Hackin9

InfoSec News

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Some of the tablet makers at a launch event for Intel's "Clover Trail" processor emphasized the business smarts of their products as a way to distinguish them from Apple's market-leading iPad.
 
Mozilla launched the first beta version of its browser-independent website authentication system, Persona, on Thursday and hopes to convince the Web developer community to give it a try.
 
Malicious utilities were created using the fraudulent certificates to appear to be valid Adobe products running on Windows systems.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Research In Motion reported a net loss of $235 million for the second quarter on revenues of $2.9 billion.
 
Congress should invest $5 billion in the country's education system -- particularly in math, science and technology education -- over the next 10 years and pay for it with increased fees on high-skill immigration, a Microsoft executive said.
 
CoSoSys Endpoint Protector CVE-2012-2994 Predictable Password Generation Vulnerability
 
Western Digital today announced it is selling 7200RPM, 4TB hard drives, just as it announced in the spring. The difference? In the spring it rolled out 4TB drives from its HGST subsidiary.
 
Research In Motion reported a net loss of $235 million for the second quarter on revenues of $2.9 billion.
 
U.S. law enforcement surveillance of email and other Internet communication has skyrocketed in the last two years, according to data obtained by the American Civil Liberties Union.
 
SAP could be close to announcing the general availability of its foray into the PaaS (platform-as-a-service) market, NetWeaver Cloud, which will go up against rival offerings from the likes of Oracle and Salesforce.com.
 
Less than two months into its mission, NASA scientist say the Curiosity rover has found evidence of a "vigorous" thousand-year water flow on the surface of Mars.
 
iPhone users frustrated with the inaccuracies in Apple's Maps app might get another choice for finding where they want to go from rival Google.
 
GNU Emacs EDE Component Remote Code Execution Vulnerability
 
Most distributed denial-of-service attacks are easily filtered out, but individuals with the technical skills can mirror legitimate traffic.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Stardock yesterday started selling the $5 Start8, a tool that restores a Start button to the desktop of Windows 8.
 
U.S. law enforcement surveillance of email and other Internet communication has skyrocketed in the last two years, according to data obtained by the American Civil Liberties Union.
 
Samsung on Thursday afternoon sent out press invitations proclaiming that "the next big thing is here" and told reporters to save the date of Oct. 24 for an event in New York.
 
Overview

Our feature today is a page we just launched, the Glossary:Terms and Definitions page at https://isc.sans.edu/glossary.html! This page allows for browsing and list filtering of Computer and Security-related terms and definitions. There is also an API at https://isc.sans.edu/api/#glossary which I'll also detail below.

We will soon be adding a Suggest a New Term or Definition form where you can contribute your thoughts to the list.
Features
Overview - https://isc.sans.edu/glossary.html#overview

Description of page sections, API and displays current number of Terms in the system.
List of Terms - https://isc.sans.edu/glossary.html#terms

Text box will dynamically filter the multi-column list to terms that contain what you enter. For example, if you start typing 'by' the list will be restricted to terms such as 'byte' and 'gethostbyaddr'. Delete characters you've typed to expand list back to all terms.

Clicking the term will jump down to the matching Term and Definition section.
List of Definitions - https://isc.sans.edu/glossary.html#definitions

A heading row with the Alpha-numeric preface is above each section. The quick links under the title at the top of the page contains number and letter links to each header section such as https://isc.sans.edu/glossary.html#A.

The term and definition list alphabetically. Keep an eye out for a Share Term and Suggest a definition link soon.
Glossary API - https://isc.sans.edu/api/#glossary

The API outputs all terms and definitions by default. https://isc.sans.edu/api/glossary

You can add a partial or full word to the url to search for a matching term. https://isc.sans.edu/api/glossary/data

As a reminder, all content is governed under the Creative Common share alike attribution policy. More details can be found at http://creativecommons.org/licenses/by-nc/3.0/us/ and https://isc.sans.edu/privacy.html
Post suggestions or comments in the section below or send us any questions or comments in the contact form on https://isc.sans.edu/contact.html#contact-form

--

Adam Swanger, Web Developer (GWEB, GWAPT)

Internet Storm Center https://isc.sans.edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Samsung on Thursday afternoon sent out press invitations proclaiming that "the next big thing is here" and told reporters to save the date of Oct. 24 for an event in New York.
 
 
A long Apple certification process for iPhone accessories is delaying the release of docking and power accessories with Lightning ports to connect directly with the iPhone 5, which started shipping last week.
 
Sharp is teetering on insolvency as its prices are repeatedly undercut by foreign rivals; Foxconn cranks out more electronic goods than any other company. This is their story.
 
[IMF 2013] 2nd Call for Papers
 
[SECURITY] [DSA 2552-1] tiff security update
 
AT&T will exclusively offer the first touchscreen-enabled mobile hotspot, the new MiFi Liberate, for use with its emerging LTE network, the carrier announced.
 
Yahoo has partnered with Media.net to launch an ad network for Web publishers that will compete against Google's AdSense and similar services.
 
The fact that Android smartphones automatically use injected USSD codes is causing a stir. When a prepared web site is opened, it can automatically dial a USSD code that can, for example, make the phone's SIM card stop working


 
[SECURITY] [DSA 2554-1] iceape security update
 
Cisco Security Advisory: Cisco Catalyst 4500E Series Switch with Cisco Catalyst Supervisor Engine 7L-E Denial of Service Vulnerability
 
NGS00254 Patch Notification: Apple Mac OS X Lion USB Hub Class Hub Descriptor Arbitrary Code Execution
 
XSS in OSSEC wui 0.3
 
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities
 
Cisco Security Advisory: Cisco IOS Software Malformed Border Gateway Protocol Attribute Vulnerability
 
Cisco Security Advisory: Cisco Unified Communications Manager Session Initiation Protocol Denial of Service Vulnerability
 
[SECURITY] [DSA 2550-2] asterisk regression update
 
-Kevin -- ISC Handler on Duty (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The U.S. is trying to erect a national regime of secrecy and obfuscation where any government employee revealing sensitive information to a media organization can be sentenced to death, life imprisonment, or for espionage, WikiLeaks founder Julian Assange told a U.N. forum Wednesday.
 
Advanced Micro Devices' latest A-series quad-core desktop processors balance the need for speed with price -- they run at up to 4.2GHz, but can be overclocked to 6.5GHz with liquid nitrogen cooling, the company said.
 
BlackBerry app developers see turnaround for RIM, thanks to upcoming UI improvements and new development options
 
NoSQL databases like MongoDB are great for some tasks but not for others. Is it MongoDB's fault if misguided developers use it to solve the wrong problem?
 
Toshiba's plans to put on sale worldwide next year its second generation of TVs that boast the ability to display images that exceed today's high-definition sets.
 
The generic use of the term 'app store' is not false advertising, and a federal court in California should grant partial summary judgment for Amazon.com on Apple's false advertising claim, the Internet retailer said in a filing on Wednesday.
 
After months of heralding its Clover Trail processor for Windows 8 tablets, Intel on Thursday unveiled the chip that it believes is its ticket to success in the ARM-dominated market.
 
Google Apps will not support the downloading of documents in older Microsoft Office formats starting on Monday, the company said on Wednesday.
 
Hate having to record your expenditures for the IRS or your company's accounting department? These iPhone and Android apps can make it easier to track your expenses.
 
As many as half of wind energy jobs -- mostly in the U.S. -- may disappear if a tax credit is allowed to expire at year-end, say industry reports.
 

Posted by InfoSec News on Sep 27

Forwarded from: Wenyuan Xu <wyxu (at) cse.sc.edu>

------------------------------------------------------------------------------------------------------------------------
                  The Sixth ACM* Conference on Security and Privacy
                 in Wireless and Mobile Networks

                                  ACM WiSec '13

                               ...
 

Posted by InfoSec News on Sep 27

http://www.computerworld.com/s/article/9231721/Wells_Fargo_recovers_after_site_outage

By Jeremy Kirk
IDG News Service
September 26, 2012

Wells Fargo's website experience intermittent outages on Tuesday, while
the hacker group claiming responsibility threatened to hit U.S. Bancorp
and PNC Financial Services Group over the next two days.

Wells Fargo apologized on Twitter for the disruption, saying it was
working to restore access. By...
 

Posted by InfoSec News on Sep 27

http://www.informationweek.com/security/application-security/java-vulnerability-affects-1-billion-plu/240007985

By Mathew J. Schwartz
InformationWeek
September 26, 2012

Anyone still using a Java plug-in in their Web browser, beware: Another major,
new--and as yet unpatched--vulnerability has been spotted in Java.

Unfortunately, unlike a number of the other, recently spotted Java bugs,
the latest security issue affects not just the current,...
 

Posted by InfoSec News on Sep 27

http://www.darkreading.com/database-security/167901020/security/security-management/240008014/don-t-waste-your-money-on-cyber-breach-insurance.html

By Kelly Jackson Higgins
Dark Reading
Sep 26, 2012

As an increasing number of businesses are starting to look at cyber
breach insurance as a tool to mitigate the risks of data breaches, IT
security pros need to be prepared to help their organizations avoid the
hazards of choosing a policy that...
 

Posted by InfoSec News on Sep 27

http://www.washingtonpost.com/investigations/in-cyberattacks-hacking-humans-is-highly-effective-way-to-access-systems/2012/09/26/2da66866-ddab-11e1-8e43-4a3c4375504a_story.html

By Robert O’Harrow Jr.
The Washington Post
Zero Day
September 26, 2012

The e-mails arrived like poison darts from cyberspace.

Some went to the Chertoff Group, a national security consulting firm in
Washington. Others targeted intelligence contractors, gas pipeline...
 
Internet Storm Center Infocon Status