Information Security News
by Australian made Ugg Boots
Android security relies on ZOMBIE CRYPTO, argues infosec pundit
A German researcher is asking why Google is using the “horribly broken” RC4 and MD5 cipher as its first-default for SSL. The change, he notes in this blog post, has gone unnoticed since December 2010, when the Android 2.3 release swapped from a default ...
South African banks have sustained millions of dollars worth of losses after criminals obtained payment card data from electronic point-of-sale terminals infected with malware, according to published news reports.
Hundreds of thousands of people have probably been affected by the fraud, which was primarily focused on KFC outlets and other South African fast-food restaurants, Bloomberg News reported Tuesday. The news service quoted an official with the Payments Association of South Africa as saying: "There's not a single bank that hasn't been affected." In all, losses come to tens of millions of South African rand, which converts to millions of US dollars.
South Africa-based TechCentral, citing Payments Association CEO Walter Volker, said the card data was obtained from point-of-sale terminals infected with malicious software known as Dexter. The malware, which uploads the contents of a terminal's computer memory to remote servers controlled by criminal syndicates, first came to light ten months ago. It's capable of isolating payment cards' Track 1 and Track 2 data contained in memory dumps. Previously, it had infected hundreds of terminals at big-name retailers, hotels, restaurants, and other businesses located in North America and Europe, according to researchers at Seculert, the Israel-based security firm believed to have discovered Dexter. The malware gets its name from a text string found in one of its files.
For nearly a decade, TrueCrypt has been one of the trusty tools in a security-minded user’s toolkit. There’s just one problem: no one knows who created the software. Worse still, no one has ever conducted a full security audit on it—until now.
Since last month, a handful of cryptographers have discussed new problems and alternatives to the popular application. On Monday, this culminated in a public call to perform a full security audit on TrueCrypt. As of Tuesday afternoon, that fundraiser reached more than $16,000, making a proper check more likely. Much of those funds came from a single $10,000 donation from an Atlanta-based security firm.
“We're now in a place where we have nearly, but not quite enough to get a serious audit done,” wrote Matthew Green, a well-known cryptography professor at Johns Hopkins University. How much would “enough” be? “That depends on how many favors we can get from the security evaluation companies,” Green continued on Twitter. "I'm trying to answer that this week."
Former users of the Lavabit encrypted e-mail service have until Thursday night to change their passwords so they can recover data that has been unavailable since the site abruptly shut down two months ago.
Lavabit founder Ladar Levison said he was temporarily reinstating the service after obtaining a newly secured SSL key used to authenticate his server and encrypt data traveling to and from the site. Levison defiantly closed down the site after the US government obtained a court order demanding that it turn over its previous private SSL key. In a statement published Monday night, Levison acknowledged that the shutdown caused problems for many users, including him.
"For those who used Lavabit's e-mail service, they were left without a way to access information after the shutdown," the statement read. "When asked about how his users felt about the loss of personal data, Mr. Levison said, 'I'm in the same boat as them. I used my Lavabit e-mail account for 10 years. It was my only e-mail account.'"
by North Face Clearance
by Michael Kors Bags Sale
Posted by InfoSec News on Oct 15http://www.healthcareitnews.com/news/va-remains-one-top-privacy-offenders
Posted by InfoSec News on Oct 15http://www.washingtonpost.com/world/national-security/nsa-collects-millions-of-e-mail-address-books-globally/2013/10/14/8e58b5be-34f9-11e3-80c6-7e6dd8d22d8f_story.html
Posted by InfoSec News on Oct 15http://www.networkworld.com/news/2013/101413-managed-security-service-providers-face-274805.html
Posted by InfoSec News on Oct 15http://www.darkreading.com/attacks-breaches/researchers-highlight-security-vulnerabi/240162568
Posted by InfoSec News on Oct 15http://killerapps.foreignpolicy.com/posts/2013/10/11/always_watching_how_chinese_hackers_combine_old_and_new_espionage_tactics