Western Digital plans to acquire sTec to boost its presence in the market for enterprise solid-state drives.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Implementing Hardware Roots of Trust: A New Guide to Hardware Security ...
Sacramento Bee
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...

and more »
New legislation aims to reform the Patriot and FISA Amendments Acts to apply greater oversight and control to the government's surveillance programs.
While mobile payments transform financial life in many less developed countries, retailers and payment providers in the U.S. and Europe are still trying to find the right incentives to drive adoption.
Sales of devices based on Apple's Mac OS and iOS will overtake those of products running all flavors of Windows in 2015, a Gartner analyst predicted Monday.
Call it another brick in the wall. The surviving members of Pink Floyd have gotten together to slam Pandora for its support of an Internet radio bill that the rockers say would lead to an 85 percent pay cut for musicians.
Oracle and Microsoft have announced a partnership that will see Oracle's database, application server, Java programming language and other products find a home inside Microsoft's Azure cloud service.
Gartner today projected that the overall decline in shipments of desktop and laptop PC's will be 10.6% in 2013, while tablet shipments will grow by 67.9%.

Password and credit-card details leak online every day. So no one really knows just how much personally identifiable information is available by clicking on the right link to Pastebin, Pastie, or similar sites. Using a platform that runs on the hobbyist Raspberry Pi platform to drink from this fire hose, a security researcher has cataloged more than 3,000 such posts in less than three months while adding scores more each week.

Dumpmon, as the project is called, is a bot that monitors Twitter messages for Web links containing account credentials, sensitive account information, and other "interesting" content. Since its debut on April 3, it has captured more than 3,300 records containing 1.1 million addresses, most of which are accompanied by the plaintext or cryptographic hash of an associated password. The project has also unearthed social security and driver license numbers, credit card data, and other information that could be used to hijack user accounts or commit identity theft. On average, Dumpmon collects 51 such posts each day.

"It was mainly trying to determine how much information is being hidden from plain view and finding out how much information can be found just by looking in the right place," said Jordan Wright, a security engineer for CoNetrix. (Wright created the Dumpmon as an independent side project.) "It's pretty incredible. I wasn't expecting as much information as I found. I was expecting a lot less for sure."

Read 10 remaining paragraphs | Comments

U.S. officials Monday testily asked the Russian government to expel fugitive document leaker Edward Snowden, who arrived there Sunday after spending several days in hiding in Hong Kong.
Gartner today downgraded its estimate of Windows' 18-month future, saying that Microsoft's platform will take a hit this year, then rebound in 2014 at a more muted pace than it forecast two months ago.
When Rusty, the red panda, went missing Sunday night from his exhibit at the Smithsonian's National Zoo in Washington, zookeepers turned to Twitter to find him.
The U.S. Federal Communications Commission should limit the two largest U.S. mobile carriers from buying too much spectrum in an upcoming auction, but the agency should also set a minimum price for the spectrum as a way to ensure that it receives the revenues projected, carrier T-Mobile USA proposed Monday.
Ecuador is considering an asylum request from National Security Agency leaker Edward Snowden and has been maintaining diplomatic contact with Russia, said Ricardo Patio Aroca, Ecuador's minister of Foreign Affairs, Trade and Integration, on Monday.
Linux Kernel 'perf' Multiple Denial of Service and Information Disclosure Vulnerabilities

7 of 10 leading WordPress plugins are vulnerable
Network World (blog)
I had a chance to speak with Maty Siman, CTO and co-founder of Checkmarx, and my friend Noa Bar Yosef, who is an advisor to Checkmarx and is well-known in the infosec community. Maty and Noa told me that Instances of insecure or hacked WordPress ...

and more »
Anticipating a greater need for large-scale enterprise messaging, Software AG has rebranded its messaging software, integrated it with its Terracotta in-memory storage technology, and is now is pitching the product outside its initial market of large financial firms.
Two spacewalking cosmonauts Monday are preparing the outside of the International Space Station for the addition of a new Russian lab.
U.S. officials should be condemned for "bullying" other nations in their attempts to get them to turn over Edward Snowden, the former U.S. National Security Agency contractor, who leaked classified information on massive surveillance programs there, WikiLeaks founder Julian Assange said Monday.
The French government's accounts payable system, Chorus, is back online after a four-day outage, the French State Financial Computing Agency (AIFE) announced Monday.
Microsoft will webcast the opening keynote of its BUILD developers conference Wednesday starting at 9 a.m. PT (noon ET).

Web Scraping, Sweden, and Detection vs. Prevention
Infosecurity Magazine
On Friday I met with Mathias Elvang, head of consulting services at Stockholm-based security consultancy firm, Sentor. We touched on the information security market in Sweden – by the sounds of it, it's pretty small – and then the issue of web scraping.

Establishment of Cookie Clearinghouse shows support for user choice to be little more than rhetoric. (Insider; registration required)

7 of 10 leading WordPress plugins are vulnerable
Network World
I had a chance to speak with Maty Siman, CTO and co-founder of Checkmarx and my friend Noa Bar Yosef, who is an advisor to Checkmarx and well known in the infosec community. Maty and Noa related to me that Instances of insecure or hacked WordPress ...

and more »
Three new Android-based Samsung Galaxy Tab 3 tablets will go on sale in the U.S. on July 7, with the 7-in. model starting at $199.
AT&T kicked off a smartphone trade-in deal today that knocks 50% off the price of several of the newest smartphones -- including the iPhone 5 and Samsung Galaxy S4 -- subject to a new two-year agreement.
While finding a touchscreen for a desktop computer is nearly impossible, and finding a touchscreen notebook computer takes some searching, touchscreen ultrabooks are readily available. These thin, light and relatively compact computers are intended to be portable and to be used at a moment's notice. Adding touch seems a natural thing to do.
The way in which European cloud computing contracts are drawn up is to come under scrutiny by a team of experts.
Like in the Google Play Store, developers' submissions to the Chrome Web Store will now be checked for malware after they are uploaded

Fusion-io is updating its ioTurbine caching software to help more types of enterprises integrate flash-based cache into virtualized computing environments.
First up this week, a white paper or report or ... I have no idea what these things should be called any more ... maybe a "glorified press release"? Whatever. Let's call it "a study" from Checkmarx, a company that specializes in automated security code review, titled "The Security State of WordPress' top 50 Plugins."
LinuxSecurity.com: New curl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. [More Info...]
LinuxSecurity.com: HAProxy could be made to crash if it received specially crafted networktraffic.
LinuxSecurity.com: Mesa could be made to crash or run programs as your login if it receivedspecially crafted input.
LinuxSecurity.com: Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More...]
LinuxSecurity.com: Updated tomcat6 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
Linux Kernel Bluetooth Sysfs File Local Privilege Escalation Vulnerability


InfoSec Community: Think Global
When Richard Nealon first sat for his CISSP exam, he was struck by how U.S.-centric the questions were. Since then, he has strived to promote greater awareness of global information security concerns. He raised his exam concerns with an (ISC)² member, ...

and more »
Edward Snowden, the former U.S. National Security Agency contractor who leaked information about the country's surveillance programs, left Hong Kong Sunday to a third country.
Hewlett-Packard is also bringing Android to the PC, and has unveiled a 21.5-inch all-in-one desktop installed with Google's operating system.
Samsung's upcoming 13.3-in. ATIV Q convertible tablet runs both Windows 8 and Android and unfolds to function as a laptop. Despite such versatility, some analysts believe it might pose a support dilemma for IT shops and confuse average users.
Huawei AR Series Routers SNMPv3 Remote Stack Buffer Overflow Vulnerability
CFP: IEEE SafeConfig: 6th Symposium on Security Analytics and Automation (Deadline Extended)
Vodafone plans to acquire Germany's largest cable operator, Kabel Deutschland, for $10.1 billion as it looks to become more competitive by combining mobile, fixed broadband and TV subscriptions.
Things slowing down on your Wi-Fi network? Here are a host of tricks, tips and tweaks to speed up your wireless performance.
Microsoft is investing $678 million in the expansion of its data center in West Des Moines
Apple's board of directors has tied a massive stock grant given to CEO Tim Cook in 2011 to the company's performance, a move that could cost Cook $135 million over the next nine years at the current share price.
The WordPress developers have released WordPress 3.5.2, fixing 12 bugs in the open source blogging platform. The update also includes seven security fixes and all users should install it as soon as possible

McAfee's deinstalllation guides, Spy Pi, the coming Javapocalypse, Spotify's Unicode upset, BSides BSlides and PRISM presaged

[slackware-security] curl (SSA:2013-174-01)


Security conference wracked with sexual assault allegation
After her blog post she said that her "duty was done" and she did not want to be the representative for infosec feminism. Gont, on the other hand, has written a blog in reply where he seems to call Weidman, who is not named, mentally ill - and implies ...

Japan's Sharp said Monday that it has received a second $60 million investment from Qualcomm, as the two companies work together to mass produce low-power, high-performance displays for mobile devices.
Samsung's upcoming 13.3-in. ATIV Q convertible tablet runs both Windows 8 and Android and unfolds to function as a laptop. Despite such versatility, some analysts believe it might pose a support dilemma for IT shops and confuse average users.
Microsoft is investing US$678 million in the expansion of its data center in West Des Moines, Iowa.
Xen CVE-2013-2196 Remote Privilege Escalation Vulnerability
Xen CVE-2013-2194 Remote Privilege Escalation Vulnerability
Xen CVE-2013-2195 Pointer Dereference Privilege Escalation Vulnerability
Drupal Inf08 Module HTML Injection Vulnerability
Linksys X3000 - Multiple Vulnerabilities
ASUS RT-N66U Router - HTTPS Directory traversal and full file access and credential disclosure vuln
GreHack 2013 - CFP ends on June, 30 - Conf: Nov. 15, Grenoble, France
FreeBSD Security Advisory FreeBSD-SA-13:06.mmap [REVISED]

Posted by InfoSec News on Jun 24


By Lana Lam and Stephen Chen
South China Morning Post
June 23, 2013

The US government is hacking Chinese mobile phone companies to steal
millions of text messages, Edward Snowden has told the South China Morning
Post. And the former National Security Agency contractor claims he has the
evidence to prove it.

The former CIA...

Posted by InfoSec News on Jun 24


By Eric Chabrow
Bank Info Security
June 21, 2013

Robert Bigman, former CISO at the CIA, says many government agencies and
other organizations have yet to take adequate steps to prevent rogue
systems administrators from accessing sensitive information on systems
they manage.

"If you don't have vigorous security oversight, you tend to fall into the...

Posted by InfoSec News on Jun 24


By Jennifer Van Grove
June 21, 2013

Facebook is alerting 6 million of its users that their e-mails or phone
numbers were inadvertently shared with other members.

The social network said Friday that it has discovered and patched a bug in
its "Download Your Information" tool that unintentionally exposed some
members' contact...

Posted by InfoSec News on Jun 24


By R. Zamanov
22 June 2013

Iran Oil Ministry's Director for Information and Communication Technology
Ahmad Tolayi rejected the reports of a cyber attack on the ministry's
computer network, the IRNA News Agency reported.

The oil ministry's website is down due to some technical problems with
optical fibers, Tolayi explained.

He further said that the security of oil...

Posted by InfoSec News on Jun 24


By William Knowles
Senior Editor
InfoSec News
June 19, 2013

I’m at a loss for words, and honestly, what do you expect from an
eccentric millionaire security professional who’s wanted for questioning
about the death of his next door neighbor in Belize? This video (with
comments disabled) is billed as a comedy features John McAfee and his
alter-ego, a.k.a....
Internet Storm Center Infocon Status