news aggregator

Critical Git Security Vulnerability Announced

Slashdot - Thu, 2014-12-18 19:13
An anonymous reader writes Github has announced a security vulnerability and has encourage users to update their Git clients as soon as possible. The blog post reads in part: "A critical Git security vulnerability has been announced today, affecting all versions of the official Git client and all related software that interacts with Git repositories, including GitHub for Windows and GitHub for Mac. Because this is a client-side only vulnerability, github.com and GitHub Enterprise are not directly affected. The vulnerability concerns Git and Git-compatible clients that access Git repositories in a case-insensitive or case-normalizing filesystem. An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution in the client machine. Git clients running on OS X (HFS+) or any version of Microsoft Windows (NTFS, FAT) are exploitable through this vulnerability. Linux clients are not affected if they run in a case-sensitive filesystem....Updated versions of GitHub for Windows and GitHub for Mac are available for immediate download, and both contain the security fix on the Desktop application itself and on the bundled version of the Git command-line client."

Read more of this story at Slashdot.








Categories: news

Senator Argues Against Back Doors for Government (December 15, 2014)

SANS NewsBites - Thu, 2014-12-18 19:07

Noting that a back door placed in software and electronic communication devices to allow government access is also a backdoor that could be exploited by entities with malicious intents, US Senator Ron Wyden (D-Oregon) has proposed legislation that would prohibit government agencies from requiring back doors in digital products.......

Categories: security

Agencies Encourage Adoption of Cyber Security Standards (December 15, 2014)

SANS NewsBites - Thu, 2014-12-18 19:07

Government agencies have begun encouraging industries that they oversee to adopt applicable cyber security guidelines from the US National Institute of Standards and Technology (NIST).......

Categories: security

Microsoft Draws Support for Fight Against Government Demand for Customer eMails (December 15, 2014)

SANS NewsBites - Thu, 2014-12-18 19:07

Major tech companies, including Apple, Verizon, and eBay, are lending their support to Microsoft in its effort to resist a US Justice Department demand for information held on a company server in Ireland.......

Categories: security

WordPress Sites Infected with Malware (December 15, 2014)

SANS NewsBites - Thu, 2014-12-18 19:07

More than 100,000 websites running on WordPress content management system have been found to be infected with malware that attacks the devices of site visitors.......

Categories: security

Shellshock Flaw Exploited to Spread Worm (December 15, 2014)

SANS NewsBites - Thu, 2014-12-18 19:07

Malware exploiting the critical Shellshock vulnerability is spreading in the wild.......

Categories: security

Sony Pictures Warns Media Against Use of Stolen Data (December 14 & 15, 2014)

SANS NewsBites - Thu, 2014-12-18 19:07

Sony Pictures has begun contacting journalists and media organizations, warning them not to disclose any data stolen from Sony's network.......

Categories: security

Guilty Plea in SpamHaus DDoS Case (December 14 & 15, 2014)

SANS NewsBites - Thu, 2014-12-18 19:07

A 17-year-old in London, UK, has pleaded guilty to charges of computer misuse and money laundering for launching distributed denial-of-service (DDoS) attacks against SpamHaus and CloudFlare on March 2013.......

Categories: security

FBI Warns of Potential for Cyber Attacks from Iranian Group (December 12 & 14, 2014)

SANS NewsBites - Thu, 2014-12-18 19:07

In a confidential report to US businesses, the FBI warned of techniques that have been used by an Iranian group believed to be responsible for attacks against computer networks at defense contractors, energy companies, and colleges and universities around the world.......

Categories: security

Expired Certificate Causes Some Card Payment Terminals to Stop Working (December 12, 2014)

SANS NewsBites - Thu, 2014-12-18 19:07

On December 7, 2014, certain payment card terminals in use at stores in the US stopped working.......

Categories: security

Enhanced Security for Microsoft Office 365 (December 11, 2014)

SANS NewsBites - Thu, 2014-12-18 19:07

Microsoft's Office 365 cloud services suite will have additional security from Palerra, a cloud security automation company.......

Categories: security

Banish the fear of Big Brother when you bring in BYOD

The Register - Thu, 2014-12-18 18:57
The magic of MDM

As I have said before, bring your own device (BYOD) can be a difficult concept to sell. After all, you are basically saying to users: “We want you to supply your own IT equipment but we want to be able to control the corporate data and applications that go on it.”…

Categories: news

Experts: ISIS loonies use 'digital AK-47' malware to hunt victims

The Register - Thu, 2014-12-18 18:49
New code built in-house targets innocents fending off deranged terrorists

Malware has emerged from war-torn Syria that targeting those protesting against the rule of ISIS (ISIL, Islamic State, whatever the murderous humanity-hating nutcases are calling themselves these days.)…

Categories: news

Marissa Mayer's Reinvention of Yahoo! Stumbles

Slashdot - Thu, 2014-12-18 18:30
schnell writes The New York Times Magazine has an in-depth profile of Marissa Mayer's time at the helm of Yahoo!, detailing her bold plans to reinvent the company and spark a Jobs-ian turnaround through building great new products. But some investors are saying that her product focus (to the point of micromanaging) hasn't generated results, and that the company should give up on trying to create the next iPod, merge with AOL to cut costs and focus on the unglamorous core business that it has. Is it time for Yahoo! to "grow up" and set its sights lower?

Read more of this story at Slashdot.








Categories: news

What is Ubuntu Snappy?

Linux Today - Thu, 2014-12-18 18:00

 The Linux Rain: If you're anything like me, you've probably heard about this new thing from Canonical called "Snappy" Ubuntu Core, but at the same time trying to understand exactly what it is may leave you cross-eyed

Categories: linux, news, open source

Ars Reviews Skype Translator

Slashdot - Thu, 2014-12-18 17:47
Esra Erimez writes Peter Bright doesn't speak a word of Spanish but with Skype Translator he was able to have a spoken conversation with a Spanish speaker as if he was in an episode of Star Trek. He spoke English. A moment later, an English language transcription would appear, along with a Spanish translation. Then a Spanish voice would read that translation.

Read more of this story at Slashdot.








Categories: news

Suspected Boko Haram gunmen kidnap 172 women, children in Nigeria

Reuters: Technology - Thu, 2014-12-18 17:33
MAIDUGURI, Nigeria (Reuters) - Suspected Boko Haram gunmen kidnapped 172 women and children and killed 35 other people on Sunday during a raid on the northeast Nigerian village of Gumsuri, residents said on Thursday.






Categories: news

Extracting Data From the Microsoft Band

Slashdot - Thu, 2014-12-18 17:30
An anonymous reader writes The Microsoft Band, introduced last month, hosts a slew of amazing sensors, but like so many wearable computing devices, users are unable to access their own data. A Brown University professor decompiles the app, finds that the data is transmitted to the Microsoft "cloud", and explains how to intercept the traffic to retrieve the raw minute-by-minute data captured by the Band.

Read more of this story at Slashdot.








Categories: news

Android gives Google a search monopoly? Not so fast, says judge

The Register - Thu, 2014-12-18 17:21
More facts needed before class-action suit can proceed

A US District Court judge has cast doubt on an antitrust lawsuit filed against Google, describing the damages sought as "speculative."…

Categories: news

Exclusive: Google aiming to go straight into car with next Android - sources

Reuters: Technology - Thu, 2014-12-18 17:18
SAN FRANCISCO/DETROIT (Reuters) - Google Inc is laying the groundwork for a version of Android that would be built directly into cars, sources said, allowing drivers to enjoy all the benefits of the Internet without even plugging in their smartphones.






Categories: news

Pages