Hackin9
The U.S. International Trade Commission has turned down a request for a ban on Microsoft's Xbox after finding that the gaming device did not infringe a patent owned by Google's Motorola Mobility unit.
 
Microsoft brushed off a dubious hacker's claim on Thursday that he stole 47 million account credentials for Microsoft's Xbox Live gaming service.
 
Box has acquired an unreleased application called Folders, designed to give iPhone and iPad users a mobile front-end interface for the cloud storage and file management and sharing service as well as for competitors Google Drive and Dropbox.
 
Users in the U.K. and France will have to wait a bit longer to get their hands on the HTC First. The first smartphone to come preinstalled with Facebook Home has been delayed in those countries while Facebook updates the software to address some negative user feedback.
 
Intel's upcoming family of Core processors, code-named Haswell, will offer 50 percent more battery life in laptops than did their "Ivy Bridge" predecessors, Intel said on Thursday.
 
Manuel Araoz, a 23-year-old developer in Argentina, has an idea for Bitcoin that doesn't focus on money.
 
Google has released a beta version of Chrome that introduces what the company describes as "richer" notifications from the browser's apps and extensions.
 
X.Org libXi 'XListInputDevices()' Memory Corruption Vulnerability
 
Intel's upcoming family of Core processors, code-named Haswell, will offer 50 percent more battery life in laptops than did their "Ivy Bridge" predecessors, Intel said on Thursday.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Deploying an update of its DB2 database, IBM is pitching its SmartCloud infrastructure as a service (IaaS) for use in data reporting and analysis.
 
SoftBank has received all the necessary state approvals for the Japanese mobile carrier to acquire a majority stake in Sprint Nextel for US$20 billion, the companies announced.
 
Internet communities are more trustworthy than some big corporations, but mobile is proving a hard nut to crack even for the best of them, actor and venture capitalist Ashton Kutcher told CTIA Wireless Thursday.
 
X.Org libXcursor '_XcursorFileHeaderCreate()' Function Remote Code Execution Vulnerability
 
U.S. companies should be allowed to take aggressive countermeasures against hackers seeking to steal their intellectual property, contends the private Commission on the Theft of American Intellectual Property.
 
Human interaction with computers could improve with the new Kinect for Windows sensor, which will be better at recognizing gestures, motion and voice.
 
NOAA is working to fix a broken weather satellite -- the one that watches the Atlantic Ocean -- even as it gears up for what's expected to be an above-normal year for hurricanes.
 
CFP: IEEE SafeConfig: 6th Symposium on Security Analytics and Automation
 
A majority of consumer and small business Windows 8 PC users launch fewer than one "Modern" app a day, signaling that they're spending most of their time on the classic Windows 7-style desktop, according to data released Wednesday.
 
Thin clients introduced this week by Dell and Hewlett-Packard have faster processor than existing thin clients as well as high-definition graphics capabilities, so they could be alternatives to traditional PCs as computing continues moving to the cloud.
 
SEC Consult SA-20130523-0 :: JavaScript Execution in IBM WebSphere DataPower Services
 
[ANN] Struts 2.3.14.1 GA (fast track | security)
 
Box has acquired an unreleased application called Folders, designed to give iPhone and iPad users a mobile front-end interface for the cloud storage and file management and sharing service as well as for competitors Google Drive and Dropbox.
 
APPLE-SA-2013-05-22-1 QuickTime 7.7.4
 
As Ethernet marks its 40th birthday this week, some of those celebrating will also be looking ahead to yet another use for the nearly ubiquitous technology: the cloud.
 
Europe's Digital Agenda Commissioner on Thursday set out plans for the European Union to produce more micro- and nano-chips than the United States in the next seven years.
 
Lyft, the ridesharing service known for its fleet of pink mustache-festooned cars, is eyeing international expansion supported by its biggest funding round yet.
 
Security researchers have identified multiple samples of the recently discovered "KitM" spyware for Mac OS X, including one dating back to December 2012 and targeting German-speaking users.
 
Current customers can still use the products until their subscription runs out. Symantec says that customers who are affected by the change should switch to Norton products
    


 
[SECURITY] [DSA 2672-1] kfreebsd-9 security update
 

NGFW boom increasing burden on infosec workers
CRN - UK
Adoption of next-generation firewalls (NGFWs) may be soaring but end users making the leap could well encounter increased workloads as a result. That is according to research from firewall management vendor Algosec designed to gauge the effects that ...

 
A freelance Java developer claims it took him only 30 days to build and launch a basic open source office suite that runs on multiple OSes.
 
Application-tuning capabilities coupled with today's commodity cloud offerings are more than many users need. Just like broadband Internet, though, it's only a matter of time before these 'overserved' users turn to the commodity cloud to meet 'unserved' needs. Will this leave enterprise cloud deployments in the cold?
 
LinuxSecurity.com: The Red Hat Enterprise Linux 6.4 KVM Guest Image for cloud instances had an empty root password by default. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Adam Nowacki discovered that the new FreeBSD NFS implementation processes a crafted READDIR request which instructs to operate a file system on a file node as if it were a directory node, leading to a kernel crash or potentially arbitrary code execution. [More...]
 
LinuxSecurity.com: Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
 
LinuxSecurity.com: Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Multiple vulnerabilities have been discovered in Request Tracker, an extensible trouble-ticket tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
 
Python pip CVE-2013-1888 Insecure Temporary File Creation Vulnerability
 
Nginx CVE-2013-2070 Remote Security Vulnerability
 
Apple has released QuickTime 7.7.4, fixing 12 critical security holes causing memory corruption and buffer overflows when processing a number of media formats
    


 
ClamAV Remote Code Execution And Denial of Service Vulnerabilities
 
Google Chrome Prior to 27.0.1453.93 CVE-2013-2838 Out of Bounds Remote Code Execution Vulnerability
 

Volatility is a Python framework for performing memory forensics. If you haven't tried it yet I highly recommend it. The Volatility Month of Volatility Plugins II is on! As announced here: http://volatility-labs.blogspot.ca/2013/05/whats-happening-in-world-of-volatility.html Volatility 2.3 is entering beta and the second MoVP (Month of Volatility Plugins) has started and is actually in their second installment. Some very exciting new stuff:

1.1 - Mach-O Address Space
1.2 - VirtualBox ELF64 Core Dumps
1.3 - VMware Snapshot and Saved State Analysis
1.4 - New HPAK Address Space
1.5 - ARM Address Space (Volatility and Andriod / Mobile)
2.1 - RSA Private Keys and Certificates
2.2 - Unloaded Windows Kernel Modules

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
My SANS Teaching Schedule

 

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft will boost its Azure cloud offering in Japan, adding two domestic data centers to speed response times and improve reliability in the face of natural disasters.
 
The U.S. government is in negotiations with SoftBank for greater control over equipment purchases by Sprint Nextel and the selection of one of the Japanese company's nominee to the Sprint board, according to a news report.
 
Samsung Electronics has reported global channel sales of over 10 million units of the Galaxy S4 in less than a month after its global launch.
 
Ericsson may have a contender for oddest networking product if it commercializes the wireless bus windows it demonstrated at the CTIA Wireless trade show this week.
 
Adobe has acquired Thumb Labs, a small mobile app agency, as part of its broader push to give its new cloud-enabled software offerings a more social flavor.
 
Amazon.com is expanding the distribution of its tablets in a big way with the Kindle Fire HD and Kindle Fire HD 8.9 now available for preorder in over 170 countries, and its Appstore open in nearly 200 countries.
 
As analytics become more ingrained in corporations, data visualizers are the new go-to experts in demand -- but do they work for IT or give IT its marching orders?
 
PC sales in China and high growth in smartphones shipments helped boost Lenovo's net profit for its fiscal fourth quarter by 90%.
 
The latest victim of disruption by Internet technologies is a veteran of World War I: the missing persons search.
 
A code sent by SMS, in addition to the standard password, will improve security for Twitter accounts - not a bad idea, after recent problems with hacked accounts sending out false reports
    


 
RETIRED: Apple QuickTime Prior To 7.7.4 Multiple Arbitrary Code Execution Vulnerabilities
 
Two leading wireless power companies, Powermat and PowerKiss, have announced that they have entered into a definitive agreement to merge.
 
A Google security engineer accused Microsoft of treating outside researchers with "great hostility" days before posting details of an unpatched vulnerability in Windows that could be used to crash PCs or gain additional access rights.
 
Apple QuickTime CVE-2013-1015 Memory Corruption Vulnerability
 
Internet Storm Center Infocon Status