Aurich Lawson / Thinkstock

An Apple support document describing the company's new iCloud Keychain makes a surprising claim that it can sync passwords across devices without ever storing them in the cloud.

If true, this would be an important advance in password management, allowing users to create long, complicated passwords on one device and have the passwords automatically sync to their other devices, but without storing data on Apple's servers.

Today, most password managers sync data across devices by storing the data in a cloud service. There are ways to sync passwords directly among devices without cloud storage, for example with a Wi-Fi sync option in the latest versions of 1Password. However, this requires some extra steps that reduce the convenience a good password manager offers.

Read 27 remaining paragraphs | Comments



Re: NASA building satellites with Android phones inside

by Woolrich jackets tailored to guarantee the proper fit

The response generally speaking will be craigs list might be secure, and you carry out ought to be attentive. Each of the countries group Mulberry container solution comprises countless advances. Woolrich jackets tailored to guarantee the proper fit
It can even be proclaimed that your estimate to get long-term enhancement associated with Tiongkok shoe business. "They'll catch the attention of this safeguard after which it you realize you'll be wide open, or perhaps to entice this security, in that case are going to offered. Burberry Outlet UK

Cloud-based database service MongoHQ said it's changing log-in credentials for employees and customers alike after suffering a security breach that allowed attackers to access sensitive customer files and obtain users' e-mail addresses and cryptographically scrambled password data.

The intrusion occurred Monday, when hackers gained access to an internal support application that included a trouble-shooting feature that allows MongoHQ employees to view an account as if they are a specific customer. The support application allowed the intruders to view account information, including lists of databases, e-mail addresses, and passwords that were protected with the bcrypt hashing algorithm, Jason McCay, co-founder of the service, wrote in an advisory published Tuesday afternoon. The attackers also had the ability to view the MongoHQ account database, which includes connection information for customers' MongoDB instances.

"We've conducted an audit of direct access to customer databases and determined that several databases may have been accessed using information stored in our account database," McCay wrote. "We are contacting affected customers directly. If you have not heard from us individually, there is no evidence that your DB was accessed by an unauthorized user."

Read 5 remaining paragraphs | Comments


I am curious to find out what blog system you're utilizing? I'm having some small security problems with my latest site and I'd like to find something more risk-free. Do you have any solutions? コーチ バッグ メンズ
The future's bright for wearable devices, even if it's a little foggy right now, developers at the first Samsung Developers Conference were told Tuesday.
U.S. intelligence officials on Tuesday defended surveillance of other countries' leaders, saying such efforts are common practice across the world's intelligence agencies.
A federal official directly responsible for Healthcare.gov appeared Wednesday to blame a 'subset' of contractors for the website's problems. In doing so, the government was refuting contractor claims that the Website's problems are the government's fault.
Five days after its release, Apple's new OS X Mavericks had accumulated more usage share than the predecessor Mountain Lion did in five weeks, an ad network claimed today.
With speculation swirling that two mysterious barges on either side of the U.S. are evidence Google's working on floating data centers, analysts say the company would have a lot of obstacles to overcome.

What infosec needs is more of a woman's touch
CSO (blog)
It turns out that some of the skills and capabilities reportedly in desperately short supply in infosec, are also predominantly--if not uniquely--feminine traits. The study notes that there are cultural, regional, industrial, and other gender biases ...
Frost & Sullivan Report Positions Women as Future Infosec LeadersInfosecurity Magazine

all 4 news articles »
Google announced a number of enhancements to its social media platform Google+ and said the number of monthly active users on Google+ jumped from 390 million in May to 540 million users today.
Apple has put a value on its decision to give away future OS X upgrades to all Mac users and offer the iWork and iLife suites for free to new Mac and iOS device buyers: $900 million.
A U.S. House committee chairman, citing security concerns, today ordered a Healthcare.gov contractor to provide detailed information about its work on the project.
A U.S. House committee chairman, citing security concerns, today ordered a Healthcare.gov contractor to provide detailed information about its work on the project.
Twitter kicked off its pre-IPO roadshow, meeting with potential investors and touting the social network's ability to democratize users' voices and the power of instantly sharing information with the world.
Indian outsourcer Infosys said its use of B-1 visas in the U.S. was for legitimate business purposes and was not designed to circumvent the requirements of the H-1B visa program.
RoundCube Webmail '_session' Parameter Remote Security Vulnerability
Bitpay, a company that lets businesses accept payments in the Bitcoin virtual currency, has just processed its first US$1 million transaction.
ARM has released designs for two new Mali GPU cores, including a 16-core part that should help bring higher-end capabilities like video-editing and gesture recognition to mobile devices.
A bipartisan group of more than 85 lawmakers has introduced legislation to end the U.S. National Security Agency's broad collection of U.S. telephone records by imposing new restrictions on who the agency can target.
A deal to buy out Dell was completed on Tuesday, officially taking the company private.
Apple has a shot at growing the Mac's share of all personal computers even as total shipments of desktops and notebooks continue to contract, an analyst argued today.
Citrix today said its upcoming XenMobile v8.6 will give users single sign-on access to Citrix Worx mobile applications and allow them to enter GoToMeetings by simply selecting a calendar entry.
Europe's Justice Commissioner warned Tuesday that data privacy concerns could derail a major E.U.-U.S. trade deal.
LinuxSecurity.com: Updated icu packages fix security vulnerabilities: It was discovered that ICU contained a race condition affecting multi-threaded applications. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially [More...]
LinuxSecurity.com: Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service.
LinuxSecurity.com: A vulnerability in acpid2 may allow a local attacker to gain escalated privileges.
LinuxSecurity.com: A vulnerability has been discovered and corrected in roundcubemail: It was discovered that roundcube does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite [More...]
LinuxSecurity.com: Updated dropbear package fixes security vulnerability: Possible memory exhaustion denial of service due to the size of decompressed payloads in dropbear before 2013.59 (CVE-2013-4421). [More...]
LinuxSecurity.com: Updated python-pycrypto package fixes security vulnerability: In PyCrypto before v2.6.1, the Crypto.Random pseudo-random number generator (PRNG) exhibits a race condition that may cause it to generate the same 'random' output in multiple processes that are [More...]
LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in x11-server: The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause [More...]
LinuxSecurity.com: Updated x11-server packages fix security vulnerability: Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon [More...]
The Hadoop programming framework may be synonymous with the big data movement but it's not the only tool companies need to derive insights from massive stores of unstructured information, according to Facebook analytics chief Ken Rudin.
Smartphone shipments grew by 9% in the third quarter, a record for a single quarter, which continues a record-setting trend, research firm IDC said Tuesday.
Olat CMS - Persistent Calender Web Vulnerability
IBM DB2 and DB2 Connect CVE-2013-4032 Remote Denial of Service Vulnerability
I-O DATA RockDisk Unspecified Cross Site Scripting Vulnerability
GTX CMS 2013 Optima - Multiple Web Vulnerabilities

Frost & Sullivan Report Positions Women as Future Infosec Leaders
Infosecurity Magazine
If information security is a man's world – as it is so commonly declared – then how do you explain the wonderful women who continue to perform and succeed just as impressively as the next man? Eleanor Dallaway spoke to forty of the industry's finest ...
What infosec needs is more of a woman's touchCSO (blog)

all 5 news articles »
Nokia once again sold a record number of Lumia smartphones during the third quarter, helping the company narrow its net loss.
Motorola is developing a free, open hardware platform for creating highly modular smartphones.
ESA-2013-072: EMC NetWorker Information Disclosure Vulnerability
Consumers are increasingly using their mobile devices to connect to businesses of all shapes and sizes. From optimizing your website to capturing holiday sales on mobile devices, these tips will help improve your mobile marketing strategy.
Nokia once again sold a record number of Lumia smartphones during the third quarter, helping the company narrow its net loss.
The U.S. Supreme Court should review a U.S. National Security Agency data collection program despite the U.S. government's argument that privacy group EPIC lacks legal standing to challenge the case, the group said Monday.
Chinese search giant Baidu is gearing up to break into the wearable devices market with what appears to be software made to run on smartwatches, and even weighing scales.
The smartwatch seems to be catching on, at least among early adopters in the tech industry who were on hand for the Samsung Developer Conference.
Any external surface area includes real wash rag and allows the rubber-stamped metallic brand while using designer's unsecured personal. The following case includes folded deals with in addition to part wallets which might be guaranteed that has a buckle and also tie securer.. North Face Fleece Vest
Samsung Electronics continued to dominate the smartphone market in the third quarter, which also saw quarterly shipments cross 250 million for the first time, according to research firm Strategy Analytics.
Dell will give its first public demonstration of a 64-bit ARM server this week, the latest step in an industrywide effort to build servers based on low-power chips like those used in smartphones.
The U.S. moved one step closer to having a unified public safety network on Monday when the Federal Communications Commission approved the rules for using spectrum set aside for the system.
Cisco WebEx Meetings, Citrix GoToMeeting and MyTrueCloud My Web Conferences compete on features, quality, client support and cost. See how these three Web conferencing services compare.
A company that helps enterprises through e-discovery will give customers new tools to streamline the process and cut costs.
Mozilla is working on a geolocation data service using cell tower and Wi-Fi signals to give developers what it says will be a more privacy-aware option than current alternatives.
A British man has been charged with hacking into U.S. government computers and stealing personal data about thousands of employees, then bragging about it on Twitter.
The smartwatch seems to be catching on, at least among early adopters in the tech industry who were on hand for the Samsung Developer Conference.
Almost definitely you will find this slashed just isn't nearly as good, there're and not as secure or maybe because competent at guarding one belonging to the blowing wind, any cool or maybe any bad weather, and you will definitely absolutely learn that in just a rather limited period of time the particular overcoat is without a doubt beginning appearance cheap as well as falter, significance it is important to leave the house and get another. In truth doesn't necessarily have quite a few bogus Barbour leather coats prior to you might have in excess of settled immediately an authentic a single, which may absolutely survive which you incredibly a lot for a longer period. North Face Triclimate Jacket
Bugzilla CVE-2013-1743 Cross Site Scripting Vulnerability
Tyler Technologies TaxWeb Multiple Information Disclosure Vulnerabilities
The ongoing scramble to fix glitches affecting the troubled Healthcare.gov website could heighten security risks and introduce fresh vulnerabilities into an already fragile system.
It's through with the multitude of light yellow not to mention white-colored. Typically the materials chosen will be canvas using a couple of smooth band. In your some time involving Stuart Vevers' federal, Mulberry produced a lot on their designer purses, additional as well as clothes not to mention this individual secured your Item Artist of this Season in the English Craze Structure ribbons within 2006. Such as the past developer Nicholas Knightly, Stuart Vevers had been poached by simply LV to acquire a important set up Loewe. Cheap North Face
Considerably more than simply was mandated to propose most people keep yourself well-informed of hospitality attire location basically with the enterprise : this is it again Nike Exercise Trainers. You need to know and also appreciate how your small business is certainly seen by just consumers in addition to qualified prospects, in addition to you must be responsible for the simplest way you will be securing in addition to saving clientele.. North Face Jackets
Mediawiki CVE-2013-4301 Full Path Information Disclosure Vulnerability
Mediawiki LiquidThreads Extension CVE-2013-4308 Cross Site Scripting Vulnerability
TYPO3 Apache Solr Unspecified Cross Site Scripting and PHP Code Execution Vulnerabilities
Node.js CVE-2013-4450 Denial of Service Vulnerability
Watchguard Extensible Threat Management CVE-2013-6021 Stack Based Buffer Overflow Vulnerability
RETIRED: vBulletin 'upgrade.php' Remote Code Injection Vulnerability
BlazeVideo BlazeDVD Free Edition '.PLF' File Remote Buffer Overflow Vulnerability
Stem Innovation â??IZONâ?? Hard-coded Credentials (CVE-2013-6236)
[ MDVSA-2013:262 ] python-pycrypto
[ MDVSA-2013:261 ] dropbear
[ MDVSA-2013:260 ] x11-server

Posted by InfoSec News on Oct 29


By Jared Serbu
Federal News Radio

As the Army builds up a force to operate in its newest warfighting domain
-- cyber -- it's wrestling through a lot of tough questions. How big
should the cyber force be? What's the right mix of soldiers, civilians and
contractors? And how does DoD need to change its legacy personnel systems

Posted by InfoSec News on Oct 29


[Since this bounty is coming out of Jericho's pocket, it would be great if
some readers could help out with some $$$ assistance! - WK]

By jerichoattrition
October 28, 2013

In our pursuit of a more complete historical record of vulnerabilities, we’re
offering a bounty! We don’t want your 0-day really. OK sure we do, but we know
you are stingy with that, so we’ll...

Posted by InfoSec News on Oct 29


By Manash Pratim Gohain
The Times of India
Oct 28, 2013

NEW DELHI: National Security Database, an initiative of Information
Sharing and Analysis Center ( ISAC) in association with Ground Zero Summit
2013 on Monday organized a seminar on Reverse Engineering in New Delhi.
The seminar was organized to identify...

Posted by InfoSec News on Oct 29


By Dan Goodin
Ars Technica
Oct 28 2013

Federal prosecutors have accused a UK man of hacking thousands of computer
systems, many of them belonging to the US government, and stealing massive
quantities of data that resulted in millions of dollars in damages to

Lauri Love, 28, was arrested on Friday at his residence in...

Posted by InfoSec News on Oct 29


By Brian Krebs
Krebs on Security
OCT 29, 2013

The recent data breach at Adobe that exposed user account information and
prompted a flurry of password reset emails impacted at least 38 million
users, the company now says. It also appears that the already massive
source code leak at Adobe is broadening to include the company’s Photoshop
family of graphical...
Poppler 'utils/pdfseparate.cc' File Stack Based Buffer Overflow Vulnerability
Poppler '/utils/pdfseparate.cc' Local Format String Vulnerability
[ MDVSA-2013:258 ] icu
Internet Storm Center Infocon Status