# SANS ISC

# threatpost.com

  • Bugcrowd Releases Open Source Vulnerability Disclosure Framework Thu, 24 Jul 2014 13:01:00 +0000
    The problems that come from doing security research on modern Web applications and other software aren’t just challenging for researchers, but also for the companies on the receiving end of their advisories. Companies unaccustomed to dealing with researchers can find themselves in a difficult position, trying to figure out the clearest path forward. To help […]
  • WordPress Sites Seeing Increased Malware, Brute Force Attacks This Week Wed, 23 Jul 2014 19:11:46 +0000
    A glut of Wordpress sites have fallen victim to both malware infections and a series of brute force attacks that have making the rounds over the past several days, researchers claim.
  • Researchers Demo TAILS Flaw Exploit, Disclose Details to Developers Wed, 23 Jul 2014 18:22:16 +0000
    The critical vulnerability in the TAILS operating system discovered by researchers at Exodus Intelligence lies in the I2P software that's bundled with the OS and the company has released some details and a video demonstrating an exploit against the bug.
  • Firefox 31 Patches 11 Security Flaws Wed, 23 Jul 2014 13:40:54 +0000
    Mozilla has released a new version of Firefox, which includes patches for 11 security vulnerabilities. Three of the bugs fixed in Firefox 31 are critical, including a use-after-free vulnerability and a handful of memory safety issues.
  • Researchers Plan to Disclose Critical Bugs to TAILS Team Soon Tue, 22 Jul 2014 19:52:42 +0000
    There are several security issues that aren't patched in the new release of the OS Tails that have been identified by researchers at Exodus Intelligence.
  • Trio of Flaws Found in OleumTech Wireless Monitoring System Tue, 22 Jul 2014 15:11:56 +0000
    Researchers have identified several remotely exploitable vulnerabilities in a wireless remote monitoring product from OleumTech that is used in energy, water and other critical infrastructure sectors.
  • Privacy Badger Extension Blocks Tracking Through Social Icons Tue, 22 Jul 2014 14:03:09 +0000
    Privacy Badger is one of a new generation of tools designed to help users block much of the silent, pervasive tracking that's done on the Web today, a lot of which is accomplished through social media channels.
  • Third-Party Software Library Risks To Be Scrutinized at Black Hat Tue, 22 Jul 2014 13:00:44 +0000
    Third-party software libraries introduce efficiency and risk into enterprise applications. Two researchers will identify some of the most vulnerable libraries during a talk at the upcoming Black Hat conference.
  • IBM Fixes Code Execution, Cookie-Stealing Vulnerabilities in Switches Mon, 21 Jul 2014 17:46:28 +0000
    IBM recently patched a handful of vulnerabilities in some of its KVM switches that if exploited, could have given an attacker free reign over any system attached to it.
  • Researcher Identifies Hidden Data-Acquisition Services in iOS Mon, 21 Jul 2014 16:22:38 +0000
    There are a number of undocumented and hidden features and services in Apple iOS that can be used to bypass the backup encryption on iOS devices and remove large amounts of users' personal data.

# Reddit netsec

# Krebs On Security

  • Feds: Hackers Ran Concert Ticket Racket Wed, 23 Jul 2014 15:42:33 +0000
    A Russian man detained in Spain is facing extradition to the United States on charges of running an international cyber crime ring that allegedly stole more than $10 million in electronic tickets from e-tickets vendor StubHub.
  • Banks: Card Breach at Goodwill Industries Mon, 21 Jul 2014 21:18:44 +0000
    Heads up, bargain shoppers: Financial institutions across the country report that they are tracking what appears to be a series of credit card breaches involving Goodwill locations nationwide. Goodwill Industries International Inc. says it is working with federal authorities on an investigation into these reports.
  • Even Script Kids Have a Right to Be Forgotten Fri, 18 Jul 2014 04:29:35 +0000
    Indexeus, a new search engine that indexes user account information acquired from more than 100 recent data breaches, has caught many in the hacker underground off-guard. That's because the breached databases crawled by this search engine are mostly sites frequented by young ne'er-do-wells who are just getting their feet wet in the cybercrime business.

# Bruce Schneier's blog

  • Security Vulnerability in the Tails OS Wed, 23 Jul 2014 11:58:21 -0500
    I'd like more information on this....
  • Securing the Nest Thermostat Tue, 22 Jul 2014 10:06:30 -0500
    A group of hackers are using a vulnerability in the Nest thermostat to secure it against Nest's remote data collection....
  • Fingerprinting Computers By Making Them Draw Images Mon, 21 Jul 2014 15:34:50 -0500
    Here's a new way to identify individual computers over the Internet. The page instructs the browser to draw an image. Because each computer draws the image slightly differently, this can be used to uniquely identify each computer. This is a big deal, because there's no way to block this right now. Article. Hacker News thread. EDITED TO ADD (7/22): This...
  • Friday Squid Blogging: Squid Dissection Fri, 18 Jul 2014 16:35:30 -0500
    A six-hour video of a giant squid dissection from Auckland University of Technology. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • NASDAQ Hack Fri, 18 Jul 2014 11:26:24 -0500
    Long article on a sophisticated hacking of the NASDAQ stock exchange....
  • US National Guard is Getting Into Cyberwar Thu, 17 Jul 2014 15:16:28 -0500
    The Maryland Air National Guard needs a new facility for its cyberwar operations: The purpose of this facility is to house a Network Warfare Group and ISR Squadron. The Cyber mission includes a set of capabilities, expertise to enable the cyber operational need for an always-on, net-speed awareness and integrated operational response with global reach. It enables operators to drive...
  • Hackers Steal Personal Information of US Security-Clearance Holders Thu, 17 Jul 2014 06:09:04 -0500
    The article says they were Chinese but offers no evidence: The intrusion at the Office of Personnel Management was particularly disturbing because it oversees a system called e-QIP, in which federal employees applying for security clearances enter their most personal information, including financial data. Federal employees who have had security clearances for some time are often required to update their...
  • Security Against Traffic Analysis of Cloud Data Access Wed, 16 Jul 2014 06:02:51 -0500
    Here's some interesting research on foiling traffic analysis of cloud storage systems. Press release....
  • Risks of Keyloggers on Public Computers Tue, 15 Jul 2014 14:30:54 -0500
    Brian Krebs is reporting that: The U.S. Secret Service is advising the hospitality industry to inspect computers made available to guests in hotel business centers, warning that crooks have been compromising hotel business center PCs with keystroke-logging malware in a bid to steal personal and financial data from guests. It's actually a very hard problem to solve. The adversary can...
  • Legal Attacks Against Tor Tue, 15 Jul 2014 06:13:56 -0500
    Last week, we learned that the NSA targets people who look for information about Tor. A few days later, the operator of a Tor exit node in Austria has been found guilty as an accomplice, because someone used his computer to transmit child porn. Even more recently, Tor has been named as a defendant in a revenge-porn suit in Texas...

# WIRED Threat Level

  • How Hackers Hid a Money-Mining Botnet in Amazon’s Cloud Thu, 24 Jul 2014 10:30:57 GMT
    Hackers have long used malware to enslave armies of unwitting PCs, but security researchers Rob Ragan and Oscar Salazar had a different thought: Why steal computing resources from innocent victims when there’s so much free processing power out there for the taking? At the Black Hat conference in Las Vegas next month Ragan and Salazar […]






  • How Thieves Can Hack and Disable Your Home Alarm System Wed, 23 Jul 2014 10:30:05 GMT
    When it comes to the security of the Internet of Things, a lot of the attention has focused on the dangers of the connected toaster, fridge and thermostat. But a more insidious security threat lies with devices that aren’t even on the internet: wireless home alarms. Two researchers say that top-selling home alarm setups can […]






  • Hackers Could Take Control of Your Car. This Device Can Stop Them Tue, 22 Jul 2014 10:30:41 GMT
    David Schwen | Wheel: Getty Hackers Charlie Miller and Chris Valasek have proven more clearly than anyone in the world how vulnerable cars are to digital attack. Now they’re proposing the first step towards a solution. Last year the two Darpa-funded security researchers spent months cracking into a Ford Escape and a Toyota Prius, terrifying […]






  • A Convicted Hacker and an Internet Icon Join Forces to Thwart NSA Spying Fri, 18 Jul 2014 15:22:20 GMT
    A new project called Dark Mail brings together two high-profile privacy advocates to take on the leakiest of all information: that pernicious metadata.






  • Here’s How Easy It Could Be for Hackers to Control Your Hotel Room Thu, 17 Jul 2014 10:30:24 GMT
    Shenzhen is the Silicon Valley of mainland China. Situated about 50 minutes north of Hong Kong, the modern city is home to the Shenzhen Stock Exchange and numerous high-tech giants and startups. So naturally, the city’s five-star hotels regularly host wealthy moguls in their luxury rooms. Last year, one of those hotels also hosted a […]






  • Swedish Court to Julian Assange: You’re Not Going Anywhere Wed, 16 Jul 2014 17:09:16 GMT
    The Swedish court that first issued the warrant for Julian Assange upheld its legality today.






  • Rickroll Innocent Televisions With This Google Chromecast Hack Wed, 16 Jul 2014 10:30:43 GMT
    Just when you thought the rickrolling meme might finally be dead, a Google bug has unwittingly allowed the R&B croonings of Rick Astley to migrate from your computer screen to your television.






  • Meet ‘Project Zero,’ Google’s Secret Team of Bug-Hunting Hackers Tue, 15 Jul 2014 10:30:14 GMT
    Today Google plans to publicly reveal the team, known as Project Zero, a group of top Google security researchers who will be given the sole mission of finding and neutering the most insidious security flaws in the world’s software.






  • How to Teach Humans to Remember Really Complex Passwords Fri, 11 Jul 2014 10:30:57 GMT
    If passwords are considered the bane of the data security industry, it’s partly because humans are awful at choosing them: By some counts, we still pick “password” a facepalm-inducing one in 20 times. But a study from two researchers at Microsoft and Princeton suggests there’s hope for those much-maligned secret strings of charters. Randomly generate […]






  • Waiting for Dark: Inside Two Anarchists’ Quest for Untraceable Money Fri, 11 Jul 2014 10:30:54 GMT
    The inside story of two anarchists' quest to create ungovernable weapons, untouchable black markets, and untraceable money.






# exploit-db.com

# Securiteam