HP's Machine concept -- which treats the data center as an appliance -- looks to redesign the data center from the ground up.
 
[security bulletin] HPSBUX03046 SSRT101590 rev.1 - HP-UX Running OpenSSL, Remote Denial of Service (DoS), Code Execution, Security Restriction Bypass, Disclosure of Information, or Unauthorized Access
 
CVE-2014-0228: Apache Hive Authorization vulnerability
 
AST-2014-008: Denial of Service in PJSIP Channel Driver Subscriptions
 
AST-2014-007: Exhaustion of Allowed Concurrent HTTP Connections
 
AST-2014-005: Remote Crash in PJSIP Channel Driver's Publish/Subscribe Framework
 
[SECURITY] [DSA 2958-1] apt security update
 
[SECURITY] [DSA 2957-1] mediawiki security update
 
CVE-2014-3427 CRLF Injection and CVE-2014-3428 XSS Injection in Yealink VoIP Phones
 
P.F. Chang's China Bistro confirmed on Thursday credit and debit card data was stolen from its restaurants, saying it is switching in the meantime to a manual imprinting system to process cards safety.
 
Mozilla has pulled a "Chrome" by adding a search box to the new tab page in Firefox 31, which is slated to ship in final form on July 22.
 
Fujitsu has developed a circuit that could double data rates between CPUs in servers and supercomputers
 
A former Microsoft employee who Windows updates and software that validates product key codes was sentenced to a three-month prison term on Tuesday.
 
In the first two days of the NASA robotics challenge this week, every team failed.
 
GNU glibc 'xc_cpupool_getinfo()' Function Use After Free Memory Corruption Vulnerability
 
Scheme 48 'scheme48-send-definition' Insecure Temporary File Handling Vulnerability
 
PHP DNS TXT Record Handling Heap Buffer Overflow Vulnerability
 

Posted by InfoSec News on Jun 13

http://www.networkworld.com/article/2363025/security/fcc-will-push-network-providers-on-cybersecurity-wheeler-says.html

By Grant Gross
IDG News Service
June 12, 2014

The U.S. Federal Communications Commission is threatening to step in with
regulations if network providers don't improve cybersecurity.

The FCC will take steps to encourage cybersecurity in the coming months,
acting first as a promotor of company-led initiatives instead of...
 

Posted by InfoSec News on Jun 13

http://www.computerworlduk.com/news/security/3524486/bank-of-england-receives-7-or-8-cyber-attacks-week-says-ciso/

By Matthew Finnegan
Computerworld UK
12 June 14

The Bank of England is fending off regular attempts to hack its into
systems each week, with hactivists and nation states the most common
culprits.

“We get on average around eight incidents a week, and we are a central
bank that is pretty small in number - around 4,000...
 

Posted by InfoSec News on Jun 13

http://www.nextgov.com/cybersecurity/2014/06/fake-dot-gov-webmail-used-phishing-scam-hack-epa-and-census-staff/86374/?oref=ng-HPtopstory

By Aliya Sternstein
Nextgov.com
June 12, 2014

A Nigerian man has admitted to compromising the email accounts of federal
employees to order agency office products that he then sold on the black
market, according to newly filed court papers.

Abiodun Adejohn and conspirators cheated government supply vendors...
 

Posted by InfoSec News on Jun 13

http://ottawacitizen.com/technology/internet/how-did-the-rcmp-crack-blackberrys-security

By Vito Pilieci
ottawacitizen.com
June 12, 2014

BlackBerry Ltd. has long held that its BlackBerry devices are among the
most secure in the world, but it turns out the platform isn’t as
bulletproof as many had been led to believe.

On Thursday, Royal Canadian Mounted Police revealed the results of Project
Clemenza, which it began in 2010. During the...
 

Posted by InfoSec News on Jun 13

http://english.cntv.cn/2014/06/12/ARTI1402535320647496.shtml

By Bai Yang
Xinhua
06-12-2014

BEIJING, June 11 (Xinhua) -- The 2014 China National Computer
Congress(CNCC) will focus on information security issues, the China
Computer Federation announced on Wednesday.

The annual congress, from Oct. 23 to 25, will be held in Zhengzhou,
provincial capital of central China's Henan. It will discuss information
security challenges in the...
 

Posted by InfoSec News on Jun 13

http://www.slate.com/articles/technology/future_tense/2014/06/target_breach_cyberinsurance_is_a_mess.html

By Josephine Wolff
Slate.com
June 12, 2014

Do you still shop at Target? There’s been controversy over how much of an
impact the massive breach of 40 million credit and debit card numbers in
late 2013 had on the company’s shareholders and customers. And that
controversy speaks to a larger cybersecurity problem plaguing industry...
 

Posted by InfoSec News on Jun 13

http://www.computerworld.com/s/article/9249064/DDoS_attacks_knock_Feedly_offline_for_second_day_running

By Gregg Keizer
Computerworld
June 12, 2014

RSS aggregator Feedly today went dark for the second time in two days as
another wave of distributed-denial-of service (DDoS) attacks knocked it
offline.

At approximately 10:30 a.m. ET (7:30 a.m. PT), Feedly acknowledged that it
had again been targeted by cyber criminals, who seem bent on...
 
Internet Storm Center Infocon Status