Hackin9

InfoSec News

Java caching software provider Terracotta and database provider Tokutek have each released new offerings designed to entice organizations to try new ways of storing data, from running in-memory databases to using solid state disks to speed performance.
 
Google on Tuesday released a Chrome upgrade that improves how the browser renders 3D applications, including mouse-controlled games.
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3970 Use-After-Free Memory CorruptionVulnerability
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Many mobile browsers do support tel urls, These URLs start with tel: instead of http:, and can be used to create call me links on web pages. Usually, if a user clicks on one of these links, the phone will present a dialog, confirming if the user would like to dial the number.
However, some Android phones use special dial codes to access some of the phone's features. These codes are known as USSD codes (Unstructured Suplemental Service Data), and reasonably well documented. For example, if you type *#06# on your phone, it will show it's IMEI number before you hit dial (this works on most GSM phones, not just Android phones). Some Android phones add their own proprietary codes. For example, the Samsung Galaxy S3 phone has a code like this to perform a factory reset, which will delete all data on the phone, and once started, can not be canceled. As no dial action is required for these codes, just clicking the URL will execute the feature.
Here a quick test link that will show the IMEI:*#06#(iPhones will ask for confirmation first)
Demo video:http://www.youtube.com/watch?v=Q2-0B04HPhs
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
With the introduction of the My Book VelociRaptor Duo, Western Digital adds another Thunderbolt-ready model to its growing line of My Book desktop storage devices. The VelociRaptor Duo takes Western Digital's My Book Thunderbolt Duo and gives it a significant performance boost by replacing WD's Green drive mechanisms with its VelociRaptor mechanisms. With these 10,000-rpm drives inside--to go along with the 10 Gbps Thunderbolt connectivity--the VelociRaptor Duo is intended to rival the performance of solid state drives, and in our tests, it proved to be more than a worthy competitor.
 
Google is known for setting ambitious targets for itself, and it's apparently making no exception for self-driving cars. Such "autonomous vehicles" will be a reality for "ordinary people" in less than five years, Google CEO Sergey Brin said on Tuesday.
 
Yahoo will replace CFO Tim Morse this fall in what may be the latest move by recently appointed CEO Marissa Mayer to put her own mark on the company's leadership.
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-3957 Heap Buffer Overflow Vulnerability
 
IBM announced on Tuesday that its president and CEO, Virginia Rometty, would become chairman starting Oct. 1.
 
Enterprises should ask a lot of questions when a vendor touts its business intelligence products as being fully integrated with Hadoop, Forrester analyst Boris Evelson warned.
 
The U.S. Federal Trade Commission has reached proposed settlements with a software vendor and seven rent-to-own stores after the agency accused them of installing spyware on rented computers that captured screenshots of personal information, logged keystrokes and, in some cases, took webcam pictures of people in their homes.
 
New and improved archiving capabilities in Exchange 2013 make it easier for IT administrators to store and manage messages, and improve accessibility for end users, Microsoft said Tuesday at its Exchange Conference in Orlando.
 
Many signs suggest that Oracle is about to introduce a next-generation version of the Exadata database machine, the first and apparently most successful of its "engineered systems" that combine Oracle software with servers, networking and storage.
 
The U.S. Federal Communications Commission needs to be a "cop on the beat" to ensure mobile and broadband competition across the country, the agency's chairman said Tuesday.
 
The iPhone 5 is "geometrically more complex" than Apple's previous smartphones, a teardown expert at IHS iSuppli said today after taking apart the company's newest device.
 
Yahoo's new CEO Marissa Mayer reportedly detailed her plans to rebuild the Internet company to Yahoo employees today at a meeting.
 
RIM CEO Thorstein Heins Tuesday reassured some 1,500 developers at the BlackBerry Jam Americas conference that the company's BlackBerry10 smartphones are on track to launch in next year's first quarter.
 
Hitachi Data Systems has released its Hitachi Unified Storage VM, its first unified platform with enterprise virtualization for all data types, including file, block and objects.
 
 
Smarty 'SmartyException' Class Cross Site Scripting Vulnerability
 
Brookstone's newest wireless spy tank can be controlled by both Android and iOS devices and has more capabilities than its predecessor like the ability to record video, tilt its camera up and down, and speak and listen to subjects during surveillance.
 
The final specification of DDR4 DRAM, which will help PCs run faster through more power-efficient data transfers, was published Tuesday.
 
Recognizing that developers are working with an increasing number of browser technologies to build their Web applications, Google engineers, along with contributors from other companies, have posted a new test suite for browsers.
 
Apple could be on the verge of losing the bans on sales of the Samsung Galaxy Tab it has won in German courts.
 
Auxilium PetRatePro Multiple Security Vulnerabilities
 
Once inside, skilled attackers can scout for exploitable flaws and set up private communication channels to support cyberespionage campaigns.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Users of Apple's new Maps app in iOS6 are encountering inaccurate maps, off-kilter points-of-interest, missing streets and addresses and more. Is the iOS 6 Maps controversy a black eye for Apple?
 
Communications regulators, drawing on recommendations from a recent mobile health task force report, look to launch initiatives that will facilitate broadband-enabled healthcare technologies, particularly for mobile apps.
 
Apache Tomcat Cookie Quote Handling Remote Information Disclosure Vulnerability
 
HP Application Lifecycle Management 'XGO.ocx' Multiple Remote Code Execution Vulnerabilities
 
UBB.threads 'Username' Field Cross Site Scripting Vulnerability
 
Apple reopened a reservation program today for iPhone 5 retail sales, telling customers it's their best chance of scoring a new smartphone anytime soon.
 
A bug in Samsung's proprietary code on its Android phones leaves many devices exposed to being remotely reset by visiting a web page, NFC or WAP Push. Phones running older versions of Samsung's customised version of Android are especially vulnerable


 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2012-0468 Memory Corruption Vulnerability
 
[Announcement] CHMag - Call for Articles
 
Barnes & Noble Tuesday announced that Nook Video will premiere this fall in the U.S. and UK. The service offers access to movies and TV shows for streaming and download.
 
WordPress Pretty Link Lite Plugin 'slug' Parameter Cross Site Scripting Vulnerability
 
SQLiteManager Multiple Cross Site Scripting Vulnerabilities
 
[waraxe-2012-SA#090] - Insecure SSL Connection in Thomson SpeedTouch ST780
 
[SE-2012-01] Critical security issue affecting Java SE 5/6/7
 
The popular alternative to texting still has a major security problem. While the company behind the app has yet to comment on that issue, it has been applying pressure on the developers of a PHP framework


 
Hitachi has developed a glass-based data storage medium that is highly heat and water resistant, capable of holding data for hundreds of millions of years, and says it may be able to bring it to market by 2015.
 
Apple on Monday began reminding some iCloud users that they will soon lose the 20GB of free storage they'd received when they migrated from MobileMe.
 
The risks are best mitigated by people who come from specific roles in your organization.
 
Toshiba plans to release its own hybrid hard drive, which will combine 8GB of NAND flash with 32MB of RAM in a drive that will have a total of 1TB of capacity.
 
Foxconn workers are blaming company security guards for Sunday's unrest at a manufacturing facility in China, claiming that the mass riot was the result of an escalating brawl between assembly line workers and security guards.
 
iFOBS 'regclientmain.jsp' Multiple HTML Injection Vulnerabilities
 
The tenants at this tech-oriented co-working space/business incubator have a resource they could not tap elsewhere: one another. Collaboration with strangers is, in fact, required for membership.
 
Nokia unveiled Tuesday two new models in its Asha Touch family which it claimed as its most affordable capacitive touchscreen devices.
 
A small New York-based company that specializes in exchanging Bitcoins is back online after hackers stole about $250,000 worth of the virtual currency earlier this month.
 
The U.S. Federal Trade Commission should analyze Facebook's relationship with a data marketer to ensure it doesn't violate the social networking site's recently approved settlement, the Electronic Privacy Information Center said Monday.
 
Microsoft has extended mainstream support for Windows Server 2008 by 18 months, and again reminded customers that the still-strong Windows XP will retire in April 2014.
 
Toshiba said Tuesday it will soon begin mass production of a new line of hybrid disk drives equipped with flash memory, touting them as a low-cost replacement for the solid-state drives used in ultrabook and laptop computers.
 
Project lead Guillaume Laforge explains what's in store for Groovy, and Grails lead Graeme Roche outlines that related framework's future
 
Update 5.1 of the iOS-based software for Apple TV devices addresses a number of security vulnerabilities that could be exploited by a remote attacker; for example, to cause a denial-of-service or execute arbitrary code


 
As their Sept. 1, 2012 regulatory deadline approached, Europeans began to hoard incandescent light bulbs, fearing that the warm yellow glow will be extinguished from their homes. The U.S. ban on the most popular light bulbs is fast approaching. Will we panic, too?
 

Posted by InfoSec News on Sep 25

Forwarded from: Francisco Moyano <moyano.uma (at) gmail.com>

** APOLOGIES FOR CROSS POSTINGS**

IFIPTM 2013- Call for Papers
 7th IFIP International Conference on Trust Management
Málaga, Spain
3-5 June 2013
http://conf2013.ifiptm.org/

IFIPTM 2013 invites submissions presenting novel research on all topics
related to Trust, Security and Privacy, including but not limited to:

Trust in Information Technology
* formal aspects...
 

Posted by InfoSec News on Sep 25

http://www.crn.com.au/News/316675,aussie-business-loses-3000-to-hacker-ransom.aspx

By Darren Pauli
CRN.com.au
Sep 24, 2012

A Northern Territory business has been forced to pay a $3000 ransom to
hackers who encrypted its financial records.

The business last week found it was locked out of accessing vital credit
and debitor invoice information stored on its network.

Hours after discovering the data, TDC Refrigeration and Electrical
received...
 

Posted by InfoSec News on Sep 25

http://www.clinical-innovation.com/index.php?option=com_articles&view=article&id=35217:ky-data-breach-affects-2500

By Editorial Staff
Clinical-Innovation.com
September 20, 2012

The Cabinet for Health and Family Services is informing approximately
2,500 clients by letter of a possible employee email account breach that
may have resulted in the unintentional release of information held by
the Cabinet’s Department for Community Based...
 

Posted by InfoSec News on Sep 25

http://arstechnica.com/security/2012/09/secret-microsoft-policy-limited-hotmail-passwords-to-16-characters/

By Dan Goodin
Ars Technica
Sept 24 2012

For years, Microsoft engineers have quietly limited Hotmail passwords to
16 characters, a revelation that has surprised and concerned some users
who have long entered passcodes twice that long to access accounts.

One such user is Costin Raiu, the director of the global research and
analysis team...
 

Posted by InfoSec News on Sep 25

http://www.zdnet.com/au/hackers-deface-old-uts-system-dump-user-database-7000004694/

By Michael Lee
ZDNet
September 24, 2012

One of the subdomains for the University of Technology, Sydney (UTS)
fell victim to an attack over the weekend, with hackers, going by the
names Apollo and 0day, defacing the sub-site and dumping user
information.

The two hackers left a message for the system administrators, telling
them to fix their security and to...
 
Samsung has filed for judgment as a matter of law and a new trial as an alternative, and questioned jury decisions in a number of areas in its patent dispute against Apple.
 
Apple supplier Foxconn reopened a manufacturing facility in China on Tuesday a day after it closed following a mass riot involving 2,000 workers that was later brought under control by local police.
 
Internet Storm Center Infocon Status