Security blogs

Distribuir contenido
Some security blogs I followCNXriv2VjbgCfgont2013-07-01T21:55:27Z
Actualizado: hace 5 años 16 semanas

Cisco switches to weaker hashing scheme, passwords cracked wide open

Mar, 03/19/2013 - 12:25

Password cracking experts have reversed a secret cryptographic formula recently added to Cisco devices. Ironically, the encryption type 4 algorithm leaves users considerably more susceptible to password cracking than an older alternative, even though the new routine was intended to enhance protections already in place.

It turns out that Cisco's new method for converting passwords into one-way hashes uses a single iteration of the SHA256 function with no cryptographic salt. The revelation came as a shock to many security experts because the technique requires little time and computing resources. As a result, relatively inexpensive computers used by crackers can try a dizzying number of guesses when attempting to guess the corresponding plain-text password. For instance, a system outfitted with two AMD Radeon 6990 graphics cards that run a soon-to-be-released version of the Hashcat password cracking program can cycle through more than 2.8 billion candidate passwords each second.

By contrast, the type 5 algorithm the new scheme was intended to replace used 1,000 iterations of the MD5 hash function. The large number of repetitions forces cracking programs to work more slowly and makes the process more costly to attackers. Even more important, the older function added randomly generated cryptographic "salt" to each password, preventing crackers from tackling large numbers of hashes at once.

Read 7 remaining paragraphs | Comments

Categorías: Bundle Security blogs

Gift Acceptance Policies and Procedures for Nonprofit Organizations

Mar, 03/19/2013 - 10:25
06/06/2013 - Through effective gift acceptance policies and procedures, gift revenue may be increased for charitable organizations while tax and other benefits...(author unknown)
Categorías: Bundle Security blogs

Solar Leases: Legal, Business and Practical

Mar, 03/19/2013 - 10:21
05/16/2013 - Solar energy has been one of the few growth industries in an otherwise dismal economic environment. The leasing of rooftops, parking lots and land...(author unknown)
Categorías: Bundle Security blogs

What You Need to Know About Public Records and Open Meetings

Mar, 03/19/2013 - 10:09
06/11/2013 - Uncertain how public records and open meetings laws apply to you? Find out what Oregon law has to say about balancing the public's right to informa...(author unknown)
Categorías: Bundle Security blogs

Gauss

Mar, 03/19/2013 - 09:44

Nice summary article on the state-sponsored Gauss malware.

schneier
Categorías: Bundle Security blogs

EA Origin Exploit Lets Hackers Control Your PC

Mar, 03/19/2013 - 09:07

ReVuln, the company who revealed a potential exploit within the Steam client last October, have done it again. This time they demonstrated in front of an audience at a Black Hat security conference in Amsterdam that hackers could easily hijack computers with EA’s Origin client installed. There are caveats, however.

Tags: EAGamesSecurityl33tdawg
Categorías: Bundle Security blogs

Harnessing the Power of a Well-Delivered Workspace

Mar, 03/19/2013 - 09:07
03/26/2013 - The desktop landscape has shifted dramatically since the launch of Windows XP. The future revolves around flexible, intuitive, and interactive devi...(author unknown)
Categorías: Bundle Security blogs

FinFisher spyware goes global, mobile and undercover

Mar, 03/19/2013 - 07:46

Security researchers have warned that the controversial FinFisher spyware has been updated to evade detection and has now been discovered in 25 countries across the globe, many of them in APAC.

FinFisher, also known as FinSpy, is produced by Anglo/German firm Gamma International and marketed as a “lawful interception” suite designed for law enforcers to monitor suspected criminals.

Tags: FinFisherSecuritySpywarel33tdawg
Categorías: Bundle Security blogs

Weev sentenced for over three years after stealing iPad data

Mar, 03/19/2013 - 07:42

A computer hacker has landed in jail for three years and five months after stealing data from iPads belonging to approximately 120,000 users.
hacker us sentence ipad users

Apple's iPad found itself the hacker's target through infiltrating the AT&T network, Reuters reports. Not only were normal United States citizens affected, but New York Mayor Michael Bloomberg, Harvey Weinstein and TV news anchor Diane Sawyer also bore the brunt of the attack.

Tags: iPadApplePrivacySecurityATTLaw and Orderl33tdawg
Categorías: Bundle Security blogs

Google pays $40K to 'Pinkie Pie' for partial hack of Chrome OS

Mar, 03/19/2013 - 07:38

Google today said it had paid a researcher $40,000 for a partial exploit of Chrome OS at its Pwnium 3 hacking contest two weeks ago.

The researcher, known as "Pinkie Pie," was the only participant who submitted an exploit during the challenge Google ran March 7 at CanSecWest, the Canadian security conference which also hosted the eighth-annual Pwn2Own contest.

Tags: GoogleSecurityl33tdawg
Categorías: Bundle Security blogs

JPMorgan Chase glitch displays customers as zero

Mar, 03/19/2013 - 07:36

Customers of JPMorgan Chase reported seeing zero balances in their accounts both online and on mobile, and speculated that the bank's systems had been hacked into.

The bank however clarified late Monday that it was having a technology problem regarding customers' balance information that it was working to resolve.

Tags: JPMorganIndustry Newsl33tdawg
Categorías: Bundle Security blogs

ITU Secretary General Wants World to Get 20Mbps Broadband by 2020

Mar, 03/19/2013 - 06:58

The Secretary-General of the International Telecommunication Union, Dr Hamadoun Touré, has told the 7th Meeting of the Broadband Commission in Mexico City that he’d like to “dream big” and set a new goal to ensure that everybody in the world can access broadband internet speeds of 20Mbps for $20 a month (£13.25) by 2020.

Tags: ITUIndustry NewsNetworkingl33tdawg
Categorías: Bundle Security blogs

7 paths to spotting and spurring hidden IT talent

Mar, 03/19/2013 - 06:55

Everyone knows the secret to business success is to hire great talent. But some of the most talented employees around might already be working for you -- and you may not even know it.

Tags: Industry Newsl33tdawg
Categorías: Bundle Security blogs

HP's Itanium secrets cost us $95 million, Oracle says

Mar, 03/19/2013 - 06:52

Hewlett-Packard misled IT buyers about plans to phase out its Itanium server platform and in the process stole potential sales from Oracle and other rivals, costing Oracle about US$95 million in profits, the company plans to testify in a jury trial starting next month.

Tags: HPOracleIndustry Newsl33tdawg
Categorías: Bundle Security blogs

IMDEX Asia 2013

Mar, 03/19/2013 - 04:43
05/14/2013 - IMDEX Asia – Asia Pacific’s Flagship Maritime Defence Show IMDEX Asia 2013, 9th edition in the series, will be held from 14 to 16 May 2...(author unknown)
Categorías: Bundle Security blogs

Learn FPDS-NG to Increase Your Knowledge and Your Business

Mar, 03/19/2013 - 00:29
04/19/2013 - The Federal Procurement Data System - Next Generation (FPDS-NG) contains information on contracts whose estimated value is $3,000 or more and every...(author unknown)
Categorías: Bundle Security blogs

Same hacker may have targeted Ars, reporter Krebs, and Wired’s Honan

Lun, 03/18/2013 - 23:05

Security reporter Brian Krebs has uncovered some details about one of the people tied to the denial of service attack on his site and the fraudulent 911 call that brought armed police to Krebs' doorstep. It turns out the hacker may have delivered grief to another technology reporter not too long ago: Mat Honan. And, yes, that hacker appears to have used accounts tied to Friday's DOS attack on Ars.

Krebs connected with the operator of TwBooter (booter.tw) who told the reporter that the accounts used to launch said attacks were taken over by a hacker who goes by Phobia. (The TwBooter operator wouldn't explain how he knew, however.) Other leads Krebs uncovered pointed to a group of gamers and hackers called "Team Hype," upset by his reporting on the identity theft clearinghouse site ssndb.ru—because they, apparently, had been using information from the site to take over the Xbox Live gamertags of Microsoft employees before selling them to other players.  One of the members of that group was known as Phobia.

According to Krebs' source, Phobia had been bragging to others that he was responsible for both the DOS attack on Krebs' site and the call that brought armed police to his house. But Phobia, who had until recently used the Twitter account @PhobiaTheGod, had his personal details exposed as well. He had been "doxed" on the site Skidpaste.org. So Krebs decided to use that information to give Phobia a call.

Read 1 remaining paragraphs | Comments

Categorías: Bundle Security blogs

National 8(a) Association Summer Conference

Lun, 03/18/2013 - 19:54
06/11/2013 - The National 8(a) Association offers comprehensive understanding of the unique business of federal contracting. Our conferences feature key governm...(author unknown)
Categorías: Bundle Security blogs

Details on the denial of service attack that targeted Ars Technica

Lun, 03/18/2013 - 19:20
Aurich Lawson / Thinkstock

Last week, Security Editor Dan Goodin posted a story about the "swatting" of security reporter Brian Krebs and the denial of service attack on Krebs' site. Soon after, Ars was targeted by at least one of the individuals behind the Krebs attack. On Friday, at about noon Eastern Daylight Time, a denial of service attack struck our site, making connectivity to Ars problematic for a little less than two hours.

The attack continued to run throughout Friday. At 9pm EDT, when our hosting provider brought down one of the filters that had been put in place to thwart it, it quickly became apparent that the attack was still underway, and the filter was restored. The most aggressive filters were finally removed on Saturday.

At least in part, the offensive used the same attack tool and user credentials that were involved in the denial-of-service (DoS) attack on Krebs On Security, as Krebs himself revealed in a blog post. The attackers used multiple accounts on TwBooter, a "booter" site that provides denial of service attacks as a paid service (ostensibly for security testing purposes), to launch an automated, denial of service attack on Ars. And at least one of those logins was also used to attack Krebs' site.

Read 13 remaining paragraphs | Comments

Categorías: Bundle Security blogs

Export Forum: Opportunities for Western Massachusetts Exporters

Lun, 03/18/2013 - 18:47
05/10/2013 - Today's global economy provides opportunities for businesses around the world. Come learn what it takes to achieve export success from those who ha...(author unknown)
Categorías: Bundle Security blogs