RSS Feed

Netsec, comsec, infosec and IA news, research and trends



US Nuclear Regulatory Commission hacked 3 times in 3 years - "The first attack used a regular phishing email to trick staff into handing over their login credentials. The message asked them to verify their user accounts by clicking on a link which took them to a cloud-based Google spreadsheet they had to log in to view. The ruse targeted around 215 staff, of which 12 fell for the bait..."

VMware experts want to use virtualization to embed security controls into the fabric of the data center

Cryptography Expert Says, 'PGP Encryption is Fundamentally Broken, Time for PGP to Die'


Stuxnet Vulnerability Still Present on Millions of Machines: Is it a surprise to anyone that the "lion's share" of these machines are running Windows XP?

Hackers Breach Hospital Network, Steal 4.5 Million Patient Records


The NSA is developing an automatic malware-killer from Antoine


Fifteen zero days found in hacker router comp romp:  Four routers rooted in SOHOpelessly Broken challenge


All About Bitcoin Mining: Road To Riches Or Fool's Gold?


Hacker Redirects Traffic From 19 Internet Providers to Steal Bitcoins


Billions of accounts compromised


Massive, undetectable security flaw found in USB: It's time to get your PS/2 keyboard out of the cupboard from Joe. Any architecture that allows a device to say "Hello, please load this kernel module so that you can talk to me" is going to have such issues.

U.S. government warns retailers about malicious software from Lisa - Attacking POS systems has been a trend for a while now.


Computer Virus Catalog

Enraged Verizon FiOS Customer Posts Video Seemingly Proving ISP Throttles Netflix from Joe - Net Neutrality should be a thing. Users pay for bandwidth and receive said bandwidth. Imagine a taxicab charging a person's source and/or destination for a customers' arrival as well as charging the customer for the ride. Would anyone think that to be a rational system?


Some are only just now realizing Tor's true intended purpose.


Slashdot: "Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say"

"...Microsoft researchers have determined that reuse of the same password for low security services is safer than generating a unique password for each service..."

Microsoft research paper

Article from the Register referenced in Slashdot post above

Labels: , ,


"Gameover" malware revival - is it really up from the canvas?


World Cup security well executed... if you don't count the Wi-Fi


RSA: Brazil's 'Boleto Malware' stole nearly $4 billion in two years from Lenzy


Here is something that shows real promise. - The Ultra-Simple App That Lets Anyone Encrypt Anything

Some People Want A Time Limit On The NSA's 'Zero-Day' Exploits — Here's Why That's A Terrible Idea from Dave Aitel


Mysterious cyberattack compromises more than a thousand power plant systems - Article from Symantec on the issue - from Zach


WordPress Timthumb Exploit Resurfaces


Wearable technology creates new privacy issues for employers

With New Hack, Cellphone Can Get Data Out of Computers from Lenzy

Confiscated data must be returned or deleted if it's not covered by a warrant from Tarik


Beijing Implicated As Hong Kong Vote Sites Crash Under Massive DDoS

That awkward moment when you CC everyone instead of BCCing them: Email gaffe unmasks 'anonymous' bidders in Bitcoin auction


Ransomware with a happy ending


Boom Goes The Bitcoin from Joe


iOS 8 strikes an unexpected blow against location tracking


More tales from the Truecrypt

6.06.2014 is no more.


American Express issues alert after Anonymous dumps cardholder data

‘Operation Tovar’ Targets ‘Gameover’ ZeuS Botnet, CryptoLocker Scourge


Latest Kali Linux 1.0.7 offers persistent encrypted partition on USB stick

From Dark Reading,


"The whole situation is very odd, but there are clues to what might be happening," says Mark Bower, vice president at Voltage Security. "The TrueCrypt development team is largely anonymous, and has unclear origins. On the one hand, TrueCrypt is a product that is supposed to be transparent about its security design, yet there have always been unclear aspects to its origins. On the other hand, it was about to be put through a thorough crowd-funded technical audit. Was there something to hide? Maybe so."

Last month, iSEC Partners released a code audit of TrueCrypt and found no backdoors or serious vulnerabilities in the portion of code it reviewed, which included the Windows kernel driver and bootloader.

Tom Ritter, principal security consultant at iSEC Partners, considers the end of TrueCrypt to be a loss to the open-source community.


From Wired,

Snowden’s Crypto Software May Be Tainted Forever

    * By Robert McMillan 
    * 05.29.14  | 
    * 8:19 pm


"This week, a message appeared on the website that offers TrueCrypt, saying that the software “may contain some unfixed security issues” and should not be used. It was a big shock to the millions of people who now use the software to protect their online communications, but not just because it now seemed that the software was full of holes. The message arrived so suddenly–and without explanation–that many security experts are wondering if the message was posted by hackers who had compromised the website.

It’s all a bit of a mystery, because, like a small number of other open-source projects, TrueCrypt is built by anonymous developers. It’s hard to know if the good guys have screwed up or if the bad guys are in control.

That means TrueCrypt is now tainted in a way that may be permanent. The situation shows what can go wrong when software–even open-source software–is offered up by people who don’t identify themselves. Projects like the Tails secure operating-system should take heed. Researchers can still audit the TrueCrypt code, but that may not be enough. Because we don’t know who is in control of TrueCrypt, and how exactly to evaluate their claims, the project is tainted. "

The post itself is on the Truecrypt site,

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

This page exists only to help migrate existing data encrypted by TrueCrypt.

The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.

Migrating from TrueCrypt to BitLocker:"

Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation


Google removes NPAPI apps and extensions from Chrome Web Store homepage, search results, and category pagesGoogle hopes that killing of NPAPI support will “improve Chrome’s security, speed, and stability as well as reduce complexity in the code base.”

Apple IDs Compromised: iPhones, iPads, and Macs Locked, Held for Ransom

Spotify, security firm Avast report hacks that spill user data

eBay Fumbles Password Reset Warning


CryptoLocker Goes Spear-Phishing from Lenzy


Critical Internet Explorer zero-day exploit detailed after Microsoft fails to patch it from Zachary


The US Navy was hacked from inside its own aircraft carrier from Mike

This page is powered by Blogger.

Site Meter Locations of visitors to this page