security

Adobe Releases Fixes for Reader and Acrobat (September 16, 2014)

SANS NewsBites - Fri, 2014-09-19 17:00

Adobe has released fixes for vulnerabilities in Reader and Acrobat.......

Categories: security

Microsoft Pulls Problematic Lync Update (September 16, 2014)

SANS NewsBites - Fri, 2014-09-19 17:00

Microsoft has pulled a security update for Lync after users reported having trouble installing it.......

Categories: security

Friday Squid Blogging: Colossal Squid Dissected in New Zealand

Schneier on Security - Fri, 2014-09-19 16:29
Months after it was found in August, scientists have dissected a colossal squid. There's even video. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
Categories: security

iOS 8 Security

Schneier on Security - Fri, 2014-09-19 12:54
Apple claims that they can no longer unlock iPhones, even if the police show up with a warrant. Of course they still have access to everything in iCloud, but it's a start. EDITED TO ADD (9/19): Android is doing the same thing....
Categories: security

Fake Cell Phone Towers Across the US

Schneier on Security - Fri, 2014-09-19 06:11
Earlier this month, there were a bunch of stories about fake cell phone towers discovered around the US These seems to be IMSI catchers, like Harris Corporation's Stingray, and are used to capture location information and potentially phone calls, text messages, and smart-phone Internet traffic. A couple of days ago, the Washington Post ran a story about fake cell phone...
Categories: security

OWASP Releases Latest App Sec Guide

LinuxSecurity.com - Fri, 2014-09-19 06:11
LinuxSecurity.com: Advocates with the web application security consortium OWASP published the latest iteration of its Testing Guide this week. The guide, celebrating its 10th anniversary this year, is an informational manual designed to teach developers how to build and maintain secure applications in the face of ongoing threats.
Categories: linux, news, security

TOR users become FBI's No.1 hacking target after legal power grab

LinuxSecurity.com - Fri, 2014-09-19 06:06
LinuxSecurity.com: The FBI wants greater authority to hack overseas computers, according to a law professor. A Department of Justice proposal to amend Rule 41 of the Federal Rules of Criminal Procedure would make it easier for domestic law enforcement to hack into the computers of people attempting to protect their anonymity on the internet.
Categories: linux, news, security

Google to turn on encryption by default in next Android version

LinuxSecurity.com - Fri, 2014-09-19 06:04
LinuxSecurity.com: Google is turning on data encryption by default in the next version of Android, a step that mirrors broad moves in the technology industry to ensure better data security.
Categories: linux, news, security

Terrible Article on Vernam Ciphers

Schneier on Security - Thu, 2014-09-18 14:09
If there's anything that confuses wannabe cryptographers, it's one-time pads....
Categories: security

Debian: 3025-2: apt: Summary

LinuxSecurity.com - Thu, 2014-09-18 11:31
LinuxSecurity.com: Security Report Summary
Categories: linux, news, security

The Full Story of Yahoo's Fight Against PRISM

Schneier on Security - Thu, 2014-09-18 07:13
In 2008, Yahoo fought the NSA to avoid becoming part of the PRISM program. It eventually lost the court battle, and at one point was threatened with a $250,000 a day fine if it continued to resist. I am continually amazed at the extent of the government coercion....
Categories: security

Qubes: The Open Source OS Built for Security

LinuxSecurity.com - Thu, 2014-09-18 04:18
LinuxSecurity.com: This is why she and her team built Qubes OS, a security-focused open source operating system based on Fedora that, in essence, assumes that bugs are everywhere. Instead of running one kernel, Qubes isolates all functions into separate virtual machines using the Xen hypervisor.
Categories: linux, news, security

Encryption goof fixed in TorrentLocker file-locking malware

LinuxSecurity.com - Thu, 2014-09-18 04:13
LinuxSecurity.com: The developers of a type of malicious software that encrypts a computer's files and demands a ransom have fixed an error security experts said allowed files to be recovered without paying.
Categories: linux, news, security

Identifying Dread Pirate Roberts

Schneier on Security - Wed, 2014-09-17 14:30
According to court documents, Dread Pirate Roberts was identified because a CAPTCHA service used on the Silk Road login page leaked the users' true location....
Categories: security

Rogue cell towers discovered in Washington, D.C.

LinuxSecurity.com - Wed, 2014-09-17 12:08
LinuxSecurity.com: Towards the end of July, ESD America, the makers of the ultra-secure CryptoPhone, said that their engineers and customers had discovered more than a dozen rogue cell towers (also known as interceptors or IMSI catchers) around the U.S.
Categories: linux, news, security

FreeBSD Patches DoS Vulnerability

LinuxSecurity.com - Wed, 2014-09-17 12:07
LinuxSecurity.com: FreeBSD has patched a denial-of-service vulnerability that could affect a host of third-party packages built atop the UNIX-like operating system.
Categories: linux, news, security

Middle-School Dropout Codes Clever Chat Program That Foils NSA Spying

LinuxSecurity.com - Wed, 2014-09-17 12:06
LinuxSecurity.com: The National Security Agency has some of the brightest minds working on its sophisticated surveillance programs, including its metadata collection efforts. But a new chat program designed by a middle-school dropout in his spare time may turn out to be one of the best solutions to thwart those efforts.
Categories: linux, news, security

Debian: 3028-1: icedove: Summary

LinuxSecurity.com - Wed, 2014-09-17 11:02
LinuxSecurity.com: Security Report Summary
Categories: linux, news, security

Debian: 3027-1: libav: Summary

LinuxSecurity.com - Wed, 2014-09-17 10:55
LinuxSecurity.com: Security Report Summary
Categories: linux, news, security

Tracking People From their Cell Phones with an SS7 Vulnerability

Schneier on Security - Wed, 2014-09-17 07:15
What's interesting about this story is not that the cell phone system can track your location worldwide. That makes sense; the system has to know where you are. What's interesting about this story is that anyone can do it. Cyber-weapons arms manufacturers are selling the capability to governments worldwide, and hackers have demonstrated the capability....
Categories: security