Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Intel is taking more steps to provide what it calls "wire-free" computing by 2016, a plan the company first talked about publicly in June at the Computex trade show.
 
LinuxSecurity.com: OpenStack Nova could be made to expose sensitive information over thenetwork.
 
LinuxSecurity.com: Several security issues were fixed in OpenStack Keystone.
 
LinuxSecurity.com: Several security issues were fixed in OpenStack Horizon.
 
LinuxSecurity.com: OpenStack Glance could be made to stop serving requests.
 
LinuxSecurity.com: OpenStack Neutron could be made to expose sensitive information or crash.
 
LinuxSecurity.com: OpenStack Ceilometer could be made to expose sensitive information.
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Security Report Summary
 
LinuxSecurity.com: Updated openstack-nova packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. [More...]
 
LinuxSecurity.com: Several security issues were fixed in Oxide.
 

Researchers from Tel Aviv University have demonstrated an attack against the GnuPG encryption software that enables them to retrieve decryption keys by touching exposed metal parts of laptop computers.

There are several ways of attacking encryption systems. At one end of the spectrum, there are flaws and weaknesses in the algorithms themselves that make it easier than it should be to figure out the key to decrypt something. At the other end, there are flaws and weaknesses in human flesh and bones that make it easier than it should be to force someone to offer up the key to decrypt something.

In the middle are a range of attacks that don't depend on flaws on the encryption algorithms but rather in the way they've been implemented. Encryption systems, both software and hardware, can leak information about the keys being used in all sorts of indirect ways, such as the performance of the system's cache, or the time taken to perform encryption and decryption operations. Attacks using these indirect information leaks are known collectively as side channel attacks.

Read 9 remaining paragraphs | Comments

 
U.S government agencies will work to release cyberthreat information faster to the health-care industry after a massive breach at hospital operator Community Health Systems, representatives of two agencies said.
 
Jumping into the growing NoSQL market, Microsoft has debuted a simple data store through the Azure cloud hosting service.
 
Google appears to be redesigning Glass to make the wearable computer look less nerdy and more like ordinary eyeglasses.
 

On a mobile application, users typically have a single choice to protect their privacy: install the application or not.

The binary choice has left most users ignoring permission warnings and sacrificing personal data. Most applications aggressively eavesdrop on their users, from monitoring their online habits through the device identifier to tracking their movements in the real world via location information.

Now, a research group at North Carolina State University hopes to give the average user a third option. Dubbed NativeWrap, the technology allows Web pages to be wrapped in code and make them appear as a mobile application, but with user-controlled privacy. Because many applications just add a user interface around a Web application, the user should have equivalent functionality for many wrapped apps, said William Enck, assistant professor in the department of computer science at North Carolina State University.

Read 7 remaining paragraphs | Comments

 
PHP 'cdf_read_property_info()' Function CVE-2014-3587 Incomplete Fix Denial of Service Vulnerability
 
As expected, Apple today released the second public beta of OS X Yosemite.
 
Most people start thinking about retirement when they turn 70, if they haven't already called it a career. Not Oracle CEO Larry Ellison, who passed that milestone Sunday.
 
In the hunt for new ways to handle growing data volumes, NTT DoCoMo and Huawei Technologies have demonstrated that LTE can be deployed over 5GHz, which today is used for Wi-Fi networks.
 
Oracle Java SE CVE-2014-4221 Remote Security Vulnerability
 
The SANS Internet Storm Center is proud to announce the release of our first OpenIOC format API call. We have been hard at work writing a method that serves our firewall logs as OpenIOC XML content dynamically from a RESTful HTTP request. This is a critical step in expanding our service offerings to you, our readers, members and contributors.
 
You can use tools that ISC handler Russ McRee mentioned in a previous diary to convert output from this new method into STIX format. This is just the beginning however; the development roadmap includes the addition of another API method with the same data served in STIX format!
 
Ready to get started? View the documentation here: https://isc.sans.edu/api/#openiocsources
 
Please share your feedback as well as use cases and success stories as they unfold in the comments below.
 
A big thanks to Russ McRee for his assistance with testing and the writing of this announcement!

-- 
Alex Stanford - GIAC GWEB & GSEC
Research Operations Manager,
SANS Internet Storm Center

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Sprint on Thursday announced a $60-per-month unlimited talk, text and data plan -- its second price cut in four days -- that's designed to undercut competitors.
 
The FDA today approved an algorithm that allows a special iPhone case to record the heart's rhythm and detect abnormalities associated with strokes or other heart-related problems.
 
Bitdefender GravityZone Authentication Bypass and Unauthorized Access Vulnerabilities
 
Apache HttpComponents Incomplete Fix SSL Certificate Validation Security Bypass Vulnerability
 
Opera Software and Microsoft have struck a deal to replace Nokia's Xpress browser with Opera Mini on Microsoft's dying line of feature phones.
 
The Uber mobile app was already gaining popularity with smartphone users looking to find a ride in a big city, but now the app is on the verge of getting much bigger.
 
Drupal XML-RPC Endpoint Multiple Denial of Service Vulnerabilities
 
IBM InfoSphere Information Server CVE-2013-4058 Unspecified SQL Injection Vulnerabilitiy
 
Microsoft Windows Remote Procedure Call CVE-2014-0316 ASLR Security Bypass Vulnerability
 
LG Electronics is bringing features from its more expensive smartphones into the hotly contested low-end segment of the market.
 
Microsoft .NET Framework CVE-2014-4062 ASLR Security Bypass Vulnerability
 
Taiwanese PC maker Acer is bringing Google's Chrome operating system to desktops with a new unit that will arrive in the U.S. next month.
 
Some of the world's largest businesses say their Cobol application infrastructure, running on state-of-the-art big iron, still delivers a powerful competitive advantage. The challenge going forward will be staffing it.
 
A type of body scanner in wide use across U.S. airports through last year fails to spot well-concealed weapons including guns and knives, computer security researchers contend.
 
The co-owner of a small Florida-based company was about to have a baby so she sought a more flexible way to run her business. She found the answer in cloud computing technology
 
With a Microsoft-mandated deadline a little more than two months away, computer makers are still selling PCs equipped with Windows 7 Home Premium.
 
[SECURITY] [DSA 2940-1] libstruts1.2-java security update
 
[SECURITY] [DSA 3008-1] php5 security update
 
ToorCon 16 Call For Papers!
 
ArcGIS for Server Vulnerability Disclosure
 

Posted by InfoSec News on Aug 21

http://www.washingtonpost.com/blogs/the-switch/wp/2014/08/20/chinese-hackers-reportedly-took-classified-data-about-mh370-a-day-after-it-went-missing/

By Jiaxi Lu
The Washington Post
August 20, 2014

Five months after Malaysia Airlines flight 370 went missing, a report
emerged on Wednesday saying that Chinese hackers have targeted Malaysian
government departments involved in the search for the jet.

According to the Malaysian newspaper the...
 

Posted by InfoSec News on Aug 21

http://www.networkworld.com/article/2466795/security0/5-cool-new-security-research-breakthroughs.html

By Bob Brown
NetworkWorld
Aug 19, 2014

University and vendor researchers are congregating in San Diego this week
at USENIX Security ’14 to share the latest findings in security and
privacy, and here are 5 that jumped out to me as being particularly
interesting.

*On the Feasibility of Large-Scale Infections of iOS Devices

Georgia Tech...
 

Posted by InfoSec News on Aug 21

http://www.bloomberg.com/news/2014-08-20/target-lowers-its-forecast-as-sales-slump-canadian-losses-widen.html

By Renee Dudley
Bloomberg.com
Aug 20, 2014

Target Corp. (TGT), still struggling to rebound from last year’s hacker
attack, cut its forecast for the year as slumping sales and a money-losing
push into Canada take a toll on profit.

Target now expects full-year earnings of $3.10 to $3.30 a share, excluding
some items, down from a...
 
OpenSSL DTLS CVE-2014-3507 Remote Denial of Service Vulnerability
 
Internet Storm Center Infocon Status