security

US Sought International Help in Stopping DDoS Attacks on Bank Websites in 2012 (April 11, 2014)

SANS NewsBites - Tue, 2014-04-15 15:00

During the spring 2012 distributed denial-of-service (DDoS) attacks on US bank websites, the White House rejected the idea of launching retaliatory attacks against the alleged attackers' network in Iran due to concerns about unintended consequences and escalation.......

Categories: security

NSA Denies it Knew About Heartbleed Vulnerability (April 13, 2014)

SANS NewsBites - Tue, 2014-04-15 15:00

The NSA has denied reports that it knew about the vulnerability in OpenSSL for two years and used it to conduct surveillance.......

Categories: security

Akamai Releases Second Fix for Heartbleed (April 14, 2014)

SANS NewsBites - Tue, 2014-04-15 15:00

Akamai's first attempt to fix Heartbleed was incomplete.......

Categories: security

Android Devices Remain Unpatched Despite Google's Heartbleed Fix (April 14, 2014)

SANS NewsBites - Tue, 2014-04-15 15:00

Although Google released an update for Android to address the Heartbleed flaw last week, millions of Android devices remain unpatched because they cannot run newer versions of the mobile operating system.......

Categories: security

OpenSSL President Says Entities That Use the Technology Should Help Fund It (April 14, 2014)

SANS NewsBites - Tue, 2014-04-15 15:00

Steve Marquess, co-founder and president of the OpenSSL Software Foundation is critical of governments and companies that use the software but do not contribute to the foundation's funding.......

Categories: security

White House Policy Encourages Vulnerability Disclosure, Except When it Doesn't (April 12, 13 & 14, 2014)

SANS NewsBites - Tue, 2014-04-15 15:00

According to a statement from the Office of the Director of National Intelligence, the Obama administration supports NSA disclosure of vulnerabilities in commercial and open source software with the exception of cases in which there is "a clear national security or law enforcement need" to keep them a secret.......

Categories: security

Training Cyber Warriors Takes Time (April 14, 2014)

SANS NewsBites - Tue, 2014-04-15 15:00

To qualify for the US Cyber Command force, service members must obtain credentials at their schools, attend Cyber Command training, and have their knowledge tested to see if they qualify.......

Categories: security

Cloud Security Deadline Approaching for US Government Agencies (April 14, 2014)

SANS NewsBites - Tue, 2014-04-15 15:00

US agencies have until June 5 to make sure that they are in compliance with the government's cloud security standards.......

Categories: security

Target Breach Prompts Formation of Retail ISAC (April 14, 2014)

SANS NewsBites - Tue, 2014-04-15 15:00

The Target breach has prompted the National Retail Federation to establish an industry Information Sharing and Analysis Center (ISAC).......

Categories: security

Paramedic Faces Charges Based on Evidence from Warrantless Database Search (April 14, 2014)

SANS NewsBites - Tue, 2014-04-15 15:00

In the course of investigating the theft of morphine from emergency vehicles, Utah law enforcement officials searched without a warrant a state database that holds records of all controlled substances that pharmacists dispense.......

Categories: security

Three Indicted in Connection with Theft of Apache Helicopter Simulation Software (April 11 & 14, 2014)

SANS NewsBites - Tue, 2014-04-15 15:00

Three men have been indicted for allegedly stealing a top-secret US Army helicopter simulator.......

Categories: security

IRS Will Pay for Extended XP Support While Completing Migration to Windows 7 (April 11, 2014)

SANS NewsBites - Tue, 2014-04-15 15:00

The US Internal Revenue Service (IRS) is still running Windows XP on roughly half of its Windows-based computers.......

Categories: security

Auernheimer Conviction Overturned on Technicality (April 11, 2014)

SANS NewsBites - Tue, 2014-04-15 15:00

The Third US Circuit Court of Appeals has reversed and vacated the conviction of Andrew Auernheimer because the case was tried in an improper venue.......

Categories: security

West Point Wins Cyber Defense Exercise (April 10 & 11, 2014)

SANS NewsBites - Tue, 2014-04-15 15:00

The team from West Point, the US military academy, had taken top honors in this year's Cyber Defense Exercise.......

Categories: security

House Subcommittee Pushes Through Bill to Stop Transfer of ICANN Oversight (April 7 & 10, 2014)

SANS NewsBites - Tue, 2014-04-15 15:00

The US House Energy and Commerce Committee's Technology Subcommittee has approved a bill that would delay the Obama administration's plan to relinquish control of ICANN.......

Categories: security

Why a hacker got paid for finding the Heartbleed bug

LinuxSecurity.com - Tue, 2014-04-15 09:37
LinuxSecurity.com: Thank the hackers. This week's Heartbleed vulnerability has everyone running scared (see box below to read what you might do to protect yourself). The serious crack in the foundations of the supposedly secure internet was revealed earlier this week by a software engineer probing website security in his spare time.
Categories: linux, news, security

Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker

LinuxSecurity.com - Tue, 2014-04-15 09:36
LinuxSecurity.com: Twee UK parenting website Mumsnet is the second high-profile organisation to claim it has fallen victim to the infamous Heartbleed OpenSSL vulnerability.
Categories: linux, news, security

Hackers From China Waste Little Time in Exploiting Heartbleed

LinuxSecurity.com - Tue, 2014-04-15 09:32
LinuxSecurity.com: For those who don't feel the urgency to install the latest security fixes for their computers, take note: Just a day after Heartbleed was revealed, attacks from a computer in China were launched.
Categories: linux, news, security

Auditing TrueCrypt

Schneier on Security - Tue, 2014-04-15 06:56
Recently, Matthew Green has been leading an independent project to audit TrueCrypt. Phase I, a source code audit by iSEC Partners, is complete. Next up is Phase II, formal cryptanalysis. Quick summary: I'm still using it....
Categories: security

Debian: 2904-1: virtualbox: Summary

LinuxSecurity.com - Tue, 2014-04-15 06:16
LinuxSecurity.com: Security Report Summary
Categories: linux, news, security