Hackin9
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
A group of Reddit users are arguing in a petition filed with the U.S. Patent and Trademark Office that the use of the term "gaymer" to identify their community on the site should remain in the public domain.
 
Apple TV was until now considered a "hobby," by Apple's own admission, but the product has taken on more importance for CEO Tim Cook.
 
Governments continue to ask Google for more data about its users, with more than two-thirds of requests in the U.S. made through a subpoena, which usually doesn't require asking a judge for a search warrant.
 
The recent Red October attacks show not only a new level of complexity, but an ongoing problem with attack attribution.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Apple's revenue grew but profit was flat in its first fiscal quarter of 2013, during which sales of iPhones and iPads rose, but Mac and iPod shipments dropped.
 
Security software provider Symantec is reworking its sales strategy, reorganizing software lines, slimming middle management and increasing marketing and research efforts.
 
Hubert Yoshida VP and CTO, HDS, foresees a definite influence of the evolving tech landscape on CIOs and channel partners.
 
Dharmendra Kumar, President, India and SAARC, Aruba Networks, talks about why BYOD is the single largest focus for the company.
 
Google, AT&T and Verizon Communications were among the top corporate spenders on lobbying the U.S. government in the fourth quarter of 2012, according to information released this week by the U.S. House of Representatives.
 
A group of Reddit users are arguing in a petition filed with the U.S. Patent and Trademark Office that the use of the term "gaymer" to identify their community on the site should remain in the public domain.
 
A recent breakthrough in storage research may someday produce a new type of solid-state device that can be used like a hard disk drive and holds 1,000 times as much data.
 
With speculation swirling that Google is preparing to come out with what's been called the Google X phone and a Google X tablet this spring, analysts say the company is pushing the hardware envelope.
 
An otherwise clever code loading concept turns out to open a potential backdoor because it uses unsuitable crypto features. This allows third parties to manipulate some of Mega's code


 
The Trinity fuzzer for Linux is an uncommon fuzzer as it actually puts some thought into how it generates its "random" data. The latest version includes improved ARM support and adds MIPS CPUs to the fuzzable mix


 
Representatives of newly launched file-storage and sharing service Mega addressed some of the concerns raised by security researchers in recent days about the site's architecture and the implementation of its cryptographic features.
 
Three individuals were indicted in New York today for allegedly creating and distributing the Gozi malware that's said to have caused tens of million of dollars in losses at several major U.S. banks.
 
As the business world focuses more on risk management, more people are turning to the frameworks developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
 
A new generation of lower-cost and more appealing ultrabooks are expected to lead to a more than doubling of global shipments of SSDs in 2013, according to IHS iSuppli.
 
Three people allegedly involved for years in cybercriminal activities in Eastern Europe have been charged in a U.S. court for creating and distributing the Gozi virus that infected more than 1 million computers and allowed cybercriminals to steal millions of dollars over a five-year period.
 
Former Apple CEO Steve Jobs threatened Palm with a patent lawsuit if it did not enter into an agreement in which the companies pledged not to hire employees from each other, unsealed court documents show.
 
The 'big data' buzzword and industry trend had a pretty good year perception-wise in 2012, but the hype may soon fade into a period of disillusionment among users, according to analyst firms Ovum and Gartner.
 
Intel's decision to leave the motherboard business is a smart move in a troubled market, analysts said Wednesday.
 
HP Diagnostics Server 'magentservice.exe' Remote Code Execution Vulnerability
 
bogofilter Base64 Encoding '=' Character Heap Memory Corruption Vulnerability
 
Tape is not dead--far from it. In fact, many enterprises depend on it for cost-effective long-term storage. Tape is also finding new applications in the virtualized and increasingly video-centric world of IT. As enterprises deal with bigger sets of data, tape will play a vital role going forward.
 
Cisco Systems is planning to acquire Intucell in a bid to make its products more attractive to mobile operators as traffic volume on networks continues to grow.
 
It appears that a dispute between browser makers and the Chinese government over train tickets may have led to the Github project hosting platform getting blocked in China
 
DC4420 - London DEFCON - January 2013 meet. Tuesday 29th January 2013
 
Microsoft continues to expand its cloud offerings with the general availability of Windows Azure Media Services, which lets enterprises skip building their own infrastructure for streaming on-demand video.
 
Don't let a few bad reviews or one negative article ruin your reputation with online customers. These three case studies feature companies that faced online reputation challenges, with a look at the results they achieved and the lessons they learned along the way.
 
Until now, little has been known about how cloud service Mega will work and how reliable it will be. Available documentation and some observations do, however, permit a few conclusions to be drawn


 
[slackware-security] mysql (SSA:2013-022-01)
 
[security bulletin] HPSBMU02841 SSRT100724 rev.1 - HP Diagnostics Server, Remote Execution of Arbitrary Code
 
Performance Co-Pilot CVE-2012-5530 Multiple Insecure Temporary File Creation Vulnerabilities
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0767 Remote Code Execution Vulnerability
 
With the latest generation of high-end smartphones sporting power-hungry 5-inch screens, a growing number of phone vendors are emphasizing bigger batteries rather than thinner devices.
 
Dell is planning to release by mid-year a computer that's all of 3.5 inches long and 1.5 inches wide. It's not much bigger in girth than a USB stick, and is similar in design.
 
Microsoft has identified 13 PC resellers based in Shanghai that it claims have been distributing counterfeit versions of its Windows OS, and the company could take legal action against them if a settlement isn't reached.
 
Samba's open source alternative to Microsoft's domain controller is a good start, but not ready for prime time
 
Adding video to the company website can set retailers and other businesses apart from the competition -- and ultimately boost the bottom line.
 
Access to software collaboration site GitHub appeared to be restored in China on Wednesday, just as former Google executive Kai-Fu lee criticized its blocking as a senseless move that would harm Chinese developers.
 
The seventh-grade classroom at Aptos Middle School buzzed with animated kids, many of whom whispered to friends and shot curious looks at the visitors scattered around their classroom.
 
KDDI, which runs one of Japan's largest mobile networks, is considering selling smartphones based on the new Firefox operating system from Mozilla.
 
With a tough 2012 behind it, Advanced Micro Devices hopes to return to profitability this year through cost-cutting, new chips and other measures, executives said Tuesday.
 
Research firm says modern apps require elastic infrastructure and multichannel clients, while mobile apps are just one component of larger app architecture
 
An individual who inadvertently exposes the contents of his computer over an unsecured wireless network still has a reasonable expectation of privacy against a search of those contents by the police, a federal judge in Oregon ruled last week.
 
Analysts are unsure whether RIM's new enterprise mobility software, now available for download, can halt the migration away from BlackBerry smartphones.
 
Sleuth Kit CVE-2012-5619 Detection Evasion Security Bypass Weakness
 
Xen 'set_msi_source_id()' Function Local Denial of Service Vulnerability
 
SAP's revenue in the fourth quarter grew by 12 percent, helped by strong growth in the market for its cloud applications, its HANA in-memory database and mobile applications.
 

Posted by InfoSec News on Jan 22

http://arstechnica.com/security/2013/01/cracking-tool-milks-weakness-to-reveal-some-mega-passwords/

By Dan Goodin
Ars Technica
Jan 22 2013

Yet another security researcher is poking holes in the security of Mega, this
time by pointing out that the confirmation messages e-mailed to new users can
in many cases be cracked to reveal their password and take over their Mega
accounts.

Steve "Sc00bz" Thomas, the researcher who uncovered...
 

Posted by InfoSec News on Jan 22

http://www.theregister.co.uk/2013/01/23/australia_cyber_security_centre/

By Simon Rockman
The Register
23rd January 2013

Australia is tooling up for a “long, persistent fight” online, and believes
digital combat will be as important to the nation’s future security as
involvements in Iraq and Afghanistan were in the last decade.

No less a figure that Prime Minister Julia Gillard expressed that opinion today
in a speech billed as a...
 

Posted by InfoSec News on Jan 22

http://www.darkreading.com/threat-intelligence/167901121/security/vulnerabilities/240146763/report-70-of-exploit-kits-out-of-russia.html

By Kelly Jackson Higgins
Dark Reading
Jan 22, 2013

Old bugs never really die, a new study shows: nearly 60 percent of
vulnerabilities used by popular exploit kits are over two years old, according
to a new study by Solutionary's Security Engineering Research Team (SERT).

And 70 percent of the 26...
 

Posted by InfoSec News on Jan 22

https://www.networkworld.com/news/2013/012213-twitter-flaw-gave-third-party-apps-266030.html

By Lucian Constantin
IDG News Service
January 22, 2013

Users who signed into third-party Web or mobile applications using their
Twitter accounts might have given those applications access to their Twitter
private "direct" messages without knowing it, according to Cesar Cerrudo, the
chief technology officer of security consultancy firm...
 

Posted by InfoSec News on Jan 22

http://www.v3.co.uk/v3-uk/news/2238116/london-school-wins-national-code-breaking-challenge

By Rosalie Marshall
V3.co.uk
22 Jan 2013

Pupils from the City of London School have been revealed as the winners of the
National Cipher Challenge, a code-breaking competition that attracted 6,268
schoolchildren to participate.

The challenge, launched in 725 schools across the country, was run by
Southampton University in partnership with the...
 
Apache Tomcat CVE-2012-4534 Denial of Service Vulnerability
 
Apache Tomcat CVE-2012-4431 Cross-Site Request Forgery Vulnerability
 
Internet Storm Center Infocon Status