Hackin9
Compliance practitioners say new mandates like the HIPAA Omnibus Rule and Obamacare are making enterprise compliance management even harder.

 
A report by iViZ Security Inc. found that overall vulnerabilities in security products in 2012 rose sharply.

 
Twitter has become an essential part of the small business marketing playbook, but it remains a difficult platform to get your arms around. Some tweets will go gangbusters, others will land with a thud.
 
 

Electronic “tattoos” and pills that turn your body into an authenticator are two next-steps in password protection that Motorola is working on, as described at a session Wednesday at AllThingsD’s D11 conference. Regina Dugan, senior vice president of the Advanced Technology and Projects group at Motorola Mobility, showed off two “wearable computing” oriented methods that remove the security tokens from the two-factor equation.

The electronic tattoos described must strike a balance between the “mechanical mismatch” of hard, rigid machines and soft, pliable humans, Dugan said. The “tattoo” Dugan wore, which appeared to be more like a sticker on her left wrist, uses “islands of high-performance silicon connected by accordion-like structures” that allow the tattoo to flex and move with her skin to stay on and remain functional. Presumably, the silicon and wires would eventually be embedded into the skin to make the user a proper bionic human.

The pill, on the other hand, turns one’s entire body into an authenticator. Dugan described the pill as a vitamin “reverse potato battery” that uses stomach acid as the electrolyte to power a switch. As the switch pulses on and off, it “creates an 18-bit EKG-like symbol in your body, and your body becomes the authenticator,” Dugan said.

Read 1 remaining paragraphs | Comments

 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0797 Local Privilege Escalation Vulnerability
 

iOS Devices Infected by Malware with Power Chargers – Black Hat 2013 Preview
SiliconANGLE (blog)
The yearly BlackHat event that caters to those in the infosec community is still some weeks away, but the anticipation surrounding some of the topics is already starting. Every year we're treated to a variety of research that is announced at the event ...

 
Add LinkedIn to the list of Internet companies trying to make themselves safer from cyberattacks by adding two-step authentication.
 
The company that owns a U.S. patent for podcasting is confident the patent will stand up to a challenge initiated this week by the Electronic Frontier Foundation.
 

BT, the UK-based telecommunications company with more than 18 million customers, is dumping Yahoo Mail following a successful hacking campaign that hijacked e-mail accounts and used them to send spam, according to published reports.

BT's plans come four months after Ars was among the first publications to report on the mass campaign. At the time, attackers were able to commandeer Yahoo Mail accounts because administrators had failed to apply an eight-month-old security patch in the WordPress content management system that powered one of its blogs. By including malicious JavaScript in innocuous-looking webpages, the attackers were able to exploit the vulnerability and seize control over Yahoo Mail accounts that happened to be open while the booby-trapped webpages were viewed.

In March, more than two months after Yahoo finally applied the WordPress fix, criminal spammers continued to hijack Yahoo Mail accounts, suggesting that other security holes remained. That same month, Vivek Sharma, the general manager of Yahoo Mail and Yahoo Messenger products reportedly vacated his post for unknown reasons.

Read 2 remaining paragraphs | Comments

 

Google's New Disclosure Policy: Helpful, or Who Cares?
eSecurity Planet
Google shakes up the InfoSec world with a new seven-day disclosure policy. But do top security researchers think it's a good idea? By Sean Michael Kerner | May 31, 2013. Share. One of the oldest debates in Information Security involves the right timing ...

and more »
 
With nightmarish superbugs threatening the lives of patients and healthcare workers, hospitals are using video cameras and wearable sensors to track who is and who isn't washing their hands before they touch a patient.
 
After 10 years, developers of Camino, a Mac-only browser built atop Mozilla's Gecko engine, called it quits yesterday.
 
The scoop: Logitech Wireless Headset Dual H820e, by Logitech, about $200 (mono version costs about $180).
 
Despite dismal forecasts for PCs and servers, tech stocks have been doing well on optimism about cloud technology and mobile devices.
 
As a three-kilometer-wide asteroid nears its closest approach to Earth this afternoon, there's no fear of a collision but space buffs are eagerly getting a close up view as it passes us by.
 
Imagine this situation.
 
Microsoft will get another shot at tempting businesses to try Windows 8 after it rolls out the "Blue" update later this year, analysts said Thursday.
 
ModSecurity CVE-2013-2765 NULL Pointer Dereference Remote Denial of Service Vulnerability
 
IBM Lotus Expeditor Request Header Spoofing Security Bypass Vulnerability
 
IBM Lotus Expeditor 'Eclipse Help' Component Directory Traversal Vulnerability
 
HTC has canceled plans to develop a larger Windows RT tablet because demand for tablets based on the Microsoft operating system has been weak.
 
Dell has written to shareholders they are better off accepting a bid from Michael Dell and Silver Lake to acquire the company than holding on to their shares.
 

Mobile Application Security: New SANS Survey Results Revealed
Wireless Developer Network (press release)
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...

and more »
 

Black Hat USA Reminds Early Reg Deadline For July Show Ends Friday
Dark Reading
And prior to the Briefings, Black Hat also provides a comprehensive roster of some of the most rigorous Training classes to be found anywhere in the InfoSec space. In fact, more than 40 percent of the Trainings offered are exclusive to Black Hat USA ...

 
A 14-year-old worker has been found dead after working at an electronics factory in China that may make products for Asus, another potential case of underage labor abuse in the country.
 
With PC sales lagging, Dell is changing its approach with customers. By asking a single question it is improving the company's relationships with its customers and their users. Competitors, take note.
 
Oracle plans to make changes to strengthen the security of Java, including fixing its certificate revocation checking feature, preventing unsigned applets from being executed by default and adding centralized management options with whitelisting capabilities for enterprise environments.
 
Dell has written to shareholders they are better off accepting a bid from Michael Dell and Silver Lake to acquire the company than holding on to their shares.
 
LinuxSecurity.com: The system could be made to crash or run programs as an administrator ifit received specially crafted network traffic.
 
LinuxSecurity.com: The system could be made to crash or run programs as an administrator ifit received specially crafted network traffic.
 
LinuxSecurity.com: The system could be made to crash or run programs as an administrator ifit received specially crafted network traffic.
 
LinuxSecurity.com: The system could be made to crash or run programs as an administrator ifit received specially crafted network traffic.
 
LinuxSecurity.com: The system could be made to crash or run programs as an administrator ifit received specially crafted network traffic.
 
LinuxSecurity.com: Updated libtirpc packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More...]
 
LinuxSecurity.com: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: Updated gnutls packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: A vulnerability has been discovered and corrected in gnutls: A flaw was found in the way GnuTLS decrypted TLS record packets when using CBC encryption. The number of pad bytes read form the packet was not checked against the cipher text size, resulting in an out of [More...]
 

New

VMSA-2013-0007

http://www.vmware.com/security/advisories/VMSA-2013-0007.html

 

Updated

VMSA 2013-0001

http://www.vmware.com/security/advisories/VMSA-2013-0001.html

VMSA 2013-0004

http://www.vmware.com/security/advisories/VMSA-2013-0004.html

Chris Mohan --- Internet Storm Center Handler on Duty

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Japan's public television broadcaster, NHK, is working on technology that will allow people to watch TV with their fingers.
 
Paying users can now protect their Evernote account via a two-step verification system. Two further security features also benefit users with free accounts
    


 
Version 2.3.14.2 of the Java framework fixes security problems that the developers have classified as highly critical
    


 
Linux Kernel CVE-2013-2850 Heap Based Buffer Overflow Vulnerability
 
Python RRDtool Module Function Format String Vulnerability
 

Mobile Application Security: New SANS Survey Results Revealed
Sacramento Bee
SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; and it operates the Internet's early warning system - the Internet Storm Center. At the heart of SANS are the many security ...

 

How to reduce IT security risk with IT asset management
TechTarget
... information security practitioners might be surprised to learn the ways in which the two disciplines intersect. Even better, knowledgeable, resourceful infosec pros can leverage IT asset management best practices to reduce IT risk within their ...

 
Foxconn's Hon Hai Precision Industry Co. has set up a new research center devoted to display and touch technologies in Japan that could end up hiring staff away from Sharp.
 
If the question about tornadoes comes up at his Oklahoma City data center, as it sometimes does, Todd Currie, vice president of operations and general manager at Perimeter Technology, has answers. He even has a cutout sample of his roof to show how it is built.
 
When it comes to smartphone safety, the single most important thing a mobile phone owner can do is lock the device with a unique, four-digit PIN.
 
Samsung Electronics' Galaxy Tab 10.1 does not infringe on Apple's iPad design right, the Supreme Court of the Netherlands ruled on Friday.
 
Material irrelevant to police investigation that was seized from Megaupload founder Kim Dotcom and three associates in January 2012 will have to be returned to them, a court in New Zealand has ruled.
 
An international team of researchers determined the size of large-scale botnets with peer-to-peer infrastructures. In some cases, they found over forty times more infected systems than the previous measurement method had indicated
    


 
Cisco Nexus 1000V NX-OS CVE-2013-1208 Security Bypass Vulnerability
 
Cisco Nexus 1000V NX-OS CVE-2013-1212 SSL Certificate Validation Security Bypass Vulnerability
 
Cisco Nexus 1000 Series Switches NX-OS CVE-2013-1209 Remote Authentication Bypass Vulnerability
 
Mt. Gox is requiring all users to verify their accounts in order to make non-bitcoin currency deposits and withdrawals, less than a week after U.S. authorities said they shut down online payment processor Liberty Reserve for alleged money laundering.
 
Intel's upcoming Atom tablet chip code-named Bay Trail will be repurposed for use in the company's Celeron and Pentium chips for entry-level laptops, desktops and all-in-ones, Intel said on Friday.
 
Cisco NX-OS Software for Nexus 1000 Series CVE-2013-1213 Remote Denial of Service Vulnerability
 
The U.S. government has lifted sanctions on the export of a variety of consumer communications devices, software and services including mobile phones to Iran ahead of elections in that country.
 
Self-driving vehicle technology is not yet at a stage that it can be authorized for use by the public for general driving, according to a U.S. Department of Transportation recommendation to state governments.
 
Internet Storm Center Infocon Status