Hackin9
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
How much value do you put on certain features in the cellphone you buy? Most consumers probably don't assign a dollar value to specific items, but the detailed calculations handset manufacturers make were at the heart of arguments Thursday as Apple and Samsung fight over hundreds of millions of dollars in patent infringement damages in a California court.
 

Hackers have attempted more than a dozen attacks on HealthCare.gov, the struggling website at the center of President Obama's signature healthcare law, according to published news reports citing a top US official.

All of the attacks, which occurred from November 6 through November 8, failed and remain under investigation, Acting Assistant Homeland Security Secretary Roberta Stempfley of the Office of Cybersecurity and Communications told a US House of Representatives committee Wednesday. She said she was also aware of the recent discovery of software designed to overload HealthCare.gov with more traffic than it could handle. As was the case when it was first spotted last week, there's no evidence that the DIY denial-of-service tool was ever actively used.

"We received about 16 reports from HHS that are under investigation and one open source report about a denial of service," Stempfley told members of the House Homeland Security Committee, according to this report from CNN.

Read 1 remaining paragraphs | Comments


    






 
RETIRED: Google Chrome Unspecified Remote Sandbox Security Bypass Vulnerability
 
RETIRED: Google Chrome Unspecified Integer Overflow Vulnerability
 
American soldiers patrolling dangerous streets will soon be accompanied by robots programmed to scan the area with thermal imaging and send live images back to the command center. Likewise, squads of infantrymen hiking through mountains will be helped by a wagon train of robots carrying water, ammo and protective gear.
 
Oracle MySQL Server CVE-2013-3801 Remote Security Vulnerability
 
The ISIS Mobile Wallet went live on Thursday, bringing NFC-powered shopping to consumers across the U.S. through a venture backed by three of the nation's top four carriers.
 
MySQL 'yaSSL' Remote Code Execution Vulnerability
 
A coalition of photographers and picture agencies has made a formal complaint about Google's use of third-party images to Europe's competition watchdog.
 

A vastly larger percentage of the world's Web traffic will be encrypted under a near-final recommendation to revise the Hypertext Transfer Protocol (HTTP) that serves as the foundation for all communications between websites and end users.

The proposal, announced in a letter published Wednesday by an official with the Internet Engineering Task Force (IETF), comes after documents leaked by former National Security Agency contractor Edward Snowden heightened concerns about government surveillance of Internet communications. Despite those concerns, websites operated by Yahoo, the federal government, the site running this article, and others continue to publish the majority of their pages in a "plaintext" format that can be read by government spies or anyone else who has access to the network the traffic passes over. Last week, cryptographer and security expert Bruce Schneier urged people to "make surveillance expensive again" by encrypting as much Internet data as possible.

The HTTPbis Working Group, the IETF body charged with designing the next-generation HTTP 2.0 specification, is proposing that encryption be the default way data is transferred over the "open Internet." A growing number of groups participating in the standards-making process—particularly those who develop Web browsers—support the move, although as is typical in technical deliberations, there's debate about how best to implement the changes.

Read 8 remaining paragraphs | Comments


    






 
Cisco Unified Communications Manager CVE-2013-3472 Cross Site Request Forgery Vulnerability
 
Cisco Wireless LAN Controller CVE-2013-6684 Multiple Remote Denial of Service Vulnerability
 
Cisco IOS SSL VPN Interface CVE-2013-6686 Remote Denial of Service Vulnerability
 
How much value do you put on certain features in the cellphone you buy? Most consumers probably don't assign a dollar value to specific items, but the detailed calculations handset manufacturers make were at the heart of arguments Thursday as Apple and Samsung fight over hundreds of millions of dollars in patent infringement damages in a California court.
 
The number of government requests for user information received by Google has doubled since 2010, not including requests made under the U.S. Foreign Intelligence Surveillance Act, which the company is not allowed to disclose.
 
Federal firearms agents Wednesday found that all-plastic guns made by 3-D printers are dangerous and can explode in users hands.
 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Cisco Prime Data Center Network Manager CVE-2013-5487 Information Disclosure Vulnerability
 
Cisco Prime Data Center Network Manager Multiple Remote Command Execution Vulnerabilities
 
Multiple EMC Documentum Products CVE-2013-3281 Cross Site Scripting Vulnerability
 
Western Digital demonstrated a 2.5-in laptop drive using HAMR recording technology that has the potential to increase areal density on disk platters five-fold.
 
Linux Kernel CVE-2013-6763 Integer Overflow Vulnerability
 
Zoho has added a series of features to its CRM (customer relationship management) software in a bid to appeal to larger companies as well as lure away customers from the likes of Salesforce.com.
 
A U.S. judge has thrown out a longstanding copyright infringement case brought against Google by the Authors Guild, saying the company's book-scanning project provides significant benefits to the public.
 
DS3 Authentication Server 'ServerAdmin/ErrorViewer.jsp' Security Bypass Vulnerability
 
Re: [security bulletin] HPSBUX02922 SSRT101305 rev.1 - HP-UX Running Java5 Runtime Environment (JRE) and Java Developer Kit (JDK), Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
 
IBM WebSphere Application Server CVE-2013-4005 Cross Site Scripting Vulnerability
 
Security researchers have compromised Microsoft Surface RT, Nexus 4 and Samsung Galaxy S4 devices by exploiting previously unknown vulnerabilities in Internet Explorer 11 running on Windows 8.1 and Google Chrome running on Android.
 
Shutterstock

A senior Microsoft executive has told a European parliamentary committee that the company does not encrypt its server-to-server data communications.

Dorothee Belz, EMEA VP for Legal and Corporate Affairs, made the remark when answering a question from Claude Moraes, MEP, during a meeting at the European Parliament on Monday.

"Generally, what I can say today is server-to-server transportation is generally not encrypted," she said. "This is why we are currently reviewing our security system."

Read 18 remaining paragraphs | Comments


    






 
IBM WebSphere Application Server CVE-2013-3029 Cross-Site Request Forgery Vulnerability
 
IBM WebSphere Application Server CVE-2013-4004 Cross Site Scripting Vulnerability
 
IBM WebSphere Application Server CVE-2013-4052 Cross Site Scripting Vulnerability
 
IBM WebSphere Virtual Enterprise CVE-2013-5425 Cross Site Scripting Vulnerability
 
Re: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
 
Re: Cisco Security Advisory: Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
 
Security researchers have compromised Microsoft Surface RT, Nexus 4 and Samsung Galaxy S4 devices by exploiting previously unknown vulnerabilities in Internet Explorer 11 running on Windows 8.1 and Google Chrome running on Android.
 
Nvidia has made improvements to its underlying software tools to make it easier to write programs for faster execution across CPUs and graphics processors.
 
The European Commission gave airlines permission to offer their passengers Internet access via 3G and 4G connections so they can send emails and surf the Web while in flight.
 
LinuxSecurity.com: Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, and other implementation errors may lead to the execution of arbitrary code. [More...]
 
LinuxSecurity.com: Matt Ezell from Oak Ridge National Labs reported a vulnerability in torque, a PBS-derived batch processing queueing system. A user could submit executable shell commands on the tail of what is [More...]
 
LinuxSecurity.com: Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: An updated Adobe Flash Player package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]
 
LinuxSecurity.com: Apache Commons FileUpload could be made to overwrite files.
 
Samba ACL Check Security Bypass Vulnerability
 
Natural and manmade disasters underscore the challenges of seamless disaster recovery in the real world. Having a comprehensive business continuity plan isn't just an IT concern; though. Nothing less than the survival of your company is at stake.
 
IBM WebSphere Application Server CVE-2013-0460 Cross-Site Request Forgery Vulnerability
 
Oracle Solaris CVE-2013-5839 Remote Security Vulnerability
 
IBus CVE-2013-4509 Local Password Information Disclosure Vulnerability
 

Earlier this week, a user submitted one of those "odd packets" we all like. The packet was acquired with tcpdump, without the "-x" or "-X" option, but still, tcpdump decided to dump the entire packet in hexadecimal. I have seen tcpdump do things like this before, and usually attributed it to "packet overload". If I have tcpdump write the same traffic to disk (using the -w option) and later read it back with -r, I don't see this questionable traffic.

But I never bothered to really look into it. So today, returning from the dentist and under the influence of Novacaine after crown prep, I decided what better thing to do but to play a bit with packets.

Here is the setup:

I am running tcpdump on my firewall. I have it listen on all interfaces. The exact command line:

sudo tcpdump -i any -nn -xx  not ip and not ip6 and not arp

Now if I got this filter right, I should see no IPv4, no IPv6 and no ARP . At first, I got packets like this:

21:39:55.404619 Out 00:e0:4c:68:e0:7d ethertype Unknown (0x0003), length 344:
0x0000:  0004 0001 0006 00e0 4c68 e07d 0000 0003
0x0010:  4510 0148 0000 0000 8011 2e93 0a05 00fe
0x0020:  ffff ffff 0043 0044 0134 cb27 0201 0600
0x0030:  1223 3456 0000 8000 0000 0000 0a05 004a
0x0040:  0a05 00fe 0000 0000 000e f316 a4a6 0000
0x0050:  0000 0000 0000 0000 0000 0000 0000 0000
0x0060:  0000 0000 0000 0000 0000 0000 0000 0000
(removed remainder: all "0").

Interestingly, the packet has an "off" ethernet header that looks like it got an additional two bytes, followed by what looks like a normal IPv4 header.

On a second attempt, using the same filter, I even got some packets that got interpreted as IPv4, even though my filter should exclude them:

21:44:01.919690 IP 10.128.0.11.56559 > 10.5.1.12.80: Flags [.], ack 421172865, win 403, length 0
0x0000:  0000 0001 0006 8ab0 1e25 1fcb 0000 0800
0x0010:  4500 0028 b78a 4000 4006 6daa 0a80 000b
0x0020:  0a05 010c dcef 0050 69b5 295b 191a 9681

But again, note the extra long ethernet header. So what is happending? Wireshark doesn't help. Also, the MAC addresses are not right.
 
Please submit any ideas via the comment form or as a comment to this post.

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Adobe

Adobe published two advisories today:

(Correction: APSB13-25 was released last month, and I have removed it from this diary. Instead, APSB13-27 was added below)

APSB13-26: Security Updates for Flash Player

This update affects the Windows, OS X as well as the Linux version of Adobe Flash Player 11.9 (11.2 for Linux) , as well as Adobe Air 3.9. The Flashplayer vulnerability is assigned a priority of "1" on Windows and OS X which indicates an exploit has been sighted in the wild and Adobe recommends patch "as soon as possible" (72 hrs).

Vulnerabilities that are covered by this patch: CVE-2013-5329, CVE-2013-5330.

APSB13-27: Hotfix for Coldfusion

This hotfix affects Coldfusion 9 as well as 10. Adobe assigned it a priority of 1 for Coldfusion 10 and 2 for Coldfusion 9.x . The hotfix patches two vulnerabilities:

1 - A reflective XSS vulnerability in Coldfusion 9/10 (CVE-2013-5326)
2 - An authentication bypass problem in Coldfusion 10 (CVE-2013-5328)

The second vulnerability which allows unauthorized remote read access is probably the reason this hotfix is rated "1" for Coldfusion 10.

 

Google

Google released a new version of Chrome today: Chrome 31. The update includes 25 security fixes. Not exactly a security fix, but still interesting: Chrome 31 improves the SSL ciphers by adding support for the AES-GCM ciphers.

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Overview of the November 2013 Microsoft patches and their status.

# Affected Contra Indications - KB Known Exploits Microsoft rating(**) ISC rating(*)
clients servers
MS13-088 Cumulative Security Update for Internet Explorer
(ReplacesMS13-080 )
Internet Explorer
CVE-2013-3891
CVE-2013-3908
CVE-2013-3909
CVE-2013-3910
CVE-2013-3911
CVE-2013-3912
CVE-2013-3914
CVE-2013-3915
CVE-2013-3916
CVE-2013-3917
KB 2888505 No. Severity:Critical
Exploitability: 1,2,3
Critical Important
MS13-089 Remote Code Execution Vulnerability in Windows Graphics Device Interface
(ReplacesMS08-071 )
GDI+
CVE-2013-3940
KB 2876331 No. Severity:Critical
Exploitability: 1
Critical Important
MS13-090 Remote Code Execution Vulnerability in InformationCardSigninHelp ActiveX Class
(ReplacesMS11-090 )
ActiveX (icardie.dll)
CVE-2013-3918
KB 2900986 Yes. Severity:Critical
Exploitability: 1
PATCH NOW! Important
MS13-091 Remote Code Execution Vulnerability in Microsoft Office
(ReplacesMS09-073 )
Microsoft Office (Word)
CVE-2013-0082
CVE-2013-1324
CVE-2013-1325
KB 2885093 No. Severity:Important
Exploitability: 1,3
Critical Important
MS13-092 Elevation of Privileges Vulnerability in HyperV
 
HyperV Guests (DoS for Host)
CVE-2013-3898
KB 2893986 No. Severity:Important
Exploitability: 1
Important Important
MS13-093 Information Disclosure Vulnerability in Ancillary Function Driver
(ReplacesMS12-009 )
Ancillary Function Driver
CVE-2013-3887
KB 2875783 No. Severity:Important
Exploitability: 3
Important Important
MS13-094 Information Disclosure Vulnerability in Outlook
(ReplacesMS13-068 )
Outlook
CVE-2013-3905
KB 2894514 No. Severity:Important
Exploitability: 3
Important Less Important
MS13-095 Denial of Service Vulnerability in Digital Signatures
(ReplacesAdvisory 2661254 )
Digital Signatures
CVE-2013-3869
KB 2868626 No. Severity:Important
Exploitability: 3
N/A Important
;"> We will update issues on this page for about a week or so as they evolve.
We appreciate updates
US based customers can call Microsoft for free patch related support on 1-866-PCSAFETY
(*): ISC rating
  • We use 4 levels:
    • PATCH NOW: Typically used where we see immediate danger of exploitation. Typical environments will want to deploy these patches ASAP. Workarounds are typically not accepted by users or are not possible. This rating is often used when typical deployments make it vulnerable and exploits are being used or easy to obtain or make.
    • Critical: Anything that needs little to become "interesting" for the dark side. Best approach is to test and deploy ASAP. Workarounds can give more time to test.
    • Important: Things where more testing and other measures can help.
    • Less Urgent: Typically we expect the impact if left unpatched to be not that big a deal in the short term. Do not forget them however.
  • The difference between the client and server rating is based on how you use the affected machine. We take into account the typical client and server deployment in the usage of the machine and the common measures people typically have in place already. Measures we presume are simple best practices for servers such as not using outlook, MSIE, word etc. to do traditional office or leisure work.
  • The rating is not a risk analysis as such. It is a rating of importance of the vulnerability and the perceived or even predicted threat for affected systems. The rating does not account for the number of affected systems there are. It is for an affected system in a typical worst-case role.
  • Only the organization itself is in a position to do a full risk analysis involving the presence (or lack of) affected systems, the actually implemented measures, the impact on their operation and the value of the assets involved.
  • All patches released by a vendor are important enough to have a close look if you use the affected systems. There is little incentive for vendors to publicize patches that do not have some form of risk to them.

(**): The exploitability rating we show is the worst of them all due to the too large number of ratings Microsoft assigns to some of the patches.

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

FireEye Labs has discovered an "exploit that leverages a new information leakage vulnerability and an IE out-of-bounds memory access vulnerability to achieve code execution." [1] Based on their analysis, it affects IE 7, 8, 9 and 10.

According to Microsoft, the vulnerability can be mitigated by EMET.[2][3] Additional information on FireEye Labs post available here.

Update: FireEye Labs provided additional information on the recently discovered IE zero-day exploit that is currently in the wild and has been named Trojan.APT.9002 (aka Hydraq/McRAT variant). They have published additional information on the Trojan that only runs in memory and leave very little artifacts that can help identify infected clients. Additional information about the Trojan can be found here which also includes a list of domains, MD5 hash and User-Agent information.

Update 2: Microsoft is releasing tomorrow a fix for this vulnerability (CVE-2013-3918) affecting Explorer ActiveX Control as "Bulletin 3" as MS13-090 listed in the November Microsoft Patch Tuesday Preview.

[1] http://www.fireeye.com/blog/technical/2013/11/new-ie-zero-day-found-in-watering-hole-attack.html
[2] https://isc.sans.edu/forums/diary/EMET+40+is+now+available+for+download/16019
[3] http://www.microsoft.com/en-us/download/details.aspx?id=39273
[4] http://www.fireeye.com/blog/technical/cyber-exploits/2013/11/operation-ephemeral-hydra-ie-zero-day-linked-to-deputydog-uses-diskless-method.html
[5] http://blogs.technet.com/b/msrc/archive/2013/11/11/activex-control-issue-being-addressed-in-update-tuesday.aspx

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

In the past we have seen malware being delivered via Google Docs. You would receive an email stating that a document had been shared and when you clicked the link bad things would start to happen.  In recent weeks the same approach has increasingly been used to Phish.  You would receive an email along these lines: 

Hello,
 
We sent you an attachment about your booking using Google Drive
 
I have sent the attachment for you using Google Drive So Click the Google Drive link below
to view the attachment..
<button>Google Drive</button>

Once the link is clicked you are sent through to a web site where you are presented with the following screen:

Clicking on any of these will ask you for a userid and password for that service.  The link in the email should be easily recognised by people as obviously not being a Google link, but many still do not check this.  If you are doing an awareness campaign or reminder, maybe include some info on recognising phishing links. 

Cheers

Mark 

 

 

 

 

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Most if not all of the handlers run honeypots, sinkholes, SPAM traps, etc in various locations around the planet. As many of you are aware they are a nice tool to see what is going on on the Internet at a specific time.  Setting up a new server the other day it was interesting to see how fast it was touched by evilness.  Initially it wasn't even intended as a honeypot, but it soon turned into one when "interesting" traffic started turning up.  Now of course mixing business (servers original intended use) and pleasure (honeypot) aren't a good thing, so honeypot it is. 

It was quite disheartening to see how fast evilness turned up: 

  • SSH brute force attacks port 22 < 2minutes
  • SSH brute force attacks port 2222 < 4 hours
  • Telnet  - 8 Minutes
  • Coldfusion checks ~ 30 minutes
  • SQLi Check ~ 15 minutes
  • Open Proxy check 3128  - 81 minutes
  • Open Proxy Check 80 - 35 minutes
  • Open proxy check 8080 - 48 minutes

Which got me thinking about a few things and hence this post.  There are two things I'm interested in firstly when running Honeypots what do you use?  There are some great resources and different tools, so what works for you.  This one I just set up using the 404 project components from this site. I used Kippo for 2222 and for the rest I used actual product configured to bounce pretty much every request.  It doesn't get me exactly what they are doing, but it gives me a first indication, plus I ran out of time :-(  

The second thing I'd like to know is, when you set up the Honeypot for the first time how long did it take to get a hit?  On our site we have a survival time.  It would be interesting to know what the survival time for SSH, FTP, telnet, proxies etc is.  So the next time you set up a honey pot, or if you still have the logs going back that far take a look and share.  SSH with a default password less than 2 minutes. What are your stats?

Cheers

Mark 

(PS if you are going to set one up, make sure you fully understand what you are about to do.  You are placing a deliberately vulnerable device on the internet.  Depending on your location you may be held liable for stuff that happens (IANAL).  It it gets compromised, make sure it is somewhere where it can't hurt you or others. )

 

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The general counsel of a U.S. spying agency told a Senate committee Wednesday that if Internet companies provide information about the number of surveillance orders they receive for user data, it would alert the country's adversaries on which services to avoid.
 
EMC's long-awaited entry into all-flash storage arrays will finally get a full-fledged rollout next week, possibly setting the terms for mastery of the fledgling product category along the way.
 
IBM is preparing to give third parties access to its Watson supercomputer with the aim of spurring the growth of applications that take advantage of the system's artificial intelligence capabilities.
 
Cisco Systems stunned Wall Street on Wednesday with a gloomy financial forecast it blamed on falling demand in developing countries and transitions in some of its product lines.
 
Facebook is hoping to gain a stronger foothold in the competitive mobile messaging space with an updated version of its Messenger app, which now lets people message each other even if they aren't Facebook friends.
 
After several missed security audits, the IT team at the Pennsylvania Department of Public Welfare built an ambitious security risk framework so audit reports could be prepared in a timely fashion. Insider (registration required)
 
Samsung Electronics widened its lead over Apple in worldwide smartphone sales during the third quarter, while China's Lenovo also gained ground thanks to growth in its home market, according to research firm Gartner.
 
Adobe Flash Player and AIR CVE-2013-5329 Remote Memory Corruption Vulnerability
 
Adobe Flash Player and AIR CVE-2013-5330 Remote Memory Corruption Vulnerability
 
Linux Kernel CVE-2013-4511 Multiple Integer Overflow Vulnerabilities
 
Drupal Misery Module Denial Of Service Vulnerability
 
Cisco NX-OS Software for Nexus 4000 Series CVE-2013-6683 Denial of Service Vulnerability
 
Cisco Unified IP Phone 8900/9900 Series Insecure File Permissions Privilege Escalation Vulnerability
 
Zikula Application Framework CVE-2013-6168 'returnpage' Parameter Cross Site Scripting Vulnerability
 
Dahua DVR Authentication Bypass - CVE-2013-6117
 
[SECURITY] [DSA 2797-1] icedove security update
 

Posted by InfoSec News on Nov 14

http://www.infoworld.com/d/security/4-reasons-badbios-isnt-real-230636

By Roger A. Grimes
InfoWorld
NOVEMBER 12, 2013

If you haven't been following the story of Dragos Ruiu's BadBIOS tale the
last two weeks, you've missed a compelling saga and an opportunity to find
out how much you really know about malware.

A well-respected computer security researcher, Ruiu says he's found the
single nastiest malware program of all...
 

Posted by InfoSec News on Nov 14

http://www.abs-cbnnews.com/nation/regions/11/14/13/alleged-anonymous-ph-hacker-nabbed-butuan

ABS-CBNnews.com
11/14/2013

MANILA -- An alleged member of hacker group "Anonymous Philippines" was
arrested in Butuan City, Agusan del Norte.

The National Bureau of Investigation (NBI) said the suspect, identified as
Rodel Plasabas, was arrested in an Internet shop in the city where the Internet
Protocol (IP) address of one of the hackers...
 

Posted by InfoSec News on Nov 14

http://www.wired.com/threatlevel/2013/11/hammond-sentencing-memo/

By Kevin Poulsen
Threat Level
Wired.com
11.12.13

Anonymous hacktivist Jeremy Hammond should receive the maximum 10 year
prison term for defacing law enforcement and corporate websites and
stealing 200 gigabytes of email and 60,000 credit card numbers from a
private intelligence firm, prosecutors argued in a court filing today.

“Contrary to the picture he paints of himself...
 
Drupal Context Module Arbitrary PHP Code Execution Vulnerability
 
Drupal Context Module CVE-2013-4445 Module Access Bypass Vulnerability
 
[SECURITY] [DSA 2796-1] torque security update
 
Superuser "su --daemon" vulnerability on Android >= 4.3
 
Android Superuser shell character escape vulnerability
 
Superuser unsanitized environment vulnerability on Android <= 4.2.x
 
Internet Storm Center Infocon Status