Hackin9

InfoSec News

Want to turn your bulging library of digital video discs into high-definition video streams that you can access anytime without spending a fortune?
 
It's hard to know what to expect from a free image editor. After all, if all was fair, we'd be getting Photoshop minus about $700 worth of features. But many free editors, MAGIX Photo Designer included, have great strengths that serve a niche, and make them invaluable: If they do what you need them to.
 
Oracle and Google kicked off a high-stakes jury trial in San Francisco on Monday, with Oracle arguing that Google ran roughshod over its intellectual property rights because the search giant was scared of getting left behind in the mobile advertising business.
 
QR (Quick-Response) codes are those square blocks of black-and-white dots that are popping up everywhere these days. Most of us tend to be on the receiving end of these codes: Manufacturers and advertisers put them into ads, hoping that we will scan them with a smartphone and launch ourselves into their part of cyberspace via the URL they contain. But what if you wanted to create such a code yourself--and give it a little visual pizzazz? That's where web-app QR Hacker comes into the picture. If you're just looking to create a QR code for fun, QR Hacker is free. If you're creating codes for your own business, it's $59 per year, and if you're creating codes for clients, it's $99 per year.
 
Reports of an imminent Google Drive launch keep piling up, with The Next Web claiming that the online storage service will finally arrive next week.
 
No doubt you have heard someone be complimented with the effusive expression, "You are positively radiant!" I love the sentiment, but I've never quite seen it in real life. Who has skin that actually glows? Perhaps I'm being too literal. Nonetheless, regardless what you think of this in real life, you can create a radiant glow in your digital portraits through some clever photo editing trickery. Using a technique similar to the Orton Effect--which works very nicely in still life and landscape photographs--you can add a warm and romantic glow to your portraits. Here's how.
 
Several groups Monday launched a week of protests against a controversial proposed cybersecurity bill they claim would eviscerate online privacy rights.
 
 
Two mobile messaging software businesses -- Openwave's Mediation and Messaging units and Synchronica -- were sold on Monday in a sign of consolidation for that industry.
 
Thanks to reader Dan for sharing the following information:
McAfee has confirmed that incremental DAT 6682 may trigger message scan failures and a system crash in GroupShield Exchange (MSME), GroupShield Domino, and McAfee Email Gateway 7 (MEG). McAfee recommends that customers do NOT upload DAT 6682.

More information will be available on the McAfee KnowledgeBase (https://mysupport.mcafee.com) in article KB70380 (https://kc.mcafee.com/corporate/index?page=contentid=KB70380). Please check back to this KB article for further updates. (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Quantum today announced an LTFS appliance that allows tape drives to act like network-attached storage where data can be accessed as simple, open file formats.
 
The U.S. government still publishes data in too many formats and requires contractors or grant recipients to send it information in multiple formats, according to a new coalition of tech vendors.
 
Managing the petabyte-scale and larger data stores that are a fact of life with Big Data is a different beast than managing traditional large-scale data infrastructures. Online photo site Shutterfly--which manages more than 30 petabytes of data--shares its strategy for taming the storage beast.
 
Intel's streak of solid-state drive announcements continued on Monday, when the company announced a new line of SSD 330 drives for mainstream computers but with maximum storage capacity of only 180GB.
 
[ MDVSA-2012:059 ] python-sqlalchemy
 
ACROS Blog: Adobe Reader X (10.1.2) msiexec.exe Planting
 
[SECURITY] [DSA 2453-1] gajim security update
 
[SECURITY] [DSA 2452-1] apache2 security update
 
Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities
 
FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities
 
The pundits make it sound so simple. But CIOs wrestling with overwhelming amounts of unwieldy data know that 'big data' is a big challenge that requires high-quality data, new approaches to data management and more processing power. But the payoff could be a strong competitive advantage.
 
If you ever wanted to try your hand at flash photography, you might want to take whirl with this Virtual Lighting Studio. It's a completely free--and awesome--way to test out different lighting setups from within your browser.
 
Sprint will begin selling Samsung's Galaxy Nexus on Sunday for $199.99 with a two-year contract, making it $100 cheaper than the Verizon Wireless version.
 
Anyone looking for assurance that the privacy of their home wireless networks would be protected from snoopers by government regulators won't find it in the Federal Communication Commission's recent action against Google.
 
Reader Andrew Lane is interested in the technique I used to capture video from my iPad's screen. He writes:
 
India's US$35 tablet has yet to take off, with less than 10,000 units of the device released to the market since its October launch, despite considerable interest from consumers, an executive of maker DataWind said Monday.
 
[CVE-2012-1621] Apache OFBiz information disclosure vulnerability
 
Passwords^12 : Call for Presentations
 
[Suspected Spam] Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities
 
Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities
 
HP has notified customers that some ProCurve 5400 zl switches were shipped that contained compact flash cards infected with malware.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Following the outbreak of the Flashback Mac Trojan, security researchers have spotted two more cases of Mac OS X malware. The good news is most users have little to worry about them.
 
Software AG said Monday that it has acquired U.K. middleware company my-Channels, which develops low-latency messaging software that will be used to extend Software AG's current offerings.
 
Total Quality Machines (productdetail.php) SQL Injection Vulnerabilities
 
Slides for "Recent Advances in IPv6 Security" at Hackito Ergo Sum 2012
 
[Suspected Spam] K-Meleon Browser v1.5.4 - Denial of Service Vulnerability
 
APPLE-SA-2012-04-13-1 Flashback malware removal tool
 
FaceTime and Skype make it easier than ever to keep in touch with family, friends, and co-workers. However, video calling isn't always convenient for everyone: Many folks still don't have cameras connected to their computers, and many others don't want to. In these cases, consider sending a short video message to your favorite people--you'll find that 30 seconds of video can convey much more emotion and nuance than any amount of text.
 
Flame wars, leakage, nasty Polish texting -- six more tales of dirty duty in IT
 
Samsung Electronics is expected to show the next flagship Galaxy smartphone at an event in London on May 3.
 
As smartphone and tablet usage skyrockets, IT seeks a way to distribute its own apps
 
Company unveils array of new services, including a MySQL offering optimized for the cloud
 
6 tips for holding on to your workplace stars. (Insider; registration required)
 
The Night Sky from iCandiApps is a stargazing app for the iPad, iPhone, and iPod touch. You point your iOS device skyward, and see a real-time, geolocated display of the heavenly bodies overhead--stars, constellations, planets, satellites, and galaxies.
 
Google has obtained control of the Gmail trademark in Germany, according to the German trademark office, and the legal battle for the related domain name is also over, according to Google.
 

NovaInfosec Meetup
InformationWeek
Welcome to NovaInfosecPortal.com's calendar of infosec events that take place in or around NoVA, DC, and MD. Here we list any and all local meetups and conferences that we learn about. If you discover any errors or updates we need to make for any of ...

 

NovaInfosec D-List Interview – Georgia Weidman
InformationWeek
The whole idea is to help the local infosec community get to know one another a little bit better. Finally, if you'd like to nominate someone for a NovaInfosec D-List Interview, please Contact Us and let us know why they should be featured.

 
A 17-year-old arrested after a series of prank phones calls and denial-of-service attacks directed toward an anti-terrorist alert hotline was charged on Saturday, according to the U.K.'s Metropolitan Police Service.
 
Name: Mike Kleiman
 
Although the number of Flashback-infected Macs is on the decline, the reverberations from the outbreak will affect Apple and the businesses that have increasingly adopted Macs. Columnist Ryan Faas explains.
 
Apple and a Chinese environmental group for the first time plan to jointly audit one of the company's supplier factories in China, in what could lead to more open inspections of Apple's suppliers for pollution concerns.
 
Gajim SQL Injection and Code Execution Vulnerabilities
 
Apple failed in a mediation session on Monday to reach agreement with Australia's competition regulator on remedies for allegedly misleading consumers about the 4G capabilities of its latest iPad.
 

Lancope and Cisco to Present on NetFlow Monitoring for Enhanced Network ...
MarketWatch (press release)
More information on the Lancope and Cisco session, scheduled for Wednesday, April 25 at 2:40 pm BST, can be found at: http://www.infosec.co.uk/page.cfm/action=Seminars/SeminarID=49 . "In addition to intensified cyber attacks, today's enterprises must ...

and more »
 
IrfanView FlashPix PlugIn CVE-2012-0278 Heap Based Buffer Overflow Vulnerability
 

Posted by InfoSec News on Apr 15

http://www.tehrantimes.com/politics/96914-iranian-specialist-hacks-accounts-to-show-vulnerability-of-banks-security-systems-

By Tehran Times
15 April 2012

TEHRAN -- A computer specialist, who used to work for a PSP (payment
service provider) company which offers a number of Iranian banks
services for accepting electronic payments, has hacked accounts of three
million bank customers to show the vulnerability of the banks to
computer security...
 

Posted by InfoSec News on Apr 15

Forwarded from: Simon Taplin <simon (at) simontaplin.net>

http://www.businessweek.com/articles/2012-04-12/apple-delays-hackers-play

By Jordan Robertson
Businessweek
April 12, 2012

Jeroen Frijters describes himself as an “accidental” hacker, a guy who
trips over security holes the way a pedestrian stumbles over a sidewalk
crack. In July the Dutch software engineer discovered the Grand Canyon
of sidewalk cracks: a serious...
 

Posted by InfoSec News on Apr 15

http://www.executivegov.com/2012/04/gao-finds-unresolved-issues-with-federal-reserve-security-controls/

By Katelyn Noland
Executive Gov
April 13, 2012

A recent audit found the Federal Reserve Systems’ information systems to
be deficient, citing issues from both 2011 and previous years,
FierceGovernment IT reports.

The Government Accountability Office issued a report on its audit
Wednesday and made recommendations for how the Fed can...
 

Posted by InfoSec News on Apr 15

http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=defense&id=news/dti/2012/04/01/DT_04_01_2012_p18-438634.xml

By Angus Batey
London
Aviation Week
April 13, 2012

The Lockheed Martin F-35 program made unwanted headlines in the U.K.
last month after The Sunday Times revealed that BAE Systems’ portion of
the project had been subject to significant data theft. Sources told the
newspaper that the network intrusion began in...
 

Posted by InfoSec News on Apr 15

http://www.pacificfreepress.com/news/1-/11444-playing-with-dragons-canadas-china-dalliance-lacking-thoughtfulness.html

By Laila Yuile
Pacific Free Press
April 14, 2012

It should come as no surprise to anyone, that the script of a 6th
century general and military strategist has even been converted into a
business bible of sorts. Yes, Sun Tzu 孫子, author of The Art of War,
was indeed a brilliant strategist and in this day when war is a...
 
SpiderOak, a consumer cloud storage provider, today released a business-class service that places management and security control of data in the hands of the user.
 
Internet Storm Center Infocon Status