security

iPhone Encryption and the Return of the Crypto Wars

LinuxSecurity.com - Wed, 2014-10-22 04:46
LinuxSecurity.com: Last week, Apple announced that it is closing a serious security vulnerability in the iPhone. It used to be that the phone's encryption only protected a small amount of the data, and Apple had the ability to bypass security on the rest of it.
Categories: linux, news, security

USB is now UEC (use with extreme caution)

LinuxSecurity.com - Wed, 2014-10-22 04:44
LinuxSecurity.com: USB is an acronym for Universal Serial Bus; at least that is what it has stood for since 1999 when it was patented. But now it may take on a new meaning and instead stand for Ultimate Security Breakdown.
Categories: linux, news, security

Red Hat: 2014:1677-01: wireshark: Moderate Advisory

LinuxSecurity.com - Tue, 2014-10-21 12:27
LinuxSecurity.com: Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security [More...]
Categories: linux, news, security

Red Hat: 2014:1676-01: wireshark: Moderate Advisory

LinuxSecurity.com - Tue, 2014-10-21 12:19
LinuxSecurity.com: Updated wireshark packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security [More...]
Categories: linux, news, security

Finding a Video Poker Bug Made These Guys Rich-Then Vegas Made Them Pay

LinuxSecurity.com - Tue, 2014-10-21 04:18
LinuxSecurity.com: John Kane was on a hell of a winning streak. On July 3, 2009, he walked alone into the high-limit room at the Silverton Casino in Las Vegas and sat down at a video poker machine called the Game King. Six minutes later the purple light on the top of the machine flashed, signaling a $4,300 jackpot.
Categories: linux, news, security

RIPS - Static Source Code Analysis For PHP Vulnerabilities

LinuxSecurity.com - Tue, 2014-10-21 04:16
LinuxSecurity.com: RIPS is a tool written in PHP to find vulnerabilities using static source code analysis for PHP web applications. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by user input (influenced by a malicious user) during the program flow.
Categories: linux, news, security

Hacker Halted 2014: Johnny Long Calls for Hackers for Charity Volunteers

LinuxSecurity.com - Tue, 2014-10-21 04:14
LinuxSecurity.com: The irony was not lost on Johnny Long. On the silver screen, both hackers and zombies are typically associated with disaster, so the fact that he was at a zombie-themed security conference to speak about hackers making a positive difference in the world seemed satirical.
Categories: linux, news, security

Mandriva: 2014:201: kernel

LinuxSecurity.com - Mon, 2014-10-20 23:57
LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in the Linux kernel: The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, [More...]
Categories: linux, news, security

Mandriva: 2014:200: bugzilla

LinuxSecurity.com - Mon, 2014-10-20 23:42
LinuxSecurity.com: Updated bugzilla packages fix security vulnerabilities: If a new comment was marked private to the insider group, and a flag was set in the same transaction, the comment would be visible to flag recipients even if they were not in the insider group (CVE-2014-1571). [More...]
Categories: linux, news, security

Mandriva: 2014:199: perl

LinuxSecurity.com - Mon, 2014-10-20 23:36
LinuxSecurity.com: Updated perl and perl-Data-Dumper packages fixes security vulnerability: The Dumper method in Data::Dumper before 2.154, allows context-dependent attackers to cause a denial of service (stack [More...]
Categories: linux, news, security

Mandriva: 2014:198: mediawiki

LinuxSecurity.com - Mon, 2014-10-20 23:27
LinuxSecurity.com: Updated mediawiki packages fix security vulnerability: MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to JavaScript injection via CSS in uploaded SVG files (CVE-2014-7199). [More...]
Categories: linux, news, security

What a hacker can learn about your life from the coffee shop's Wi-Fi network

LinuxSecurity.com - Mon, 2014-10-20 04:38
LinuxSecurity.com: We often shift between a phone signal, private internet connections, and public Wi-Fi networks. You pass by your local Starbucks, for example, and the phone remembers you've been there in the past and latches on to its signal-without you thinking too much about it.
Categories: linux, news, security

Mobile Device Encryption Could Lead to a 'Very, Very Dark Place', FBI Director Says

LinuxSecurity.com - Mon, 2014-10-20 04:36
LinuxSecurity.com: FBI Director James Comey said Thursday that the recent movement toward default encryption of smartphones and other devices could "lead us to a very, very dark place." Echoing comments made by law enforcement officials for the last several decades, Comey said that the advanced cryptosystems available today threaten to cripple the ability of intelligence and law enforcement agencies to gather vital information on criminals.
Categories: linux, news, security

Friday Squid Blogging: 1,057 Squid T-Shirts

Schneier on Security - Fri, 2014-10-17 17:17
That's a lot. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Commenting has been broken for the past few days. We hope to get it fixed on Monday....
Categories: security

Bash/Shellshock Patches May Not be Enough to Protect Systems (October 15, 2014)

SANS NewsBites - Fri, 2014-10-17 17:00

Simply patching systems against the Bash/Shellshock vulnerability may not be adequate.......

Categories: security

Cyber Security Must be Built Into Battlefield Systems Acquisition Process (October 14, 2014)

SANS NewsBites - Fri, 2014-10-17 17:00

Cyber security needs to be built into the acquisitions process for battlefield components.......

Categories: security

FBI Director Acknowledges Some Warrantless Data Collection, Calls for Updated Wiretapping Laws (October 16, 2014)

SANS NewsBites - Fri, 2014-10-17 17:00

FBI Director James Comey has admitted that in some cases, his agency does collect information without a warrant.......

Categories: security

Drupal Issues Patch for Critical Vulnerability (October 15 & 16, 2014)

SANS NewsBites - Fri, 2014-10-17 17:00

A critical vulnerability in Drupal 7.......

Categories: security

South Korea Considering Issuing New National ID Numbers (October 14 & 16, 2014)

SANS NewsBites - Fri, 2014-10-17 17:00

South Korea is considering reissuing national ID cards for every citizen following a series of breaches that compromised the current national ID numbers of nearly 80 percent of the country's population.......

Categories: security