Hackin9
The tug-of-war over Clearwire looks set to continue for at least another two weeks as the struggling mobile operator postponed a special shareholder meeting once again to consider Dish Network's latest bid.
 

Australia, your lack of cyber transparency disturbs me
ZDNet
While the government continues to play secret squirrel, the infosec industry is getting into transparency. At CeBIT Cyber Security, the very next speaker after the DSD's Franzi was John Suffolk, global cyber security officer for Huawei. As a Chinese ...

and more »
 
Nearly three dozen computer scientists have signed off on a court brief opposing Oracle's effort to copyright its Java APIs, a move they say would hold back the computer industry and deny affordable technology to end users.
 
OpenSSL 'EVP_PKEY_verify_recover()' Invalid Return Value Security Bypass Vulnerability
 
Tumblr is now putting ads in users' feeds on the desktop, in what could be the first move toward making sure the social blogging site is a profitable business for Yahoo.
 
Juniper Networks Junos GRE Packet Handling Denial of Service Vulnerability
 
Juniper Networks Junos Ethernet Packet Handling Denial of Service Vulnerability
 
Juniper Networks Junos Remote Code Execution Vulnerability
 
Juniper Networks Junos IPv6 Egress Filter Denial of Service Vulnerability
 
A US supermarket chain has implemented an endpoint security system to secure legacy applications and to save additional development

 
A 1996 podcasting patent is in the crosshairs of two digital rights groups, which are hoping the public will help them get the patent invalidated.
 
Radiation measurements sent back from NASA's Mars Science Laboratory mission as it delivered the rover Curiosity to Mars last year is giving scientists the information they need to protect astronauts on future deep space missions.
 
The U.S. Federal Communications Commission should cap the participation of carriers AT&T and Verizon Wireless in upcoming spectrum auctions to ensure mobile competition going forward, representatives of consumer groups and smaller carriers said.
 
A diagram showing how Apple's two-step verification works.

If you think your pictures, contacts, and other data are protected by the two-step verification protection Apple added to its iCloud service in March, think again. According to security researchers in Moscow, the measure helps prevent fraudulent purchases made with your Apple ID but does nothing to augment the security of files you store.

To be clear, iCloud data is still secure so long as the password locking it down is strong and remains secret. But in the event that your account credentials are compromised—which is precisely the eventuality Apple's two-factor verification is intended to protect against—there's nothing stopping an adversary from accessing data stored in your iCloud account. Researchers at ElcomSoft—a developer of sophisticated software for cracking passwords—made this assessment in a blog post published Thursday.

"In its current implementation, Apple’s two-factor authentication does not prevent anyone from restoring an iOS backup onto a new (not trusted) device," ElcomSoft CEO Vladimir Katalov wrote. "In addition, and this is much more of an issue, Apple’s implementation does not apply to iCloud backups, allowing anyone and everyone knowing the user’s Apple ID and password to download and access information stored in the iCloud. This is easy to verify; simply log in to your iCloud account, and you’ll have full information to everything stored there without being requested any additional logon information."

Read 11 remaining paragraphs | Comments

 
GnuTLS CVE-2013-2116 Out of Bounds Denial of Service Vulnerability
 
To protect the Earth from a devastating collision with a large asteroid, one scientist says the best solution would be to nuke it.
 
The decline in PC spending has hit Dell hard, but the company's server business is growing, said IDC in its first quarter report on the worldwide server market.
 
Microsoft today revealed some of the changes in Windows 8 due to reach customers in a month, but didn't address what analysts called the biggest barrier to the OS's success.
 
Former Windows chief Steven Sinofsky today defended Windows 8's performance in the market, saying, "It's hard for me to look at selling 100 million of something and not feeling great about it."
 
NASA scientists plan to take 3D printers into space to enable astronauts to create tools, and even food, onboard the International Space Station and later on the moon or even Mars.
 
Dropbox users this morning experienced an outage that lasted more than an hour. The cloud storage service has yet to explain what happened.
 
Texas is poised to become the first state in the U.S. to require law enforcement officers to get a search warrant based on probable cause before they access any electronic communications and customer data stored by a third-party service provider.
 
Cloud storage, text messaging, poor accountability and the "Bad Leaver" open the doors to data breaches in a BYOD environment, says a cyber-crime expert in this CIO.com interview.
 
WebKit CVE-2013-0999 Heap Memory Corruption Vulnerability
 
Adobe Reader and Acrobat CVE-2013-2550 Use After Free Remote Code Execution Vulnerability
 
Adobe Reader and Acrobat CVE-2013-2549 Integer Underflow Remote Code Execution Vulnerability
 
Adobe Acrobat and Reader CVE-2013-2727 Remote Integer Overflow Vulnerability
 
Mobile users can probably look forward to being automatically transferred from cellular to Wi-Fi networks in the near future, but going back and forth for the best possible performance is another matter.
 
WebKit CVE-2013-0998 Memory Corruption Vulnerability
 
WebKit CVE-2013-0997 Memory Corruption Vulnerability
 
Google wants vendors to fix or offer mitigation advice for previously unknown and actively exploited software vulnerabilities within seven days of their discovery.
 
Salesforce.com plans to ship in the second half of the year a hosted application for companies to create intranets that are accessible via mobile devices and that offer enterprise social networking (ESN) capabilities to employees.
 
Apple QuickTime CVE-2013-1017 Buffer Overflow Vulnerability
 
[security bulletin] HPSBPI02869 SSRT100936 rev.2 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files
 
[SECURITY] [DSA 2697-1] gnutls26 security update
 
Re: [oss-security] KDE Paste Applet
 

Mobile Application Security: New SANS Survey Results Revealed
The Herald | HeraldOnline.com
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...

and more »
 
The votes are in. This is the final ranking of CIO.com's 10 Hot Social Media Startups. In addition to your votes. the final rankings also take into account the pedigree of the management team, VC funding, viability of the niche and the uniqueness of the product.
 
Zoho is getting into the business social-networking game with a new product called Pulse, which also ties back to many of its other applications.
 
Google is slashing the time it allows vendors to fix critical vulnerabilities from sixty to seven days as it feels the threat landscape has changed with more targeted attacks being used against small groups of people
    


 
[SECURITY] [DSA 2695-1] chromium-browser security update
 
[SECURITY] [DSA 2696-1] otrs2 security update
 

Securing Credit Card Voice Transactions
Infosecurity Magazine (US) (blog)
Semafone, quite uniquely, is founded by a trio of “non infosec guys.” Critchley describes himself as a “call centre guy who understands security and compliance problems” and an entrepreneur, but not an information security professional. To put it quite ...

 
Microsoft yesterday announced that Surface Pro tablets it will start selling in Japan on June 7 will come with a fully-functional copy of Office, a bundle one analyst said hints at a change in Microsoft's sales strategy for its homegrown hardware.
 
T-Mobile USA on June 5 will become the first major U.S. carrier to sell the BlackBerry Q10 qwerty smartphone to consumers in stores and online for $99.99 down and 24 monthly $20 payments.
 
Samsung Electronics announced the Galaxy S4 mini smartphone, which has a larger screen and a better camera than its predecessor, the Galaxy S III mini.
 
Cisco Nexus 1000V NX-OS CVE-2013-1211 Authentication Bypass Vulnerability
 
With an eye on next year's European elections, Digital Agenda Commissioner Neelie Kroes on Thursday called on the European Parliament to support her longstanding plans to end roaming charges and guarantee net neutrality.
 
Microsoft customers clamoring for the incorporation of the Start button and menu into Windows 8 will get their wish partially fulfilled in the upcoming update of the OS.
 
Most analytics tools put data in an historical context. That's all well and good, but if what if you want to use past data to gauge future performance? That narrows your analytics options. These six tools will help you make practical use of your data in order to make business decisions.
 
Server revenue worldwide was down 7.7% in the first quarter, as weak economic conditions and server consolidation by customers slowed sales, according to research firm IDC.
 
Microsoft is expanding its enterprise services in China with a new Global Service Delivery Center in the country, the second of its kind in the world, the company said Wednesday.
 
Mobile payments startup Payleven has struck a deal that calls for Apple to start selling chip-and-PIN readers in its retail stores across Europe.
 
LinuxSecurity.com: Several security issues were fixed in the kernel.
 
LinuxSecurity.com: It was discovered that a malicious client could crash a GNUTLS server and vice versa, by sending TLS records encrypted with a block cipher which contain invalid padding. [More...]
 
LinuxSecurity.com: GnuTLS could be made to crash if it received specially crafted networktraffic.
 
LinuxSecurity.com: A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket [More...]
 
LinuxSecurity.com: Several vulnerabilities have been discovered in the chromium web browser. Multiple use-after-free, out-of-bounds read, memory safety, and cross-site scripting issues were discovered and corrected. [More...]
 
Novell ZENworks Mobile Management CVE-2013-1081 Local File Include Vulnerability
 
Cisco NX-OS Software for Nexus 1000 Series CVE-2013-1210 Remote Denial of Service Vulnerability
 
Gmail users, your inboxes are about to be rearranged.
 
A security hole in Apache enables attackers to inject instructions into a log file that could be executed as soon as an administrator opens the file
    


 
Microsoft Internet Explorer CVE-2013-3140 Use-After-Free Remote Code Execution Vulnerability
 
Amazon has implemented a single sign-on interface, giving users another alternative to remembering different login credentials for each online service they use
    


 
Novell ZENworks Mobile Management CVE-2013-1082 Local File Include Vulnerability
 

Talking Infosec Awareness and Training with Kaspersky Labs' David Emm
Infosecurity Magazine (US) (blog)
Talking Infosec Awareness and Training with Kaspersky Labs' David Emm. Shortly before the chaos of Infosecurity Europe, I joined David Emm, senior security researcher at Kaspersky Lab, for lunch in a lovely quiet gastro pub in the Oxfordshire countryside.

 
Samsung Electronics announced the Galaxy S4 mini smartphone, which has a larger screen and a better camera than its predecessor, the Galaxy S III mini.
 
The coveted blue check mark that indicates you're a Very Important Person on Twitter is now making its way to Facebook.
 
A federal judge in Wisconsin has ordered a suspect in a child porn investigation to either provide prosecutors with the passwords to several encrypted storage devices of his that are thought to contain incriminating evidence or to provide them with a decrypted copy of the contents of the drives.
 
We look at the Dell XPS 18 and the Sony Vaio Tap 20: Two all-in-ones that transform into large-scale tablets. Is this an alteration you can work with?
 
The Drupal.org web site and related sites have been compromised and user names, email addresses, country, and hashed passwords have been exposed. The administrators have forced a password reset while they investigate further
    


 
It took the payment processor almost two weeks to close a critical hole. PayPal users were exposed to a high attack risk for five days
    


 
Python 'backports.ssl_match_hostname' Package CVE-2013-2098 Denial of Service Vulnerability
 
libxmp 'get_dsmp()' Function Remote Buffer Overflow Vulnerability
 
Ruby CVE-2013-2065 Multiple Security Bypass Vulnerabilities
 
RETIRED: ModSecurity CVE-2013-2765 NULL Pointer Dereference Denial of Service Vulnerability
 
Server revenue worldwide was down 7.7 percent year-over-year in the first quarter, as weak economic conditions and server consolidation by customers slowed sales, according to research firm IDC.
 

Posted by InfoSec News on May 30

http://news.xinhuanet.com/english/world/2013-05/29/c_132416837.htm

By Abu Hanifah
English.news.cn
2013-05-29

JAKARTA, May 29 (Xinhua) -- In a move to keep the country's sovereignty
in the cyber age, the Indonesian defense ministry is planning to create
a special force called "cyber army" to tackle attacks by Internet
hackers against the state's Internet portals and websites that could
endanger the security of the state....
 

Posted by InfoSec News on May 30

http://news.techworld.com/applications/3449583/hackers-exploit-ruby-on-rails-vulnerability-to-compromise-servers-create-botnet/

By Lucian Constantin
Techworld.com
29 May 2013

Hackers are actively exploiting a critical vulnerability in the Ruby on
Rails Web application development framework in order to compromise Web
servers and create a botnet.

The Ruby on Rails development team released a security patch for the
vulnerability, which is...
 

Posted by InfoSec News on May 30

http://arstechnica.com/tech-policy/2013/05/nypd-cop-arrested-accused-of-paying-4000-to-hack-fellow-officers-e-mail/

By Cyrus Farivar
Ars Technica
May 29 2013

It’s no surprise that many computer crimes have stupid criminals behind
them. But it’s not every day that you have cops getting caught at their
workplace.

A New York City Police Department (NYPD) officer has been arrested and
accused of paying more than $4,000 via Paypal for...
 

Posted by InfoSec News on May 30

https://www.computerworld.com/s/article/9239613/Drupal_resets_account_passwords_after_detecting_unauthorized_access

By John Ribeiro
IDG News Service
May 29, 2013

Drupal.org has reset account passwords after it found unauthorized
access to information on its servers.

The access came through third-party software installed on the Drupal.org
server infrastructure, and was not the result of a vulnerability within
Drupal, the open source content...
 

Posted by InfoSec News on May 30

http://www.bbc.co.uk/news/technology-22699871

By Leo Kelion
Technology reporter
BBC News
29 May 2013

The takedown of the Liberty Reserve digital cash exchange has caused
"pain" to criminals who used the facility, according to a leading
security expert.

Brian Krebs said he had seen comments on crime-linked restricted access
forums suggesting many had suffered "steep losses".

US prosecutors published an indictment against...
 
Internet Storm Center Infocon Status