Hackin9
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
In an effort to return cash to investors, Apple is reaching out to the debt market and offering $17 billion in bonds, the biggest non-bank bond offering in history, reports The Wall Street Journal.
 
Open source database provider 10gen is expanding into storage services, offering a hosted backup service for its flagship MongoDB data store.
 
Wes Wasson, SVP of Strategy at Citrix, talks about the virtualization major's latest advancements towards building a solid enterprise mobility portfolio, its plans for the Indian market, and its steps to ensure being relevant in a tough market.
 
Vikram Dham, CEO and MD, Emkor, spoke to ChannelWorld about the vendor's channel landscape for India. He also explained why he believes Emkor will be a "disruptive cloud company" that will completely transform the way business is done and pose a threat to traditional on-premise service providers.
 
Maxim Mitrokhin, Director-Operations, Kaspersky Lab, APAC, talks about the company's aspirations for the Indian market.
 
Business Discovery is a whole new way of exploring and making use of data that puts business users in control. Unlike traditional BI, where just a few people are involved in insight creation, Business Discovery enables everyone to create insight. QlikTech is pioneering the usage of user-driven BI. With QlikView Business Discovery, business users can easily analyze data and experience that "a-ha" moment of discovery. To find out more about this revolutionary approach, Sneha Jha spoke to Henry John Seddon, VP-Global Field Marketing, QlikTech, about BI, Business Discovery, big data, in-memory analytics, and the power of data for strategic decision-making.
 
McAfee introduces two new identity and access management (IAM) products.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Apple today again captured top honors in Consumer Reports' tech support ratings survey, besting other computer makers by a wide margin.
 
Twenty years ago today, CERN released World Wide Web technology -- all royalty free.
 
[SECURITY] [DSA 2665-1] strongswan security update
 
[ MDVSA-2013:158 ] krb5
 
The National Institute of Standards and Technology (NIST) has published the fourth revision of the governments foundational computer security guide, Security and Privacy Controls for Federal information Systems and Organizations. Better ...
 
Oracle has won a US$100 million ERP project that will replace legacy systems at 34 colleges in Washington state, in a deal that highlights the continued relevance of its PeopleSoft product as it tries to convince customers to adopt its next-generation Fusion Applications.
 
Blackberry CEO Thorsten Heins has made a bold prediction: He says that tablets don't have much of a future.
 
strongSwan OpenSSL Plugin CVE-2013-2944 Authentication Bypass Vulnerability
 
[ MDVSA-2013:157 ] krb5
 
[security bulletin] HPSBMU02872 SSRT101185 rev.1 - HP Service Manager, Remote Disclosure of Information, Cross Site Scripting(XSS)
 
Tibco is revamping and extending the mobile access to its Tibbr enterprise social networking software, adding support for more smartphones and tablets, and upgrading its mobile user interfaces and functionality.
 
Budweiser is trying to make it easier to make friends -- Facebook friends -- when you're drinking beer.
 
Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability
 
WowzaMediaServer SecureToken bypass (and worse)
 
WowzaMediaServer StorageDir escape (regression)
 
Samsung and Google are reportedly building a Nexus 11 tablet with an 11-in. display that runs Samsung's octa-core processor and will be released this year.
 
Samsung began production of the industry's first ultra-high-speed, 4Gbit, LPDDR3 mobile memory, which it says has performance levels comparable to the standard DRAM used in personal computers.
 
Intel is expanding into low-cost laptops and tablets starting at $200 with new low-power Atom chips based on an architecture called Silvermont, which the company is expected to talk about next week, according to a source familiar with Intel's plans.
 
The former Opera Software designer accused of leaking trade secrets to Mozilla denied the charges yesterday, but confirmed that the lawsuit takes aim at a search revamp he worked on while a consultant for the maker of Firefox.
 
Over the weekend, a group calling itself the Syrian Electronic Army hacked several Twitter accounts operated by The Guardian. Access to the newspaper's accounts was gained using simple phishing emails
    


 
Personal File Share HTTP Server Remote Overflow Vulnerability
 
CORE-2013-0303 - D-Link IP Cameras Multiple Vulnerabilities
 

On 26 APR, Sucuri's Daniel Cid posted Apache Binary Backdoors on Cpanel-based servers. This coincided closely with a technical study of the Linux/Cdorked.A malware provided by ESET.

Sucuri stated that "on cPanel-based servers, instead of adding modules or modifying the Apache configuration, the attackers started to replace the Apache binary (httpd) with a malicious one."

ESET's analysis of this malware revealed that it is a "sophisticated and stealthy backdoor meant to drive traffic to malicious websites."

Speculation regarding how the initial entry occured to allow injection in the first place is varied, but SSH bruteforce is on the list.  

See ESET's guidance regarding shared memory, and as always, validate the intergrity of httpd packages.

Review both articles, and if you're utilizing a shared webserver provided by a colo/ISP, be sure your confidence in their ability to manage and administer that server on your behalf is high.

Russ McRee | @holisticinfosec

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Several of the company's security technologies are reaching end of life. It's a new experience for our manager to be improving security measures instead of closing gaps.
 
NASA engineers are waiting to see if they can pull a long-running Mars rover out of stand-by mode.
 
Trying to figure out which one to get? Here's the specs for each of these three devices.
 
The IllumiRoom project from Microsoft Research turns a living room into a video game with projected images that extend and complement the main television screen. The realistic effect, if commercialized, could propel Microsoft's gaming business far beyond its competition.
 
FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver [REVISED]
 
FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver
 
[ MDVSA-2013:156 ] apache-mod_security
 
[security bulletin] HPSBMU02874 SSRT101184 rev.1 - HP Service Manager, Java Runtime Environment (JRE) Security Update
 
Tibco is revamping and extending the mobile access to its Tibbr enterprise social networking software, adding support for more smartphones and tablets, and upgrading its mobile user interfaces and functionality.
 
LinuxSecurity.com: A vulnerability has been discovered and corrected in krb5: The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows [More...]
 
LinuxSecurity.com: Multiple vulnerabilities has been discovered and corrected in krb5: The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos [More...]
 
LinuxSecurity.com: A vulnerability has been found and corrected in apache-mod_security: ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity [More...]
 
LinuxSecurity.com: A vulnerability has been found and corrected in fuse: FUSE, possibly 2.8.5 and earlier, allows local users to create mtab entries with arbitrary pathnames, and consequently unmount any filesystem, via a symlink attack on the parent directory of [More...]
 
LinuxSecurity.com: A vulnerability has been found and corrected in util-linux: An information disclosure flaw was found in the way the mount command reported errors. A local attacker could use this flaw to determine the existence of files and directories they do not have access to [More...]
 
A security researcher has earned $31,336 for discovering three holes in the O3D plugin in Chrome OS. A fourth hole discovered by the company's own team was also closed with the update to Chrome OS version 26.0.1410.57
    


 
[security bulletin] HPSBMU02873 SSRT101182 rev.1 - HP Service Manager, Apache Tomcat Security Update
 
Intel Capital, Samsung Venture Investment and Telefonica Digital have all invested in Expect Labs, whose technology is used to analyze and understand conversations in real-time and find related information.
 
Toshiba is set to launch a portable USB hard drive that comes with PC or Mac software that can turn it into an Internet-accessible file server.
 
Linux Kernel 'fs/compat_ioctl.c' Information Disclosure Vulnerability
 
Softbank's CEO, in a battle with Dish Network to acquire U.S. mobile operator Sprint Nextel, slammed Dish's $25.5 billion offer, saying it is based on "imaginary" numbers and would create a company with "insane" amounts of debt.
 
Researchers demonstrated flexible, networked e-ink displays that behave like papers on a desk at a conference in Paris. The displays can be used separately or in tandem, opening up new possibilities for a paperless office.
 
Turning off cellphones or even locking them in metal boxes won't be enough to keep them hidden with a new phone detector introduced on Monday.
 
Apple's next version of OS X will probably not include Siri, the digital, voice-activated assistant embedded in the iPhone and iPad, an analyst predicted.
 
Softbank's CEO, in a battle with Dish Network to acquire U.S. mobile operator Sprint Nextel, slammed Dish's $25.5 billion offer, saying it is based on "imaginary" numbers and would create a company with "insane" amounts of debt.
 
Microsoft is rolling out a preview version of Skype for Outlook.com, allowing users to make calls and send instant messages from within the webmail service using a browser plugin.
 
IT can never take all the risk out of a supply chain, but it can help organizations minimize their vulnerability in a world of new threats.
 
Novell and NTP today announced their own versions of mobile file-sharing applications, both of which take advantage of a corporation's existing infrastructure to offer access to data behind the firewall.
 
WordPress W3 Total Cache Plugin CVE-2013-2010 Remote PHP Code Execution Vulnerability
 
BOINC Multiple Vulnerabilities
 
phpMyAdmin CVE-2013-3238 Multiple Arbitrary PHP Code Execution Vulnerabilities
 
jPlayer 'Jplayer.swf' Script 'id' Parameter Cross Site Scripting Vulnerability
 
If you run a bank and use an IP video camera from D-Link, you may want to pay attention to this.
 

Well, I can say after reading the above comments..... I am confused on what to do....... 

I am an old fart from days long past when you had memory of 1mb and you were king (laugh).

I am not an IT Tech and just a home user and builder for the past 40 years i guess. After building my new system this week using the ASUS P9X79Pro (UEFI capable) mB.... I do not know what to do anymore based on the above comments. I am currently running GPT with Windows 7 Pro; 16GB DDR3 / 2133 (XMS) memory and other nonsense. I have my bios currently set to use IDE vs. the UEFI option.

My computer right now runs great but still confused on whether or not to change the setting in the BIOS over to UEFI setting.  I generally understand the Security key issue, but being a home builder I do not know if it applys, and I am running Windows anyway for my op system so all should work - no dual boot, no linux.

I even recall using a Bios Translation program back in the days for old bios's to see the larger hard drive sizes / partitions.  Back then, w/out the translation program it would not recog the full size of the hd.  Move forward, and here we are.....  I want to be able to use some of the new 3TB and 4TB drives for back of files and things 

So again,  here I sit with my new system wondering if I shouild flip the switch to UEFI.

Comments welcome.  You can reach me at: [email protected]

 

 

 

 

 

Spambots target tweeting pollies
Sydney Morning Herald
The Twitter accounts of prominent politicians are being targeted by ''spambots'', dramatically inflating the number of followers for Prime Minister Julia Gillard, Opposition Leader Tony Abbott, and Kevin Rudd and Malcolm Turnbull. Two social media ...

and more »
 
Internet Storm Center Infocon Status