Free Republic 3rd Quarter Fundraising Target: $88,000 Receipts & Pledges to-date: $76,948
87%  
Woo hoo!! And now over 87%!! Less than $11.1k to go!! Let's git 'er done!! Thank you all very much!!

Keyword: security

Brevity: Headers | « Text »
  • TSA At The Movies: Theater Chain Looks To Bring Security Theater To The Movie Theater

    08/23/2015 12:59:30 AM PDT · by Enlightened1 · 43 replies
    Tech Dirt ^ | 08/21/15 | Tim Crushing
    from the more-hassle,-same-safety dept Thanks to a string of theater-related tragedies, going to the theater is about to become as enjoyable as going to the airport. Following two recent deadly incidents at movie theatres in the US, the Regal Entertainment Group – the nation’s largest movie theater chain – this week added a bag and purse check policy as a security measure in some of the 569 theaters it operates. “Security issues have become a daily part of our lives in America. Regal Entertainment Group wants our customers and staff to feel comfortable and safe when visiting or working in...
  • Influential people worldwide wrote Clinton on her personal email address

    08/14/2015 2:45:51 PM PDT · by SeekAndFind · 20 replies
    McClatchy DC ^ | 08/14/2015 | BY ANITA KUMAR AND CORINNE KENNEDY
    WASHINGTON -- Some 90 people, including lobbyists for foreign governments, lawmakers, top Obama aides and State Department employees, communicated directly with Hillary Clinton during her tenure as secretary of state using her personal email address, according to a McClatchy review of thousands of her recently released emails. Many people said they were surprised when it was revealed in the spring that Clinton relied on a private email account on a private server in her Chappaqua, N.Y., home to conduct official business during her four years as Obama’s secretary of state. But the review of emails shows influential people in Washington...
  • Android security on the ropes with one-two punch from researchers (Link only due to copyright)

    08/13/2015 9:27:48 PM PDT · by Swordmaker · 14 replies
    Ars Technica — LINK ONLY | by Dan Goodin
    Faulty Stagefright patch and newly reported sandbox bypass leave users exposed. Link only due to copyright infringement issues from Ars Technica. Read more at the link. READ THE ARTICLE AT ARS TECHNICA: Android security on the ropes with one-two punch from researchers
  • Waiting for Android’s inevitable security Armageddon (Link Only due to copyright issues)

    08/11/2015 9:33:12 PM PDT · by Swordmaker · 34 replies
    Ars Technica — LINK ONLY | August 10, 2015
    Supported Android 5.1 Devices that might be updated to patch security issues and All Others that will not be updated. LINK TO THE ARTICLE: Editorial: Android's update strategy doesn't scale, and that's recipe for disaster. Read the article at the link above. . . cannot be posted on FreeRepublic due to copyright issues.
  • Sweden boosts security for asylum seekers after IKEA attack

    08/11/2015 10:21:06 AM PDT · by wtd · 18 replies
    Reuters ^ | Tue. Aug 11, 2015 BST | Anna Ringstrom
    Sweden boosts security for asylum seekers after IKEA attack "Police in central Sweden have increased security at asylum lodgings, fearing a backlash after two Eritrean asylum-seekers were suspected of murdering two people at an IKEA store. A man and a woman were killed in a knife attack at an IKEA store in the city of Vasteras on Monday. Two suspects were detained by police, one of whom was seriously injured.
  • Apple to zap DYLD bug in forthcoming Mac OS X security update

    08/06/2015 9:24:25 AM PDT · by for-q-clinton · 8 replies
    Trusted Reviews ^ | 5 Aug 2015 | Chris Smith
    Apple is reportedly working on a fix to eradicate a dangerous bug that could allow unauthorised users access to Mac OS X Yosemite machines. The Guardian’s sources say Apple will release a security update to wipe out the so-called "zero day" DYLD bug as soon as possible. The “privilege escalation” bug potentially allows third parties to gain administrator access to a Mac without a password. The fix for Mac OS X 10.10.5 Yosemite will arrive shortly, ending worries that the vulnerability wouldn't be plugged before the next version, El Capitan, comes this autumn. In the meantime, the paper says Apple...
  • The Obama Plan to Nuclearize Iran

    08/06/2015 4:58:47 AM PDT · by Hombre Malevo · 9 replies
    Gatestone Institute ^ | August 6, 2015 | Bassam Tawil
    Obama's solution? To let Iran have legitimate nuclear bombs in a few years, along with intercontinental ballistic missiles to deliver them to the U.S. -- or perhaps from America's soft underbelly, South America, where Iran has been acquiring uranium and establishing bases for years. Or perhaps launched from submarines off America's coast, which would make the identity of the attacker unknowable and a response therefore impossible. Incredibly, America's politicians do not even seem to seem to be concerned about that.
  • Obama: wrong, wrong, wrong, wrong, and wrong again about Iran

    08/06/2015 4:30:26 AM PDT · by Hombre Malevo · 10 replies
    Daily Signal ^ | 08/06/2015 | Michaela Dodge
    Obama said, "Between now and the congressional vote in September, you are going to hear a lot of arguments against this deal, backed by tens of millions of dollars in advertising.” This assertion is flat-out wrong.
  • Obama Administration War Against Apple and Google Just Got Uglier

    07/31/2015 9:30:30 PM PDT · by Swordmaker · 27 replies
    the Intercept Unofficial Sources — FirstLook.org ^ | July 30, 2015 | by Jenna McLaughlin
    p>The Obama administration’s central strategy against strong encryption seems to be waging war on the companies that are providing and popularizing it: most notably Apple and Google. The intimidation campaign got a boost Thursday when a blog that frequently promotes the interests of the national security establishment raised the prospect of Apple being found liable for providing material support to a terrorist.Benjamin Wittes, editor-in-chief of the LawFare blog, suggested that Apple could in fact face that liability if it continued to provide encryption services to a suspected terrorist. He noted that the post was in response to an idea raised by Sen....
  • CISA: the dirty deal between Google and the NSA that no one is talking about

    07/29/2015 10:43:18 PM PDT · by Brad from Tennessee · 4 replies
    The Hill ^ | July 29, 2015 | By Evan Greer and Donny Shaw
    One of the things that civil liberties activists like to lament about is that the general public seems to care more about Google and Facebook using their personal data to target advertising than the government using it to target drone strikes. The reality is that both types of abuse are dangerous, and they work hand in hand. It’s hard to find a more perfect example of this collusion than in a bill that’s headed for a vote soon in the U.S. Senate: the Cybersecurity Information Sharing Act, or CISA. CISA is an out and out surveillance bill masquerading as a...
  • Experian Hit With Class Action Over ID Theft Service

    07/21/2015 2:17:21 PM PDT · by snarkpup · 1 replies
    Krebs on Security ^ | July 21, 2015 | Brian Krebs
    Big-three credit bureau Experian is the target of a class-action lawsuit just filed in California. The suit alleges that Experian negligently violated consumer protection laws when it failed to detect for nearly 10 months that a customer of its data broker subsidiary was a scammer who ran a criminal service that resold consumer data to identity thieves.
  • The US agency plundered by Chinese hackers made one of the dumbest security moves possible

    07/12/2015 12:37:06 AM PDT · by Libloather · 47 replies
    Business Insider ^ | 6/18/15 | Natasha Bertrand
    Contractors in Argentina and China were given "direct access to every row of data in every database" when they were hired by the Office of Personnel Management (OPM) to manage the personnel records of more than 14 million federal employees, a federal consultant told ArsTechnica. The massive breach of OPM's database — made public by the Obama administration this month — prompted speculation over why the agency hadn't encrypted its systems, which contain the sensitive security clearance and background information for intelligence and military personnel. Encryption, however, according to Ars, would not have helped in this case because administrators responsible...
  • No One Is Safe: $300 Gadget Steals Encryption Keys out of the Air, and It’s Nearly Unstoppable

    07/08/2015 6:56:44 PM PDT · by 2ndDivisionVet · 27 replies
    BGR ^ | July 8, 2015 | Zach Epstein
    Just when you thought you were safe, a new hacking toy comes along and rocks your world. Imagine a tool exists that lets hackers pluck encryption keys from your laptop right out of the air. You can’t stop it by connecting to protected Wi-Fi networks or even disabling Wi-Fi completely. Turning off Bluetooth also won’t help you protect yourself. Why? Because the tiny device that can easily be hidden in an object or taped to the underside of a table doesn’t use conventional communications to pull off capers. Instead it reads radio waves emitted by your computer’s processor, and there’s...
  • Apple issues large patch set to shore up OS X, iOS security

    07/01/2015 7:00:32 PM PDT · by Utilizer · 12 replies
    iTnews (AUS) ^ | Jul 1, 2015 6:02 P (AUS) | Juha Saarinen
    Apple has quietly included a large amount of security fixes in its latest set of patches for its OS X and iOS operating systems, plugging some serious, high-profile vulnerabilities in its code. A tally of the common vulnerability and exposures (CVE) tags in the OS X Yosemite 10.10.4, Security Update 2015-005 and Safari 8.0.7 update packages showed 80 vulnerabilities have been patched by Apple. These range from a flaw that allowed attackers to write to the low-level extensible firmware interface (EFI) - which manages the hardware in Mac computers - when the systems resume from sleep. The EFI zero-day was...
  • Warning: Windows 10 will share your Wi-Fi key with your friends' friends (and FB friends, and...)

    06/30/2015 7:07:24 PM PDT · by dayglored · 46 replies
    The Register ^ | June 30, 2015 | Simon Rockman
    A Windows 10 feature, Wi-Fi Sense, smells like a security risk: it shares access to password-protected Wi-Fi networks with the user's contacts. So giving a wireless password to one person grants access to everyone who knows them. That includes their Outlook.com (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends. There is method in the Microsoft madness – it saves having to shout across the office or house “what’s the Wi-Fi password?” – but ease of use has to be tamed with security. If you wander close to a wireless network, and your friend knows the password,...
  • Microsoft won't fix Internet Explorer zero-day

    06/26/2015 7:36:19 PM PDT · by Utilizer · 47 replies
    iTnews (AUS) ^ | Jun 24, 2015 9:27 AM (AUS) | Allie Coyne, Juha Saarinen
    HP researchers have published details and proof-of-concept exploit code for a number of zero-day vulnerabilities in Microsoft's Internet Explorer web browser which allow attackers to bypass a key exploit mitigation. The researchers - part of HP's zero-day initiative team - have a policy to only disclose details of bugs reported to vendors after patches are issued. But the team decided to go public after being informed by Microsoft that it did not intend to fix the bugs as the company feels the vulnerabilities don't affect enough users. The flaws were serious enough, however, for Microsoft to earlier award the HP...
  • Local churches look to increase security measures in the aftermath of the Charleston shooting

    06/19/2015 12:43:55 PM PDT · by 2ndDivisionVet · 29 replies
    KFOX-TV ^ | June 18, 2015 | Meghan Lopez
    In the aftermath of a shooting at a church in Charleston, South Carolina, that left nine people dead and three others injured, religious groups in Texas are looking for ways to protect their parishioners. Pastor Eric Hallback Sr. from the Rock Faith Center was in bible study when word came of the Charleston tragedy. He said he turned to his faith when heard what happened. “I immediately began to pray for peace and comfort for the families,” he said. Hallback said he understands that people be more worried when they attend church this weekend and there may be a sense...
  • We Need 65,000 Syrian Refugees Here, Really?

    06/18/2015 12:11:07 PM PDT · by RightSideNews · 37 replies
    Virginia Free Citizen ^ | June 18, 2015 | Suzanne Shattuck
    The US Department of State, DHS, and 14 Democrat Senators, including Senator Kaine (see his press release), are begging for 65,000 Syrian refugees to be settled in our communities and without your consent. Virginia only has 17 Syrian refugees at last count, so is Virginia under review for the next huge wave? As thousands of new immigrants are slated to arrive over the next few years, the chances of rubbing shoulders with Islamic terrorists increase dramatically. According to Refugee Resettlement Watch, the percentage of Muslim refugees in America was close to zero in the 1990’s. By the year 2000 it was 44%. Post...
  • Tim Cook received complaints on Apple's bag check policy

    06/11/2015 10:32:51 AM PDT · by for-q-clinton · 18 replies
    CNBC ^ | 11 Jun 2015 | CNBC
    <p>At least two Apple retail store workers complained directly to Chief Executive Tim Cook that the company's policy of checking retail employees' bags as a security precaution was embarrassing and demeaning, according to a court filing made public on Wednesday.</p>
  • Democratic senators urge extra money for convention security

    06/10/2015 7:48:21 PM PDT · by Olog-hai · 16 replies
    Associated Press ^ | Jun 10, 2015 5:57 PM EDT
    Two Democratic senators are urging a Senate panel to help cover security costs at the 2016 presidential nominating conventions, saying extra money is needed to ensure law enforcement have sufficient manpower and equipment. In a letter this week, Sens. Bob Casey of Pennsylvania and Sherrod Brown of Ohio asked the Appropriations Committee for an additional $100 million, to be divided equally between the two conventions. …
  • In rush to correct screwups, Secret Service assigning new officers without security clearances

    06/10/2015 7:31:46 AM PDT · by Sean_Anthony · 10 replies
    Canada Free Press ^ | 06/10/15 | Dan Calabrese
    How badly the Secret Service was being run You’ve got problems. You’ve got a guy jumping the White House fence, running up the steps and actually making it to the stairway that leads to the residence - with a knife on him. That’s a problem. You’ve got a drunk agent crashing into a White House barricade. You’ve got prostitutes in agents’ hotel rooms . . . yeah, you’ve got problems, Secret Service. So you get a new director. OK. You pretty much had to do that. And then you start hiring a bunch of new agents as quickly as you...
  • Democrats push ban on plastic guns

    06/09/2015 8:52:16 PM PDT · by Tolerance Sucks Rocks · 36 replies
    The Washington Times ^ | June 8, 2015 | Jay LeBlanc
    Congressional Democrats are pushing legislation that would ban the production of guns made entirely of plastic, The Hill reported. The Undetectable Firearms Modernization Act, proposed in response to recent airport security lapses, would require firearms to contain enough metal to be detected.
  • Scott Walker hits back at Obama: ‘Guy who called ISIS the JV squad’

    06/08/2015 4:56:45 AM PDT · by Cincinatus' Wife · 21 replies
    Washington Times ^ | June 8, 2015 | David Sherfinski
    ....“I thought it was interesting for the president to say that the guy who called ISIS the JV squad and Yemen a success story somehow suggesting someone else should bone up in foreign policy,” Mr. Walker said on ABC’s “This Week.” ....“My belief is if I’m going to — if I’m even thinking about running for president of the United States, it’s not about preparing for debates, it’s about being prepared to be the president of the United States,” he said...
  • Giuliani, Lew, Lowey, Ashkenazi To Address Jerusalem Post Annual Conference

    06/05/2015 8:45:01 PM PDT · by IsraelBeach
    Israel News Agency ^ | June 5, 2015 | Joel Leyden
    By Joel Leyden Israel News AgencyNew York, NY — June 5, 2015 … US Secretary of the Treasury Jacob J. Lew and Congresswoman Nita Lowey will be among several US and Israeli dignitaries addressing The Jerusalem Post’s fourth Annual Conference. The Conference is scheduled to start on the morning of Sunday, June 7. Israeli and American elected officials, security experts and media analysts will examine the potential Iran nuclear agreement, the future of the US-Israel relationship, and the rise of global anti-Semitism. US Rep. Lowey, the ranking member of the House Appropriations Committee and a veteran Jewish congresswoman, will also...
  • Ex-Nazis got $20.2 million in Social Security

    06/01/2015 5:42:52 AM PDT · by TurboZamboni · 22 replies
    Pioneer Press ^ | 6-1-15 | Richard Lardner, David Rising and Randy Herschaft
    WASHINGTON -- Elfriede Rinkel's past as a Nazi concentration camp guard didn't keep her from collecting nearly $120,000 in U.S. Social Security benefits. Rinkel admitted to being stationed at the Ravensbrueck camp during World War II, where she worked with an attack dog trained by the SS, according to U.S. Justice Department records. She immigrated to California and married a German-born Jew whose parents had been killed in the Holocaust. She agreed to leave the U.S. in 2006 and remains the only woman the Justice Department's Nazi-hunting unit ever initiated deportation proceedings against. Yet after Rinkel departed, the Social Security...
  • Adware makers turn their sights on OS X

    05/29/2015 11:45:36 AM PDT · by Swordmaker · 4 replies
    Betanews ^ | May 29, 2015 | By Ian Barker
    Hot on the heels of news that OS X topped the vulnerabilities charts in April comes Dr. Web's virus activity review for May which shows increasing quantities of adware and unwanted applications targeting the Apple operating system. The company reports several programs aimed at OS X that either install adware, install other applications or inject JavaScript code into webpages. Adware.Mac.InstallCore.1 cannot only install unwanted programs on the user's computer but also change the browser home page and the search engine used by default. The program incorporates debugging functions too -- once launched, it scans the system for the presence of...
  • Police investigate shooting death of local security guard

    05/24/2015 4:39:13 PM PDT · by 2ndDivisionVet · 1 replies
    WSB-TV ^ | May 24, 2015
    (VIDEO-AT-LINK)EAST POINT, Ga. — East Point police are investigating a suspicious death involving a security guard. They said Antonio Spear, 32, of Atlanta was found several hundred feet from where investigators believe he was shot to death. East Point firefighters worked to remove a white Ford Expedition after it crashed into a fence just before 7 a.m. Sunday. “I heard a big bang. It was like a bomb so I was like, ‘What is that?” Ryeesha Zellner said. Zellner told Channel 2’s Jessica Jaglois she was sitting in her car outside her job when she saw the SUV crash and...
  • BOLTON: RELEASED EMAILS PROVE HILLARY RESPONSIBLE FOR MURDER OF AMERICANS IN BENGHAZI

    05/23/2015 1:38:25 PM PDT · by Jim Robinson · 71 replies
    Breitbart ^ | May 23, 2015 | By Pam Key
    Friday at the 2015 Southern Republican Leadership Conference in Oklahoma, former U.S. ambassador to the United Nations under President George W. Bush, John Bolton, said former Secretary of State Hillary Clinton is “responsible for the tragedy of the murder of U.S. Ambassador Christopher Stevens and three other Americans,” in the 2012 terror attack in Benghazi Libya. Bolton said, “I think the most telling information that we have seen in this limited number of emails is that there are repeated examples of Secretary of State Clinton being told in 2011 and 2012 that the security situation of our personnel in Tripoli...
  • Scott Walker On The Dana Show 5-22-15

    05/22/2015 12:56:54 PM PDT · by Cincinatus' Wife · 1 replies
    FM News Talk ^ | May 22, 2015 | Dana
    29:00 [click on picture then click on red dot to listen]
  • Netgear and ZyXEL Confirm NetUSB Flaw

    05/21/2015 10:39:51 PM PDT · by Utilizer · 2 replies
    Computerworld ^ | May 21, 2015 9:42 AM PT | Lucian Constantin
    ... Networking device manufacturers ZyXEL Communications and Netgear have confirmed that some of their routers are affected by a recently disclosed vulnerability in a USB device-sharing service called NetUSB. ZyXEL will begin issuing firmware updates in June, while Netgear plans to start releasing patches in the third quarter of the year. The vulnerability, tracked as CVE-2015-3036, is located in a Linux kernel module called NetUSB that's commonly used in routers and other embedded devices. The module is developed by a Taiwan-based company called KCodes Technology and allows routers to share USB devices with other computers via the Internet Protocol (IP)....
  • Critical vulnerability in NetUSB driver exposes millions of routers to hacking

    05/20/2015 9:48:26 PM PDT · by Utilizer · 13 replies
    ITworld.com ^ | May 19, 2015 | Lucian Constantin
    Millions of routers and other embedded devices are affected by a serious vulnerability that could allow hackers to compromise them. The vulnerability is located in a service called NetUSB, which lets devices connected over USB to a computer be shared with other machines on a local network or the Internet via IP (Internet Protocol). The shared devices can be printers, webcams, thumb drives, external hard disks and more. NetUSB is implemented in Linux-based embedded systems, such as routers, as a kernel driver. The driver is developed by Taiwan-based KCodes Technology. Once enabled, it opens a server that listens on TCP...
  • Adblock Plus launches Adblock Browser: Firefox for Android with built-in ad blocking

    05/20/2015 8:39:29 PM PDT · by Utilizer · 19 replies
    VB - VentureBeat ^ | May 20, 2015 1:00 AM | Emil Protalinski
    ... Adblock Plus already has a Firefox for Android add-on, though it requires installing two apps and setting them up. The company also has an Android app that blocks in-app ads, but it only works on Wi-Fi connections and has to be sideloaded and hooked up to a proxy. In other words, Adblock Plus isn’t easy to use on mobile. Adblock Browser is supposed to change that. “This is the first time we’ve really gone with a solution that is completely ours,” communications manager Ben Williams told VentureBeat. Adblock Browser wasn’t exactly written from the ground up. The team used...
  • LogJam leaves browsers vulnerable to MiTM attack

    05/20/2015 8:25:10 PM PDT · by Utilizer · 2 replies
    iTnews AUS ^ | May 21, 2015 5:53 AM (AUS) | Doug Drinkwater
    ... Researchers have discovered a new security flaw that could affect tens of thousands of HTTPS websites, mail servers and other services by allowing attackers to downgrade the Transport Layer Security (TLS) connections to 512-bit export-grade cryptography to crack that connection and read any data being transmitted. Dubbed LogJam, researchers from Microsoft, John Hopkins University, University of Michigan, University of Pennsylvania and the Inria Nancy-Grand Est research in France, discovered the flaw some months ago, and have subsequently informed browser makers about the issue, who are currently patching. The research team has published a technical paper (pdf) and built a...
  • Morning Plum: Obama depicts climate change as national security risk

    05/20/2015 10:20:23 AM PDT · by Abiotic · 47 replies
    Washington Post ^ | 5/20/2015 | Greg Sargent
    WASHINGTON — President Obama called out climate change deniers in Congress for being weak on defense, saying it would be "dereliction of duty" for the United States to ignore the national security implications of rising global temperatures. Obama's convocation speech at the U.S. Coast Guard Academy Wednesday was his most forceful argument yet that climate change ranks alongside terrorism as a grave threat to America's future. "I know there are some folks back in Washington who refuse to admit that climate change is real," he told graduating cadets in New London, Conn. "Denying it or refusing to deal with it...
  • Tech giants don’t want Obama to give police access to encrypted phone data

    05/19/2015 3:27:56 PM PDT · by Swordmaker · 54 replies
    The Washington Post ^ | May 19 at 8:34 AM | By Ellen Nakashima
    FBI Director James B. Comey has expressed concern that the growing use of encrypted technologies is hindering the ability of law enforcement agencies to do their jobs. (Andrew Harnik/AP) May 19 at 8:34 AM Tech behemoths including Apple and Google and leading cryptologists are urging President Obama to reject any government proposal that alters the security of smartphones and other communications devices so that law enforcement can view decrypted data. In a letter to be sent Tuesday and obtained by The Washington Post, a coalition of tech firms, security experts and others appeal to the White House to protect privacy...
  • EXCLUSIVE: Hillary hides from reporters with SECOND secret party of the day (95 MPH escape)

    05/19/2015 2:27:10 AM PDT · by Libloather · 67 replies
    Daily Mail ^ | 5/19/15 | David Martosko
    EXCLUSIVE: Hillary hides from reporters with SECOND secret party of the day as her security forces race across Iowa at 95 MPH to dodge pursuing journalists For reporters trying to cover the opening months of Hillary Rodham Clinton's second presidential campaign, Waterloo, Iowa might be her Waterloo. On Monday night the Clinton camp held a private campaign party at the home of a wealthy pharmacist in the central Iowa town – a longtime Democratic Party figure – and Daily Mail Online was the only media outlet to make it to the address. Other press outlets can't be faulted, however: Clinton's...
  • More Java holes found in Google App Engine

    05/18/2015 10:20:07 PM PDT · by Utilizer · 2 replies
    iTnews AUS ^ | May 18, 2015 12:15 PM (AUS) | Juha Saarinen
    Google slow to respond. A Polish security firm has discovered more vulnerabilities in the Java coding platform used on Google's App Engine (GAE) cloud computing service, which could allow users to get access beyond their own virtual machines. The Security Explorations team, which has made a name for itself by unearthing large numbers of security holes in Oracle's Java framework over the past few years, said it had reported seven vulnerabilities to Google, along with proof of concept code. Three of the flaws allow complete bypass of the GAE Java security sandbox. Such a bypass could be used by attackers...
  • Patch Tuesday Alert! Microsoft Security Bulletin Summary for May 2015 - Do It Now

    05/13/2015 6:13:05 AM PDT · by dayglored · 22 replies
    Microsoft Security TechCenter ^ | May 12, 2015 | Microsoft
    Published: May 12, 2015 Version: 1.0 On this page Executive Summaries Exploitability Index Affected Software Detection and Deployment Tools and Guidance Acknowledgments Other Information This bulletin summary lists security bulletins released for May 2015. For information about how to receive automatic notifications whenever Microsoft security bulletins are issued, visit Microsoft Technical Security Notifications. Microsoft also provides information to help customers prioritize monthly security updates with any non-security updates that are being released on the same day as the monthly security updates. Please see the section, Other Information.
  • Microsoft Edge: Building a safer browser

    05/12/2015 5:50:07 PM PDT · by dayglored · 22 replies
    Microsoft Edge Dev Blog ^ | May 11, 2015 | Microsoft Edge Team
    With Microsoft Edge, we want to fundamentally improve security over existing browsers and enable users to confidently experience the web from Windows. We have designed Microsoft Edge to defend users from increasingly sophisticated and prevalent attacks. This post covers some of the advanced technologies used to protect Microsoft Edge, including industry leading sandboxing, compiler, and memory management techniques developed in close partnership with Windows. Web Security Threats While the web is predominantly a safe environment, some sites are designed to steal money and personal information. Thieves by nature don’t care about rules, and will use any means to take advantage...
  • Lenovo users exposed to "massive security risk"

    05/10/2015 4:02:17 PM PDT · by Utilizer · 6 replies
    iTnews.aus ^ | May 7, 2015 6:41 AM (AUS) | unattributed
    Researchers find more serious flaws. Lenovo has been accused of putting users at "massive security risk" through newly-discovered flaws in its online product update service which allow hackers to download malware onto user systems through a man-in-the-middle (MiTM) attack. The holes were revealed by security firm IOActive, just weeks after Lenovo was found to be shipping PCs with pre-installed ‘Superfish' adware that also left its users open to MITM attacks. In an advisory today, IOActive researchers Michael Milvich and Sofiane Talmat said they had discovered “high-severity” privilege escalation vulnerabilities in Lenovo's system update service, which enables users to download the...
  • Ex-NSA security bod fanboi: Apple Macs are wide open to malware

    05/09/2015 6:10:00 PM PDT · by Enlightened1 · 12 replies
    The Register ^ | 5/8/15 | John Leyden
    'I love Apple products, I just wish they were secure' A former NSA staffer turned security researcher is warning that bypassing typical OS X security tools is trivial. Patrick Wardle, a former NSA staffer and NASA intern who now heads up research at crowd-sourced security intelligence firm Synack, found that Apple's defensive Gatekeeper technology can be bypassed allowing unsigned code to run. Apple's Gatekeeper utility is pre-installed in Mac OS X PCs and used to verify code. The tool is designed so that by default it will only allow signed code to run or, depending on settings, only packages from...
  • ISIS Still Hampering Iraqi Oil Industry Progress

    05/08/2015 3:15:02 PM PDT · by Opintel
    Oilprice.com ^ | 08-05-2015 | refineries
    The U.S. military is helping Iraqi forces pushback ISIS at a vital oil refinery. The Baiji refinery is located between Kirkuk and Mosul, and it has been the target of ISIS militants since the extremist group first made major advances last summer. Baiji is Iraq’s largest oil refinery, and as such, is strategically important to the country for revenues and for domestic fuel supplies. “It actually also sits on a corridor that runs from the Tigris River valley to the Euphrates River valley. And so it's geographically significant as well as significant economically,” the chairman of the U.S. Joint Chiefs...
  • The Trick To Cracking A Master Combo Lock In Eight Tries Or Fewer (Video)

    04/29/2015 5:21:56 PM PDT · by Citizen Zed · 18 replies
    gizmodo ^ | 4-29-2015
    Look, we all know that Master combo locks are not paragons of security. But, damn, this looks easy. In a new video, hacker Samy Kamkar demonstrates a dead simple trick that he claims can break into most Master combo locks in just a few tries. It’s so easy because Kamkar has done all the hard work for you, reverse-engineering the lock to narrow down the possible combinations to just eight. All you have to do is go to input three numbers into Kamkar’s algorithm. Here’s how you get the numbers: 1. While lifting the locked shackle, turn the knob counterclockwise...
  • Crying Baby Gets Family Thrown Off Plane, Deemed Security Risk [Israel]

    04/29/2015 2:16:46 PM PDT · by QT3.14 · 12 replies
    Travel Pulse ^ | April 28, 2015 | Donald Cook
    Traveling with small children can be a stressful situation on its own, but one airline in Tel Aviv, Israel, made the predicament even worse by treating a family poorly before having them removed from the plane due to their crying child. According to Jewish News, husband and wife Ariella and Mark Aziz were scheduled to fly from Tel Aviv to Luton, England, on Dutch airline Transavia when their 19-month-old daughter began crying. The Transavia crew asked the child’s parents to position their daughter on their lap before takeoff and use the connector belt provided by the airline. The plane had...
  • Microsoft Announces Windows 10 Device Guard, a New Feature That Could Kill Malware Forever

    04/22/2015 5:53:04 PM PDT · by SeekAndFind · 52 replies
    Softpedia ^ | 04/22/2015
    Microsoft is making big efforts to increase the security of Windows 10 and turn the new operating system into a fully secure working environment, so several new features will be available in this regard when it comes out. In addition to Microsoft Passport and Windows Hello, both of which were announced a few months ago, Redmond will also introduce a feature called Device Guard that would give organizations full control over the apps that are allowed to be launched on a device running Windows 10. According to Microsoft, the new feature should provide advanced malware protection against new and even...
  • United Airlines Kicks Computer Expert Off Flight For Tweets

    04/19/2015 8:59:46 PM PDT · by QT3.14 · 46 replies
    International Business Times ^ | April 19, 2015 | Eric Markowitz &#61954;
    Chris Roberts, a prominent computer security expert, was aboard a United Airlines flight last week when he tweeted about a potential security flaw he found on the plane’s on-board Wi-Fi. Big mistake. Airline personnel saw the tweet and alerted authorities at Syracuse Hancock International Airport where the flight was scheduled to land. Roberts exited the plane and was quickly detained by the FBI. Roberts, the founder and chief technical officer of the Denver security firm One World Labs, said the agents questioned him, confiscated several of his electronic devices, and then let him go. “Lesson from this evening, don't mention...
  • SECURITY ALERT: What I witnessed today at an Army Reserve Center was deplorable.

    04/18/2015 2:32:54 PM PDT · by don-o · 38 replies
    allenwest.com ^ | April 18, 2015 | Allen West
    snip And so it was when I drove onto the Army Reserve Center at Grand Prairie for a visit yesterday, I was met by a lone unarmed female contract security person who did not even take my ID and match it to my face. She came out of the shack and waved me right onto this military installation. Yes, the Army Reserve Center at Grand Prairie is a military installation. Not only is the Army based there but also a U.S. Marine Reserve artillery unit — and the majority of their equipment is located on this installation. But, as I...
  • Remote Code Execution Via HTTP Request In IIS On Windows

    04/15/2015 7:33:51 PM PDT · by Utilizer · 30 replies
    Mattias website ^ | Wednesday, April 15, 2015 | Mattias Geniar
    A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account. To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system. The update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.
  • Voting machine password hacks as easy as 'abcde', details Virginia state report

    04/15/2015 4:42:21 PM PDT · by afraidfortherepublic · 20 replies
    The Guardian ^ | 4-15-15 | Sam Thielman
    AVS WinVote machines used in three presidential elections in state ‘would get an F-minus’ in security, said computer scientist who pushed for decertification Touchscreen voting machines used in numerous elections between 2002 and 2014 used “abcde” and “admin” as passwords and could easily have been hacked from the parking lot outside the polling place, according to a state report. The AVS WinVote machines, used in three presidential elections in Virginia, “would get an F-minus” in security, according to a computer scientist at tech research group SRI International who had pushed for a formal inquiry by the state of Virginia for...
  • Kaspersky releases tools to decrypt files encrypted with CoinVault Ransomware

    04/14/2015 6:46:32 PM PDT · by Utilizer · 20 replies
    TechWorm ^ | on April 14, 2015 | Abhishek Kumar Jha
    Software security group Kaspesky labs in collaboration with the Dutch police has released a tool which helps to decrypt files locked by Ransomware. Kaspersky Labs has released a decryption tool for files encrypted with CoinVault ransomware. The tool was developed by the Kaspersky lab after the The National High Tech Crime Unit (NHTCU) of the Dutch police handed over the information obtained from a database of CoinVault command-and-control server containing the decryption keys.