Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

On Thursday afternoon, the Wall Street Journal published a report saying that the US Marshals Service (USMS) was using small, fixed-wing Cessnas equipped with so-called “dirtboxes”—receivers that act like cellphone towers—to gather data from citizens' phones below. The purpose of such collection is to target and spy on criminal suspects, but the data from any citizen's phone is collected by such devices.

Sources told the WSJ that USMS operated these planes from five major airports in the US and that the program had a flying range “covering most of the US population.” The devices on the planes can capture unique identifying information from “tens of thousands” of cellphones on the ground. Using that information, federal authorities can pinpoint a cellphone user's location from “within three meters or within a specific room in a building,” the WSJ said.

Individuals with knowledge of the matter told the news outlet that the plane flyovers were targeted at “fugitives and criminals” and that non-target phone data is “let go” as it is gathered. The dirtboxes are described as higher-grade Stingrays, which police use on the ground to collect International Mobile Subscriber Numbers (IMSI).

Read 8 remaining paragraphs | Comments

 
IBM QRadar SIEM CVE-2014-4830 Information Disclosure Weakness
 
libxml2 Multiple Memory Corruption Vulnerabilities
 
Disconnect

Disconnect, the public benefit corporation behind the eponymous online privacy tool and “malvertising” blocking service, released a new version of its virtual private networking and privacy protection service for iOS, Android, Windows, and Mac OS X this morning. Disconnect has offered versions of its service on these platforms in the past, but the latest edition is the first to bring an enhanced version of what the company first introduced on the privacy-oriented Blackphone to these other operating systems.

The service is available through Apple’s App Store and the company’s website (not the Google Play or Windows stores), and it adds filtering of cell provider “supercookies” and other common tracking data captured by websites and mobile applications. Disconnect has also inked a deal with Deutsche Telekom to offer its software and services as a promotional bundle to DT customers.

The new Disconnect app and service comes in free and premium versions. The free application simply provides the user with a visualized record of tracking performed by websites and mobile applications, showing what tracking cookies are used and whose cookies they are. It also shows any unsecured connections within sites using otherwise secure HTTPS connections.

Read 5 remaining paragraphs | Comments

 
binutils Multiple Directory Traversal Vulnerabilities
 
tnftp CVE-2014-8517 Arbitrary Command Execution Vulnerability
 

FireEye CEO David DeWalt Offers InfoSec Rethink on Cyber Amid Changing ...
ExecutiveBiz (blog)
FireEye CEO David DeWalt has called on information security leaders to embrace threat intelligence as a new, alternative basis for their defense platforms and security strategies, GovInfo Security reported Wednesday. “It's a tough conversation, telling ...

and more »
 

Microsoft's Windows Phone emerged only partially scathed from this year's Mobile Pwn2Own hacking competition after a contestant failed to fully pierce its defenses.

A blog post from Hewlett-Packard, whose Zero Day Initiative organizes the contest, provided only sparse details. Nonetheless, the account appeared to show Windows phone largely surviving. An HP official wrote:

First, Nico Joly—who refined his competition entry on the very laptop he won at this spring’s Pwn2Own in Vancouver as part of the VUPEN team—was the sole competitor to take on Windows Phone (the Lumia 1520) this year, entering with an exploit aimed at the browser. He was successfully able to exfiltrate the cookie database; however, the sandbox held and he was unable to gain full control of the system.

No further details were immediately available. HP promised to provide more color about hacks throughout the two-day contest in the coming weeks, presumably after companies have released patches.

Read 1 remaining paragraphs | Comments

 
 
LinuxSecurity.com: Updated kdenetwork packages that fix three security issues are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
 
LinuxSecurity.com: Updated libvncserver packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security [More...]
 
LinuxSecurity.com: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security [More...]
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: OpenStack Neutron would allow unintended access to configuration over thenetwork.
 
LinuxSecurity.com: OpenStack Nova could be made to expose sensitive information.
 
LinuxSecurity.com: OpenStack Keystone could be made to expose sensitive information over thenetwork.
 
LinuxSecurity.com: Several security issues were fixed in QEMU.
 
LinuxSecurity.com: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]
 
Ruby 'pack.c' Buffer Overflow Vulnerability
 
Drupal Bad Behavior Module Information Disclosure Vulnerability
 
A screenshot included in an FCC petition showing the thwarting of a STARTTLS session.
Golden Frog

Digital rights advocates are doubling down on their criticism of a US-based ISP suspected of performing encryption downgrade attacks that caused customers' e-mail to remain in plaintext as it passed over the Internet.

The attacks, according to researchers, were carried out by AT&T subsidiary Cricket and prevented e-mail from being protected by STARTTLS, a technology that uses the secure sockets layer or transport layer security protocols to encrypt plaintext communications. The attacks worked by removing the STARTTLS flag that causes e-mail to be encrypted as it passes from the sending server to the receiving server. After the tampering came to light late last month it was reported by The Washington Post and TechDirt.

"It is important that ISPs immediately stop this unauthorized removal of their customers' security measures," wrote Electronic Frontier Foundation staff technologist Jacob Hoffman-Andrews in a blog post published Tuesday. "ISPs act as trusted gateways to the global Internet, and it is a violation of that trust to intercept or modify client traffic, regardless of what protocol their customers are using. It is a double violation when such modification disables security measures their customers use to protect themselves."

Read 2 remaining paragraphs | Comments

 
Re: CVE-2014-8732
 
Re: CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2
 
Adobe Flash Player and AIR CVE-2014-0582 Unspecified Heap Based Buffer Overflow Vulnerability
 
Adobe Flash Player and AIR CVE-2014-8441 Unspecified Memory Corruption Vulnerability
 
Adobe Flash Player and AIR CVE-2014-8440 Unspecified Memory Corruption Vulnerability
 
Adobe Flash Player and AIR CVE-2014-8438 Use After Free Remote Code Execution Vulnerability
 
Adobe Flash Player and AIR CVE-2014-0590 Type Confusion Remote Code Execution Vulnerability
 
[security bulletin] HPSBMU03182 rev.1 - HP Server Automation running Bash Shell, Remote Code Execution
 
[SECURITY] [DSA 3050-3] iceweasel security update
 
Prey Anti-Theft for Android missing SSL certificate validation [STIC-2014-0731]
 
Internet Storm Center Infocon Status