Story H1EZ Some PDFs from Blackhat 2015 Similar


Some PDFs from Blackhat 2015

Similar News

How security flaws work: The buffer overflow
Starting with the 1988 Morris Worm, this flaw has bitten everyone from Linux to Windows.
LXer: Oracle, still clueless about security
Published at LXer: Oracle's chief security officer, Mary Ann Davidson, recently ticked off almost everyone in the security business. She proclaimed that you had to do security "expertise in-house...
Woman downs whole bottle of cognac at Beijing airport security control
Woman drank contents of bottle after being told she could not carry it in her hand luggage, only to be prevented from flying because she was too drunkA Chinese woman reportedly downed a full bottle of £120 cognac at security control after she was told she was not allowed to take liquids on board her flight – which she was then prevented from boarding.The woman, who has been named only as Zhao, was deemed too drunk to fly by staff at Beijing Capital international airport when she collapsed shortly after drinking the bottle of Rémy Martin XO Excellence. Continue reading...
Tuesday's security updates
CentOS has updated httpd (C6:denial of service) and nss (C5: two vulnerabilities).Oracle has updated httpd (OL7; OL6:denial of service), mariadb (OL7: multipleunspecified vulnerabilities), and nss (OL5:two vulnerabilities).Red Hat has updated httpd (RHEL7; RHEL6:HTTP request smuggling), httpd24-httpd(RHSCL2: multiple vulnerabilities), libunwind (RHELOSP6: buffer overflow), mariadb (RHEL7: multiple vulnerabilities), nss (RHEL5: two vulnerabilities), openstack-neutron (RHELOSP6: denial ofservice), openstack-swift (RHELOSP6;RHELOSP5: arbitrary object deletion),python-django (RHELOSP6; RHELOSP5: denial of service), python-django-horizon (RHELOSP6: cross-sitescripting), python-keystoneclient (RHELOSP6; RHELOSP5:two vulnerabilities), qemu-kvm-rhev (RHELOSP6; RHELOSP5:information leak), redis (RHELOSP6: codeexecution), and thunderbird (RHEL5,6,7: multiple vulnerabilities).Scientific Linux has updated httpd (SL7; SL6:denial of service), mariadb (SL7: multiplevulnerabilities), nss (SL5: twovulnerabilities), and thunderbird (SL5,6,7:multiple vulnerabilities).Ubuntu has updated thunderbird(15.04, 14.04, 12.04: multiple vulnerabilities).
Butterfleye Is A Home Security Camera That Can Learn What Not To Record
Butterfleye is a hardware startup aiming to build a connected home security camera that avoids coming across as creepily prying. Read More
Appeals Court: Yes, The FTC Can Go After Companies That Got Hacked Over Their Weak Security Practices
Way back in 2004, we noted that the FTC went after Tower Records for getting hacked and leaking customer records. At the time, we wondered if this was appropriate. Companies get hacked all the time, even those with good security practices. So, at what point can it be determined if the company is being negligent, or if it's just that those looking to crack their systems are just that good. Well, the FTC had decided that it can draw the line, and for companies that do a particularly egregious job in not protecting user data, it's made it clear that it's going to go after them. A few years back, the FTC went after Wyndham Hotels for failing to secure user data, and Wyndham tried to argue that the FTC had no authority to do so. Last year, a district court sided with the FTC and now the Third Circuit appeals court has upheld that ruling, giving the FTC much more power to crack down on companies who fail to protect user data from leaking.
Bangkok bombing: broken security cameras add to investigators' woes
Thailand police use ‘imagination’ to ‘connect the dots’ in search for prime suspect who set off a bomb which killed 20 and injured 120Police in Thailand say they have used their “imagination” to piece together the movements of the prime suspect in a bomb attack at a shrine last week that killed 20 people because most of the security cameras on the getaway route were broken.Related: Bangkok explosion: fatal blast at Erawan shrine Continue reading...
Security bei Embedded Systems auf dem 5. Bremer IT-Sicherheitstag
Hacker-Attacken auf Industrie-IT, das Design und die Bewertung sicherer Software-Architekturen sowie das Spannungsfeld zwischen funktionaler Sicherheit und IT-Sicherheit sind drei der zentralen Themen auf dem diesjährigen Bremer IT-Sicherheitstag.
Court rules FTC can prosecute companies over lax online security
Wyndham hotel chain loses appeal case The Third Circuit US Court of Appeals in Philadelphia has ruled that the Federal Trade Commission does have the right to prosecute firms who mishandle their customers' data.…
FTC can sue companies with poor information security, appeals court says
Court says Wyndham hotels practices could be considered “unfair” and “deceptive.”
FTC has power to police cyber security
Linux Foundation to Launch New Security-Focused Badge Program for Open-Source Software
During the LinuxCon and CloudOpen events that took place last week in Seattle, North America, Linux Foundation's Core Infrastructure Initiative announced that they are developing a new free Badge Program.
Security advisories for Monday
Debian-LTS has updated extplorer (cross-site scripting), roundup (multiple vulnerabilities), and wesnoth-1.8 (information leak).Mageia has updated libcryptopp(MG4,5: information disclosure), mediawiki(MG4,5: multiple vulnerabilities), openssh(MG4,5: multiple vulnerabilities), php (MG5; MG4:multiple vulnerabilities), and x11-server(MG5: permission bypass).openSUSE has updated wireshark(13.2: multiple vulnerabilities) and xfsprogs (13.2, 13.1: information disclosure).Red Hat has updated rh-ruby22-ruby (RHSCL2: DNS hijacking).Slackware has updated gnutls (denial of service).SUSE has updated glibc(SLE11SP3,4: multiple vulnerabilities) and kvm (SLE11SP2: two vulnerabilities).
Germany and France to push for joint EU immigration and security policies
Berlin in particular is determined to draw up mandatory quotas for refugees and is warning of reintroducing national border controlsGermany and France are to launch a drive for more concerted European immigration and security policies following the foiled attack on an Amsterdam-Paris high-speed train and with Europe reeling under the strain of the biggest migration emergency since the end of the second world war.
Bangkok blast probe hindered by broken security cameras
Thailand's police chief says blast probe hindered by broken security cameras in Bangkok
Car information security is a complete wreck -- here's why
LXer: Linux Foundation to Launch New Security-Focused Badge Program for Open-Source Software
Published at LXer: During the LinuxCon and CloudOpen events that took place last week in Seattle, North America, Linux Foundation's Core Infrastructure Initiative announced that they are developing...
Yammer security sub-standard says US Veterans' Affairs Dept
Microsoft's Twitter clone spammed staff, gave trolls a home and ampliified risk leak America's Veterans Affairs inspector general has sideswiped the department for what it says is “improper” use of Yammer, Microsoft's inside-the-firewall Twitter clone.…
Migrants overwhelm security forces at Macedonia border
Riot police remain but fail to slow passage of migrants crossing from Greece on way through Balkans to western EuropeHundreds of migrants have crossed unhindered from Greece into Macedonia after overwhelmed security forces appeared to abandon a bid to stem their flow through the Balkans to western Europe following days of chaos and confrontation.
Cairo citizens caught between Isis violence and Abdel Fatah al-Sisi’s draconian security crackdowns
With journalists and activists jailed and a new terrorism law in effect, a culture of fear is growing in EgyptThe blast shook buildings for miles around. Sleeping residents awoke, called each other, then stared at glowing screens, seeking an explanation for the explosion and the sirens wailing in the distance.Last Thursday a massive car bomb had detonated outside a security building in Shubra Al-Khaima, a working-class district on Cairo’s northern edge. Chunks of concrete had been blasted off the building, shards of glass were sprinkled across the pavement. The windows of the neighbouring apartment building had been blown out, the private spaces of the families within flung open to the street. Continue reading...
Want security? Next-gen startups show how old practices don't cut it
Stop hackers from walking on the eggshells protecting your datacenter Sysadmin Blog In case you hadn't noticed, IT security sucks. There is a chronic lack of people trained in IT security, people who will listen to IT security, and even a lack of agreement on how best to go about IT security. Fortunately, a new generation of startups are helping to tackle the issues.…
Security News This Week: Police Use Mobile Cell Phone Trackers to Avoid Court Orders
Shockingly, none of this news is about cheating spouses! The post Security News This Week: Police Use Mobile Cell Phone Trackers to Avoid Court Orders appeared first on WIRED.
Chat network used by VA staff was a major security risk, investigation says
A Microsoft product called Yammer was open to anyone who’d ever been a contractor or an employee at the Department of Veterans AffairsA chat network used by staff at the Department of Veterans Affairs (VA) was a major security risk and open to anyone who had ever been a contractor or an employee at the VA, an internal investigation found.According to the VA’s Office of the Inspector General the chat software, a Microsoft product called Yammer, “did not have an administrator or system set in place to ensure removal of former VA or contractor employees”. Only an administrator could remove an employee from the system, so everyone who had ever logged maintained access to the service.
Ex-security guard pleads guilty to cooking meth in government lab
Regal promises security-theater bag-searches in America's largest cinema chain
Security updates for Friday
Fedora has updated pure-ftpd(F21: denial of service).Red Hat has updated openshift(RHOSE3: privilege escalation).SUSE has updated xen (SLE11SP1: two vulnerabilities).Ubuntu has updated subversion(15.04, 14.04, 12.04: multiple vulnerabilities) and firefox (15.04, 14.04, 12.04: regression inprevious update).
TSA At The Movies: Theater Chain Looks To Bring Security Theater To The Movie Theater
Thanks to a string of theater-related tragedies, going to the theater is about to become as enjoyable as going to the airport.
Security fears arise over body-worn plodcam footage
'But is it secure?' experts ask, as forces prepare to sign contracts worth millions Fears have been raised over the security of information from the new police bodycam recordings held in the public cloud by US company Taser.…
Collective noun search for security vulns moves into beta testing
Cyber, nest or hatstand? VOTE now for your favourite The recent rash of Android vulnerabilities has made it clear that a new collective noun for such flaws, and possibly a separate one for security bugs in general, is required.…
Optimo - System Security Suite (For Windows) for 1 Year 6 months Price
Martin O'Malley to campaign on expansion of social security
Democratic hopeful will lay out goal of ensuring within two terms of office that 50% of Americans have enough retirement savingsRelated: O'Malley accuses Democratic party of 'stacking the deck' in Clinton's favorThe Democratic presidential hopeful Martin O’Malley is to unveil a detailed plan to expand social security on Friday.
LinuxCon: Core Infrastructure Initiative Boosts Security Efforts
VIDEO: The head of the Linux Foundation's security program details a new initiative to help projects develop and to identify secure best practices.
LXer: LinuxCon: Core Infrastructure Initiative Boosts Security Efforts
Published at LXer: VIDEO: The head of the Linux Foundation's security program details a new initiative to help projects develop and to identify secure best practices. Read More......
Biz that OK'd Edward Snowden for security clearance is fined $30m for obvious reasons
You had one job, US Investigations Services… The US Department of Justice (DoJ) will pocket $30m (£19.14m) from the company tasked with screening, among others, whistleblower Edward Snowden.…
'Fences won't put anyone off': migrants dismiss new Calais security crackdown
People in New Jungle camp say Theresa May’s attempts to tackle crisis at French port will not deter those fleeing war from trying to reach UKAs rain lashed the flimsy, makeshift tents in the Calais migrant camp known as the New Jungle, the word had gone round that a British minister was in town.Among the people waiting to attempt to stow away on lorries to England after dark, some had hoped that the home secretary, Theresa May, would announce a radical change of heart. Continue reading...
"I hope the Chinese aren't collating the Ashley Madison data with their handy federal list of every American with a security clearance." -Bruce Sterling
-Bruce Sterling
Irish Airport Security Bravely Defends Plane From Toddler's Fart-Gun
Here at Techdirt, we've had a great deal of fun at the expense of the TSA and the agency's wonderful brand of security theater masquerading as actual airport security. Yes, the government putting on a kind of clinic in the simultaneous overreach into civil liberties for false security and the kind of wasteful government spending that makes the conservative talkshow hosts of the world dip back into the Oxy has been an ongoing source of entertainment. But the TSA can take the same kind of heart that thousands of purported UFO abductees do: you are not alone.
Security-oriented Blackphone 2 set for September release
Silent Circle is releasing a new version of its Blackphone, creatively named Blackphone 2. The device runs a security-oriented version of Android called Silent OS, which packed with features intended to make businesses' data more secure. ...Read more...
Security advisories for Thursday
Debian has updated conntrack (denial of service), openjdk-6 (multiple vulnerabilities), vlc (code execution), and zendframework (XML External Entity attack).Debian-LTS has updated conntrack (denial of service).Fedora has updated mariadb (F22:multiple vulnerabilities).Red Hat has updated mariadb55-mariadb (RHSCL2: multiplevulnerabilities) and rh-mariadb100-mariadb(RHSCL2: multiple vulnerabilities).SUSE has updated kvm (SLE11SP1: code execution).
Yet another Android app security bug: This time 'everything is affected'
Google says multitasking app flap is overstated Yet another potentially serious security flaw has been revealed in Android.…
Israeli App Security Startup Snags $2.3M Seed Round
AppInside, a tool designed to help app developers check for security vulnerabilities, announced a $2.3 million seed round from Boston’s Accomplice today.When a company commissions an app, they are putting their brand’s reputation on the line when people download it to their tablet or smartphone, Elon Ohevya, co-founder and CEO of AppInside told TechCrunch.Mobile devices… Read More
Man with a titanium hip turned away at airport by all-female security staff
A B.C. man with a titanium hip wasn’t allowed to board his plane when an all-female security team refused to frisk him.
NTP Security Project
Massive IS car bomb hits Cairo security building, wounds 29
Massive car bomb claimed by IS strikes Cairo security building at night, wounds 29
Show us your security chops with the Cyber 10K challenge
Students! Security amateurs! Beat the professionals and win £10,000 Competition NCC Group has devised a lovely cyber security competition, Cyber 10K, which sees the winning contestant receive £10,000 and expert advice from the company to develop their own security solution.Enter and find out more here.…
Cairo security forces' building wrecked by car bombing - video
Egyptian civilians and security forces gather at the site of the car bomb that exploded near a security building in Cairo on Thursday morning, injuring at least six people. The bomb was detonated near a security services building in the Shubra Al-Khaima area and is the latest in a series of violent attacks in Egypt Continue reading...
Core Infrastructure Initiative seeks help to improve open-source security
The Linux Foundation's Core Infrastructure Initiative is reaching out to the community to help determine which open-source projects practice good security methods.
LinuxCon Day 2 recap: Security-centric
The second day of LinuxCon in Seattle started with an announcement by Linux Foundation Executive Director Jim Zemlin about the Core Infrastructure Initiative. The CII will have a new free badge program. According to the program site, "Projects having a CII badge will showcase the project's commitment to security." The first draft of the badge criteria is available on GitHub, and community feedback is more
Security check firm that cleared Edward Snowden agrees $30m fraud settlement
United States Investigations Services strikes deal with justice department after claims it took shortcuts when vetting federal employeesUnited States Investigations Services Inc, the private firm that vetted former National Security Agency contractor Edward Snowden, has agreed to a settlement worth at least $30m, resolving US claims connected to its background investigations.
LXer: Linus Torvalds Talks Linux Security at LinuxCon
Published at LXer: The founder of Linux explains why he's not thinking about the next 10 years of Linux and why security is all about finding bugs. Read More......