Hackin9
Oracle MySQL Server CVE-2012-0487 Remote MySQL Server Vulnerability
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Imagination Technologies, the UK company that designs the graphics chips for the iPhone and iPad, will release a new CPU design next year for low-power servers, the company's CEO said this week.
 
The price Verizon might pay to buy out its mobile subsidiary, reportedly $100 billion or more, is the most important thing that mobile users need to know about the potential deal.
 
The developers of the popular vBulletin commercial Internet forum software are investigating a potential exploit and advised users to delete the "install" directory from their deployments as a precaution.
 
Cisco Identity Services Engine CVE-2012-5744 Multiple Cross Site Scripting Vulnerabilities
 
Cisco IOS XR Software CVE-2013-3470 Denial of Service Vulnerability
 
Cisco Unified Computing System Memory Leak Multiple Local Denial of Service Vulnerabilities
 
Lobbyists derailed an effort by U.S. President Barack Obama's administration to create mobile privacy standards, a privacy group charged on Thursday, while some participants in the process conceded it lacked focus.
 
The PC market will weaken even further this year and Microsoft's upcoming Windows 8.1 OS will be unable to reverse the drop in shipments, IDC said.
 
Following through on an order earlier this year from President Obama, the National Institute of Standards and Technology is rapidly developing a set of guidelines and best practices to help organizations better secure their IT systems.
 
Microsoft MSRC RSS ASPX - CS Cross Site Web Vulnerability
 
Department of Transport UK - SQL Injection Vulnerability
 
UTA EDU University ENG - SQL Injection Vulnerability
 
Without saying exactly what it will be, Intel plans to make a "big splash" near the end of the year or the beginning of next with a product that can "overclock" solid-state drives (SSDs).
 
Facebook wants to be clear: It can use the names, profile pictures and other data of its members to deliver ads on the site.
 
Researcher IDC today slightly lowered its tablet shipment forecast for 2013 and beyond, blaming competition from larger-sized smartphones and futuristic wearable computing devices.
 
An Atlanta medical testing laboratory had billing information for more than 9,000 customers land on a peer-to-peer file-sharing network in 2008, the U.S. Federal Trade Commission has alleged.
 

The United States’ “black budget” for fiscal 2013 amounts to $52.6 billion (or $167 per American), and it details what The Washington Post calls a “bureaucratic and operational landscape that has never been subject to public scrutiny.”

According to a new front-page story on Thursday, the Post says that it now has the entire 178-page classified budget summary as supplied by former National Security Agency (NSA) contractor Edward Snowden. This entire budget comprises the annual expenditures for the NSA, the CIA, the National Reconnaissance Office (NRO), and other spy and military agencies.

With respect to the tech-focused highlights, the Post notes that the CIA and NSA “have launched aggressive new efforts to hack into foreign computer networks to steal information or sabotage enemy systems, embracing what the budget refers to as ‘offensive cyber operations.’”

Read 9 remaining paragraphs | Comments


    






 
Security company Tiversa uncovered confidential health care information by scanning P2P networks.

A medical testing laboratory called LabMD has been accused of exposing the personal information of about 10,000 customers on a peer-to-peer file sharing network.

The company has been fighting the claims, saying a security firm that uncovered the breach victimized LabMD by downloading a large spreadsheet containing sensitive customer information.

The US Federal Trade Commission today said it filed a complaint which "alleges that LabMD billing information for over 9,000 consumers was found on a peer-to-peer (P2P) file-sharing network and then, in 2012, LabMD documents containing sensitive personal information of at least 500 consumers were found in the hands of identity thieves."

Read 13 remaining paragraphs | Comments


    






 
It's time to learn how to exploit the tools of mass discussion-or risk being sidelined. For starters, CIOs need to become more personally familiar with social media.
 
Steven Sinofsky remains very active after his retirement from Microsoft, now signing on with Box as an adviser for its cloud storage and file sharing service, its developer platform and its mobile applications.
 
This nonsensical string of Arabic characters renders fine in Firefox, but it crashes any iOS or OS X browser that uses Apple's CoreText API.
Andrew Cunningham

There's a new bug in town, and it's here to crash your Mac and iPhone applications. Posters in a HackerNews thread from late yesterday have discovered that it's possible to crash Web browsers and other apps running on current versions of iOS and OS X by making them render a specific, nonsensical string of Arabic characters. The title of the HackerNews thread implies that the issue is with the WebKit browser engine, but it actually affects any browser or application that uses Apple's CoreText API to render text. Ars Microsoft Editor Peter Bright has taken great pleasure in sending the text string to his co-workers, which has crashed the Limechat IRC client and Adium chat client, among other programs.

Safari crashes in both OS X 10.8.4 and iOS 6.1.3 when it attempts to read the text string, and rendering the string in the current stable release of Chrome prompts the browser's typical "Aw snap!" error page (though Chrome's sandboxing implementation keeps the bug from bringing the whole browser down). Firefox, which uses its own font rendering engine, can display the text just fine. This supports the idea that it's a CoreText issue and not a problem with any particular application.

Some Mac and iOS device users on Twitter were only half joking when labeling the string the "unicode of death." Text messages that display the characters caused some people's iMessage apps to spiral into an extended crash loop, since the string would be displayed each time the user loads previously sent messages. Many e-mail programs were also felled by the text. It can even be triggered by including the text in the network name of a wireless access point, creating problems for vulnerable devices that encounter the name when a user looks for available connections. Tweets and other social networking dispatches were enough to cause browsers to crash, so within a few hours of the bug becoming public, Facebook was already preventing the characters from being posted to user walls and timelines by displaying the message below.

Read 4 remaining paragraphs | Comments


    






 
Linux Kernel 'skbuff.c' Local Denial of Service Vulnerability
 
[SECURITY] [DSA 2746-1] icedove security update
 
Vodafone Group is in talks to sell back its 45 percent stake in Verizon Wireless to its partner in that company, Verizon Communications.
 
Windows 8.1's RTM, which Microsoft announced only on Tuesday, has already leaked to file-sharing sites online.
 
Tor

This week on the Tor e-mail list, Roger Dingledine, the project leader for the well-known online anonymity tool, pointed out that the “number of Tor clients running appears to have doubled since August 19.”

The above graph shows that in less than one week, the number of Tor users has shot up to about 1.2 million from 600,000.

“And it's not just a fluke in the metrics data—it appears that there really are twice as many Tor clients running as before,” Dingledine wrote on Tuesday. “There's a slight increase (worsening) in the performance measurements, but it's hard to say if that's a real difference. So while there are a bunch of new Tor clients running, it would seem they're not doing much. Anybody know details? It's easy to speculate (Pirate Browser publicity gone overboard? People finally reading about the NSA thing? Botnet?), but some good solid facts would sure be useful.”

Read 2 remaining paragraphs | Comments


    






 
Wireshark MPEG DSM-CC Dissector 'packet-mpeg-dsmcc.c' Denial of Service Vulnerability
 
An Atlanta medical testing laboratory had billing information for more than 9,000 customers land on a peer-to-peer file-sharing network in 2008, the U.S. Federal Trade Commission has alleged.
 
Steve Ballmer will retire as CEO of Microsoft within the next 12 months, and a U.K. bookmaker is taking wagers on his replacement. If you had to bet, who would you pick to be the next Microsoft CEO?
 
LinuxSecurity.com: Multiple vulnerabilities have been found in MySQL, allowing attackers to execute arbitrary code or cause Denial of Service.
 
LinuxSecurity.com: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]
 
LinuxSecurity.com: Updated 389-ds-base packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Multiple vulnerabilities have been found in Wireshark, allowing remote attackers to execute arbitrary code or cause Denial of Service.
 
LinuxSecurity.com: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated puppet and puppet3 package fix security vulnerabilities: It was discovered that Puppet incorrectly handled the resource_type service. A local attacker on the master could use this issue to execute arbitrary Ruby files (CVE-2013-4761). [More...]
 
LinuxSecurity.com: Pedro Ribeiro and Huzaifa S. Sidhpurwala discovered multiple vulnerabilities in various tools shipped by the tiff library. Processing a malformed file may lead to denial of service or the execution of arbitrary code. [More...]
 
LinuxSecurity.com: A vulnerability has been discovered and corrected in php: The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field [More...]
 
CVE-2013-5216 CapaSystems Performance Guard Path Traversal Vulnerability
 
CyberArk User Enumeration - Multiple vulnerabilities
 
Users of Amazon Web Services' GovCloud can now take advantage of CloudFormation, which aims to make it easier to manage more complex environments.
 
IBM hopes to spawn third-party Power servers by opening up its 12-core Power8 chip design to licensees, and now the company has to convince component makers to make parts for the servers.
 
Mozilla Firefox/Thunderbird/Seamonkey CVE-2013-1702 Multiple Memory Corruption Vulnerabilities
 
Steve Ballmer isn't necessarily a bad CEO. After all, Microsoft's on strong financial footing. But Ballmer made enough bad product decisions--Zune, Kin, Vista and perhaps Surface--to suggest that Microsoft employees, swayed by a forced-ranking employee rating system, told him what he wanted to hear, not what he needed to hear. If that culture doesn't change, Ballmer's replacement will fare even worse than he did.
 
It's not just just flexible systems. CIOs need to get in touch with the broader definition of business agility in three areas: market, organization and process.
 
Cisco Systems released security patches for Secure Access Control Server for Windows to address a critical vulnerability that could allow unauthenticated attackers to remotely execute arbitrary commands and take control of the underlying operating system.
 
Linux Kernel 'copy_event_to_user()' Function Local Information Disclosure Vulnerability
 
Multiple VMware Products CVE-2013-1662 Local Privilege Escalation Vulnerability
 
Linux Kernel CVE-2013-4163 Local Denial of Service Vulnerability
 
A U.S. federal court has found file-hosting website Hotfile liable for copyright infringement, according to movie industry body Motion Picture Association of America.
 
The website of a Syrian telecommunications provider redirected to AT&T's website and then T-Mobile's on Wednesday, an apparent prank by a hacker who has been probing the country's Internet infrastructure for several days.
 
Up-and-coming Chinese smartphone maker Xiaomi has hired Hugo Barra, former Google vice president for Android product management, to lead its expansion worldwide.
 
One way that owners of major websites can mitigate the risk of their domains being hijacked like The New York Times' site was on Tuesday is to apply what is known as a registry lock on the domain, security researchers say.
 

Posted by InfoSec News on Aug 29

http://www.computerworlduk.com/news/security/3466021/city-of-london-police-plans-new-industry-reporting-system-tackle-cyber-crime/

By Derek du Preez
Computerworld UK
29 August 13

The City of London’s Police Commissioner, Adrian Leppard, is seeking up to
£4 million from the Home Office to build a new IT system that will improve
reporting on cyber-crime from across all sectors of industry.

Industry reporting on fraudulent activity that is...
 

Posted by InfoSec News on Aug 29

https://www.cerias.purdue.edu/site/news/view/computer_security_history_workshop-call_for_papers/

Computer Security History Workshop-Call For Papers

Wed, August 28, 2013 — Call For Papers

The Charles Babbage Institute (CBI) is conducting a three-year NSF funded
research project on computer security, which focuses on the years when the
field of “computer security” was just emerging, roughly the late 1960s through
the early 1990s with...
 

Posted by InfoSec News on Aug 29

http://news.techworld.com/security/3466107/hacker-points-syrian-telecom-website-to-att-t-mobile/

By Jeremy Kirk
Techworld.com
29 August 2013

The website of a Syrian telecommunications provider redirected to AT&T's
website and then T-Mobile's on Wednesday, an apparent prank by a hacker
who has been probing the country's Internet infrastructure for several
days.

The hacker apparently found a way to modify the authoritative...
 

Posted by InfoSec News on Aug 29

http://www.cbsnews.com/8301-205_162-57600158/amazon-wish-list-is-gateway-to-epic-social-engineering-hack/

By CHENDA NGAK
CBS NEWS
August 27, 2013

Comedian Erik Stolhanske didn't know what he was getting himself into when
he let a cybersecurity expert at SecureState take a crack at hacking him.
The "Super Troopers" actor gave the company the green light to try to
access his Twitter account with nothing more than his name. What...
 

Posted by InfoSec News on Aug 29

http://www.nationaljournal.com/whitehouse/obama-s-free-to-bomb-syria-but-is-limited-on-cybersecurity-20130828

By Matthew Cooper
National Journal
August 28, 2013

As President Obama readies to strike the Syrian regime, it's worth
thinking about that other defense problem--cybersecurity--and what it says
about Washington in the Obama era.

On Wednesday, the capital will be consumed by the March on Washington, as
well it ought, and the...
 
RubyGems Sounder 'sound.rb' Remote Command Injection Vulnerability
 
[SECURITY] [DSA 2745-1] linux security update
 
Drupal Node View Permissions module and Flag module Vulnerabilities
 
Internet Storm Center Infocon Status