Hackin9

Crypto protocols mostly crocked says euro infosec think-tank ENISA
Register
It's past time to plan the abandonment of legacy crypto, warns the European Union Agency for Network and Information Security (ENISA) in a new 96-page study providing recommendations for crypto designers that also says most protocols are hard to ...

 
At the same time, possibly even within a relatively solid gambling current market, the that your particular horse's package price tumbles wouldn't right away specify the fact that it will secure; although, at least it's usually will mean that it’s wanted to have by means of those that discover almost all on the subject of a likelihood, and also funding is without a doubt all the way down. North Face Jakker Dame
 
The U.S. National Security Agency has penetrated the main communication links that connect Yahoo and Google data centers around the world, giving it access to the accounts of hundreds of millions of people including U.S. residents, The Washington Post reported Wednesday.
 

MOUNTAIN VIEW, CA—At the Inbox Love conference, held at Microsoft’s Silicon Valley campus, the founders of Lavabit and Silent Circle announced on Wednesday that they want to change the world of e-mail completely, putting privacy and security at its core.

The two companies have banded together to create the DarkMail Alliance, a soon-to-be-formed non-profit organization that would be in charge of maintaining and organizing the open-source code for its new e-mail protocol. The new protocol will be based on Extensible Messaging and Presence Protocol, or XMPP, and is set to be released in mid-2014. They're ditching the old e-mail protocol, SMTP.

“This is just another transport—what we’re getting rid of is SMTP,” or Simple Mail Transfer Protocol, which is used for almost every bit of e-mail on the Internet. Jon Callas, the CTO at Silent Circle, told Ars, “We like to laugh at it but there are reasons why it was a good system. We’re replacing the transport with a new transport—e-mail was designed 40 years ago when everybody on the Internet knew each other and were friends.”

Read 15 remaining paragraphs | Comments


    






 
CIOs and other top execs should identify women for the executive talent pipeline, then provide coaching and workplace flexibility, says Elaine Miller, a managing director with PricewaterhouseCoopers
 
CIOs need to find the IT workers who are comfortable focusing on customers, market forces and revenue.
 
 
Facebook made new gains in its efforts to monetize its mobile business in the third quarter, reporting Wednesday that those devices drove nearly 50 percent of its advertising sales.
 
The U.S. Coast Guard has given up what could be a key clue in the tale of two mysterious barges moored on either side of the country.
 
If you're losing good workers and you're not sure why, the problem may lie with your firm's management style. The good news is that you can make small changes that will make a huge difference when it comes to employee retention.
 
Less than four days before Healthcare.gov went live, two senior officials at the U.S. Centers for Medicare & Medicaid Services expressed reservations about the security preparedness of the site.
 
From big to little Samsung smartphones, Sprint announced Wednesday it will sell the Galaxy Mega for $199.99 and the Galaxy S 4 mini for $99.99, both with two-year service plans, starting Nov. 8.
 
Apple's once-dominant lead in the fast-growing tablet market is shrinking as buyers move to Android tablets, which are cheaper and available in different sizes, according to separate research released by IHS and IDC on Wednesday.
 
Web videoconferencing may get easier after a decision by Cisco Systems that should help bring widely used technology into browsers.
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-5597 Use After Free Memory Corruption Vulnerability
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-5601 Remote Memory Corruption Vulnerability
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-5602 Remote Memory Corruption Vulnerability
 
A number of HTC devices including its flagship HTC One smartphone infringe on a Nokia mobile networks standards patent, a U.K. court ruled Wednesday.
 
A speedier successor to the ThinkPad Tablet 2 is being developed by Lenovo as the company tries to add more tablets to its mix of personal computing portfolio.
 
For years, operations departments have used adverse selection principles to allocate resources, often deeming small projects unworthy of enterprise computing power. Today, though, the cloud makes computing so cheap that there's no reason to deny any project, no matter how small. Doing so will simply push users to the public cloud -- and beyond IT's control.
 
Security problems reported at the U.S. government's troubled HealthCare.gov are overblown because security testing has been ongoing for months, the secretary of the U.S. Department of Health and Human Services said Wednesday.
 
The U.S. National Security Agency has penetrated the main communication links that connect Yahoo and Google data centers around the world, giving it access to the accounts of hundreds of millions of people including U.S. residents, The Washington Post reported Wednesday.
 
Apple will start selling the on-an-Atkins-diet iPad Air Friday. And with the reviews positively gushing consumer competition might get heated. Here's how to improve the odds of a first-day purchase.
 
Orion, expected to be the first NASA spacecraft to journey into deep space, last week was powered up for the first time at the Kennedy Space Center in Florida.
 
The U.S. alleges that offshore outsourcing giant Infosys violated visa laws to increase its profits, reduce visa expenses and avoid tax liabilities, in a settlement announced today.
 
Installatron Plugin for DirectAdmin cURL Output Remote Privilege Escalation Vulnerability
 
Aldebaran's NAO humanoid robot now gets speech recognition abilities from a cloud-based voice recognition service from Nuance.
 
A woman said in a post on her Google+ page that she was was ticketed by police in southern California for wearing Google Glass while driving.
 
The global enterprise software market expanded by 5.5 percent year over year during the first half of 2013 to US$179 billion, a result that suggests a tentative rebound from economic turmoil in Europe, according to analyst firm IDC.
 
Eucalyptus has updated its namesake software to make it easier for organizations to set up their own, in-house versions of the Amazon Web Services (AWS) public cloud, letting users run Amazon workloads in private cloud deployments.
 
When Google Apps arrived in 2006, it stood on the cutting edge of web-hosted email and collaboration suites for businesses. But it's fallen behind rival suites from IBM, Cisco and Microsoft and needs to step up its game, say analysts.
 

Women Represent Just 11 Percent Of The InfoSec Workforce
TechWeekEurope UK
According to the report entitled “Agents of Change: Women in the Information Security Profession”, women account for just 11 percent of total InfoSec workforce, despite double-digit annual growth of the number of staff in this field. “We need a broader ...
Women crucial for taking infosec industry to next levelHelp Net Security

all 7 news articles »
 
As Microsoft prepares to release a major upgrade to its Windows Phone operating system, to version 8.1, some third party software makers are unsure whether smartphones running Windows Phone 8.0 will run the new OS.
 
U.S. national and economic security depends on the reliable functioning of critical infrastructure. In recognition of that dependence, President Obama issued an executive order in February 2013 to increase our critical infrastructures ...
 
Microsoft again put the scare into Windows XP users, telling them that after April 8, 2014, the chance that malware will infect their PCs could jump by two-thirds.
 
jQuery Mobile, Sencha Touch, Kendo UI, and Intel App Framework bring a native look and feel to Web apps for mobile devices
 
Apple is reaching out to owners of the iPhone 5s because of a manufacturing issue that could result in reduced battery life.
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-5599 Remote Memory Corruption Vulnerability
 

Women crucial for taking infosec industry to next level
Help Net Security
Women crucial for taking infosec industry to next level. Posted on 30 October 2013. Bookmark and Share. Women represent only 11 percent of the information security workforce yet they have the academic background and diverse perspective necessary to ...
Women Represent Just 11 Percent Of The InfoSec WorkforceTechWeekEurope UK

all 7 news articles »
 
Mozilla released 10 patches for three versions of its Firefox browser on Tuesday, five of which are considered critical and could be used to remotely install malicious code.
 
The U.S. Senate confirmed Tuesday the nomination of a new chairman to the U.S. Federal Communications Commission.
 
Lenovo is claiming that its new Yoga tablets will offer 18 hours of battery life when browsing the web, which would be the longest when compared to other tablets.
 
MongoHQ, which provides hosting and support for the open-source Mongo database, said attackers may have accessed several of its customers' databases earlier this week.
 
Some Twitter users are complaining about a change that puts photo previews front and center in their streams, and offering advice to others on how to turn it off.
 
Taiwan is demanding that Apple revise its mapping software and remove a label that describes the island as a province of China, rather than as a sovereign state.
 
The open source Tizen mobile operating system is one of the most visible examples that Samsung isn't completely dependent on the Android mobile OS.
 
ESA-2013-074: EMC Unisphere for VMAX Information Disclosure Vulnerability
 
Startup Pertino plans to flesh out its cloud-based network service with additional services such as security and deep-packet inspection, which it will sell through an online app store.
 
Taking note of how customers have been working with its Hadoop distribution, Cloudera has expanded the scope of its software so that it can serve as a hub for all of an organization's data, not just data undergoing Hadoop MapReduce analysis.
 
Twitter became an Internet phenom as a tool for posting short text messages, but now it also wants to feature multimedia content more prominently.
 
When Google Apps arrived in 2006, it stood on the cutting edge of web-hosted email and collaboration suites for businesses. But it's fallen behind rival suites from IBM, Cisco and Microsoft and needs to step up its game to remain a player, say analysts.
 
The open source Tizen mobile operating system is one of the most visible examples that Samsung isn't completely dependent on the Android mobile OS.
 
Apache PHP Remote Exploit - apache-magika.c
 
[ MDVSA-2013:263 ] roundcubemail
 
XAMPP for Windows Multiple Cross Site Scripting and SQL Injection Vulnerabilities
 
Aloaha PDF Suite CVE-2013-4978 Stack Based Buffer Overflow Vulnerability
 

Posted by InfoSec News on Oct 30

Forwarded from: THOTCON NFP <info (at) thotcon.org>

***************************************************************************
***BEGIN THOTCON TRANSMISSION**********************************************

Greetings InfoSec News Readers

THOTCON 0x5 will be held on April 25th, 2014.

T-shirt contest is now open. Win a VIP ticket.

Call for Papers (CFP) is open and will close on 12.31.13.

VIP tickets will go on sale this Friday, 11.01.13....
 

Posted by InfoSec News on Oct 30

Forwarded from: Robert McLaughlin <astcell (at) gmail.com>

http://www.telegraph.co.uk/news/worldnews/europe/russia/10411473/Russia-spied-on-G20-leaders-with-USB-sticks.html

By Nick Squires, Rome
Bruno Waterfield in Brussels
and Peter Dominiczak
Telegraph.co.uk
29 Oct 2013

Russia spied on foreign powers at last month’s G20 summit by giving
delegations USB pen drives capable of downloading sensitive information
from laptops, it was...
 

Posted by InfoSec News on Oct 30

http://money.cnn.com/2013/10/29/technology/obamacare-security/index.html

By Jose Pagliery
CNN Money
October 29, 2013

The Obamacare website has more than annoying bugs. A cybersecurity expert
found a way to hack into users' accounts.

Until the Department of Health fixed the security hole last week, anyone
could easily reset your Healthcare.gov password without your knowledge and
potentially hijack your account.

The glitch was...
 

Posted by InfoSec News on Oct 30

http://www.networkworld.com/news/2013/103013-mongodb-support-firm-says-intruders-275395.html

By Jeremy Kirk
IDG News Service
October 29, 2013

MongoHQ, which provides hosting and support for the open-source Mongo
database, said attackers may have accessed several of its customers'
databases earlier this week.

On Monday, someone accessed an internal support application using a
password that had been used for a compromised personal...
 

Posted by InfoSec News on Oct 30

http://healthitsecurity.com/2013/10/29/top-healthcare-ciso-concerns-finding-the-data-byod-risks/

By Dom Nicastro
Health IT Security
October 29, 2013

As information security officer at UCSF Medical Center in San Francisco,
Rob Winter has many concerns that are top of mind. “With the data security
threat landscape constantly changing,” Winter said, “this has varied over
the years.”

Winter did, however, cite some specific top concerns...
 
Los angeles sousperformance signifiant filiale Europcar(Home p v��hicules) Any kind of a major pes��. The chiffre d'affaires, Attdurantedu croissance, S'est r��v��l�� secure, Et the r��sultthe actualt op��rsignifianttionnel recul�� 3,5%, P��nalis�� a par des investissements reselling. Any l'inverse, L'activit�� d'Apcoa(Gestion l'ordre dom parkings) One specific progress�� pour 3,7% �� donn��es comparables. Surtout, L'exc��dent brut d'exploitation(EBE) A trustworthy bondi p positive 18%. Are generally instruction tray d��sormais sur une croissa helpfulce pour l'EBE an elemen 5 �� 10% durante moyne. L'ensemble des r��sultats d'Elis sont ��galement sup��rieurs aux attentes, Avec une croissance environnant les l'EBE and in addition 7%. magasin moncler france
 
Sup 'message_chunks.rb' Remote Command Injection Vulnerability
 
Apple Motion 'OZDocument::parseElement()' Function Remote Integer Overflow Vulnerability
 
Internet Storm Center Infocon Status