security

Gentoo: 201408-08 file: Denial of Service

LinuxSecurity.com - Fri, 2014-08-29 00:07
LinuxSecurity.com: A vulnerability in file could result in Denial of Service.
Categories: linux, news, security

Ubuntu: 2328-1: GNU C Library vulnerability

LinuxSecurity.com - Thu, 2014-08-28 17:11
LinuxSecurity.com: Certain applications could be made to crash or run programs as anadministrator.
Categories: linux, news, security

These 3-D Printed Skeleton Keys Can Pick High-Security Locks in Seconds

LinuxSecurity.com - Thu, 2014-08-28 06:37
LinuxSecurity.com: One of the hairier unintended consequences of cheap 3-D printing is that any troublemaker can duplicate a key without setting foot in a hardware store. But clever lockpickers like Jos Weyers and Christian Holler already are taking that DIY key-making trick a step further: They can 3-D print a slice of plastic or metal that opens even high-security locks in seconds, without even seeing the original key.
Categories: linux, news, security

Mozilla reports user data leak from Bugzilla project

LinuxSecurity.com - Thu, 2014-08-28 06:36
LinuxSecurity.com: Email addresses and encrypted passwords of around 97,000 users who tested early builds of the Bugzilla bug tracking software were left exposed for three months following a server migration.
Categories: linux, news, security

Hacking Traffic Lights

Schneier on Security - Thu, 2014-08-28 06:14
New paper: "Green Lights Forever: Analyzing the Security of Traffic Infrastructure," Branden Ghena, William Beyer, Allen Hillaker, Jonathan Pevarnek, and J. Alex Halderman. Abstract: The safety critical nature of traffic infrastructure requires that it be secure against computer-based attacks, but this is not always the case. We investigate a networked traffic signal system currently deployed in the United States and...
Categories: security

China to Launch PC Operating System This Fall (August 24, 2014)

SANS NewsBites - Wed, 2014-08-27 17:00

China's Xinhua news agency reports that the government plans to release its own operating system (OS) so that users there do not need to run OSes made outside the country.......

Categories: security

USIS Breach Affected Undercover Investigators (August 22 & 23, 2014)

SANS NewsBites - Wed, 2014-08-27 17:00

The data security breach at US military contractor US Investigations Services (USIS) is believed to have affected 25,000 individuals, some of whom are undercover investigators.......

Categories: security

White House Cyber Security Czar's Technical Experience Comments Spark Debate (August 22 & 25, 2014)

SANS NewsBites - Wed, 2014-08-27 17:00

While the White House has defended Michael Daniel's assertion that his lack of technical expertise is an asset to his position as the administration's cybersecurity coordinator, others say that it raises concerns.......

Categories: security

Shortage of Cybersec Professionals Exacerbated by Hiring Barriers (August 25, 2014)

SANS NewsBites - Wed, 2014-08-27 17:00

It was apparent at the Black Hat USA 2014 conference this month that the demand for capable and qualified information security professionals far outstrips the supply.......

Categories: security

NIST Report Urges Tighter Implementation of SSH (August 25, 2014)

SANS NewsBites - Wed, 2014-08-27 17:00

According to a report from the National Institute of Standards and Technology (NIST), US companies are not implementing Secure Shell (SSH) appropriately or well.......

Categories: security

European Automobile Industry Businesses Targeted in Phishing Attack (August 25, 2014)

SANS NewsBites - Wed, 2014-08-27 17:00

Data thieves are using spear phishing attacks to steal data from automobile industry companies in Europe.......

Categories: security

Sixteen People Arrested in Connection with Korean Data Theft (August 25, 2014)

SANS NewsBites - Wed, 2014-08-27 17:00

Police in South Korea have arrested 16 people in connection with a scheme that compromised the personal information of as many as 75 million people.......

Categories: security

Survey Says Companies Not Prepared to Manage Insider Threats (August 22, 2014)

SANS NewsBites - Wed, 2014-08-27 17:00

According to the "2014 Insider Threat Survey" from Spectorsoft, more than half of IT and security professionals feel that their organizations are not adequately prepared to deal with insider threats.......

Categories: security

Backoff Point-of-Sale Malware Has Compromised 1,000+ Networks (August 22 & 23, 2013)

SANS NewsBites - Wed, 2014-08-27 17:00

Point-of-sale malware known as Backoff reportedly used in the breach of systems at UPS stores is also believed to be responsible for compromising networks of more than 1,000 other US businesses including Target.......

Categories: security

DHS Cyberthreat Information Sharing Program Information is Hard to Find (August 22, 2014)

SANS NewsBites - Wed, 2014-08-27 17:00

Despite a 2013 executive order directing the US Department of Homeland Security (DHS) to expand a cyber threat information-sharing program to 16 critical infrastructure sectors, including state and local governments, most state officials are unaware of the program.......

Categories: security

33-Month Prison Sentence for Film Piracy (August 22, 2014)

SANS NewsBites - Wed, 2014-08-27 17:00

A 25-year-old British man has been sentenced to nearly three years in prison for filming a movie in a theater.......

Categories: security

Researchers are Developing Web Server Attack Prediction Tool (August 21, 2014)

SANS NewsBites - Wed, 2014-08-27 17:00

Researchers from Carnegie Mellon University are developing a tool to predict cyber web server attacks.......

Categories: security

Security Flaws in Rapiscan Full-Body Scanners

Schneier on Security - Wed, 2014-08-27 07:38
Security researchers have finally gotten their hands on a Rapiscan backscatter full-body scanner. The results aren't very good. Website with paper and images. News articles and commentary. Note that these machines have been replaced in US airports with millimeter wave full-body scanners....
Categories: security

Security by Obscurity at Healthcare.gov Site

Schneier on Security - Tue, 2014-08-26 06:21
The White House is refusing to release details about the security of healthcare.gov because it might help hackers. What this really means is that the security details would embarrass the White House....
Categories: security

Eavesdropping Using Smart Phone Gyroscopes

Schneier on Security - Tue, 2014-08-26 05:56
The gyroscopes are sensitive enough to pick up acoustic vibrations. It's crude, but it works. Paper. Wired article. Hacker News thread....
Categories: security