Hackin9

Top 10 InfoSec Careers Influencers
BankInfoSecurity.com
CareersInfoSecurity presents its first ranking of 10 individuals shaping the way that organizations and leaders approach information security careers in 2014. Each of these Influencers has a substantial impact on InfoSec careers. Their influence ranges ...

 
Moving beyond Glass, Google is working on a smart contact lens that would use tiny chips, sensors and antennas to test diabetics' blood sugar levels and make it easier for them to stay healthy.
 
A court in Southern California has dismissed what was apparently the first-ever traffic citation issued for wearing Google Glass while driving.
 
Intel reported a 6 percent rise in profit on Thursday and said there are signs the PC market is stabilizing.
 
Taking another page from social rival Twitter, Facebook launched a new Trending feature that will show users the most popular topics being discussed on the social network.
 
Salt brings simplicity, flexibility, and high scalability to Linux and Unix server infrastructure management -- it does Windows too
 
A security company that worked with the U.S. Secret Service to investigate the data breach at Target identified the malware used in the attack as a sophisticated derivative of a previously known Trojan.
 
As IBM accelerates its sixth-generation X Series servers with memory-channel flash storage, it's also offering to boost data-center performance with a new all-flash SAN array.
 
Despite an expanding use of electronics in products, the number of people working as electrical engineers in U.S. declined by 10.4% last year.
 
Starbucks today promised to update its iOS app to calm a storm of interest in a report this week that claimed criminals could easily nab the app's credentials from a stolen iPhone.
 
HealthCare.gov remains riddled with security vulnerabilities and is ripe for ID theft three and a half months after its launch, two cybersecurity experts told U.S. lawmakers Thursday.
 
Adobe announced today that users can upload CAD images and save them as .stl files, allowing them to be manipulated and then printed on 3D printers.
 
Google Chrome users have stormed the company's support forum to complain about a non-standard scrollbar in Chrome 32 that makes it harder for them to navigate pages in Windows.
 
3D Systems has signed a multi-year agreement with The Hershey Company to develop opportunities for using 3D printing technology in creating edible foods.
 

The federal government's HealthCare.gov website continues to be riddled with flaws that expose confidential user data to the public, a security expert testified Thursday at a hearing on Capitol Hill.

David Kennedy, founder of security firm TrustedSec, told members of the House of Representatives Science Committee that only one of 18 issues he reported in November had been fixed, and even then he identified ways that attackers could bypass the remedy. Kennedy didn't discuss specifics of the vulnerabilities out of concern that details would make it easier for criminals to exploit the weaknesses. Generally, he said some of the weaknesses leaked usernames, e-mail addresses, and other data contained in user profiles onto the open Internet, making it possible for unauthorized people to access the information using Google or other search engines. The testimony came as top security officials from the US Department of Health and Human Services (HHS), which helps oversee HealthCare.gov, were appearing before a separate House hearing.

"TrustedSec cannot state with 100 percent certainty that the back-end infrastructure is vulnerable," Kennedy wrote in a statement submitted in advance of Thursday's proceedings. "However, based on our extensive experience performing application security assessments for over 10 years, the website has the symptoms that lead to large-scale breaches for large organizations. Also note that all exposures have been reported, and TrustedSec would be more than willing to have discussions with HHS to address the security concerns."

Read 6 remaining paragraphs | Comments

 
Drupal Core Multiple Security Vulnerabilities
 
Chip makers like Qualcomm, Nvidia and Samsung Electronics are working on components that will increase processing power, add more memory and increase screen resolution of next-generation smartphones.
 
Public relations woes for Healthcare.gov contractor CGI continue to mount, as North Carolina has decided to terminate its contract with the systems integrator for a new tax-collection software system.
 
[ MDVSA-2014:006 ] libxslt
 
[ MDVSA-2014:005 ] ejabberd
 
[ MDVSA-2014:004 ] nagios
 
Hewlett-Packard launched two new Android phablets on Wednesday for sale in India next month: the HP Slate6 VoiceTab and the Slate7 Voice Tab.
 
Experts share their top tips on how businesses should interpret and use Web analytics reporting to improve customer engagement and increase purchasing on their websites.
 
Google Chrome Prior to 32.0.1700.76 Multiple Security Vulnerabilities
 
[ MDVSA-2014:003 ] nrpe
 
[ MDVSA-2014:002 ] bind
 
SQL Injection in Sexy Polling Joomla Extension
 
[HITB-Announce] #HITB2014AMS Call for Papers - FINAL CALL
 
Apple's iPhone was used by 42% of all U.S. smartphone owners in the fourth quarter of 2013, up from 35% a year earlier, according to an NPD Group survey.
 
Internet activist Aaron Swartz's suicide last January galvanized calls for an overhaul of the Computer Fraud and Abuse Act, used widely by the government to prosecute misdeeds that critics say the law was never intended to address. Yet, one year after Swartz's death, efforts to reform the law have made little headway.
 

Infosec Salaries Among Highest in IT
eSecurity Planet
Security professionals, especially those at the executive level, earn salaries that compare favorably with many of their non-infosec colleagues and can expect pay increases that will outpace those of many coworkers. Fifty percent of chief information ...

 
Microsoft sold out its April Build developers conference yesterday, running through the $2,095 tickets in about 31 hours.
 
Yes, Windows 8's been a failure. It's been worse than Vista. But is the solution really to push out a new operating system in double-quick time?
 
LinuxSecurity.com: Graphviz could be made to crash or run programs as your login if it openeda specially crafted file.
 
LinuxSecurity.com: Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]
 
LinuxSecurity.com: CUPS could be made to expose sensitive information.
 

The most popular mobile payment systems in the US may also be among the leakiest. Security researcher Daniel Wood went public with his research Tuesday, revealing that the Starbucks iOS app exposes customers' usernames, e-mail addresses, passwords, and certain location data.

The problem doesn't arise directly from the Starbucks app. Rather, it stems from the cleartext logs maintained by the app's crash analytics software. The software, known as Crashlytics, allows developers to log application data for subsequent analysis in the event of an error. Crashlytics advises its partners to not log sensitive data, such as usernames and passwords. In this instance, the Starbucks app is passing user data along to the session.clslog file without any efforts to conceal it.

Woods points out that the methods he used to access the data circumvents PIN locking the device and could be accomplished with less than 30 minutes of physical access to the phone. Stolen phones would be the most likely target for this attack, and though the breach might seem limited to simply filling up on a little coffee, users that have set their accounts up to auto-replenish periodically could be at greater risk. The habit many people have of reusing passwords could expose users to additional breaches, too.

Read 2 remaining paragraphs | Comments

 
Graphviz 'chkNum()' Function Stack Buffer Overflow Vulnerability
 
Graphviz 'yyerror()' Function Incomplete Fix Stack Buffer Overflow Vulnerability
 
Linux Kernel 'ath9k_htc_set_bssid_mask()' Function Information Disclosure Vulnerability
 
IBM Security Network Protection XGS 5100 CVE-2013-5442 Cross Site Scripting Vulnerability
 
Samsung Electronics is readying an entrant to the increasingly important low-end of the mobile device market with the Galaxy Tab3 Lite, which is powered by a 1.2GHz dual-core processor.
 
Cisco Systems has released software updates for its Cisco Secure Access Control System (ACS) in order to patch three vulnerabilities that could give remote attackers administrative access to the platform and allow them to execute OS-level commands without authorization.
 
Yes, the ruling is a disaster for advocates of a free and untrammeled Internet, but not quite an unmitigated one.
 
Qt 'QXmlSimpleReader' Class XML Entity Expansion Denial of Service Vulnerability
 
If snooping by the U.S. National Security Agency isn't enough to make you worry about your privacy, Fujitsu Laboratories has developed a fast method to perform secret searches of data that is encrypted.
 
AOL is relinquishing its control of Patch, an online site for local news that has struggled to turn a profit.
 
Security company Impermium has joined Google to help boost the Internet giant's already considerable expertise in countering spam and abuse.
 
If you have programming chops and hold dreams of chucking your day job to build a cash cow mobile app in your basement, here's an irksome reality check.
 
The next generation of IBM's X-series servers will be able to accommodate solid-state Flash drives clipped into their DIMM memory slots, potentially improving the response times of fast-paced enterprise applications.
 
Yahoo Chief Operating Officer Henrique de Castro is leaving the company a little over a year after he was hired, according to a filing by the company.
 
You have to give spammers credit for effort: Symantec found a spam campaign that manages to abuse three Web services at the same time.
 
We all love getting new gadgets, but what to do with the old ones? Here are 18 superb ways to put your old Android phone or tablet to good use.
 
Oracle Java SE CVE-2014-0422 Remote Security Vulnerability
 

Enterprising, Exit Stage Left head Cal Derby entries
San Francisco Chronicle
In post-position order (with jockey and morning-line odds), the field for the 1 1/16 -mile race consists of Enterprising (Aaron Gryder, 2-1), Exit Stage Left (Russell Baze, 5-2), Morally Bankrupt (Leslie Mawing, 15-1), Harbaugh (Juan Hernandez, 10-1 ...
Exit Stage Left tops California Derby fieldKansas City Star

all 8 news articles »
 
Oracle Java SE CVE-2014-0416 Remote Security Vulnerability
 
Oracle Java SE CVE-2014-0376 Remote Security Vulnerability
 

Posted by InfoSec News on Jan 16

http://www.theregister.co.uk/2014/01/16/blackberry_oracle_ship_vuln_patches/

By Richard Chirgwin
The Register
16th January 2014

Systems administrators who decided it would be a quiet week were wrong:
Oracle has flicked out more than a hundred security patches, and when
you're finished, it'll be time to round up any Blackberry users in the
company and apply some patches for them.

Let's start with Oracle, which among other...
 

Posted by InfoSec News on Jan 16

http://www.smh.com.au/it-pro/security-it/huawei-denies-us-compromised-equipment-security-20140116-hv8pr.html

AFP, Fairfax Media
January 16, 2014

Chinese tech giant Huawei, which has long been dogged by security
suspicions, has denied a report its telecommunications network equipment
had been compromised by US spies.

There have been "no network incidents caused by security reasons", Huawei
chief financial officer Cathy Meng said....
 

Posted by InfoSec News on Jan 16

http://www.nytimes.com/2014/01/15/technology/upstarts-challenge-old-timers-in-lucrative-computer-security-field.html

By Nicole Perlroth
The New York Times
JAN. 14, 2014

SAN FRANCISCO -- Steve Bennett, the chief executive of the computer
security company Symantec, is spoiling for a fight.

Symantec is still, by a pretty long stretch, the biggest in a growing pack
of tech security companies. But like Microsoft, Mr. Bennett’s company is...
 

Posted by InfoSec News on Jan 16

http://www.theactuary.com/news/2014/01/business-complacent-about-cyber-crime-and-terror-risks-says-aon/

By Judith Ugwumadu
The Actuary
15 JANUARY 2014

Aon Global Risk Consulting conducted a new survey that assessed
organisations' attitudes to top threats in the insurance industry
following the results of its biennial report Global risk management survey
published last year.

Concerned that the survey underrated cyber crime as a risk,...
 

Posted by InfoSec News on Jan 16

http://www.networkworld.com/news/2014/011514-encrypted-messaging-startup-wickr-offers-277752.html

By Jeremy Kirk
IDG News Service
January 15, 2014

Two-year-old startup Wickr is offering a reward of up to US$100,000 to
anyone who can find a serious vulnerability in its mobile encrypted
messaging application, which is designed to thwart spying by hackers and
governments.

The reward puts the small company in the same league as Google, Facebook...
 

Posted by InfoSec News on Jan 16

http://www.forbes.com/sites/kashmirhill/2014/01/15/so-you-found-an-obamacare-website-is-hackable-now-what/

By Kashmir Hill
Forbes Staff
1/15/2014

Two months ago, L.A.-based security researcher Kristian Erik Hermansen was
signing up for Obamacare via the Covered California site. Given his
background in finding vulnerabilities in software and websites, spotting
security flaws is second nature to him so he couldn’t help but notice
problems...
 

Posted by InfoSec News on Jan 16

http://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/

By Brian Krebs
Krebs on Security
January 15, 2014

Last weekend, Target finally disclosed at least one cause of the massive
data breach that exposed personal and financial information on more than
110 million customers: Malicious software that infected point-of-sale
systems at Target checkout counters. Today’s post includes new information
about the malware...
 
Cisco Jabber for Windows CVE-2014-0666 Remote Code Execution Vulnerability
 

5 Surprising Security Gains Achieved From Security Analytics
Dark Reading
As more CISOs begin to lean on data scientists to discover new threats in security feeds and increasingly more IT security departments institute security analytics programs, infosec pros have started to reap the obvious benefits of security analytics.

 
Internet Storm Center Infocon Status