Hackin9

Texas GOP Vote

What Kind of World Are We Creating?
Texas GOP Vote
image from http://phoenix.gov/publicsafety/infosec/all/ We are living in a Rear Window world. Alfred Hitchcock's classic thriller tells the story of a professional photographer homebound by a broken leg who takes a voyeuristic interest in his neighbor ...

 
A court's decision not to prevent multiple Samsung handsets from being sold in the U.S. despite their being found to infringe Apple patents will go before an appeal's court in early August.
 

Why does a U.S. journalist and Anonymous activist face 105 years in jail?
Knight Center for Journalism in the Americas (blog)
... created to “provide a centralized, actionable data set regarding the intelligence contracting industry, the PR industry's interface with totalitarian regimes, the mushrooming infosec/'cybersecurity' industry, and other issues constituting threats ...

 
Though roundly ridiculed when it debuted in 1995, Microsoft Bob, or something resembling the short-lived on-screen assistant, will ultimately return, vowed Bill Gates, co-founder and chairman of Microsoft.
 
[security bulletin] HPSBPV02891 rev.1 - HP ProCurve Switches, Remote Unauthorized Information Disclosure
 
Squid-3.3.5 DoS PoC
 
CVE-2013-4788 - Eglibc PTR MANGLE bug
 

Infosec M&A: there's really no bubble
CRN Australia
The recent mergers and acquisitions including NTT acquiring Solutionary and Malwarebytes acquiring Zero Vulnerability Labs have ticked Delling's database beyond 650 transactions. With that in mind, it is pertinent to examine the trends and intelligence ...

 

Inforworld is reporting that the WMV codec patch included in MS13-057 causes a number of video related applications to show partially blank screens. The applications include Techsmith Camtasia, Adobe Premiere Pro CS6 and others.

Please let us know if you experienced any issues like that.

[1] http://www.infoworld.com/t/microsoft-windows/another-botched-windows-patch-ms13-057kb-2803821kb-2834904-222636

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Sony drops PSN breach appeal after risk assessment
Network World
... and VP of Business Development for Co3 Systems told CSO. Sill, while they are willing to pay to protect their infosec secrets, their overall stance on the fine didn't change. "We continue to disagree with the decision on the merits," the ...

and more »
 
Microsoft Chairman Bill Gates today briefly took attendees at a company-hosted research conference back decades to the failure of Microsoft Bob and the loathed "Clippy" to talk about preemptively helping tech users.
 
With major parts of the U.S. under an intense heat wave, opting for less cooling may seem like a bad idea. But it isn't.
 
Edward Snowden, the leaker of U.S. National Security Agency surveillance activities, may have changed his position about disclosing more information in the future, Russian President Vladimir Putin said Monday, according to news reports.
 

Sony drops PSN breach appeal after risk assessment
CSO
Sill, while they are willing to pay to protect their infosec secrets, their overall stance on the fine didn't change. "We continue to disagree with the decision on the merits," the spokesperson added. Read more about data protection in CSOonline's Data ...

and more »
 

Email Encryption And The Goldilocks Principle
NetworkComputing.com
This type of quandary isn't unique to email encryption, and security professionals are constantly searching for “just right” solutions. But instead of feeling like Goldilocks, most end up in an infosec existential crisis. We often have more in common ...

 
Sprint on Monday experienced network outages affecting voice communications for several hours in various regions nationwide, the wireless carrier confirmed.
 
Researchers at the University of Illinois at Chicago wanted to know how smart a top artificial intelligence system actually is. So they gave it an IQ test.
 
Sprint will begin selling two LTE hotspots and an LTE USB modem on Friday -- the first tri-band LTE devices the carrier has offered.
 
A group of U.S. companies operating Internet advertising networks has pledged to bar websites trafficking in pirated goods from using their services and to take other steps to fight online copyright infringement.
 
[SECURITY] [DSA 2722-1] openjdk-7 security update
 
Apple promised to investigate a report that a young Chinese woman was electrocuted when she answered her iPhone 5 while it was plugged into its charger.
 
Google's chances of obtaining the "http://search" domain name are shrinking after several committees affiliated with the Internet Corporation for Assigned Names and Numbers (ICANN) recently warned that dotless domain names could be harmful to the Internet.
 
Network Security Services (NSS), the collection of cryptographic libraries which is used, among others, by Mozilla's Firefox browser, now supports TLS 1.2. This enables the use of TLS with HMAC-SHA256 ciphers
    


 
[CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection
 
Microsoft is reportedly moving ahead quickly on development of a smartwatch, having reached the prototype stage with a 1.5-in. device running on a modified Windows 8 housed in a translucent aluminum case.
 
A new version of a file-infecting malware program that's being distributed through drive-by download attacks is also capable of stealing FTP credentials, according to security researchers from antivirus firm Trend Micro.
 
Hewlett-Packard's board of directors has received a major infusion of software know-how, with the addition of former Microsoft chief software architect Ray Ozzie .
 
The combined value of paid apps, app-enabled purchases of goods and services, and in-app advertising is expected to double to $151 billion in the U.S. by 2017, according to AppNation.
 
What does a lead designer for a Madison Avenue technology firm think every programmer should know about design? Sneak preview: Interfaces actually matter less than you might think. But that's just the tip of the iceberg.
 
LinuxSecurity.com: Several security issues were fixed in the Apache HTTP Server.
 
LinuxSecurity.com: Several security issues were fixed in libxml2.
 
LinuxSecurity.com: Updated java-1.6.0-openjdk packages fix security vulnerabilities: Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component. An untrusted Java application or applet could possibly [More...]
 
LinuxSecurity.com: A vulnerability has been discovered and corrected in php: * Fixed PHP bug #65236 (heap corruption in xml parser) (CVE-2013-4113). The updated packages have been upgraded to the 5.3.27 version which [More...]
 
LinuxSecurity.com: Updated php53 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having critical [More...]
 
LinuxSecurity.com: Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical [More...]
 
A second hole in Android's signature validation has been disclosed, though there are greater limitations to the new technique. Google and CyanogenMod have patched the holes but how other vendors will handle it is to be seen
    


 
[ MDVSA-2013:196 ] java-1.6.0-openjdk
 
Huawei E587 3G Mobile Hotspot Web UI Cross Site Scripting vulnerability
 
[ MDVSA-2013:195 ] php
 
Premier 100 IT Leader Judy Batenburg also answers questions on specializing in IT and becoming a leader.
 
Oracle is introducing a new generation of its Exalytics appliance for high-speed data analysis that comes with a slightly higher price tag but major increases in memory and storage capacity.
 
Corel PDF Fusion CVE-2013-3248 Stack Based Buffer Overflow Vulnerability
 
The organisers of the Black Hat conference have attracted the director of the American NSA, General Keith Alexander, as a keynote speaker. This has caused controversy
    


 
Nano-10 PLC Modbus Packet Handling Denial of Service Vulnerability
 
The tech companies that have surged since Steve Ballmer took over at Microsoft from Bill Gates are headed by engineers.
 
If your company isn't in the Fortune 500, you might find it difficult to get suppliers to provide product information, respond to an RFP or deliver adequate support. But there are ways to make your organization more attractive.
 
Even most of those hit hardest by Hurricane Sandy are hardening their facilities instead of moving them entirely. In the storm-prone South, however, it's a different story.
 
The kids may have moved on, but business users love (and hate) their email. Here's why we can't kick the habit.
 
After a DDoS attack was discovered by chance, 'later this year' is too long to wait.
 
Ending a bitter feud, Oracle has entered into a cloud-centric deal with Salesforce.com, and it has reached similar agreements with Microsoft and NetSuite.
 
Three top-tier businesses are reaping big rewards from big-data analytics. They say the keys to success include a deeply-rooted culture of analytics and a relentless focus on cost efficiency and process improvement.
 
Evolving technology buying behaviors deserve much more rigorous management attention than they have been getting.
 
Salaries are up, but employers have scaled back their plans for hiring new grasuates.
 
The improbable tale of a diesel-fuel bucket brigade that kept a flooded Manhattan data center running in the wake of Hurricane Sandy is not retold with fondness by those who were involved, even if they do share a sense of pride in their achievements. Insider (registration required)
 
Version 2.0.65 will be the last update to Apache's HTTP Server 2.0. Those who still use it must act now: a security problem will remain unresolved
    


 
PHP CVE-2013-4113 Heap Memory Corruption Vulnerability
 

SANS Has Added Online Training Event to Support Training Budgets without ...
Sacramento Bee
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...

and more »
 
Ruxcon 2013 Final Call For Papers
 
[CVE-2012-6458] Multiple Persistent XSS in silverstripe-ecommerce
 
[waraxe-2013-SA#106] - Multiple Vulnerabilities in Saurus CMS 4.7.1
 
Full Disclosure ASUS Wireless Routers Ten Models - Multiple Vulnerabilities on AiCloud enabled units
 
Botconf 2013 - Call for short talks - Deadline Aug 31 2013
 

Infosec mergers and aquisitions: There's really no bubble
SC Magazine Australia
The recent mergers and acquisitions including NTT acquiring Solutionary and Malwarebytes acquiring Zero Vulnerability Labs have ticked Delling's database beyond 650 transactions. With that in mind, it is pertinent to examine the trends and intelligence ...

 

Posted by InfoSec News on Jul 15

http://news.techworld.com/security/3457470/hospital-fined-200000-after-hard-drive-full-of-patient-data-bought-on-ebay/

By John E Dunn
Techworld
14 July 2013

The ICO has hit NHS Surrey with a £200,000 ($300,000) fine after a
“shocking” lapse allowed a member of the public to buy a hard drive
containing the records of 3,000 patients that had supposedly been sent for
secure destruction.

The issue came to light when the individual...
 

Posted by InfoSec News on Jul 15

http://www.nytimes.com/2013/07/14/world/europe/nations-buying-as-hackers-sell-computer-flaws.html

By Nicole Perlroth and David E. Sanger
The New York Times
July 13, 2013

On the tiny Mediterranean island of Malta, two Italian hackers have been
searching for bugs -- not the island’s many beetle varieties, but secret
flaws in computer code that governments pay hundreds of thousands of
dollars to learn about and exploit.

The hackers, Luigi...
 

Posted by InfoSec News on Jul 15

http://www.foxnews.com/entertainment/2013/07/14/hospital-where-kim-kardashian-had-baby-reportedly-axes-employees-for-hacking/

FoxNews.com
July 14, 2013

The West Hollywood hospital where Kim Kardashian had baby North has
reportedly fired half-a-dozen employees for hacking patients’ medical
records, including those of the reality TV star.

The Los Angeles Times reported four of the dismissed Cedars-Sinai Hospital
workers were employees of...
 

Posted by InfoSec News on Jul 15

Forwarded from: Hafez Kamal <aphesz (at) hackinthebox.org>

Hi everyone,

Just a gentle reminder that the Call for Papers for the 11th annual HITB
Security Conference in Malaysia, #HITB2013KUL, closes on the 25th of July
at 23:59 MYT!

As always, we're looking for talks that are highly technical, but most
importantly, material which is new, cutting edge and content that hasn't
been seen before.

HITB CFP:...
 

Posted by InfoSec News on Jul 15

https://www.computerworld.com/s/article/9240774/Targeted_attacks_exploit_now_patched_Windows_bug_revealed_by_Google_engineer

By Gregg Keizer
Computerworld
July 12, 2013

Microsoft this week said a pair of vulnerabilities, including one publicly
disclosed by a Google security engineer in May, had been exploited in the
wild before they were patched on Tuesday.

"Microsoft was aware of this vulnerability being used to achieve elevation
of...
 
Internet Storm Center Infocon Status