Story H1EZ Some PDFs from Blackhat 2015 Similar

Story

Some PDFs from Blackhat 2015

Similar News

Burundi's de facto internal security chief killed in rocket attack on car
Gen Adolphe Nshimirimana, seen as regime’s No 2, assassinated week after President Nkurunziza declared election winnerA top Burundian general and close aide to the president, Pierre Nkurunziza, has been killed in a rocket attack on his car in the capital, Bujumbura, officials and witnesses said.
LXer: Razer acquires OUYA, Steam security breach, and more open gaming news
Published at LXer: Hello, open gaming fans! In this week's edition, we take a look at Razer and OUYA, security vulnerabilities on Steam, and more.Open gaming roundup for July 25 - August...
We're suing the Justice Department over FBI’s secret rules for using National Security Letters on journalists
Freedom of the Press Foundation this week filed a Freedom of Information Act (FOIA) lawsuit against the Justice Department over their unpublished rules for using National Security Letters and so-called informal “exigent letters” to conduct surveillance of journalists. Read the rest
Security News This Week: United Airlines Can’t Catch a Break
Each weekend, WIRED rounds up the security vulnerabilities and privacy updates that deserve your attention. The post Security News This Week: United Airlines Can’t Catch a Break appeared first on WIRED.
Friday's security updates
CentOS has updated java-1.6.0-openjdk (C5; C7: multiple vulnerabilities).Debian has updated openafs(multiple vulnerabilities) and xmltooling (denial of service).Fedora has updated libuser(F22: multiple vulnerabilities), openssh (F22: authentication limits bypass; F22: improper output filtering), and xrdp (F22: denial of service).Mageia has updated groovy(M4, M5: code execution).openSUSE has updated bind (11.4:multiple vulnerabilities) and openldap2 (13.1, 13.2: multiple vulnerabilities).Oracle has updated java-1.6.0-openjdk (O6; O7: ).Red Hat has updated java-1.6.0-openjdk (multiple vulnerabilities).Scientific Linux has updated openafs (multiple vulnerabilities).SUSE has updated bind(SLES 10: denial of service), java-1_7_0-openjdk (SLE 11;SLE 12: multiple vulnerabilities), java-1_7_1-ibm (SLE 11; SLE 12: multiple vulnerabilities),and kernel (SLE 12: multiple vulnerabilities).Ubuntu has updated hplip(12.04, 14.04, 15.04: man-in-the-middle attack), kernel (14.04: multiple vulnerabilities), linux-lts-trusty (12.04: multiple vulnerabilities), and sqlite3 (12.04, 14.04, 15.04: multiple vulnerabilities).
When online security is literally a roll of the dice, which dice do you use?
My search for an easy way to generate strong passwords and passphrases led me to the "Diceware" method Cory wrote about on Boing Boing. This was no game. I needed serious dice. Read the rest
Major Security Bug In Aptean’s Customer Response System Puts User Data At Risk
A bug discovered by security researchers Eric Taylor and Blake Welsh can change a standard customer feedback system called Aptean SupportSoft into a method for hackers to grab passwords, credit card information, and usernames. Taylor and Welsh have also been able to inject code into chat sessions that makes small windows appear when a customer service chat session is initiated. The exploit… Read More
Flash deserves to live, says Cisco security man
Adobe's scars make it ugly but tough. So tough it's being attacked more than ever Don't kill Flash; that's the message from Cisco security veteran John Stewart who says the Adobe team have put in the hard yards into reforming security and needs to weather the current bug storm.…
Important Security Announcement from PagerDuty
Comments
Security updates for Thursday
Debian-LTS has updated squid3(security bypass).Fedora has updated drupal7-path_breadcrumbs (F22; F21: cross-sitescripting), ecryptfs-utils (F22; F21: password disclosure from 2014), hplip (F21: key verification botch), httpd (F21: multiple vulnerabilities),ipython (F22; F21: cross-site request forgery), libunwind (F21: code execution), libwmf (F21: two denial of service flaws), nx-libs (F22: unspecified vulnerabilities), wpa_supplicant (F21: code execution), and xrdp (F21: denial of service).openSUSE has updated lxc (13.2; 13.1:two vulnerabilities).Oracle has updated autofs (OL6:privilege escalation from 2014), bind (OL6; OL6:denial of service), curl (OL6: multiplevulnerabilities, some from 2014), freeradius (OL6: code execution from 2014), gnutls (OL6: two vulnerabilities), grep (OL6: code execution), hivex (OL6: code execution from 2014), ipa (OL6: cross-site scripting from 2010 and2012), kernel (OL6: multiplevulnerabilities, some from 2014), kernel 3.8.13 (OL7; OL6:three vulnerabilities, one from 2014), libreoffice (OL6: code execution), libuser (OL6: privilege escalation), libxml2 (OL6: two vulnerabilities, one from2014), mailman (OL6: two vulnerabilities,one from 2002), net-snmp (OL6: denial ofservice from 2014), ntp (OL6: threevulnerabilities), pki-core (OL6: cross-sitescripting), python (OL6: twovulnerabilities from 2013 and 2014), sudo(OL6: information disclosure from 2014), wireshark (OL6: multiple vulnerabilities, somefrom 2014), and wpa_supplicant (OL6: denialof service).SUSE has updated bind (SLE11SP1:denial of service).Ubuntu has updated ghostscript(15.04, 14.04, 12.04: code execution), openjdk-7 (15.04, 14.04: multiplevulnerabilities), pcre3 (15.04, 14.04,12.04: multiple vulnerabilities, one from 2014), and tidy (15.04, 14.04, 12.04: two vulnerabilities).
Strong ARM scoops up Sansa to boost IoT security
Chipmaker adds Israeli company's bolt-on protection to its bulging armoured sack Chipmaker ARM has sealed a deal to buy Israeli Internet of Things (IoT) security specialist Sansa Security. Financial terms of the deal, announced Thursday, were not officially disclosed. However, the WSJ previously reported that around $75m-$85m was on the table.…
HelloSign (YC W11) Is Hiring a Director of Information Security
Comments
Rackspace cooking up security-secret-sharing cloud cabal
Top-tier clouds invited into information-sharing club to speed defence deployment Rackspace is leading an effort to create a new group of top-tier cloud companies that it hopes will share information about security in close to real time.…
US to rethink hacker tool export rules after mass freakout in security land
Second draft of Wassenaar to take public comments under advisory Proposed changes to the US government's export controls on hacking tools will likely be scaled back following widespread criticism from the infosec community, a government spokesman has said.…
Russia vetoes Security Council proposal on MH17 tribunal
Russia vetoes Security Council proposal on MH17 tribunal, despite late lobbying of Putin
Security updates for Wednesday
Arch Linux has updated bind(denial of service), pacman(man-in-the-middle attack), and qemu(multiple vulnerabilities).CentOS has updated bind (C7; C5: denialof service) and bind97 (C5: denial of service).Debian has updated bind9 (denial of service).Debian-LTS has updated apache2 (denial of service) and bind9 (denial of service).Fedora has updated elfutils (F21:unspecified vulnerabilities), haproxy (F22; F21:information leak), hplip (F22:man-in-the-middle attack), libidn (F22; F21:information disclosure), php (F21: multiplevulnerabilities), roundcubemail (F22; F21:multiple vulnerabilities), subversion (F21:multiple vulnerabilities), and wpa_supplicant (F22: denial of service).Mageia has updated ansible(MG4,5: two vulnerabilities), freeradius(MG4,5: insufficient certificate verification), openssh (MG4,5: authentication limits bypass),python-django (MG4,5: multiplevulnerabilities), and springframework (MG5:denial of service).Oracle has updated bind (OL7; OL5:denial of service) and bind97 (OL5: denial of service).Red Hat has updated bind (RHEL6,7; RHEL5: denial of service), bind97 (RHEL5: denial of service), and qemu-kvm-rhev (RHOSP5,6: two vulnerabilities).Scientific Linux has updated bind(SL5: denial of service) and bind97 (SL5: denial of service).Slackware has updated bind (denial of service).SUSE has updated bind (SLE12; SLE11SP3,4: denial of service).Ubuntu has updated bind9 (15.04,14.04, 12.04: denial of service) and qemu(15.04, 14.04: multiple vulnerabilities).
Hackers blindside CSIS with ‘cabinet-level’ security breach
Canadian government and law enforcement officials are scrambling to figure out how Anonymous got their hands on what the hacker collective calls cabinet-level secrets.
BackBox 4.3 review: Not just for penetration tests and security assessments
Today’s review is of BackBox 4.3, the latest edition, which is based on Ubuntu 14.04 and ships with its own suite of security-focused applications. This puts it in the same niche as CAINE, Deft and Kali.
Pro-security? Stay away from these hosters
Comments
LXer: BackBox 4.3 review: Not just for penetration tests and security assessments
Published at LXer: Today’s review is of BackBox 4.3, the latest edition, which is based on Ubuntu 14.04 and ships with its own suite of security-focused applications. This puts it in the same niche...
Australian Cyber Security Centre uses discredited data to quantify infosec threats
The numbers are down, but Australia's Oz Cyber Force says things are getting worse The cost of “cyber attacks” in Australia appears to be stabilising and the country has never been subject to an attack at the national scale, but the government's Cyber Force (not its real name) is still pitching the growth of the threat.…
Tuesday's security updates
CentOS has updated clutter (C7:screen lock bypass) and qemu-kvm (C7: two vulnerabilities).Debian-LTS has updated icu(code execution).Mageia has updated chromium-browser (MG4,5: multiplevulnerabilities), expat (MG4,5: denial ofservice), icu (MG5; MG4: denial of service/code execution), stunnel (MG5: authentication bypass), thunderbird (MG4,5: multiple vulnerabilities),wesnoth (MG5; MG4: information leak), and wordpress (MG4: two vulnerabilities).Oracle has updated clutter (OL7:screen lock bypass) and qemu-kvm (OL7: two vulnerabilities).Red Hat has updated clutter(RHEL7: screen lock bypass).Scientific Linux has updated clutter (SL7: screen lock bypass) and qemu-kvm (SL7: two vulnerabilities).SUSE has updated xen (SLE12; SLE11SP4: two vulnerabilities).Ubuntu has updated apache2(15.04, 14.04, 12.04: two vulnerabilities), kernel (15.04; 14.04:multiple vulnerabilities), linux-lts-trusty(12.04: multiple vulnerabilities), linux-lts-utopic (14.04: multiplevulnerabilities), and linux-lts-vivid(14.04: multiple vulnerabilities).
Bundestag won't reveal web block list on 'national security' grounds
100,000 sites off limits, but nobody knows which ones Official sources in Berlin are refusing to publish details of the 100,000 websites blocked in the Bundestag, because revealing them would “endanger national security”.…
Google Now Lets Developers Bring Their Own Security Keys To Compute Engine
Starting today, developers who use Google’s Compute Engine infrastructure as a service platform will be able to bring their own security keys to the service. Google argues that using these customer-supplied encryption keys, which are now in public beta, give its users more control over their data security.By default, Google encrypts all of the data on its service with an AES-256 bit… Read More
Seven things security experts do to keep safe online
Cybersecurity experts aren't like you or I, and now we have the evidence to prove it. Researchers at Google interviewed more than 200 experts to find out what security practices they actually carry out online, and then spoke to almost 300 non-experts to find out how they differ.
2. Konferenz zur Cyber Security Challenge: Das Programm steht
Die Gefahren und andererseits die Möglichkeiten zum Schutz und der Prävention vor Cyberangriffen sind das zentrale Thema der 2. Konferenz zur Cyber Security Challenge Germany Mitte September in Berlin.
Cybercrime forum Darkode returns with security, admins intact
Revived invite-only site has cleared out snitches, will rely on blockchain authentication Crime forum Darkode has relaunched with renewed security two weeks after it was obliterated in a global police raid that shut down the site and saw members arrested.…
LXer: Seven things security experts do to keep safe online
Published at LXer: Cybersecurity experts aren't like you or I, and now we have the evidence to prove it. Researchers at Google interviewed more than 200 experts to find out what security practices...
Sysadmins: Your great power brings the chance to RUIN security
Risk management chap explains how to stop users dozing when you talk infosec Risk management bod Kris French Junior has offered 10 tips to help security teams bin their boring, technical, and uniformed education schemes…
SOHOpeless: security stains on Honeywell's Tuxedo home automator
I could have sworn I locked the house when I went to work this morning ... Honeywell has issued an urgent firmware update for its three-year-old Tuxedo Touch home automation controller to patch vulnerabilities that could, among other things, let an attacker unlock users' deadlocks.…
Steam Security Hole Closed
Valve has closed up a Steam security hole that allowed for the hijacking of user accounts with minimal effort, which caused temporary account loss for some prominent streamers and DOTA 2 pros,...
Neglect Is Still The Biggest Threat To Data Security
When it comes to data security, we hear a lot about how cyber attackers are becoming more sophisticated or that cloud technology is full of risks. While these statements are true to some extent, both can be convenient excuses hiding a harsher truth. Today, neglect is actually one of the biggest threats to corporate data. Read More
Security advisories for Monday
Debian has updated expat (code execution), lxc (two vulnerabilities), and openjdk-7 (multiple vulnerabilities).Debian-LTS has updated expat(code execution), ghostscript (buffer overflow), and lighttpd (man-in-the-middle attack).Mageia has updated apache (MG4,5:two vulnerabilities), java-1.8.0-openjdk(MG5: multiple vulnerabilities), libuser(MG4,5: two vulnerabilities), and mariadb(MG4,5: multiple vulnerabilities).openSUSE has updated cacti (13.2,13.1: SQL injection), Chromium (13.2, 13.1:multiple vulnerabilities), java-1_7_0-openjdk (13.2, 13.1: multiplevulnerabilities), and java-1_8_0-openjdk(13.2: multiple vulnerabilities).Red Hat has updated chromium-browser (RHEL6: multiplevulnerabilities) and qemu-kvm (RHEL7: two vulnerabilities).
Punjab police station siege puts Indian security forces on high alert
Indian home minister vows ‘befitting reply’ and Pakistan condemns incident near border that left at least 10 dead, including three gunmenSecurity forces are on high alert in cities across India after gunmen attacked a police station, killing at least seven people in the north-western state of Punjab.Authorities said four police officers and three civilians had been confirmed dead in the siege, and eight more injured. All three of the attackers died. Continue reading...
Pakistan bans BlackBerry messaging, e-mail for “security reasons”
Move is part of government effort to expand monitoring of communications.
Valve patches security hole that enabled takeover of Steam accounts
Attacker could steal account with nothing but a username.
Valve closes Steam password reset security hole
Some Steam accounts were stolen during the period from July 21 to July 25 due to a security flaw in the service's password reset procedure, Kotaku reports. The hole, which Valve learned of on July 25, allowed an attacker to reset a Steam account's password without a security code using only the account's name. Valve claims it has since closed the security hole.This YouTube video shows how the attack worked. This user then ...Read more...
Indian security forces fire shots after militants seize police station – video
Indian security forces exchange fire with gunmen in the town of Gurdaspur in Punjab, northern India, near the border with Pakistan, after they fired shots at a bus station and took control of a police station. At least five people have been killed in the siege, and several more injured. Police try to disperse panicking crowds, who came out onto the street after hearing the gunfire Continue reading...
Palestinian man dies during attempted arrest by Israeli security forces
Mohammad Abu Latifa, 20, becomes third Palestinian in a week to be killed by IDF after he was shot and fell from a roofA Palestinian man has died during an attempted arrest by Israeli security forces, in the third such fatal incident in less than a week.
12345