Hackin9
Oracle MySQL Server CVE-2014-2419 Remote Security Vulnerability
 
Oracle MySQL Server CVE-2014-0384 Remote Security Vulnerability
 
Oracle MySQL Server CVE-2014-2430 Remote Security Vulnerability
 
Advanced Micro Devices doesn't want its chips in low-priced tablets, and is eager to avoid a battle with Intel or ARM, whose chips have driven tablet prices down to under US$100.
 
Although Exadata is Oracle's most popular and mature "engineered system," some customers implementing the database machine are making mistakes that prevent them from getting the most performance out of the expensive product, according to a veteran of many Exadata projects.
 
Can plastic materials morph into computers? A research breakthrough published this week brings such a possibility closer to reality.
 
NASA and Google are working together to send new 3D technology aloft to map the International Space Station.
 
Tech workers suing over an alleged no-poaching agreement among Silicon Valley firms are fighting an attempt by defendants to ban evidence that might portray Steve Jobs as a bad guy.
 
The U.S. Federal Communications Commission will reserve a significant amount of spectrum in its upcoming auctions of the television band for unlicensed uses such as Wi-Fi, agency officials said Friday.
 

Thru announces exhibition at InfoSec Europe and new partnership with Pro2col
DigitalJournal.com
InfoSec Europe draws over 13,000 visitors every year and is the biggest free-to-attend information security event in Europe. Global professionals from a variety of industries come together to discover the latest developments and best practices in ...

 
Apple will integrate music identification technology created by Shazam into the next version of iOS, but could go much further than simple song naming.
 
Security researchers have found that many satellite communication systems have vulnerabilities and design flaws that can let remote attackers intercept, manipulate, block and in some cases take full control of critical communications.
 
Aurich Lawson / Thinkstock

Demonstrating yet another way the catastrophic Heartbleed vulnerability threatens users, malicious hackers were able to exploit the bug to successfully bypass multifactor authentication and fraud detection on an organization's virtual private network (VPN), security researchers said.

When the critical flaw in the OpenSSL cryptographic library came to light 11 days ago, it was best known as a dangerous hole that allowed attackers to siphon out user names, passwords, and even private encryption keys processed by vulnerable Web servers. More recently, researchers confirmed that Heartbleed could be exploited to steal the private keys underpinning the widely used OpenVPN application and likely software for other VPNs that rely on a vulnerable version of OpenSSL.

On Friday, researchers with network security firm Mandiant said Heartbleed had been used to subvert a customer's VPN concentrator, an appliance that typically provides a secure way for people to access a network from outside the organization. The devices frequently require multiple forms of authentication before granting access to an end user. Passwords, previously set authentication cookies, and other types of security tokens are frequently used. That's where Heartbleed came in handy for the hackers, who went to work exploiting the bug less than a day after it became public knowledge. A separate researcher theorized such an attack was possible the same day.

Read 4 remaining paragraphs | Comments

 

We have received reports by many readers about buggy tools to test for the heartbleed vulnerability. Today I want to show you how easy it is to check for this vulnerability using a reliable tool as nmap.

You just need to trigger a version scan (-sV) along with the script (ssl-heartbleed). The following example with show a command that will scan 192.168.0.107 for this bug:

nmap -sV 192.168.0.107 --script=ssl-heartbleed

This will be the output for a non-vulnerable website. As you can see, no warnings are shown:

ssl-heartbleed output

If you are vulnerable, you will get the following:

Vulnerable message for heartbleed

For vulnerability testing, always use reliable tools which won't contain malicious code infecting your computer and won't give you false positive messages.

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
Twitter:@manuelsantander
Web:http://manuel.santander.name
e-mail: msantand at isc dot sans dot org

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft's end-of-support deadline for Windows XP last week came with mixed emotions. After 13 years of XP use on desktops worldwide, saying goodbye to the most dominating operating systems of its time begs a question: Should we continue to use and turn a blind eye to our beloved XP, saving the real innovation for the tablets and smartphones we increasingly rely on?
 
Marissa Mayer's infamous policy for Yahoo aside, telecommuting remains an important tool for reducing employee stress and increasing operational efficiency. Follow these tips to do it right.
 
Security professionals have long been running penetration tests against their firewalls and other security systems to find weaknesses that need to be addressed.
 
Dell's Original Equipment Manufacturer division makes custom PCs for companies in a variety of industries. It also makes money. With sales of plain ol' out-of-the-box machines on the decline, this might point to the future of the PC.
 
Oracle MySQL Server CVE-2014-2432 Remote Security Vulnerability
 
Oracle MySQL Server CVE-2014-2438 Remote Security Vulnerability
 
Oracle MySQL Server CVE-2014-2436 Remote Security Vulnerability
 
Twitter's new mobile advertising suite lets companies pitch their mobile apps in promoted tweets or place ads inside other apps.
 
Qemu 'virtio-net.c' Local Integer Overflow Vulnerability
 
HP LoadRunner Virtual User Generator CVE-2013-6213 Remote Code Execution Vulnerability
 
The SpaceX cargo spacecraft will be carrying equipment needed for astronauts on the International Space Station to test optical laser communications to its scheduled launch today.
 
Vendors will tell you that the Internet of Things (IoT) has arrived. We're here to tell you that it hasn't.
 
The clock may be running out on Mt. Gox, but a consortium of investors still wants to relaunch the failed Bitcoin exchange.
 
A Google complaint against Apple-backed patent consortium Rockstar will stay in a California court rather than be moved to Texas where Rockstar already has patent lawsuits against Google's Android partners, the California court ordered Thursday.
 
The U.S. commercial drone industry is still struggling to get off the ground more than two years after President Obama signed into law a bill that permits the civilian use of unmanned aerial vehicles (UAV) over the country's airspace.
 
Microsoft may have retired Internet Explorer 6 last week, but it's still keeping track of the ancient browser's user share on a death watch-like website that's been running for more than three years.
 
CyaSSL Multiple Security Vulnerabilities
 

BP Crisis Manager Traded on Inside Oil Spill Info, SEC Says
MainStreet
NEW YORK (MainStreet) — Keith Seilhan must have had a lot on his mind in April 2010. He was an operations manager for BP America, and as oil gushed into the Gulf of Mexico after the explosion of the Deepwater Horizon drilling rig, Seilhan was made ...

and more »
 
About 2.6 million payment cards at Michaels Stores and another 400,000 at subsidiary Aaron Brothers may have been affected in a card skimming attack that compromised its point-of-sale systems, the retailer said Thursday.
 
Alibaba's Tmall and Taobao sites already sell everything from clothes and furniture to car tires and medicines. But soon they'll also be offering 3G data and voice call plans as well, the Chinese e-commerce giant said Thursday.
 
OpenSSL 'ssl3_release_read_buffer()' Use-After-Free Memory Corruption Vulnerability
 
Internet Storm Center Infocon Status