from on (#GRS4)
Stephen Harper’s security detail was forced to take extra precautions at the Conservative leader’s hotel after a group of bikers — some wearing full-patched Hells Angels jackets — rumbled into the parking lot Thursday.
|
Story
Some PDFs from Blackhat 2015Similar News
from on (#GRQX)
An Ontario cabinet minister has launched a defamation lawsuit against the Globe and Mail newspaper over articles that said Canadian intelligence agents had expressed concerns about his “unusually close ties†to Chinese officials.
|
Arch Linux has updated firefox (information leak) and wordpress (multiple vulnerabilities).Debian has updated kernel (multiple vulnerabilities).Debian-LTS has updated openssh(two vulnerabilities) and remind (buffer overflow).Fedora has updated drupal6-cck (F22; F21:unspecified vulnerability), lighttpd (F22; F21: loginjection), mantis (F22; F21: information disclosure),opensaml-java (F22; F21: missing host name verification),opensaml-java-openws (F22; F21: missing host name verification), and openstack-swift (F22: arbitrary object deletion).Oracle has updated kernel 3.8.13 (OL7; OL6:information leak), kernel 2.6.39 (OL6; OL5: twovulnerabilities), and kernel 2.6.32 (OL6; OL5: two vulnerabilities).Ubuntu has updated firefox(15.04, 14.04, 12.04: information leak) and openjdk-6 (12.04: multiple vulnerabilities).
from The Tech Report on (#GR3W)
Today's high-level Android vulnerability is called Certifi-gate. As you might have guessed, it gets its name from an underlying problem with the way the operating system handles digital certificates in the context of remote support tools (RSTs). The vulnerability can let an attacker gain full control over a victim's device.Here's roughly how it goes. A bog-standard RST app will usually ask for a normal set of user permissions, but it also needs to install a plugin with elevated permissions so it can perform its tasks. While the RST is digitally signed by its ...Read more...
from on (#GRJR)
The capability dynamically inspects and validates all DNP3 communications, adding previously unavailable security to counter vulnerable pathways in the SCADA systems used by most water and electric utilities.
by Rich Edmonds from Android Central RSS Feed on (#GQJ6)
Just like Samsung and Google, LG also plans to roll out security updates once a month directly to smartphones, in order to help prevent exploits like Stagefright from occurring again.
|
by Alex Hern from Technology | The Guardian on (#GQFS)
New figures buried in SEC filing, which also shows Apple chief executive gained the security team in 2014Tim Cook’s security expenses cost Apple almost $700,000 (£450,000) a year, according to new figures filed with America’s securities and exchange commission.The docs, discovered by news site Patently Apple buried in a SEC filing from March, count the security detail among the Apple executive’s benefits in kind. Under the heading “all other compensationâ€, the filing breaks down the figure of $774,176 for 2014. Continue reading...
from heise online News on (#GPEN)
Die Security Bilanz Deutschland erfasst jährlich bei mittelständischen Unternehmen die gefühlte Bedrohung der eigenen IT und die Zufriedenheit mit den eigenen Schutzvorkehrungen.
|
by Xeni Jardin from on (#GNQN)
In a Reddit AMA, activists DeRay McKesson, Johnetta Elzie and ACLU’s Nus Choudhury talked policing and police reform in America, and surveillance of activists. Read the rest
|
by Jon Evans from Crunch Hype on (#GNEN)
It’s a truism that all software has bugs and security holes. It’s another that license agreements invariably make software vendors immune to liability for damage or losses caused by such flaws. But, to my surprise, Black Hat’s founder and keynote speaker are arguing that software product liability, presumably mandated by governments, is inevitable. If they’re right,… Read More
|
by Ron Amadeo from Ars Technica - All content on (#GNA9)
Editorial: Android's update strategy doesn't scale, and that's recipe for disaster.
|
by Guardian Staff from World news | The Guardian on (#GN91)
Never-before-seen footage from the Isabella Stewart Gardner museum shows a possible dry run on 19 March 1990, the day before the robbery. The video could lead investigators closer to solving the heist of $500m worth of art
|
by Guardian Staff from World news | The Guardian on (#GMWN)
Labour leadership candidate Jeremy Corbyn says that real security for a country is providing well for its citizens in terms of housing, education and employment, rather than spending a ‘phenomenal’ amount of money on weapons of mass destruction. Corbyn was speaking at a Campaign for Nuclear Disarmament event in London on Thursday to commemorate the 70th anniversary of the Hiroshima atomic bombing Continue reading...
|
by metaschima from LinuxQuestions.org on (#GMV2)
https://www.schneier.com/blog/archives/2015/07/comparing_the_s_1.html https://www.usenix.org/system/files/conference/soups2015/soups15-paper-ion.pdf The main things that experts find important...
|
by Emily Dreyfuss from Feed: All Latest on (#GMKG)
The Stagefright bug has quickly frightened cell phone manufacturers into action. The post Big Android Makers Will Now Push Monthly Security Updates appeared first on WIRED.
|
CentOS has updated kernel (C7: multiple vulnerabilities, one from 2014).Fedora has updated kernel (F22:three vulnerabilities).openSUSE has updated ghostscript(13.2, 13.1: code execution) and php5(13.2, 13.1: two vulnerabilities).Red Hat has updated kernel(RHEL7: multiple vulnerabilities, one from 2014) and kernel-rt (RHEL7; RHEL6: multiple vulnerabilities, one from 2014).Scientific Linux has updated kernel (SL7: multiple vulnerabilities, one from 2014).SUSE has updated oracle-update(Manager 2.1: multiple vulnerabilities).Ubuntu has updated cinder (15.04:arbitrary file reads), python-keystoneclient,python-keystonemiddleware (15.04, 14.04: two vulnerabilities, one from2014), and swift (15.04, 14.04, 12,04: twovulnerabilities, one from 2014).
by Agence France-Prfesse from World news | The Guardian on (#GJK6)
Ukraine’s security service says it has detained a criminal group that was attempting to sell a small quantity of what appeared to be non-fissile uraniumUkraine’s security service has said it seized a small quantity of what appeared to be ore-grade uranium from a criminal gang in a peaceful western region.
|
by Mark Frauenfelder from on (#GHW6)
Remember those militarized cops who raided a California medical marijuana dispensary, harassed a disabled patient in the store, and were recorded on a security camera gobbling what was almost certainly marijuana-infused edibles that they swiped during the raid? Read the rest
|
by Brandon Chester from on (#GHJA)
Security updates on mobile operating systems have typically been bundled inside larger patches that include other bug fixes and improvements. Unfortunately, the world of security exploits isn't tuned to a company's release schedule, which can leave devices and platforms vulnerable to exploits for long periods of time. Microsoft recognized this issue long ago and has since used Windows Update to roll out regular security patches when needed. With the growth of mobile, more attention is now being placed on the security of smartphones and tablets.Google appears to have come to the same realization as Microsoft, and today they announced that they will start pushing monthly security updates over the air to Nexus devices that are still within their support timeframe. The list of supported devices includes the Nexus 4, Nexus 5, Nexus 6, Nexus 7 (both generations), Nexus 9, Nexus 10, and Nexus Player. In addition to security fixes, the monthly OTA updates will include general bug fixes, but the focus is primarily on security improvements.The first monthly patch for Nexus devices is rolling out today, although as usual it may take some time to get to your device due to Google's staged rollout system. In addition to this announcement, Google has also implemented a long rumored change to their Nexus update policy. While in the past devices were guaranteed 18 months of updates, under the new policy they will be supported for two years of major software updates, and security updates will continue for three years or eighteen months after the device is discontinued on Google Play depending on which is longer.
|
It's been 10 days since Zimperium's Joshua Drake revealed a new Android vulnerability called Stagefright - and Android is just starting to recover. The bug allows an attacker to remotely execute code through a phony multimedia text message, in many cases without the user even seeing the message itself. Google has had months to write a patch and already had one ready when the bug was announced, but as expected, getting the patch through manufacturers and carriers was complicated and difficult.But then, something unexpected happened: the much-maligned Android update system started to work. Samsung, HTC, LG, Sony and Android One have already announced pending patches for the bug, along with a device-specific patch for the Alcatel Idol 3. In Samsung's case, the shift has kicked off an aggressive new security policy that will deploy patches month by month, an example that's expected to inspire other manufacturers to follow suit. Stagefright seems to have scared manufacturers and carriers into action, and as it turns out, this fragmented ecosystem still has lots of ways to protect itself.Seeing is believing, but the signs are at least somewhat positive. I doubt all of these will get the fix, though.That being said, as the linked article explains, this bug really isn't as worrisome as people made it out to be. Security researchers (often working for companies selling security software) have cried wolf so many times I really don't take any of them seriously at this point, no matter which operating system's users they are trying to scare into buying their crap.
by Frederic Lardinois from Crunch Hype on (#GH9M)
Earlier today, Samsung announced that it would now provide security patches for its Android devices “about once per month.†In addition to Samsung, Google also today announced a similar program for its Nexus devices. Both Samsung and Google will release these security patches as over-the-air updates. Read More
|
by Jared DiPane from Android Central RSS Feed on (#GHAC)
Nexus devices will now receive monthly security updates from Google, in addition to their usual platform updates. Starting now with the release of the Stagefright exploit fix, Google will be pushing out security updates, and notifying its partners on a monthly basis.
|
by John Callaham from Android Central RSS Feed on (#GH26)
Samsung says it is developing a new and faster process to release security updates to its Android devices, in the wake of the recent Stagefight exploit. Samsung says it plans to offer over-the-air security patches once a month.
|
Debian has updated wordpress(regression in previous update).Debian-LTS has updated ia32-libs (multiple vulnerabilities).Red Hat has updated java-1.5.0-ibm (RHEL5,6: multiplevulnerabilities) and node.js (RHOSE2.1; RHOSE2.0: man-in-the-middle attack).SUSE has updated java-1_6_0-ibm(SLEM12: multiple vulnerabilities).Ubuntu has updated oxide-qt(15.04, 14.04: multiple vulnerabilities).
by Reuters from Technology | The Guardian on (#GF4V)
Investigators have contacted a Denver-based technology firm that helped to manage the unusual system, the Washington Post saysThe FBI has begun looking into the security of Hillary Clinton’s private email setup, contacting in the past week a Denver-based technology firm that helped manage the unusual system, the Washington Post has reported, citing two government officials.Related: 'So revealing and wacky': Hillary Clinton emails deride David Cameron Continue reading...
|
by Alex Hern from Technology | The Guardian on (#GFVJ)
The tech giant will patch a serious bug in the next security update to its desktop operating systemApple is to fix a bug in its Mac OS X operating system as soon as possible amid concerns over the security of its desktop and laptop computers.The tech company will patch a serious “privilege escalation†bug in the next security update to its desktop operating system, Mac OS X 10.10.5, the Guardian has learned. The initial beta of the next update to the Mac operating system did not include a fix for the bug, known as DYLD, leading to concerns it would not be fixed until the Autumn when the next major OS release, El Capitan, is planned. Continue reading...
|
by Reuters in Shanghai from World news | The Guardian on (#GF9K)
Move, which security minister says will ‘catch criminal behaviour at earliest possible point’, is latest attempt to tighten control over online activitiesChina is planning to set up “network security offices†in major internet companies and for websites so authorities can move more quickly against illegal online behaviour, the ministry of public security said in a statement.Related: China passes new national security law extending control over internet Continue reading...
|
by Xeni Jardin from on (#GF78)
The suspect worked at a local Naval base, but there's no talk of terrorism because he was also white. Read the rest
|
by Xeni Jardin from on (#GF5F)
The FBI is investigating how secure Hillary Rodham Clinton's email practices were when she was secretary of state and used a private email server, reports The Washington Post. Read the rest
|
Debian has updated squid3(security bypass) and wordpress (multiple vulnerabilities).Fedora has updated quassel (F21: denial of service).Mageia has updated ipython(MG4,5: two vulnerabilities), moodle (MG5:vulnerabilities), pdns (MG4,5: denial ofservice), and php (MG5: multiple vulnerabilities).openSUSE has updated gpsm (13.1:code execution from 2013).Scientific Linux has updated autofs (SL6: privilege escalation), curl (SL6: multiple vulnerabilities), freeradius (SL6: denial of service), gnutls (SL6: multiple vulnerabilities), grep (SL6: two vulnerabilities), hivex (SL6: privilege escalation), httpd (SL6: access restriction bypass), ipa (SL6: cross-site scripting), java-1.6.0-openjdk (SL6: multiplevulnerabilities), kernel (SL6: multiplevulnerabilities), libreoffice (SL6: codeexecution), libxml2 (SL6: denial ofservice), mailman (SL6: twovulnerabilities), net-snmp (SL6: denial ofservice), ntp (SL6: multiplevulnerabilities), pacemaker (SL6: privilegeescalation), pki-core (SL6: cross-sitescripting), python (SL6: multiplevulnerabilities), sudo (SL6: informationdisclosure), wireshark (SL6: multiplevulnerabilities), and wpa_supplicant (SL6: denial of service).
by Peter_APIIT from LinuxQuestions.org on (#GBQB)
Dear All, I wonder any security problem with this configuration: unbound - dnscrypt-proxy Squid dhcp ntpd ---Quote---
|
by Alex Wilhelm from Crunch Hype on (#GAG9)
And now for an update in the continuing saga of the Cybersecurity Information Sharing Act (CISA), a controversial piece of legislation currently in the Senate that, to some, represents an important tool to bolster the sharing of threat data between the government and private entities, and to others is a privacy-wrecking mess. Read More
|
by David Kravets from Ars Technica - All content on (#GAFJ)
Drones used by US adversaries "present detection and disruption challenges."
|
Debian has updated apache2(multiple vulnerabilities), ghostscript(code execution), icedove (multiple vulnerabilities), icu (multiple vulnerabilities), and ruby-rack (denial of service).Fedora has updated bind (F22; F21:denial of service), bind99 (F22: denial ofservice), libuser (F21: multiplevulnerabilities), and openssh (F21: denial of service).Mageia has updated bind (MG4,5:denial of service), icu (MG4,5: codeexecution), and remind (MG4,5: buffer overflow).openSUSE has updated bind (13.2,13.1: denial of service) and libuser (13.2:privilege escalation).Oracle has updated java-1.6.0-openjdk (OL5: multiplevulnerabilities), kernel 2.6.39 (OL6; OL5:multiple vulnerabilities), kernel 2..6.32 (OL6; OL5:multiple vulnerabilities), kernel 3.8.13 (OL7; OL6: multiple vulnerabilities), and lxc (OL7; OL6: two vulnerabilities).Scientific Linux has updated bind (SL6; SL6,7:denial of service) and libuser (SL6: two vulnerabilities).
by Frederic Lardinois from Crunch Hype on (#GA66)
Security platform Zscaler today announced that it has raised a $100 million Series B funding round led by late stage investor TPG. The company, which offers a wide range of web, mobile and cloud security services for enterprises, has now raised a total of $138 million and says that its valuation in this last round was over $1 billion. Other investors include EMC and previous investor… Read More
In colossal co-incidence, eight-petaflop limit keeps China atop fastest supercomputer charts China has banned the unlicensed export of supercomputers and certain types of unmanned aerial vehicles.…
|
by mastermind1 from LinuxQuestions.org on (#G7ZQ)
Hello all, I am new to Linux (of course) but not new to computing or programming. I would like to ask some advice on which distros are optimal for enhanced privacy concerns, as well as some...
|
from on (#G5CF)
Hello, open gaming fans! In this week's edition, we take a look at Razer and OUYA, security vulnerabilities on Steam, and more.Open gaming roundup for July 25 - August 1, 2015read more
|
by Associated Press in Cairo from World news | The Guardian on (#G6Q0)
|