Security blogs

Distribuir contenido
Some security blogs I followCNXriv2VjbgCfgont2013-07-01T21:55:27Z
Actualizado: hace 8 años 16 semanas

Security experts warn about Iran and North Korea hackers

Lun, 03/25/2013 - 04:04

 Cyberattacks supposedly originating from China have raised alarms in recent weeks, but U.S. businesses and government agencies should worry as much about Iran and North Korea, a group of cybersecurity experts said.

China and Russia have significantly more sophisticated cyberthreat capabilities than do Iran and North Korea, but the two smaller countries are cause for concern in international cybersecurity discussions, the experts told a U.S. House of Representatives subcommittee last wek.

Tags: IranNorth KoreaHackersSecurityl33tdawg
Categorías: Bundle Security blogs

Social media hacking: What do you do when your brand gets hijacked

Lun, 03/25/2013 - 04:03

We all know that having your social media account hacked is a common occurrence, one that’s usually nothing more than an inconvenience. When it happens to a personal account it’s something that can be soon overcome. However, when it happens to a brand account it’s much more damaging.

Quite a few high profile accounts have been hacked recently, the most ‘amusing’ one being the attack on Burger King’s Twitter account which hackers ‘rebranded’ as McDonalds.

Tags: SecurityIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Did Anonymous Hack Israel's Mossad Spy Agency?

Lun, 03/25/2013 - 04:00

The hackivists at Anonymous, along with Turkish and other hackers, are claiming they hacked into Israel‘s Mossad spy agency. More specifically, Turkish group Red Hack claims to have stolen the names, locations, phone numbers and email addresses of 30,000 Mossad agents, while Sector 404 launched a distributed denial of service (DDOS) to paralyze Mossad’s Web site. The leaked documents can be found here.

Tags: AnonymousRedHackIsraelHackersSecurityl33tdawg
Categorías: Bundle Security blogs

Nonghyup Attack Traced to IP Address in S.Korea

Lun, 03/25/2013 - 03:57

The malware that paralyzed the internal computer network at agricultural lender Nonghyup during a massive cyber attack on banks and broadcasters here last Wednesday has been traced to one of its own IP addresses, not a Chinese IP address as originally believed.

But that does not necessarily mean the attack was launched by a South Korean hacker because the Nonghyup IP address is believed to be that of an intermediate router rather than the original source of the cyber-attack.

Tags: SecurityHackersKoreal33tdawg
Categorías: Bundle Security blogs

HP to Seek $4 Billion in Damages From Oracle Over Itanium

Lun, 03/25/2013 - 03:51

Hewlett-Packard and Oracle are beginning to outline the arguments they’ll be presenting next month when a jury trial starts in the second phase of their court dispute over Intel’s Itanium platform.

In a hearing earlier this month, HP officials indicated they planned to seek damages from Oracle of $4 billion or more, saying the software giant damaged its high-end server business when Oracle officials announced in 2011 that the company would no longer support the Itanium platform, saying that Intel was planning to end the chip line.

Tags: HPOracleLaw and Orderl33tdawg
Categorías: Bundle Security blogs

DEF CON Video Deals at The Source of Knowledge!

Lun, 03/25/2013 - 03:50
The Source of Knowledge has some specials on DEF CON 20 Videos and an early bird special for the DEF CON 21 talks! you can check them out at http://tsok.net/defcon21/index.html. Offers good through June 30.(author unknown)
Categorías: Bundle Security blogs

Windows Blue leaks online

Lun, 03/25/2013 - 03:49

An early build of Windows Blue, the next version of Windows, has leaked online on the same day that Microsoft CEO Steve Ballmer celebrates his 57th birthday. Build 9364, a partner version that was originally compiled on March 15th, has been made available on file sharing sites and includes some of the new changes that Microsoft is building into its significant Windows 8 update.

Tags: Microsoftl33tdawg
Categorías: Bundle Security blogs

Jury rules Cisco owes $70 million for patent fraud

Lun, 03/25/2013 - 03:47

On Friday evening, a jury ruled that Cisco owes patent licenser XpertUniverse Inc $70 million in damages for obtaining patented technology in a fraudulent manner, Reuters reported. The jury ruled that Cisco owed an additional $34,000 for violating two XpertUniverse patents, as well.

Tags: CiscoLaw and Orderl33tdawg
Categorías: Bundle Security blogs

10 Things You Didn't Know Your Web Browser Could Do Yet

Lun, 03/25/2013 - 03:45

Web browsers have been growing up over the past few years. Now that Internet Explorer 6’s hold on the web has been broken, browsers have been implementing a variety of cool new features that websites are taking advantage of today.

This article focuses on new web technologies that you can use on actual web pages today. Sure, some of you have no doubt heard of many of these, but the majority of people haven’t heard of all of them.

Tags: TechnologySoftware-Programmingl33tdawg
Categorías: Bundle Security blogs

The Risk of faulty Metrics and Statistics

Sáb, 03/23/2013 - 20:55
It’s never a bad idea to see what the outside world looks like. If you intend to go for a walk, you will probably consult the weather report in advance. If you plan to invest money (either for fun or for savings), you will most certainly gather information about the risks involved. There are a [...]lynx
Categorías: Bundle Security blogs

Taiwán señala a China como responsable de ciberataques

Sáb, 03/23/2013 - 12:58
El director general de la oficina de seguridad nacional de Taiwán, Tsai De-Sheng, señaló a China como responsable de los ciberataques sufridos por Taiwán. El Gobierno de Taiwán ha creado una oficina de seguridad de la información.El Gobierno de Taiwán apunta a China como responsable de los ciberataques que está sufriendo la isla. Tsai De-sheng, director general de la oficina de seguridad noreply@blogger.com (Seguridad de la Información)
Categorías: Bundle Security blogs

¿Qué debe hacer su empresa para cumplir con las expectativas de los clientes sobre privacidad y seguridad?

Sáb, 03/23/2013 - 12:56
A medida que avanza el trabajo portátil, la información corporativa ya no se queda sólo en la empresa y comienza a ser móvil también. Por eso, se vuelve clave contar con políticas que permitan dar movilidad pero sin perder el control de la información.   Hoy la seguridad de los datos almacenados en soportes informáticos está en un punto de quiebre. Organizaciones de todo tipo y de ámbitos noreply@blogger.com (Seguridad de la Información)
Categorías: Bundle Security blogs

Google Is Making a Smart Watch Too

Sáb, 03/23/2013 - 12:20

The Financial Times is reporting that Google is making its own version of a smart watch. What's interesting is that it's not Google's experimental arm X Labs developing the watch but rather Google's Android unit.

According to FT, this smart watch would be completely different from Samsung's smart watch (which is also reportedly

(author unknown)
Categorías: Bundle Security blogs

Comienza la VII cumbre anual de operaciones contra el crimen electrónico

Sáb, 03/23/2013 - 10:37
El encuentro será del 23 al 25 de abril en la Ciudad. Hará foco en la naturaleza cambiante del crimen cibernético y los desafíos que enfrentan los asistentes para lidiar con un escenario de amenazas Del 23 al 25 de abril se realizará la VII Cumbre anual del crimen electrónico, Counter-eCrime Operations Summit (CeCOS VII), en el Hotel NH City. El programa estará distribuido en un evento de noreply@blogger.com (Seguridad de la Información)
Categorías: Bundle Security blogs

Tallinn Manual on the International Law Applicable to Cyber Warfare

Sáb, 03/23/2013 - 07:00
 landmark document created at the request of NATO has proposed a set of rules for how international cyberwarfare should be conducted. Written by 20 experts in conjunction with the International Committee of the Red Cross and the US Cyber Command, theTallinn Manual on the International Law Applicable to Cyber Warfare analyzes the rules of conventional war and applies them to state-sponsored noreply@blogger.com (Seguridad de la Información)
Categorías: Bundle Security blogs

The Call For Def Con Capture The Flag Organizers Is Now Complete!

Sáb, 03/23/2013 - 05:31

On behalf of all the hundreds of staff, volunteers, and community that make DEF CON happen I would like to thank all of the teams, groups, and companies that submitted their vision of how they would run Capture the Flag at DEF CON 21 and beyond.

It was very hard to for us at DEF CON World Domination HQ to decide on which vision, and ultimately which team, would have the responsibility of seeing the great CTF tradition into the future. With a record number of five well thought out submissions there were many things that went into our final decision from size of team, resources needed, and the look and feel of the contest. Ultimately the following factors weighed heavily:

- Past experience running or participating in high pressure and large scale CTFs
- Past experience of organizers in being respected by the community and having skillz
- A clearly articulated vision for how CTF would evolve under their direction
- A focus on gameplay and describing the scoring system with an eye toward observer education
- Increased transparency

Thank you again to the five teams that did not get selected, we wish you the best of luck and success in your future contests.

And now without any further ado we would like to announce the new organizers!

Legitimate Business Syndicate http://legitbs.net/

(author unknown)
Categorías: Bundle Security blogs

Apple suspends password resets after critical account-hijack bug is found (Updated)

Vie, 03/22/2013 - 21:55

Update: Apple restored the password resets on Friday night.

Apple suspended the password-reset functionality for its iCloud and iTunes services following a published report that hackers could exploit it to hijack other people's accounts.

The password reset page stopped loading a few hours after The Verge reported there was an online tutorial that provided detailed instructions for taking unauthorized control of Apple accounts. The report didn't identify the website or the precise technique, except to say it involved "pasting in a modified URL while answering the DOB security question on Apple's iForgot page."

Read 4 remaining paragraphs | Comments

Categorías: Bundle Security blogs

Apple blocks ad-injecting Mac trojan, Yontoo

Vie, 03/22/2013 - 19:17

A day after Russian anti-virus firm Doctor Web highlighted an adware Mac trojan called "Yontoo," Apple has moved to block it. Confirmed by Intego, Apple has updated the definitions included in OS X's Xprotect.plist in order to detect the adware, meaning users don't need to run anything special in order to be protected.

"In testing, it appears this detection is very specific and potentially location-dependent," wrote Intego. "This extra specificity is likely there so as to catch only the surreptitious installations of this file."

As we wrote on Thursday, the Yontoo adware socially engineers users into installing it as a browser plugin. Once it's installed into Safari, Firefox, and Chrome, the plugin injects advertising into the websites you're visiting—including those that don't even normally show ads.

Read 1 remaining paragraphs | Comments

Categorías: Bundle Security blogs

Friday Squid Blogging: Giant Squid Genetics

Vie, 03/22/2013 - 19:12

Despite looking very different from each other and being distributed across the world's oceans, all giant squid are the same species. There's also not a lot of genetic diversity.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

schneier
Categorías: Bundle Security blogs

Two-Step Verification For Apple ID Consistent With Authentication Trends

Vie, 03/22/2013 - 18:47

Apple’s introduction of two-step verification for Apple IDs is consistent with the trend in the industry to strengthen user authentication practices. Facebook has been experimenting with one-time passwords and social CAPTCHA authentication; Google began offering 2-step verification a while back. It’s great to see Apple get onto this bus.

Apple explains that “two-step verification is an optional security feature for your Apple ID.” To activate it, sign into My Apple ID on Apple’s website and go to the Password and Security area. You will then have the ability to specify which “trusted devices” associated with your Apple ID you wish to use as the second authentication token.

When designating a trusted device, such as an iPhone or an iPad, Apple will send a 4-digit verification code, which will pop up on the device almost instantaneously. You’ll need to enter the code on Apple’s website to confirm that you’re in the possession of the device.

Once you’ve enabled two-step verification, you’ll need to verify that you still have the device whenever you login to the My Apple ID website, when you “make an iTunes, App Store, or iBookstore purchase from a new device” or when you attempt to “get Apple ID-related support from Apple.”

For example, after signing into the My Apple ID website with your username and password, you’ll be presented with the prompt to “verify your identity” using one of the enrolled devices.

A pop-up like this will appear on the designated trusted device:

If your device is locked when the code is delivered, you will need to unlock it before seeing the code. The overall experience is a bit more streamlined than what Google uses, because Google requires the user to install and the activate the Google Authenticator app on the mobile device.

Receiving the code requires an active data connection. If you are using an iPhone, don’t have data but are able to receive SMS, Apple can send a verification code to your a verified phone via SMS. To take advantage of this feature, you need to verify the phone number through the My Apple ID website.

When activating the two-step verification option, Apple automatically generates a Recovery Key, which can be used as an authentication token if you lose access to a trusted device:

Google, Apple and to some extent Facebook now give users the option of strengthening their account authentication process. It’s only a matter of time before other industry giants, such as Twitter, jump in. Perhaps stronger authentication becomes the norm, we might see some innovation in making it more reliable and convenient for end-users.

Lenny Zeltser

(author unknown)
Categorías: Bundle Security blogs