StorySome PDFs from Blackhat 2015
Woman drank contents of bottle after being told she could not carry it in her hand luggage, only to be prevented from flying because she was too drunkA Chinese woman reportedly downed a full bottle of Â£120 cognac at security control after she was told she was not allowed to take liquids on board her flight â€“ which she was then prevented from boarding.The woman, who has been named only as Zhao, was deemed too drunk to fly by staff at Beijing Capital international airport when she collapsed shortly after drinking the bottle of RÃ©my Martin XO Excellence. Continue reading...
CentOS has updated httpd (C6:denial of service) and nss (C5: two vulnerabilities).Oracle has updated httpd (OL7; OL6:denial of service), mariadb (OL7: multipleunspecified vulnerabilities), and nss (OL5:two vulnerabilities).Red Hat has updated httpd (RHEL7; RHEL6:HTTP request smuggling), httpd24-httpd(RHSCL2: multiple vulnerabilities), libunwind (RHELOSP6: buffer overflow), mariadb (RHEL7: multiple vulnerabilities), nss (RHEL5: two vulnerabilities), openstack-neutron (RHELOSP6: denial ofservice), openstack-swift (RHELOSP6;RHELOSP5: arbitrary object deletion),python-django (RHELOSP6; RHELOSP5: denial of service), python-django-horizon (RHELOSP6: cross-sitescripting), python-keystoneclient (RHELOSP6; RHELOSP5:two vulnerabilities), qemu-kvm-rhev (RHELOSP6; RHELOSP5:information leak), redis (RHELOSP6: codeexecution), and thunderbird (RHEL5,6,7: multiple vulnerabilities).Scientific Linux has updated httpd (SL7; SL6:denial of service), mariadb (SL7: multiplevulnerabilities), nss (SL5: twovulnerabilities), and thunderbird (SL5,6,7:multiple vulnerabilities).Ubuntu has updated thunderbird(15.04, 14.04, 12.04: multiple vulnerabilities).
Thailand police use â€˜imaginationâ€™ to â€˜connect the dotsâ€™ in search for prime suspect who set off a bomb which killed 20 and injured 120Police in Thailand say they have used their â€œimaginationâ€ to piece together the movements of the prime suspect in a bomb attack at a shrine last week that killed 20 people because most of the security cameras on the getaway route were broken.Related: Bangkok explosion: fatal blast at Erawan shrine Continue reading...
Debian-LTS has updated extplorer (cross-site scripting), roundup (multiple vulnerabilities), and wesnoth-1.8 (information leak).Mageia has updated libcryptopp(MG4,5: information disclosure), mediawiki(MG4,5: multiple vulnerabilities), openssh(MG4,5: multiple vulnerabilities), php (MG5; MG4:multiple vulnerabilities), and x11-server(MG5: permission bypass).openSUSE has updated wireshark(13.2: multiple vulnerabilities) and xfsprogs (13.2, 13.1: information disclosure).Red Hat has updated rh-ruby22-ruby (RHSCL2: DNS hijacking).Slackware has updated gnutls (denial of service).SUSE has updated glibc(SLE11SP3,4: multiple vulnerabilities) and kvm (SLE11SP2: two vulnerabilities).
Berlin in particular is determined to draw up mandatory quotas for refugees and is warning of reintroducing national border controlsGermany and France are to launch a drive for more concerted European immigration and security policies following the foiled attack on an Amsterdam-Paris high-speed train and with Europe reeling under the strain of the biggest migration emergency since the end of the second world war.
by Cory Doctorow from on (#J866)
Riot police remain but fail to slow passage of migrants crossing from Greece on way through Balkans to western EuropeHundreds of migrants have crossed unhindered from Greece into Macedonia after overwhelmed security forces appeared to abandon a bid to stem their flow through the Balkans to western Europe following days of chaos and confrontation.
With journalists and activists jailed and a new terrorism law in effect, a culture of fear is growing in EgyptThe blast shook buildings for miles around. Sleeping residents awoke, called each other, then stared at glowing screens, seeking an explanation for the explosion and the sirens wailing in the distance.Last Thursday a massive car bomb had detonated outside a security building in Shubra Al-Khaima, a working-class district on Cairoâ€™s northern edge. Chunks of concrete had been blasted off the building, shards of glass were sprinkled across the pavement. The windows of the neighbouring apartment building had been blown out, the private spaces of the families within flung open to the street. Continue reading...
A Microsoft product called Yammer was open to anyone whoâ€™d ever been a contractor or an employee at the Department of Veterans AffairsA chat network used by staff at the Department of Veterans Affairs (VA) was a major security risk and open to anyone who had ever been a contractor or an employee at the VA, an internal investigation found.According to the VAâ€™s Office of the Inspector General the chat software, a Microsoft product called Yammer, â€œdid not have an administrator or system set in place to ensure removal of former VA or contractor employeesâ€. Only an administrator could remove an employee from the system, so everyone who had ever logged maintained access to the service.
by Cory Doctorow from on (#J2QT)
Fedora has updated pure-ftpd(F21: denial of service).Red Hat has updated openshift(RHOSE3: privilege escalation).SUSE has updated xen (SLE11SP1: two vulnerabilities).Ubuntu has updated subversion(15.04, 14.04, 12.04: multiple vulnerabilities) and firefox (15.04, 14.04, 12.04: regression inprevious update).
Democratic hopeful will lay out goal of ensuring within two terms of office that 50% of Americans have enough retirement savingsRelated: O'Malley accuses Democratic party of 'stacking the deck' in Clinton's favorThe Democratic presidential hopeful Martin Oâ€™Malley is to unveil a detailed plan to expand social security on Friday.
People in New Jungle camp say Theresa Mayâ€™s attempts to tackle crisis at French port will not deter those fleeing war from trying to reach UKAs rain lashed the flimsy, makeshift tents in the Calais migrant camp known as the New Jungle, the word had gone round that a British minister was in town.Among the people waiting to attempt to stow away on lorries to England after dark, some had hoped that the home secretary, Theresa May, would announce a radical change of heart. Continue reading...
by Cory Doctorow from on (#HZKB)
from on (#HZC7)
Silent Circle is releasing a new version of its Blackphone, creatively named Blackphone 2. The device runs a security-oriented version of Android called Silent OS, which packed with features intended to make businesses' data more secure. ...Read more...
Debian has updated conntrack (denial of service), openjdk-6 (multiple vulnerabilities), vlc (code execution), and zendframework (XML External Entity attack).Debian-LTS has updated conntrack (denial of service).Fedora has updated mariadb (F22:multiple vulnerabilities).Red Hat has updated mariadb55-mariadb (RHSCL2: multiplevulnerabilities) and rh-mariadb100-mariadb(RHSCL2: multiple vulnerabilities).SUSE has updated kvm (SLE11SP1: code execution).
Egyptian civilians and security forces gather at the site of the car bomb that exploded near a security building in Cairo on Thursday morning, injuring at least six people. The bomb was detonated near a security services building in the Shubra Al-Khaima area and is the latest in a series of violent attacks in Egypt Continue reading...
United States Investigations Services strikes deal with justice department after claims it took shortcuts when vetting federal employeesUnited States Investigations Services Inc, the private firm that vetted former National Security Agency contractor Edward Snowden, has agreed to a settlement worth at least $30m, resolving US claims connected to its background investigations.