Facebook engineers have fixed a privacy bug that disclosed e-mail addresses and phone numbers of about 6 million account holders to other users, company officials said Friday.

The inadvertent disclosure was included in archives generated when people used the Facebook Download Your Information tool. The service allows users to acquire the entire contents of their accounts. In some cases, the archives contained private e-mail addresses and phone numbers belonging to people the account holder had searched for on Facebook. In a blog post published Friday, company representatives wrote:

We currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing. Although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again. Your trust is the most important asset we have, and we are committed to improving our safety procedures and keeping your information safe and secure.

Company officials have already notified regulators in the US and Canada of the disclosure and are in the process of notifying affected users through e-mail.

Read 1 remaining paragraphs | Comments

Edward Snowden, the former NSA contractor who leaked information about U.S. government mass surveillance programs, has been charged by the U.S. with espionage, the Washington Post reported Friday.
A bug on Facebook leaked email addresses and phone numbers provided by some 6 million people on the site to certain other users, the company revealed Friday.
Linux developers were once just that, developers. But their role is changing says the Linux Foundation, which is expanding its training options to help them.
X.Org libXvMC ' XvMCGetDRInfo()' Function Remote Code Execution Vulnerability
For the better part of a year, Oracle has touted the "pluggable database" feature in its upcoming 12c database release as a significant architectural shift that will usher in major performance and efficiency improvements and also make cloud-based applications more secure.
Intel is now looking to the Android operating system as it breaks away from years of optimizing its top line of Core PC processors, including the recently launched Haswell processors, chiefly for Windows.
Rackspace is now offering hosted versions of the MongoDB data store, using MongoDB management technologies it acquired from its purchase of ObjectRocket in February. It also has contracted with 10gen, the company shepherding the open source MongoDB, to provide advanced support for the service.

Device-disabling malware that masquerades as legitimate antivirus protection is migrating to smartphones running Google's Android operating system, according to researchers who got their hands on what appears to be an early test version of one such malicious program.

So-called Fake AV software, which is often bundled with screensavers or other innocuous-appearing apps, has long been a nuisance in the malware landscape for both the Microsoft Windows and Mac OS X platforms. Some operators have managed to rake in millions of dollars by reporting non-existent infections on machines and then tricking owners into paying for fraudulent disinfection services.

Enter Android Fakedefender, which researchers from antivirus provider Symantec recently discovered in several third-party Android app markets. The malicious app is still buggy and crude to say the least, but it nonetheless has the ability to create major headaches for smartphone users who install it. On many handsets, for instance, Fakedefender cannot be uninstalled at all and will prevent users from performing factory resets. Borrowing a page from so-called ransomware malware, the app also prevents many users from opening other apps or accessing data stored on the device until users buy a premium version of the Fake AV program.

Read 6 remaining paragraphs | Comments

A U.K. regulatory group is giving Google 35 days to delete what remains of the data collected by its Street View cars in the U.K., and is using the threat of legal action to compel the company to comply.
Apple and Samsung have both released new laptops that utilize the power management capability of Intel's latest chip, but high prices could dampen sales.
Christie's today said it hopes to sell a working Apple-1 computer for as much as half a million dollars in a special online-only auction that starts next week.
More secret NSA documents leaked by Edward Snowden suggest that the U.S. agency's British counterpart intercepts petabytes worth of communication data daily from fiber-optic cables.
Want to go out for coffee without running into your friends and being forced to make small talk? There's now an app for that.
Bang & Olufsen has produced its first set of over-the-ear headphones and the first new headphones it's released in more than 25 years. The Danish company is also selling new ear buds that offer good sound reproduction in an understated, but classy, look.
Against a backdrop of market tumult, enterprise software companies this week reported mixed quarterly results.
Virgin Mobile USA will begin selling the iPhone 5 next Friday, June 28. A 16 GB version will cost $549.99.
Some of the remains of sci-fi legend Arthur C. Clarke, Star Trek creator Gene Roddenberry, and the actor who played chief engineer Scotty in the popular TV show, will be flown into space next year.
Oracle Java SE CVE-2013-2443 Remote Security Vulnerability
Oracle Java SE CVE-2013-2461 Remote Security Vulnerability
Oracle Java SE CVE-2013-2455 Remote Security Vulnerability
Oracle Java SE CVE-2013-2456 Remote Security Vulnerability

----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The National Security Agency can retain communications of U.S. citizens or residents potentially indefinitely if those communications are encrypted, according to a newly leaked secret government document.
Microsoft took a two-year-old contest and turned it on its head to come up with a new reward program that will pay security researchers up to $100,000 for demonstrating novel attack tactics against Windows 8.1.
Cross-site scripting (XSS) is one of the biggest problems faced by webmasters. The new Content Security Policy standard should finally provide some relief

Oracle Java SE CVE-2013-2447 Remote Security Vulnerability
Oracle Java SE CVE-2013-2448 Remote Security Vulnerability
Oracle Java SE CVE-2013-2446 Remote Security Vulnerability
Oracle Java SE CVE-2013-2445 Remote Security Vulnerability
DC4420 - London DEFCON - June meet - Lightning Talks!!! - Tuesday 25th June 2013
While ICO only threatens increased focus on Google's operations, it serves an enforcement order on the company to destroy hard disks of sniffed Wi-Fi data it still retains

Oracle Java SE CVE-2013-2464 Remote Security Vulnerability
Oracle Java SE CVE-2013-2463 Remote Security Vulnerability
Oracle Java SE CVE-2013-2462 Remote Security Vulnerability
Oracle Java SE CVE-2013-2466 Remote Security Vulnerability
Guest blog post by Patrick Gallagher, Under Secretary of Commerce for Standards and Technology and Director, National Institute of Standards and TechnologyJust about everything these daysamp-from banking to health care to the electricity ...
The future of IT will be systems that are intelligent enough to detect and solve problems without human interaction, CIO.com columnist Rob Enderle conjectures. This will be great for analytics but bad for security--and it may leave IT workers reaching for Valium.
Germany's Federal Office for Information Security (BSI) has conducted a study to analyse how secure some of the most popular content management systems are. Add-ons, they say, can contribute as much as 95 per cent of the problems

Linux Kernel 'b43' Wireless Driver Local Privilege Escalation Vulnerability
The National Institute of Standards and Technology (NIST) has opened registration for its 3rd Cybersecurity Framework Workshop, to be held July 10-12, 2013, in San Diego, Calif.The 3rd Cybersecurity Framework Workshop will bring together ...
MapR Technologies and VMware have collaborated to make it easier for enterprises to virtualize big data applications and get better support at the same time.
The U.S. Federal Aviation Administration is moving toward relaxing the rules about using electronic devices on airplanes, according to a published report, but the decision isn't final yet.
Capgemini is introducing a hybrid cloud orchestration service focused on Microsoft products, although enterprises will be able to manage any load with the offering, including applications running on Linux, the company said.
Though IT outsourcing vendors and clients cite concern over the potential H-1B visa reform currently heading to the senate for a vote, they are, for the most part, taking a wait-and-see approach and are doing very little to prepare for the possible effects of the visa changes.
Google is hoping to appease developers that want better portability for their hosted apps by working with Red Hat on running App Engine in private clouds.
The U.S. International Trade Commission has decided to investigate HTC for patent infringement based on a complaint Nokia filed in May that targets several phones from the Taiwanese handset maker, including the HTC One.
Lenovo is bringing another Windows 8 tablet to market -- this one made with keyboard cover in mind -- along with five new touch-based laptops that are slated to arrive globally in July and August.
The emerging IEEE 802.11ac wireless LAN standard will be able to deliver faster connections wherever it's used, but the biggest benefit may come at public hotspots -- eventually.
Oracle hasn't even officially released its 12c database yet, but CEO Larry Ellison has already revealed plans for the version that will follow, 12.1c, which apparently will be Oracle's most direct response yet to SAP's HANA in-memory platform.
'Word games,' an 'overreaching narrative' and a 'case of inferences' were a few choice phrases used by attorney Orin Snyder Thursday in closing arguments for Apple in the U.S. Department of Justice's antitrust, e-books price fixing case against the tech giant.
Oracle's revenue was flat year-over-year in its fourth quarter at $10.9 billion, while profits rose 10% to $3.8 billion, as the company reported strong growth in sales of software as a service (SaaS) subscriptions and 'engineered systems' like Exadata.
A U.S. researcher at IBM who invented the basic building block of the modern DRAM has been honored with a prestigious Japanese award and a $500,000 prize.
In all, around 5,000 sites, including LinkedIn, were affected by a configuration error at DNS provider Network Solutions; this sent traffic to an IP range run by a network services company

Linux Kernel 'inotify_init1()' Double Free Local Denial of Service Vulnerability
Apple's newest MacBook Air uses Intel's latest Haswell chip and promises "all-day" battery life. Columnist Michael deAgonia offers up some early thoughts on Apple's stylish ultra-thin laptop.

Posted by InfoSec News on Jun 21


By William Jackson
June 17, 2013

The future of network security is automation, using various tools to monitor
systems and network traffic for signs of trouble, alert administrators and even
respond to attacks on their own. Automation can handle jobs that otherwise
would have to be done by IT staff members, who are then freed up for other

Agencies face...

Posted by InfoSec News on Jun 21


By Mathew J. Schwartz
June 19, 2013

The National Security Agency (NSA) is studying new information security
policies and technology to help the agency prevent future leaks.

Testifying before the House Intelligence Committee Tuesday, NSA director Gen.
Keith Alexander said that measures under consideration include requiring...

Posted by InfoSec News on Jun 21


[Well worth the read, otherwise I wouldn't have posted it. - WK]

Georgia Weidman's Security Blog
By georgia
June 18th, 2013
Posted in Uncategorized

Note: There will be no names named here. The perpetrator is not named. Likewise
the heroes of the story who probably saved me from going to jail and at the
very least comforted me when it felt like the...

Posted by InfoSec News on Jun 21


By Robert Lemos

Initial numbers shared by the software giant suggest that its disruption
of the Citadel botnet has resulted in criminals losing control over more
than a million PCs.

A team of industry and law enforcement partners—including Microsoft, the
FBI and financial firms—have successfully disrupted a collection of...

Posted by InfoSec News on Jun 21


By Amrutha Gayathri
International Business Times
June 21 2013

A private company that conducted a background check in 2011 on Edward Snowden,
the former defense contractor who leaked sensitive information about the
National Security Agency’s surveillance programs, has been under federal
investigation for the past...

Bon Plan - 20% de remise sur les onduleurs et multiprises Infosec chez GrosBill
Pour en bénéficier, il vous suffit de vous rendre sur cette page chez GrosBill puis d'ajouter le ou les produits Infosec éligibles de votre choix au panier. Ensuite, dans le champ prévu à cet effet lors du passage de commande, saisissez le code 20SEC ...

A U.S. researcher at IBM who invented the basic building block of the modern DRAM has been honored with a prestigious Japanese award and a US$500,000 prize.
Microsoft and Oracle are set to reveal details of a new partnership on Monday, one of a 'startling series' of announcements Oracle CEO Larry Ellison promised next week around the Oracle Database 12c.
Internet Storm Center Infocon Status