Hackin9

Will McAfee's hacking hyperbole hatchet job kill the trillion-dollar myth?
ZDNet (blog)
As we enter the Blackhat-Defcon hacker conference season when infosec vendors will be pimping their wares so strongly, we'll be bombarded with yet another round of reasons to be fearful. Might I suggest that the infosec industry, relying as it does on ...

and more »
 

The Internet Systems Consortium has released a security advisory involving ISC BIND nameserver.  Per the advisory,  a specially crafted DNS query could cause the DNS service to terminate leading to a Denial of Service.  This security issue can be exploited remotely and has been seen in the wild by multiple ISC customers.  It is recommended that DNS server administrators utilizing ISC Bind upgrate to the newest patched release.  More information  is available at https://kb.isc.org/article/AA-01015

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

InternetNews.com (blog)

InfoSec community mourns the loss of well-known hacker Barnaby Jack
Network World
Known for his work on embedded devices, from the financial world to the medical one, the 35 year-old hacker was a beloved family member to the InfoSec community. [ALSO: Most notable tech deaths of 2013]. According to the San Francisco Medical ...
RIP Barnaby Jack: The infosec community loses a starCSO (blog)
Black Hat and the InfoSec Community Lose Barnaby JackInternetNews.com (blog)
Hacker Barnaby Jack dies in San Francisco aged 35The Guardian

all 62 news articles »
 
Google is shutting down the Google+ Local places and discovery app for iOS devices and will be transitioning its features over to its Maps app, the company said Friday.
 
Tech earnings this week highlighted the importance of mobile communications to IT, as companies including Apple, Samsung, Facebook, AT&T and Texas Instruments reported mixed results for the quarter ending in June.
 
Social networking giant Facebook has taken another step at making the PHP Web programming language run more quickly. The company has developed a PHP Virtual Machine that it says can execute the language as much as nine times as quickly as running PHP natively on large systems.
 
Analysts argued today over the significance of Apple's falling market share, reflecting the uncertainties the Cupertino, Calif. company faces in a transition to lower profits.
 
This year's Oracle OpenWorld conference is still a couple of months away, but the vendor has already provided an ample sneak peek into what's in store for attendees of the show.
 
Noted hacker Barnaby Jack, known for exposing vulnerabilities in ATM machines and medical devices, died in San Francisco Thursday, just days before he was scheduled to speak on deadly security shortcomings in medical implants at next week's Black Hat security conference.
 

InternetNews.com (blog)

InfoSec community mourns the loss of well-known hacker Barnaby Jack
CSO
Known for his work on embedded devices, from the financial world to the medical one, the 35 year-old hacker was a beloved family member to the InfoSec community. According to the San Francisco Medical Examiner, Barnaby Jack passed-away on ...
Black Hat and the InfoSec Community Lose Barnaby JackInternetNews.com (blog)
Hacker Barnaby Jack dies in San Francisco aged 35The Guardian

all 66 news articles »
 

Most IT pros assume big brother is spying on corporate data
GigaOM
More specifically, 62 percent of respondents polled at the big Infosec Europe conference said they think the government is looking at their stores of corporate data. What's notable about that is that the show (and the survey) took place in April, two ...

and more »
 
The U.S. will not seek the death penalty for Edward Snowden, the former intelligence contractor responsible for leaking documents revealing classified government surveillance programs, according to a recent letter from attorney general Eric Holder.
 
Dell has started shipping its thumb-size PC called Project Ophelia to beta testers and is preparing to ship the final product in the coming months.
 
Samsung is now mass producing 16GB, 32GB and 64GB embedded memory cards that have 400MB/sec interface speeds, almost triple the performance of its current embedded mobile memory.
 
Google's $35 Chromecast dongle for beaming video and music to HD TV's from smartphones, tablets and laptops appears to be a clear hit for use in America's living rooms. But what about in the enterprise? Not so fast, analysts said.
 
These days, and with the help of Cisco and EMC, Intel is dipping its toes into the networking and storage ends of the enterprise technology pool. Add this to Intel's server expertise and the data center of the future may be at hand.
 
LinuxSecurity.com: Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service. [More...]
 
LinuxSecurity.com: A buffer overflow has been discovered in the Radius extension for PHP. The function handling Vendor Specific Attributes assumed that the attributes given would always be of valid length. An attacker could use this assumption to trigger a buffer overflow. [More...]
 
LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in squid: Due to incorrect data validation Squid is vulnerable to a buffer overflow attack when processing specially crafted HTTP requests. This problem allows any trusted client or client script who can generate [More...]
 
LinuxSecurity.com: Several security issues were fixed in MySQL.
 
LinuxSecurity.com: A vulnerability has been discovered and corrected in ruby: A flaw was found in Ruby's SSL client's hostname identity check when handling certificates that contain hostnames with NULL bytes. An attacker could potentially exploit this flaw to conduct [More...]
 
LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in ruby: The safe-level feature in Ruby 1.8.7 allows context-dependent attackers to modify strings via the NameError#to_s method when operating on Ruby objects. NOTE: this issue is due to an incomplete fix for [More...]
 

InternetNews.com (blog)

Black Hat and the InfoSec Community Lose Barnaby Jack
InternetNews.com (blog)
I woke up this morning to check my email, in the hope that I got an overnight confirmation from celebrated hacker extraordinaire Barnaby Jack that we'd be talking soon about his upcoming Black Hat session. Instead, my inbox/twitter stream was filled ...
Hacker Barnaby Jack dies in San Francisco aged 35The Guardian

all 27 news articles »
 
JBoss Enterprise Application Platform CVE-2011-4605 Security Bypass Vulnerability
 
JBoss Enterprise Application Platform Remote Denial of Service Vulnerability
 
JBoss Enterprise Application Platform Multiple Vulnerabilities
 

Banner Year for SANS in Europe as Demand for Infosec Training Grows
Infosecurity Magazine
“There is an increasingly high demand for skilled infosec professionals across Europe and an on-going requirement for current, real-world security training,” said Matt Anderson, director, EMEA, at the SANS Institute, “We noticed a significant increase ...

 
Indian outsourcer Wipro grew revenue and profits in the second quarter, citing improved demand.
 
Cisco Adaptive Security Appliance (ASA) Software CVE-2013-3414 Cross Site Scripting Vulnerability
 
[ MDVSA-2013:201 ] ruby
 

UK gov: Brit biz barons, get your privates in check before the spooks arrive
Register
Brian Honan, an experienced infosec consultant, told El Reg that unless the cyber government health checks are regularly carried out they will have little benefit. He pointed out since the scheme is voluntary take up rates remain uncertain. "On the ...

and more »
 
Microsoft estimates that 88% of botnets running the Citadel financial malware were disrupted as a result of a takedown operation launched by the company in collaboration with the FBI and partners in technology and financial services. The operation was originally announced on June 5.
 
A career coach describes ways to deal with a transition between jobs. Hint: Don't call yourself 'unemployed.'
 
IBM Social Media Analytics Unspecified Cross Site Scripting Vulnerability
 
[ MDVSA-2013:200 ] ruby
 
Blackberry is laying off 250 employees, or around 2 percent of its workforce, at its new product testing facility, the company said Friday.
 
Apple's share of the smartphone market dropped in the second quarter to its lowest level in three years, research firm Strategy Analytics said.
 
An open-source software project aims to give software developers a simple way to wrap encryption into their applications to thwart online surveillance efforts.
 
Apple is advising its customers in China to use the company's official USB power adapters when recharging their devices, as police continued an investigation into the death by electrocution of a local woman that may be linked to an iPhone.
 
NASA's newest telescope is giving scientists the clearest pictures yet of the sun's atmosphere, and in doing so could help mitigate the potentially devastating effects an extreme solar storm could have on our power and communications networks on Earth.
 
Sensors widely used in the energy industry to monitor industrial processes are vulnerable to attack from 40 miles away using radio transmitters, according to alarming new research.
 
Zynga will get "back to basics" and take a "longer term view" of its business after reporting that its user base has declined by almost a half in the past year.
 
With Google's Chromecast sold out and backordered for weeks, profiteers are offering the new stream-to-TV device for as much as $300 on eBay, a 757% markup.
 
SEC Consult SA-20130726-0 :: Multiple vulnerabilities - Surveillance via Symantec Web Gateway
 
Re: [Full-disclosure] nginx exploit documentation, about a generic way to exploit Linux targets
 
CVE-2013-4156: OpenOffice DOCM Memory Corruption Vulnerability
 

Posted by InfoSec News on Jul 26

http://www.wired.com/threatlevel/2013/07/albert-gonzalez-conspirators/

By Kim Zetter
Threat Level
Wired.com
07.25.13

Four Russians and one Ukrainian have been charged with masterminding a
massive hacking spree that was responsible for stealing more than 160
million bank card numbers from companies in the U.S. over a seven-year
period.

The alleged hackers were behind some of the most notorious breaches for
which hacker Albert Gonzalez was...
 

Posted by InfoSec News on Jul 26

http://www.nextgov.com/cybersecurity/2013/07/maryland-and-estonian-civilians-take-arms-against-hackers/67370/

By Aliya Sternstein
NextGov.com
July 25, 2013

Maryland has started a volunteer netwarfare squad that the Estonian
ambassador likens to her country's groundbreaking civilian cyber reserve,
which was assembled after neighboring Russia allegedly shut down the
former Soviet state's Internet access in 2007.

The "denial of...
 

Posted by InfoSec News on Jul 26

https://www.computerworld.com/s/article/9241075/PayPal_opens_bug_bounty_program_to_minors

By Jeremy Kirk
IDG News Service
July 25, 2013

PayPal is opening up its bug bounty program to individuals aged 14 and
older, a move intended to reward younger researchers who are technically
ineligible to hold full-fledged PayPal accounts.

PayPal's program, which is a year old this month, only applied to those 18
years and older. Under the old...
 

Posted by InfoSec News on Jul 26

http://arstechnica.com/information-technology/2013/07/poker-player-who-won-1-5-million-charged-with-running-android-malware-ring/

By Jon Brodkin
Ars Technica
July 25, 2013

A man who has won about $1.5 million in poker tournaments has been
arrested and charged with running an operation that combined spam, Android
malware, and a fake dating website to scam victims out of $3.9 million,
according to Symantec.

Symantec worked with investigators...
 

Posted by InfoSec News on Jul 26

http://www.infosecnews.org/how-to-enjoy-a-black-hat-usa-and-or-def-con-convention/

By William Knowles
Senior Editor
InfoSec News
July 26, 2013

Probably the best article I have seen in regards to making the most of
conventions was written by Daniel Ryan, an Associate Professor of
Sociology at Mills College. I’ll try to add some additional wisdom from
attending about 9 Black Hat Las Vegas Briefings and 15 DEFCON conventions.

Upon checking...
 
Meet the folks of ws-attacker, BeEF, WAHH, sqlmap, Zed Attack Proxy, OWASP Top10, DOMinator, Minion, Mallodroid, and the inglorious bastards aka HackPra Allstars
 
CVE-2013-2189: OpenOffice DOC Memory Corruption Vulnerability
 
CA20130725-01: Security Notice for CA Service Desk Manager
 
[SECURITY] [DSA 2727-1] openjdk-6 security update
 
Xymon Systems and Network Monitor - remote file deletion vulnerability
 
[ MDVSA-2013:199 ] squid
 
Symantec Web Gateway CVE-2013-4672 Remote Command Execution Vulnerability
 
Symantec Web Gateway CVE-2013-4670 Cross Site Scripting and HTML Injection Vulnerabilities
 
Symantec Web Gateway CVE-2013-4671 Cross Site Request Forgery Vulnerability
 
[security bulletin] HPSBMU02894 rev.1 - HP Network Node Manager I (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Access, Execution of Arbitrary Code
 
[SECURITY] [DSA 2726-1] php-radius security update
 
Symantec Web Gateway CVE-2013-4673 Remote Command Execution Vulnerability
 
Symantec Web Gateway CVE-2013-1617 SQL Injection Vulnerability
 
Internet Storm Center Infocon Status