Information Security News
HP released a security bulletin on a potential remote unauthorized access with HP Integrated Lights-Out iLO3/iLO4 using Single-Sign-On.
CVE-2013-2338 has been assigned and the following versions are impacted:
HP Integrated Lights-Out 3 (iLO3) firmware versions prior to v1.57.
HP Integrated Lights-Out 4 (iLO4) firmware versions prior to v1.22.
If you are impacted, HP recommends upgrading as soon as possible. The current version is available here.
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
If you use your iPhone's mobile hotspot feature on a current device, make sure you override the automatic password it offers to secure your connections. Otherwise, a team of researchers can crack it in less than half a minute by exploiting recently discovered weaknesses.
It turns out Apple's iOS versions 6 and earlier pick from such a small pool of passwords by default that the researchers—who are from the computer science department of the Friedrich-Alexander University in Erlangen, Germany—need just 24 seconds to run through all the possible combinations. The time required assumes they're using four AMD Radeon HD 7970 graphics cards to cycle through an optimized list of possible password candidates. It also doesn't include the amount of time it takes to capture the four-way handshake that's negotiated each time a wireless enabled device successfully connects to a WPA2, or Wi-Fi Protected Access 2, device. More often than not, though, the capture can be completed in under a minute. With possession of the underlying hash, an attacker is then free to perform an unlimited number of "offline" password guesses until the right one is tried.
The research has important security implications for anyone who uses their iPhone's hotspot feature to share the device's mobile Internet connectivity with other Wi-Fi-enabled gadgets. Adversaries who are within range of the network can exploit the weakness to quickly determine the default pre-shared key that's supposed to prevent unauthorized people from joining. From there, attackers can leach off the connection, or worse, monitor or even spoof e-mail and other network data as it passes between connected devices and the iPhone acting as the access point.
British Defence Security Group Approves Tabernus Data Erasure Solution
SBWire (press release)
London, UK -- (SBWIRE) -- 06/19/2013 -- Tabernus, leader in Certified data erasure solutions, have announced today that the UK governments Defence Infosec Product Co-operation Group (DIPCOG) has formally approved the latest version of Tabernus data ...
Microsoft has announced that it will give security researchers cash rewards for devising novel software exploitation techniques, creating new exploit mitigation systems, and finding bugs in the beta of Internet Explorer 11 when it's released later this month.
Bug bounty programs, where security researchers receive a cash reward from software vendors for disclosing exploitable flaws in those vendors' software, have become an important part of the computer security landscape. Finding flaws and working out ways to exploit them can be a difficult and time-consuming process. Moreover, exploitable flaws have a market value, especially to criminals, as they can be used to propagate malware and attack systems.
Bounty programs address both concerns. They provide a means for compensating researchers for their efforts, and they provide a market for flaws that won't lead to compromised machines and harm to third parties. Google, Mozilla, Facebook, PayPal, and AT&T, among others, all offer monetary rewards for bug disclosures.
Posted by InfoSec News on Jun 19http://www.technewsdaily.com/18372-cops-hacker-drug-ring.html
Posted by InfoSec News on Jun 19http://lab.southernlakesnewspapers.com/?p=10072
Posted by InfoSec News on Jun 19http://www.thehindu.com/news/national/an-it-superpower-india-has-just-556-cyber-security-experts/article4827644.ece
Posted by InfoSec News on Jun 19http://www.bankinfosecurity.com/blogs/occ-highlights-risks-to-community-banks-p-1493
Posted by InfoSec News on Jun 19http://www.theregister.co.uk/2013/06/19/india_outsourcing_data_security_woes_eu/
LC Urgent Q1: Network and information security
7thSpace Interactive (press release)
... community, the OGCIO keeps abreast of global information security trend and development at all times, and provides the public with abundant references and latest news on information security through the one-stop INFOSEC website (www.infosec.gov.hk).