LINUX
CYBERLAW
VIRTUALIZATION
Bugtraq
Packetstorm
FD
GrokLaw
RSS Feed
Netsec, comsec, infosec and IA news, research and trends
12.23.2014
Cyberattack on German steel factory causes 'massive damage' from Joe
12.19.2014
Critical 'Misfortune Cookie' bug puts millions of internet-connected routers at risk from Joe
12.16.2014
US Congress OKs 'unprecedented' codification of warrantless surveillance - from Joe
All your SSL are belong to U.S.?
"Communications can be retained indefinitely if they have to do with foreign intelligence or counterintelligence, contain evidence of a crime, or are "enciphered" or "reasonably believed to have a secret meaning," among other conditions."
11.27.2014
Zen and the Art of Cloud Database Security (Part 1) from Tarik - DBs should reside on private clouds.
Hackers Exfiltrating Data with Video Steganography via Cloud Video Services from Tariq
11.14.2014
Anyone running a Windows Server should patch stat.
11.13.2014
Virginia Police Have Been Secretively Stockpiling Private Phone Records - Gen. Hayden states during an April debate that “We kill people... based on metadata.”
10.28.2014
Poodle Attacks on SSL 3.0 from Dennis
10.21.2014
Facebook prowls the internet looking for your password
10.11.2014
IMAP C&C channels have some massive advantages for attackers and penetration testers
10.09.2014
Twitter Sues DOJ Over National Security Letter Disclosures - from Nicole
10.06.2014
83,000,000 customer's data compromised at JP Morgan Chase. from Nam - Reports are that card numbers, social security numbers etc were not disclosed, just names, addresses, phone numbers and email addresses.
9.25.2014
Serious BASH vulnerability. Update, update update.
Read Red Hat's Security blog, Ubuntu's advisory, and US-Cert's advisory.
Bash specially-crafted environment variables code injection attack
9.20.2014
Apple Can't Decrypt Data for Law Enforcement; Is It Enough? from Nicole
9.19.2014
Dark web getting darker
Fraud Analytics: Heat Map of Potential Retail Data Breaches by State from Tarik
5 Million Gmail Addresses and Passwords Exposed, ‘No Evidence of Compromise,’ Says Google
from Tarik
9.18.2014
Home Depot Hack Could Be Largest Ever: 56 Million Credit Cards at Risk
9.16.2014
Just how much information can be squeezed from one week of your metadata?
9.14.2014
Chinese Attack Groups Operate in Parallel in Cyber Espionage Campaigns: FireEye from Tarik
9.11.2014
New Proposal Could Singlehandedly Cripple Free Speech Online from Nicole
9.10.2014
Five million Gmail addresses and passwords dumped online
9.08.2014
Home Depot confirms suspected customer data breach Anyone who shopped at a Home Depot store with a payment card since April may be exposed to the hack, the home improvement retailer says.
9.04.2014
Nothing new here but of interest to many: "The growing security threat to virtual systems"
Law Enforcement Agencies Scramble For Pricey Cell Tower Spoofer Upgrades As Older Networks Are Shut Down from TC.
9.02.2014
Using WPS on your Wi-Fi router may be even more dangerous than you think
8.28.2014
Group finds way to decrypt files after Cryptolocker Ransomeware
8.26.2014
Duping the machine - the cunning malware that throws off researchers: "The trouble with analysing malware in a sandbox environment is when the malware is cunning enough to realise, and then employs a variety of techniques to throw off researchers."
8.19.2014
US Nuclear Regulatory Commission hacked 3 times in 3 years - "The first attack used a regular phishing email to trick staff into handing over their login credentials. The message asked them to verify their user accounts by clicking on a link which took them to a cloud-based Google spreadsheet they had to log in to view. The ruse targeted around 215 staff, of which 12 fell for the bait..."
VMware experts want to use virtualization to embed security controls into the fabric of the data center
Cryptography Expert Says, 'PGP Encryption is Fundamentally Broken, Time for PGP to Die'
8.18.2014
Stuxnet Vulnerability Still Present on Millions of Machines: Is it a surprise to anyone that the "lion's share" of these machines are running Windows XP?
Hackers Breach Hospital Network, Steal 4.5 Million Patient Records
8.14.2014
The NSA is developing an automatic malware-killer from Antoine
8.13.2014
Fifteen zero days found in hacker router comp romp: Four routers rooted in SOHOpelessly Broken challenge
8.10.2014
All About Bitcoin Mining: Road To Riches Or Fool's Gold?
8.08.2014
Hacker Redirects Traffic From 19 Internet Providers to Steal Bitcoins
8.05.2014
Billions of accounts compromised
8.01.2014
Massive, undetectable security flaw found in USB: It's time to get your PS/2 keyboard out of the cupboard from Joe. Any architecture that allows a device to say "Hello, please load this kernel module so that you can talk to me" is going to have such issues.
U.S. government warns retailers about malicious software from Lisa - Attacking POS systems has been a trend for a while now.
7.28.2014
Computer Virus Catalog
Enraged Verizon FiOS Customer Posts Video Seemingly Proving ISP Throttles Netflix from Joe - Net Neutrality should be a thing. Users pay for bandwidth and receive said bandwidth. Imagine a taxicab charging a person's source and/or destination for a customers' arrival as well as charging the customer for the ride. Would anyone think that to be a rational system?
7.19.2014
Some are only just now realizing Tor's true intended purpose.
7.16.2014
Slashdot: "Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say"
"...Microsoft researchers have determined that reuse of the same password for low security services is safer than generating a unique password for each service..."
Microsoft research paper
Article from the Register referenced in Slashdot post aboveLabels: microsoft, passwords, research
7.15.2014
"Gameover" malware revival - is it really up from the canvas?
7.14.2014
World Cup security well executed... if you don't count the Wi-Fi
7.04.2014
RSA: Brazil's 'Boleto Malware' stole nearly $4 billion in two years from Lenzy
7.03.2014
Here is something that shows real promise. - The Ultra-Simple App That Lets Anyone Encrypt Anything
Some People Want A Time Limit On The NSA's 'Zero-Day' Exploits — Here's Why That's A Terrible Idea from Dave Aitel
7.01.2014
Mysterious cyberattack compromises more than a thousand power plant systems - Article from Symantec on the issue - from Zach
6.29.2014
WordPress Timthumb Exploit Resurfaces
6.24.2014
Wearable technology creates new privacy issues for employers
With New Hack, Cellphone Can Get Data Out of Computers from Lenzy
Confiscated data must be returned or deleted if it's not covered by a warrant from Tarik
6.20.2014
Beijing Implicated As Hong Kong Vote Sites Crash Under Massive DDoS
That awkward moment when you CC everyone instead of BCCing them: Email gaffe unmasks 'anonymous' bidders in Bitcoin auction
6.18.2014
Ransomware with a happy ending
6.14.2014
Boom Goes The Bitcoin from Joe
6.09.2014
iOS 8 strikes an unexpected blow against location tracking
6.07.2014
More tales from the Truecrypt
6.06.2014
Truecrypt.org is no more.
6.02.2014
American Express issues alert after Anonymous dumps cardholder data
‘Operation Tovar’ Targets ‘Gameover’ ZeuS Botnet, CryptoLocker Scourge
5.30.2014
Latest Kali Linux 1.0.7 offers persistent encrypted partition on USB stick
From Dark Reading, http://www.darkreading.com/endpoint/the-mystery-of-the-truecrypt-encryption-software-shutdown-/d/d-id/1269323?
Excerpt:
"The whole situation is very odd, but there are clues to what might be happening," says Mark Bower, vice president at Voltage Security. "The TrueCrypt development team is largely anonymous, and has unclear origins. On the one hand, TrueCrypt is a product that is supposed to be transparent about its security design, yet there have always been unclear aspects to its origins. On the other hand, it was about to be put through a thorough crowd-funded technical audit. Was there something to hide? Maybe so."
Last month, iSEC Partners released a code audit of TrueCrypt and found no backdoors or serious vulnerabilities in the portion of code it reviewed, which included the Windows kernel driver and bootloader.
Tom Ritter, principal security consultant at iSEC Partners, considers the end of TrueCrypt to be a loss to the open-source community.
5.29.2014
From Wired, http://www.wired.com/2014/05/truecrypt/
Snowden’s Crypto Software May Be Tainted Forever
* By Robert McMillan
* 05.29.14 |
* 8:19 pm
Excerpt:
"This week, a message appeared on the website that offers TrueCrypt, saying that the software “may contain some unfixed security issues” and should not be used. It was a big shock to the millions of people who now use the software to protect their online communications, but not just because it now seemed that the software was full of holes. The message arrived so suddenly–and without explanation–that many security experts are wondering if the message was posted by hackers who had compromised the website.
It’s all a bit of a mystery, because, like a small number of other open-source projects, TrueCrypt is built by anonymous developers. It’s hard to know if the good guys have screwed up or if the bad guys are in control.
That means TrueCrypt is now tainted in a way that may be permanent. The situation shows what can go wrong when software–even open-source software–is offered up by people who don’t identify themselves. Projects like the Tails secure operating-system should take heed. Researchers can still audit the TrueCrypt code, but that may not be enough. Because we don’t know who is in control of TrueCrypt, and how exactly to evaluate their claims, the project is tainted. "
The post itself is on the Truecrypt site, http://truecrypt.sourceforge.net/
"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
This page exists only to help migrate existing data encrypted by TrueCrypt.
The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.
Migrating from TrueCrypt to BitLocker:"
Iranian Hackers Targeted US Officials in Elaborate Social Media Attack Operation
5.27.2014
Google removes NPAPI apps and extensions from Chrome Web Store homepage, search results, and category pages - Google hopes that killing of NPAPI support will “improve Chrome’s security, speed, and stability as well as reduce complexity in the code base.”
Apple IDs Compromised: iPhones, iPads, and Macs Locked, Held for Ransom
Spotify, security firm Avast report hacks that spill user data
eBay Fumbles Password Reset Warning
5.24.2014
CryptoLocker Goes Spear-Phishing from Lenzy
5.23.2014
Critical Internet Explorer zero-day exploit detailed after Microsoft fails to patch it from Zachary
5.22.2014
The US Navy was hacked from inside its own aircraft carrier from Mike
5.21.2014
Another day, another breach. eBay urging users to change passwords after cyberattack.
5.14.2014
George R.R. Martin Tells Conan His Secret Weapon: a DOS Computer - 'Game of Thrones' author admits he writes on an outdated machine without Internet
5.02.2014
Serious security flaw in OAuth, OpenID discovered
4.30.2014
Anonymous OS reportedly used by Snowden reaches version 1.0
4.29.2014
Meet The Woman Who Did Everything In Her Power To Hide Her Pregnancy From Google In the end her conclusion was simple: hiding from big data is so inconvenient and expensive that she doesn’t recommend it as a lifestyle choice.
4.08.2014
Heartbleed OpenSSL Bug
Tor: If You Want Privacy or Anonymity, Stay Off the Internet This Week
A pretty serious flaw exposes TLS dependent services in OpenSSL, dubbed "HeartBleed." Patch now!
CERT: http://www.kb.cert.org/vuls/id/720951
FAQ: http://heartbleed.com/
4.04.2014
5-Year Old Kid Finds A Security Exploit On The Xbox One, Gets A Researcher Credit
4.02.2014
Ready to feel your blood boil? Here’s Verizon’s explanation for why we don’t need net neutrality
3.20.2014
Google Now Encrypts Gmail Traffic To And From Its Servers
3.17.2014
A newly discovered encryption weakness in iOS 7 could put iPad and iPhone owners at risk.
3.14.2014
Attack that could disrupt the entire Internet
IARPA - Request for Information (RFI) - Cyber Attack Data
3.10.2014
Ukraine's computers 'targeted by powerful virus'
3.06.2014
Who needs to pull off a conventional bank robbery when you can simply steal Bitcoin online?
Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
3.05.2014
Closing the IT security communications gap
Everyone in the enterprise has a very different grasp on IT risk, and different ways to express it. Putting financial metrics on IT risk gives everyone a common language.
2.26.2014
Researchers at the University of Liverpool claim to have created a computer virus that can spread via Wi-Fi as efficiently as the common cold infects humans.
Chameleon can spread through densely populated areas like the common cold, the researchers claim, by hopping from network to network via access points, spreading rapidly amongst homes and businesses.
New Android "Blackphone" thinks your privacy is worth $629
D'oh! Hundreds of Millions of Stolen Login Credentials Found Online
2.25.2014
Purported iOS 'flaw' lets nefarious apps secretly log keystrokes in background
Proof of concept captures all SSL traffic via Apple's goto fail exploit
2.24.2014
IEEE and other publishers remove gibberish computer-generated research papers, including ones alleged to have been peer reviewed
2.23.2014
Latest iPhone Update Fixes Major Security Flaw That Apple Kept Quiet
2.22.2014
Because of recent blows to net neutrality Netflix streaming is getting slower (and probably won’t get better any time soon)
2.20.2014
Multifactor Authentication for Office 365 Expanded to Regular Users
2.19.2014
Google Announces Plans To Expand Fiber To 34 Additional U.S. Cities
2.17.2014
Google Acquires SlickLogin, The Sound-Based Password Alternative
2.16.2014
What is the Link Between Processors and Security?
2.15.2014
What Google really means when it calls Android 'open' from John
2.14.2014
Mac BitCoin Trojan Found on Legit Software Sites
Linksys Worm ("TheMoon") Captured from Nathan
2.13.2014
NIST launches Cybersecurity Framework (FWIW)
2.12.2014
Flappy Birds malware shenanigans have been discovered in multiple 3d party app marketplaces
2.07.2014
IRC network calls for investigations over GCHQ's attack on Anonymous. QuakeNet calls GCHQ actions grossly hypocritical
The Herculean task of running IT at the Olympics
2.06.2014
Hacked Within Minutes: Sochi Visitors Face An Internet Minefield
1.14.2014
Bypass a padlock in seconds
1.02.2014
Inside TAO, or What Have You Mail Ordered Recently?
Yet more NSA high-handedness comes to light
