Hackin9
Employers may need to open up their wallets to retain their IT staffers in 2014, according to a salary survey from IT career website Dice.com.
 
 
Microsoft appears to be backing off on its biggest user interface fiasco since Microsoft Bob: In the Windows 8.1 update, the desktop rather than Metro reportedly will be the default interface.
 

Josh Bryant is the co-founder and CEO of Droplr, a collaboration tool for sharing files. He has also worked for Incredible Labs (makers of Donna) and Ancestry.com. He lives in Bend, Oregon. This post originally appeared on his personal blog.

If you haven’t read it yet, check out Naoki Hiroshima’s account of how he was blackmailed into giving his Twitter account away. I read it on Wednesday, and the story was all too familiar to me. My version also has a few implications that are far worse.

I’m @jb on both Twitter and Instagram. My username is a very heavy target for these types of attacks. It used to be primarily because of the Jonas Brothers, but of course now it’s all related to Justin Bieber. With the marketing power behind Bieber's name, there are thousands of companies or hackers who would love to get their grubby hands on my username for profit. Like Naoki, I too have been offered inordinate sums of money for my username, and I get a regular stream of "forgot password" e-mails to my inbox.

Read 11 remaining paragraphs | Comments


    






 
Over the past several months security researchers have found serious vulnerabilities in many mobile advertising libraries that could be exploited to abuse the permissions of Android apps or to execute unauthorized code on users' devices. The risks resulting from those vulnerabilities would be significantly lower if those libraries would use HTTPS, security researchers said.
 
A reader wrote in reporting seeing a large amount odd activity from three subnets across a large number of disparate networks he managed. Addresses from these subnets have been generating between 100,000 - 500,000 inbound connections a day apiece, primarily targeting port 80 however, he had also seen a very small amount of inbound port 25 and port 443 as well. Sadly he wasn't able to capture any packets.
 
The Subnets in question are:
 
5.254.116.32-5.254.116.63 ("AppLayer_Anti-DDoS_Hosting" located in Russia)
94.23.97.196-94.23.97.199 ("GAMESPROTECT AntiDDoS Network" located in Germany)
5.254.105.16-5.254.105.31 ("WooServers" located in Germany)
 
If you have any packet captures of this traffic or know why theses subnets are making apparently unsolicited, random connections, please write in and let us know!
 

Chris Mohan --- Internet Storm Center Handler on Duty

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Boring thousands of meters into the ground, Icelanders broke through to the magma layer, uncovering a vast ocean of lava that is now being used to produce steam power.
 
Twitter has acquired over 900 patents from IBM, a move likely intended to settle IBM's claims that Twitter was infringing on at least three of its patents.
 

According to newly published documents, Canadian spies tracked thousands of travelers online for days after they left an unnamed Canadian airport.

This revelation, gleaned from 2012 slides (PDF) provided by whistleblower Edward Snowden, shows that the Communications Security Establishment Canada (CSEC) conducted a real-world test that began with a “single seed Wi-Fi IP address” from an “international airport” and assembled a “set of user IDs seen on network address over two weeks.”

The technique appears to be related to one outlined by University of California San Diego and Microsoft researchers in a 2010 research paper (PDF).

Read 22 remaining paragraphs | Comments


    






 

Two days ago, Ars ran a syndicated story by software developer Naoki Hiroshima on how his potentially valuable Twitter handle was stolen (the story originally appeared on Medium). Hiroshima described a painful ordeal wherein an attacker extracted credit card information from his PayPal account, used that information to reset the login credentials for Hiroshima's GoDaddy account, and then modified the domain's MX records (the set of DNS entries that tell everyone else on the Internet where to send that domain's e-mail) away from Hiroshima's servers to their own. The attacker also appeared to have modified a number of other details of Hiroshima's GoDaddy account, making it impossible for Hiroshima to gain access. The attacker then attempted to reset the password to Hiroshima's Twitter account, "@N," but was unsuccessful.

Unable to gain access to the @N account, the attacker then e-mailed Hiroshima and threatened to take action against Hiroshima's website's domains unless he changed his Twitter handle to something else, allowing the attacker to assume the "@N" handle—which he would then presumably sell.

Hiroshima attempted to regain access to his GoDaddy account, but GoDaddy wouldn't restore his access, because Hiroshima no longer appeared to be the legitimate owner of the account. Even involving a GoDaddy executive didn't appear to fix things. A day later, after further threats from the attacker, Hiroshima surrendered the @N handle, and the attacker promptly sent Hiroshima his GoDaddy login credentials. It was a successful hostage exchange, as such things go, but Hiroshima found himself victimized with no apparent recourse other than acceding to the attacker's demands.

Read 57 remaining paragraphs | Comments


    






 
Joomla! Komento Unspecified Cross-Site Scripting Vulnerability
 
After sustained reports surfaced that Microsoft is close to naming its third-ever CEO, Satya Nadella, a 21-year veteran of the company, is now seen as the heir apparent.
 
Google and Samsung have grown closer over the past week following Google's sale of Motorola to Lenovo and a 10-year global patent cross-license agreement signed by the tech giants.
 
Volkswagen of America is looking to capitalize on an expected broad use of social media by viewers of Sunday's Super Bowl.
 
RSA

Researchers have unearthed malware that recently infected point-of-sale terminals at several dozen retailers in the US and other countries and successfully captured customers' payment card data.

"ChewBacca," as the crimeware is dubbed, scrapes large chunks of computer memory from infected terminals and dumps them to a file, a researcher from RSA reported in a blog post published Thursday. It then uses regular expressions and other programming techniques to extract data that was copied from credit and debit cards. ChewBacca also captures sensitive data using a generic keylogger.

"The ChewBacca trojan appears to be a simple piece of malware that, despite its lack of sophistication and defense mechanisms, succeeded in stealing payment card information from several dozen retailers around the world in a little more than two months," Yotam Gottesman, a senior security researcher on RSA's FirstWatch team, wrote. Researchers found that beginning in late October, ChewBacca had logged track 1 and 2 data of payment cards scanned on infected terminals. Most of the affected retailers were located in the US, although some were in other countries, including Russia, Canada, and Australia.

Read 4 remaining paragraphs | Comments


    






 
Once upon a time within Dell, managers who needed a business analysis report had to put in an IT request, a drawn out process that drove business units to set up their own shadow IT systems to run these numbers instead.
 
Republican leaders on Thursday released a broad framework for immigration reform as difficult to understand, and about as long, as a Dead Sea scroll fragment.
 
Hewlett-Packard's Zero Day Initiative has spelled out the rules for its March hacking contest, Pwn2Own, which will put two-thirds of a million dollars in prize money on the table for researchers who can hack the biggest browsers and most popular plug-ins.
 
The UCLA has a graduate-level program focused on teaching architects how to design intelligent robotic buildings. These buildings would be able to change their configuration to adapt to their owners' needs.
 
Linux Kernel 'compat_sys_recvmmsg()' Function Remote Memory Corruption Vulnerability
 
Oracle Solaris CVE-2013-5821 Local Security Vulnerability
 
Oracle Java SE CVE-2014-0415 Remote Security Vulnerability
 
LinuxSecurity.com: Updated openstack-keystone packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: Several security issues were fixed in libvirt.
 
LinuxSecurity.com: Several security issues were fixed in QEMU.
 
LinuxSecurity.com: Updated openstack-nova packages that fix two security issues and three bugs are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: Applications using the OTR secure chat protocol could be made to exposesensitive information over the network.
 
LinuxSecurity.com: Multiple vulnerabilities have been found in BIND, possibly resulting in Denial of Service.
 
LinuxSecurity.com: Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: Paras Sethia discovered that libcurl, a client-side URL transfer library, would sometimes mix up multiple HTTP and HTTPS connections with NTLM authentication to the same server, sending requests for one user over the connection authenticated as a different user. [More...]
 
LinuxSecurity.com: The system could be made to crash or run programs as an administrator.
 
LinuxSecurity.com: The system could be made to crash or run programs as an administrator.
 
LinuxSecurity.com: The system could be made to crash or run programs as an administrator.
 
Many have tried to create a marketable thin client, let alone a perfect one. So far, all have failed. But the Dell-Wyse Cloud Connect, announced this week, might be close.
 
Oracle Java SE CVE-2013-5896 Remote Security Vulnerability
 
Oracle Solaris CVE-2013-5876 Local Security Vulnerability
 
Zynga plans to buy U.K.-based game developer NaturalMotion for about $527 million while cutting 15 percent of its own workforce.
 
An Atlanta-based medical laboratory that has been embroiled in a bitter feud with the U.S. Federal Trade Commission over a data breach investigation shut down its operations this week.
 
Yahoo has entered into an agreement to acquire Incredible Labs, the startup behind mobile personal assistant app Donna.
 
President Obama has nominated an expert cryptologist to head the National Security Agency at a time when the agency is under pressure to reform its surveillance.
 
Organizations that want to run Apache Hadoop to analyze their big data without setting up a computer cluster can now procure the data processing framework as a service from a startup co-founded by the former CTO of Yahoo.
 
[SE-2013-01] Security vulnerabilities in Oracle Java Cloud Service
 
[SECURITY] [DSA 2849-1] curl security update
 
Joomla! JomSocial component < 3.1.0.1 - Remote code execution
 
Oracle Java SE CVE-2013-5898 Remote Security Vulnerability
 

Posted by InfoSec News on Jan 31

http://www.cbc.ca/news/politics/csec-used-airport-wi-fi-to-track-canadian-travellers-edward-snowden-documents-1.2517881

By Greg Weston, Glenn Greenwald, Ryan Gallagher
CBC News
Jan 30, 2014

A top secret document retrieved by U.S. whistleblower Edward Snowden and
obtained by CBC News shows that Canada's electronic spy agency used
information from the free internet service at a major Canadian airport to
track the wireless devices of...
 

Posted by InfoSec News on Jan 31

http://www.computerworld.com/s/article/9245908/Yahoo_resets_passwords_after_email_hack

By Jeremy Kirk
IDG News Service
January 30, 2014

Yahoo has been resetting email accounts that were targeted in an attack
apparently aimed at collecting personal information from recently sent
messages, the company said Thursday.

The list of usernames and passwords used for the attack was likely
collected when another company's database was breached,...
 

Posted by InfoSec News on Jan 31

http://www.informationweek.com/security/attacks-and-breaches/target-hackers-tapped-vendor-credentials/d/d-id/1113641?

By Mathew J. Schwartz
InformationWeek.com
1/30/2014

Target said Wednesday that the hackers who attacked the company employed
access credentials that were hardcoded into a product used by the
retailer.

"We can confirm that the ongoing forensic investigation has indicated that
the intruder stole a vendor's...
 

Posted by InfoSec News on Jan 31

http://techcrunch.com/2014/01/30/clinkle-gets-hacked-before-it-even-launches/

By Jordan Crook
@jordanrcrook
TechCrunch
January 30, 2014

Clinkle is the hottest app around to have done mostly nothing. The stealth
payments service, which has raised $30 million from big-name investors,
has yet to publicly launch. But that doesn’t mean it can’t be hacked.

Today, a guest user posted a list of 33 usernames, user IDs, profile
photos, and phone...
 

Posted by InfoSec News on Jan 31

http://www.wcax.com/story/24582782/new-questions-about-patient-privacy-at-north-country-hospital

By Melissa Howell
WCAX.com
Jan 29, 2014

NEWPORT, Vt. - North Country Hospital in Newport received a regulatory
citation from the Center for Medicare and Medicaid after two unauthorized
employees viewed confidential medical records. It was discovered last fall
that the hospital was not conducting proper surveillance when CMS made an
unannounced...
 
Internet Storm Center Infocon Status