Information Security News
There are two advantages in allowing jQuery.com to host the code:
On the other hand, there is an important drawback, and the main reason why the jQuery code for isc.sans.edu is hosted on our own servers: With code being "blindly" included from 3rd party sites, it is possible that a compromise of this 3rd party site will affect your site's security.
Sadly, just this happened according to RiskIQÂ with jQuery.com . The web site was compromised and malicious code was injected redirecting users to a malicious site. Luckily, the jQueryÂ library was NOT affected. Otherwise, many additional sites would have been exposed and visitors to these sites would have been affected. This is in particular fortunate as the attack appears to be targeted. The redirection domain used in this attack was jquery-cdn.com . That domain was registered on the day the attack was first noticed.
Particulary concerning is the fact that I am unable to find any statement about the attack on jQuery.com . If someone has a link, please let me know.
by Cyrus Farivar
On Late Night with Seth Meyers, Stewart proudly talked about how she now owns "three drones."
"These are not army drones! They're not dangerous!" she reassured Meyers.
by Sean Gallagher
One of the tools we've leaned on heavily in some of our lab testing of software privacy and security is Kali Linux. The Debian-based operating system comes packaged with a collection of penetration testing and network monitoring tools curated and developed by the security training company Offensive Security. Today, the Kali developer team and Offensive Security released a new Kali project that runs on a Google Nexus device. Called NetHunter, the distribution provides much of the power of Kali with the addition of a browser-driven set of tools that can be used to launch attacks on wireless networks or on unattended computers via a USB connection.
NetHunter is still in its early stages, but it already includes the ability to have the Nexus device emulate a USB human interface device (HID) and launch keyboard attacks on PCs that can be used to automatically elevate privileges on a Windows PC and install a reverse-HTTP tunnel to a remote workstation. It also includes an implementation of the BadUSB man-in-the-middle attack, which can force a Windows PC to recognize the USB-connected phone as a network adapter and re-route all the PC’s traffic through it for monitoring purposes.
In a phone interview with Ars, Offensive Security’s lead trainer and developer Mati Aharoni said that while NetHunter can be compiled to run on Android devices other than the Nexus family, “part of the reason we chose Nexus devices was because of the specific kernel sources we were able to get from Google. "The Nexus devices supported by NetHunter include the Nexus 5 ("hammerhead"), Nexus 7 (both 2012 and 2013 versions), and the Nexus 10 ("mantaray").
Posted by InfoSec News on Sep 23http://www.navytimes.com/article/20140922/NEWS04/309220034/Active-reserve-components-spar-over-sexy-cyber-mission
Posted by InfoSec News on Sep 23http://techcrunch.com/2014/09/22/duo-security-12m-benchmark/
Posted by InfoSec News on Sep 23http://arstechnica.com/security/2014/09/home-depots-former-security-architect-had-history-of-techno-sabotage/
Posted by InfoSec News on Sep 23http://www.washingtonpost.com/politics/secret-service-study-from-1990s-found-white-house-vulnerable-to-fence-jumpers/2014/09/22/b1cf4f4e-4272-11e4-b47c-f5889e061e5f_story.html
Posted by InfoSec News on Sep 23http://www.telegraph.co.uk/education/educationnews/11111584/GCHQ-employs-more-than-100-dyslexic-and-dyspraxic-spies.html