(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

An article published today in the People's Liberation Army Daily, the official newspaper of China's military—and reprinted in part by Qiushi, the official magazine of the Chinese Communist Party—calls the Internet "the ideological 'main front' and 'the main battlefield'" upon which China must fight an ideological war upon the West to defend itself from the creeping evils of Western thought. The article calls for greater restrictions on Internet content, and for the People's Liberation Army to "protect ideological and political security on the invisible battleground of the Internet" as it protects the physical security of the country.

"It is said that before the 1960s, who took control of the print media, will have the right to speak; before the 1990s, who controlled the television media, will have more right to speak; and after entering the new century, who control Internet, including mobile Internet, will have the greatest right to speak," the unnamed author of the piece wrote. "In the eyes of Western anti-China forces, the Internet is undoubtedly intended to guide public opinion in China," undermining the authority of the government with "unwarranted charges" and by "exaggerating minority conflicts" while presenting democracy as "a cure-all 'recipe for salvation' and presenting the ideas of the Western world as the leading civilized 'universal values'."

In the view of the PLA Daily, Western powers and Chinese "ideological traitors" have used the Internet to wage war on the Party: "Their fundamental objective is to confuse us with 'universal values', disturb us with 'constitutional democracy', and eventually overthrow our country through 'color revolution'," the article stated—an allusion to the "Orange Revolution" in Ukraine and other popular uprisings against Communist authoritarian governments in the former Soviet Bloc. "Regime collapse that can occur overnight often starts from long-term ideological erosion."

Read 2 remaining paragraphs | Comments


An estimated 500 million Android phones don't completely wipe data when their factory reset option is run, a weakness that may allow the recovery of login credentials, text messages, e-mails, and contacts, computer scientists said Thursday.

In the first comprehensive study of the effectiveness of the Android feature, Cambridge University researchers found that they were able to recover data on a wide range of devices that had run factory reset. The function, which is built into Google's Android mobile operating system, is considered a crucial means for wiping confidential data off of devices before they're sold, recycled, or otherwise retired. The study found that data could be recovered even when users turned on full-disk encryption.

Based on the devices studied, the researchers estimated that 500 million devices may not fully wipe disk partitions where sensitive data is stored and 630 million phones may not wipe internal SD cards where pictures and video are often kept. The findings, published in a research paper titled Security Analysis of Android Factory Resets, are sure to be a wake-up call for individual users and large enterprises alike.

Read 10 remaining paragraphs | Comments

WordPress WP Symposium Plugin CVE-2015-3325 SQL Injection Vulnerability
Microsoft Windows GDI+ CVE-2015-1671 TrueType Font Handling Remote Code Execution Vulnerability
Microsoft Windows GDI+ CVE-2015-1670 OpenType Font Parsing Information Disclosure Vulnerability
Elasticsearch CVE-2015-3337 Directory Traversal Vulnerability
Webgrind XSS vulnerability
[SECURITY] [DSA 3266-1] fuse security update

Confronting the widening infosec skills gap
Tech Page One
For individuals with the right skills, that's probably enough to break out the champagne – a guarantee of lifetime job security at good wages. But organizations in general, both public and private, are stuck dealing with the very large cloud in front ...

Google Chrome Prior to 43.0.2357.65 Multiple Security Vulnerabilities
Google V8 Prior to Multiple Unspecified Security Vulnerabilities
IBM SDK CVE-2015-1914 Sandbox Security Bypass Vulnerability
SSL/TLS LogJam Man in the Middle Security Bypass Vulnerability
CVE-2015-1833 (Jackrabbit WebDAV XXE vulnerability)
CVE for Apple's ECDHE-ECDSA SecureTransport bug?
[SECURITY] [DSA 3261-2] libmodule-signature-perl regression update
Internet Storm Center Infocon Status