Hackin9
Sony will hold a PlayStation event in the U.S. later this month amid widespread speculation it is gearing up to launch the PS4.
 
A French website collecting links to content stored on the Mega file-sharing service is experiencing trouble in what may be an effort by Kim Dotcom's latest enterprise to avoid concerns over illegal file sharing.
 
Google has declined to confirm a report that it narrowly met its deadline for submitting a response to the European Commission over its antitrust concerns about the company.
 
Hewlett-Packard researchers are developing a cloud-based "avatar" to manage all of a user's mobile devices and wireless networks.
 
Linux Kernel 'sctp_process_unk_param()' Remote Denial of Service Vulnerability
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
The Wall Street Journal said Thursday it had been targeted by hackers trying to monitor the newspaper's coverage of China, less than a day after a similar revelation from its competitor The New York Times.
 
Enterprise security managers have yet another worry to add to their list: cyberwarfare attacks.
 
The general availability of Oracle's long-awaited, next-generation 12c database will likely occur within weeks or possibly even days, the IDG News Service has learned.
 
Linux Kernel CVE-2010-0291 'mmap()' and 'mremap()' Multiple Denial Of Service Vulnerabilities
 
Linux Kernel 'find_keyring_by_name()' Local Memory Corruption Vulnerability
 
Linux Kernel 'gfs2_quota' Structure Write Local Privilege Escalation Vulnerability
 
Mandatory employment eligibility verification and identity vetting requirements in recent proposals for immigration reform could prove to be a tough sell.
 
MIT Kerberos 'NegTokenInit' Token Handling Remote Denial Of Service Vulnerability
 
MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities
 
MIT Kerberos 'asn1_decode_generaltime()' Uninitialized Pointer Memory Corruption Vulnerability
 
Facebook has launched a new service that allows users to give other members gift cards to stores and restaurants.
 
The homepage of Amazon.com was down this afternoon for a short period.
 
I installed a Verizon Range Extender about 2 1/2 years ago and when it works it is flawless, but it is quirky.
 
The $300 Synology DS213air is a decent two-bay NAS box whose main claim to fame is its ability to perform as an 802.11 b/g Wi-Fi access point. The unit streams media quite well; however, its name is a bit misleading in that the DS213air has more in common with the $200 DS212j than the significantly faster $300 DS213. The DS213air's wireless feature isn't all that unique either, since you can turn add similar functionality to any current Synology NAS box using an inexpensive third-party USB 802.11 adapter. On the upside, this router sports Synology's usual bountiful array of software features.
 
Microsoft shipped an estimated 900,000 Surface RT tablets last quarter, barely missing the top five device makers, but illustrating that demand was "muted at best," IDC said today.
 

We are currently tracking intermittent outages at amazon.com, where users are reciving the error message Http/1.1 Service Unavailable . As soon as we have more information well post the updates here.



tony d0t carothers --gmail
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Twitter said its site is back up and running after a three-hour partial outage that affected users all over the world today.
 
Less than a year ago, Facebook acknowledged that it had to improve its ability to generate revenue from its mobile users or face a tough future. Today, executives call Facebook 'a mobile company.'
 
Squid 'cachemgr.cgi' Incomplete Fix Remote Denial of Service Vulnerability
 
Three U.S. investigative agencies, working with state and local police departments across the country, have seized more than 300 websites and $13.6 million worth of counterfeit National Football League sportswear and tickets from online and other sellers, the agencies announced.
 
OpenStack Glance CVE-2013-0212 Security Bypass Vulnerability
 
RETIRED: WordPress TwentyTen Theme 'loo.php' Arbitrary File Upload Vulnerability
 
Released: rompar - Semi-automation tool for data extraction of microscopic Masked ROM images
 
ZTE and China Mobile have successfully tested carrier aggregation, and achieved peak download speed of 223Mbps in the Chinese operator's LTE TDD network.
 
The developers of Etherpad have released an update that fixes a security issue with the open source collaborative notepad application that could cause the server to be crashed by a malformed client message


 
The developers of Etherpad have released an update that fixes a security issue with the open source collaborative notepad application that could cause the server to be crashed by a malformed client message


 
DefenseCode Security Advisory: Broadcom UPnP Remote Preauth Root Code Execution Vulnerability
 
Twitter reported around 10:30 a.m. ET today that some users were unable to access the site.
 
Adam J. Kujawa is Malware Intelligence Lead at Malwarebytes. He authored the report "Cyberthreats in 2012," highlighting (among other things) security issues with the popular blogging/website platform WordPress.
 
Today is the last day customers can purchase an upgrade to Windows 8 Pro for the discounted price of $39.99.
 
[security bulletin] HPSBST02839 SSRT101077 rev.1 - HP XP P9000 Command View Advanced Edition, Remote Denial of Service (DoS)
 
marc4dasm - Atmel MARC microprocessor disassembler published
 
OWASP Zed Attack Proxy 2.0.0
 
CFP Observe. Hack. Make.
 
Buffalo TeraStation TS-Series multiple vulnerabilities
 

We are trying something new this year. In March, we are going to focus somewhat on IPv6. As part of this, I would like to invite our readers to contribute experiences they had with IPv6. If you have:


a security problem you ran into with IPv6

a solution to a security problem (even better)

found a tool that works really well (or not at all) with IPv6

figured out a way to solve an IPv4 security problem by switching to IPv6


or any story like this, and dont mind to write it up as a guest diary, please let us know. We will collect them and post them in March. We dont have a cutoff date for submission, but of course, the earlier we get it, the more likely it will be used. Submissions should follow the style/size of our regular diaries (ok. you may call it blog posts). It should be original content, so please dont just copy/paste what you found somewhere else. All posts will be attibuted to you by full name, and you may add an e-mail address and links to your home page / corporate page if you wish. But please no advertisements for commercial tools.

Submit your ideas or complete posts via our contact page or via e-mail to handlers \@/ sans.edu (please just use plain text, no Word attachments or PDFs)



------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
During an IP scan, security firm Rapid7 said that it found countless network-enabled devices that responded via UPnP and are, therefore, vulnerable to attacks via critical holes
 
Oracle MySQL Server CVE-2012-0572 Remote Security Vulnerability
 
Oracle MySQL Server CVE-2012-5096 Remote Security Vulnerability
 
How does the latest Wi-Fi hardware from Ruckus Wireless stack up? This review rates two access points and one controller appliance on configuration, security, authentication and performance--all key considerations for a small business that wants a new or upgraded Wi-Fi network.
 
SAP plans to extend its CRM offering with the acquisition of Ticket-Web, a German specialist in online ticketing for sports and entertainment venues.
 
Hackers from China breached the computer network of The New York Times and stole passwords that allowed them to gain access to computers and email accounts for a period of four months, the newspaper reported late Wednesday.
 
The great thing about modernizing an enterprise application for social computing is that the application can be enhanced in ways that weren't possible when it was brought into the Internet age, for example. (Insider; registration required)
 
Ten U.S. senators this week agreed to sponsor a bill that would allow the annual H-1B visa cap to rise to as high as 300,000, leaving opponents and some researchers concerned.
 
Toyota Motor Europe will use Nokia's mapping technology in its next-generation navigation and infotainment systems.
 
The Opera developers have released Opera 12.13 which fixes two arbitrary code execution vulnerabilities and improves the general stability of the browser. The developers suggest all users update as soon as possible


 
Simple Machines Forum Multiple Security Vulnerabilities
 
Microsoft's F# language geared to parallel programming, data-oriented problem-solving
 
On Jan. 13, local developer Wang Jun found that downloads for his app had suddenly skyrocketed, totaling 58,000 in a single day.
 
Versions 2.0.5 and earlier of the popular VLC media player software contain a critical vulnerability that can be potentially exploited by attackers to execute malicious code on computers.
 
Public policy formulation in all domains, including the Internet, is the sovereign right of member states, said ITU Secretary General Hamadoun Toure on Wednesday, suggesting that a debate over control of the Internet is far from over at the telecommunications body.
 
Apple and Samsung Electronics led the tablet market in the fourth quarter of 2012, but new entrant Microsoft did not make it to the top five with its Surface tablet.
 
While New York Times journalists were working on a report on the Chinese prime minister's relatives' assets, the newspaper first received threats from the Chinese government. A short time later, the Times network was targeted by attacks


 
RSA has unveiled a new tool designed to let enterprises detect security threats more quickly than current technologies permit by combining big data management and analytics approaches with traditional network monitoring and threat detection.
 
Starting to get comfortable with Windows 8? Don't stop now: From invoking 'God Mode' to hacking the lock screen, here are 10 ways to make Windows 8 act the way you want.
 
Attackers used the recently exposed vulnerabilities in Ruby and Rails handling of YAML parsing to compromise the Rubygems.org site, the home of Ruby packaged components. Developers are checking the site content's integrity


 
Wireshark DTN Dissector Denial of Service Vulnerability
 

Posted by InfoSec News on Jan 31

http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html

By NICOLE PERLROTH
The New York Times
January 30, 2013

SAN FRANCISCO -- For the last four months, Chinese hackers have persistently
attacked The New York Times, infiltrating its computer systems and getting
passwords for its reporters and other employees.

After surreptitiously tracking the intruders to study their movements and help
erect...
 

Posted by InfoSec News on Jan 31

http://www.wiscnews.com/news/local/article_74a0527e-6b66-11e2-95a0-001a4bcf887a.html

By Tim Damos
Capital Newspapers
1/30/2013

BARABOO -- An ATM machine hacking scheme that affected 200 Bank of Prairie du
Sac customers was part of a wider-ranging fraud that has “skimmed” at least
$3.3 million from U.S. debit card users and drawn the attention of the Secret
Service.

Sauk County District Attorney Kevin Calkins has filed felony identity...
 

Posted by InfoSec News on Jan 31

http://www.theregister.co.uk/2013/01/30/fbi_arrest_sexploitation_hacker/

By Iain Thomson in San Francisco
The Register
30th January 2013

The FBI has announced the arrest of a 27-year-old man over charges that he
hacked into the data of over 350 female victims and blackmailed them into
providing him with nude photographs and video calls.

Karen "Gary" Kazaryan, 27, was arrested in Glendale, California on Tuesday
after being indicted...
 

Posted by InfoSec News on Jan 31

https://www.computerworld.com/s/article/9236325/Hacktivist_group_suspends_bank_attacks

By Jaikumar Vijayan
Computerworld
January 29, 2013

A group claiming responsibility for a string of cyberattacks against several
major U.S. banks over the past four months today said that it has suspended its
campaign in response to YouTube's apparent removal of a controversial
anti-Muslim video.

The Izz ad-Din al-Qassam Cyber Fighters group launched...
 

Posted by InfoSec News on Jan 31

http://www.informationweek.com/security/vulnerabilities/unplug-universal-plug-and-play-security/240147226

By Mathew J. Schwartz
InformationWeek
January 29, 2013

More than 23 million Internet-connected devices are vulnerable to being
exploited by a single UDP packet, while tens of millions more are at risk of
being remotely exploited.

That warning was issued Tuesday by vulnerability management and penetration
testing firm Rapid7, which said...
 
Wireshark PER Dissector Denial of Service Vulnerability
 
Wireshark MS-MMC Dissector Denial of Service Vulnerability
 
Wireshark NTLMSSP Dissector Buffer Overflow Vulnerability
 
Wireshark DTLS Dissector Denial of Service Vulnerability
 
Internet Storm Center Infocon Status