HOME/ABOUT  Prayer  SCOTUS  ProLife  BangList  Aliens  StatesRights  ConventionOfStates  WOT  HomosexualAgenda  GlobalWarming  Corruption  Taxes  Congress  Fraud  MediaBias  GovtAbuse  Tyranny  Obama  ObamaCare  Elections  Polls  Debates  Trump  Carson  Cruz  Bush  OPSEC  Benghazi  InfoSec  BigBrother  IRS  Scandals  TalkRadio  TeaParty  FreeperBookClub  HTMLSandbox  FReeperEd  FReepathon  CopyrightList  Copyright/DMCA Notice 

Please keep those donations coming in, folks. Our 1st quarter FReepathon is off to a great start and we have a chance of getting 'er done early! Thank you all very much!!

Or by mail to: Free Republic, LLC - PO Box 9771 - Fresno, CA 93794
Free Republic 1st Quarter Fundraising Target: $88,000 Receipts & Pledges to-date: $38,138
43%  
Woo hoo!! And the first 43% is in!! Thank you all very much!! God bless.

Keyword: security

Brevity: Headers | « Text »
  • Bombshell: Obama to cut border surveillance in half

    02/05/2016 11:30:24 AM PST · by amorphous · 81 replies
    WND ^ | 5 Feb 2016 | Leo Hohmann
    The U.S. Department of Homeland Security is planning to cut 50 percent of the budget for aerial surveillance along the U.S.-Mexico border, agents revealed at a congressional hearing Thursday. In an effort to understand why DHS is cutting funding, Texas's Republican Gov. Greg Abbott and Rep. Henry Cuellar, D-Texas, wrote a bi-partisan letter to DHS Secretary Jeh Johnson. "Any decrease in aerial observation is not only imprudent, but contradicts the very mission of border security enforcement," the letter states. The lawmakers' letter also asks for detailed information about the reduction aerial-based border security, also known as Operation Phalanx. Abbott and...
  • Obama's Growing Conflict of Interest in the Clinton E-Mail Scandal

    02/04/2016 5:29:55 AM PST · by iontheball · 23 replies
    National Review ^ | February 3, 2016 | Andrew McCarthy
    The latest revelations regarding Hillary Clinton’s mishandling of classified information are stunning. For example, several of the former secretary of state’s “private” e-mails contain national-defense information so sensitive that it is classified at the highest levels. Moreover, classified information so pervades the thousands of pages of e-mails communicated through and stored on Mrs. Clinton’s unsecured, homebrew server system that the court-ordered disclosure process has ground to a halt. Remember, Mrs. Clinton reviewed her e-mails before finally surrendering them to the State Department, and she initially insisted there was no classified information in them. Now, it turns out they were so...
  • Congress to federal agencies: You have two weeks to tally your backdoored Juniper kit

    01/27/2016 7:23:22 PM PST · by Utilizer
    Computerworld ^ | Jan 26, 2016 8:51 AM PT | Lucian Constantin
    Congress plans to question about two dozen federal agencies on whether they were using backdoored Juniper network security appliances. In December, Juniper Networks said it had discovered unauthorized code added to ScreenOS, the operating system that runs on its NetScreen network firewalls. The rogue code, which remained undetected for two years or more, could have allowed remote attackers to gain administrative access to vulnerable devices or to decrypt VPN connections. The U.S. House Committee on Oversight and Government Reform wants to determine the impact that this issue had on government organizations and how those organizations responded to the incident. The...
  • Lenovo used '12345678' as filesharing tool password

    01/26/2016 7:56:56 PM PST · by Utilizer · 17 replies
    iTnews ^ | Jan 27 2016 11:59AM (AUS) | Juha Saarinen
    A filesharing utility for Android devices and Windows computers shipped by hardware vendor Lenovo has been found by security researchers to contain multiple, easily exploitable vulnerabilities CoreSecurity discovered that the free Lenovo SHAREit tool for Windows creates a wi-fi hotspot with the password 12345678, allowing anyone to connect to the system running SHAREit. On Android devices, SHAREit sets up an open wi-fi hotspot without any password at all, in order to receive files. This could allow attackers to connect to the Android device without authentication and capture information transferred, CoreSecurity said. The researchers also noted that files were transferred using...
  • Magento plugs 'dangerous' cross-scripting hole

    01/26/2016 7:25:54 PM PST · by Utilizer · 4 replies
    iTnews ^ | Jan 27 2016 6:51AM (AUS) | Juha Saarinen
    A new vulnerability in the eBay-owned Magento e-commerce platform could be remotely exploited to take over sites and steal client information, researchers have discovered. Security vendor Sucuri discovered a stored cross-site scripting (XSS) vulnerability in the core system libraries for Magento Community Edition version 1.9.2.3 and earlier, and the Enterprise Edition version 1.14.2.3 and older. The critical flaw could be triggered by sending an email to adminstrators. Sucuri reported the bug to Magento's security team early in November last year. Magento acknowledged the vulnerability on 1 December 2015, but did not issue a patch until 21 January 2016. The Magento...
  • Security Woes Threaten OPEC’s Second Largest Producer

    01/25/2016 9:31:38 AM PST · by bananaman22
    Oilprice.com ^ | 25-01-2016 | Wark Mahlberg
    Iraq has been one of the key contributors to the uptick in OPEC oil production over the past year and a half. Despite the fact that the country’s crude oil output has continuously been plagued by security concerns and faltering payments to international oil companies from both the Kurdish regional government (KRG) and Baghdad and an ongoing row over oil export rights, it has still managed to ramp up production to record levels. Iraq’s consistent and record oil output last year is, by and large, contributable to the production in the south of the country. According to a January 16....
  • Hot Potato exploit mashes old vulns into Windows System 'sploit

    01/24/2016 7:36:54 PM PST · by Utilizer · 10 replies
    The Register ^ | 20 Jan 2016 at 08:39 | Darren Pauli
    Shmoocon Foxglove Security bod Stephen Breen has strung together dusty unpatched Windows vulnerabilities to gain local system-level access on Windows versions up to 8.1. The unholy zero-day concoction, reported to Microsoft in September and still unpatched, is a reliable way of p0wning Windows for attackers that have managed to pop user machines. Breen released exploit code for his attack dubbed Hot Potato following his talk at the Shmoocon conference in Washington over the weekend. "Hot Potato takes advantage of known issues in Windows to gain local privilege escalation in default configurations, namely NTLM relay -\- specifically HTTP-SMB relay - and...
  • Gotcha: Symantec fires reseller nabbed in tech support scam

    01/24/2016 3:25:57 PM PST · by KeyLargo · 11 replies
    The Register UK ^ | Jan 22, 2016 | John Leyden
    Gotcha: Symantec fires reseller nabbed in tech support scam Malwarebytes sting operation catches out Silurian Tech Support 22 Jan 2016 at 10:52, John Leyden An authorised Symantec reseller has been caught hoodwinking users into buying security software by employing underhand marketing tactics. Silurian Tech Support was spotted flinging fake Norton-themed security warnings in an attempt to drum up business by Symantec rival Malwarebytes. The alerts were used to direct users towards a tech support service that researchers discovered offered to fix non-existent problems for a flat fee of $199 or more. All the well-worn themes of the far-too-prevalent tech support...
  • Enterprise AV devices contain secret backdoor

    01/21/2016 7:20:10 PM PST · by Utilizer · 9 replies
    iTnews ^ | Jan 22 2016 10:16AM (AUS) | Juha Saarinen
    Audiovisual devices made by AMX for government, education and business users contain a secret backdoor that allows full remote access without detection, security researchers have found. European security firm SEC Consult discovered the hidden backdoor account by analysing an operating system program for user management on the AMX Netlinx NX-1200 AV controller, which is sold in Australia. The binary contains a function named "setUpSubtleUserAccount", which adds a hidden user with administrative privileges, SEC Consult said. Both the account username and password are stored persistently on the AMX NX-1200, meaning if an attacker has this information, they can potentially log on...
  • How Donald Trump and Ted Cruz Differ on the Issues

    01/21/2016 8:22:02 AM PST · by Calpublican · 60 replies
    CBSNews.com ^ | 01/20/2016 | Major Garrett
    WASHINGTON -- One year from Wednesday, a new President of the United States will be inaugurated. A new poll shows Republican Donald Trump leading Ted Cruz two-to-one in New Hampshire, less than three weeks before the primary. Sarah Palin's endorsement helps Trump deflect attacks from Cruz over Trump's conservative credentials. But the candidates differ on several issues, including taxes, government surveillance and immigration. (Click Link for Balance of Article)
  • Linux Trojan captures audio and takes screenshots

    01/20/2016 8:26:27 PM PST · by Utilizer · 4 replies
    InfoWorld ^ | Jan 20, 2016 | Jim Lynch
    Security is something that is always on the minds of users these days, and that includes those who use Linux. TechWeek Europe has a disturbing article about a Linux trojan that captures audio and takes screenshots. It remains to be seen how widespread this Trojan is among Linux users and what the exact attack vector is for it. Steve McCaskill reports for TechWeek Europe: Security researchers have found a new Linux Trojan capable of taking screenshots of infected systems and even recording sound. Russian anti-virus firm Dr Web says that once the Linux.Ekoms.1 malware is launched it checks for two...
  • Advantech industrial serial-to-Internet gateways wide open to unauthorized access

    01/19/2016 7:35:57 PM PST · by Utilizer · 6 replies
    IDG News Service ^ | Jan 19, 2016 4:40 AM PT | Lucian Constantin
    Internet-connected industrial devices could be accessible to anyone, with no password, thanks to a coding error by a gateway manufacturer. Taiwanese firm Advantech patched the firmware in some of its serial-to-IP gateway devices in October to remove a hard-coded SSH (Secure Shell) key that would have allowed unauthorized access by remote attackers. But it overlooked an even bigger problem: Any password will unlock the gateways, which are used to connect legacy serial devices to TCP/IP and cellular networks in industrial environments around the world. Researchers from security firm Rapid7 discovered the vulnerability in the revised firmware, version 1.98, released for...
  • Microsoft patches critical vulnerabilities in January update

    01/19/2016 6:56:29 PM PST · by Utilizer · 21 replies
    iTnews ^ | Jan 13 2016 6:55AM (AUS) | Juha Saarinen
    Microsoft's first Patch Wednesday update for the year has taken care of multiple vulnerabilities rated as critical. No known exploits are available for the vulnerabilities, but Microsoft recommends that users apply the patches through Windows Update as soon as possible. Internet Explorer 7, 8, 9, 10 and 11 see two common vulnerabilities and exploits (CVEs) fixed - CVE-2016-0002 and CVE-2016-0005 - as part of a cumulative update. Supported version of the Windows client and server operating systems are all affected by the vulnerabilities, which Microsoft rates as critical and exploitable. Microsoft's new Edge browser in Windows 10 is also being...
  • LastPass mitigates creds-stealing phishing attack

    01/19/2016 6:51:35 PM PST · by Utilizer · 7 replies
    iTnews ^ | Jan 20 2016 8:59AM (AUS) | Juha Saarinen
    Popular credentials manager LastPass has taken steps to counter a "very simple" phishing attack that could see users' passwords, email addresses and two-factor authentication tokens stolen. Researcher Sean Cassidy posted proof of a successful phishing attack using a faked LastPass notification in a web browser earlier this month, following a presentation at hacker conference Schmoocon. By setting up a malicious website that displays notifications telling users their LastPass sessions have expired, Cassidy was able to create a page that lured people into entering their credentials for the password manager. The researcher called the attack LostPass. A successful capture of user...
  • Apple's Gatekeeper Bypassed Again

    01/15/2016 7:46:38 PM PST · by Utilizer · 7 replies
    Engadget ^ | January 15, 2016 | Roberto Baldwin
    Back in September, Synack security researcher Patrick Wardle disclosed a nasty issue with Apple's nefarious-app stopping Gatekeeper system in OS X. While the software is great at stopping malware-infected apps that users have downloaded from the bowels of the internet, it did have a flaw: a signed app could, upon launch, initiate an unsigned program if it resided in the same directory. Because the end user is never aware that this second application is launching, it's a great way to infect a computer. As a responsible researcher, Wardle informed Apple and got a security update as a result. That should...
  • Patch now: VMware Tools for Windows root holes fixed in update

    01/14/2016 7:32:59 PM PST · by Utilizer · 14 replies
    The Register ^ | 8 Jan 2016 at 01:51 | Richard Chirgwin
    VMware sysadmins, get patching: the virtualisation outfit has released updates to its ESXi, Fusion, Player and Workstation software to block out a privilege-escalation vulnerability. The patch applies to VMware Windows Workstation versions before 11.1.2, Player and Fusion versions prior to 7.1.2, and various ESXi versions depending on their patch level: VMware ESXi 6.0 without patch ESXi600-201512102-SG VMware ESXi 5.5 without patch ESXi550-201512102-SG VMware ESXi 5.1 without patch ESXi510-201510102-SG VMware ESXi 5.0 without patch ESXi500-201510102-SG CVE-2015-6933 is a kernel memory corruption vulnerability in the tools' Shared Folders feature that can be exploited by software to escalate its privileges within a guest....
  • Zero-Day FFmpeg Vulnerability Lets Anyone Steal Files from Remote Machines

    01/14/2016 7:18:26 PM PST · by Utilizer · 19 replies
    Softpedia ^ | Jan 13, 2016 22:03 GMT | Marius Nestor
    A zero-day vulnerability in the FFmpeg open-source multimedia framework, which is currently used in numerous Linux kernel-based operating systems and software applications, also for the Mac OS X and Windows platforms, was unveiled recently. The vulnerability was discovered on January 12, 2016, by Russian programmer Maxim Andreev in the current stable builds of the FFmpeg software, and it would appear that it allows anyone who has the necessary skills to hack a computer to read local files on a remote machine and send them over the network using a specially crafted video file. The vulnerability is limited to reading local...
  • OpenSSH fixes client crypto key leak

    01/14/2016 7:03:07 PM PST · by Utilizer · 2 replies
    iTnews ^ | Jan 15 2016 6:39AM (AUS) | Juha Saarinen
    OpenSSH developers have patched a serious flaw in the popular open source remote access protocol that could compromise encryption keys, with users urged to upgrade their OpenSSH installations straight away. According to the advisory, the vulnerability has been blamed on an experimental roaming feature, aimed at resuming SSH connections, in OpenSSH versions 5.4 to 7.1. Attackers who control servers could use the vulnerability to discover a client's private encryption keys, the OpenSSH developers said. "The matching server code has never been shipped, but the client code was enabled by default and could be tricked by a malicious server into leaking...
  • Fortinet denies backdoor in firewall operating system

    01/13/2016 6:18:43 PM PST · by Utilizer · 2 replies
    iTnews ^ | Jan 14 2016 10:41AM (AUS) | Juha Saarinen
    Firewall vendor FortiNet has denied that the FortiGate OS operating system that runs its devices comes with a backdoor, despite a researcher purportedly posting proof of concept code on a security mailing list. Over the weekend, a Python script was posted anonymously, which appeared to allow remote access to Fortinet devices over the Secure Shell protocol. The post disclosed a passord hard-coded into the FortiGate OS. The password is said to work on FortiOS version 4.x to 5.0.7, and a screenshot was posted on Twitter, allegedly showing that the script for the backdoor is working, providing remote access to Fortinet...
  • Obama administration to expand number of refugees admitted to U.S.

    01/13/2016 9:41:43 AM PST · by Beowulf9 · 19 replies
    https://www.washingtonpost.com ^ | January 13 2016 | Carol Morello
    The United States will increase the number of refu­gees it admits to allow in more people fleeing violence in Ccentral America, Secretary of State John F. Kerry said Wednesday. In a speech at the National Defense University, Kerry said the expansion of the Refugee Admissions Program will be directed toward people from El Salvador, Guatemala and Honduras, to “offer them a safe and legal alternative to the dangerous journey many are currently tempted to begin, making them easy prey for human smugglers who have no interest but their own profits.”
  • Researcher finds gaping holes in Trend Micro antivirus

    01/12/2016 6:43:44 PM PST · by Utilizer · 12 replies
    iTnews aus ^ | Jan 13 2016 6:40AM (AUS) | Juha Saarinen
    A Google Project Zero researcher has left security vendor Trend Micro with egg on its face, after discovering its software contains multiple, serious vulnerabilities that are easy to exploit without user interaction or notification. Tavis Ormandy of Project Zero noted that when Trend Micro antivirus is installed on Windows, the password manager component - written mostly in Javascript using the node.js framework that's included by default - allows any any website to run arbitrary code on users' machines. The flaw in password manager allegedly took Ormandy only about 30 seconds to discover. He said the vulnerability is trivial to exploit,...
  • Juniper to replace software containing suspected NSA back door

    01/10/2016 5:45:20 PM PST · by Utilizer · 16 replies
    iTnews ^ | Jan 10 2016 9:55PM | Staff Writer
    Juniper has confirmed it will stop using a piece of security code that analysts believe was developed by the National Security Agency in order to eavesdrop through technology products. The Silicon Valley maker of networking gear said it would ship new versions of security software in the first half of this year to replace those that rely on numbers generated by Dual Elliptic Curve technology. The statement on a blog post came a day after the presentation at a Stanford University conference of research by a team of cryptographers who found that Juniper's code had been changed in multiple ways...
  • Whoa: Hillary e-mail instructs aide to transmit classified data without markings

    01/08/2016 8:16:13 AM PST · by doug from upland · 119 replies
    hot air ^ | 1-8-16 | Morrisey
    Has the State Department released a smoking gun in the Hillary Clinton e-mail scandal? In a thread from June 2011, Hillary exchanges e-mails with Jake Sullivan, then her deputy chief of staff and now her campaign foreign-policy adviser, in which she impatiently waits for a set of talking points. When Sullivan tells her that the source is having trouble with the secure fax, Hillary then orders Sullivan to have the data stripped of its markings and sent through a non-secure channel. That should be game, set, and match, yes?
  • Web host Linode resets all user passwords after suspected breach

    01/05/2016 11:26:13 PM PST · by Utilizer
    iTnews.com.au ^ | Jan 6 2016 4:16PM (AUS) | Paris Cowan
    Web hosting provider Linode has reset the account passwords of all its customers following what it suspects was an intrusion on its internal database. The mass credential reset comes just after the cloud firm suffered a sustained DDoS attack beginning on Christmas Day. Linode has issued a security advisory confirming that it still has no idea who is behind the hacks, or whether the same perpetrator is responsible for both incidents. "You may be wondering if the same person or group is behind these malicious acts. We are wondering the same thing.
  • Cisco says chat client vulnerable to man-in-the-middle attack

    01/04/2016 6:12:59 PM PST · by Utilizer · 11 replies
    SC Magazine ^ | January 04, 2016 | Roi Perez
    Californian tech giant Cisco has released an advisory statement explaining that its chat client Jabbar is currently vulnerable to a man-in-the-middle attack. Found in the Windows client of Jabbar, the vulnerability could allow an unauthenticated, remote attacker to perform a STARTTLS downgrade attack. Discovered by Renaud Dubourguais and Sébastien Dudek from Synacktiv, a French cyber-security firm, versions affected include the 10.6.x, 11.0.x, and 11.1.x releases. Currently the client does not verify that the Extensible Messaging and Presence Protocol (XMPP) connection has been established with Transport Layer Security (TLS). XMPP enables the near-real-time exchange of structured yet extensible data between any...
  • Ransom32 Is a JavaScript-Based Ransomware That Uses Node.js to Infect Users

    01/03/2016 11:16:43 PM PST · by Utilizer · 40 replies
    Softpedia ^ | 3 Jan 2016, 14:54 GMT | Catalin Cimpanu
    A new type of ransomware has been spotted, the first of its kind, a ransomware that uses JavaScript to infect its users, being coded on top of the NW.js platform. NW.js, formerly known as Node-WebKit, is a powerful platform that allows developers to create desktop applications via Node.js modules. The platform lets programmers use JavaScript in the same way, and with the same power and reach inside the underlying operating system's guts, as other more powerful languages like C++, Delphi, Java, ActionScript, and C#. If the name hasn't tipped you off yet, NW.js uses a stripped down version of WebKit,...
  • Surprise, Apple's OS X Comes Out as Most Vulnerable Software of 2015

    01/03/2016 5:58:53 PM PST · by Up Yours Marxists · 92 replies
    Hackread ^ | January 3, 2015 17:01 UTC | Ali Raza
    In a study conducted by CVE Details, the most vulnerable software of the previous year has been identified as Apple’s OS X and the tech-giant is also the company with most bugs. With 2016 coming, people in all sectors have been busy summarizing 2015 with reports and lists of who have been the winners and who have been the losers. The tech experts and security personnel have been at it too, with CVE Details producing a list of most vulnerable software of the past year. Many would have expected the list to be topped by Adobe Flash, for the software...
  • US Defense Department: Navy security clearance does not discriminate against Jews

    01/03/2016 5:02:22 PM PST · by Nachum · 16 replies
    jpost.com ^ | 1/3/16 | DANIELLE ZIRI
    NEW YORK – US Defense Department spokesman Mark Wright told The Jerusalem Post on Thursday that security clearance could be denied to an applicant with relatives in any foreign country. “If a security-clearance applicant has relatives or other close connections to people in any foreign country, this could potentially disqualify that person from being eligible for a security clearance,” he said. But, he added, “The Federal Adjudicative Guidelines do not call for any special scrutiny for applicants with relatives in Israel.” Wright spoke on Thursday in response to the recent protest by Jewish organizations against the US Navy’s denial of...
  • Should anti-gun politicians be denied armed security?

    01/03/2016 3:54:37 PM PST · by Libloather · 67 replies
    Examiner ^ | 12/30/15 | Dave Workman
    Fox News is reporting this morning that a Virginia state senator is making good on his promise to push for defunding armed bodyguards for anti-gun Gov. Terry McAuliffe unless the Democrat does an about face on an October order to prohibit firearms in most state office buildings. It brings up an interesting question that could apply to any government official anywhere, from mayors on up. If an elected official is opposed to the carrying of defensive sidearms by average citizens, should that official automatically lose his/her security guards? Virginia State Sen. Charles Carrico, a Republican, is quoted by Fox News...
  • THE JACKI DAILY Show! Listen live at 2PM Eastern!

    01/03/2016 10:20:39 AM PST · by RaceBannon · 1 replies
    The Jacki Daily Show ^ | The Jacki Daily Show
    THE JACKI DAILY Show! Listen live at 2PM Eastern! Now playing also on station KWEL in Midland-Odessa! The host of the Jacki Daily show has had an impressive career in energy, law, and politics.Most recently, Jacki served as General Counsel to an engineering firm specializing in energy, national security and environmental cleanup. Previously, she served many years as legal counsel on Capitol Hill to the Chairman of the Subcommittee on the Constitution and the former Ranking Member of the Commercial and Administrative Law Subcommittee, advising on the oversight of federal agencies. Prior to her career in Washington, she worked as...
  • Blowing billions on select security while ignoring border security

    12/31/2015 11:52:45 AM PST · by Sean_Anthony · 3 replies
    CANada Free Press ^ | 12/31/15 | JUDI McLeod
    Ringing in the New Year: Though hard to see through all the media hoopla, the British Daily Mail described “fanatics” London and New York city are bracing against in case of a full-blown terrorist attack are not necessarily going to strike on New Year’s Eve. You don’t have to be an expert in Islamic terrorism to intuit that terrorists on the rampage are far more likely to attack in places where authorities are not boasting about being out in such huge numbers. The most terrorist attacks in San Bernardino, California, and in Paris, France, were carried out by terrorists already...
  • Drone Flying Alongside Obama's Motorcade In Hawaii Stopped By Secret Service

    12/29/2015 12:58:47 PM PST · by Jyotishi · 17 replies
    International Business Times ^ | Tuesday, December 29, 2015 | Sneha Shankar
    The U.S. Secret Service stopped a drone Monday from flying alongside the motorcade of President Barack Obama, who is on a vacation with his family in Hawaii. In this photo, Obama's motorcade is seen heading to Marine Corps Base Hawaii in Kailua, Hawaii, Dec. 31, 2014. The U.S. Secret Service stopped a man from flying a recreational drone alongside President Barack Obama’s motorcade in Hawaii, reports said late Monday. The incident occurred at 4:00 p.m., local time, (9:00 p.m. EST) and was brought under control within minutes. The operator landed the drone near himself after agents from Secret Service approached...
  • 2016 Reality: Lazy Authentication Still the Norm (PayPal non-security)

    12/28/2015 8:06:00 PM PST · by aimhigh · 10 replies
    Krebs on Security ^ | 12/28/2015 | Brian Krebs
    My PayPal account was hacked on Christmas Eve. The perpetrator tried to further stir up trouble by sending my PayPal funds to a hacker gang tied to the jihadist militant group ISIS. Although the intruder failed to siphon any funds, the successful takeover of the account speaks volumes about why most organizations, including many financial institutions — remain woefully behind the times in authenticating their customers and staying ahead of identity thieves.
  • Android Malware Uses Built-In Firewall to Block Security Apps

    12/28/2015 7:49:56 PM PST · by Utilizer · 7 replies
    SOFTPEDIA ^ | 28 Dec 2015, 18:45 GMT | Catalin Cimpanu
    Even if some malware families never get to cause worldwide damage, it's sometimes interesting to read about new techniques that some malware authors employ for creating their threats. One of the most recent cases is a malware family that targets Android devices in China, discovered by Symantec, and named Android.Spywaller. The uniqueness of this threat is the fact that during infection, the malware looks for Qihoo 360, a popular security app among Chinese Android users. Android.Spywaller uses a firewall to block Qihoo 360 internal communications The malware searches and registers on the device with the same UID (unique identifier) used...
  • AVG Forcibly Installs Vulnerable Chrome Extension That Exposes Users' Browsing History

    12/28/2015 6:57:10 PM PST · by Utilizer · 19 replies
    softpedia ^ | 29 Dec 2015, 02:20 GMT | Catalin Cimpanu
    The AVG Web TuneUp Chrome extension, forcibly added to Google Chrome browsers when users were installing the AVG antivirus, had a serious flaw that allowed attackers to get the user's browsing history, cookies, and more. The vulnerability was discovered by Google Project Zero researcher, Tavis Ormandy, who worked with AVG for the past two weeks to fix the issue. AVG Web TuneUp vulnerable to an universal XSS As Mr. Ormandy explains in his bug report, the AVG Web TuneUp extension, which lists over nine million users on its Chrome Web Store page, was vulnerable to trivial XSS (cross-site scripting) attacks....
  • Who Put This Huge Database of U.S. Voting Records Online? (online for the taking)

    12/28/2015 1:57:13 PM PST · by LibWhacker · 57 replies
    CSOonline ^ | 12/28/15 | Steve Ragan
    Massive database exposed to public, major political data managers deny ownershipA misconfigured database has led to the disclosure of 191 million voter records. The database, discovered by researcher Chris Vickery, doesn't seem to have an owner; it's just sitting in the public – waiting to be discovered by anyone who happens to be looking. What's in the database? The database was discovered by researcher Chris Vickery, who shared his findings with Databreaches.net. The two attempted to locate the owner of the database based on the records it housed and other details. However, their attempts didn't pan out, so they came...
  • Botnet of Aethra Routers Used for Brute-Forcing WordPress Sites

    12/26/2015 7:58:53 PM PST · by Utilizer · 7 replies
    softpedia® ^ | 23 Dec 2015, 12:30 GMT | Catalin Cimpanu
    Italian security researchers from VoidSec have come across a botnet structure that was using vulnerable Aethra Internet routers and modems to launch brute-force attacks on WordPress websites. This particular incident was uncovered after one of the VoidSec researchers was sifting through his WordPress log file and found a brute-force attack coming from the same IP range. After further investigation, all the IPs came from six Internet Service Providers (ISP): Fastweb, Albacom (BT-Italia), Clouditalia, Qcom, WIND, and BSI Assurance UK, four of which are from Italy. What all these networks had in common were Aethra routers. VoidSec researchers narrowed down most...
  • Somebody Tried to Get a Raspberry Pi Exec to Install Malware on Its Devices

    12/25/2015 6:42:44 PM PST · by Utilizer · 11 replies
    softpedia® ^ | 25 Dec 2015, 14:58 GMT | Catalin Cimpanu
    Liz Upton, the Director of Communications for the Raspberry Pi Foundation, has tweeted out a screenshot of an email where an unknown person has proposed that the Foundation install malware on all of its devices. In the email, a person named Linda, is proposing Mrs. Upton an agreement where their company would provide an EXE file that installs a desktop shortcut, that when clicked redirects users to a specific website. (Raspberry Pi devices can run Windows as well, not just Linux variants.) Linda from company Q[edited] is also inquiring Mrs. Upton about the Foundation's PPI (Price per Install). Judging from...
  • NSA suspected in Juniper firewall backdoors

    12/23/2015 9:37:06 PM PST · by Utilizer · 23 replies
    iTnews ^ | Dec 24 2015 10:00AM (AUS) | Staff Writer
    Dual_EC weaknesses and Juniper error exploited, researchers say. Security researchers suspect the United States' National Security Agency may have had a hand in the planting of unauthorised backdoors in Juniper's enterprise firewalls. The network equipment vendor last week issued an urgent security alert for its NetScreen enterprise firewalls, after discovering "unauthorised code" in the device operating system that allows them to be fully compromised. Juniper had discovered the code during an internal review. The backdoors - which had been in existence since 2012 - meant attackers could gain administrative access and decrypt VPN connections unnoticed. Researchers have now said the...
  • Adblock Plus and (a little) more

    12/20/2015 7:43:52 PM PST · by Utilizer · 28 replies
    Adblock Plus ^ | 2015-12-16 15:35 | Job Plas
    Several years ago, we started to offer Acceptable Ads as a feature in Adblock Plus as a middle way between ad blocking users who opted out of traditional ad formats, while allowing publishers and content-creators to continue to monetize with unobtrusive ads. This first version allowed users to whitelist individual websites that they wanted to support. In 2011, we published a set of guidelines that our user community deemed “acceptable,” and these acceptable ads are shown by default to our users to allow a compromise between blocking all ads, or no ads at all. Since then, we have thought about...
  • Hello Kitty hack: Parents warned as database leak hits 3.3m users

    12/20/2015 7:36:17 PM PST · by Utilizer
    INTERNATIONAL BUSINESS TIMES ^ | December 20, 2015 17:42 GMT | Tom Mendelsohn
    Personal data belonging to the accounts of 3.3m Hello Kitty fans is available to download online - and much of it probably belongs to children. The database for sanriotown.com, the official online home of Hello Kitty and a large cast of other Sanrio characters, is easily accessible according to online security researcher Chris Vickery. This means that sensitive information including users' real names, email addresses, account passwords, genders, birthdays and country of origin is all exposed, or encoded in easy-to-crack form. Hello Kitty is popular amongst both adults and children, and internet security experts are warning parents to make sure...
  • Judicial Watch: State Department Documents Reveal Intense Debate over Security Risk Poised by...

    12/18/2015 11:41:48 AM PST · by jazusamo · 7 replies
    Judicial Watch ^ | December 18, 2015
    Full title: Judicial Watch: State Department Documents Reveal Intense Debate over Security Risk Poised by Clinton Blackberry Use in Foggy Bottom Executive Offices More than 50 emails, many marked "Sensitive," focused on security problems surrounding "Use of Blackberries in Mahogany Row" March 2009 internal memo from Assistant Secretary for Diplomatic Security warned of "vulnerabilities and risks" by Clinton and staff's use of Blackberries in executive suites (Washington, DC) - Judicial Watch announced today that it hasobtained documents as result of a federal court order containing more than 50 State Department internal emails from February through March 2009 warning of serious...
  • Ubuntu 15.10 for Raspberry Pi 2 Gets Its First Linux Kernel 4.2 Patch, Update Now

    12/17/2015 10:10:49 PM PST · by Utilizer · 9 replies
    softpedia® ^ | 18 Dec 2015, 01:15 GMT | Marius Nestor
    ... After publishing details about the availability of new kernel packages for the Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS and Ubuntu 12.04 LTS computer operating systems, Canonical now reports that the Linux kernel for Raspberry Pi 2 was updated for Ubuntu 15.10 (Wily Werewolf). According to the Ubuntu Security Notice USN-2843-3, four kernel vulnerabilities discovered by various developers in the upstream Linux kernel 4.2 branch, which is now officially maintained by Canonical's Ubuntu Kernel Team, as we reported a couple of days ago, were patched for the Raspberry Pi 2 port of Ubuntu 15.10. The first security flaw was...
  • Meet the Bomb-Proof 'Fly-Bag' That Could Suppress an Explosion on an Airplane

    12/17/2015 12:07:47 PM PST · by QT3.14 · 12 replies
    Entrepreneur ^ | December 14, 2015
    A controlled explosion in the luggage hold of an aircraft was successfully contained by a bomb-proof lining developed by an international team of scientists. The technology shows how a plane's luggage hold may be able to contain the force of an explosion if a device hidden in an item of luggage detonates. The Fly-Bag is made from multiple layers of fabrics and composites that have high strength and impact, and heat resistance. The fabrics include Aramid, a heat-resistant and strong synthetic fiber used in the aerospace industry, as well as in ballistic body armor.
  • Zero-Day GRUB2 Vulnerability Hits Linux Users, Patch Available for Ubuntu, RHEL

    12/16/2015 7:26:22 PM PST · by Utilizer · 30 replies
    softpedia® ^ | 16 Dec 2015, 01:23 GMT | Marius Nestor
    GRUB password protection can be bypassed According to Canonical'a latest Ubuntu Security Notice, it would appear that there's a zero-day security vulnerability in the GRUB2 (GNU GRand Unified Bootloader) packages, affecting all GNU/Linux distributions running 2.02 Beta. The security flaw was discovered by developers Ismael Ripoll and Hector Marco in the upstream GRUB2 packages, which did not correctly handled the backspace key when the bootloader was configured to use password-protected authentication, thus allowing a local attacker to bypass GRUB's password protection.
  • Australia's banks sign up to Android Pay

    12/15/2015 8:02:46 PM PST · by Utilizer · 8 replies
    iTnews AUS ^ | Dec 16 2015 7:16AM (AUS) | Allie Coyne
    Still no deal with Apple. Five of Australia's biggest banks have signed up with Google's Android Pay payments service as they continue to butt heads with Apple over Cupertino's own Apple Pay platform. ANZ Bank, Westpac, ING Direct, Macquarie Bank, St George, Bank of Melbourne, Bank of South Australia and Bendigo Bank will all support the Android payment service when it lands in Australia in the first half of next year. At launch, Android Pay will support Mastercard and Visa credit and debit cards, Google said in a blog post today. The company is currently "working with Eftpos" on similar...
  • Obama administration’s calls for backdoors into encrypted communications echo (1990s) fiasco

    12/14/2015 8:52:46 PM PST · by Swordmaker · 30 replies
    MacDailyNews ^ | December 14, 2015
    Obama administration's calls for backdoors into encrypted communications echo Clinton-era key escrow fiasco “In the face of a Federal Bureau of Investigation proposal requesting backdoors into encrypted communications, a noted encryption expert urged Congress not to adopt the requirements due to technical faults in the plan,” Sean Gallagher reports for Ars Technica. “The shortcomings in question would allow anyone to easily defeat the measure with little technical effort.”“Please note, the testimony referenced above was delivered on May 11, 1993. However, that doesn’t change its applicability today,” Gallagher reports. “In fact, current pressure being applied by law enforcement and intelligence officials...
  • Great news: OPM still can’t pass a security audit six months after massive hack

    12/14/2015 5:37:17 PM PST · by SeekAndFind · 10 replies
    Hotair ^ | 12/14/2015 | Ed Morrissey
    Six months ago, the US discovered that China hacked into the records of the Office of Personnel Management, stealing the excruciatingly personal data from everyone employed in the federal government, and everyone granted a security clearance too. At the time, it was called the Pearl Harbor of cyberwarfare, but later it turned out that the hack lasted over a year, not a single Sunday morning. OPM didn’t even have an IT department until the year before the hack began, which is why OPM had outsourced its IT management to a firm based in … China. The true scope of...
  • U.S. Embassy in Ankara to limit services Monday and Tuesday, cites security threat

    12/14/2015 4:18:05 AM PST · by markomalley · 2 replies
    Reuters ^ | 12/14/15
    The U.S. Embassy in Ankara will scale back its services on Monday and Tuesday due to a possible security threat, an embassy official told Reuters.
  • Google dumps Symantec SSL certificates in Chrome, Android

    12/13/2015 7:34:57 PM PST · by Utilizer · 14 replies
    © iTnews ^ | Dec 14 2015 6:51AM (AUS) | Juha Saarinen
    No longer trusted. Google's products will no longer trust Symantec's digital certificates used to secure internet data communications, the company said. Starting 2 December Australian time, Symantec's Class 3 Public Primary Certificate Authority (CA) root certifcate is no longer trusted by Google in its Chrome web browser, Android mobile operating system and other products. Google software engineer Ryan Sleevi explained (https://googleonlinesecurity.blogspot.co.nz/2015/12/proactive-measures-in-digital.html) over the weekend Symantec intended to use the root certificate for reasons other than creating publicly trusted credentials. The certificate also no longer complies with the industry Certificate Authority/Browser Forum baseline requirements for best practice, Symantec said. As a...