NetSec
  corner   



HOME

LINUX

CYBERLAW

VIRTUALIZATION

Bugtraq

Packetstorm

FD

GrokLaw


RSS Feed


Netsec, comsec, infosec and IA news, research and trends

 

8.19.2014

 
US Nuclear Regulatory Commission hacked 3 times in 3 years - "The first attack used a regular phishing email to trick staff into handing over their login credentials. The message asked them to verify their user accounts by clicking on a link which took them to a cloud-based Google spreadsheet they had to log in to view. The ruse targeted around 215 staff, of which 12 fell for the bait..."

 
VMware experts want to use virtualization to embed security controls into the fabric of the data center

 
Cryptography Expert Says, 'PGP Encryption is Fundamentally Broken, Time for PGP to Die'



8.18.2014

 
Stuxnet Vulnerability Still Present on Millions of Machines: Is it a surprise to anyone that the "lion's share" of these machines are running Windows XP?

 
Hackers Breach Hospital Network, Steal 4.5 Million Patient Records



8.14.2014

 
The NSA is developing an automatic malware-killer from Antoine



8.13.2014

 
Fifteen zero days found in hacker router comp romp:  Four routers rooted in SOHOpelessly Broken challenge



8.10.2014

 
All About Bitcoin Mining: Road To Riches Or Fool's Gold?



8.08.2014

 
Hacker Redirects Traffic From 19 Internet Providers to Steal Bitcoins



8.05.2014

 
Billions of accounts compromised



8.01.2014

 
Massive, undetectable security flaw found in USB: It's time to get your PS/2 keyboard out of the cupboard from Joe. Any architecture that allows a device to say "Hello, please load this kernel module so that you can talk to me" is going to have such issues.

 
U.S. government warns retailers about malicious software from Lisa - Attacking POS systems has been a trend for a while now.



7.28.2014

 
Computer Virus Catalog

 
Enraged Verizon FiOS Customer Posts Video Seemingly Proving ISP Throttles Netflix from Joe - Net Neutrality should be a thing. Users pay for bandwidth and receive said bandwidth. Imagine a taxicab charging a person's source and/or destination for a customers' arrival as well as charging the customer for the ride. Would anyone think that to be a rational system?



7.19.2014

 
Some are only just now realizing Tor's true intended purpose.



7.16.2014

 
Slashdot: "Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say"

"...Microsoft researchers have determined that reuse of the same password for low security services is safer than generating a unique password for each service..."

Microsoft research paper

Article from the Register referenced in Slashdot post above

Labels: , ,




7.15.2014

 
"Gameover" malware revival - is it really up from the canvas?



7.14.2014

 
World Cup security well executed... if you don't count the Wi-Fi



7.04.2014

 
RSA: Brazil's 'Boleto Malware' stole nearly $4 billion in two years from Lenzy



7.03.2014

 
Here is something that shows real promise. - The Ultra-Simple App That Lets Anyone Encrypt Anything

 
Some People Want A Time Limit On The NSA's 'Zero-Day' Exploits — Here's Why That's A Terrible Idea from Dave Aitel



7.01.2014

 
Mysterious cyberattack compromises more than a thousand power plant systems - Article from Symantec on the issue - from Zach



6.29.2014

 
WordPress Timthumb Exploit Resurfaces



6.24.2014

 
Wearable technology creates new privacy issues for employers

 
With New Hack, Cellphone Can Get Data Out of Computers from Lenzy

 
Confiscated data must be returned or deleted if it's not covered by a warrant from Tarik



6.20.2014

 
Beijing Implicated As Hong Kong Vote Sites Crash Under Massive DDoS

 
That awkward moment when you CC everyone instead of BCCing them: Email gaffe unmasks 'anonymous' bidders in Bitcoin auction



6.18.2014

 
Ransomware with a happy ending



6.14.2014

 
Boom Goes The Bitcoin from Joe



6.09.2014

 
iOS 8 strikes an unexpected blow against location tracking



6.07.2014

 
More tales from the Truecrypt



6.06.2014

 
Truecrypt.org is no more.



6.02.2014

 
American Express issues alert after Anonymous dumps cardholder data

 
‘Operation Tovar’ Targets ‘Gameover’ ZeuS Botnet, CryptoLocker Scourge



5.30.2014

 
Latest Kali Linux 1.0.7 offers persistent encrypted partition on USB stick

 
From Dark Reading, http://www.darkreading.com/endpoint/the-mystery-of-the-truecrypt-encryption-software-shutdown-/d/d-id/1269323?

Excerpt:

"The whole situation is very odd, but there are clues to what might be happening," says Mark Bower, vice president at Voltage Security. "The TrueCrypt development team is largely anonymous, and has unclear origins. On the one hand, TrueCrypt is a product that is supposed to be transparent about its security design, yet there have always been unclear aspects to its origins. On the other hand, it was about to be put through a thorough crowd-funded technical audit. Was there something to hide? Maybe so."

Last month, iSEC Partners released a code audit of TrueCrypt and found no backdoors or serious vulnerabilities in the portion of code it reviewed, which included the Windows kernel driver and bootloader.

Tom Ritter, principal security consultant at iSEC Partners, considers the end of TrueCrypt to be a loss to the open-source community.



5.29.2014

 
From Wired, http://www.wired.com/2014/05/truecrypt/

Snowden’s Crypto Software May Be Tainted Forever

    * By Robert McMillan 
    * 05.29.14  | 
    * 8:19 pm

Excerpt:

"This week, a message appeared on the website that offers TrueCrypt, saying that the software “may contain some unfixed security issues” and should not be used. It was a big shock to the millions of people who now use the software to protect their online communications, but not just because it now seemed that the software was full of holes. The message arrived so suddenly–and without explanation–that many security experts are wondering if the message was posted by hackers who had compromised the website.

It’s all a bit of a mystery, because, like a small number of other open-source projects, TrueCrypt is built by anonymous developers. It’s hard to know if the good guys have screwed up or if the bad guys are in control.

That means TrueCrypt is now tainted in a way that may be permanent. The situation shows what can go wrong when software–even open-source software–is offered up by people who don’t identify themselves. Projects like the Tails secure operating-system should take heed. Researchers can still audit the TrueCrypt code, but that may not be enough. Because we don’t know who is in control of TrueCrypt, and how exactly to evaluate their claims, the project is tainted. "


The post itself is on the Truecrypt site, http://truecrypt.sourceforge.net/

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.


Migrating from TrueCrypt to BitLocker:"

 
Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation



5.27.2014

 
Google removes NPAPI apps and extensions from Chrome Web Store homepage, search results, and category pagesGoogle hopes that killing of NPAPI support will “improve Chrome’s security, speed, and stability as well as reduce complexity in the code base.”

 
Apple IDs Compromised: iPhones, iPads, and Macs Locked, Held for Ransom

 
Spotify, security firm Avast report hacks that spill user data

 
eBay Fumbles Password Reset Warning



5.24.2014

 
CryptoLocker Goes Spear-Phishing from Lenzy



5.23.2014

 
Critical Internet Explorer zero-day exploit detailed after Microsoft fails to patch it from Zachary



5.22.2014

 
The US Navy was hacked from inside its own aircraft carrier from Mike





This page is powered by Blogger.


Site Meter Locations of visitors to this page