Security blogs

Distribuir contenido
Some security blogs I followCNXriv2VjbgCfgont2013-07-01T21:55:27Z
Actualizado: hace 8 años 12 semanas

Bug in EA’s Origin game platform allows attackers to hijack player PCs

Lun, 03/18/2013 - 18:10
One scenario for using EA's Origin service as an attack platform to execute malicious code on end-user computers. ReVuln

More than 40 million people could be affected by a vulnerability researchers uncovered in EA's Origin online game platform allowing attackers to remotely execute malicious code on players' computers.

The attack, demonstrated on Friday at the Black Hat security conference in Amsterdam, takes just seconds to execute. In some cases, it requires no interaction by victims, researchers from Malta-based ReVuln (@revuln) told Ars. It works by manipulating the uniform resource identifiers EA's site uses to automatically start games on an end user's machine. By exploiting flaws in the Origin application available for both Macs and PCs, the technique turns EA's popular game store into an attack platform that can covertly install malware on customers' computers.

"The Origin platform allows malicious users to exploit local vulnerabilities or features by abusing the Origin URI handling mechanism," ReVuln researchers Donato Ferrante and Luigi Auriemma wrote in a paper accompanying last week's demonstration. "In other words, an attacker can craft a malicious Internet link to execute malicious code remotely on [a] victim's system, which has Origin installed."

Read 5 remaining paragraphs | Comments

Categorías: Bundle Security blogs

GIS for Government

Lun, 03/18/2013 - 16:35
06/24/2013 - As you may be aware, nearly every federal and local agency leverages GIS. This is the case because GIS increases operational productivity and provi...(author unknown)
Categorías: Bundle Security blogs

Soldier Equipment & Technology Expo 2013

Lun, 03/18/2013 - 16:29
06/18/2013 - Get hands-on experience with an expansive array of advanced operational and tactical gear, participate in product demonstrations, and provide feedb...(author unknown)
Categorías: Bundle Security blogs

Data Center Consolidation

Lun, 03/18/2013 - 16:13
05/21/2013 - Federal Data Center Consolidation: Meeting Deadlines and Creating Opportunities In 2010, the Federal Data Center Consolidation Initiative was imple...(author unknown)
Categorías: Bundle Security blogs

A 1962 Speculative Essay on Computers and Intelligence

Lun, 03/18/2013 - 16:00

From the CIA archives: Orrin Clotworthy, "Some Far-out Thoughts on Computers," Studies in Intelligence v. 6 (1962).

Categorías: Bundle Security blogs

Advanced DCAA Government Contractors Compliance Webinar

Lun, 03/18/2013 - 14:23
05/21/2013 - Advanced DCAA Government Contractors Compliance Webinar Speakers: George Bulpitt Location: Online 8:00-8:30 MST INTRODUCTION, George Bulpitt 8:30 -...(author unknown)
Categorías: Bundle Security blogs

Tools of the Trade: cvrfparse

Lun, 03/18/2013 - 13:24
In this article, you will be provided a thorough treatise on an in-house developed tool for parsing and validating CVRF documents aptly named "cvrfparse". The article is split into two parts. The first part, intended for CVRF document producers and consumers, is a hands-on manual detailing how to use cvrfparse. The second part, intended for burgeoning Python programmers, explores some of the inner workings of the tool.Mike Schiffman
Categorías: Bundle Security blogs

Prison Escape

Lun, 03/18/2013 - 12:38

Audacious daytime prison escape by helicopter.

The escapees have since been recaptured.

Categorías: Bundle Security blogs

Week 11 in Review – 2013

Lun, 03/18/2013 - 12:33

Event Related


  • Introduction to WMI Basics with PowerShell Part 1 (What it is and exploring it with a GUI) –
    WMI is the Microsoft implementation of Web-Based Enterprise Management (WBEM), with some enhancements in the initial version of it, WBEM is a industry initiative to develop a standard technology for accessing management information in an enterprise environment that covers not only Windows but also many other types of devices like routers, switches, storage arrays …etc.
  • Blog Archive Thoughts on signed executables –
    In thinking about making an application to do white-listing on Windows, one of the first questions you have is how do you identify what to trust?
  • Virtual Patching Cheat Sheet – OWASP –
    The goal with this cheat Sheet is to present a concise virtual patching framework that organizations can follow to maximize the timely implementation of mitigation protections.
  • America’s Next Top Module –
    These stats are gathered roughly monthly from the Metasploit exploit database backend, and tend to have a pretty strong recency bias — modules that recently got a lot of press or Twitter buzz tend to shoot up to the top of the list.
  • Windows Auth – The Nightmare Begins (SSO) –
    I’m going to start with an overview of Windows authentication and why it’s such a large, complicated, unwieldy beast.
  • The Pentester’s Guide to Akamai –
    I’m happy to announce we’ve just published a new technical whitepaper based on knowledge gained assessing sites located behind Akamai.
  • Security of RC4 Stream Cipher –
    We published a first plaintext recovery attack of RC4 in the broadcast setting where same plaintext is encrypted by different user keys at FSE 2013 (earlier than AlFardan-Bernstein-Paterson-Poettering-Schuldt Results).



  • How I Hacked Any Facebook Account…Again! –
    This is my second post regarding Facebook OAuth Vulnerabilities.
  • Phishing Techniques: Similarities, Differences and Trends Part II: Targeted Phishing –
    Spear-phishing is a technique by which a cyber-criminal falsely presents himself in an electronic communication as a CEO, director, manager or a subordinate (an insider) of a particular firm or department of government where his victim works to earn their trust, or he impersonates an entity which is either trusted by the targeted firm/government or the latter has relations or obligations towards it.
  • PowerShell Basics – Extending the Shell with Modules and Snapins –
    There is a big miss conception with people starting with PowerShell when they install some server products like Exchange or SharePoint and the programs place a shotcut to what they call a “Management Shell” it is nothing more than PowerShell with a loaded Module or PSSnapin. As you will see extending the shell is quite simple and flexible.

Vendor/Software Patches


Other News

Categorías: Bundle Security blogs

Fundamentals of Exporting @ the BPL

Lun, 03/18/2013 - 12:21
04/03/2013 - Would you like to expand your business internationally? Have you had some international inquiries, but weren’t sure how to handle them? Or, d...(author unknown)
Categorías: Bundle Security blogs

Exporting Temporary, Repair, Replacement and Hand-Carry Shipments (Two Parts)

Lun, 03/18/2013 - 12:12
06/07/2013 - Is your company paying duties and taxes on temporary shipments or on shipment of goods covered under warranty? Are these shipments getting stuck in...(author unknown)
Categorías: Bundle Security blogs

Compliance Alliance Networking Briefing

Lun, 03/18/2013 - 12:08
06/20/2013 - Many exporters frequently find themselves as a party to routed export transactions, where the foreign customer (or Foreign Principal Party in Inter...(author unknown)
Categorías: Bundle Security blogs

PwC 2013 "State Of The Profession Survey" Finds Strong Needs Exist For Internal Audit To Deliver More Value To Organizations

Lun, 03/18/2013 - 10:33
Study reveals that organizations have more work to do to align stakeholders’ expectations(author unknown)
Categorías: Bundle Security blogs

ThreatTrack Security, Inc. Launches To Compete With FireEye In Advanced Malware Detection

Lun, 03/18/2013 - 10:29
GFI Software spins security business Unit into a separate company(author unknown)
Categorías: Bundle Security blogs

Big Data & Analytics in Government

Lun, 03/18/2013 - 09:52
05/22/2013 - The Big Data & Analytics in Government Innovation Summit is exclusive to government professionals and agencies. This is a private summit which...(author unknown)
Categorías: Bundle Security blogs

Skype can be intercepted by intelligence agencies

Lun, 03/18/2013 - 05:10

Unverified reports in Russian media claim that conversations over Skype can be eavesdropped by intelligence agencies which can also determine the location of users.

First reported in the Russian-language Vedomosti newspaper last week, the Federal Security Service (FSB) has had the ability to intercept Skype calls for "a couple of years" and often do so without a court warrant. As a result, some Russian companies are banning staff from using Skype out of concern that their communications are secretly listened to.

Tags: SkypeSecurityPrivacyl33tdawg
Categorías: Bundle Security blogs

Huawei 3G/4G USB sticks put users' security at risk

Lun, 03/18/2013 - 05:08

At the Black Hat Europe conference that is currently in progress, Russian security expert Nikita Tarakanov has presented the results of his analysis of the driver software that Huawei ships with its 3G/4G USB sticks. According to the researcher, the various components – drivers, configuration software, update mechanisms – are all of insufficient quality.

Tags: HuaweiSecurityl33tdawg
Categorías: Bundle Security blogs

$429,000 per year for mobile computing security mishaps is a compelling number

Lun, 03/18/2013 - 05:06

If mobile security isn't on your mind, you are not reading enough news, you are a Blackberry device user, you are a "It won't happen to me" type or you are a phisherman, scammer or malware proliferator. Mobile security is at or near the top of everyone's security lists. As it should be. Mobile security is muddied by a lot of vendor hype and marketing confusion. What do you believe and whom should you believe about mobile security?

Tags: Securityl33tdawg
Categorías: Bundle Security blogs

Polish president's computer network attacked

Lun, 03/18/2013 - 05:02

Hackers have broken into the computer network of the Polish president's office and attempted to spread a computer virus in the form of an email attachment.

Similar incidents have taken place at several other government offices this month, including the Defence and Foreign Affairs Ministries.

Tags: PolandSecurityl33tdawg
Categorías: Bundle Security blogs

Filipino hackers deface their own government's website over Sabah issue

Lun, 03/18/2013 - 04:58

Filipino hackers defaced the Philippines’ government telecommunications website yesterday, accusing Philippine President Benigno Aquino III of being “pro-Malaysian” amid the Sabah armed conflict with Sulu militants, Philippine broadcaster ABS-CBN News reported.

Anonymous Philippines previously hacked the Philippine president’s official website last Tuesday, with the hacker group lambasting Aquino for doing nothing to stop the alleged human rights violations against Filipinos in Sabah.

Tags: HackersPhilippinesMalaysiaSecurityl33tdawg
Categorías: Bundle Security blogs