Hackin9
Facebook said Friday it had been the target of a sophisticated hacking attack but that it had no evidence any user data had been compromised.
 
For my recent column of predictions for 2013 I polled a huge number of IT people to see what they are expecting, and ended up getting more than 400 responses.
 
As an avid reader, and an especially big fan of ebooks, I thought subscribing to Amazon Prime seemed like a good idea.
 
Facebook is working hard to assure users that Graph Search, its new search engine designed to uncover all sorts of information buried within the site, does not compromise the privacy rights of minors.
 
Intel's aim is to lead the way in creating the first exaflop supercomputer, so it is making architectural improvements to its processors with the hope to reach that goal between 2018 and 2020.
 
The growing number of shareholders voicing opposition to Dell's US$24.4 billion plan to go private appears to be putting the company increasingly on the defensive, raising questions about the terms of the deal.
 
IBM Lotus Domino HTTP Response Splitting and Cross Site Scripting Vulnerabilities
 
Empirum Password Obfuscation Design Flaw
 
SAP is hoping to nail a slam dunk for its HANA in-memory platform through a partnership with the National Basketball Association on a new HANA-powered statistics website.
 
Facebook is working hard to assure users that Graph Search, its new search engine designed to uncover all sorts of information buried within the site, does not compromise the privacy rights of minors.
 
[ MDVSA-2013:012 ] postgresql
 
Re: CFP: InfoSec Southwest 2013
 
Skype soft-launched a video messaging service on Friday that allows its subscribers to deliver recorded clips to Skype contacts for playback when they come online.
 
U.S. broadband providers deliver nearly the residential broadband speeds they advertise, with a handful of large providers exceeding the promised service, the U.S. Federal Communications Commission said in a new report.
 
During a Google+ 'Fireside Hangout' on Thursday, President Barack Obama talked about his daughters' math and science studies, the benefits of making computer programming a required high school class and the need to keep the Internet open.
 
HP Arcsight Multiple Products HTML Injection Vulnerability
 
Linux Kernel '__skb_recv_datagram()' Local Denial of Service Vulnerability
 
How you handle your last days at a company can cast a lasting impression on your professional reputation. Here are the dos and donts of leaving, plus tips for tying up loose ends on LinkedIn.
 
Writing a book about Windows 8 takes a peculiar combination of perseverance, insight, and a high tolerance for pain. Those who write books about Win8 get to dig into the heart of the beast -- they're exposed early and often to inconsistences and difficulties, and they're tasked with making the hard parts of Win8 accessible to regular people. Along the way, book authors acquire an enormous amount of experience with how the product actually works, going far beyond the stunted feature lists, glib reviews, and sound bites we've all come to expect.
 

Infosec to exhibitors: Clean up your act
CRN - UK
Exhibitors have been banned from wearing "inappropriate, revealing and offensive" attire at Infosec, CRN has learned. Organisers have implemented a dress code crackdown following a storm of negative feedback relating to the attire – or lack thereof ...

 
Microsoft is reminding customers that Windows 7's first edition, which shipped more than three years ago, will be dropped from support in early April.
 
Google+ suffered a site outage Friday morning, prompting users of the social network to complain on both Google+ and Twitter that the site was down or slow to load.
 
In this edition of Lost+Found: Angry Birds where they shouldn't be, the search for a new hashing scheme, atmospheric noise, the ShmooCon live stream and more jailbreak details


 
Leave an Android phone in the freezer for an hour and you may be able to access private user data, including encrypted data, without the PIN


 
Flowplayer 'linkUrl' Parameter Cross Site Scripting Vulnerability
 
"When I am hiring, I always think of not what they can do today. What is their potential? Everyone I hired in my direct team has the potential to do my job or be better than me."
 
A retail copy of Office 2013 is permanently tied to the first PC on which it's installed, preventing customers from deleting the suite from one machine they own and installing it on another.
 
Sure, those fancy new 802.11ac routers are wicked fast, but the IEEE isn't expected to ratify that standard until later this year. So today's 802.11ac hardware could be rendered obsolete if the standards body changes course between now and November.
 
Adobe Flash Player and AIR CVE-2013-1368 Buffer Overflow Vulnerability
 
Adobe Flash Player and AIR CVE-2013-1370 Buffer Overflow Vulnerability
 
Adobe Flash Player and AIR CVE-2013-1373 Buffer Overflow Vulnerability
 
Amazon Web Services has made available to all users its cloud-based data warehouse Redshift, which it pitches as a lower-cost alternative to on-premise deployments.
 

One of our readers has come across traffic leaving the network with a destination of CN and a destination port of tcp 8520.

If you are seeing the same Id like to know, even better if you have a capture of the traffic including the payload that would be great.

Cheers

Mark H
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Oracle Java SE CVE-2013-1481 Remote Code Execution Vulnerability
 
Oracle Java SE CVE-2013-0419 Java Runtime Environment Remote Security Vulnerability
 
As jumbled news reports of what appeared to be a meteor shower over Russia trickled out of the country, some of the best views of what happened were from the dashboards of Russian cars.
 
Egypt's telecom regulator says it is not viable for it to follow a court order to block YouTube in the country, and is appealing the ruling.
 
Browser developer Opera Software will acquire Skyfire Labs, which develops technology to speed video delivery over mobile networks, the companies said Friday.
 
The popular social-news site Reddit said it will now accept bitcoins, following blogging platform WordPress in embracing the four-year-old virtual currency.
 
Facebook has expanded its promoted posts program, allowing users to pay to highlight posts made by friends. The move, if successful, could help boost fees Facebook collects from the recently introduced service.
 
Buffalo Technology has set the end of this month as the launch date for its DriveStation DDR external hard disk enclosure, which uses a 1GB DRAM cache to achieve what Buffalo says is the world's fastest transfer speed.
 
With a little practice, a series of key presses can be used to bypass the iPhone's passcode lock. The technique can be used to make phone calls, access contacts and leaf through the photo album.


 
Oracle Java SE CVE-2013-0449 Java Runtime Environment Remote Security Vulnerability
 

#FFSec, Feb. 15: Five infosec pros who stand out
CSO (blog)
@SecBarbie: Erin Jacobs has done much to bring people in the infosec community together through her blogging, use of social media and events like the Security Sociability meet-up each year at RSA. Covering the industry has been a lot more fun because ...

 
Oracle Java SE CVE-2013-0430 Java Runtime Environment Remote Security Vulnerability
 
Adobe Flash Player and AIR CVE-2013-1367 Buffer Overflow Vulnerability
 
Adobe Flash Player and AIR CVE-2013-0642 Buffer Overflow Vulnerability
 

Posted by InfoSec News on Feb 15

http://www.hindustantimes.com/technology/Chunk-HT-UI-Technology-OtherStories/Putin-orders-setting-up-of-anti-hacker-defence/SP-Article1-1012086.aspx

IANS
February 15, 2013

Russian President Vladimir Putin has personally instructed the Federal Security
Service (FSB) to promptly set up a unified system to detect and counter
computer-hacking attacks on Russia's IT resources.

"In the near future, we need to set up a unified system for...
 

Posted by InfoSec News on Feb 15

http://www.thesmokinggun.com/documents/internet/bush-hackers-other-victims-637098

The Smoking Gun
FEBRUARY 14, 2013

As federal agents hunt for the culprit who illegally accessed several Bush
family e-mail accounts, The Smoking Gun has learned that the hacker’s victim
list also includes a U.S. Senator, a senior United Nations official, security
contractors in Iraq, two former FBI agents, and a Department of Defense
supervisor.

The hacker,...
 

Posted by InfoSec News on Feb 15

http://www.wisn.com/news/south-east-wisconsin/milwaukee/Froedtert-Hospital-warning-43-000-patients-their-files-may-have-been-accessed/-/10148890/18541500/-/rd1rrhz/-/index.html

By WISN.com Staff
Feb 14, 2013

MILWAUKEE -- Froedtert Hospital is alerting patients that up to 43,000 patient
files may have been accessed by unauthorized people after an employee's
computer was infected with a virus.

A spokeswoman told 12 News Froedtert Health...
 

Posted by InfoSec News on Feb 15

http://www.v3.co.uk/v3-uk/news/2243766/spanish-police-nab-reveton-ransomware-boss

By Shaun Nichols
V3.co.uk
14 Feb 2013

Spanish authorities have detained a man they believe to be one of the heads of
the notorious Reveton malware gang.

Police said that the man, who is a Russian national, is currently being held in
Dubai and is awaiting extradition to Spain, where the Reveton gang is believed
to have based part of its operation.

According to...
 

Posted by InfoSec News on Feb 15

http://arstechnica.com/security/2013/02/a-world-of-hurt-after-mcafee-mistakenly-revokes-key-for-signing-mac-apps/

By Dan Goodin
Ars Technica
Feb 14 2013

A McAfee administrator accidentally revoked the digital key used to certify
desktop applications that run on Apple's OS X platform, creating headaches for
customers who want to install or upgrade Mac antivirus products.

A certificate revocation list [CRL] hosted by Apple Worldwide...
 
Internet Storm Center Infocon Status