http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com Secuobs.com : 2013-05-25 21:18:11 - SSL Security News Feed - http blogivanristiccom 2013 05 announcing-bulletproof-ssl-tls-and-pkihtml http://www.secuobs.com/revue/news/447758.shtmlhttp://www.secuobs.com/revue/news/447758.shtml Secuobs.com : 2013-05-25 21:18:11 - SSL Security News Feed - http newsnetcraftcom archives 2013 05 23 would-you-knowingly-trust-an-irrevocable-ssl-certificatehtml http://www.secuobs.com/revue/news/447757.shtmlhttp://www.secuobs.com/revue/news/447757.shtml Secuobs.com : 2013-05-25 21:18:11 - SSL Security News Feed - http newsnetcraftcom archives 2013 05 23 ocsp-server-performance-in-april-2013html http://www.secuobs.com/revue/news/447756.shtmlhttp://www.secuobs.com/revue/news/447756.shtml Secuobs.com : 2013-05-25 20:40:55 - Computer Security News - The Christian fundamentalist group, notorious for its God Hates Fags protests, launched a website on Monday called GodHatesOklahomacom, just hours after a mile-wide tornado hit the town of Moore, Okla, and killed 24 people http://www.secuobs.com/revue/news/447755.shtmlhttp://www.secuobs.com/revue/news/447755.shtml Secuobs.com : 2013-05-25 20:01:42 - Security Bloggers Network - Since big data is a hot topic these days, there s no question an increasing number of enterprise infosec teams are going to be asked about the security-related ramifications of big data projects There are many issues to look into, but here are a few tips for making big data security efforts more secure during architecture and implementation phases 1 Create data controls as close to the data as possible, since much of this data isn t owned by the security team The risk of having big data traversing your network is that you have large amounts of confidential data such as credit card data, Social Security numbers, personally identifiable information PII , etc -- that s residing in new places and being used in new ways Also, you re usually not going to see terabytes of data siphoned from an organization, but the search for patterns to find the content in these databases is something to be concerned about Keep the security as close to the data as possible and don t rely on firewalls, IPS, DLP or other systems to protect the data 2 Verify that sensitive fields are indeed protected by using encryption so when the data is analyzed, manipulated or sent to other areas of the organization, you re limiting risk of exposure All sensitive information needs to be encrypted once you have control over it 3 After you ve made the move to encrypt data, the next logical step is to concern yourself with key management There are a few new ways to perform key management, including creating keys on an as-needed basis so you don t have to store them Read the rest of the article here http searchsecuritytechtargetcom answer Securing-big-data-Architecture-tips-for-building-security-in IMAGE http://www.secuobs.com/revue/news/447754.shtmlhttp://www.secuobs.com/revue/news/447754.shtml Secuobs.com : 2013-05-25 19:59:27 - Dinis Cruz Blog - While reading reddit s r csharp I saw the Can anyone help me answer a quick question about treeview thread which asked this question image The best answer was from BCProgramming , which provided a C code sample as the example image So I opened an O2 Platform SourceCodeEditor image Clicked on Sample C image and copied the BCProgramming response source code image into it image The first attempt to compile the source code failed image because the code-behind code is missing image Which in this case can be easily fixed by adding the using O2DotNetWrappersExtensionMethods reference and adding an TreeView here image Next step is to create a test class and test method that will fire up the form image Next step is to add the button image which when clicked adds the nodes image Now that we have this working lets start refectoring the code, using the ExtensionMethods from the FluenSharpBCLdll library available from Nuget I m a big fan of REPL development, so the first extra feature I m going to add is a link to open a C REPL window with the current Form passed as parameter see line 57 below image which will make the form look like this note the extra link image and clicking on the link will open the REPL in a popup window image Note how the first command on the REPL was return form1 What that means is that we have access to that variable from our script, and that form1 variable is the Form created by the original C class, ie NodesTestForm1 image Also note that we have complete control over that Form object, and even have intelisense into its public properties, fields and methods image for example the tvwTest TreeView object image which we can manipulate in real time for example to add new Node, change color and get all nodes image Note how treeViewnodes returned all nodes, and how below treeViewnodes true will return a recursive search of all nodes image This means that back into the original code we copied from reddit we can remove these methods image which are used from here image with just note how the result is the same image Next we clear the treeView using tvwTestclear image and create the child nodes like this image Since the idea is to add the node to the root when ParentId is 0, we can refactor the code like this image And here is a confirmation that the refactored code behaves as the original note the expandAll call at the end, which save us to need to expand each node to check it image To make the code easier to read, let s remove the comments with the old code I also changed like 76 to use the treeNodeget extension method image And if you are into Linq we can replace the search with a dictionary image The previous one looks to complex and not optimized since we need to get all nodes all the time , so this version keeps an XRef of the articles added image Here is a cleaner version image I m a big fan of Lambda methods, so here is version using them note that the code below now handles the case when there is an invalid parent image Here is a simpler version by adding another lambda method called findParent image Which can be further simplified to image And here is the exact same code using functions instead of Lamdba methods image Let s try this on the O2 C REPL In the previous example I was using a normal C class and a code editor But for code samples PoCs like this, I would normally use the O2 Platform C REPL since it is a much faster and efficient code-development environment Since we have some data hold on external classes, I will create a simple C file saved to E O2 O2Temp 5_22_2013 tmpCCF6tmpcs with just that data image Then we open the C REPL image and add a reference to the TestData file, and invoke the TestDataGetTestData static method image Then add the TreeView and Button image Then we add the lambda methods previously created, and we have a working PoC image Lets add one more lambda method so that the tree population happens when the button is clicked image Finally lets change the topPanel variable to come from a stand-alone form image and now clicking on Execute will give us a popup Form image with the PoC image Note that you can also package this PoC has a stand-alone exe using image which will create a 902Kb file image of the PoC form image Code samples used in this post 1 original code using System using SystemCollectionsGeneric using SystemComponentModel using SystemData using SystemDrawing using SystemLinq using SystemText using SystemWindowsForms namespace NodesTest public partial class Form1 Form private class TestData public TestData int pNodeId, int pParent, String pText NodeId pNodeId ParentId pParent Text pText public int NodeId get set public int ParentId get set public String Text get set static test data private TestData testinfo new TestData new TestData 1, 0, ID 1 , new TestData 2, 0, ID 2 , new TestData 3, 1, ID 3 Child 1 of ID 1 , new TestData 4, 1, ID 4 Child 2 of ID 1 , new TestData 5, 2, ID 5 Child 1 of ID 2 , new TestData 6, 2, ID 5 Child 2 of ID 2 , new TestData 7, 2, ID 5 Child 3 of ID 2 , new TestData 8, 5, ID 8 Child 1 of ID 5 public Form1 InitializeComponent public IEnumerable getAllNodes TreeView tvw foreach TreeNode iterate in tvwNodes yield return iterate foreach TreeNode childiterate in getAllNodes iterate yield return childiterate public IEnumerable getAllNodes TreeNode tvw iterate through all nodes foreach TreeNode iterateNode in tvwNodes yield return iterateNode foreach TreeNode childiterate in getAllNodes iterateNode yield return childiterate private void button1_Click object sender, EventArgs e tvwTestNodesClear foreach var iterate in testinfo TreeNode CreateNode new TreeNode iterateText CreateNodeTag iterate TreeNode ParentNode null if the parentID is 0, then add it to the TreeView if iterateParentId 0 if there is a parent, look through all the nodes, and find it foreach TreeNode IterateNode in getAllNodes tvwTest TestData grabdata IterateNodeTag as TestData if grabdata null if grabdataNodeId iterateParentId ParentNode IterateNode break if ParentNode null tvwTestNodesAdd CreateNode else ParentNodeNodesAdd CreateNode 2 version using lamda using System using SystemCollectionsGeneric using SystemComponentModel using SystemData using SystemDrawing using SystemLinq using SystemText using SystemWindowsForms namespace NodesTest public partial class Form1 Form private class TestData public TestData int pNodeId, int pParent, String pText NodeId pNodeId ParentId pParent Text pText public int NodeId get set public int ParentId get set public String Text get set static test data private TestData testinfo new TestData new TestData 1, 0, ID 1 , new TestData 2, 0, ID 2 , new TestData 3, 1, ID 3 Child 1 of ID 1 , new TestData 4, 1, ID 4 Child 2 of ID 1 , new TestData 5, 2, ID 5 Child 1 of ID 2 , new TestData 6, 2, ID 5 Child 2 of ID 2 , new TestData 7, 2, ID 5 Child 3 of ID 2 , new TestData 8, 5, ID 8 Child 1 of ID 5 public Form1 InitializeComponent public IEnumerable getAllNodes TreeView tvw foreach TreeNode iterate in tvwNodes yield return iterate foreach TreeNode childiterate in getAllNodes iterate yield return childiterate public IEnumerable getAllNodes TreeNode tvw iterate through all nodes foreach TreeNode iterateNode in tvwNodes yield return iterateNode foreach TreeNode childiterate in getAllNodes iterateNode yield return childiterate private void button1_Click object sender, EventArgs e tvwTestNodesClear foreach var iterate in testinfo TreeNode CreateNode new TreeNode iterateText CreateNodeTag iterate TreeNode ParentNode null if the parentID is 0, then add it to the TreeView if iterateParentId 0 if there is a parent, look through all the nodes, and find it foreach TreeNode IterateNode in getAllNodes tvwTest TestData grabdata IterateNodeTag as TestData if grabdata null if grabdataNodeId iterateParentId ParentNode IterateNode break if ParentNode null tvwTestNodesAdd CreateNode else ParentNodeNodesAdd CreateNode 3 version using functions 1 using System 2 using SystemCollectionsGeneric 3 using SystemComponentModel 4 using SystemData 5 using SystemDrawing 6 using SystemLinq 7 using SystemText 8 using SystemWindowsForms 9 using O2DotNetWrappersExtensionMethods 10   11 namespace NodesTest 12 13 public class TestForm1 add a test class 14 15 public void showForm create a first method to be invoked 16 17 new Form1 ShowDialog start the dialog 18 19 20   21 public partial class Form1 Form 22 23 private class TestData 24 25 public TestData int pNodeId, int pParent, String pText 26 27 NodeId pNodeId 28 ParentId pParent 29 Text pText 30 31   32 public int NodeId get set 33 public int ParentId get set 34 public String Text get set 35 36   37 static test data 38 private TestData testinfo new TestData 39 40 new TestData 1, 0, ID 1 , 41 new TestData 2, 0, ID 2 , 42 new TestData 3, 1, ID 3 Child 1 of ID 1 , 43 new TestData 4, 1, ID 4 Child 2 of ID 1 , 44 new TestData 5, 2, ID 5 Child 1 of ID 2 , 45 new TestData 6, 2, ID 5 Child 2 of ID 2 , 46 new TestData 7, 2, ID 5 Child 3 of ID 2 , 47 new TestData 8, 5, ID 8 Child 1 of ID 5 48 49 public Form1 50 51 InitializeComponent 52 tvwTest thisadd_TreeView Creating a TreeView 53 button1 thisinsert_Above 30 Adding a Panel above 54 add_Button click me Adding a Button 55 button1top 5 Click button1_Click Setting the Click event 56 57 button1append_Link REPL Form , thisscript_Me top 10 58 59 O2ThreadmtaThread button1click 60 61 62 public TreeView tvwTest get set TreeView as an Property 63 public Button button1 get set Button as an Property 64 public Dictionary nodes_XRefs get set 65 66 private TreeNode findParent int parentId 67 68 if parentId 0 69 return tvwTestrootNode 70 return nodes_XRefsvalue parentId 71 72 private void addItem TreeNode parentNode, int id, string text 73 74 if parentNodenotNull 75 76 var newNode parentNodeadd_Node text,id 77 nodes_XRefsadd id, newNode 78 79 80 private void populateTreeView 81 82 tvwTestclear 83 nodes_XRefs new Dictionary 84 foreach var iterate in testinfo 85 86 var parentNode findParent iterateParentId 87 addItem parentNode, iterateNodeId, iterateText 88 89 90 private void button1_Click object sender, EventArgs e 91 92 populateTreeView 93 tvwTestexpandAll 94 95   96 97 4 class with TestData using System public class TestData public int NodeId get set public int ParentId get set public String Text get set public TestData int pNodeId, int pParent, String pText NodeId pNodeId ParentId pParent Text pText public static TestData GetTestData return new TestData new TestData 1, 0, ID 1 , new TestData 2, 0, ID 2 , new TestData 3, 1, ID 3 Child 1 of ID 1 , new TestData 4, 1, ID 4 Child 2 of ID 1 , new TestData 5, 2, ID 5 Child 1 of ID 2 , new TestData 6, 2, ID 5 Child 2 of ID 2 , new TestData 7, 2, ID 5 Child 3 of ID 2 , new TestData 8, 5, ID 8 Child 1 of ID 5 5 H2 script that consumes the TestData class and creates the stand-alone exe var topPanel PoC - Populate TreeView from data popupWindow 700,400 var topPanel panelclear add_Panel var tvwTest topPaneladd_TreeView var button tvwTestinsert_Right 200 add_Button click me fill var testinfo TestDataGetTestData var nodes_XRefs new Dictionary Func findParent parentId if parentId 0 return tvwTestrootNode return nodes_XRefs value parentId Action addItem parentNode,id, text if parentNodenotNull var newNode parentNodeadd_Node text,id nodes_XRefsadd id, newNode Action populateData tvwTestclear foreach var iterate in testinfo var parentNode findParent iterateParentId addItem parentNode, iterateNodeId, iterateText tvwTestexpandAll buttononClick populateData O2File E O2 O2Temp 5_22_2013 tmpCCF6tmpcs IMAGE http://www.secuobs.com/revue/news/447753.shtmlhttp://www.secuobs.com/revue/news/447753.shtml Secuobs.com : 2013-05-25 19:18:28 - securitystream.info - Still not necessarily everyone should know them Wedding ceremony and even cruise directors help out with most elements of preparing the wedding party Many brides really feel extreamly close thesilkveilcom and head over heels on their organizers in the end in the reception for manyRead more http://www.secuobs.com/revue/news/447752.shtmlhttp://www.secuobs.com/revue/news/447752.shtml Secuobs.com : 2013-05-25 19:18:28 - securitystream.info - Nevertheless , not necessarily everyone should know what they do Wedding organizers assistance in just about all aspects of preparation your wedding day Couples feel extreamly close up event planner charlotte nc and also pleased with their coordinators by the end on the wedding celebrationRead more http://www.secuobs.com/revue/news/447751.shtmlhttp://www.secuobs.com/revue/news/447751.shtml Secuobs.com : 2013-05-25 19:18:28 - securitystream.info - Author Hilario L O Escobar-Daley While the big majority of websites based on the American region utilized to just be located about US computers till just a several years back, these days it seems that the web hosting canada business is growing simply byRead more http://www.secuobs.com/revue/news/447750.shtmlhttp://www.secuobs.com/revue/news/447750.shtml Secuobs.com : 2013-05-25 19:18:28 - securitystream.info - Vehicles insurance procedures start from state to state getting a majority of us states adopting the tort scheme despite the fact that a couple use car insurance quotes compare some sort of no-fault solution When scouting for the insurance policy or maybe even cruising intoRead more http://www.secuobs.com/revue/news/447749.shtmlhttp://www.secuobs.com/revue/news/447749.shtml Secuobs.com : 2013-05-25 19:18:28 - securitystream.info - Versions of the deceased It might be difficult to find the best words and phrases as well as view publisher site act adequately in such a critical environment, and this can be even more challenging for those who have definitely not went to a lotRead more http://www.secuobs.com/revue/news/447748.shtmlhttp://www.secuobs.com/revue/news/447748.shtml Secuobs.com : 2013-05-25 19:06:13 - Dancho Danchev's Blog Mind Streams of Information Security Knowledge - Fake IDs fake passports have always been a hot commodity within the cybercrime ecosystem Thanks to their general availability and affordable prices -- naturally based on the quality that a potential cybercriminal fraudster is seeking -- the vendors behind them continue undermining the trust chain that society market thrives on, by empowering cybercriminals and fugitives with new IDs to be IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/447747.shtmlhttp://www.secuobs.com/revue/news/447747.shtml Secuobs.com : 2013-05-25 18:25:10 - securitystream.info - Particles receiving a low interest personal loan generally is a overwhelming experience but it really doesn t have for getting You don t have to become anxious or maybe embarrassed regarding your financial predicament Essentially this asking for financial resources are common Folks take away signature loansRead more http://www.secuobs.com/revue/news/447746.shtmlhttp://www.secuobs.com/revue/news/447746.shtml Secuobs.com : 2013-05-25 17:32:03 - securitystream.info - Trust is highly crucial for any society to be able to are present Life is often designed connected with associations with folks, Bshad Homepage and confidence is important to help fill camaraderie, trustworthiness, really like and fervour in the romantic relationship Believe in is consideredRead more http://www.secuobs.com/revue/news/447745.shtmlhttp://www.secuobs.com/revue/news/447745.shtml Secuobs.com : 2013-05-25 17:32:03 - securitystream.info - Trust is extremely crucial for a new culture to be able to occur Life is usually built involving relationships with people, Go to JN Valigarh in addition to have confidence in is important in order to complete a friendly relationship, integrity, love and keenness withinRead more http://www.secuobs.com/revue/news/447744.shtmlhttp://www.secuobs.com/revue/news/447744.shtml Secuobs.com : 2013-05-25 17:32:03 - securitystream.info - Confidence is extremely crucial for a new culture to help really exist A lot more constantly developed involving human relationships with individuals, Takara Co Tips as well as believe in is vital to help load camaraderie, integrity, really like and fervour in a romantic relationshipRead more http://www.secuobs.com/revue/news/447743.shtmlhttp://www.secuobs.com/revue/news/447743.shtml Secuobs.com : 2013-05-25 17:30:13 - Slashdot Your Rights Online - 00_NOP writes 'Universal Credit' the plan to consolidate all Britain's welfare payments into one is the world's biggest 'agile' software development project It is now close to collapse, the British government admitted yesterday The failure, if and when it comes, could cost billions and have dire social consequences 'Some steps have been taken to try to rescue the project The back end the benefits calculation has reportedly been shifted to a waterfall development process which offers some assurances that the government at least takes its fiduciary duties seriously as it should mean no code will be deployed that has not been finished The front end the bit used by humans is still meant to be agile which makes some sense, but where is the testing Agile is supposed to be about openness between developer and client and we the taxpayers are the clients why can t we see what our money is paying for ' IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/447742.shtmlhttp://www.secuobs.com/revue/news/447742.shtml Secuobs.com : 2013-05-25 17:20:45 - Security Bloggers Network - Twitter launched Login Verification feature after the Non-Stop Hijacking of accounts by Pro-Assad Hackers http://www.secuobs.com/revue/news/447741.shtmlhttp://www.secuobs.com/revue/news/447741.shtml Secuobs.com : 2013-05-25 16:29:34 - Security Bloggers Network - Hackers always in search for some tricks to hijack social media accounts but now hackers pointed out a city in INDIA Jaipur City http://www.secuobs.com/revue/news/447740.shtmlhttp://www.secuobs.com/revue/news/447740.shtml Secuobs.com : 2013-05-25 16:27:07 - Office of Inadequate Security - Chuck Williams reports that a number of companies have been notified by card processors of what may be a major breach In http://www.secuobs.com/revue/news/447739.shtmlhttp://www.secuobs.com/revue/news/447739.shtml Secuobs.com : 2013-05-25 16:27:07 - Office of Inadequate Security - Becky Yerak of the Chicago Tribune reports The grocer laid out the math in its filing It notes that, based on the http://www.secuobs.com/revue/news/447738.shtmlhttp://www.secuobs.com/revue/news/447738.shtml Secuobs.com : 2013-05-25 16:14:29 - Computer Security News - A senior Israeli official reveal on Saturday that Syria has attempted two weeks ago to launch a cyber attack against Haifa's water system, in retaliation to the alleged Israeli attack in Damascus a month ago http://www.secuobs.com/revue/news/447737.shtmlhttp://www.secuobs.com/revue/news/447737.shtml Secuobs.com : 2013-05-25 15:46:02 - Slashdot Your Rights Online - stry_cat writes You may remember the story of Brandon Raub, who was detained without due process over some Facebook posts he made Now with the help of the Rutherford Institute, he is suing his captors According to his complaint PDF , his detention was part of a federal government program code-named 'Operation Vigilant Eagle,' which monitors military veterans with certain political views IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/447736.shtmlhttp://www.secuobs.com/revue/news/447736.shtml Secuobs.com : 2013-05-25 15:34:30 - Office of Inadequate Security - Isaac Wolf reports A month ago, two phone carriers participating in a federal benefit program were alerted that sensitive http://www.secuobs.com/revue/news/447735.shtmlhttp://www.secuobs.com/revue/news/447735.shtml Secuobs.com : 2013-05-25 15:34:30 - Office of Inadequate Security - Another case where someone in law enforcement hacked and misused a law enforcement database for personal reasons The chief http://www.secuobs.com/revue/news/447734.shtmlhttp://www.secuobs.com/revue/news/447734.shtml Secuobs.com : 2013-05-25 15:34:01 - Dinis Cruz Blog - After posting Minecraft In-Game C REPL I was curious on how it worked, so I quickly created a local clone of the https githubcom SirCmpwn PartyCraft repo and opened up the main Solution file in VisualStudio 2010 PartiCraft has a couple Submodules, so the VisualStudio load process had a couple missing projects The problem is that after updating the two required submodules, the project references paths where still wrong The fixes where easy path changes and re-adding the references which when done allowed the C based Minecraft server to fire up ok But this meant that my local clone was out of sync with GitHub, and since I din't have push privileges into the main PartyCraft repo, I needed to push my changes into my own fork Here is how I create a new Fork and pushed my Commit to it Open https githubcom SirCmpwn PartyCraft and click on the Fork button image Chose my personal GitHub account as the place to put the Fork image GitHub forked the PartyCraft repository image When done, I copied the Git address git githubcom DinisCruz PartyCraftgit image And executed git remote add fork git githubcom DinisCruz PartyCraftgit on a local git bash of the PartyCraft repo image Where I had commited image these changes image which I pushed into my Fork like this image Here are the commit at GitHub image Here is the issue I submitted to the main repo of PartyCraft image IMAGE http://www.secuobs.com/revue/news/447733.shtmlhttp://www.secuobs.com/revue/news/447733.shtml Secuobs.com : 2013-05-25 15:06:28 - adafruit industries blog - ASK AN ENGINEER 10PM ET SATURDAY 5 25 2013 What is Ask an engineer From the electronics enthusiast to the professional community Ask an Engineer has a little bit of everything for everyone If you re a beginner, or a seasoned engineer stop in and see what we re up to We have demos of projects http://www.secuobs.com/revue/news/447732.shtmlhttp://www.secuobs.com/revue/news/447732.shtml Secuobs.com : 2013-05-25 15:06:28 - adafruit industries blog - The weekly SHOW AND TELL is on the Adafruit Industries Google page at 9 30pm ET We will be asking all the folks in the Limor Fried ladyada show-and-tell circle to re-add themselves to the Adafruit show-and-tell circle shortly Please post a comment on the Adafruit page to be added Make sure you add Adafruit http://www.secuobs.com/revue/news/447731.shtmlhttp://www.secuobs.com/revue/news/447731.shtml Secuobs.com : 2013-05-25 14:23:46 - Network World on Security - St Louis-based grocery chain Schnuck Markets has claimed that a potential class action lawsuit filed against it in an Illinois state court over a recent data breach really belongs in federal court because of the case's scope and damages involved http://www.secuobs.com/revue/news/447730.shtmlhttp://www.secuobs.com/revue/news/447730.shtml Secuobs.com : 2013-05-25 14:18:12 - Dark Reading All Stories - Free, open source vulnerability scanning tools are not always cheaper than their commercial counterparts http://www.secuobs.com/revue/news/447729.shtmlhttp://www.secuobs.com/revue/news/447729.shtml Secuobs.com : 2013-05-25 13:48:14 - TorrentFreak - Police assisted by the Federation Against Copyright Theft showed up in large numbers to arrest an alleged movie pirate in the UK this week Armed with an emergency search warrant issued out of hours by a judge, five undercover police vehicles containing detectives and FACT officers were deployed to arrest a 24-year-old said to have recorded the movie Fast and Furious 6 Source Five Undercover Police Cars Sent To Arrest Single Alleged Movie Pirate http://www.secuobs.com/revue/news/447728.shtmlhttp://www.secuobs.com/revue/news/447728.shtml Secuobs.com : 2013-05-25 13:07:09 - securitystream.info - Correspondent Suzie N V Lester-Shipman In my estimation which a whole lot of folks acquainted with how to use microsoft excel, nevertheless my personal real real question is did everyone make use of excel pre-created templates Inches Sure, this can be well known functions ofRead more http://www.secuobs.com/revue/news/447727.shtmlhttp://www.secuobs.com/revue/news/447727.shtml Secuobs.com : 2013-05-25 13:07:09 - securitystream.info - These insurance plan tips will assist you in deciphering your insurance policies, along with picking the best option policies for your requirements It is likely that you re having to pay excessive dollars to your present coverage, or else you aren t getting included just as muchRead more http://www.secuobs.com/revue/news/447726.shtmlhttp://www.secuobs.com/revue/news/447726.shtml Secuobs.com : 2013-05-25 13:07:09 - securitystream.info - Author Frotybavkane Minvetyuxasme Starting redesigning may be scary, yet daunting taskPatience and knowledge are critical to beginning a task the correct direction This post will explain to you some fast and ideas to do the best having a home improvement project A Victorian homeRead more http://www.secuobs.com/revue/news/447725.shtmlhttp://www.secuobs.com/revue/news/447725.shtml Secuobs.com : 2013-05-25 13:07:09 - securitystream.info - Reporter Irjetmasna Kibbvanrtyau Searching fantastic lacks to become a daily task or you can remain gorgeous smartlyThere are lots of ways for you to look good without spending a bunch of funds This information has some well tested Breast Actives advice that can useRead more http://www.secuobs.com/revue/news/447724.shtmlhttp://www.secuobs.com/revue/news/447724.shtml Secuobs.com : 2013-05-25 13:07:09 - securitystream.info - Author Duane S T Branch-Mccarthy In the market numerous sorts of diet is accessible the type of items prescription raw http wwwsuplementos24hcom como-usar halovar is a company offering body weight training items to their potential customers The type of items Lipopro will probably be utilized to decreaseRead more http://www.secuobs.com/revue/news/447723.shtmlhttp://www.secuobs.com/revue/news/447723.shtml Secuobs.com : 2013-05-25 13:07:09 - securitystream.info - Online auto insurance premiums law are different from state to state which includes a number of us states after the tort platform whilst a couple keep to auto insurance quote online a real no-fault device When choosing an insurance policy or even just going duringRead more http://www.secuobs.com/revue/news/447722.shtmlhttp://www.secuobs.com/revue/news/447722.shtml Secuobs.com : 2013-05-25 13:07:09 - securitystream.info - Ailment it is very important In truth your company not really matter how much spent to make certain that your body is in its finest This runs specifically true when you are someone who topanga training fitness plays activities for the employment Sure thatRead more http://www.secuobs.com/revue/news/447721.shtmlhttp://www.secuobs.com/revue/news/447721.shtml Secuobs.com : 2013-05-25 12:56:56 - Security Bloggers Network - One effect of this incident will be to accelerate the rate at which we move into an age of increasing Internet censorship and propaganda I only hope that our side will be more effective than their side I also hope that the funds available for cybersecurity are spend on that which is effective and relevant to the world of today and tomorrow - not that of the late 20th Century http://www.secuobs.com/revue/news/447720.shtmlhttp://www.secuobs.com/revue/news/447720.shtml Secuobs.com : 2013-05-25 12:56:56 - Security Bloggers Network - Our 60 Second Security videos are back We're aiming for a weekly roundup that's quick, fun and useful But there is a serious side security anecdotes to use in your own elevator advocacy http://www.secuobs.com/revue/news/447719.shtmlhttp://www.secuobs.com/revue/news/447719.shtml Secuobs.com : 2013-05-25 12:13:48 - Slashdot Your Rights Online - An anonymous reader writes Neelie Kroes, European Commission vice president responsible for the digital economy, wants to use 5 billion euros of European Union tax payers' money, together with matching funds from the chip industry, to recreate European success in semiconductors similar to that of Airbus Because of its strategic importance to wealth creation Kroes wants Europe to reverse its decline in chip manufacturing and move back up from 10 percent to 20 percent of global production IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/447718.shtmlhttp://www.secuobs.com/revue/news/447718.shtml Secuobs.com : 2013-05-25 12:05:09 - Security Bloggers Network - Hello, from seat 12F http://www.secuobs.com/revue/news/447717.shtmlhttp://www.secuobs.com/revue/news/447717.shtml Secuobs.com : 2013-05-25 12:05:09 - Security Bloggers Network - How Very Meta -- streetview panorama of the CHM's Streetview exhibit y'know, the one that was switched off starring Emma Byrne, Richard Bliss, and the top of Teresa Meek's head attached image IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/447716.shtmlhttp://www.secuobs.com/revue/news/447716.shtml Secuobs.com : 2013-05-25 11:50:31 - Computer Security News - Frequent patrons of the Lerner Theatre in Elkhart may need to give their banks a call after the venue's ticket system provider may have been hacked http://www.secuobs.com/revue/news/447715.shtmlhttp://www.secuobs.com/revue/news/447715.shtml Secuobs.com : 2013-05-25 10:07:55 - Ma petite parcelle d'Internet... - N oSuchCon s'est terminée il y a maintenant une semaine Nous avons pris beaucoup de plaisir à organiser cet événement et remercions chaleureusement les speakers qui nous ont fait l'honneur de venir, les sponsors qui nous ont fait confiance et, évidemment et surtout, tous ceux qui sont venus assister à la conférence Le feedback que nous recevons est extrêmement positif, et très constructif Beaucoup nous ont fait part de nombreuses pistes d'amélioration qui nous ont donné pleins d'idées pour l'an prochain Ces retours démontrent en outre que, malgré un calendrier très serré en ce début de printemps et comme je le disais l'an dernier en ouverture de Hackito, il y a de la place pour du contenu de qualité Nous avions promis un programme 0pourcents bullshit Ce n'est pas à moi de décréter si l'objectif a atteint ou non, mais à en juger d'après vos retours, nous n'en avons pas été très loin Et c'est probablement notre plus grande satisfaction http://www.secuobs.com/revue/news/447714.shtmlhttp://www.secuobs.com/revue/news/447714.shtml Secuobs.com : 2013-05-25 09:06:29 - Tout sur la cybersécurité la cyberdéfense ... - Source d information, internet rend également les entreprises vulnérables aux cyber-attaques Qui sont ces criminels experts des réseaux Quels sont leurs buts Les éclaircissements d Alain Juillet, le président de l Académie d Intelligence Economique Lire ici la suite et écouter http://www.secuobs.com/revue/news/447713.shtmlhttp://www.secuobs.com/revue/news/447713.shtml Secuobs.com : 2013-05-25 09:06:29 - Tout sur la cybersécurité la cyberdéfense ... - François Hollande a annoncé l affectation spécifique de réservistes de l armée pour combattre le péril informatique Par AFP Le président François Hollande a confirmé vendredi que la cyberdéfense était une priorité en matière de sécurité, comme le stipule le Livre blanc de la Défense, et qu une branche nouvelle de réservistes serait spécialement affectée à ce domaine http://www.secuobs.com/revue/news/447712.shtmlhttp://www.secuobs.com/revue/news/447712.shtml Secuobs.com : 2013-05-25 09:06:29 - Tout sur la cybersécurité la cyberdéfense ... - Un rapport récent du East African journal kenyan fait état d une perte totale d environ 17,5 millions pour les banques du Kenya Cette perte qui concerne l année écoulée a été causée par les fraudes en tout genre Les cybercriminels étant identifiés comme les acteurs principaux de ces fraudes Lire ici http://www.secuobs.com/revue/news/447711.shtmlhttp://www.secuobs.com/revue/news/447711.shtml Secuobs.com : 2013-05-25 09:06:29 - Tout sur la cybersécurité la cyberdéfense ... - Les équipes pédagogiques gardent un œil sur Facebook et Twitter pour tenter de contrôler les dérapages Les enseignants ne se contentent plus de regarder par-dessus leur épaule lorsqu ils écrivent au tableau Il leur faut maintenant surveiller les bavardages électroniques sur Internet Fin janvier, deux élèves du très huppé lycée Lakanal de Sceaux Hauts-de-Seine ont ainsi http://www.secuobs.com/revue/news/447710.shtmlhttp://www.secuobs.com/revue/news/447710.shtml Secuobs.com : 2013-05-25 09:06:29 - Tout sur la cybersécurité la cyberdéfense ... - Aux États-Unis, des responsables accusent l Iran de menacer de plus en plus la sécurité des entreprises qui gèrent des activités dites critiques pétrole, gaz, électricité , en infiltrant et en surveillant leurs réseaux informatiques Dans le cadre de leur récentes attaques informatiques, des hackers iraniens auraient réussi, selon les responsables américains, à accéder au http://www.secuobs.com/revue/news/447709.shtmlhttp://www.secuobs.com/revue/news/447709.shtml Secuobs.com : 2013-05-25 08:24:57 - SecurityTube.Net - A thirteen-year security veteran and well-known Snort expert, Jason Brvenik s first exposure to Sourcefire was as the company s first customer Impressed with Sourcefire s technology and products, Jason joined the company in August 2002 and has since achieved the distinction of Sourcefire Security Fellow In his role, Jason works closely with Martin Roesch, author of Snort and CTO of Sourcefire, and the highly acclaimed Sourcefire Vulnerability Research Team to help ensure that future offerings are on track with the needs of Sourcefire s major multi-national customers and the security market, as well as helps to direct the Sourcefire resources who provide technical sales support to customers Prior to joining Sourcefire, Jason was a Senior Security Architect for PricewaterhouseCoopers IMAGE http://www.secuobs.com/revue/news/447708.shtmlhttp://www.secuobs.com/revue/news/447708.shtml Secuobs.com : 2013-05-25 08:24:57 - SecurityTube.Net - Mr Kuykendall manages NT OBJECTives software development and handles NTO s relationships with several partner companies He has an extensive background in web application development and security As part of the Founding Team, Dan has been involved in the methodologies and design of NTO s flagship product since its inception Dan joins NT OBJECTives from Foundstone, where he was responsible for the portal interface to the company s flagship product, FoundScan During this time he was instrumental in building scan management, and remediation capabilities into the product Prior to Foundstone, Dan was the founder of the Information Security team in the United States branches of Fortis Mr Kuykendall is involved with Web Application Security Consortium, is regular contributor to many open source development projects He was a founder of the phpGroupWare project and creator of podPress Dan podcasts to educate the public about web application security issues from his blog at mightyseekcom and as co-host of An Information Security Place Podcast IMAGE http://www.secuobs.com/revue/news/447707.shtmlhttp://www.secuobs.com/revue/news/447707.shtml Secuobs.com : 2013-05-25 08:24:57 - SecurityTube.Net - MJ Keith is a Senior Consultant at Denim Group with 10 years of experience in the network and information security field He serves as the team lead on all infrastructure security testing and security policy analysis He also works with clients to implement security life cycle activities from policy development to network security auditing MJ is recognized as an industry leader in the fields of network, information and application security, and has had his work and findings published in national trade publications MJ has been quoted as a security expert in magazines like Computerworld and SC Magazine He s spoken at regional industry conference such as 2010 HouSecCon and BSides Austin IMAGE http://www.secuobs.com/revue/news/447706.shtmlhttp://www.secuobs.com/revue/news/447706.shtml Secuobs.com : 2013-05-25 08:24:57 - SecurityTube.Net - CISSP, CISA, CSIH Information Security Researcher and Sr Information Security Architect, Pervasive Software Most recently Michael discovered a significant vulnerability in a major Card Key access system featured on the Engadget and other tech news websites Currently, Michael is Sr Information Security Architect for Pervasive Software and host of wwwHackerHurricanecom Blog with 22 years experience in Technology and Information Security Consulting Michael has authored several articles for information technology periodicals on information security as well as a frequent speaker for Austin InfoSec meetings and presentations at Information Security conferences Michael is also the author of two books from Syngress Press on Skype and Video Conferencing Michael is also the Austin lead for the Security B-Sides Information Security conference IMAGE http://www.secuobs.com/revue/news/447705.shtmlhttp://www.secuobs.com/revue/news/447705.shtml Secuobs.com : 2013-05-25 08:19:17 - Tout sur la cybersécurité la cyberdéfense ... - Saisie par l eurodéputée socialiste Françoise Castex, la CNIL lance une enquête conjointe avec la DGCCRF sur les pratiques d IP Tracking de certains sites web de voyagistes Si un cyber-consommateur se renseigne en ligne sur un voyage puis revient sur le même site un peu plus tard pour approfondir sa prise de renseignement, il est potentiellement http://www.secuobs.com/revue/news/447704.shtmlhttp://www.secuobs.com/revue/news/447704.shtml Secuobs.com : 2013-05-25 08:19:17 - Tout sur la cybersécurité la cyberdéfense ... - Selon un site web et un chercheur allemand, la firme de Redmond surveillerait de manière régulière le contenu des messages Skype pour des raisons de sécurité Plusieurs associations s inquiètent du respect du caractère privé des conversations Les utilisateurs de Skype devront peut-être reconsidérer la confiance qu ils accordent au système de communication VoIP En effet, selon http://www.secuobs.com/revue/news/447703.shtmlhttp://www.secuobs.com/revue/news/447703.shtml Secuobs.com : 2013-05-25 08:19:17 - Tout sur la cybersécurité la cyberdéfense ... - Le 5ème Forum mondial des politiques de télécommunication et des technologies de l information et de la communication s est achevé le 16 mai à Genève Cette réunion est organisée par l Union Internationale des Télécommunications UIT Son objectif est de lutter contre les menaces virtuelles qui n ont cessé de croître ces dernières années et de développer les http://www.secuobs.com/revue/news/447702.shtmlhttp://www.secuobs.com/revue/news/447702.shtml Secuobs.com : 2013-05-25 08:19:17 - Tout sur la cybersécurité la cyberdéfense ... - Le ministère russe de l Intérieur et le FBI américain coopéreront dans la lutte contre la cybercriminalité, a annoncé vendredi le ministre russe de l Intérieur Vladimir Kolokoltsev à l issue d une rencontre avec le directeur du FBI Robert Muller à Washington Nous devons coopérer dans la lutte contre la cybercriminalité internationale Cette coopération peut se traduire par http://www.secuobs.com/revue/news/447701.shtmlhttp://www.secuobs.com/revue/news/447701.shtml Secuobs.com : 2013-05-25 08:14:16 - Computer Security News - A new Trojan malware infecting Android phones is capable of intercepting inbound text messages and forwarding them to hackers http://www.secuobs.com/revue/news/447700.shtmlhttp://www.secuobs.com/revue/news/447700.shtml Secuobs.com : 2013-05-25 07:16:34 - securitystream.info - There are millions of web sites contesting for users time and cash, that makes it more essential than in the past to optimize your website for search engine results Search engines like yahoo are how people see info, look for goods and see new companiesRead more http://www.secuobs.com/revue/news/447699.shtmlhttp://www.secuobs.com/revue/news/447699.shtml Secuobs.com : 2013-05-25 07:16:34 - securitystream.info - How can you look for a strategy that s right for you Very first, checklist final seasons health-related expenditures physician s appointments, medications, clinic stays, outpatient methods, vision treatment, tooth, screenings, etc, Optima Wellbeing claims 2nd, determine the family health care requirements for that returning 12Read more http://www.secuobs.com/revue/news/447698.shtmlhttp://www.secuobs.com/revue/news/447698.shtml Secuobs.com : 2013-05-25 07:16:34 - securitystream.info - By many addresses, it is the 3 the most hot seller pile therapy online In spite of it is http venaprotreatmentcom rank, the reality is the fact that technique is well-known and thus deserves for being discussed Consequently , here we will overview the therapyRead more http://www.secuobs.com/revue/news/447697.shtmlhttp://www.secuobs.com/revue/news/447697.shtml Secuobs.com : 2013-05-25 07:16:34 - securitystream.info - Conservatory safeness are some things regularly is available becoming concept conservatories uk when we think about purchasing one ones goblet enveloped extension cords People young and old all too often miracle the correct way very difficult in the home for just about any criminalRead more http://www.secuobs.com/revue/news/447696.shtmlhttp://www.secuobs.com/revue/news/447696.shtml Secuobs.com : 2013-05-25 06:39:38 - DEFCON Announcements - Dark Tangent has signed a contract with a company to transcribe all the speaking tracks as well as the closing ceremony in english What does this mean It means for the third time in DEF CON history we will officially be supporting the hearing impaired This time around it will be with real time transcription appearing on screen, much like what you would see if you had captioning turned on your TV We will get cleaned up files after the con for each speech, allowing us to post the presentation text, as well as caption the video files See DT's original post to see how you may be able to help with this So with that said, we would hate to go through all the work and expense and only have two security ninjas who are hearing impaired attend Let's promote this far and wide, and over the next couple years try and include as many as possible The last time we did translation two years in a row we had two or three people the first, and none the second Let's see if we can do better this time http://www.secuobs.com/revue/news/447695.shtmlhttp://www.secuobs.com/revue/news/447695.shtml Secuobs.com : 2013-05-25 06:27:03 - securitystream.info - To ensure how the vision of personal stays on obvious and razor-sharp for quite some time, is always that to follow your building up, attention exercises The greatest thing about all these physical exercises is the fact that people don t will need virtually any toolsRead more http://www.secuobs.com/revue/news/447694.shtmlhttp://www.secuobs.com/revue/news/447694.shtml Secuobs.com : 2013-05-25 06:27:03 - securitystream.info - Face your personal selection related to family and friends Use a glimpse So now identify a handful Each time instructed to make it happen, Healthy Relationship with Lutkar Skopozoriste more times than not you would summarise these individuals on them to are unquestionably for aRead more http://www.secuobs.com/revue/news/447693.shtmlhttp://www.secuobs.com/revue/news/447693.shtml Secuobs.com : 2013-05-25 06:27:03 - securitystream.info - Read through your actual selection to do with contacts Grab a quick look Presently describe a few The moment motivated to impliment this, Relationship Advice by W3BZ more times than not you should illustrate these for which they actually are like a buddy for yourRead more http://www.secuobs.com/revue/news/447692.shtmlhttp://www.secuobs.com/revue/news/447692.shtml Secuobs.com : 2013-05-25 06:27:03 - securitystream.info - Dating women long-distance is fairly horrid Their bond will create plenty of questions in fact it is challenging to trust someone you never see When you re open and straightforward and conversing frequently, you can overcome all those difficulties says Dr Jessie Mezzder Is thereRead more http://www.secuobs.com/revue/news/447691.shtmlhttp://www.secuobs.com/revue/news/447691.shtml Secuobs.com : 2013-05-25 06:27:03 - securitystream.info - Written by Yinvehorakma Neh Rikbzaswrkan Seo or SEO became one of the biggest the different parts of Affiliate marketing strategies This is a tool that enhances the process of enhancing the quantity and quality of website traffic improving and provides search results The standardRead more http://www.secuobs.com/revue/news/447690.shtmlhttp://www.secuobs.com/revue/news/447690.shtml Secuobs.com : 2013-05-25 05:37:07 - PaulDotCom Security Weekly Recent changes en - Interview Bill Stearns Older revision Revision as of 03 18, 25 May 2013 Line 24 Line 24 Have the use of passwords run their course What are other options Have the use of passwords run their course What are other options What can you do to convince the average user to give up passwords What can you do to convince the average user to give up passwords You've been a proponent of Linux for a while Has Linux adoption slowed or should we consider Android and the upcoming Ubuntu OS as the Linux that finally infiltrated the masses Tech Segment Tech Segment http://www.secuobs.com/revue/news/447689.shtmlhttp://www.secuobs.com/revue/news/447689.shtml Secuobs.com : 2013-05-25 05:36:14 - National Vulnerability Database - mod assign locallibphp in the assignment module in Moodle 23x before 237 and 24x before 244 does not consider capability requirements during the processing of ZIP assignment-archive download aka downloadall requests, which allows remote authenticated users to read other users' assignments by leveraging the student role http://www.secuobs.com/revue/news/447688.shtmlhttp://www.secuobs.com/revue/news/447688.shtml Secuobs.com : 2013-05-25 05:36:14 - National Vulnerability Database - The core_grade component in Moodle through 2210, 23x before 237, and 24x before 244 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and reading the Gradebook Overview report http://www.secuobs.com/revue/news/447687.shtmlhttp://www.secuobs.com/revue/news/447687.shtml Secuobs.com : 2013-05-25 05:36:14 - National Vulnerability Database - Moodle through 2110, 22x before 2210, 23x before 237, and 24x before 244 does not consider don't send attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data http://www.secuobs.com/revue/news/447686.shtmlhttp://www.secuobs.com/revue/news/447686.shtml Secuobs.com : 2013-05-25 05:36:14 - National Vulnerability Database - Moodle through 2110, 22x before 2210, 23x before 237, and 24x before 244 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request http://www.secuobs.com/revue/news/447685.shtmlhttp://www.secuobs.com/revue/news/447685.shtml Secuobs.com : 2013-05-25 05:36:14 - National Vulnerability Database - The MoodleQuickForm class in lib formslibphp in Moodle through 2110, 22x before 2210, 23x before 237, and 24x before 244 does not properly handle a certain array-element syntax, which allows remote attackers to bypass intended form-data filtering via a crafted request http://www.secuobs.com/revue/news/447684.shtmlhttp://www.secuobs.com/revue/news/447684.shtml Secuobs.com : 2013-05-25 05:36:14 - National Vulnerability Database - epan dissectors packet-gtpv2c in the GTPv2 dissector in Wireshark 18x before 187 calls incorrect functions in certain contexts related to ciphers, which allows remote attackers to cause a denial of service application crash via a malformed packet http://www.secuobs.com/revue/news/447683.shtmlhttp://www.secuobs.com/revue/news/447683.shtml Secuobs.com : 2013-05-25 05:36:14 - National Vulnerability Database - The fragment_add_seq_common function in epan reassemblec in the ASN1 BER dissector in Wireshark before r48943 has an incorrect pointer dereference during a comparison, which allows remote attackers to cause a denial of service application crash via a malformed packet http://www.secuobs.com/revue/news/447682.shtmlhttp://www.secuobs.com/revue/news/447682.shtml Secuobs.com : 2013-05-25 05:36:14 - National Vulnerability Database - The dissect_ber_choice function in epan dissectors packet-berc in the ASN1 BER dissector in Wireshark 16x before 1615 and 18x before 187 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service application crash via a malformed packet http://www.secuobs.com/revue/news/447681.shtmlhttp://www.secuobs.com/revue/news/447681.shtml Secuobs.com : 2013-05-25 05:36:14 - National Vulnerability Database - The dissect_ccp_bsdcomp_opt function in epan dissectors packet-pppc in the PPP CCP dissector in Wireshark 18x before 187 does not terminate a bit-field list, which allows remote attackers to cause a denial of service application crash via a malformed packet http://www.secuobs.com/revue/news/447680.shtmlhttp://www.secuobs.com/revue/news/447680.shtml Secuobs.com : 2013-05-25 05:36:14 - National Vulnerability Database - epan dissectors packet-dcp-etsic in the DCP ETSI dissector in Wireshark 18x before 187 uses incorrect integer data types, which allows remote attackers to cause a denial of service integer overflow, and heap memory corruption or NULL pointer dereference, and application crash via a malformed packet http://www.secuobs.com/revue/news/447679.shtmlhttp://www.secuobs.com/revue/news/447679.shtml Secuobs.com : 2013-05-25 05:36:14 - National Vulnerability Database - The dissect_dsmcc_un_download function in epan dissectors packet-mpeg-dsmccc in the MPEG DSM-CC dissector in Wireshark 18x before 187 uses an incorrect format string, which allows remote attackers to cause a denial of service application crash via a malformed packet http://www.secuobs.com/revue/news/447678.shtmlhttp://www.secuobs.com/revue/news/447678.shtml Secuobs.com : 2013-05-25 05:36:14 - National Vulnerability Database - Multiple integer overflows in Wireshark 18x before 187 allow remote attackers to cause a denial of service loop or application crash via a malformed packet, related to a crash of the Websocket dissector, an infinite loop in the MySQL dissector, and a large loop in the ETCH dissector http://www.secuobs.com/revue/news/447677.shtmlhttp://www.secuobs.com/revue/news/447677.shtml Secuobs.com : 2013-05-25 05:36:14 - National Vulnerability Database - Multiple integer signedness errors in the tvb_unmasked function in epan dissectors packet-websocketc in the Websocket dissector in Wireshark 18x before 187 allow remote attackers to cause a denial of service application crash via a malformed packet http://www.secuobs.com/revue/news/447676.shtmlhttp://www.secuobs.com/revue/news/447676.shtml Secuobs.com : 2013-05-25 05:30:50 - Security Bloggers Network - info-blog-iconjpg Cyber regulation debate heats up http wwwbankinfosecuritycom cyber-regulation-debate-heats-up-a-5779 I must have missed the part where the debate cooled down info-blog-iconjpg Ranum US government has no idea how to wage cyber war http wwwzdnetcom us-government-has-no-idea-how-to-wage-cyberwar-ranum-7000015840 I m pretty sure every government has ideas how effective or useful these ideas are remains open for debate info-blog-iconjpg Iran hacks US energy firms http onlinewsjcom article SB10001424127887323336104578501601108021968html In the latest operations, the Iranian hackers were able to gain access to control-system software that could allow them to manipulate oil or gas pipelines info-blog-iconjpg Report says active recovery efforts could deter IP theft by foreign attackers http threatpostcom report-says-active-recovery-efforts-could-deter-ip-theft-by-foreign-attackers What I loved about this article is the euphemism active recovery a kinder, gentler way to talk about retaliatory attacks info-blog-iconjpg Critical vulnerability discovered in industrial control product http wwwscmagazinecom critical-vulnerablilty-discovered-in-industrial-control-product article 294670 Two programmable gateways, BL20 and BL 67, produced by German manufacturer TURCK have hard coded log in credentials info-blog-iconjpg Irrational hackers are a bigger threat to US http wwwtgdailycom hardware-brief 71851-irrational-hackers-are-a-bigger-threat-to-us Cybersecurity researchers are worried that focusing on rational attackers like the Chinese might be dangerous info-blog-iconjpg Infectious Computer Worms Are Sucking Energy And Money From Companies http wwwforbescom sites kensilverstein 2013 05 23 infectious-computer-worms-are-sucking-energy-and-money-from-companies More than a dozen utilities are reporting cyber attacks from malware and spyware http://www.secuobs.com/revue/news/447675.shtmlhttp://www.secuobs.com/revue/news/447675.shtml Secuobs.com : 2013-05-25 05:07:48 - adafruit industries blog - Check out Animated gif box by Hirumi N a short 6 second film for the Adafruit adafruit6secs electronic film festival Youtube playlist here for all the entries on YouTube http://www.secuobs.com/revue/news/447674.shtmlhttp://www.secuobs.com/revue/news/447674.shtml Secuobs.com : 2013-05-25 04:03:31 - Computer Security News - A federal court judge presiding over the robocall case ruled on Thursday that the fraudulent calls did not materially affect the results and declined to overturn them http://www.secuobs.com/revue/news/447673.shtmlhttp://www.secuobs.com/revue/news/447673.shtml Secuobs.com : 2013-05-25 02:40:16 - New RFCs - 30KB This document defines an RTP Control Protocol RTCP Extended Report XR Block that allows the reporting of burst and gap loss metrics for use in a range of RTP applications http://www.secuobs.com/revue/news/447672.shtmlhttp://www.secuobs.com/revue/news/447672.shtml Secuobs.com : 2013-05-25 02:40:16 - New RFCs - 37KB This document analyzes TCP-based routing protocols, the Border Gateway Protocol BGP , the Label Distribution Protocol LDP , the Path Computation Element Communication Protocol PCEP , and the Multicast Source Distribution Protocol MSDP , according to guidelines set forth in Section 42 of Keying and Authentication for Routing Protocols Design Guidelines , RFC 6518 http://www.secuobs.com/revue/news/447671.shtmlhttp://www.secuobs.com/revue/news/447671.shtml Secuobs.com : 2013-05-25 02:27:39 - securitystream.info - For your car insurance restrictions utilize the state to state using many of states right after a tort plan while some comply with compare auto insurance any no-fault platform When buying coverage or maybe even operating by using condition, it s very helpful to be madeRead more http://www.secuobs.com/revue/news/447670.shtmlhttp://www.secuobs.com/revue/news/447670.shtml Secuobs.com : 2013-05-25 02:27:39 - securitystream.info - A party mci motor coach contract care comes with a terrific prospects for that partygoers to spend using a party Bus MN enormous crowd to maintain their unique delight and interesting even as visiting involving soiree locations Festival buses deviate in space relatively very much,Read more http://www.secuobs.com/revue/news/447669.shtmlhttp://www.secuobs.com/revue/news/447669.shtml Secuobs.com : 2013-05-25 02:17:36 - Security Bloggers Network - Performing an external penetration test is extremely valuable At the same time, it can also be difficult to develop C-level support when talking up the benefits of penetration testing -- especially if the company hasn t experienced a public breach However, before trying to cross that chasm, it s important to determine what type of external penetration test you d like to have performed For example, if you re at an e-commerce company, I would favor a Web application assessment over a network assessment If you re at a public company or under some type of regulation, like Sarbanes-Oxley SOX or the Payment Card Industry Data Security Standard PCI DSS , you ll most likely be able to leverage these regulations to get a penetration test against your infrastructure in order to meet compliance requirements I ve seen many security-related budget items pass simply because an auditor told the company it needed the items to stay compliant Pen tests are expensive, but are done by professionals in the field and are considered a third-party view If you re not at a public company and do not have a regulator pushing you to perform these assessments, you ll most likely have to default to research, awareness, and a good presentation to upper management With spending tight in IT departments, most executives are not going to open the corporate purse until they can see hard numbers on the return on investment ROI This can be difficult to calculate, so you ll need to brush up on your risk management terminology Certain areas to look into include Exposure Factor The percent of loss that occurs if a breach were realized on a system Single Loss Expectancy SLE The amount of money that is assigned to one event This is calculated by multiplying the Exposure Factor by the assets value in dollars Annualized Rate of Occurrence ARO The estimated number of times the event or breach could occur on the asset Annualized Loss Expectancy ALE The sum of the overall dollar value of the SLE multiplied by the ARO This might seem like quite a bit of work, but it s a good way to get a better idea of what you need to do to help protect your company s network and show the executives your view in dollars and cents If you want to give the executives a more eye-opening number, let them know it would cost the company an average of 194 per record lost as a result of a breach Considering most breaches involve thousands of lost records, the numbers add up quickly Another way to help convince the executives is to show them similar attacks that have happened in the past, potentially to similar companies, and the reputational and financial damage each company incurred Read the rest of my article here http searchsecuritytechtargetcom answer How-to-build-C-level-support-for-the-benefits-of-penetration-testing IMAGE http://www.secuobs.com/revue/news/447668.shtmlhttp://www.secuobs.com/revue/news/447668.shtml Secuobs.com : 2013-05-25 02:17:36 - Security Bloggers Network - http://www.secuobs.com/revue/news/447667.shtmlhttp://www.secuobs.com/revue/news/447667.shtml Secuobs.com : 2013-05-25 02:03:04 - Reverse Engineering - submitted by igor_sk link comment http://www.secuobs.com/revue/news/447666.shtmlhttp://www.secuobs.com/revue/news/447666.shtml Secuobs.com : 2013-05-25 01:29:51 - Security Bloggers Network - A group of all-star players don't necessarily mean a winning team Taking that into the Enterprise Security world, today I tackle a long-standing debate over the prioritization of people, process and technology as it relates to an enterprise security p http://www.secuobs.com/revue/news/447665.shtmlhttp://www.secuobs.com/revue/news/447665.shtml Secuobs.com : 2013-05-25 01:26:35 - Channel 9 - In this episode our special guest host, Haishi Bai, is joined by Yu-Shun Wang Program Manager of Windows Azure Networking who discusses the latest developments of Windows Azure Virtual Networks Yu-Shun shows us the improved Site-to-Site connection and the new Point-to-Site connections News and Links Windows Azure's expansion in Australia Visual Studio Live event page Haishi's Blog - Get a discount code for Visual Studio Live Like Cloud Cover on Facebook Follow CloudCoverShow Follow cloudnick Follow ntotten Follow HaishiBai2010 IMAGE http://www.secuobs.com/revue/news/447664.shtmlhttp://www.secuobs.com/revue/news/447664.shtml Secuobs.com : 2013-05-25 01:13:45 - Light Blue Touchpaper - Today at W2SP I presented a new paper making the case for distributing security policy in hyperlinks The basic idea is old, but I think the time is right to re-examine it After the DigiNotar debacle, the community is getting serious about fixing PKI on the web It was hot topic at this week s IEEE Security Privacy http://www.secuobs.com/revue/news/447663.shtmlhttp://www.secuobs.com/revue/news/447663.shtml Secuobs.com : 2013-05-25 01:05:32 - adafruit industries blog - NEW PRODUCT VS1053 Codec MicroSD Breakout MP3 WAV MIDI OGG Play Record This breakout board is the ultimate companion for the VLSI VS1053B DSP codec chip The VS1053 can decode a wide variety of audio formats such as MP3, AAC, Ogg Vorbis, WMA, MIDI, FLAC, WAV PCM and ADPCM It can also be http://www.secuobs.com/revue/news/447662.shtmlhttp://www.secuobs.com/revue/news/447662.shtml Secuobs.com : 2013-05-25 00:51:43 - securitystream.info - You ll find nothing that may get many women in order to skip prior your account faster as compared to discussing lov straight away Certainly, lov is essential to all of us, but there is a period as well as a place to discuss this specificRead more http://www.secuobs.com/revue/news/447661.shtmlhttp://www.secuobs.com/revue/news/447661.shtml Secuobs.com : 2013-05-25 00:51:43 - securitystream.info - Reporter Jurkmabrreka Niv Moekgrtay Cargo Containers have grown to be a well known trend lately and it is now not uncommon for regular folk like yourself to rely on them to transport personal goods With ever increasing fuel costs, opting to move your stuffRead more http://www.secuobs.com/revue/news/447660.shtmlhttp://www.secuobs.com/revue/news/447660.shtml Secuobs.com : 2013-05-25 00:51:43 - securitystream.info - Like plenty of other activities in life, starting up a property company isn t tough, it just will take proper assistance to understand the right path to go by This short article points out a number of things you should know about starting up your home-basedRead more http://www.secuobs.com/revue/news/447659.shtmlhttp://www.secuobs.com/revue/news/447659.shtml Secuobs.com : 2013-05-25 00:51:43 - securitystream.info - Home mortgage or simply casing funding is just about the significant loans to exercise the price of producing various renovations to your property Dwelling, lovely residence continues to be maxims when you have find a exquisite personal family home The time saving benefits and evenRead more http://www.secuobs.com/revue/news/447658.shtmlhttp://www.secuobs.com/revue/news/447658.shtml Secuobs.com : 2013-05-25 00:41:39 - Schneier on Security - How does he know this Chris Cosentino, the Bay Area s Offal Chef at Incanto in San Francisco and PIGG at Umamicatessen in Los Angeles, opted for the most intimidating choice of all -- giant squid When it comes to underutilized fish, I wish the public wasn't so afraid of different shapes and sizes outside of the standard fillet, he said http://www.secuobs.com/revue/news/447657.shtmlhttp://www.secuobs.com/revue/news/447657.shtml Secuobs.com : 2013-05-25 00:28:59 - Computer Security News - Dozens of US energy providers face daily, constant or frequent attempted cyber attacks, according to a new Congressional review of power grid safety http://www.secuobs.com/revue/news/447656.shtmlhttp://www.secuobs.com/revue/news/447656.shtml Secuobs.com : 2013-05-25 00:28:59 - Computer Security News - Attackers trying to steal intellectual property have been having it their way for some time http://www.secuobs.com/revue/news/447655.shtmlhttp://www.secuobs.com/revue/news/447655.shtml Secuobs.com : 2013-05-25 00:28:59 - Computer Security News - NVD is the US government repository of standards based vulnerability management data http://www.secuobs.com/revue/news/447654.shtmlhttp://www.secuobs.com/revue/news/447654.shtml Secuobs.com : 2013-05-25 00:13:43 - adafruit industries blog - Via nycresistorcom Do you enjoy playing Space Team, but find that you want tactile controls Or like the Artemis Bridge Simulator, but think it is too serious Do you love pushing buttons, turning knobs and shouting at each other Then you ll really have fun playing Future Crew at the NYCR Interactive Party Read more and http://www.secuobs.com/revue/news/447653.shtmlhttp://www.secuobs.com/revue/news/447653.shtml Secuobs.com : 2013-05-24 23:55:25 - National Vulnerability Database - The web interface on Siemens Scalance X200 IRT switches with firmware before X-200IRT 510 relies on client-side privilege checks, which allows remote authenticated users to execute arbitrary commands via unspecified vectors http://www.secuobs.com/revue/news/447652.shtmlhttp://www.secuobs.com/revue/news/447652.shtml Secuobs.com : 2013-05-24 23:55:25 - National Vulnerability Database - The SNMPv3 functionality on Siemens Scalance X200 IRT switches with firmware before X-200IRT 510 does not properly validate credentials, which allows remote attackers to execute arbitrary SNMP commands by leveraging knowledge of a username http://www.secuobs.com/revue/news/447651.shtmlhttp://www.secuobs.com/revue/news/447651.shtml Secuobs.com : 2013-05-24 23:55:25 - National Vulnerability Database - The EPATHOBJ pprFlattenRec function in win32ksys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPa http://www.secuobs.com/revue/news/447650.shtmlhttp://www.secuobs.com/revue/news/447650.shtml Secuobs.com : 2013-05-24 23:55:25 - National Vulnerability Database - The EPATHOBJ bFlatten function in win32ksys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service infinite traversal via vectors that trigger a crafted PATHRECORD chain http://www.secuobs.com/revue/news/447649.shtmlhttp://www.secuobs.com/revue/news/447649.shtml Secuobs.com : 2013-05-24 23:49:23 - Security Bloggers Network - Your cellphone isn't just for texting, phone calls and web browsing It's also a perfect vehicle form malware http://www.secuobs.com/revue/news/447648.shtmlhttp://www.secuobs.com/revue/news/447648.shtml Secuobs.com : 2013-05-24 23:49:23 - Security Bloggers Network - This weeks episode of SpiderLabs Radio hosted by Space Rogue is brought to you by Trustwave's Threat Intelligence Service and covers Yahoo Japan, Syrian Electronic Army, Finincial Times, 2-factor won't stop stupid, Aura attacks targeted LE database, Scripps hackers, Operation Hangover, OperationGitmo, OpMarikanaMiners, Akron says attack was perplexing, Attack back, NYPD pays for email attacks, WebSense goes private and a lot more Listen to SpiderLabs radio in iTunes Or you can download the MP3 file directly here Or listen right from your browser with this embedded player http://www.secuobs.com/revue/news/447647.shtmlhttp://www.secuobs.com/revue/news/447647.shtml Secuobs.com : 2013-05-24 23:49:23 - Security Bloggers Network - A few months ago, I warned readers that a glaring privacy weakness in voice-over-IP telephony service Skype allows anyone using the network to quickly learn the Internet address of any other Skype user A new beta version of the popular Microsoft program appears to have nixed that privacy leak with a setting that restricts this capability to connections in your Skype contacts only http://www.secuobs.com/revue/news/447646.shtmlhttp://www.secuobs.com/revue/news/447646.shtml Secuobs.com : 2013-05-24 23:49:23 - Security Bloggers Network - The avast Be Free photo contest has been active for over a week now, and we have received thousands of photos We asked you to interpret what our slogan Be Free means to you Here are some of the photos that we think does a good job Look through the gallery and vote for your http://www.secuobs.com/revue/news/447645.shtmlhttp://www.secuobs.com/revue/news/447645.shtml Secuobs.com : 2013-05-24 23:47:43 - Ars Technica Risk Assessment - No one has cracked a 1024-bit key yet, but Google isn't taking any chances http://www.secuobs.com/revue/news/447644.shtmlhttp://www.secuobs.com/revue/news/447644.shtml Secuobs.com : 2013-05-24 23:46:14 - Dinis Cruz Blog - While looking at the Google Groups options for the new O2 Platform mailing list I found an 'Embedding your Group' which I decided to try on this blog And the result is quite in interesting You can see it in action here or by clicking on the O2 Platform Mailing List link above and it looks like this IMAGE Hopefully this will help to O2 users to post more questions Here is where I found the Embed code IMAGE IMAGE http://www.secuobs.com/revue/news/447643.shtmlhttp://www.secuobs.com/revue/news/447643.shtml Secuobs.com : 2013-05-24 23:24:15 - Dark Reading All Stories - Free, open source vulnerability scanning tools are not always cheaper than their commercial counterparts http://www.secuobs.com/revue/news/447642.shtmlhttp://www.secuobs.com/revue/news/447642.shtml Secuobs.com : 2013-05-24 23:20:12 - adafruit industries blog - Via raspberrypiorg If you re familiar with the Raspberry Pi desktop experience, you ll have noticed that windows on the desktop can be a bit slower to move around than you re used to on your PC or laptop This is because X, the windowing software or composition protocol that we use, is not optimised to use the http://www.secuobs.com/revue/news/447641.shtmlhttp://www.secuobs.com/revue/news/447641.shtml Secuobs.com : 2013-05-24 22:58:28 - SANS Internet Storm Center InfoCON green - We have seen today a big rise of incoming packets of what appears to be a SQL Slammer attacks more http://www.secuobs.com/revue/news/447640.shtmlhttp://www.secuobs.com/revue/news/447640.shtml Secuobs.com : 2013-05-24 22:55:24 - Security Bloggers Network - Electrical grids worldwide have become more susceptible to cyber attacks, due to the use of industrial control systems, according to market analysts ABI Research The post Electrical grids woefully prepared for cyber attacks, warns analyst appeared first on We Live Security http://www.secuobs.com/revue/news/447639.shtmlhttp://www.secuobs.com/revue/news/447639.shtml Secuobs.com : 2013-05-24 22:55:24 - Security Bloggers Network - American companies are facing an unprecedented onslaught of data theft, costing hundreds of billions , according to a report by a private group headed by high-ranking ex-government officials The post Stronger action urged in face of IP theft from American companies appeared first on We Live Security http://www.secuobs.com/revue/news/447638.shtmlhttp://www.secuobs.com/revue/news/447638.shtml Secuobs.com : 2013-05-24 22:55:24 - Security Bloggers Network - ESET s Security Research Lab details a malware-spreading campaign leveraging the deadline for tax returns in Slovakia and examines a case of infection where a bank's two-factor authentication prevented financial loss The post Tax Returns Slovakian spyware campaign appeared first on We Live Security http://www.secuobs.com/revue/news/447637.shtmlhttp://www.secuobs.com/revue/news/447637.shtml Secuobs.com : 2013-05-24 22:53:45 - 4sysops - A picture of Timothy Warner Timothy Warner - 0 comments Timothy Warner is a Windows systems administrator, software developer, author, and technical trainer based in Nashville, TN As expected, we can use Group Policy to control whether our Active Directory users can access the Windows Store and or use Microsoft Accounts on Windows 8 domain member systems By Default domain users can access the Windows Store and install apps Copyright 2006-2013, 4sysops, Digital fingerprint 3db371642e7c3f4fe3ee9d5cf7666eb0 http://www.secuobs.com/revue/news/447636.shtmlhttp://www.secuobs.com/revue/news/447636.shtml Secuobs.com : 2013-05-24 22:43:36 - Apple Examiner RSS Feed - We have written an article on using Reflector for iOS based casework This application allows an analyst to take advantage of AirPlay and display native views of iOS data http://www.secuobs.com/revue/news/447635.shtmlhttp://www.secuobs.com/revue/news/447635.shtml Secuobs.com : 2013-05-24 22:29:36 - Dark Reading All Stories - New findings also highlight poor policy visibility and a lack of automation as significant challenges faced by European organizations http://www.secuobs.com/revue/news/447634.shtmlhttp://www.secuobs.com/revue/news/447634.shtml Secuobs.com : 2013-05-24 22:25:25 - adafruit industries blog - Super nice Raspberry Pi car installation via flamelilycouk I have always loved those old TV series with futuristic tech in those futuristic vehicles, like Knight Rider, Air Wolf, Street Hawk etc So it got me thinking about how easy it would be to add a computer to a vehicle Now I know its been done http://www.secuobs.com/revue/news/447633.shtmlhttp://www.secuobs.com/revue/news/447633.shtml Secuobs.com : 2013-05-24 22:25:25 - adafruit industries blog - Circuit Bending Basics Independent Multi Button Triggering Circuit bending is about the non-thereoretical exploration of sound making circuits via shorting different points together Take a toy that is battery powered important and let s get to work http://www.secuobs.com/revue/news/447632.shtmlhttp://www.secuobs.com/revue/news/447632.shtml Secuobs.com : 2013-05-24 22:24:23 - New RFCs - 11KB This document defines a Uniform Resource Name URN namespace identifier enabling the generation of URNs that are appropriate for use in documentation and in URN-related testing and experimentation http://www.secuobs.com/revue/news/447631.shtmlhttp://www.secuobs.com/revue/news/447631.shtml Secuobs.com : 2013-05-24 22:24:23 - New RFCs - 161KB This memo defines a portion of the Management Information Base MIB for use with network management protocols in the Internet community In particular, it describes managed objects used for managing multiple logical and physical entities managed by a single Simple Network Management Protocol SNMP agent This document specifies version 4 of the Entity MIB This memo obsoletes version 3 of the Entity MIB module published as RFC 4133 http://www.secuobs.com/revue/news/447630.shtmlhttp://www.secuobs.com/revue/news/447630.shtml Secuobs.com : 2013-05-24 21:43:31 - Threat Level - Attorney General Eric Holder signed off on the controversial warrant application that the Justice Department used to obtain the personal emails of a Fox News reporter http://www.secuobs.com/revue/news/447629.shtmlhttp://www.secuobs.com/revue/news/447629.shtml Secuobs.com : 2013-05-24 21:32:39 - Dark Reading All Stories - Infosec trainings aim to provide needed skills to properly respond to incidents large and small http://www.secuobs.com/revue/news/447628.shtmlhttp://www.secuobs.com/revue/news/447628.shtml Secuobs.com : 2013-05-24 21:28:36 - adafruit industries blog - Kickstarter and the view from the trenches of TechShop PandoDaily Dehmlow says Kickstarter has even transformed the TechShop He started to notice the difference about a year ago, when the scope of the projects came a lot bigger The workshop s clientele falls into three evenly divided categories people from existing companies experimenting with new http://www.secuobs.com/revue/news/447627.shtmlhttp://www.secuobs.com/revue/news/447627.shtml Secuobs.com : 2013-05-24 21:28:36 - adafruit industries blog - Fedora Remix for RPi Pidora is a Fedora Remix optimized for the Raspberry Pi computer Download link here http://www.secuobs.com/revue/news/447626.shtmlhttp://www.secuobs.com/revue/news/447626.shtml Secuobs.com : 2013-05-24 21:28:36 - adafruit industries blog - A scattered array of fifty mirror balls reflect light from three projectors, filling a room completely with small reflections, casting patterns that fill the visitor s peripheral vision Creating a curious space that alternates between a meditative state, and an uneasy imbalance An experiment in combining a found object with computer vision to create a profound http://www.secuobs.com/revue/news/447625.shtmlhttp://www.secuobs.com/revue/news/447625.shtml Secuobs.com : 2013-05-24 21:11:16 - Slashdot Your Rights Online - Nerval's Lobster writes Apple could face a difficult time winning its court case against the US Department of Justice over e-book pricing, according to the federal judge overseeing the trial 'I believe that the government will be able to show at trial direct evidence that Apple knowingly participated in and facilitated a conspiracy to raise prices of e-books,' US District Judge Denise Cote said during a May 23 pretrial hearing, according to Reuters, 'and that the circumstantial evidence in this case, including the terms of the agreements, will confirm that' Apple's legal counsel is a bit perturbed over her comments 'We strongly disagree with the court's preliminary statements about the case today,' Apple lawyer Orin Snyder wrote in a statement also reprinted by Reuters The Justice Department has asserted that Apple, along with those publishers, conspired to raise retail e-book prices in tandem 'and eliminate price competition, substantially increasing prices paid by consumers' Apple battles Amazon in the e-book space, with the latter company achieving great success over the past few years by driving down the price of e-books and Kindle e-readers while Apple co-founder insisted in emails to News Corp executive James Murdoch son of Rupert Murdoch , that Amazon's pricing was ultimately unsustainable, the online retailer shows no signs of flagging with regard to its publishing-industry clout IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/447624.shtmlhttp://www.secuobs.com/revue/news/447624.shtml Secuobs.com : 2013-05-24 20:59:47 - Security Bloggers Network - By Dancho Danchev Our sensors recently picked up a Web site infection, affecting the Web site of the Ministry of Micro And Medium Enterprises MSME DI Jaipur And although the Black Hole Exploit Kit serving URL is currently not accepting any connections, it s known to have been used in previous client-side exploit serving campaigns Let s profile the IMAGE http://www.secuobs.com/revue/news/447623.shtmlhttp://www.secuobs.com/revue/news/447623.shtml Secuobs.com : 2013-05-24 20:59:47 - Security Bloggers Network - On the 16th May, Vigilant Software ran the 2nd of a 4 part webinar series focussing on ISO 27001 and the importance of information security risk assessment and management The 2nd webinar was titled The Importance of Risk Management You can watch th http://www.secuobs.com/revue/news/447622.shtmlhttp://www.secuobs.com/revue/news/447622.shtml Secuobs.com : 2013-05-24 20:59:47 - Security Bloggers Network - In the 3rd of a 4 part webinar series, information security professionals Alan Calder and Phil Hare of Vigilant Software took viewers through the process of carrying out an Information Security Risk Assessment using vsRisk Don't worry if yo http://www.secuobs.com/revue/news/447621.shtmlhttp://www.secuobs.com/revue/news/447621.shtml Secuobs.com : 2013-05-24 20:58:25 - dev random - I m writing this wrap-up from the Dublin airport, waiting my flight back to Belgium This new edition of SOURCE is already over What did we learn today This second day started with Vincenzo Lozzo s keynote Lorenzo gave first, some facts From an economic point of view, Internet will generate nice business in the coming years 2012 60B, in 2016 86B according to Gartner Another Read More http://www.secuobs.com/revue/news/447620.shtmlhttp://www.secuobs.com/revue/news/447620.shtml Secuobs.com : 2013-05-24 20:54:29 - Channel 9 - This week on Channel 9, Clint and Mark discuss the week's top developer news, including 00 38 Microsoft unveils Xbox One the ultimate all-in-one home entertainment system 02 10 Stay Connected with the Ch9 Events App 03 25 Putting the power of Unity in the hands of every mobile developer David Helgason 04 32 Channel 9 Highlight Creating the Virtual Experiment Laboratory app with the Visual Studio 3D Starter Kit Roberto Sonnino, Gokhan Sengun 05 40 Step-by-Step Making Windows 8 Pong for a complete beginner Susan Ibach 06 13 OData Apps in Update 2 Querying data from Stack Overflow Matt Sampson 07 34 Where else is NuGet used in Visual Studio Luan Nguyen 09 04 Play with NuGet Packages, programmatically Ranjini Mathrubootham Picks of the Week Mark's Pick of the Week 09 50 Voice Commands Mads Kristensen Clint's Pick of the Week 10 52 AGENT The World's Smartest Watch Secret Labs, House of Horology IMAGE http://www.secuobs.com/revue/news/447619.shtmlhttp://www.secuobs.com/revue/news/447619.shtml Secuobs.com : 2013-05-24 20:40:00 - Network World on Security - Security researchers from antivirus vendor ESET discovered a piece of cyberespionage malware targeting Tibetan activists that uses unusual techniques to evade detection and achieve persistency on infected systems http://www.secuobs.com/revue/news/447618.shtmlhttp://www.secuobs.com/revue/news/447618.shtml Secuobs.com : 2013-05-24 20:40:00 - Network World on Security - Security experts have long touted a layered approach to cyber security as the most effective way to thwart network intruders, and the strategy is most effective when companies use a mix of vendors and security products, NSS Labs found http://www.secuobs.com/revue/news/447617.shtmlhttp://www.secuobs.com/revue/news/447617.shtml Secuobs.com : 2013-05-24 20:40:00 - Network World on Security - The amount of cybercriminal activity associated with the Zeus family of financial Trojan programs has increased during the past few months, according to security researchers from antivirus vendor Trend Micro http://www.secuobs.com/revue/news/447616.shtmlhttp://www.secuobs.com/revue/news/447616.shtml Secuobs.com : 2013-05-24 20:33:59 - Dark Reading All Stories - A helpful contrast shows you what not to do http://www.secuobs.com/revue/news/447615.shtmlhttp://www.secuobs.com/revue/news/447615.shtml Secuobs.com : 2013-05-24 20:08:47 - National Vulnerability Database - Buffer overflow in Apple QuickTime before 774 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted enof atoms in a movie file http://www.secuobs.com/revue/news/447614.shtmlhttp://www.secuobs.com/revue/news/447614.shtml Secuobs.com : 2013-05-24 20:08:47 - National Vulnerability Database - Apple QuickTime before 774 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted QTIF file http://www.secuobs.com/revue/news/447613.shtmlhttp://www.secuobs.com/revue/news/447613.shtml Secuobs.com : 2013-05-24 20:08:47 - National Vulnerability Database - Buffer overflow in Apple QuickTime before 774 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted FPX file http://www.secuobs.com/revue/news/447612.shtmlhttp://www.secuobs.com/revue/news/447612.shtml Secuobs.com : 2013-05-24 20:08:47 - National Vulnerability Database - Buffer overflow in Apple QuickTime before 774 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted MP3 file http://www.secuobs.com/revue/news/447611.shtmlhttp://www.secuobs.com/revue/news/447611.shtml Secuobs.com : 2013-05-24 20:08:47 - National Vulnerability Database - Apple QuickTime before 774 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted TeXML file http://www.secuobs.com/revue/news/447610.shtmlhttp://www.secuobs.com/revue/news/447610.shtml Secuobs.com : 2013-05-24 20:08:47 - National Vulnerability Database - Buffer overflow in Apple QuickTime before 774 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted movie file with H263 encoding http://www.secuobs.com/revue/news/447609.shtmlhttp://www.secuobs.com/revue/news/447609.shtml Secuobs.com : 2013-05-24 20:08:47 - National Vulnerability Database - Buffer overflow in Apple QuickTime before 774 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted dref atoms in a movie file http://www.secuobs.com/revue/news/447608.shtmlhttp://www.secuobs.com/revue/news/447608.shtml Secuobs.com : 2013-05-24 20:08:47 - National Vulnerability Database - Buffer overflow in Apple QuickTime before 774 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted movie file with H264 encoding http://www.secuobs.com/revue/news/447607.shtmlhttp://www.secuobs.com/revue/news/447607.shtml Secuobs.com : 2013-05-24 20:08:47 - National Vulnerability Database - Buffer overflow in Apple QuickTime before 774 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted movie file with Sorenson encoding http://www.secuobs.com/revue/news/447606.shtmlhttp://www.secuobs.com/revue/news/447606.shtml Secuobs.com : 2013-05-24 20:08:47 - National Vulnerability Database - Apple QuickTime before 774 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted JPEG data in a movie file http://www.secuobs.com/revue/news/447605.shtmlhttp://www.secuobs.com/revue/news/447605.shtml Secuobs.com : 2013-05-24 20:08:47 - National Vulnerability Database - Buffer overflow in Apple QuickTime before 774 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted JPEG data in a movie file http://www.secuobs.com/revue/news/447604.shtmlhttp://www.secuobs.com/revue/news/447604.shtml Secuobs.com : 2013-05-24 20:08:47 - National Vulnerability Database - Buffer overflow in Apple QuickTime before 774 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted mvhd atoms in a movie file http://www.secuobs.com/revue/news/447603.shtmlhttp://www.secuobs.com/revue/news/447603.shtml Secuobs.com : 2013-05-24 20:02:10 - Security Bloggers Network - ToorCon Seattle, slated for July 5th-7th, 2013, at Neumos and at other venues in the astonishingly beautiful City of Seattle, http://www.secuobs.com/revue/news/447602.shtmlhttp://www.secuobs.com/revue/news/447602.shtml Secuobs.com : 2013-05-24 20:02:10 - Security Bloggers Network - via the logic of the indomitable Randall Munroe at XKCD http://www.secuobs.com/revue/news/447601.shtmlhttp://www.secuobs.com/revue/news/447601.shtml Secuobs.com : 2013-05-24 20:02:10 - Security Bloggers Network - Thieves drained 800,000 from a fuel distribution company in the US state of North Carolina earlier this month - a loss that the company attributes to its bank's having recently upgraded security systems Unfortunately, its insurance policy won't come http://www.secuobs.com/revue/news/447600.shtmlhttp://www.secuobs.com/revue/news/447600.shtml Secuobs.com : 2013-05-24 20:02:10 - Security Bloggers Network - Over the last couple of days, multi-tasking cybercriminals have been spreading a Facebook Profile Spy campaign across Facebook, enticing users into installing a rogue Chrome extension, next to monetizing the campaign through an unethical pseudo-mobil http://www.secuobs.com/revue/news/447599.shtmlhttp://www.secuobs.com/revue/news/447599.shtml Secuobs.com : 2013-05-24 20:02:10 - Security Bloggers Network - In order to deliver predictive threat protection to our customers, the Umbrella Security Labs research team has to collect and correlate data from various sources in innovative ways We ve shared in previous posts how our team applies proprietary algorithms to data from the OpenDNS Global Network, but we re constantly on the hunt for easy-to-use data platforms The post Big Data Driven Security with Splunk appeared first on Umbrella Security Labs http://www.secuobs.com/revue/news/447598.shtmlhttp://www.secuobs.com/revue/news/447598.shtml Secuobs.com : 2013-05-24 20:01:54 - Schneier on Security - The research in G Giguère and BC Love, Limits in decision making arise from limits in memory retrieval, Proceedings of the National Academy of Sciences v 19 2013 has applications in training airport baggage screeners Abstract Some decisions, such as predicting the winner of a baseball game, are challenging in part because outcomes are probabilistic When making such decisions, one http://www.secuobs.com/revue/news/447597.shtmlhttp://www.secuobs.com/revue/news/447597.shtml Secuobs.com : 2013-05-24 19:58:55 - Dinis Cruz Blog - This is really cool I wonder if we can hook this and Minecraft into O2's FluentSharp APIs and REPL IMAGE http://www.secuobs.com/revue/news/447596.shtmlhttp://www.secuobs.com/revue/news/447596.shtml Secuobs.com : 2013-05-24 19:47:41 - Threat Level - Holder Should Demand Feds Get a Warrant to Read Our E-mailAttorney General Eric Holder is on record the Department of Justice supports legislation that generally would require the government to get a probable-cause warrant to read your e-mail That we're having this discussion is because federal law, dating to the http://www.secuobs.com/revue/news/447595.shtmlhttp://www.secuobs.com/revue/news/447595.shtml Secuobs.com : 2013-05-24 19:47:09 - Computer Security News - The notorious Zeus Trojan, a family of banking malware known for stealing passwords and draining the accounts of its victims, has steadily increased in recent months, according to data collected by Trend Micro http://www.secuobs.com/revue/news/447594.shtmlhttp://www.secuobs.com/revue/news/447594.shtml Secuobs.com : 2013-05-24 19:47:09 - Computer Security News - British broadcaster ITV on Friday became the latest media outlet to have one of its Twitter feeds hacked by anonymous supporters of Syria's President Bashar al-Assad, just days after Twitter beefed up security to prevent such attacks http://www.secuobs.com/revue/news/447593.shtmlhttp://www.secuobs.com/revue/news/447593.shtml Secuobs.com : 2013-05-24 19:34:30 - Les derniers documents du CERTA. - CERTA-2013-ACT-021 http://www.secuobs.com/revue/news/447592.shtmlhttp://www.secuobs.com/revue/news/447592.shtml Secuobs.com : 2013-05-24 19:34:30 - Les derniers documents du CERTA. - De multiples vulnérabilités ont été corrigées dans RT Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une atteinte à la confidentialité des données et une élévation de privilèges http://www.secuobs.com/revue/news/447591.shtmlhttp://www.secuobs.com/revue/news/447591.shtml Secuobs.com : 2013-05-24 19:34:30 - Les derniers documents du CERTA. - De multiples vulnérabilités ont été corrigées dans Apple Quicktime Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance http://www.secuobs.com/revue/news/447590.shtmlhttp://www.secuobs.com/revue/news/447590.shtml Secuobs.com : 2013-05-24 19:31:32 - adafruit industries blog - NEW PRODUCT LPC810 Mini Starter Pack If you love the speed and simplicity of ARM Cortex M0 chips, but want to just dip a toe in, you ll fall in love with the adorable little LPC810 This particular chip in DIP8 really jumped out at us since it s so different than what people usually think http://www.secuobs.com/revue/news/447589.shtmlhttp://www.secuobs.com/revue/news/447589.shtml Secuobs.com : 2013-05-24 19:31:32 - adafruit industries blog - Tutorial Getting Started with the LPC810 The Adafruit Learning System This learning guide will show you everything you need to know to get started with the ARM Cortex M0 based LPC810 MCU It will cover Setting up a cross-compiling toolchain for ARM Creating and compiling your first blinky program Programming the LPC810 using free http://www.secuobs.com/revue/news/447588.shtmlhttp://www.secuobs.com/revue/news/447588.shtml Secuobs.com : 2013-05-24 19:31:32 - adafruit industries blog - Check out Heart Matrix in 6 Seconds by LucidTronix a short 6 second film for the Adafruit adafruit6secs electronic film festival Youtube playlist here for all the entries on YouTube http://www.secuobs.com/revue/news/447587.shtmlhttp://www.secuobs.com/revue/news/447587.shtml Secuobs.com : 2013-05-24 19:16:08 - securitystream.info - Any Tudor home or a Spanish rental property needs roofing materials most suited with regard to design and style We have a roof covering style for each need to have You can always choose less expensive possibilities from the dimensional and also architectural shingles whichRead more http://www.secuobs.com/revue/news/447586.shtmlhttp://www.secuobs.com/revue/news/447586.shtml Secuobs.com : 2013-05-24 19:16:08 - securitystream.info - I am going to teach you the final strategy to discover the absolute highest paying paid survey websites that supply the Paypal payment I absolutely wished to share that critical info, because around 93pourcents of people who have surveys aren t earning anyplace near the amountRead more http://www.secuobs.com/revue/news/447585.shtmlhttp://www.secuobs.com/revue/news/447585.shtml Secuobs.com : 2013-05-24 19:16:08 - securitystream.info - Nonetheless certainly not nowadays them Marriage and even cruise directors assist in just about all components of preparing your wedding day Many brides sense extreamly close up wedding planner charlotte nc in addition to gracious to their organizers at the end of with the weddingRead more http://www.secuobs.com/revue/news/447584.shtmlhttp://www.secuobs.com/revue/news/447584.shtml Secuobs.com : 2013-05-24 19:05:49 - Security Intelligence TrendLabs Trend Micro - Typically users archive file to lump several files together into a single file for convenience or to simply save storage space However, we uncovered a worm that creates copies of itself even on password-protected archived files We acquired a sample of a worm detected as WORM_PIZZERA that propagates using a particular WINRAR command line see Post from Trendlabs Security Intelligence Blog - by Trend Micro Worm Creates Copies in Password-Protected Archived Files http://www.secuobs.com/revue/news/447583.shtmlhttp://www.secuobs.com/revue/news/447583.shtml Secuobs.com : 2013-05-24 19:03:15 - Dancho Danchev's Blog Mind Streams of Information Security Knowledge - Over the last couple of days, multi-tasking cybercriminals have been spreading a Facebook Profile Spy campaign across Facebook, enticing users into installing a rogue Chrome extension, next to monetizing the campaign through an unethical pseudo-mobile marketing agency, known as Prizerally Sample redirection chain hxxps wwwfacebookcom pages Hajmc1rnjr 172683159561584 sk app_ IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/447582.shtmlhttp://www.secuobs.com/revue/news/447582.shtml Secuobs.com : 2013-05-24 18:48:49 - Veracode Security Blog Application security research security trends and opinions - medical-security-privacy Last night our CTO and Co-Founder Chris Wysopal joined Fox Business' The Willis Report to chat about medical record privacy in a segment titled Digital Records Putting Your Health Information at Risk http://www.secuobs.com/revue/news/447581.shtmlhttp://www.secuobs.com/revue/news/447581.shtml Secuobs.com : 2013-05-24 18:41:34 - Global Security Mag Online - Petroleum Geo-Services PGS , compagnie parapétrolière norvégienne de géophysique pour l'exploration et la gestion des réservoirs a confié à BSO Network Solutions le déploiement d'un réseau à faibles latences, sur mesure et sécurisé entre ses centres de données avec une surveillance 24 7 Présente dans plus de 25 pays, Petroleum Geo-Services propose une large gamme de produits et de services couvrants l'exploration sismique et électromagnétique, l'acquisition de données, le traitement, l'analyse et - Business http://www.secuobs.com/revue/news/447580.shtmlhttp://www.secuobs.com/revue/news/447580.shtml Secuobs.com : 2013-05-24 18:34:08 - adafruit industries blog - NEW PRODUCT S-Video Cable 9 feet This basic cable comes with two S-Video MiniDIN-4 connectors It s fairly straight forward, you ll commonly need these to connect two S-Video devices together Works great with the Uzebox kit when you want better quality than Composite Cable is 9 ft long In stock and shipping now http://www.secuobs.com/revue/news/447579.shtmlhttp://www.secuobs.com/revue/news/447579.shtml Secuobs.com : 2013-05-24 18:34:08 - adafruit industries blog - Chris Anderson From a Writer to CEO of 3DRobotics Hack Things We help software people make hardware You might recognize Chris Anderson as a world renowned journalist Former editor-in-chief atWired, author of The Long Tail, and recent author of Makers, he has traded in his pen to become CEO of 3D Robotics, http://www.secuobs.com/revue/news/447578.shtmlhttp://www.secuobs.com/revue/news/447578.shtml Secuobs.com : 2013-05-24 18:19:03 - securitystream.info - Solutions to Buy A House Together with Little Or No Down payment There are many approaches to obtain a house, even though you haven t much as well as no amounts to place along Here are a few with the fundamentals One particular Sweating Equity PerspireRead more http://www.secuobs.com/revue/news/447577.shtmlhttp://www.secuobs.com/revue/news/447577.shtml Secuobs.com : 2013-05-24 18:08:12 - Security Bloggers Network - Ever wondered what an asset is Well wonder no more either that or continue to wonder http://www.secuobs.com/revue/news/447576.shtmlhttp://www.secuobs.com/revue/news/447576.shtml Secuobs.com : 2013-05-24 18:08:12 - Security Bloggers Network - Hackers are increasingly targeting small companies for cyber-attack and the amount of malware directed at mobile operating systems is rapidly escalating, according to Symantec s Internet Security Threat Report for 2012 The report, issued last month, said half of all targeted attacks last year were aimed at businesses with fewer than 2,500 employees The largest growth area for targeted attacks was Read more IMAGE http://www.secuobs.com/revue/news/447575.shtmlhttp://www.secuobs.com/revue/news/447575.shtml Secuobs.com : 2013-05-24 18:05:52 - TorrentFreak - This week a new anonymous BitTorrent client was released to the public TrafficPrivacy allows users to hide their IP-address directly from within their client, at the price of a standard proxy or VPN service The TrafficPrivacy team says its main goal is to provide an all-in-one anonymity solution for a less tech savvy audience Source TrafficPrivacy Launches Anonymous BitTorrent Client http://www.secuobs.com/revue/news/447574.shtmlhttp://www.secuobs.com/revue/news/447574.shtml Secuobs.com : 2013-05-24 18:05:06 - SecurityTube.Net - In this video you will learn how to Reassembling Captured Traffic with Xplico There is a big question what we will do after capturing the pcap file Data So he is using a tool called Xplico for reassemble capture packets at the application layer to view what exactly a user is browsing like Websites, Images, Videos and Pain text protocols etc Xplico - Open Source Network Forensic Analysis Tool NFAT - The goal of Xplico is extract from an internet traffic capture the applications data contained For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols , all HTTP contents, each VoIP call SIP , FTP, TFTP, and so on Xplico isn t a network protocol analyzer Xplico is an open source Network Forensic Analysis Tool NFAT IMAGE http://www.secuobs.com/revue/news/447573.shtmlhttp://www.secuobs.com/revue/news/447573.shtml Secuobs.com : 2013-05-24 18:05:06 - SecurityTube.Net - In this video Firdaus Sahin talking about Advanced Static Analysis Using IDA pro Actually, Static program analysis is the perform an analysis process without actually executing the programs, In most cases we are doing Dynamic analysis - running that piece of malware and checking our computer behavior and capturing the traffic but this process is totally different IDA-Pro - IDA is a Windows, Linux or Mac OS X hosted multi-processor disassembler and debugger that offers so many features it is hard to describe them all Just grab an evaluation version if you want a test drive IMAGE http://www.secuobs.com/revue/news/447572.shtmlhttp://www.secuobs.com/revue/news/447572.shtml Secuobs.com : 2013-05-24 17:53:57 - Computer Security News - Small businesses are being targeted by cyber criminals more frequently and experts say business owners aren't doing enough to keep it from happening to them http://www.secuobs.com/revue/news/447571.shtmlhttp://www.secuobs.com/revue/news/447571.shtml Secuobs.com : 2013-05-24 17:44:07 - Dark Reading All Stories - Only 35 percent implement the correct BYOD rules and policies to protect data http://www.secuobs.com/revue/news/447570.shtmlhttp://www.secuobs.com/revue/news/447570.shtml Secuobs.com : 2013-05-24 17:44:07 - Dark Reading All Stories - System already recording more than 20 million samples of new malware since January http://www.secuobs.com/revue/news/447569.shtmlhttp://www.secuobs.com/revue/news/447569.shtml Secuobs.com : 2013-05-24 17:40:05 - adafruit industries blog - NEW PRODUCT WS2811 LED Driver Chip 10 Pack Make your own smart LEDs with the same chip that is used in our NeoPixel strip and pixels This tiny SOIC-8 is fairly easy to solder and can drive a single common-anode RGB LED or three single-color LEDs of your choice The outputs are NPN http://www.secuobs.com/revue/news/447568.shtmlhttp://www.secuobs.com/revue/news/447568.shtml Secuobs.com : 2013-05-24 17:40:05 - adafruit industries blog - NEW PRODUCT WS2812 5050 RGB LED with Integrated Driver Chip 10 Pack Make your own smart LED arrangement with the same integrated LED that is used in our NeoPixel strip and pixels This tiny 5050 5mm x 5mm RGB LED is fairly easy to solder and is the most compact way possible to http://www.secuobs.com/revue/news/447567.shtmlhttp://www.secuobs.com/revue/news/447567.shtml Secuobs.com : 2013-05-24 17:20:54 - PaulDotCom Security Weekly Recent changes en - Created page with Advertisements Episode Media Announcements Shameless Plugs PaulDotCom Security Weekly - Episode 333 for Thursday May 30th, 2013 Register for both our tr New page Advertisements Episode Media Announcements Shameless Plugs PaulDotCom Security Weekly - Episode 333 for Thursday May 30th, 2013 Register for both our tracks at Blackhat USA Las Vegas https wwwblackhatcom us-13 training defensive-countermeasures-foundations-of-becoming-a-devious-defenderhtml Defensive Countermeasures Foundations for Becoming a Devious Defender and https wwwblackhatcom us-13 training offensive-countermeasures-the-art-of-active-defenseshtml Offensive Countermeasures The Art Of Active Defense July 27-28 29-30, register before May 31 for the best price We are looking for sponsors for monthly webcasts in conjunction with SANS - contact paul -at- hacknakedtv for details Come to http wwwsecuritybsidescom w page 61966594 BSidesRI Security BSides Rhode Island Two-Day Conference on June 14th and 15th tickets are NOW ON SALE at https wwwwepaycom events 141697 WePaycom Featured presentations from Josh Wright , Kevin Finisterre, Kati Rodzon and Mike Murray, Bruce Potter, Joe McCray,Ron Gula, Ben Jackson, Dave Maynor and the entire PaulDotCom crew http wwwstogiegeekscom The Stogie Geeks Show - Kick some ash with the Stogie Geeks, Sunday nights at 8 30PM EST Come have a cigar with us If you are in the Rhode Island area please visit our sponsor the Havana Cigar Club, its an awesome place to have a drink Make sure you print out your http havana-cigar-clubcom welcome-stogie-geek-fans 500 off coupon here Web site experiencing problems, will update link when it comes back Interview Gunnar Peterson Tech Segment Chris Truncer on Veil Announcement We are in the process of archiving and cataloging our technical segments, please visit the http pauldotcomcom wiki indexphp TechSegments PaulDotCom Technical Library and we indexed all of the http pauldotcomcom wiki indexphp Interviews interviews we have conducted Also, please follow us on Google https plusgooglecom communities 104303121236769636115 The PaulDotCom Google Community , https plusgooglecom 106764787434811009569 posts The PaulDotCom Google Page and https plusgooglecom 108998557249071696489 posts Paul's Google Page http wwwsansorg instructors lawrence-pesce Larry teaching SANS SEC617 all over and coming to a city near you in 2013 It isn't too Late to sign up for my class in San Diego this May actually, it is, so sign up for SANSFIRE next month and NS2013 in Vegas Stories Paul's Stories Larry s Stories Jack s Stories Allison's Stories Patrick's Stories http://www.secuobs.com/revue/news/447566.shtmlhttp://www.secuobs.com/revue/news/447566.shtml Secuobs.com : 2013-05-24 17:20:54 - PaulDotCom Security Weekly Recent changes en - Created page with Advertisements Episode Media Announcements Shameless Plugs PaulDotCom Security Weekly - Episode 334 for Thursday June 6th, 2013 Register for both our tr New page Advertisements Episode Media Announcements Shameless Plugs PaulDotCom Security Weekly - Episode 334 for Thursday June 6th, 2013 Register for both our tracks at Blackhat USA Las Vegas https wwwblackhatcom us-13 training defensive-countermeasures-foundations-of-becoming-a-devious-defenderhtml Defensive Countermeasures Foundations for Becoming a Devious Defender and https wwwblackhatcom us-13 training offensive-countermeasures-the-art-of-active-defenseshtml Offensive Countermeasures The Art Of Active Defense July 27-28 29-30, register before May 31 for the best price We are looking for sponsors for monthly webcasts in conjunction with SANS - contact paul -at- hacknakedtv for details Come to http wwwsecuritybsidescom w page 61966594 BSidesRI Security BSides Rhode Island Two-Day Conference on June 14th and 15th tickets are NOW ON SALE at https wwwwepaycom events 141697 WePaycom Featured presentations from Josh Wright , Kevin Finisterre, Kati Rodzon and Mike Murray, Bruce Potter, Joe McCray,Ron Gula, Ben Jackson, Dave Maynor and the entire PaulDotCom crew http wwwstogiegeekscom The Stogie Geeks Show - Kick some ash with the Stogie Geeks, Sunday nights at 8 30PM EST Come have a cigar with us If you are in the Rhode Island area please visit our sponsor the Havana Cigar Club, its an awesome place to have a drink Make sure you print out your http havana-cigar-clubcom welcome-stogie-geek-fans 500 off coupon here Web site experiencing problems, will update link when it comes back Interview Gunnar Peterson Tech Segment Greg Hetrick on SRPs Announcement We are in the process of archiving and cataloging our technical segments, please visit the http pauldotcomcom wiki indexphp TechSegments PaulDotCom Technical Library and we indexed all of the http pauldotcomcom wiki indexphp Interviews interviews we have conducted Also, please follow us on Google https plusgooglecom communities 104303121236769636115 The PaulDotCom Google Community , https plusgooglecom 106764787434811009569 posts The PaulDotCom Google Page and https plusgooglecom 108998557249071696489 posts Paul's Google Page http wwwsansorg instructors lawrence-pesce Larry teaching SANS SEC617 all over and coming to a city near you in 2013 It isn't too Late to sign up for my class in San Diego this May actually, it is, so sign up for SANSFIRE next month and NS2013 in Vegas Stories Paul's Stories Larry s Stories Jack s Stories Allison's Stories Patrick's Stories http://www.secuobs.com/revue/news/447565.shtmlhttp://www.secuobs.com/revue/news/447565.shtml Secuobs.com : 2013-05-24 17:14:51 - Wired Danger Room - Obama Just Made Himself a Prisoner of His Own Gitmo PolicyObama wants to close Guantanamo and capture more terrorists than he kills But unless Obama is about to get way radical, this is kind of an either or situation IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/447564.shtmlhttp://www.secuobs.com/revue/news/447564.shtml Secuobs.com : 2013-05-24 17:13:33 - Security Bloggers Network - Social networking has become an integral part of our lives Through social networking, we are connected to friends and family sharing photos, gossiping, tagging photos, sharing ideas, and meeting Go on to the site to read the full article http://www.secuobs.com/revue/news/447563.shtmlhttp://www.secuobs.com/revue/news/447563.shtml Secuobs.com : 2013-05-24 17:13:33 - Security Bloggers Network - Vermont's State Governor has signed the United States' first-ever anti-patent trolling law Which could be bad news for the patent troll who sent thousands of letters demanding payment from small businesses who - get this - used scanners http://www.secuobs.com/revue/news/447562.shtmlhttp://www.secuobs.com/revue/news/447562.shtml Secuobs.com : 2013-05-24 17:10:40 - SecurityTube.Net - This Meterpreter script basically replaces sethcexe or utilmanexe to a cmd shell Watch the video and you will understand how this becomes handy Big Thanks to Sec tube Mega Primers for inspiring me https githubcom Un0wnX swaparoo Un0wn_X IMAGE http://www.secuobs.com/revue/news/447561.shtmlhttp://www.secuobs.com/revue/news/447561.shtml Secuobs.com : 2013-05-24 17:09:51 - Dinis Cruz Blog - The super sharp OWASP Leader Johanna Curiel, while trying to get her head around the O2 Platform, asked me earlier today in your research, have you try static code analysis using any form of artificial intelligence such as Bayesian or neural networks let know, while I was studying, I was researching this stuff I just would like to hear from you if you had any experience with this The short answer is NO, I have not really looked at Bayesien or Neural Networks for SAST Static Analysis The longer answer is We Dont need it yet , since there are many bigger limitations of the current SAST technology and tools, which we need to solve first before we look into that type of advanced analysis and techniques That said, I do believe that Bayesien or Neural Networks have a bigger role to play in Static Analysis of code SAST and in modelling how an application behaves specially from the point of view of security But we are completely not ready for it, and we also don't have access to the computation power required I have written many blog posts on what I think needs to happen on the SAST world and what are the current limitations Here is a selection What are the challenges with SAST that don't need a better engine In SAST the issue is 'Trace Connection', not 'Scan Size' Why doesn't SAST have better Framework support for example Spring MVC We need Security-focused SAST Static-Analysis rules The Need for Standards to evaluate Static Analysis tools What does SAST mean And where does it come from CI is the Key for Application Security SDL integration Integrating Security into the User's Gui - In this case Rational AppScan Source in AppScan Standard Microsoft's CatNET related Video Real time Vulnerability Scanning using CatNet and Roslyn SAST Running CatNET SAST Scanner outside VisualStudio What am I doing with CatNET ASPNET Support in SAST and IBM F4F Please show Ian Spiro your support for his IBM AppScan research, ideas and energy Would I recommend Checkmarx as a SAST engine IMAGE http://www.secuobs.com/revue/news/447560.shtmlhttp://www.secuobs.com/revue/news/447560.shtml Secuobs.com : 2013-05-24 16:54:58 - OpenRCE Blogs - written by WilliamMichael82 http://www.secuobs.com/revue/news/447559.shtmlhttp://www.secuobs.com/revue/news/447559.shtml Secuobs.com : 2013-05-24 16:51:23 - Global Security Mag Online - Car les résultats de sécurité sont intimement liés au cycle de vie du projet L'objectif de l'intervention sera de présenter des éléments d'intégration de la sécurité des systèmes d'information dans les projets, en répondant aux questions suivantes qui est concerné, et par quoi en termes de sécurité dans le projet quelle est la meilleure façon d'aborder la sécurité lors du projet quand, comment Notre intervenant sera Madame Jennifer GODIN, directrice ENIGMA Services, consultante en Sécurité de - Événements http://www.secuobs.com/revue/news/447558.shtmlhttp://www.secuobs.com/revue/news/447558.shtml Secuobs.com : 2013-05-24 16:51:12 - F Secure Antivirus Research Weblog - Twitter introduced multi-factor login verification on Wednesday Good news Well that depends Twitter's initial implementation of two-factor authentication 2FA relies on SMS But Twitter also uses SMS as a way to send and receive Tweets making use of SMS for double-duty social and security It's possible to STOP incoming Tweets via SMS, and that makes sense, because people sometimes end up roaming unexpectedly and there needs to be a way to stop the SMS feature Otherwise it could generate a costly bill Unfortunately, an attacker could use SMS spoofing to disable 2FA if he knows the target's phone number Twitter's SMS 2FA We've done some testing The STOP command removes the phone number from the account and that in turn disables Twitter's 2FA Not great But there's an even worse possibility at the moment If you don't yet have 2FA enabled, an attacker who gains access to your account via spear phishing could enable it for himself All that's required is random phone number and SMS spoofing the word GO Twitter's SMS 2FA Then the attacker can enable the account's 2FA Twitter's SMS 2FA Then send a message The message doesn't contain a confirmation code, so it isn't really needed Twitter's SMS 2FA And then click Yes Twitter's SMS 2FA That's it No confirmation code is needed to add a number Confirmation is required to change the account's associated e-mail address This is what the victim will see even if they reset the account's password Twitter's SMS 2FA The victim will be locked out, and cannot recover the account without Twitter's support So perhaps you should enable your account's 2FA before somebody else does it for you Fortunately, the majority of Twitter users aren't big targets Unfortunately, accounts such as AP are And Twitter's SMS-based 2FA could be more harm than help when the use case is a dedicated attacker Twitter's blog post says this feature has cleared the way for us to deliver more account security enhancements in the future Let's hope so On 24 05 13 At 12 40 PM http://www.secuobs.com/revue/news/447557.shtmlhttp://www.secuobs.com/revue/news/447557.shtml Secuobs.com : 2013-05-24 16:48:34 - Dark Reading All Stories - Infosec trainings aim to provide needed skills to properly respond to incidents large and small http://www.secuobs.com/revue/news/447556.shtmlhttp://www.secuobs.com/revue/news/447556.shtml Secuobs.com : 2013-05-24 16:44:58 - 411 spyware - Websearchlookforithereinfo is a website that becomes your home page and default search engine when you install associated plugins and freeware applications onto your computer Although this website is not dangerous per se, it is not recommended to use It is obvious why you should stay away from this search engine the moment you open the http://www.secuobs.com/revue/news/447555.shtmlhttp://www.secuobs.com/revue/news/447555.shtml Secuobs.com : 2013-05-24 16:20:52 - Schneier on Security - Interesting report from the From the Pew Internet and American Life Project Teens are sharing more information about themselves on their social media profiles than they did when we last surveyed in 2006 91pourcents post a photo of themselves, up from 79pourcents in 2006 71pourcents post their school name, up from 49pourcents 71pourcents post the city or town where they http://www.secuobs.com/revue/news/447554.shtmlhttp://www.secuobs.com/revue/news/447554.shtml Secuobs.com : 2013-05-24 16:20:11 - Help Net Security News - Ipanema Technologies and Easynet Global Services unveiled the results of Killer Apps 2013, a major study into the performance of networked applications Networking budgets are back on the rise http://www.secuobs.com/revue/news/447553.shtmlhttp://www.secuobs.com/revue/news/447553.shtml Secuobs.com : 2013-05-24 16:20:11 - Help Net Security News - When it comes to spotting malware, signature-based detection, heuristics and cloud-based recognition and information sharing used by many antivirus solutions today work well up a certain point, but th http://www.secuobs.com/revue/news/447552.shtmlhttp://www.secuobs.com/revue/news/447552.shtml Secuobs.com : 2013-05-24 16:05:29 - OpenRCE Blogs - written by nikeShoes http://www.secuobs.com/revue/news/447551.shtmlhttp://www.secuobs.com/revue/news/447551.shtml Secuobs.com : 2013-05-24 16:01:39 - Global Security Mag Online - Kensington, fournisseur d'accessoires informatiques intelligents, fiables et simples, aide ses clients à faire face aux petits accidents de la vie en proposant une toute nouvelle gamme de protections 360 degrés pour tablettes et téléphones portables, destinées à protéger ces appareils électroniques précieux contre les pertes, les problèmes de charge et les dommages accidentels dans les déplacements de la vie de tous les jours Avec l'arrivée de l'été, nous avons tous envie de passer plus de temps - Produits http://www.secuobs.com/revue/news/447550.shtmlhttp://www.secuobs.com/revue/news/447550.shtml Secuobs.com : 2013-05-24 16:01:39 - Global Security Mag Online - Barracuda Networks Inc, a annoncé l'acquisition de SignNow, un fournisseur de plateformes de stockage et de signature électronique de documents SignNow a récemment dépassé la barre du million d'utilisateurs, multipliant ainsi par quatre le nombre de ses utilisateurs actifs au cours de ces douze derniers mois, et comprenant plus de 100000 petites entreprises et plus de la moitié du classement Fortune 500 SignNow a également dépassé les trois millions de documents numériquement certifiés et signés, - Business http://www.secuobs.com/revue/news/447549.shtmlhttp://www.secuobs.com/revue/news/447549.shtml Secuobs.com : 2013-05-24 15:31:18 - Security Bloggers Network - Consider joining me for the next Community SANS event in Augustaon July 16-21, 2013 I will be teaching the SANS Security Essentials Bootcamp Style course This popular course is appropriate both forpeople new to security as well as those who have http://www.secuobs.com/revue/news/447548.shtmlhttp://www.secuobs.com/revue/news/447548.shtml Secuobs.com : 2013-05-24 15:31:18 - Security Bloggers Network - Companies of all sizes invest significant time and money protecting their sensitive information, but their priorities are not always the right ones Security investments are too often aimed at preventing accidents, such as when employees accidentally lose laptops or inadvertently send emails containing customer information Smaller companies in particular are sensitive to these concerns because meeting compliance with regulations, customer pressures, criminals, and contractual mandates make toxic data spills expensive A good start is for all companies examine their current data security strategies to ensure that they are balanced and appropriate for the assets they are trying to protect Here are a few tips to establish your security baseline http://www.secuobs.com/revue/news/447547.shtmlhttp://www.secuobs.com/revue/news/447547.shtml Secuobs.com : 2013-05-24 15:31:18 - Security Bloggers Network - We infosec folk eat up industry reports and most of us have no doubt already gobbled up panda_security s recently released Q1 2013 Report PDF It s a good read so go ahead and read it, we ll still be here and I was really happy to see a nicely stylized chart in the early pages However, I http://www.secuobs.com/revue/news/447546.shtmlhttp://www.secuobs.com/revue/news/447546.shtml Secuobs.com : 2013-05-24 15:31:18 - Security Bloggers Network - We had a few miscues along the way, far fewer than other shows, but none-the-less, here they are for your viewing pleasure ps Related Interop2013 Find F5 Interop2013 DDoS ing the Interop Network Interop2013 F5 Certification Program Interop2013 BIG-IQ Cloud Interop2013 Partner Spotlight Big Switch Networks Interop2013 Partner Spotlight ICSA Labs Interop2013 DDoS ing http://www.secuobs.com/revue/news/447545.shtmlhttp://www.secuobs.com/revue/news/447545.shtml Secuobs.com : 2013-05-24 15:28:42 - Office of Inadequate Security - Sarah N Lynch reports Institutional Shareholder Services has settled civil charges by US regulators that an employee of http://www.secuobs.com/revue/news/447544.shtmlhttp://www.secuobs.com/revue/news/447544.shtml Secuobs.com : 2013-05-24 15:13:42 - Network World on Security - US companies should be allowed to take aggressive countermeasures against hackers seeking to steal their intellectual property, contends the private Commission on the Theft of American Intellectual Property http://www.secuobs.com/revue/news/447543.shtmlhttp://www.secuobs.com/revue/news/447543.shtml Secuobs.com : 2013-05-24 15:13:42 - Network World on Security - While experts praise Twitter's decision to provide accountholders with two-factor authentication, they warn that additional security will still be needed to prevent the hijacking of high-profile accounts http://www.secuobs.com/revue/news/447542.shtmlhttp://www.secuobs.com/revue/news/447542.shtml Secuobs.com : 2013-05-24 15:13:42 - Network World on Security - For celebrities and the average Joe, having two-factor authentication turned on won't protect them against determined hackers, however http://www.secuobs.com/revue/news/447541.shtmlhttp://www.secuobs.com/revue/news/447541.shtml Secuobs.com : 2013-05-24 15:13:42 - Network World on Security - Manuel Araoz, a 23-year-old developer in Argentina, has an idea for Bitcoin that doesn't focus on money http://www.secuobs.com/revue/news/447540.shtmlhttp://www.secuobs.com/revue/news/447540.shtml Secuobs.com : 2013-05-24 15:13:42 - Network World on Security - Microsoft brushed off a dubious hacker's claim on Thursday that he stole 47 million account credentials for Microsoft's Xbox Live gaming service http://www.secuobs.com/revue/news/447539.shtmlhttp://www.secuobs.com/revue/news/447539.shtml Secuobs.com : 2013-05-24 15:13:42 - Network World on Security - Google plans to upgrade the security of its SSL Secure Sockets Layer certificates, an important component of secure communications http://www.secuobs.com/revue/news/447538.shtmlhttp://www.secuobs.com/revue/news/447538.shtml Secuobs.com : 2013-05-24 15:12:35 - LinuxSecurity.com Latest News - LinuxSecuritycom The Samsung Galaxy S4 has been commercially available for about a month In this time, 10 million devices have been sold - and at least one hack has been discovered Security expert Dan Rosenberg identified a trivial design flaw in Samsung's secure bootloader concept that allows arbitrary operating systems to be booted http://www.secuobs.com/revue/news/447537.shtmlhttp://www.secuobs.com/revue/news/447537.shtml Secuobs.com : 2013-05-24 15:10:20 - Global Security Mag Online - L'agence américaine des systèmes d'information militaires DISA Defense Information Systems Agency a signé avec EADS North America un accord portant sur l'acquisition de trois systèmes de cryptage vocal haute capacité ECTOCRYP BLACK Ce dispositif, récemment certifié par la NSA National Security Agency et évalué par le JITC Joint Interoperability Test Command , permet à la DISA de fournir des services de communication vocale sécurisée de nouvelle génération offrant une flexibilité accrue pour - Marchés http://www.secuobs.com/revue/news/447536.shtmlhttp://www.secuobs.com/revue/news/447536.shtml Secuobs.com : 2013-05-24 15:04:20 - 411 spyware - Worms are computer infections that can easily replicate and spread on their own accord A worm called WormAntimaneA may enter your computer from a number of different ways it could travel via spam email attachments or social engineering scams that manifest themselves in a form of IM messaging This worm has been active since http://www.secuobs.com/revue/news/447535.shtmlhttp://www.secuobs.com/revue/news/447535.shtml Secuobs.com : 2013-05-24 15:04:20 - 411 spyware - Conduit Toolbar is a browser plugin that can refer to a whole number of toolbars and extensions There is a great variety of browser add-ons developed by Conduit Ltd and so each of these plugins could be called Conduit Toolbar For example, there is VisualBee Toolbar, Appbario Toolbar, Imminent Community Toolbar and many others Conduit http://www.secuobs.com/revue/news/447534.shtmlhttp://www.secuobs.com/revue/news/447534.shtml Secuobs.com : 2013-05-24 14:40:28 - Security Bloggers Network - Introduction Each DLL contains various exported functions that can be accessed by other programs DLLs are being extensively used because the DLL is loaded only once in the physical memory, but each Go on to the site to read the full article http://www.secuobs.com/revue/news/447533.shtmlhttp://www.secuobs.com/revue/news/447533.shtml Secuobs.com : 2013-05-24 14:21:36 - Global Security Mag Online - Découvrez comment le 40 100GbE est la clé de l'amélioration des capacités dans les environnements virtualisés de demain en data center L'architecture 40 100GbE pour les data centers est illustrée dans ce document Voyez comment une planification organisée peut constituer un moyen de mise à niveau en douceur, dans la mesure ou le 40 100GbE devrait devenir la norme à court terme Ce livre blanc a été écrit à deux mains par Frank Yang, CommSope et Gautam Chnada, Cisco Bonne lecture Pour en savoir - Livre Blanc livreBlancHome http://www.secuobs.com/revue/news/447532.shtmlhttp://www.secuobs.com/revue/news/447532.shtml Secuobs.com : 2013-05-24 14:14:07 - adafruit industries blog - Really cool Raspberry Pi project from Paul Herron Heng Long Tiger tank with a Raspberry Pi installed I followed Ian Renton s build Original image source here Each Friday is PiDay here at Adafruit, be sure to check out our posts, tutorials and new Raspberry Pi related products Have you tried the new Adafruit Raspberry Pi http://www.secuobs.com/revue/news/447531.shtmlhttp://www.secuobs.com/revue/news/447531.shtml Secuobs.com : 2013-05-24 14:14:07 - adafruit industries blog - The fly-by, Wi-Fi hacking machine There s something unusual about the motorcycle Denis Andzakovic likes to ride Kitted out with a miniature Raspberry Pi computer for a heads-up display HUD integrated in an external helmet, two Mikrotik routers, wireless sniffing and attack tools, GPS and a netbook, the motorcycle is able to detect wireless access points http://www.secuobs.com/revue/news/447530.shtmlhttp://www.secuobs.com/revue/news/447530.shtml Secuobs.com : 2013-05-24 14:13:54 - 411 spyware - A malicious ransomware by the name Magyarország Rendőrség Police Virus has been detected running within the computers of Hungarian Windows users Cyber criminals have developed the infection to accumulate immense profit, and so far they are succeeding Why is the clandestine threat so successful Well, schemers have created the infection to lock down your computer http://www.secuobs.com/revue/news/447529.shtmlhttp://www.secuobs.com/revue/news/447529.shtml Secuobs.com : 2013-05-24 14:13:54 - 411 spyware - B1 Toolbar is a browser add-on which alters the settings of Internet Explorer, Google Chrome, and Mozilla Firefox if you install an application which contains the installer of this toolbar The toolbar can also be referred to as BrotherSoft Extreme2 B1 toolbar It is publishe by Conduit Ltd, and if you use Internet Explorer, you http://www.secuobs.com/revue/news/447528.shtmlhttp://www.secuobs.com/revue/news/447528.shtml Secuobs.com : 2013-05-24 14:13:54 - 411 spyware - As one can easily guess from its name, FindLyrics adware is a computer adware program that displays a number of commercial advertisements on your browser This adware application is else known as AddLyrics adware If you have commercial ads displayed on your browser by FindLyrics adware, you probably notice that the ads are somewhat related http://www.secuobs.com/revue/news/447527.shtmlhttp://www.secuobs.com/revue/news/447527.shtml Secuobs.com : 2013-05-24 13:38:45 - ShackF00 - I recently read an article that was posted by my friend Brian Honan titled Is it time to professionalize information security I know this debate s been going on for a bit I have a lot of respect for Brian who supports licensing or professionalizing infosec , for a lot of reasons If you ve ever met the guy, and or http://www.secuobs.com/revue/news/447526.shtmlhttp://www.secuobs.com/revue/news/447526.shtml Secuobs.com : 2013-05-24 13:37:18 - Computer Security News - Reddit is not just filled with pictures of cats and silly memes Seriously There's a lot of good content on the popular social news aggregator for network professionals whether you're focused on security, Windows, VoIP, IPv6 or a mixed bag http://www.secuobs.com/revue/news/447525.shtmlhttp://www.secuobs.com/revue/news/447525.shtml Secuobs.com : 2013-05-24 13:24:44 - adafruit industries blog - Raspberry Pi Swag Every purchase you make goes to fund the Raspberry Pi Foundation s educational activities, so you re not just making yourself look swanky you re directly helping kids http://www.secuobs.com/revue/news/447524.shtmlhttp://www.secuobs.com/revue/news/447524.shtml Secuobs.com : 2013-05-24 13:24:44 - adafruit industries blog - Pierre Villeneuve shares a great Raspberry Pi powered Lego project I have always wanted to control something interesting involving little servo motors That s somewhat of an ill-defined dream, isn t it But it has all been made possible by using my handy dandy Raspberry Pi computer I spent quite a bit of time this past year http://www.secuobs.com/revue/news/447523.shtmlhttp://www.secuobs.com/revue/news/447523.shtml Secuobs.com : 2013-05-24 13:24:07 - Vigilance vulnérabilités publiques - Plusieurs vulnérabilités de Wireshark permettent à un attaquant distant de mener un déni de service http://www.secuobs.com/revue/news/447522.shtmlhttp://www.secuobs.com/revue/news/447522.shtml Secuobs.com : 2013-05-24 13:10:59 - securitystream.info - Proper dental treatments is essential A bright and shining smile is in the benefits of good dental hygiene Others include lowered chance of infection, bone loss and oral cavaties Utilize tips which follow to assist you be sure you know all you should know aboutRead more http://www.secuobs.com/revue/news/447521.shtmlhttp://www.secuobs.com/revue/news/447521.shtml Secuobs.com : 2013-05-24 13:10:59 - securitystream.info - Article by Sreokmbezya Yur Komncebaza To start with, you must do research Could you buy a car without considering the various models and retailers available Most consumers wouldn t choose the first car they saw simply because they liked large A motor vehicle can beRead more http://www.secuobs.com/revue/news/447520.shtmlhttp://www.secuobs.com/revue/news/447520.shtml Secuobs.com : 2013-05-24 13:10:59 - securitystream.info - House loan or homes fund is an extremely important loans to clear up the prices of producing various remodeling to your home Residence, nice household may be maxims in case you have find a beautiful domestic household The happiness and also exuberance realizes simply noRead more http://www.secuobs.com/revue/news/447519.shtmlhttp://www.secuobs.com/revue/news/447519.shtml Secuobs.com : 2013-05-24 13:01:28 - Security Bloggers Network - This week Twitter introduced a new two-factor authentication process to verify account logins This comes on the back on some pretty big Twitter account hacks in recent months Now, whilst you can argue that it is not Twitter or any other http://www.secuobs.com/revue/news/447518.shtmlhttp://www.secuobs.com/revue/news/447518.shtml Secuobs.com : 2013-05-24 13:00:33 - Help Net Security News - After analyzing the feedback from the company's Smart Protection Network, Trend Micro researchers have noted an upswing in attempted Zeus Zbot Trojan infections After being practically non-exi http://www.secuobs.com/revue/news/447517.shtmlhttp://www.secuobs.com/revue/news/447517.shtml Secuobs.com : 2013-05-24 12:59:07 - SecuraBit - In this episode of SecuraTip we take a look at SpiderFoot v2 http wwwspiderfootnet by Steve Micallef SpiderFoot is an Open Source Footprinting tool that runs on both Linux and Windows Save 5pourcents off ANY SANS course with coupon code SecuraBit_Tek05 wwwSecurabitcom SecuraBit wwwTekDefensecom TekDefense http://www.secuobs.com/revue/news/447516.shtmlhttp://www.secuobs.com/revue/news/447516.shtml Secuobs.com : 2013-05-24 12:54:40 - Bill Mullins' Weblog Tech Thoughts - Infographic How fast are America s wireless networks TechHive, together with testing partner OpenSignal, visited 20 US cities throughout March and April to measure the real-life speeds of wireless networks across the country We found that LTE speeds are getting Continue reading http://www.secuobs.com/revue/news/447515.shtmlhttp://www.secuobs.com/revue/news/447515.shtml Secuobs.com : 2013-05-24 12:36:00 - adafruit industries blog - Mark at marks-spacecom shows how to automatically log into a Raspberry Pi Below I will outline how to automatically log into your Raspberry Pi from a Windows PC using Putty This requires the setup of SSH keys, which is very easy to do Learn how to do it here Each Friday is PiDay here at http://www.secuobs.com/revue/news/447514.shtmlhttp://www.secuobs.com/revue/news/447514.shtml Secuobs.com : 2013-05-24 12:22:03 - securitystream.info - Like to see all of your very last marriage didn t work out not to mention you will have combined sentiments with regard to Relationships by Sys BH collecting all new working relationships shortly after breakup proceedings You may be fearful of a dependable amissRead more http://www.secuobs.com/revue/news/447513.shtmlhttp://www.secuobs.com/revue/news/447513.shtml Secuobs.com : 2013-05-24 12:22:03 - securitystream.info - If you are considering investing in a biliard table consequently on that point there various important components in which table mate ii review ought to be factored in you do that most of useful verdict This is probably wherever the majority get started on whenRead more http://www.secuobs.com/revue/news/447512.shtmlhttp://www.secuobs.com/revue/news/447512.shtml Secuobs.com : 2013-05-24 12:22:03 - securitystream.info - The sheer numbers of accessible Large Dynamic Vast array Image free software application options around best hdr software promptly gets larger frequently You will find some that may be prominent and are able to feature a real dedicated range buyers, and more which will helpRead more http://www.secuobs.com/revue/news/447511.shtmlhttp://www.secuobs.com/revue/news/447511.shtml Secuobs.com : 2013-05-24 12:22:03 - securitystream.info - It is critical that you also find out to trace such specials While most people appreciate the sensation of driving a whole new motor vehicle, the process of different car buying can be nothing lacking an enormous headache Connections, there are plenty of steps whichRead more http://www.secuobs.com/revue/news/447510.shtmlhttp://www.secuobs.com/revue/news/447510.shtml Secuobs.com : 2013-05-24 12:20:14 - Slashdot Your Rights Online - jfruh writes Social networks like Twitter and Facebook have long hoped that the information they've gathered about you will help them create better targeted and more lucrative advertising, even though advertisers never see your personal data directly But now Twitter is upping the ante, creating a new kind of card that encourages you to give your contact information directly to people who want to sell you things For instance, Priceline has a new card with a 'sign up and save' button that saves you 10pourcents on a hotel and, though it isn't made explicit, adds your Twitter handle and contact information to a Priceline mailing list There's nothing to stop Twitter from handing this info including your phone number, if you've registered it with the service to salesmen IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/447509.shtmlhttp://www.secuobs.com/revue/news/447509.shtml Secuobs.com : 2013-05-24 12:11:52 - Security Bloggers Network - A recent study by Dr Latanya Sweeney of Harvard University elucidated the genome of more than 1,000 survey participants for the Personal Genome Project and Harvard s Data Privacy Lab In this project, participants provided DNA samples as well as basic information such as birthdate, zip code, http://www.secuobs.com/revue/news/447508.shtmlhttp://www.secuobs.com/revue/news/447508.shtml Secuobs.com : 2013-05-24 12:11:52 - Security Bloggers Network - Small businesses are under constant attack from malware, scams and online fraud They are simply woefully under-prepared to keep their assets safe Despite reorganisation and redirected priorities, the police can still do little to help Here are some http://www.secuobs.com/revue/news/447507.shtmlhttp://www.secuobs.com/revue/news/447507.shtml Secuobs.com : 2013-05-24 12:10:51 - Help Net Security News - Despite the numerous security incidents that took place during the first quarter of the year, the fight against cyber-crime is on the right track, according to PandaLabs Though there is still a http://www.secuobs.com/revue/news/447506.shtmlhttp://www.secuobs.com/revue/news/447506.shtml Secuobs.com : 2013-05-24 12:10:51 - Help Net Security News - As a fine example of proactive security, Google has announced that it will be upgrading its SSL certificates to 2048-bit keys by the end of 2013 We will begin switching to the new 2048-bit certif http://www.secuobs.com/revue/news/447505.shtmlhttp://www.secuobs.com/revue/news/447505.shtml Secuobs.com : 2013-05-24 12:03:45 - Tout sur la cybersécurité la cyberdéfense ... - Invitation Réunion thématique du jeudi 6 juin 2013 14 heures 17 heures La sécurité du système d information est-elle devenue un enjeu incontournable pour la vidéoprotection La vidéoprotection est aujourd hui un outil bien accepté par nos concitoyens Toutefois, les enquêtes d opinion démontrent que cette acceptation est conditionnée au fait que la vidéoprotection soit exploitée http://www.secuobs.com/revue/news/447504.shtmlhttp://www.secuobs.com/revue/news/447504.shtml Secuobs.com : 2013-05-24 11:48:54 - Global Security Mag Online - Salesforcecom a annoncé avoir signé un accord avec NTT Communications pour créer, en Europe, son 6ème sixième data center Il sera livré dès 2014 Il permettra de suivre la croissance importante de sa base client en Europe, en Afrique et au Moyen-Orient L'Europe est très importante pour nous Elle est la région qui enregistre la plus forte croissance 38pourcents dans notre exercice 2013 , a déclaré Marc Benioff, Président et CEO de salesforcecom Nous parions sur un doublement de notre chiffre - Marchés http://www.secuobs.com/revue/news/447503.shtmlhttp://www.secuobs.com/revue/news/447503.shtml Secuobs.com : 2013-05-24 11:42:43 - adafruit industries blog - Via Mario Klingemann This one has an adapter that allows me to attach my lensbaby lenses And a standard tripod screw hole at the bottom Original post here http://www.secuobs.com/revue/news/447502.shtmlhttp://www.secuobs.com/revue/news/447502.shtml Secuobs.com : 2013-05-24 11:42:31 - 411 spyware - The same malicious infection may have many aliases that can allow us to determine what kind of damage we could expect from one particular threat This feature can be easily applied to TrojanNaliaA, because this Trojan infection has quite a few aliases, including BackdoorWin32PMaxAMN A and DropperGeneric7BGKA It means that TrojanNaliaA is a computer infection that http://www.secuobs.com/revue/news/447501.shtmlhttp://www.secuobs.com/revue/news/447501.shtml Secuobs.com : 2013-05-24 11:16:51 - Help Net Security News - Phishing emails claiming to come from Facebook Security are once again hitting users' inboxes, and this time they are aiming for the big fish pages that are likely to have more followers than a ran http://www.secuobs.com/revue/news/447500.shtmlhttp://www.secuobs.com/revue/news/447500.shtml Secuobs.com : 2013-05-24 11:16:51 - Help Net Security News - A Hanover Research survey of 131 information security professionals revealed key differences between the way executive and non-executive IT professionals communicate with senior leadership Key s http://www.secuobs.com/revue/news/447499.shtmlhttp://www.secuobs.com/revue/news/447499.shtml Secuobs.com : 2013-05-24 11:16:11 - dev random - I flew on Wednesday evening to Dublin, Ireland to attend the SOURCE conference previously, it was organised in Barcelona The conference was held in the Trinity College, in the centre of the city This is a really nice place where we slept in student bedrooms a kot like we say in Belgium , this reminded my good old years as a student Nice atmosphere The first Read More http://www.secuobs.com/revue/news/447498.shtmlhttp://www.secuobs.com/revue/news/447498.shtml Secuobs.com : 2013-05-24 10:51:04 - adafruit industries blog - Via raspberrypi-spycouk Having played around with the Pi camera I quickly realised I needed to make some sort of stand for it The module weighs almost nothing and is tiny so it can be quite hard to keep in one place when you are experimenting The Raspberry Pi Foundation apparently recommends Blu-tack, based on cost, http://www.secuobs.com/revue/news/447497.shtmlhttp://www.secuobs.com/revue/news/447497.shtml Secuobs.com : 2013-05-24 10:50:58 - Acunetix Web Application Security Blog - Google Hacking is a hacking technique used by hackers to identify web security vulnerabilities on web applications or gather information for general or individual targets Mostly this information includes configuration and source code files, sensitive data, database information, etc This The post Web Security Vulnerabilities Exposed by Google Searches Google Hacking appeared first on Acunetix http://www.secuobs.com/revue/news/447496.shtmlhttp://www.secuobs.com/revue/news/447496.shtml Secuobs.com : 2013-05-24 10:27:16 - Security Bloggers Network - This directive could be the touchstone because the vast majority of Internet users appear to agree that something must be done to improve on-line security Unfortunately this is not the something that should be done In the meantime make sure you respond to the BIS call for evidence so that, with luck, we can get the Directive re-written before the start of the inter-regnum http://www.secuobs.com/revue/news/447495.shtmlhttp://www.secuobs.com/revue/news/447495.shtml Secuobs.com : 2013-05-24 10:22:52 - Channel 9 - Join your guides Brady Gaster and Cory Fowler as they talk to the product teams in Redmond as well as the web community In this episode, Brady and Cory talk to Howard Dierking about the Katana Project Katana, as Howard explains, is how developers can do OWIN hosting within ASPNET Already used by Web API and SignalR, OWIN is a new hosting framework that provides developers the ability to customize the entire pipeline and middleware in their ASPNET applications Howard explains OWIN, and how Katana provides the hosting functionality, and also demonstrates a few use cases to get you up and running with OWIN now If you've been thinking of trying out OWIN, heard about Katana but were too afraid to ask about it, or you've already tried some stuff and want more guidance, don't miss this show Show Links OWIN Specification OWIN Hosting Extensions Katana Project Samples Follow Howard Dierking Follow Brady Gaster Follow Cory Fowler IMAGE http://www.secuobs.com/revue/news/447494.shtmlhttp://www.secuobs.com/revue/news/447494.shtml Secuobs.com : 2013-05-24 10:06:39 - Hackers For Charity - Yesterday I got some bad news, in a couple different forms that really had me down This is stupid because yesterday morning I was really feeling great because of the amazing Kentucky miracle The ISSA class, and all the support really told me quite clearly, You re in the right spot, doing the right things Carry http://www.secuobs.com/revue/news/447493.shtmlhttp://www.secuobs.com/revue/news/447493.shtml Secuobs.com : 2013-05-24 10:05:52 - Global Security Mag Online - Le 16 mai 2013, la Commission nationale de l'informatique et des libertés CNIL publiait une décision du 11 avril dernier de nature à remettre profondément en cause le principe même du vote par internet lors des élections professionnelles S'appuyant sur une lecture des dispositions du Code du travail à la lumière de sa recommandation de 2010 à la portée discutable, et dans le cadre d'une position globale qui contrevient clairement aux exigences posées par l'autorité française en charge de la sécurité - Business http://www.secuobs.com/revue/news/447492.shtmlhttp://www.secuobs.com/revue/news/447492.shtml Secuobs.com : 2013-05-24 09:35:48 - Security Bloggers Network - This month Google announced a new five year plan for identity management, and update from 2008 s five year plan Their look backward is as interesting as the revised roadmap Google recognized their 2-factor auth was more like one-time 2-factor, and that the model has been largely abused in practice They also concluded that risk-based authentication has worked A risk-based approach means more sensitive or unusual operations, such as credential changes and connections from unusual locations, ratchet up security by activating additional authentication hurdles This has been a recent trend, and Google s success will convince other organizations to get on board The new 2013-2018 identity plan is for a stricter 2-factor authentication scheme, a continuing push for OpenID, locking bearer tokens to specific devices to reduce the damage an attacker can cause with stolen tokens , and a form of Android app monitoring that alerts users to risky behavior These are all very good things Google did not explicitly state that passwords and password recovery schemes are broken, but it looks like they will promote biometrics such as face and fingerprint scanning to unlock devices and authenticate users The shift away from passwords is a good thing, but what will replace them is still being hotly debated From the roadmap Google is looking to facial and fingerprint scans first This latter is a big deal from a outfit like Google because consumers have shown they largely don t care about security Despite more than a decade of hijacked accounts, data breaches, and identity theft, people still haven t shifted from saying they care about security to actually adopting security Even something as simple and effective as personal password managers is too much for most people to bother with A handful of small companies offer biometric apps for mobile devices targeting consumers and hoping Joe User will actually want to buy multi-factor authentication for his mobile device So far that pitch has been about as successful as offering brussels sprouts to a toddler But companies do care about mobile security Demand for things like biometrics, NFC, risk-based access controls, and 2-factor authentication is all driven by enterprises But if enterprises including Google drive advanced non-password authentication to maturity meaning a point where it s easier and more secure than our current broken password security users will eventually use it too Google has the scale and pervasiveness to push the needle on security Initiatives such as their bug bounty program have succeeded, leading the way for other firms If Google demonstrates similar successes with better identity systems, they are well positioned to drive both awareness and comfort with cloud-based identity solutions in a way Courion, Okta, Ping Identity, Symplified, and other outfits cannot There are many good technologies for identity and access management, but someone needs to make the user experience much easier before we can see widespread adoption On to the Summary Webcasts, Podcasts, Outside Writing, and Conferences ---------------------------------------------------- Adrian s DR post Why Database Monitoring Favorite Securosis Posts ------------------------ David Mortman Scape goats travel under the bus Mike Rothman Websense Goes Private It s been a while since we have had two deals in a week in security, and these were both driven by private equity money Happy days are here again Rich s analysis of the first deal was good Adrian Lane Solera puts on a Blue Coat Other Securosis Posts --------------------- Making Browsers Hard Targets Network-based Malware Detection 20 Evolving NBMD Incite 5 22 2013 Picking Your Friends Wendy Nather abandons the CISSP good riddance Spying on the Spies Websense Going Private Awareness training extends to the top This botnet is no Pushdo-ver A Friday Summary from Boulder May 17, 2013 Quick Wins with Website Protection Services Protecting the Website Quick Wins with Website Protection Services Are Websites Still the Path of Least Resistance Favorite Outside Posts ---------------------- Dave Lewis Woman Brags About Hitting Cyclist, Discovers Police Also Use Twitter Wow just, wow David Mortman Business is a Sport, You Need A Team Mike Rothman Mrs Y s Rules for Security Bloggers Some folks out there think it s easy to be a security blogger It s hard, actually But with these 6 rules you too can be on your way to a career of pontification, coffee addiction, and a pretty okay lifestyle But they are only for the brave Adrian Lane A Guide to Hardening Your Firefox Browser in OS X Good post on securing Firefox from Stach and Liu Research Reports and Presentations ---------------------------------- Email-based Threat Intelligence To Catch a Phish Network-based Threat Intelligence Searching for the Smoking Gun Understanding and Selecting a Key Management Solution Building an Early Warning System Implementing and Managing Patch and Configuration Management Defending Against Denial of Service DoS Attacks Securing Big Data Security Recommendations for Hadoop and NoSQL Environments Tokenization vs Encryption Options for Compliance Pragmatic Key Management for Data Encryption The Endpoint Security Management Buyer s Guide Top News and Posts ------------------ Krebs, KrebsOnSecurity, As Malware Memes Say what you will, but malware authors have a sense of humor NC Fuel Distributor Hit by 800,000 Cyberheist The Government Wants A Backdoor Into Your Online Communications For everything they don t already have a backdoor for Hacks labelled hackers for finding security hole Twitter Getting started with login verification Chinese hackers who breached Google gained access to sensitive data, US officials say Yahoo Japan Suspects 22 Million IDs Stolen It s like 2005 all over again Skype s ominous link checking facts and speculation Bromium A virtualization technology to kill all malware, forever Interesting technology Indian companies at center of global cyber heist Update on last week s 45M theft Blog Comment of the Week ------------------------ This week s best comment goes to Simon Moffatt, in response to Wendy Nather abandons the CISSP good riddance CISSP is like any professional qualification When entering a new industry with zero or limited experience, you need some method to prove competence Organisations need to de-risk the recruitment process as much as possible when recruiting individuals they don t know It s a decent qualification, just not enough on its own Experience, like in any role is paramount Infosec is now becoming big business with loads of avenues of specialism pen testing, identity, audit etc etc CISSP is 15 years old and was just a generic entry into infosec I have it, doubt I ll continue to renew it, but it does get a lot of undeserved bashing - Adrian Lane 0 Comments Subscribe to our daily email digest http://www.secuobs.com/revue/news/447491.shtmlhttp://www.secuobs.com/revue/news/447491.shtml Secuobs.com : 2013-05-24 09:33:42 - TorrentFreak - A law firm hoping to secure the identities of Internet users who allegedly shared copyright material without permission is likely to find itself in a sticky situation today The firm has reportedly approached ISPs in Australia with demands that they hand over subscribers' details, but according to their own published literature the company has little faith in IP address-based evidence Source IP Addresses Don t Positively Identify Infringers, Anti-Piracy Lawfirm Says http://www.secuobs.com/revue/news/447490.shtmlhttp://www.secuobs.com/revue/news/447490.shtml Secuobs.com : 2013-05-24 09:23:00 - Computer Security News - A PRETEND doctor who organised a gay orgy at Tigers star Alex Rance's family home because Rance rejected his affections has been jailed for one year http://www.secuobs.com/revue/news/447489.shtmlhttp://www.secuobs.com/revue/news/447489.shtml Secuobs.com : 2013-05-24 09:10:56 - adafruit industries blog - Gordon writes Part of my testing of wiringPi v2 was to make sure that some of the existing libraries code would work with GPIO expanders and the Adafruit RGB LED Plate was an ideal candidate So I ordered one, took a few moments to solder it together and plugged it in and 5 http://www.secuobs.com/revue/news/447488.shtmlhttp://www.secuobs.com/revue/news/447488.shtml Secuobs.com : 2013-05-24 08:23:40 - adafruit industries blog - Matt writes The Pi camera module includes a red LED in one corner of the PCB This lights up when the camera is active It s really useful in giving a visual indication that the camera is doing something and most of the time you will be glad it is there However there are a number http://www.secuobs.com/revue/news/447487.shtmlhttp://www.secuobs.com/revue/news/447487.shtml Secuobs.com : 2013-05-24 08:00:54 - Security Bloggers Network - Welcome to another edition of our Weekly Rewind where we summarize all our posts from the last week The top stories this week were 3 NovaHackers May Meeting Videos Posted , 2 20pourcents Discount on Level 1 Penetration Testing Class , and 1 NIST Releases Analysis of Cybersecurity Framework RFI Responses If you missed anything or happened to be offline, we hope you find this summary post useful as a quick reference A la Schneier you can also use this rewind post to talk about the security stories in the news that we haven t covered 20pourcents Discount on Level 1 Penetration Testing Class After the success of last month s discount program, Bulb Security has once again decided to extend a deal to NoVA Infosec readers for one of their upcoming classes in June This time it will be for a 100 Penetration Testing Level 1 class aka, Penetration Testing with Metasploit , which is probably much more accessible than the previous months Intro to Exploit Development topic continued here NIST Releases Analysis of Cybersecurity Framework RFI Responses Earlier today NIST released a document covering their initial analysis of the hundreds of comments provided by industry as part of the RFI for the development of a critical http://www.secuobs.com/revue/news/447486.shtmlhttp://www.secuobs.com/revue/news/447486.shtml Secuobs.com : 2013-05-24 08:00:54 - Security Bloggers Network - Tripwire has announced the results of a survey of 131 information security professionals that revealed key differences between the way executive and non-executive IT professionals communicate with senior leadership The online survey was conducted this year between January and March by Hanover Research Key survey findings include Only 38pourcents of non-executive respondents use business-oriented language Read More IMAGE IMAGE http://www.secuobs.com/revue/news/447485.shtmlhttp://www.secuobs.com/revue/news/447485.shtml Secuobs.com : 2013-05-24 08:00:54 - Security Bloggers Network - How Good is Your Vulnerability Management Shopping List Buyers always identify multiple factors when they evaluate technical solutions, and they try to choose the features that are most important to their business to navigate the sea of possible solutions It s important to define the most important qualities for your unique business when you re considering the Read More IMAGE IMAGE http://www.secuobs.com/revue/news/447484.shtmlhttp://www.secuobs.com/revue/news/447484.shtml Secuobs.com : 2013-05-24 07:36:11 - adafruit industries blog - From Les Orchard s flickr I need to blog about this This photo includes A Raspberry Pi with a T-Cobbler Two 74HC595 shift registers A 20 4 LCD display with negative RGB backlight currently hard-wired to purple Put together, this is a Raspberry Pi running a Python script that uses 3 GPIO pins to http://www.secuobs.com/revue/news/447483.shtmlhttp://www.secuobs.com/revue/news/447483.shtml Secuobs.com : 2013-05-24 07:22:00 - securitystream.info - Presently on the lookout for specialist help to assist you to secure and safe your credit destiny As soon as unique circumstances is freed from cash online payday loans improvements, and yes it holds specific arrears, you re in a great place get started on consideringRead more http://www.secuobs.com/revue/news/447482.shtmlhttp://www.secuobs.com/revue/news/447482.shtml Secuobs.com : 2013-05-24 07:20:25 - Slashdot Your Rights Online - lukehopewell1 writes 'Untraceable, undetectable, cheap and freely available' That's how Australian police have described the 3D-printable gun known as The Liberator today as they announce that they will be seeking to make the download, construction and possession of these weapons illegal In their tests, Police printed the 15 parts required to assemble The Liberator in 27 hours and assembled it within 60 seconds with a firing pin fashioned out of a steel nail The two guns were test fired into a block of resin designed to simulate human muscle, and the first bullet penetrated the resin block up to 17 centimeters NSW Police Ballistics division confirm that it would be a fatal wound if pointed at someone IMAGE IMAGE Share on Google Read more of this story at Slashdot IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/447481.shtmlhttp://www.secuobs.com/revue/news/447481.shtml Secuobs.com : 2013-05-24 06:45:58 - adafruit industries blog - Cluster computing with 32 RPis In the process of developing a novel data sharing system, Kiepert became convinced that the best way to test his ideas was to simulate them on a Beowulf cluster A Beowulf cluster is a group of computers, usually identical, that are networked together in order to share the task of http://www.secuobs.com/revue/news/447480.shtmlhttp://www.secuobs.com/revue/news/447480.shtml Secuobs.com : 2013-05-24 06:30:31 - Risky Business - Tagline Lots of money going into cyber Media URL http mediariskybiz auscert2013 caseysiliconmp3Content HeadersContent Length 4866587 Content Type audio mpeg In this sponsor interview with chat with Casey Ellis, the founder of BugCrowd BugCrowd is an Australian business, but Casey is currently in the USA where the appetite for information security investment opportunities is apparently hitting fever pitch In this interview I ask him how one might get started off on the path to massive phatcash through their cybersecurity startup http://www.secuobs.com/revue/news/447479.shtmlhttp://www.secuobs.com/revue/news/447479.shtml Secuobs.com : 2013-05-24 06:30:31 - Risky Business - Tagline Not new research, but a great talk Media URL http mediariskybiz auscert2013 millermp3Content HeadersContent Length 30278650 Content Type audio mpeg Some time ago security researcher Charlie Miller published some research that showed he could take over NFC-equipped phones just by holding them near a malicious RFID sticker This talk takes you through his research process -- how he fuzzed devices, what he found and how he came to realise that attacking the higher level functions of NFC functionality turned out to be the shortest path to victory http://www.secuobs.com/revue/news/447478.shtmlhttp://www.secuobs.com/revue/news/447478.shtml Secuobs.com : 2013-05-24 06:30:31 - Risky Business - Tagline How to turn an executives phone into your own personal gateway Media URL http mediariskybiz auscert2013 markbrandmp3Content HeadersContent Length 7258273 Content Type audio mpeg Datacom TSS is a Canberra-based, national security firm founded by ex Australian government security specialists These guys specialise in dealing with highly skilled adversaries One of their services is running some pretty intense Red Team exercises The team at Datacom TSS recnetly ported its Red Team Trojan over to the Android platform, and it's surprisingly easy to trick people into installing it You just email it to them and ask them to install the APK package read more http://www.secuobs.com/revue/news/447477.shtmlhttp://www.secuobs.com/revue/news/447477.shtml Secuobs.com : 2013-05-24 06:30:31 - Risky Business - Tagline North Korean TV has less sex, more potato farming Media URL http mediariskybiz auscert2013 jormmp3Content HeadersContent Length 22114051 Content Type audio mpeg The following is a recording of David Jorm's AusCERT presentation You might have heard Dave preview his talk on last week's episode of the regular Risky Business podcast read more http://www.secuobs.com/revue/news/447476.shtmlhttp://www.secuobs.com/revue/news/447476.shtml Secuobs.com : 2013-05-24 06:30:31 - Risky Business - Tagline Day two keynote from AusCERT 2013 Media URL http mediariskybiz auscert2013 fabromp3Content HeadersContent Length 27689747 Content Type audio mpeg This is a recording of Mark Fabro's day two keynote speech from AusCERT Mark is a control systems security expert and a terrific speaker He's the president and chief security scientist for Lofty Perch, a control system security consultancy He's extremely well plugged in to the SCADA security scene, he's done a bunch of strategy consulting to the US government Basically Mark is Mr SCADA It's his thing read more http://www.secuobs.com/revue/news/447475.shtmlhttp://www.secuobs.com/revue/news/447475.shtml Secuobs.com : 2013-05-24 06:21:16 - Security Bloggers Network - This past week Whitehat Security, the leader in web application vulnerability assessment, released a series of interview's their Director of Product Management Richard Hansen held with a self professed blackhat In this http://www.secuobs.com/revue/news/447474.shtmlhttp://www.secuobs.com/revue/news/447474.shtml Secuobs.com : 2013-05-24 06:18:25 - Errata Security - IMAGE Watching TV movies is becoming increasingly hard for us geeks Each time they dramatize stuff on the screen, with hex dumps or code, we feel compelled to pause them, take a screen shot, and analyze what we see I occasionally do this and blog out it In this installment, I take a look at a screenshot from the TV show Revolution, season 1, episode 18, at around the 17 40 mark In this scene, a character attempts to enter a building with a handprint What's the code to the left A quick google search using unique keywords in that code sample finds the answer https githubcom biometrics openbr This is a project called Open Biometrics At least this code is related to what's onscreen Usually, the code chosen for dramatization is fairly random The Ironman movie chose Lego Mindstorm code to power the first suit A Charlie's Angle TV show used Obfuscated C contest code for a safe At least this biometrics code relates to the biometrics security scanner in the show On the other hand, if you look at the Open Biometrics project, you'll see that it's designed for facial recognition, and related topics like gender age determination Hand print analysis isn't one of the options Anyway, I didn't know that there was an open-source facial recognition project That's kinda cool, maybe something I can hook up with my Google Glass, should they ever start shipping http://www.secuobs.com/revue/news/447473.shtmlhttp://www.secuobs.com/revue/news/447473.shtml Secuobs.com : 2013-05-24 06:07:27 - Computer Security News - Microsoft, whom is really the boss of the 'net, not the 'must connect once a day box', but the 'hackers' of the world unite World famous hacker 'Reckz0r' that cracked into CNN websites and data stream, claims via a 'pastebin' today, and other tweets that Xbox Live has been 'PWNED ' all 48 Million Users Exposed, and offer up a 6gb file with all the more http://www.secuobs.com/revue/news/447472.shtmlhttp://www.secuobs.com/revue/news/447472.shtml Secuobs.com : 2013-05-24 05:57:25 - Dark Reading All Stories - Researchers expect to release proof-of-concepts at Black Hat that show how malware can infect BIOS, persist past updates and fool the TPM into thinking everything's fine http://www.secuobs.com/revue/news/447471.shtmlhttp://www.secuobs.com/revue/news/447471.shtml Secuobs.com : 2013-05-24 05:17:52 - Symantec Connect Security Response Billets - DownloaderLiftoh is a Trojan horse detected by Symantec that downloads malware onto the compromised computer without the user noticing A new variant of this threat, discovered in early May, was identified in some Spanish-speaking countries in Latin America This variant of DownloaderLiftoh sends messages in Spanish instead of English The threat is similar to W32Phopifas which we wrote about in our blog from October 2012 The creators of DownloaderLiftoh use Skype, which is popular in Latin America, as well as other instant messaging applications to distribute the malware 1 The victim receives a message from someone who seems to be on their contact list The message says, esta es una foto muy amable de tu parte, or jaja, esta foto extraña de tu perfil, or some similar message to entice the victim to click on a provided link The link is from one of several URL shortener services, including googl, url9de, furly, bitly, and isgd image1xbpng Figure 1 Malicious Skype message 2 If the victim clicks on the shortened URL, they are redirected to a URL on the 4sharedcom website 3 Once on the 4sharedcom website, the victim is prompted to download a zip file that contains DownloaderLiftoh disguised as a legitimate instant messaging file 4 If the victim unzips the file, they will find an exe file inside 5 If the victim executes that exe file, DownloaderLiftoh will have successfully compromised the computer Symantec has observed 171,553 clicks that this attack has received recently through Google s URL shortener which the cybercriminals use in their campaign image2xpng Figure 2 DownloaderLiftoh has 171,553 global clicks since May 20 image3xpng Figure 3 DownloaderLiftoh Latin American click rate distribution There are no geographic boundaries for malware distribution Attackers only need to change malware code to a different language to find new computers to compromise To protect yourself, Symantec recommends having up to date and comprehensive security solutions that include antispam and antivirus protections to prevent the compromise of personal computers and networks It is also recommended that users not click on suspicious links or open any unusual files even if they are sent from a known contact http://www.secuobs.com/revue/news/447470.shtmlhttp://www.secuobs.com/revue/news/447470.shtml Secuobs.com : 2013-05-24 05:17:52 - Symantec Connect Security Response Billets - Contributor Binny Kuriakose Anonymity disguised as freedom of expression and lack of clear cut laws makes cyberspace murky from a security point of view Countries are waking up and realizing that there is a need for laws which enable authorities to catch and punish cyberspace miscreants however, these miscreants are very crafty Spammers are known to use ingenious methods to peddle spam and lately they have even begun using antispam laws themselves in an effort to spearhead spam attacks This blog is not about analyzing the effectiveness of antispam laws it is about how spammers are quoting the laws in emails in order to make the spam look legitimate There are some grey area emails, which fall somewhere between spam and legitimate mail, and sometimes there can be something very inconspicuous in the mail that can tip the balance in the mind of a recipient Quoting antispam law in the body of the email and claiming that the email adheres to the law is proving to be a popular technique when it comes to painting grey area spam white CAN-SPAM Act - Public Law No 108-187 USA - English The sample in Figure 1 claims to be adhering to the conditions set by the CAN-SPAM Act, which is the antispam law in the USA The mail has a disclaimer section at the end which explains the law Fig1png Figure 1 Spam sample with antispam law quoted in the body How is this spam What is transgressed here is that, the option given by the spammer to opt-out is bogus He merely slides you out of one mailing list and inserts you into another In all such spam instances the spammer gives the quote and the unsubscribe or opt-out so convincingly that the victim falls for it Other laws which are most commonly seen misused in spam 1 MURK - Bill S1618 Title III USA - English By far the most misused legal reference by any scale is Bill S1618 Title III of the United States, which goes by the alias MURK Although it did concern spamming, the Bill DID NOT BECOME A LAW in USA since it did not pass both the houses So any mail which says it is compliant to Bill S1618 Title III should be put under scrutiny as you are staring at a lie right there Spam mails quoting this bill were seen from 1998 when this Bill was presented Fig2png Figure 2 Disclaimer in spam quoting Bill S1618 Title III Something which is more disturbing is that the spammers actually take it as far as threatening the readers, using this quote Fig3png Figure 3 Bill S1618 quoted in a threatening manner However, this drama has spilled beyond the shores of United States This quote is also seen in other language spam, like Portuguese and Spanish Fig4png Figure 4 Disclaimer in a Spanish spam quoting Bill S1618 Title III 2 Habeas data - Law No 25, 326 Art 27 Inc 3 Argentina - Spanish and Portuguese Habeas Data is a law which lays guidelines for commercial emails in Argentina This law like most other laws in this league is to empower a user to demand that his details should be removed from a database It is seen quoted in Spanish and Portuguese spam email campaigns where the opt-out option is manipulated to make it look legit The fact remains that the opt-out options are bogus and they do not help the victims from getting more spam Fig5png Figure 5 Disclaimer in a spam mail quoting Habeas data law 3 Law No 28493 29246 D S 031-2005-MTC Peru - Spanish This Law No 28493 29246 D S 031-2005-MTC is a law in Peru, which has Spanish as its language The Spanish mails from even other countries are seen displaying this law and claiming legitimacy by this law This sample is seen giving an unsubscribe option by sending a reply to a webmail Fig6png Figure 6 Disclaimer in a spam mail quoting Peruvian Law No 28493 29246 4 Déclaration CNIL n 1291376 and Déclaration CNIL n 1181416 France - French Two French legislations regulating commercial mailings are seen displayed in spam, which does not give a proper opt-out option to customer The opt-out link usually redirected to another webpage showing a message that the user s details are removed But in reality the opt-out does not happen Fig7png Figure 7 Disclaimer in a spam mail quoting French CNIL No 1291376 Conclusion From these it is strikingly obvious that spammers are trying to whitewash their spam, using the laws conveniently to create an aura of fake legitimacy The recipients unfortunately are falling victims to this Many countries have recognized the right of individuals to unsubscribe from any communication and the right to demand the removal of their personal information from any database But these instances expose that a strong law regarding opt-in to a list is equally important along with the law for opt-out, since the spammers can slide you into a new mailing list after you unsubscribe from one End users should be aware of what rights the anti-spam laws grants to every individual http://www.secuobs.com/revue/news/447469.shtmlhttp://www.secuobs.com/revue/news/447469.shtml Secuobs.com : 2013-05-24 05:02:50 - adafruit industries blog - Check out Robot'Art Ovometrix robot Upcycling by DarylRobotProject a short 6 second film for the Adafruit adafruit6secs electronic film festival Youtube playlist here for all the entries on YouTube http://www.secuobs.com/revue/news/447468.shtmlhttp://www.secuobs.com/revue/news/447468.shtml Secuobs.com : 2013-05-24 04:05:14 - Security Bloggers Network - In the introductory post in the Quick Wins with Website Protection Services series, we described the key attack vectors that usually result in pwnage of your site and possibly data theft, or an availability issue with your site falling down and not being able to get back up Since this series is all about Quick Wins, we aren t going to belabor the build-up, rather let s jump right in and talk about how to address these issues Application Defense ------------------- As we mentioned in the Managing WAF paper, it s not easy to keep a WAF operating effectively, which involves lots of patching and rule updates based on new attacks and tuning the rules to your specific application Doing nothing isn t an option, given the fact that attackers use your site as the path of least resistance to gain a foothold in your environment One of the advantages of front-ending your website with a website protection service WPS is to take advantage of a capability we ll call WAF Lite Now WAF Lite is first and foremost simple You don t want to spend a lot of time configuring or tuning the application defense The key to getting a Quick Win is to minimize required customization, while providing adequate coverage against the most likely attacks You want it to just work and block the stuff that s pretty obviously an attack You know, stuff like XSS, SQLi, and the other stuff that makes the OWASP Top 10 list These are pretty standard attack types and it s not brain surgery to build rules to block them It s amazing that everyone doesn t have this kind of simple defense implemented Out of one side of our mouths we talk about the need for simplicity But we also need the ability to customize and or tune the rules when you need to, which shouldn t be that often It s kind of like having a basic tab, which gives you a few check boxes to configure and needs to be within the capabilities of the unsophisticated admin That s what you should be using most of the time But when you need it, or when you enlist expert help, you d like to have an advanced tab to give you lots of knobs and granular controls Although a WPS can be very effective against technical attacks, these services are not going to do anything to protect against a logic error on the part of your application If your application or search engine or shopping cart can be gamed using legitimate application functions, no security service or dedicated WAF, for that matter can do anything about that So parking your sites behind a WPS doesn t mean you don t have to do QA testing and have smart penetration tester types trying to expose potential exploits OK, we ll end the disclaimer there We re talking about service offerings in this series, but that doesn t mean you can t accomplish all of these goals using on-premise equipment and managing the devices yourself In fact, that s how stuff got done before the fancy cloud-everything mentality started to permeate through the technology world But given the fact that we re trying to do things quickly, a service gives you the opportunity to deploy within hours and not require significant burn-in and tuning to bring the capabilities online Platform Defense ---------------- Despite the application layer being the primary target for attacks on your website since it s the lowest hanging fruit for attackers that doesn t mean you don t have to pay attention to attacks on your technology stack We delved a bit into some of the application denial of service DoS attacks targeting the building blocks of your application, like Apache Killer and Slowloris A WPS can help deal with this class of attacks by implementing rate controls on the requests hitting your site, amongst other application defenses Given that search engines never forget and some data you don t want in the great Googly-moogly index, it pays to control the pages available for crawling by the search bots You can configure this using a robotstxt file, but not every search engine plays nice And some will jump right to the disallowed sections, since that s where the good stuff is, right Being able to block automated requests and other search bots via the WPS can keep these pages off the search engines You ll also want to restrict access to unauthorized areas of your site and not just from the search engines discussed above This could be pages like the control panel, sensitive non-public pages, or your staging environment where you test feature upgrades and new designs Unauthorized pages could also be back doors left by attackers to facilitate getting back into your environment You also want to be able to block nuisance traffic, like comment spammers and email harvesters These folks don t cause a lot of damage, but are a pain in the rear and if you can get rid of them without any incremental effort, it s all good A WPS can lock down not only where a visitor goes, but also where they come from For some of those sensitive pages you may want to enforce those pages can only be accessed by someone on the corporate network either directly or virtually via a VPN So the WPS can block access to those pages unless the originating IP is on the authorized list Yes, this and most other controls can be spoofed and gamed, but it s really about reducing your attack surface Availability Defense -------------------- We can forget about keeping the site up and taking requests, and a WPS can help with this function in a number of ways First of all, a WPS provider has bigger pipes than you In most cases, a lot bigger that gives them the ability absorb a DDoS without disruption or even impacting performance You can t say the same Of course, be wary of bandwidth based pricing, since a volumetric attack won t just hammer your site, but also your wallet At some point, if the WPS provider has enough customers you can pretty much guarantee at least one of their clients is under a DDoS at any given time, so they spend a bunch of money on anti-DoS equipment and extra bandwidth so you don t have to Another benefit of implementing a WPS in front of your site is to obscure the coordinates IP addresses of your site This prevents an attacker from by bypassing your WAF or other proxy designed to protect the site If they don t know the IP address, they can t attack the directly This approach allows you to restrict inbound connections on your site to trusted IP addresses within the WPS Thus random folks can t connect to the site without going through the WPS Similarly, the WPS can be configured to block protocols like SSH, FTP and telnet - which should only be used by internal people and locked down to your internal network, as described above and only in limited situations As you can see, using a WPS reduces a lot of the applicable attack surface of your websites Not all, but a lot Since this is a Quick Wins series, unless you can deploy and turn up the service quickly, all for naught So we ll wrap up the series next week by looking at the deployment decisions you ll need to make, implementation process you ll undergo, and finally the ongoing management responsibilities to keep your sites protected, available and operational - Mike Rothman 0 Comments Subscribe to our daily email digest http://www.secuobs.com/revue/news/447467.shtmlhttp://www.secuobs.com/revue/news/447467.shtml Secuobs.com : 2013-05-24 04:05:14 - Security Bloggers Network - info-blog-iconjpg Hackers find China the land of opportunity http wwwnytimescom 2013 05 23 world asia in-china-hacking-has-widespread-acceptancehtml smid tw-share r 0 Really interesting read about the commercialization of hacking as a service info-blog-iconjpg North Carolina fuel distributor hit by 800,000 cyberheist http krebsonsecuritycom 2013 05 nc-fuel-distributor-hit-by-800000-cyberheist The way the bank changed it account access , anybody anywhere could access it as long as they had my login, and apparently that s what happened because the logins came from a different IP address than our normal one I think they made it more convenient, but less secure info-blog-iconjpg Utilties to FERC Thanks for your security controls, but no thanks http wwwsmartgridnewscom artman publish Technologies_Security Utilities-to-FERC-Take-your-security-measures-and-shove-it-5778html utm_source buffer utm_medium twitter utm_campaign Buffer utm_content buffer9ad79 UZ5qSIfVCYk The controversy of regulation continues info-blog-iconjpg FBI Arrests NYPD Detective On Hacking Charges http wwwinformationweekcouk security attacks fbi-arrests-nypd-detective-on-hacking-ch 240155332 The Department of Justice Tuesday announced the arrest of New York City Police Department NYPD detective Edwin Vargas, 42, on computer hacking charges info-blog-iconjpg Government Plan to Build Back Doors for Online Surveillance Could Create Dangerous Vulnerabilities http wwwslatecom blogs future_tense 2013 05 23 calea_reform_to_build_back_doors_into_online_communications_could_createhtml Do the benefits of intentionally made back doors outweigh the risks info-blog-iconjpg IT security vendors seen as clueless on industrial control systems http wwwcsoonlinecom article 733873 it-security-vendors-seen-as-clueless-on-industrial-control-systems The IT world has done an awful lot more on networking than we have, but they're not looking at our types of applications and constraints, info-blog-iconjpg Is it time to professionalize information security http wwwnet-securityorg articlephp id 1842 Information security is no longer a niche department info-blog-iconjpg Cyber security spending on electrical grid infrastructure to reach 29bn by 2013 http securitycbronlinecom news cyber-security-spending-on-electrical-grid-infrastructure-to-reach-29bn-by-2013-230513 Operators need to view cyber security as a core, integrated requirement of their offering and not as a secondary add-on info-blog-iconjpg Kim Dotcom Claims He Invented Two-Step Authentication http wwwpcmagcom article2 0,2817,2419441,00asp Dotcom says he will allow Google, Facebook and Twitter to use his patent for free if they help fund his legal defense http://www.secuobs.com/revue/news/447466.shtmlhttp://www.secuobs.com/revue/news/447466.shtml Secuobs.com : 2013-05-24 04:02:53 - Office of Inadequate Security - Terry Macalister reports The mining group Eurasian Natural Resources Corporation warned on Thursday that it may have lost http://www.secuobs.com/revue/news/447465.shtmlhttp://www.secuobs.com/revue/news/447465.shtml Secuobs.com : 2013-05-24 03:23:58 - Reverse Engineering Mac OS X - Suffering from post-conference boredom I decided to redo Onyx The Black Cat kernel extension to kickstart again my brain and get back to serious work There were also some people asking for an updated version so here it is This reworked version uses kernel control interface to enable disable its features It is much better than http://www.secuobs.com/revue/news/447464.shtmlhttp://www.secuobs.com/revue/news/447464.shtml Secuobs.com : 2013-05-24 03:04:42 - Veracode Security Blog Application security research security trends and opinions - aint-nobody-got-timeNothing s free in this world, especially not when it comes to security With Twitter officially cramping your style, you are now forced you to waste precious seconds you could be tweeting, by instead waiting for a verification code to be delivered to your phone just so you can login http://www.secuobs.com/revue/news/447463.shtmlhttp://www.secuobs.com/revue/news/447463.shtml Secuobs.com : 2013-05-24 02:56:31 - Dark Reading All Stories - Majority of senior-level IT and security respondents concerned about inability to secure data across big data initiatives, Voltage Security study http://www.secuobs.com/revue/news/447462.shtmlhttp://www.secuobs.com/revue/news/447462.shtml Secuobs.com : 2013-05-24 02:56:31 - Dark Reading All Stories - FortiWeb 5 OS able to accurately identify the origin of Web application traffic to distinguish between legitimate and malicious sources http://www.secuobs.com/revue/news/447461.shtmlhttp://www.secuobs.com/revue/news/447461.shtml Secuobs.com : 2013-05-24 02:28:58 - Security Bloggers Network - Teens Getting Tired of Facebook Drama Teenagers Hate Facebook but They re Not Logging Off Teens Cooling on Facebook but Warming to Twitter Facebook Losing Ground with Younger Audiences http://www.secuobs.com/revue/news/447460.shtmlhttp://www.secuobs.com/revue/news/447460.shtml Secuobs.com : 2013-05-24 02:28:58 - Security Bloggers Network - Normally I don t comment on these but since this one hit a local Washington DC radio station that some of my readers may listen to I thought I would put it out there A little late I know, but have been on vacation and actually walked away from computer a bit which was strange to http://www.secuobs.com/revue/news/447459.shtmlhttp://www.secuobs.com/revue/news/447459.shtml