# SANS ISC

# Reddit netsec

# Krebs On Security

  • Service Drains Competitors’ Online Ad Budget Fri, 25 Jul 2014 18:48:48 +0000
    The longer one lurks in the Internet underground, the more difficult it becomes to ignore the harsh reality that for nearly every legitimate online business there is a cybercrime-oriented anti-business. Case in point: Today's post looks at a popular service that helps crooked online marketers exhaust the Google AdWords budgets of their competitors.
  • Feds: Hackers Ran Concert Ticket Racket Wed, 23 Jul 2014 15:42:33 +0000
    A Russian man detained in Spain is facing extradition to the United States on charges of running an international cyber crime ring that allegedly stole more than $10 million in electronic tickets from e-tickets vendor StubHub.
  • Banks: Card Breach at Goodwill Industries Mon, 21 Jul 2014 21:18:44 +0000
    Heads up, bargain shoppers: Financial institutions across the country report that they are tracking what appears to be a series of credit card breaches involving Goodwill locations nationwide. Goodwill Industries International Inc. says it is working with federal authorities on an investigation into these reports.

# Bruce Schneier's blog

  • Friday Squid Blogging: Build a Squid Fri, 25 Jul 2014 16:04:07 -0500
    An interactive animation from the Museum of New Zealand Te Papa Tongarewa. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • Building a Legal Botnet in the Cloud Fri, 25 Jul 2014 10:33:15 -0500
    Two researchers have built a botnet using free anonymous accounts. They only collected 1,000 accounts, but there's no reason this can't scale to much larger numbers....
  • Security Vulnerability in the Tails OS Wed, 23 Jul 2014 11:58:21 -0500
    I'd like more information on this....
  • Securing the Nest Thermostat Tue, 22 Jul 2014 10:06:30 -0500
    A group of hackers are using a vulnerability in the Nest thermostat to secure it against Nest's remote data collection....
  • Fingerprinting Computers By Making Them Draw Images Mon, 21 Jul 2014 15:34:50 -0500
    Here's a new way to identify individual computers over the Internet. The page instructs the browser to draw an image. Because each computer draws the image slightly differently, this can be used to uniquely identify each computer. This is a big deal, because there's no way to block this right now. Article. Hacker News thread. EDITED TO ADD (7/22): This...
  • Friday Squid Blogging: Squid Dissection Fri, 18 Jul 2014 16:35:30 -0500
    A six-hour video of a giant squid dissection from Auckland University of Technology. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • NASDAQ Hack Fri, 18 Jul 2014 11:26:24 -0500
    Long article on a sophisticated hacking of the NASDAQ stock exchange....
  • US National Guard is Getting Into Cyberwar Thu, 17 Jul 2014 15:16:28 -0500
    The Maryland Air National Guard needs a new facility for its cyberwar operations: The purpose of this facility is to house a Network Warfare Group and ISR Squadron. The Cyber mission includes a set of capabilities, expertise to enable the cyber operational need for an always-on, net-speed awareness and integrated operational response with global reach. It enables operators to drive...
  • Hackers Steal Personal Information of US Security-Clearance Holders Thu, 17 Jul 2014 06:09:04 -0500
    The article says they were Chinese but offers no evidence: The intrusion at the Office of Personnel Management was particularly disturbing because it oversees a system called e-QIP, in which federal employees applying for security clearances enter their most personal information, including financial data. Federal employees who have had security clearances for some time are often required to update their...
  • Security Against Traffic Analysis of Cloud Data Access Wed, 16 Jul 2014 06:02:51 -0500
    Here's some interesting research on foiling traffic analysis of cloud storage systems. Press release....

# WIRED Threat Level

  • The App I Used to Break Into My Neighbor’s Home Fri, 25 Jul 2014 10:30:32 GMT
    Leave your ring of cut-brass secrets unattended on your desk at work, at a bar table while you buy another round, or in a hotel room, and any stranger---or friend---can upload your keys to their online collection.






  • How Hackers Hid a Money-Mining Botnet in the Clouds of Amazon and Others Thu, 24 Jul 2014 10:30:57 GMT
    Hackers have long used malware to enslave armies of unwitting PCs, but security researchers Rob Ragan and Oscar Salazar had a different thought: Why steal computing resources from innocent victims when there’s so much free processing power out there for the taking? At the Black Hat conference in Las Vegas next month Ragan and Salazar […]






  • How Thieves Can Hack and Disable Your Home Alarm System Wed, 23 Jul 2014 10:30:05 GMT
    When it comes to the security of the Internet of Things, a lot of the attention has focused on the dangers of the connected toaster, fridge and thermostat. But a more insidious security threat lies with devices that aren’t even on the internet: wireless home alarms. Two researchers say that top-selling home alarm setups can […]






  • Hackers Could Take Control of Your Car. This Device Can Stop Them Tue, 22 Jul 2014 10:30:41 GMT
    David Schwen | Wheel: Getty Hackers Charlie Miller and Chris Valasek have proven more clearly than anyone in the world how vulnerable cars are to digital attack. Now they’re proposing the first step towards a solution. Last year the two Darpa-funded security researchers spent months cracking into a Ford Escape and a Toyota Prius, terrifying […]






  • A Convicted Hacker and an Internet Icon Join Forces to Thwart NSA Spying Fri, 18 Jul 2014 15:22:20 GMT
    A new project called Dark Mail brings together two high-profile privacy advocates to take on the leakiest of all information: that pernicious metadata.






  • Here’s How Easy It Could Be for Hackers to Control Your Hotel Room Thu, 17 Jul 2014 10:30:24 GMT
    Shenzhen is the Silicon Valley of mainland China. Situated about 50 minutes north of Hong Kong, the modern city is home to the Shenzhen Stock Exchange and numerous high-tech giants and startups. So naturally, the city’s five-star hotels regularly host wealthy moguls in their luxury rooms. Last year, one of those hotels also hosted a […]






  • Swedish Court to Julian Assange: You’re Not Going Anywhere Wed, 16 Jul 2014 17:09:16 GMT
    The Swedish court that first issued the warrant for Julian Assange upheld its legality today.






  • Rickroll Innocent Televisions With This Google Chromecast Hack Wed, 16 Jul 2014 10:30:43 GMT
    Just when you thought the rickrolling meme might finally be dead, a Google bug has unwittingly allowed the R&B croonings of Rick Astley to migrate from your computer screen to your television.






  • Meet ‘Project Zero,’ Google’s Secret Team of Bug-Hunting Hackers Tue, 15 Jul 2014 10:30:14 GMT
    Today Google plans to publicly reveal the team, known as Project Zero, a group of top Google security researchers who will be given the sole mission of finding and neutering the most insidious security flaws in the world’s software.






  • How to Teach Humans to Remember Really Complex Passwords Fri, 11 Jul 2014 10:30:57 GMT
    If passwords are considered the bane of the data security industry, it’s partly because humans are awful at choosing them: By some counts, we still pick “password” a facepalm-inducing one in 20 times. But a study from two researchers at Microsoft and Princeton suggests there’s hope for those much-maligned secret strings of charters. Randomly generate […]






# exploit-db.com

# Securiteam