Hackin9
Haswell, move over. Intel has provided an initial glimpse into the faster and more power-efficient fifth-generation Core processors code-named Broadwell, which will be in PCs during the second half of this year.
 
A Linux worm that targets routers and set-top boxes is now looking for full-fledged computers to use its new feature, a cryptocurrency mining function, according to Symantec.
 
Hewlett-Packard claims to have solved the two biggest problems with today's 3D printers and will make its first big technology announcement in that area in June, CEO Meg Whitman said Wednesday.
 
The high-tech industry contends that Congress' failure to raise the cap on H-1B visas is costing the U.S. an opportunity to create a new job every 43 seconds.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

A vulnerability that allows attackers to take control of websites running older versions of the PHP scripting language continues to threaten the Internet almost two years after security researchers first warned that attackers could use it to remotely execute malicious code on vulnerable servers.

As Ars reported 22 months ago, the code-execution exploits worked against PHP sites only when they ran in common gateway interface mode, a condition that applied by default to those running the Apache Web server. According to a blog post published TuesdayCVE-2012-1823, as the vulnerability is formally indexed, remains under attack today by automated scripts that scour the Internet in search of sites that are susceptible to the attack. The sighting of in-the-wild exploits even after the availability of security patches underscores the reluctance of many sites to upgrade.

"One of the interesting points is that despite the fact that this vulnerability is somewhat dated, cybercriminals are still using it, understanding that a major part of the install base of PHP does not update on a regular basis—creating the window of opportunity," Nadav Avital, Barry Shteiman, and Amichai Shulman, who are researchers with security firm Imperva, wrote. "A surprising fact is that even today, this vulnerability can be used successfully as companies don't take the appropriate measures to secure their servers."

Read 4 remaining paragraphs | Comments

 

Looks like JAVA 8 is out (thanks Rob).  

What’s new: http://www.oracle.com/technetwork/java/javase/8-whats-new-2157071.html

Release notes: http://www.oracle.com/technetwork/java/javase/8train-relnotes-latest-2153846.html

Downloads: http://www.oracle.com/technetwork/java/javase/downloads/index.html

Note that many of the Java 8 download links still point to 7.51

 

Good luck let us know how you go if you are updating right now. 

M

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

The Full Disclosure mailing list which is at times an interesting source of information, other times entertainment and sometimes a source of frustration is shutting down.  John Cartwright posted a message announcing the closure on the site (http://seclists.org/fulldisclosure/2014/Mar/332).  

I for one thank John and Len for the list.  It is a shame to see it go.  I'll miss the technical components.  I won't miss the reasons for taking this decision. 

M

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
More than six out of 10 ATM machines in the country will be running on an obsolete operating system when Microsoft pulls the plug on Windows XP support on April 8, raising serious security and compliance issues for the systems' operators.
 
Python 'ZipExtFile._read2()' Method Denial of Service Vulnerability
 
Cisco Security Advisory: Cisco AsyncOS Software Code Execution Vulnerability
 
Microsoft's OneNote jumped to the top of the free application chart on Apple's Mac App Store shortly after its Monday launch.
 
The high-tech industry contends that Congress' failure to raise the cap on H-1B visas is costing the U.S. an opportunity to create a new job every 43 seconds.
 
This week's emphatic denial from Dorian Satoshi Nakamoto that he had anything to do with the creation of Bitcoin also hinted at a possible lawsuit against Newsweek, though legal experts say it would be an uphill battle.
 
President Obama's National Broadband Plan has helped expand Internet access in the U.S., but needs to be updated to account better data protection needs.
 
More than six out of 10 ATM machines in the country will be running on an obsolete operating system when Microsoft pulls the plug on Windows XP support on April 8, raising serious security and compliance issues for the systems' operators.
 
A U.S. National Security Agency surveillance program focused on overseas telephone and email communications is targeted and narrow, and not the bulk collection portrayed in numerous news reports from recent months, U.S. officials told a privacy watchdog board Wednesday.
 
The popular Full-Disclosure mailing list that has served as a public discussion forum for vulnerability researchers for the past 12 years was suspended indefinitely by its maintainer.
 
In a keynote before leading advertising and marketers professionals, Marissa Mayer details Yahoo's growth on mobile and its new advertising options -- and talks up Tumblr.
 
Advanced Micro Devices has moved its desktop chip business operations from the U.S. to the growing market of China, adding to its research lab and testing plant there.
 
D-Link DIR-615 Cross Site Request Forgery Vulnerability
 
In the wake of revelations exposed in classified National Security Agency documents leaked to reporters by Edward Snowden, Facebook must show its users that their data is safe from the prying eyes of government spies.
 
Mozilla on Tuesday patched five vulnerabilities exploited by researchers last week at the Pwn2Own hacking contest, where they were awarded $200,000 for their collective efforts.
 
High-ranking members of Tor complained this app is a fake. Four months later, it was still available in Apple's App Store.

Members of the Tor anonymity service are warning that a Tor iOS app available in Apple's highly curated App Store since November is a fake that is laced with adware and spyware.

"Tor Browser in the Apple App Store is fake," a report ticket published two months ago on the Tor website by high-ranking volunteer Phobos stated. "It's full of adware and spyware. Two users have called to complain. We should have it removed."

The ticket went on to say that Tor officials notified Apple of the fake Tor Browser app in December. In the intervening time, the app has remained available, touching off a series of exchanges among Tor members about how to respond. Ars was unable to confirm the claims of adware or spyware. Still, the incident highlights the lack of transparency in the way that Apple vets the reliability of security apps and responds to complaints of rogue titles.

Read 6 remaining paragraphs | Comments

 
[SECURITY] [DSA 2881-1] iceweasel security update
 
Cross-Site Scripting (XSS) in CMSimple
 
(CFP) LACSEC 2014: Cancun, Mexico. May 7-8, 2014 (EXTENDED DEADLINE)
 
ESA-2014-018: EMC Connectrix Manager Converged Network Edition Information Disclosure Vulnerability
 
Hewlett-Packard's November 2012 decision to write off billions of dollars in connection with the acquisition of infrastructure software vendor Autonomy continues to dog the company as it prepares to face shareholders at an annual meeting Wednesday.
 
Anyone who wants to see how convoluted Microsoft licensing can be should check out the company's Licensing How To blog, where officials answer questions from customers and explain policies, concepts and how to apply usage rules in specific scenarios.
 
McKee Foods, maker of Little Debbie snacks, turned to Workday's cloud-based human capital management and payroll software. The switch helped it analyze data for decision-making, save money and better survive a snack industry shakeup.
 
LinuxSecurity.com: Security Report Summary
 
Loadbalancer Enterprise VA Security Bypass Vulnerability
 
Microsoft is pledging dramatic improvements to its notoriously complex enterprise licensing, but experts are skeptical about the potential impact of the plan.
 
Employees who used to burn the midnight oil at the office now get to do so from the comforts of home, thanks to the proliferation of personal laptops, tablets and smartphones. Getting files to appear on and sync with multiple devices can be challenging, but a little bit of advanced planning can go a long way.
 
FreeType 'src/cff/cf2hints.c' Remote Stack Buffer Overflow Vulnerability
 
Quantum vmPRO Backdoor Unauthorized Access Vulnerability
 
Google's multimedia streaming device Chromecast is now available in 11 more countries, including France, Germany and the U.K.
 
Sony has unveiled a virtual reality headset for its PlayStation 4 game console with a prototype called Project Morpheus.
 
If you're a Facebook user and you want the best form of encryption to keep hackers and spies out of your posts and chats, you don't have a ton of options now.
 
If you're worried about being out of shape, or suspect you might have a disease like diabetes, just breathe into this Toshiba tube.
 
U.S. civil rights leader Rev. Jesse Jackson is to lead a delegation to Hewlett-Packard's annual meeting of shareholders on Wednesday to highlight under-representation of African-Americans in Silicon Valley companies.
 
We've rounded up a bunch of experts' tips about how to retain your privacy.
 
IBM is using the powers of its Watson supercomputer service to help solve the mysteries of brain cancer by examining individual genetic mutations.
 

Posted by InfoSec News on Mar 19

http://www.bloomberg.com/news/2014-03-18/irs-employee-took-home-data-on-20-000-workers-at-agency.html

By Richard Rubin
Bloomberg
March 18, 2014

A U.S. Internal Revenue Service employee took home a computer thumb drive
containing unencrypted data on 20,000 fellow workers, the agency said in a
statement today.

The tax agency’s systems that hold personal data on hundreds of millions
of Americans weren’t breached, the statement said....
 

Posted by InfoSec News on Mar 19

http://www.infosecnews.org/ddos-attack-on-infosec-news/

By William Knowles
Senior Editor
InfoSec News
March 18, 2013

InfoSec News has been mitigating a prolonged distributed denial-of-service
(DDoS) attack from a large globally distributed botnet that has lasted
over a week.

We apologize for any minor disruptions this may have caused and continue
to monitor and mitigate the attack. Thank you all for your continued
support, and we aren’t...
 

Posted by InfoSec News on Mar 19

http://www.bangkokpost.com/news/crimes/400490/elite-hacker-farid-essebar-arrested-in-bangkok

By King-oua Laohong
Reporter
Bangkok Post
March 18, 2014

Infamous international hacker Farid Essebar was arrested on Tuesday
following a joint operation between Thai and Swiss authorities who have
been tracing the man for more than two years.

Essebar, who is from Morocco and a Russian citizen, was detained by
officials officials from the Department...
 
Internet Storm Center Infocon Status