Employees, asked what they would hate to see go wrong, listed privacy and security flaws prominentlySenior staff at Ashley Madison, the hacked extramarital dating site, were raising concerns over its security procedures as recently as June, just a month before the site was attacked.Internal documents leaked as part of the attack show concerns over “a lack of security awareness across the organisation†being raised by one vice president. A database containing the documents and more than 30 million user records exfiltrated in the attack, was posted to the internet on Tuesday. Continue reading...
Hamilton lawyer Hussein Hamdani was suspended as a federal security adviser at the end of April. He recently received a letter of appreciation from the government that made no mention of his suspension.
CentOS has updated pam (C6; C7: denial of service).Debian has updated python-django (multiple vulnerabilities).Debian-LTS has updated wordpress (multiple vulnerabilities).Fedora has updated audit (F21; F22: unsafe escape-sequence handling), icecast (F21; F22: denial of service), kernel (F21; F22: information leak), openssh (F22: multiple vulnerabilities), rubygem-rack (F22: denial of service), rubygems (F21: DNS hijacking), strongswan (F21; F22: multiple vulnerabilities), and xfsprogs (F21: information leak).Oracle has updated pam (O6; O7: denial of service).Red Hat has updated kernel (RHEL6: privilege escalation) and pam (RHEL6, 7: denial of service).Scientific Linux has updated pam (SL6, 7: denial of service).Ubuntu has updated python-django (12.04, 14.04, 15.04: multiple vulnerabilities) and openssh (12.04, 14.04, 15.04: upstream regression resulting in denial of service).
Siemens und Audi sind nur zwei der Unternehmen, die im Rahmen des laufenden Hacker-Wettbewerbes händeringend nach neuen Mitarbeitern suchen. Schülern, Azubis und Studenten bietet sich die Chance, erste Kontakte zu potenziellen Arbeitgebern zu knüpfen.
Published at LXer: Magento is one of the most popular open-source eCommerce platforms and it is used by thousands of merchants worldwide. It provides a variety of enterprise-class features, but one...
The eagle-eyed aviation security humans at Dublin Airport prevented a desperate toddler from boarding a flight while in possession of a Despicable Me Fart Blaster: "We don’t make the rules but we apply the rules consistently." (via Lowering the Bar)
Deal contains measures to tackle human traffickers and commitments to boost humanitarian support for vulnerable migrantsBritish and French ministers are to meet in Calais on Thursday to sign an agreement aimed at alleviating the disturbances involving migrants at the French port.
For once I'm not going to be criticizing the TSA, but that's only because the TSA wasn't involved here in any way. Although it wouldn't surprise me if they have been meeting with their Irish counterparts supposedly to exchange nonsensical... Related StoriesTSA: Terror Sorority Alert"Arabic Terror Message" Actually Said "Welcome Home" in HebrewKansas Senator: Terrorists Could Infiltrate Fort Leavenworth by ... Submarine?
CentOS has updated glibc (C5:code execution from 2013), mysql55-mysql(C5: multiple unspecified vulnerabilities, one from 2014), net-snmp(C7; C6:code execution), sqlite (C6: codeexecution), sqlite (C7: threevulnerabilities), and subversion (C6: threevulnerabilities).Debian has updated apache2 (twovulnerabilities), gdk-pixbuf (codeexecution), and nss (two vulnerabilities).Debian-LTS has updated libstruts1.2-java (unclear vulnerability from 2014).Fedora has updated erlang (F22; F21:man-in-the-middle vulnerability), firefox(F22: many vulnerabilities), flac (F21: twovulnerabilities from 2014), gnutls (F21:code execution), golang (F22; F21: HTTP request smuggling),nagios-plugins (F22; F21: three vulnerabilities), qemu (F22: two vulnerabilities), uwsgi(F22; F21:denial of service), and webkitgtk4 (F22:three unspecified vulnerabilities).Mageia has updated kdepim (M4: noattachment encryption from 2014).openSUSE has updated subversion(two vulnerabilities) and virtualbox (two vulnerabilities).Oracle has updated glibc (OL5:code execution from 2013), mysql55-mysql(OL5: multiple unspecified vulnerabilities, one from 2014), net-snmp(OL7; OL6:code execution), sqlite (OL7: threevulnerabilities), sqlite (OL6: codeexecution), and subversion (OL6: three vulnerabilities).Red Hat has updated net-snmp(RHEL6&7: code execution).Scientific Linux has updated glibc (SL5: code execution from 2013), mysql55-mysql (SL5: multiple unspecifiedvulnerabilities, one from 2014), net-snmp(SL6&7: code execution), sqlite (SL6:code execution), and subversion (SL6: threevulnerabilities).Ubuntu has updated kernel (12.04:three vulnerabilities), kernel (15.04; 14.04: denial of service), linux-lts-trusty (12.04: denial of service),linux-lts-utopic (14.04: denial ofservice), linux-lts-vivid (14.04: denial ofservice), linux-ti-omap4 (12.04: threevulnerabilities), and net-snmp (twovulnerabilities, one from 2014).
Imagine a company that installs an appliance to monitor your network for malicious activity, then broadcasts that security data to a cloud service and has experts watching and responding to any real threats. That’s what Traversal Networks, a member of the Summer Y Combinator 2015 class, is trying to do. In fact, the company was making its pitch at YC Demo Day shortly after I spoke… Read More
Published at LXer: Nmap is a free and open source network discovery and security auditing utility that is widely used in the Linux users community as it is simple to use yet very powerful. Nmap...
Hot potato, or hot job? Typically, when a cybersecurity problem arises, it’s the IT department that gets it in the neck. Ostensibly, that makes sense. After all, if someone is in your network mining your database for corporate secrets, it’s hardly the office manager or the accounts receivable department’s lookout, right?…
Academics found cars were vulnerable to ‘keyless theft’, including models from Audi, Honda and Volkswagen – which suppressed the research for two yearsA major security flaw in more than 100 car models has been exposed in an academic paper that was suppressed by a major manufacturer for two years.Flavio Garcia, a computer scientist at the University of Birmingham, and two colleagues from a Dutch university were unable to release the paper after Volkswagen won a case in the high court to ban its publication. Continue reading...
Now Redwood City giant’s security researcher bridge building can begin … not! Security researchers picking through the entrails of a withdrawn blogpost by Oracle CSO Mary Ann Davidson reckon not even her figures add up. Oracle countered that only it had access to the raw figures, so there.…
Arch Linux has updated glibc(denial of service from 2014).Debian-LTS has updated libidn(information disclosure) and subversion (information disclosure).Fedora has updated bzr (F22; F21:denial of service from 2013), firefox (F21:multiple vulnerabilities), and flac (F22: two vulnerabilities).Gentoo has updated adobe-flash(multiple vulnerabilities), icecast (denialof service), and libgadu (threevulnerabilities from 2013 and 2014).openSUSE has updated firefox (13.2; 13.1:multiple vulnerabilities) and flash-player (13.2; 13.1: many vulnerabilities).Oracle has updated kernel 3.8.13 (OL7; OL6: tworemote denial of service flaws), kernel 2.6.39 (OL6; OL5: tworemote denial of service flaws), and kernel 2.6.32 (OL6; OL5: tworemote denial of service flaws).Red Hat has updated glibc (RHEL5:code execution from 2013), mysql55-mysql (RHEL5; RHSC2:multiple unspecified vulnerabilities, one from 2014), rh-mysql56-mysql (RHSC2: multiple unspecifiedvulnerabilities), sqlite (RHEL6:code execution), sqlite (RHEL7: three vulnerabilities), and subversion (RHEL6: three vulnerabilities).Scientific Linux has updated sqlite (SL7: three vulnerabilities).Slackware has updated firefox(multiple vulnerabilities) and thunderbird(multiple vulnerabilities).Ubuntu has updated openssh(15.04, 14.04, 12.04: two vulnerabilities) and pollinate (15.04, 14.04: certificate update).
So I'm testing Arch's linux-grsec Kernel and it seems Steam has a few issues with it. I could make Steam to run with the following command: Code: --------- setfattr -n user.pax.flags -v "PemRS"...
DefCon may be in the books, but the hacks keep coming. Here’s the news this week that we didn’t cover. The post Security News This Week: US Admits It Uses Predictions, Not Data, to Blacklist Flyers appeared first on WIRED.
We learnt about a national security matter from a newspaper rather than the prime minister when a Liberal backbencher floated the idea of bombing SyriaThe most important duty of a government is to keep its people safe.That’s why Labor has worked sensibly and co-operatively with the Government on national security, and will continue to do so. Continue reading...
Apple has released OS X version 10.10.5, and with it comes a bevy of fixes. Although the company states that this update "improves the stability, compatibility, and security of your Mac," the star of the show here may be a fix for the DYLD_PRINT_TO_FILE privilege escalation vulnerability. That bug was discovered by Stefan Esser, and it's apparently under attack in the wild. Esser had previously published an OS X kernel extension called SUIDGuard that users could install to mitigate the problem.The story would end there, but there's one more thing. Esser has since tweeted that Apple "fixed some bugs and made another security problem worse" in 10.10.5. ...Read more...
Thousands of cars from a host of manufacturers have spent years at risk of electronic car-hacking, according to expert research that Volkswagen has spent two years trying to suppress in the courts.
Arch Linux has updated freeradius(certificate verification botch) and subversion (two vulnerabilities).CentOS has updated kernel (C6:two remote denial of service flaws).Fedora has updated gnutls (F22:denial of service), nbd (F22; F21: denial of service), pcre (F22: code execution), andwordpress (F22; F21: multiple vulnerabilities).Mageia has updated gdk-pixbuf2.0(M5: code execution) and owncloud (three vulnerabilities).openSUSE has updated glibc (13.1:denial of service from 2014) and kernel(13.2: multiple vulnerabilities, some from 2014).Oracle has updated kernel (OL6:two remote denial of service flaws).Red Hat has updated kernel(RHEL6: two remote denial of service flaws).Scientific Linux has updated kernel (SL6: two remote denial of service flaws).SUSE has updated firefox(SLE11SP4, SP3: information leak).
Chinese company releases firmware update after fears new problem software could, as with Superfish, be used to let hackers access vulnerable computersSix months after apologising to users for pre-installing security-busting malware Superfish on its consumer laptops, Chinese PC manufacturer Lenovo has again had to remove another pre-installed component from its laptops over security fears.But this time, the problem software, called the “Lenovo Service Engine (LSE)â€, is built into the firmware of the laptops themselves, in a low-level operating system called the BIOS, invisible even to Windows. (The BIOS is what is running the screens of white-on-black text seen on many computers as they start up). It launches when the computer is turned on, before Windows loads, and then replaces Microsoft’s start-up diagnostics program (which ensures that the system was shut down properly, that the disk isn’t corrupted, and that it’s safe to launch Windows) with its own. Continue reading...
Richard Di Natale urges Australian federal police to investigate allegations Sarah Hanson-Young was followed by Wilson guards while visiting the island in 2013The Greens are demanding Wilson Security be barred from rebidding for work at the Nauru immigration detention centre after claims one of its senators was subject to systematic spying.An unnamed whistleblower alleges Sarah Hanson-Young had her every move tracked by a team of eight Wilson guards while visiting the island in 2013, a claim at odds with evidence the company has given to a Senate inquiry. Continue reading...
Thorne, who was last week sentenced to eight months’ prison for flying under a false name, is in segregation at Goulburn’s supermax prisonA controversial preacher jailed for flying under a false name is being held at Goulburn’s supermax prison in segregation under the highest security classification in New South Wales.Junaid Thorne, 26, was last week sentenced to eight months’ prison, with a minimum four months behind bars, for using false ID to obtain an airline ticket and flying under a false name. Continue reading...
Published at LXer: Oracle's chief security officer is tired of customers performing their own security tests on Oracle software, and she's not going to take it anymore. Read More......
Update flawed, new one needed for countless gadgets Google's security update to fix the Stagefright vulnerability in millions of Android smartphones is buggy – and a new patch is needed.…
Debian has updated request-tracker4 (cross-site scripting).Red Hat has updated flash-plugin(RHEL5&6: many vulnerabilities).SUSE has updated firefox (SLE12:information leak), java-1_7_0-ibm(SLE11SP3, SP2: many vulnerabilities), and kernel-rt (SLE11SP3: many vulnerabilities,including some from 2014).
One of the big takeaways from the recent Black Hat security conference was Google announcing plans to issue monthly security updates, and that it would strive to keep us all better informed. Lead engineer for Android security at Google Adrian Ludwig has announced a big step in the right direction with the creation of the Android Security Updates Google Group. The focus of the group is to provide more information about security issues and bulletins, and the first post details exactly what's in the current update for Nexus devices.
Published at LXer: The open-source container technology now benefits from technology that can digitally sign and verify application containers. Read More......
A new study on food security and access shows many Brantford and Brant households struggle with not having enough to eat and challenges accessing food. In 2012 and 2014, respectively, 1,247 and 792 Brant residents aged 18 and over participated in th
Dropbox today announced that it will now support security keys.Security keys are physical USB dongles from companies like YubiCo that allow you to bypass the traditional app- and text message-based two-factor authentication schemes with their six-digit codes by simply plugging the key into your computer. Read More
Dropbox has announced that it will now offer support for USB security keys for logging in via the service's website. Dropbox already supports two-factor authentication for its site and apps sending one-time codes either through SMS or authenticator apps. USB keys, also known as Universal 2nd Factor or U2F, add a new, physical dimension to securing your Dropbox account.
In Not Even Close: The State of Computer Security, a talk given at the Norwegian Deveopers' Conference, Microsoft Research's James Mickens gave the most acerbic, funny, terrifying security talk I can remember seeing (and I've seen a lot of 'em!). Read the rest
Arch Linux has updated firefox (multiple vulnerabilities).CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities).Debian has updated gnutls28 (denial of service), iceweasel (multiple vulnerabilities), and wordpress (multiple vulnerabilities).Fedora has updated devscripts (F22; F21: twovulnerabilities), kernel (F22; F21: information leak), pure-ftpd (F22: denial of service), xen(F22; F21:code execution), and xfsprogs (F22:information disclosure from 2012).Mageia has updated firefox(MG4,5: multiple vulnerabilities), flash-player-plugin (MG4,5: multiplevulnerabilities), and qemu (MG4,5: multiple vulnerabilities).openSUSE has updated gnutls(13.2, 13.1: denial of service).Oracle has updated firefox (OL7; OL6; OL5: multiple vulnerabilities).Red Hat has updated firefox(RHEL5,6,7: multiple vulnerabilities) and kernel (RHEL6.5: use-after-free flaw).Scientific Linux has updated firefox (SL5,6,7: multiple vulnerabilities).SUSE has updated flash-player (SLE12; SLED11SP4,SP3: multiple vulnerabilities).Ubuntu has updated firefox(15.04, 14.04, 12.04: multiple vulnerabilities) and ubufox (15.04, 14.04, 12.04: multiple vulnerabilities).