# SANS ISC

# threatpost.com

  • Missile Defense Plans Hacked from Israeli Contractors Mon, 28 Jul 2014 20:30:55 +0000
    A new report claims attackers, apparently based in China, were able to hack into three Israeli defense firms to make off with sensitive military data in 2011.
  • DEF CON Hosting SOHO Wireless Router Hacking Contest Mon, 28 Jul 2014 20:00:41 +0000
    ISE will host a two-tracking hacking contest at DEF CON next week that focuses on the security of home and small office wireless routers.
  • Harnessing the Power of an Android Cluster for Security Research Mon, 28 Jul 2014 18:20:51 +0000
    When the topic of mobile security comes up, users and researchers often discuss Android as if it’s one monolithic operating system like iOS is. But the fact is that there are nearly as many versions of Android as there are Android devices, which has led to plenty of confusion when it’s time to fix a security […]
  • Koler Ransomware Infrastructure Complex and Agile Mon, 28 Jul 2014 17:08:17 +0000
    Researchers at Kaspersky Lab report on the infrastructure supporting the Koler ransomware, which not only has components targeting Android devices, but also redirects desktop browsers to other ransomware and exploit kits.
  • EFF Files Motion Asking Judge to Rule NSA Data Collection Unconstitutional Mon, 28 Jul 2014 14:27:01 +0000
    The EFF has asked a federal judge to rule that the NSA's collection of massive amounts of upstream user data is unconstitutional, violating the Fourth Amendment.
  • Siemens Patches Five Vulnerabilities in SIMATIC System Fri, 25 Jul 2014 17:32:00 +0000
    Siemens released an update for two builds of its SIMATIC automation system this week, addressing a quintet of issues, four of which are remotely exploitable.
  • Microsoft Exec Says Company Has Never Been Asked to Backdoor a Product Fri, 25 Jul 2014 17:28:23 +0000
    One of Microsoft's top security executives said the company has never been asked by the United States government to build a backdoor into any of its products, and if the company was asked, it would fight the order in the courts.
  • TAILS Team Recommends Workarounds for Flaw in I2P Fri, 25 Jul 2014 14:04:24 +0000
    The developers of the TAILS operating system say that users can mitigate the severity of the critical vulnerability researchers discovered in the I2P software that's bundled with TAILS with a couple of workarounds, but there is no patch for the bug yet.
  • More Details of Onion/Critroni Crypto Ransomware Emerge Thu, 24 Jul 2014 18:37:37 +0000
    New ransomware has been dubbed Onion by researchers at Kaspersky Lab as its creators use command and control servers hidden in the Tor Network (a/k/a The Onion Router) to obscure their malicious activity.
  • Mozilla Improves Malware Blocking in Firefox 31 Thu, 24 Jul 2014 17:54:14 +0000
    The newest version of Mozilla Firefox includes an improved defense against malware downloaded through the browser, which could prevent many kinds of infections.

# Reddit netsec

# Krebs On Security

  • Hackers Plundered Israeli Defense Firms that Built ‘Iron Dome’ Missile Defense System Mon, 28 Jul 2014 14:08:17 +0000
    Three Israeli defense contractors responsible for building the "Iron Dome" missile shield currently protecting Israel from a barrage of rocket attacks were compromised by hackers and robbed of huge quantities of sensitive documents pertaining to the shield technology, KrebsOnSecurity has learned.
  • Service Drains Competitors’ Online Ad Budget Fri, 25 Jul 2014 18:48:48 +0000
    The longer one lurks in the Internet underground, the more difficult it becomes to ignore the harsh reality that for nearly every legitimate online business there is a cybercrime-oriented anti-business. Case in point: Today's post looks at a popular service that helps crooked online marketers exhaust the Google AdWords budgets of their competitors.
  • Feds: Hackers Ran Concert Ticket Racket Wed, 23 Jul 2014 15:42:33 +0000
    A Russian man detained in Spain is facing extradition to the United States on charges of running an international cyber crime ring that allegedly stole more than $10 million in electronic tickets from e-tickets vendor StubHub.

# Bruce Schneier's blog

  • Russia Paying for a Tor Break Mon, 28 Jul 2014 06:06:49 -0500
    Russia has put out a tender on its official government procurement website for anyone who can identify Tor users. The reward of $114,000 seems pretty cheap for this capability. And we now get to debate whether 1) Russia cannot currently deaonymize Tor users, or 2) Russia can, and this is a ruse to make us think they can't....
  • Friday Squid Blogging: Build a Squid Fri, 25 Jul 2014 16:04:07 -0500
    An interactive animation from the Museum of New Zealand Te Papa Tongarewa. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • Building a Legal Botnet in the Cloud Fri, 25 Jul 2014 10:33:15 -0500
    Two researchers have built a botnet using free anonymous accounts. They only collected 1,000 accounts, but there's no reason this can't scale to much larger numbers....
  • Security Vulnerability in the Tails OS Wed, 23 Jul 2014 11:58:21 -0500
    I'd like more information on this....
  • Securing the Nest Thermostat Tue, 22 Jul 2014 10:06:30 -0500
    A group of hackers are using a vulnerability in the Nest thermostat to secure it against Nest's remote data collection....
  • Fingerprinting Computers By Making Them Draw Images Mon, 21 Jul 2014 15:34:50 -0500
    Here's a new way to identify individual computers over the Internet. The page instructs the browser to draw an image. Because each computer draws the image slightly differently, this can be used to uniquely identify each computer. This is a big deal, because there's no way to block this right now. Article. Hacker News thread. EDITED TO ADD (7/22): This...
  • Friday Squid Blogging: Squid Dissection Fri, 18 Jul 2014 16:35:30 -0500
    A six-hour video of a giant squid dissection from Auckland University of Technology. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
  • NASDAQ Hack Fri, 18 Jul 2014 11:26:24 -0500
    Long article on a sophisticated hacking of the NASDAQ stock exchange....
  • US National Guard is Getting Into Cyberwar Thu, 17 Jul 2014 15:16:28 -0500
    The Maryland Air National Guard needs a new facility for its cyberwar operations: The purpose of this facility is to house a Network Warfare Group and ISR Squadron. The Cyber mission includes a set of capabilities, expertise to enable the cyber operational need for an always-on, net-speed awareness and integrated operational response with global reach. It enables operators to drive...
  • Hackers Steal Personal Information of US Security-Clearance Holders Thu, 17 Jul 2014 06:09:04 -0500
    The article says they were Chinese but offers no evidence: The intrusion at the Office of Personnel Management was particularly disturbing because it oversees a system called e-QIP, in which federal employees applying for security clearances enter their most personal information, including financial data. Federal employees who have had security clearances for some time are often required to update their...

# WIRED Threat Level

  • The App I Used to Break Into My Neighbor’s Home Fri, 25 Jul 2014 10:30:32 GMT
    Leave your ring of cut-brass secrets unattended on your desk at work, at a bar table while you buy another round, or in a hotel room, and any stranger---or friend---can upload your keys to their online collection.






  • How Hackers Hid a Money-Mining Botnet in the Clouds of Amazon and Others Thu, 24 Jul 2014 10:30:57 GMT
    Hackers have long used malware to enslave armies of unwitting PCs, but security researchers Rob Ragan and Oscar Salazar had a different thought: Why steal computing resources from innocent victims when there’s so much free processing power out there for the taking? At the Black Hat conference in Las Vegas next month Ragan and Salazar […]






  • How Thieves Can Hack and Disable Your Home Alarm System Wed, 23 Jul 2014 10:30:05 GMT
    When it comes to the security of the Internet of Things, a lot of the attention has focused on the dangers of the connected toaster, fridge and thermostat. But a more insidious security threat lies with devices that aren’t even on the internet: wireless home alarms. Two researchers say that top-selling home alarm setups can […]






  • Hackers Could Take Control of Your Car. This Device Can Stop Them Tue, 22 Jul 2014 10:30:41 GMT
    David Schwen | Wheel: Getty Hackers Charlie Miller and Chris Valasek have proven more clearly than anyone in the world how vulnerable cars are to digital attack. Now they’re proposing the first step towards a solution. Last year the two Darpa-funded security researchers spent months cracking into a Ford Escape and a Toyota Prius, terrifying […]






  • A Convicted Hacker and an Internet Icon Join Forces to Thwart NSA Spying Fri, 18 Jul 2014 15:22:20 GMT
    A new project called Dark Mail brings together two high-profile privacy advocates to take on the leakiest of all information: that pernicious metadata.






  • Here’s How Easy It Could Be for Hackers to Control Your Hotel Room Thu, 17 Jul 2014 10:30:24 GMT
    Shenzhen is the Silicon Valley of mainland China. Situated about 50 minutes north of Hong Kong, the modern city is home to the Shenzhen Stock Exchange and numerous high-tech giants and startups. So naturally, the city’s five-star hotels regularly host wealthy moguls in their luxury rooms. Last year, one of those hotels also hosted a […]






  • Swedish Court to Julian Assange: You’re Not Going Anywhere Wed, 16 Jul 2014 17:09:16 GMT
    The Swedish court that first issued the warrant for Julian Assange upheld its legality today.






  • Rickroll Innocent Televisions With This Google Chromecast Hack Wed, 16 Jul 2014 10:30:43 GMT
    Just when you thought the rickrolling meme might finally be dead, a Google bug has unwittingly allowed the R&B croonings of Rick Astley to migrate from your computer screen to your television.






  • Meet ‘Project Zero,’ Google’s Secret Team of Bug-Hunting Hackers Tue, 15 Jul 2014 10:30:14 GMT
    Today Google plans to publicly reveal the team, known as Project Zero, a group of top Google security researchers who will be given the sole mission of finding and neutering the most insidious security flaws in the world’s software.






  • How to Teach Humans to Remember Really Complex Passwords Fri, 11 Jul 2014 10:30:57 GMT
    If passwords are considered the bane of the data security industry, it’s partly because humans are awful at choosing them: By some counts, we still pick “password” a facepalm-inducing one in 20 times. But a study from two researchers at Microsoft and Princeton suggests there’s hope for those much-maligned secret strings of charters. Randomly generate […]






# exploit-db.com

# Securiteam